User-touchscreen interaction analysis authentication system

US 9,817,963 B2
Filed: 11/10/2011
Issued: 11/14/2017
Est. Priority Date: 04/10/2006
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user participating in an Internet commerce session through a client touchscreen device in communication with an e-commerce transaction system via an Internet Protocol (IP) network, the method comprising the steps of:

a computer of the system receiving a request for an e-commerce session related action via the client touchscreen from the user,the computer of the system performing a primary authentication chosen from the group consisting of;

username-password authentication, security code authentication, PIN (Personal Identification Number) authentication, Credit card or Debit card authentication, call-back authentication and OTP (One Time Password) authentication;

the computer of the system receiving as part of the requested e-commerce session, user-touchscreen interaction data regarding at least one characteristic of how the user interacted with the touchscreen in the course of the e-commerce session;

the computer of the system determining, without making user aware of the additional authentication, whether the requested e-commerce session related action requires additional authentication of the user;

if the requested e-commerce session related action requires additional authentication from the user, the computer of the system analyzing the user touchscreen interaction data to detect behavioral biometrics of the user within the e-commerce session by the steps of;

locating a user profile associated with the authentication of the user within a database;

the user profile comprising interaction data derived from analysis of previous user-touchscreen interactions;

comparing the received user-touchscreen interactions within the requested e-commerce session to interaction data in the user profile to determine a score; and

if the score meets or exceeds a determined threshold, verifying authentication of the user and sending permission to the client touchscreen to allow the requested e-commerce session related action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user participating in an e-commerce session can be authenticated based on user-touchscreen interaction analysis. That is, a user requested action can be determined that requires additional authentication. Such authentication can further include, requesting analysis of user-touchscreen interaction for the e-commerce session and receiving a pattern matching score for the session from a computer. The pattern matching score can provide an indication of a comparison between the user'"'"'s interaction with a touchscreen during the session and a pre-established user-touchscreen interaction profile for the user. A computer can perform a verification action to verify an identity of the user based on the received pattern matching score. Responsive to a successful verification of the identity, the computer can perform the requested action.

75 Citations

20 Claims

1. A method for authenticating a user participating in an Internet commerce session through a client touchscreen device in communication with an e-commerce transaction system via an Internet Protocol (IP) network, the method comprising the steps of:
- a computer of the system receiving a request for an e-commerce session related action via the client touchscreen from the user,the computer of the system performing a primary authentication chosen from the group consisting of;
  
  username-password authentication, security code authentication, PIN (Personal Identification Number) authentication, Credit card or Debit card authentication, call-back authentication and OTP (One Time Password) authentication;
  
  the computer of the system receiving as part of the requested e-commerce session, user-touchscreen interaction data regarding at least one characteristic of how the user interacted with the touchscreen in the course of the e-commerce session;
  
  the computer of the system determining, without making user aware of the additional authentication, whether the requested e-commerce session related action requires additional authentication of the user;
  
  if the requested e-commerce session related action requires additional authentication from the user, the computer of the system analyzing the user touchscreen interaction data to detect behavioral biometrics of the user within the e-commerce session by the steps of;
  
  locating a user profile associated with the authentication of the user within a database;
  
  the user profile comprising interaction data derived from analysis of previous user-touchscreen interactions;
  
  comparing the received user-touchscreen interactions within the requested e-commerce session to interaction data in the user profile to determine a score; and
  
  if the score meets or exceeds a determined threshold, verifying authentication of the user and sending permission to the client touchscreen to allow the requested e-commerce session related action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the user touchscreen interaction data that the computer compared to the interaction data of the user-touchscreen interaction profile comprises at least one of:
    - screen orientation data, zooming gesture data, and scrolling gesture data for the e-commerce session.
  - 3. The method of claim 1, wherein the user touchscreen interaction data that the computer compared to the interaction data of the user-touchscreen interaction profile comprises at least one of:
    - a number of fingers used when typing on the touch-screen, keysliding behavior for slide-based keyboard interactions on the touch-screen, an amount of pressure asserted on the touch-screen when making selections, a detected touch area per touch on the touch-screen, and a distance between two touch-points on the touchscreen.
  - 4. The method of claim 1, wherein the requested e-commerce session related action is one to complete a purchase of a good or a service via the e-commerce session.
  - 5. The method of claim 1, further comprising the steps of:
    - the computer establishing the e-commerce session with the user;
      
      the computer authenticating the user with a first-level authentication based on a user response to a prompting for user-name and password; and
      
      the computer determining that the requested e-commerce session related action requires a second-level authentication action that requires the additional authentication than available responsive to the first level authentication.
  - 6. The method of claim 1, further comprising the steps of:
    - the computer receiving a pattern matching score from a pattern matching server.
  - 7. The method of claim 1, wherein the requested action comprises one or more of completion of an e-commerce transaction, access to restricted information, modification of user information, or a change to a password specific to an e-commerce site.
  - 8. The method of claim 1, wherein the computer is a server, wherein the e-commerce session results from the server interacting with an installed application executing on the touch-screen device having the touch-screen, wherein the installed application is an installed application specifically linked to the server within code of the installed application itself.
  - 9. The method of claim 1, wherein the computer is a Web server, wherein the e-commerce session results from the Web server interacting with a Web browser executing upon the touch-screen device, the method further comprising the steps of:
    - the Web server receiving an indication that the Web browser is executing on a touchscreen device having the touch-screen; and
      
      responsive to receiving the indication, the Web server adjusting internal parameters for verifying user identity to utilize touchscreen behavioral biometric patterns.
  - 10. The method of claim 1, wherein the computer is a Web server, wherein the e-commerce session results from the Web server interacting with a Web browser executing upon the touch-screen device, wherein the user touchscreen interaction data that the Web server compared to the interaction data of the user-touchscreen interaction profile comprises screen orientation data for the e-commerce session.
  - 11. The method of claim 1, wherein the computer is a Web server, wherein the e-commerce session results from the Web server interacting with a Web browser executing upon the touch-screen device, wherein the user touchscreen interaction data that the Web server compared to the corresponding data of the user-touchscreen interaction profile comprises zooming gesture data for the e-commerce session.
  - 12. The method of claim 1, wherein the computer is a Web server, wherein the e-commerce session results from the Web server interacting with a Web browser executing upon the touch-screen device, wherein the user touchscreen interaction data that the Web server compared to the corresponding data of the user-touchscreen interaction profile comprises scrolling gesture data for the e-commerce session.

13. An apparatus for authenticating a user participating in an Internet commerce session through a client touchscreen device in communication with an e-commerce transaction system via an Internet Protocol (IP) network, the apparatus comprising:
- one or more computer-readable non-transitory storage devices;
  
  computer usable program code, stored on at least one of the one or more non-transitory storage devices, wherein execution of the stored computer usable program code by a process causes the processor or a device within which the processor is operational to receive a request for an e-commerce session related action via the client touchscreen;
  
  computer usable program code, stored on at least one of the one or more non-transitory storage devices, wherein execution of the stored computer usable program code by a process causes the processor or a device within which the processor is operational to perform a primary authentication chosen from the group consisting of;
  
  username-password authentication, security code authentication, PIN (Personal Identification Number) authentication, Credit card or Debit card authentication, call-back authentication and OTP (One Time Password) authentication;
  
  computer usable program code, stored on at least one of the one or more non-transitory storage devices, wherein execution of the stored computer usable program code by a process causes the processor or a device within which the processor is operational to receive as part of the requested e-commerce session, user-touchscreen interaction data regarding at least one characteristic of how the user interacted with the touchscreen in the course of the e-commerce session;
  
  computer usable program code, stored on at least one of the one or more non-transitory storage devices, wherein execution of the stored computer usable program code by a process causes the processor or a device within which the processor is operational to determine without making user aware of the additional authentication whether the requested e-commerce session related action requires additional authentication of the user;
  
  computer usable program code, stored on at least one of the one or more non-transitory storage devices, wherein execution of the stored computer usable program code by a process causes the processor or a device within which the processor is operational to, if the requested e-commerce session related action requires additional authentication from the user, analyzing the user-touchscreen interaction data to detect behavioral biometrics of the user within the e-commerce session by;
  
  locating a user profile associated with the authentication of the user within a database;
  
  the user profile comprising interaction data derived from analysis of previous user-touchscreen interactions;
  
  comparing the received user-touchscreen interactions within the requested e-commerce session to interaction data in the user profile to determine a score; and
  
  if the score meets or exceeds a determined threshold, verifying authentication of the user and sending permission to the client touchscreen to allow the requested e-commerce session related action.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The apparatus of claim 13, wherein the user touchscreen interaction data compared to the interaction data of the user-touchscreen interaction profile comprises at least one of:
    - screen orientation data, zooming gesture data, and scrolling gesture data for the e-commerce session.
  - 15. The apparatus of claim 13, wherein the user touchscreen interaction data compared to the interaction data of the user-touchscreen interaction profile comprises at least one of:
    - a number of fingers used when typing on the touch-screen, keysliding behavior for slide-based keyboard interactions on the touch-screen, an amount of pressure asserted on the touch-screen when making selections, a detected touch area per touch on the touch-screen, and a distance between two touch-points on the touchscreen.
  - 16. The apparatus of claim 13, wherein the e-commerce session is an interactive session between a Web server and a Web browser executing upon the touch-screen device.
  - 17. The apparatus of claim 16, wherein the user touchscreen interaction data compared to the interaction data of the user-touchscreen interaction profile comprises screen orientation data, zooming gesture data, or scrolling gesture data for the e-commerce session.

18. A computer system for authenticating a user participating in an Internet commerce session through a client touchscreen device in communication with an e-commerce transaction system via an Internet Protocol (IP) network, the computer system comprising:
- one or more processors, one or more computer-readable memories and one or more computer-readable tangible storage devices;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to receive a request for an e-commerce session related action via the client touchscreen from the user;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to perform a primary authentication chosen from the group consisting of;
  
  username-password authentication, security code authentication, PIN (Personal Identification Number) authentication, Credit card or Debit card authentication, call-back authentication and OTP (One Time Password) authentication;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to receive as part of the requested e-commerce session, user-touchscreen interaction data regarding at least one characteristic of how the user interacted with the touchscreen in the course of the e-commerce session;
  
  program instructions, stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to determine, without making user aware of the additional authentication, whether the requested e-commerce session related action requires additional authentication of the user;
  
  if the requested e-commerce session related action requires additional authentication from the user, the computer of the system analyzing the user touchscreen interaction data to detect behavioral biometrics of the user within the e-commerce session by the program instructions of;
  
  locating a user profile associated with the authentication of the user within a database;
  
  the user profile comprising interaction data derived from analysis of previous user-touchscreen interactions;
  
  comparing the received user-touchscreen interactions within the requested e-commerce session to interaction data in the user profile to determine a score; and
  
  if the score meets or exceeds a determined threshold, verifying authentication of the user and sending permission to the client touchscreen to allow the requested e-commerce session related action.
- View Dependent Claims (19, 20)
- - 19. The computer system of claim 18, wherein the user touchscreen interaction data compared to the interaction data of the user-touchscreen interaction profile comprises at least one of:
    - a number of fingers used when typing on the touch-screen, keysliding behavior for slide-based keyboard interactions on the touch-screen, an amount of pressure asserted on the touch-screen when making selections, a detected touch area per touch on the touch-screen, and a distance between two touch-points on the touchscreen.
  - 20. The computer system of claim 18, wherein the e-commerce session is an interactive session between a Web server and a Web browser executing upon the touch-screen device, and wherein the user touchscreen interaction data compared to the interaction data of the user-touchscreen interaction profile comprises screen orientation data, zooming gesture data, or scrolling gesture data for the e-commerce session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
O'Connell, Brian M., Walker, Keith R.
Primary Examiner(s)
Winder, Patrice
Assistant Examiner(s)
WIDHALM, ANGELA M

Application Number

US13/293,356
Publication Number

US 20120054057A1
Time in Patent Office

2,196 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 21/55   Detecting local intrusion o...

G06Q 30/0601   Electronic shopping [e-shop...

User-touchscreen interaction analysis authentication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

75 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

User-touchscreen interaction analysis authentication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links