Method of and system for processing an unauthorized user access to a resource

US 9,871,813 B2
Filed: 02/24/2015
Issued: 01/16/2018
Est. Priority Date: 10/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method of processing a potentially unauthorized user access request, the method executable on a server, the method comprising:

receiving a first session identifier associated with a first communication session associated with a user account;

receiving a second session identifier associated with a second communication session associated with the user account, the second communication session being active concurrently with the first communication session;

based on user behaviour within the first communication session, generating a first user behaviour model associated with the first communication session, the first user behaviour model having a first model portion based on at least one device-specific parameter and a second model portion based on at least one user-device interaction parameter, the user-device interaction parameter being indicative of a type of action performed by a first electronic device within the first communication session;

based on user behaviour within the second communication session, generating a second user behaviour model associated with the second communication session the second user behaviour model having a first model portion based on at least one device-specific parameter and a second model portion based on at least one user-device interaction parameter, the user-device interaction parameter being indicative of a type of action performed by a second electronic device within the second communication session;

responsive to one of the first user behaviour model and the second user behaviour model being different from a stored authorized user behaviour model associated with the user account, the stored authorized user behaviour model having a first model portion based on at least one device-specific parameter and a second model portion based on at least one user-device interaction parameter, restricting user activity within the respective one of the first communication session and the second communication session; and

allowing unrestricted user activity within the other one of the first communication session and the second communication session.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is provided a method of processing a potentially unauthorized user access request. The method is executable on a server. The method comprises: receiving a first session identifier associated with a first communication session associated with a user account; receiving a second session identifier associated with a second communication session associated with the user account; based on user behavior within the first communication session, generating a first user behavior model associated with the first communication session; based on user behavior within the second communication session, generating a second user behavior model associated with the second communication session; responsive to one of the first user behavior model and the second user behavior model being different from a stored authorized user behavior model associated with the user account, restricting user activity within the respective one of the first communication session and the second communication session.

71 Citations

View as Search Results

20 Claims

1. A method of processing a potentially unauthorized user access request, the method executable on a server, the method comprising:
- receiving a first session identifier associated with a first communication session associated with a user account;
  
  receiving a second session identifier associated with a second communication session associated with the user account, the second communication session being active concurrently with the first communication session;
  
  based on user behaviour within the first communication session, generating a first user behaviour model associated with the first communication session, the first user behaviour model having a first model portion based on at least one device-specific parameter and a second model portion based on at least one user-device interaction parameter, the user-device interaction parameter being indicative of a type of action performed by a first electronic device within the first communication session;
  
  based on user behaviour within the second communication session, generating a second user behaviour model associated with the second communication session the second user behaviour model having a first model portion based on at least one device-specific parameter and a second model portion based on at least one user-device interaction parameter, the user-device interaction parameter being indicative of a type of action performed by a second electronic device within the second communication session;
  
  responsive to one of the first user behaviour model and the second user behaviour model being different from a stored authorized user behaviour model associated with the user account, the stored authorized user behaviour model having a first model portion based on at least one device-specific parameter and a second model portion based on at least one user-device interaction parameter, restricting user activity within the respective one of the first communication session and the second communication session; and
  
  allowing unrestricted user activity within the other one of the first communication session and the second communication session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, the method further comprising allowing unrestricted user activity within the other one of the first communication session and the second communication session.
  - 3. The method of claim 1, wherein the first session identifier comprises a session cookie.
  - 4. The method of claim 1, wherein the second session identifier comprises a session cookie.
  - 5. The method of claim 1, wherein the first electronic device and the second electronic device are different electronic devices.
  - 6. The method of claim 1, wherein the first electronic device and the second electronic device are a single electronic device.
  - 7. The method of claim 1, where the generating the first model portion and the second model portion of the first user behaviour model and the second user behavior model comprises applying a hashing function to the device-specific parameter and the user-device interaction parameter.
  - 8. The method of claim 7, wherein the user-device interaction parameter comprises at least one of:
    - user-associated click pattern;
      
      user-associated mouse movement pattern;
      
      user-associated typing pattern;
      
      user-specific function execution pattern; and
      
      a user time patterns when the user typically establishes user sessions.
  - 9. The method of claim 7, wherein the device specific parameter comprises at least one of:
    - a network address associated with a user electronic device typically used for establishing user sessions; and
      
      a version of a browsing application used by the user for establishing user sessions.
  - 10. The method of claim 7, wherein the user-device interaction parameter comprises at least one of:
    - a short term user-device interaction parameter and a long term user-device interaction parameter.
  - 11. The method of claim 1, further comprising at a time prior to the receiving, generating the stored authorized user behaviour model associated with the user account.
  - 12. The method of claim 11, wherein the generating first model portion and the second model portion of the stored authorised user behaviour model comprises applying a hashing function to the device-specific parameter and the user-device interaction parameter.
  - 13. The method of claim 1, wherein the restricting comprises blocking access to the user account.
  - 14. The method of claim 1, wherein the restricting comprises allowing limited functionality with the user account.
  - 15. The method of claim 1, wherein prior to the restricting, the method further comprises executing a verification routine within the respective one of the first communication session and the second communication session to confirm if the user access is unauthorized.
  - 16. The method of claim 1, wherein the restricting comprises associating a cookie that is in turn associated with the respective one of the first communication session and the second communication session with a flag indicative of a security-violation parameter.
  - 17. The method of claim 1, further comprising determining a security-violation parameter indicative of a degree of trust that the respective one of the first communication session and the second communication session is associated with an authorized user.
  - 18. The method of claim 17, wherein the security-violation parameter is embodied in a cookie stored in association with the respective one of the first communication session and the second communication session.

19. A server comprising:
- a communication interface for communication with a first electronic device and a second electronic device via a communication network,a processor operationally connected with the communication interface, the processor configured to process a potentially unauthorized user access request, the processor being further configured to;
  
  receive a first session identifier associated with a first communication session associated with a user account;
  
  receive a second session identifier associated with a second communication session associated with the user account, the second communication session being active concurrently with the first communication session;
  
  based on user behaviour within the first communication session, generate a first user behaviour model associated with the first communication session, the first user behaviour model having a first model portion based on at least one device-specific parameter and a second model portion based on at least one user-device interaction parameter, the user-device interaction parameter being indicative of a type of action performed by the first electronic device within the first communication session;
  
  based on user behaviour within the second communication session, generate a second user behaviour model associated with the second communication session the second user behaviour model having a first model portion based on at least one device-specific parameter and a second model portion based on at least one user-device interaction parameter, the user-device interaction parameter being indicative of a type of action performed by the second electronic device within the second communication session;
  
  responsive to one of the first user behaviour model and the second user behaviour model being different from a stored authorized user behaviour model associated with the user account, the stored authorized user behaviour model having a first model portion based on at least one device-specific parameter and a second model portion based on at least one user-device interaction parameter, restrict user activity within the respective one of the first communication session and the second communication session; and
  
  allow unrestricted user activity within the other one of the first communication session and the second communication session.
- View Dependent Claims (20)
- - 20. The server of claim 19, the processor being further configured to allow unrestricted user activity within the other one of the first communication session and the second communication session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Direct Cursus Technology LLC
Original Assignee
Yandex Europe AG (Yandex N.V.)
Inventors
Andreeva, Ekaterina Aleksandrovna, Leonychev, Yury Alekseyevich, Ganin, Egor Vladimirovich, Lavrinenko, Sergey Aleksandrovich
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Woldemariam, Nega

Application Number

US15/511,084
Publication Number

US 20170251008A1
Time in Patent Office

1,057 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

H04L 63/102   Entity profiles

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 67/146   Markers for unambiguous ide...

H04L 67/306   User profiles

H04L 67/535   Tracking the activity of th...

Method of and system for processing an unauthorized user access to a resource

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method of and system for processing an unauthorized user access to a resource

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links