Method of and system for processing an unauthorized user access to a resource

US 9,900,318 B2
Filed: 02/11/2015
Issued: 02/20/2018
Est. Priority Date: 10/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a user in a network, the method executed on a server, the method comprising:

acquiring a non-authorized user-behavior model associated with a non-authorized access to a network resource by an unauthorized entity, the non-authorized user-behavior model having been generated during blocking the non-authorized access to the network resource by the unauthorized entity, the non-authorized user-behavior model having a first model portion based on at least one device-specific parameter and a second model portion based on at least one user-device interaction parameter, the user-device interaction parameter being indicative of a type of action performed by the unauthorized entity with the network resource;

retrieving from a log stored on the network server, an indication of a plurality of users, each respective user of the plurality of users being associated with a respective user-behavior model, the respective user-behavior model having a respective first model portion based on at least one device-specific parameter and a respective second model portion based on at least one user-device interaction parameter, the user-device interaction parameter being indicative of a type of action performed by the respective user with the network resource;

responsive to the first model portion and the second model portion of one of the respective user-behavior model associated with a respective user of the plurality of users matching the first model portion and the second model portion of the non-authorized user-behavior model, associating a user account associated with the respective user associated with the one of the respective user-behavior model with a security-violation parameter;

responsive to the security-violation parameter, restricting user activity within the user account.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is provided a method of authenticating a user in a network. The method can be executed on a server. The method comprises: acquiring a non-authorized user-behavior model associated with a non-authorized access to a network resource by an unauthorized entity, the non-authorized user-behavior model having been generated during blocking the non-authorized access to the network resource by the unauthorized entity; retrieving from a log stored on the network server, an indication of a plurality of users, each respective user associated with a respective user-behavior model; responsive to one of the respective user-behavior model matching the non-authorized user-behavior model, associating a user account associated with the respective user associated with the one of the respective user-behavior model with a security-violation parameter; responsive to the security-violation parameter, restricting user activity within the user account.

Citations

20 Claims

1. A method of authenticating a user in a network, the method executed on a server, the method comprising:
- acquiring a non-authorized user-behavior model associated with a non-authorized access to a network resource by an unauthorized entity, the non-authorized user-behavior model having been generated during blocking the non-authorized access to the network resource by the unauthorized entity, the non-authorized user-behavior model having a first model portion based on at least one device-specific parameter and a second model portion based on at least one user-device interaction parameter, the user-device interaction parameter being indicative of a type of action performed by the unauthorized entity with the network resource;
  
  retrieving from a log stored on the network server, an indication of a plurality of users, each respective user of the plurality of users being associated with a respective user-behavior model, the respective user-behavior model having a respective first model portion based on at least one device-specific parameter and a respective second model portion based on at least one user-device interaction parameter, the user-device interaction parameter being indicative of a type of action performed by the respective user with the network resource;
  
  responsive to the first model portion and the second model portion of one of the respective user-behavior model associated with a respective user of the plurality of users matching the first model portion and the second model portion of the non-authorized user-behavior model, associating a user account associated with the respective user associated with the one of the respective user-behavior model with a security-violation parameter;
  
  responsive to the security-violation parameter, restricting user activity within the user account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, further comprising, prior to the restricting, executing a verification routine within the respective user account to confirm if the user access is unauthorized.
  - 3. The method of claim 2, wherein the executing the verification routine comprises presenting a user associated with the user account a challenge question.
  - 4. The method of claim 1, wherein the security-violation parameter comprises a cookie associated with the user account augmented with a flag indicative of the security-violation parameter.
  - 5. The method of claim 1, wherein the security-violation parameter is indicative of a degree of trust that the user associated with the user account is an un-authorized user.
  - 6. The method of claim 1, wherein the restricting comprises blocking access to the user account.
  - 7. The method of claim 1, wherein the restricting comprises allowing limited functionality with the user account.
  - 8. The method of claim 1, wherein the first model portion and the second model portion of the respective user-behavior model and the non-authorized user-behavior model have been generated by applying a hashing function on the device-specific parameter and the user-device interaction parameter.
  - 9. The method of claim 7, wherein the user-device interaction parameter comprises at least one of:
    - user-associated click pattern;
      
      user-associated mouse movement pattern;
      
      user-associated typing pattern;
      
      user-specific function execution pattern;
      
      a user time patterns when the user typically establishes user sessions.
  - 10. The method of claim 8, wherein the device-specific parameter comprisesa network address associated with a user electronic device typically used for establishing user sessions;
    - a version of a browsing application used by the user for establishing user sessions.
  - 11. The method of claim 8, wherein the user-device interaction parameter comprises at least one of:
    - a short term user-device interaction parameter and a long term user-device interaction parameter.
  - 12. The method of claim 1, further comprising, prior to the acquiring,generating each of the respective user-behavior model.
  - 13. The method of claim 12, wherein the respective user-behavior model has been generated by analyzing at least one of:
    - device-specific parameter and user-device interaction parameter.
  - 14. The method of claim 13, wherein the user-device interaction parameter comprises at least one of:
    - user-associated click pattern;
      
      user-associated mouse movement pattern;
      
      user-associated typing pattern;
      
      user-specific function execution pattern;
      
      a user time patterns when the user typically establishes user sessions.
  - 15. The method of claim 13, wherein the device-specific parameter comprises at least one of:
    - a network address associated with a user electronic device typically used for establishing user sessions;
      
      a version of a browsing application used by the user for establishing user sessions.
  - 16. The method of claim 13, wherein the user-device interaction parameter comprises at least one of:
    - a short term user-device interaction parameter and a long term user-device interaction parameter.

17. A server comprising:
- a communication interface for communication with an electronic device via a communication network,a processor operationally connected with the communication interface, the processor configured to authenticate a user in a network, the processor being further configured to;
  
  acquire a non-authorized user-behavior model associated with a non-authorized access to a network resource by an unauthorized entity, the non-authorized user-behavior model having been generated during blocking the non-authorized access to the network resource by the unauthorized entity, the non-authorized user-behavior model having a first model portion based on at least one device-specific parameter and a second model portion based on at least one user-device interaction parameter, the user-device interaction parameter being indicative of a type of action performed by the unauthorized entity with the network resource;
  
  retrieve from a log stored on the network server, an indication of a plurality of users, each respective user of the plurality of users being associated with a respective user-behavior model, the respective user-behavior model having a respective first model portion based on at least one device-specific parameter and a respective second model portion based on at least one user-device interaction parameter, the user-device interaction parameter being indicative of a type of action performed by the respective user with the network resource;
  
  responsive to the first model portion and the second model portion of one of the respective user-behavior model associated with a respective user of the plurality of users matching the first model portion and the second model portion of the non-authorized user-behavior model, associate a user account associated with the respective user associated with the one of the respective user-behavior model with a security-violation parameter;
  
  responsive to the security-violation parameter, restrict user activity within the user account.
- View Dependent Claims (18, 19, 20)
- - 18. The server of claim 17, the processor being further configured, prior to executing restricting, to execute a verification routine within the respective user account to confirm if the user access is unauthorized.
  - 19. The server of claim 18, wherein to execute the verification routine, the processor is configured to present a user associated with the user account a challenge question.
  - 20. The server of claim 17, wherein the security-violation parameter comprises a cookie associated with the user account augmented with a flag indicative of the security-violation parameter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
YE Hub Armenia LLC
Original Assignee
Yandex Europe AG (Yandex N.V.)
Inventors
Andreeva, Ekaterina Aleksandrovna, Leonychev, Yury Alekseyevich, Ganin, Egor Vladimirovich, Lavrinenko, Sergey Aleksandrovich
Primary Examiner(s)
Vaughan, Michael R

Application Number

US15/511,082
Publication Number

US 20170244718A1
Time in Patent Office

1,105 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

Method of and system for processing an unauthorized user access to a resource

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method of and system for processing an unauthorized user access to a resource

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links