System and method for implicit authentication

US 9,788,203 B2
Filed: 08/19/2015
Issued: 10/10/2017
Est. Priority Date: 08/19/2014
Status: Active Grant

First Claim

Patent Images

1. A system for implicit authentication for a mobile device associated with a user, wherein the implicit authentication is behavioural, biometric and task-based and includes at least one authentication task selected so as to leverage the user'"'"'s muscle memory,wherein the mobile device comprisesa touchscreen;

a transaction authentication information unit;

one or more sensors coupled to the transaction authentication information unit comprising(1) one or more touchscreen sensors coupled to the touchscreen,(2) an accelerometer, and(3) a gyroscope,the one or more sensors used to obtain and transmit one or more sets of data to the transaction authentication information unit,the one or more sets of data associated with one or more performances of the at least one authentication task by the user, the one or more sets of data comprising data related to the tracking of a user'"'"'s input on the touchscreen and the movement of the mobile device during the at least one authentication task; and

an anomaly detector coupled to the transaction authentication information unit,wherein the anomaly detector generates an authentication model using the one or more data sets transmitted to the transaction authentication information unit,said generating comprising constructing a set of features for a user profile associated with the one or more performances of the at least one authentication task, and one or more parameters associated with said set of features;

the anomaly detector performs training using the one or more data sets transmitted to the transaction authentication information unit, said training comprisinglearning so as to adjust the one or more parameters associated with the set of features, said learning performed using one or more learning algorithms, andstoring the user profile associated with the adjusted one or more parameters in the database;

the anomaly detector authenticates the user using the one or more data sets transmitted to the transaction authentication information unit, whereinthe anomaly detector analyzes at least one of the one or more data sets corresponding to at least one of the one or more performances of the at least one authentication task using one or more anomaly detection algorithms together with the stored user profile, andbased on said analyzing, the anomaly detector decides whether the authentication is successful or unsuccessful.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for implicit authentication for a mobile device associated with a user, wherein the implicit authentication is behavioral, biometric and task-based and includes at least one authentication task selected so as to leverage the user'"'"'s muscle memory. The mobile device comprises a touchscreen; a transaction authentication information unit; one or more sensors coupled to the transaction authentication information unit; and an anomaly detector coupled to the transaction authentication information unit. The sensors comprise one or more touchscreen sensors coupled to the touchscreen, an accelerometer, and a gyroscope, and are used to obtain and transmit one or more sets of data to the transaction authentication information unit. The sets of data are associated with one or more performances of the authentication task by the user. The anomaly detector generates an authentication model using the one or more data sets transmitted to the transaction authentication information unit.

29 Citations

View as Search Results

20 Claims

1. A system for implicit authentication for a mobile device associated with a user, wherein the implicit authentication is behavioural, biometric and task-based and includes at least one authentication task selected so as to leverage the user'"'"'s muscle memory,wherein the mobile device comprisesa touchscreen;
- a transaction authentication information unit;
  
  one or more sensors coupled to the transaction authentication information unit comprising(1) one or more touchscreen sensors coupled to the touchscreen,(2) an accelerometer, and(3) a gyroscope,the one or more sensors used to obtain and transmit one or more sets of data to the transaction authentication information unit,the one or more sets of data associated with one or more performances of the at least one authentication task by the user, the one or more sets of data comprising data related to the tracking of a user'"'"'s input on the touchscreen and the movement of the mobile device during the at least one authentication task; and
  
  an anomaly detector coupled to the transaction authentication information unit,wherein the anomaly detector generates an authentication model using the one or more data sets transmitted to the transaction authentication information unit,said generating comprising constructing a set of features for a user profile associated with the one or more performances of the at least one authentication task, and one or more parameters associated with said set of features;
  
  the anomaly detector performs training using the one or more data sets transmitted to the transaction authentication information unit, said training comprisinglearning so as to adjust the one or more parameters associated with the set of features, said learning performed using one or more learning algorithms, andstoring the user profile associated with the adjusted one or more parameters in the database;
  
  the anomaly detector authenticates the user using the one or more data sets transmitted to the transaction authentication information unit, whereinthe anomaly detector analyzes at least one of the one or more data sets corresponding to at least one of the one or more performances of the at least one authentication task using one or more anomaly detection algorithms together with the stored user profile, andbased on said analyzing, the anomaly detector decides whether the authentication is successful or unsuccessful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1, wherein the at least one authentication task comprises a swipe.
  - 3. The system of claim 1, wherein the accelerometer and gyroscope obtain and transmit a plurality of time series data representing the motion of the mobile device while the at least one authentication task is being performed.
  - 4. The system of claim 2, wherein the accelerometer and gyroscope obtain and transmit a first plurality of time series data representing the motion of the mobile device while the swipe is being performed;
    - andthe one or more touchscreen sensors obtain and transmit a second plurality of time series data representing coordinates of points associated with the swipe.
  - 5. The system of claim 1, wherein the training comprises setting an initial training window comprising a number of the one or more performances of the at least one authentication task;
    - andusing some of the one or more data sets corresponding to the number of the one or more performances to perform the learning.
  - 6. The system of claim 1, wherein the training comprises the anomaly detector setting a rolling window comprisingsetting a training window comprising a number of the one or more performances of the at least one authentication task,using some of the one or more data sets corresponding to the number of the one or more performances to perform the learning,further wherein if the anomaly detector decides that the authentication is successful,adding a latest of the at least one of the one or more performances of the at least one authentication task used for the successful authentication to the training window,removing an earliest one of the one or more performances of the at least one authentication task from the window, andperforming the learning using the data sets corresponding to the one or more performances of the at least one authentication task remaining within the window.
  - 7. The system of claim 4, further wherein the generating of the authentication model comprises the anomaly detector discretizing the first and second pluralities of time series data transmitted by the accelerator, gyroscope and one or more touchscreen sensors.
  - 8. The system of claim 7, wherein the one or more parameters comprise at least one of(1) start and end co-ordinates associated with the swipe,(2) direction associated with the swipe,(3) a duration of the swipe, and(4) a length of the swipe.
  - 9. The system of claim 8, wherein said one or more parameters are represented for each of a plurality of swipes by a corresponding feature vector;
    - the learning further comprising generating an exemplar feature vector for the plurality of swipes by calculating an average using a plurality of said feature vectors, and wherein said authentication is performed based on a distance of another feature vector from the exemplar feature vector; and
      
      said another feature vector different from the plurality of feature vectors.
  - 10. The system of claim 4, wherein each of said first plurality of time series corresponds to an axis in 3-dimensional space, and said stored user profile comprises a maximum threshold and a minimum threshold for said first plurality of time series.
  - 11. The system of claim 10, wherein said maximums and minimums are calculated using a threshold.
  - 12. The system of claim 4, wherein each of said second plurality of time series corresponds to an axis in 2-dimensional space, and said stored user profile comprises a maximum threshold and a minimum threshold for said second plurality of time series.
  - 13. The system of claim 10, wherein said maximum threshold and said minimum threshold are calculated using a threshold.
  - 14. The system of claim 1, wherein said learning comprises comparing the one or more performances of the at least one authentication task by the user, to one or more attempts by an impostor to imitate the user'"'"'s one or more performances of the at least one authentication task.
  - 15. The system of claim 14, wherein said comparing is performed using one or more impostor models, further wherein at least one of said impostor models is based upon empirically-derived observations of attempts by one or more people other than the user to imitate the user'"'"'s one or more performances of the at least one authentication task.
  - 16. The system of claim 15, further wherein at least one of said one or more impostor models is based upon an estimate of capabilities of a hypothetical impostor, said estimate obtained via one or more simulations.
  - 17. The system of claim 1, further comprising using one or more sets of contextual data to assign a trust level to perform said authentication, the one or more sets of contextual data obtained from at least one of(1) the one or more sensors,(2) a fraud reporting center connected to the mobile device via a network, and(3) an authentication server connected to the mobile device via a network.
  - 18. The system of claim 1, further comprising using crowdsourced data to assign the trust level, wherein at least some of the crowdsourced data is obtained by scouring social media sites.

19. A method for implicit authentication for a mobile device associated with a user, whereinthe implicit authentication is behavioural, biometric and task-based,the task-based behavioral biometric implicit authentication comprises at least one authentication task, andthe authentication task chosen so as to leverage the user'"'"'s muscle memory;
- wherein said mobile device comprisesa touchscreen,a transaction authentication information unit,one or more sensors coupled to the transaction authentication information unit,the one or more sensors comprising;
  
  (1) one or more touchscreen sensors coupled to said touchscreen,(2) an accelerometer, and(3) a gyroscope, andan anomaly detector coupled to the transaction authentication information unit;
  
  said method comprising;
  
  obtaining, by the one or more sensors, one or more sets of data associated with one or more performances of the at least one authentication task by the user, the one or more sets of data comprising data related to the tracking of a user'"'"'s input on the touchscreen and the movement of the mobile device during the at least one authentication task;
  
  transmitting, by the one or more sensors, the obtained one or more sets of data to the transaction authentication information unit;
  
  generating, using the anomaly detector, an authentication model using the transmitted one or more data sets,said generating comprising constructing a set of features for a user profile associated with the one or more performances of the at least one authentication task, andone or more parameters associated with said set of features;
  
  training the anomaly detector using the one or more data sets transmitted to the transaction authentication information unit, said training comprisinglearning so as to adjust the one or more parameters associated with the set of features,said learning performed using one or more learning algorithms,storing the user profile associated with the adjusted one or more parameters in the database; and
  
  authenticating, by the anomaly detector, the user using the one or more data sets transmitted to the transaction authentication information unit, the authenticating comprisinganalyzing, by the anomaly detector, at least one of the one or more data sets using one or more anomaly detection algorithms together with the stored user profile, anddeciding, by the anomaly detector, whether the authentication is successful or unsuccessful based on said analyzing.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the task-based behavioral biometric implicit authentication comprises at least one non-authentication task;
    - andthe user does not realize that the at least one non-authentication task is not used for authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zighra, Inc.
Original Assignee
Zighra, Inc.
Inventors
Dutt, Deepak Chandra, Somayaji, Anil Buntwal, Bingham, Michael John Kendal
Primary Examiner(s)
Patel, Nimesh

Application Number

US14/829,969
Publication Number

US 20160057623A1
Time in Patent Office

783 Days
Field of Search
US Class Current
CPC Class Codes

G06F 1/1694   the I/O peripheral being a ...

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2101   Auditing as a secondary aspect

G06F 3/017   Gesture based interaction, ...

G06F 3/04883   for inputting data by handw...

G06N 20/00   Machine learning

H04W 12/06   Authentication

H04W 12/065   Continuous authentication

H04W 12/12   Detection or prevention of ...

H04W 12/126   Anti-theft arrangements, e....

H04W 12/40   Security arrangements using...

H04W 12/68   Gesture-dependent or behavi...

System and method for implicit authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for implicit authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links