Triggering a request for an authentication

US 9,955,349 B1
Filed: 08/19/2016
Issued: 04/24/2018
Est. Priority Date: 03/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

storing historic metric data for past communication sessions between a client device and one or more server computers associated with a service provider, the historic metric data comprising one or more of the following;

performance metric data, behavioral metric data, or environmental metric data;

for a current communication session between the client device and the service provider, receiving a first-level authentication, including a password, from the client device;

during the current communication session, receiving a request from the client device for an action to be performed by the service provider;

by the service provider, in response to the request, retrieving current metric data for the current communication session;

comparing the current metric data against the historic metric data;

if the current metric data deviates from the historic metric data by greater than a threshold amount, requesting a second-level authentication from the client device; and

responding to the request if the second-level authentication is passed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates to multifactor-based authentication systems. Multifactor authentication occurs during a communication session in response to detecting a trigger event, such as an anomalous condition. Historical metrics, such as performance metrics (e.g., rendering speeds), behavioral metrics (e.g., click-stream behavior), environmental metrics (e.g., noise), etc., can be used as a baseline to compare against metrics for a current communication session. An anomalous condition, such as a current session metric exceeding a threshold, can result in an authentication service transmitting a multifactor authentication request.

39 Citations

View as Search Results

16 Claims

1. A method, comprising:
- storing historic metric data for past communication sessions between a client device and one or more server computers associated with a service provider, the historic metric data comprising one or more of the following;
  
  performance metric data, behavioral metric data, or environmental metric data;
  
  for a current communication session between the client device and the service provider, receiving a first-level authentication, including a password, from the client device;
  
  during the current communication session, receiving a request from the client device for an action to be performed by the service provider;
  
  by the service provider, in response to the request, retrieving current metric data for the current communication session;
  
  comparing the current metric data against the historic metric data;
  
  if the current metric data deviates from the historic metric data by greater than a threshold amount, requesting a second-level authentication from the client device; and
  
  responding to the request if the second-level authentication is passed.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the performance metric data includes a speed of the past communication sessions, wherein the retrieving of the current metric data includes determining a speed of the current communication session, and wherein the comparing includes comparing the speed of the current communication session against the speed of the past communication sessions.
  - 3. The method of claim 1, wherein the behavioral metric data includes one or more of the following:
    - frequency that the client device is used to log-in to the service provider, typing frequency on the client device, or key-press duration.
  - 4. The method of claim 1, wherein the environmental metric data includes environmental conditions at a location of the client device including one or more of the following:
    - a noise level, a temperature, a humidity, or a geographic location.
  - 5. The method of claim 1, further including comparing the action to a list of actions considered to be sensitive actions and wherein the requesting of the second-level authentication is only performed for sensitive actions.
  - 6. The method of claim 1, further including blocking the action from being performed unless the second-level authentication is passed.
  - 7. The method of claim 1, wherein the second-level authentication includes requesting knowledge-based authentication information from a user of the client device or biometric-based authentication information from the user of the client device.

8. A computer-readable storage device, which is non-transitory, including instructions thereon that upon execution cause a computer system to:
- receive first-level authentication information for a current communication session between a client device and a host server computer within a service provider;
  
  receive a request from the client device for an action to be performed by the service provider;
  
  in response to the request, track a metric associated with the current communication session and compare the tracked metric to a saved metric associated with the client device; and
  
  if the tracked metric deviates more than a threshold amount from the saved metric, request second-level authentication information for the current communication session to continue.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The computer-readable storage medium of claim 8, wherein the saved metric comprises one or more of the following:
    - performance metric data, behavioral metric data, or environmental metric data.
  - 10. The computer-readable storage medium of claim 9, wherein the performance metric data includes a speed of past communication sessions between the client device and the service provider.
  - 11. The computer-readable storage medium of claim 9, wherein the behavioral metric data includes one or more of the following:
    - frequency with which the client device is used to log-in to the service provider, typing frequency on the client device, or key-press duration.
  - 12. The computer-readable storage medium of claim 9, wherein the environmental metric data includes environmental conditions at a location of the client device including one or more of the following:
    - a noise level, a temperature, a humidity, or a geographic location.
  - 13. The computer-readable storage medium of claim 8, wherein the saved metric is associated with one or more session profiles generated using communication session metrics between the service provider and the client device.
  - 14. The computer-readable storage medium of claim 8, wherein the second-level authentication includes causing one or more measurement devices to be transported to a location of the client device to obtain a measurement associated with the client device.
  - 15. The computer-readable storage medium of claim 14, wherein the measurement device is attached to an unmanned aerial vehicle that includes a wireless access point to which the client device can connect.
  - 16. The computer-readable storage medium of claim 14, wherein the first-level authentication information includes a password, and the second-level authentication information is independent of the password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
McClintock, Jon Arron, Canavor, Darren Ernest, Stathakopoulos, George Nikolaos
Primary Examiner(s)
Tabor, Amare F

Application Number

US15/242,277
Time in Patent Office

613 Days
Field of Search

726 7, 726 3, 726 4, 726 30
US Class Current
CPC Class Codes

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/554   involving event detection a...

G06F 2221/2103   Challenge-response

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

Triggering a request for an authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Triggering a request for an authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others