System and method for utilizing behavioral characteristics in authentication and fraud prevention

US 9,860,239 B2
Filed: 02/29/2016
Issued: 01/02/2018
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method of verifying that a user is authorized to access a computer-accessible resource, the method comprising:

maintaining, for a plurality of authenticated users, data reflecting historical voice call characteristics indicative of each of the authenticated users;

maintaining a communication number of a verification device associated with a user;

receiving a request by the user to access a computer-accessible resource;

utilizing the communication number to establish a voice call session with the user'"'"'s verification device in order to send a request that the user perform a verification action;

monitoring one or more voice call characteristics during the voice call session, the monitored one or more voice call characteristics including timing data related to the voice call session;

determining whether the user successfully performed the requested verification action;

determining whether an authentication rule has been satisfied by;

identifying the authenticated user that the user purports to be,comparing the monitored one or more voice call characteristics of the user to the maintained voice call characteristics of the authenticated user, andevaluating whether the monitored one or more voice call characteristics fall within ranges of the authenticated user'"'"'s voice call characteristics; and

if the verification action has been successfully completed by the user and if the authentication rule has been satisfied by the monitored voice call characteristics, generating an authentication response that indicates that the user has been authenticated for access to the computer-accessible resource.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A behavioral characteristics authentication system and method (“BCA system”) that facilitates authentication of the identity of a user, registrant, or applicant of a website, application, or other accessible computer resource using a verification process that incorporates behavioral characteristics. In operation, the BCA system compares a single user'"'"'s behavior with their previous behavior, a user'"'"'s behavior with behavior generally attributed to non-fraudulent behavior, or a user'"'"'s behavior with behavior generally attributed to fraudulent behavior. The population of other users that a user'"'"'s behavior is compared with may be selected to have similar demographic or other characteristics as the user. By analyzing various behavioral characteristics associated with legitimate or fraudulent multi-factor authentication attempts, the BCA system adds another layer of security to online transactions.

Citations

20 Claims

1. A method of verifying that a user is authorized to access a computer-accessible resource, the method comprising:
- maintaining, for a plurality of authenticated users, data reflecting historical voice call characteristics indicative of each of the authenticated users;
  
  maintaining a communication number of a verification device associated with a user;
  
  receiving a request by the user to access a computer-accessible resource;
  
  utilizing the communication number to establish a voice call session with the user'"'"'s verification device in order to send a request that the user perform a verification action;
  
  monitoring one or more voice call characteristics during the voice call session, the monitored one or more voice call characteristics including timing data related to the voice call session;
  
  determining whether the user successfully performed the requested verification action;
  
  determining whether an authentication rule has been satisfied by;
  
  identifying the authenticated user that the user purports to be,comparing the monitored one or more voice call characteristics of the user to the maintained voice call characteristics of the authenticated user, andevaluating whether the monitored one or more voice call characteristics fall within ranges of the authenticated user'"'"'s voice call characteristics; and
  
  if the verification action has been successfully completed by the user and if the authentication rule has been satisfied by the monitored voice call characteristics, generating an authentication response that indicates that the user has been authenticated for access to the computer-accessible resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising saving the monitored one or more voice call characteristics to the maintained voice call characteristics of authenticated users when the authentication rule has been satisfied.
  - 3. The method of claim 1, wherein the requested verification action is performed by the user during the voice call session.
  - 4. The method of claim 3, wherein the timing data relates to user actions during performance of the requested verification action.
  - 5. The method of claim 1, wherein the monitored one or more voice call characteristics are comprised of at least one of:
    - an amount of time that was taken by the user to answer a phone call;
      
      an amount of time that a phone was “
      
      off hook”
      
      during a phone call;
      
      a tone or inflection of the user;
      
      oran amount of time taken by the user to perform the requested verification action.
  - 6. The method of claim 1, wherein the authentication rule includes comparing the monitored one or more voice call characteristics with historical data that reflects characteristics of legitimate users.
  - 7. The method of claim 1, wherein the one or more voice call characteristics include affirmative user actions made during the requested verification action.
  - 8. The method of claim 1, wherein the voice call session is a VoIP session.
  - 9. The method of claim 1, wherein the request to the user'"'"'s verification device that the user perform a verification action causes a code to be communicated to the user and instructions to be presented to the user on how to perform the verification action.
  - 10. The method of claim 9, wherein the communicated code is generated by the verification device or transmitted to the verification device.
  - 11. The method of claim 1, wherein the request to the user'"'"'s verification device that the user perform a verification action is contained in a verification message.

12. A non-transitory computer-readable medium encoded with instructions that, when executed by a processor, perform a method of verifying that a user is authorized to access a computer-accessible resource, the method comprising:
- maintaining, for a plurality of authenticated users, data reflecting historical voice call characteristics indicative of each of the authenticated users;
  
  maintaining a communication number of a verification device associated with a user;
  
  receiving a request by the user to access a computer-accessible resource;
  
  utilizing the communication number to establish a voice call session with the user'"'"'s verification device in order to send a request that the user perform a verification action;
  
  monitoring one or more voice call characteristics during the voice call session, the monitored one or more voice call characteristics including timing data related to the voice call session;
  
  determining whether the user successfully performed the requested verification action;
  
  determining whether an authentication rule has been satisfied by;
  
  identifying the authenticated user that the user purports to be,comparing the monitored one or more voice call characteristics of the user to the maintained voice call characteristics of the authenticated user, andevaluating whether the monitored one or more voice call characteristics fall within ranges of the authenticated user'"'"'s voice call characteristics; and
  
  if the verification action has been successfully completed by the user and if the authentication rule has been satisfied by the monitored voice call characteristics, generating an authentication response that indicates that the user has been authenticated for access to the computer-accessible resource.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The non-transitory computer-readable storage medium of claim 12, further comprising instructions that when executed by the processor cause saving the monitored one or more voice call characteristics to the maintained voice call characteristics of authenticated users when the authentication rule has been satisfied.
  - 14. The non-transitory computer-readable storage medium of claim 12, wherein the requested verification action is performed by the user during the voice call session.
  - 15. The non-transitory computer-readable storage medium of claim 14, wherein the timing data relates to user actions during performance of the requested verification action.
  - 16. The non-transitory computer-readable storage medium of claim 12, wherein the monitored one or more voice call characteristics are comprised of at least one of:
    - an amount of time that was taken by the user to answer a phone call;
      
      an amount of time that a phone was “
      
      off hook”
      
      during a phone call;
      
      a tone or inflection of the user;
      
      oran amount of time taken by the user to perform the requested verification action.

17. A system for verifying that a user is authorized to access a computer-accessible resource, the system comprising:
- a user history database configured to maintain, for a plurality of authenticated users, data reflecting historical voice call characteristics indicative of each of the authenticated users;
  
  a user accounts database configured to maintain a communication number of a verification device associated with a user;
  
  a behavioral monitoring module configured to monitor one or more voice call characteristics during a voice call session, the monitored one or more voice call characteristics including timing data related to the voice call session; and
  
  a user authentication module configured to;
  
  receive a request by the user to access a computer-accessible resource;
  
  utilize the communication number to establish the voice call session with the user'"'"'s verification device in order to send a request that the user perform a verification action;
  
  determine whether the user successfully performed the requested verification action;
  
  determine whether an authentication rule has been satisfied by;
  
  identifying the authenticated user that the user purports to be,comparing the monitored one or more voice callcharacteristics of the user to the maintained voice callcharacteristics of the authenticated user, andevaluating whether the monitored one or more voice callcharacteristics fall within ranges of the authenticated user'"'"'s voice call characteristics; and
  
  if the verification action has been successfully completed by the user and if the authentication rule has been satisfied by the monitored voice call characteristics, generate an authentication response that indicates that the user has been authenticated for access to the computer-accessible resource.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the user history database is further configured to save the monitored one or more voice call characteristics to the maintained voice call characteristics of authenticated users when the authentication rule has been satisfied.
  - 19. The system of claim 17, wherein the requested verification action is performed by the user during the voice call session.
  - 20. The system of claim 19, wherein the timing data relates to user actions during performance of the requested verification action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TeleSign Corporation (Government of Belgium)
Original Assignee
TeleSign Corporation (Government of Belgium)
Inventors
Stubblefield, Stacy Lyn
Primary Examiner(s)
Traore, Fatoumata

Application Number

US15/056,768
Publication Number

US 20160285855A1
Time in Patent Office

673 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/313   using a call-back technique...

G06F 21/316   by observing the pattern of...

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 63/1433   Vulnerability analysis

H04L 63/18   using different networks or...

H04L 63/20   for managing network securi...

System and method for utilizing behavioral characteristics in authentication and fraud prevention

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for utilizing behavioral characteristics in authentication and fraud prevention

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links