Behavior-based identity system

US 9,990,481 B2
Filed: 06/01/2015
Issued: 06/05/2018
Est. Priority Date: 07/23/2012
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying a program that, when executed in at least one computing device, causes the at least one computing device to at least:

generate a plurality of stored behavioral events associated with a user identity based at least in part on an action of a user at a client device, the action comprising a predefined sequence of behavioral events;

in response to receiving an assertion of the user identity, monitor a plurality of behavioral events expressed by the client device relative to a plurality of resources of a first network site;

perform a comparison between the plurality of behavioral events and the plurality of stored behavioral events;

determine an inverse identity confidence score as to whether the user identity does not belong to the user at the client device based at least in part on the comparison; and

authenticate the user at the client device to access a resource of a second network site based at least in part on determining that the inverse identity confidence score does not meet a threshold.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for a behavior-based identity system that recognizes and/or authenticates users based at least in part on determining stored behavioral events. For example, stored behavioral events may have been observed previously at a client or have been predefined by an authenticated user. Multiple behavioral events expressed by the client relative to a network site are recorded. The behavioral events may correspond to data that a user has elected to share, and the user may opt-in or opt-out of the behavior-based identity system. A comparison is performed between the multiple observed behavioral events and the stored behavioral events associated with a user identity. An inverse identity confidence score as to whether the user identity does not belong to a user at the client is generated based at least in part on the comparison.

Citations

18 Claims

1. A non-transitory computer-readable medium embodying a program that, when executed in at least one computing device, causes the at least one computing device to at least:
- generate a plurality of stored behavioral events associated with a user identity based at least in part on an action of a user at a client device, the action comprising a predefined sequence of behavioral events;
  
  in response to receiving an assertion of the user identity, monitor a plurality of behavioral events expressed by the client device relative to a plurality of resources of a first network site;
  
  perform a comparison between the plurality of behavioral events and the plurality of stored behavioral events;
  
  determine an inverse identity confidence score as to whether the user identity does not belong to the user at the client device based at least in part on the comparison; and
  
  authenticate the user at the client device to access a resource of a second network site based at least in part on determining that the inverse identity confidence score does not meet a threshold.
- View Dependent Claims (2, 3, 4)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the action of the user comprises a plurality of previously observed behavioral events.
  - 3. The non-transitory computer-readable medium of claim 1, wherein the plurality of behavioral events include at least one of:
    - a client-side behavior with respect to a rendered resource obtained from the first network site, a respective search query being executed in the first network site, a respective item being purchased in the first network site, or a respective resource being accessed.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the assertion of the user identity includes a valid password for the user identity.

5. A system, comprising:
- a data store;
  
  at least one computing device comprising a processor and a memory and being in communication with the data store; and
  
  an identity management system that, when executed by at the at least one computing device, causes the at least one computing device to at least;
  
  determine a plurality of stored behavioral events associated with a user identity based at least in part on a user specification of behavior events received and stored in the data store;
  
  record a plurality of behavioral events expressed to a client device relative to a plurality of resources of a network site;
  
  perform a comparison of the plurality of behavior events and the plurality of stored behavioral events to determine whether the plurality of behavioral events match a specific sequence of the plurality of stored behavioral events; and
  
  determine an inverse identity confidence score as to whether the user identity does not belong to a user associated with the client device based at least in part on the comparison.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The system of claim 5, wherein the at least one computing device is further configured to at least:
    - monitor authenticated user behavior in a plurality of authenticated user sessions associated with the user identity to generate at least one of the plurality of stored behavioral events when permission is enabled by an authenticated user having the user identity.
  - 7. The system of claim 5, wherein the comparison between the plurality of behavioral events and the plurality of stored behavioral events is performed in response to receiving an assertion of the user identity from the client device.
  - 8. The system of claim 7, wherein the assertion of the user identity is obtained from a cookie stored by the client device, from a form submission by the client device, or from a uniform resource locator (URL) accessed by the client device.
  - 9. The system of claim 5, wherein the at least one computing device is further configured to at least determine an identity confidence score as to whether the user identity belongs to the user at the client device based at least in part on the comparison.
  - 10. The system of claim 5, wherein the plurality of behavioral events include a client-side behavioral event relative to a rendered resource of the network site, and the at least one computing device is further configured to at least obtain the client-side behavioral event from monitoring code executed in the client device.
  - 11. The system of claim 10, wherein the client-side behavioral event corresponds to a typing characteristic of the user or a scrolling characteristic of the user.
  - 12. The system of claim 5, wherein the plurality of behavioral events are expressed by the client device relative to the plurality of resources of the network site, and the at least one computing device is further configured to at least obtain behavior verification data created by a server associated with the network site.
  - 13. The system of claim 5, wherein the at least one computing device is further configured to at least authenticate the user at the client device to access a secured resource of another network site based at least in part on determining that the inverse identity confidence score does not meet a threshold.
  - 14. The system of claim 13, wherein the at least one computing device is further configured to at least recognize the user at the client device as potentially having the user identity based at least in part on determining that the inverse identity confidence score meets an intermediate threshold which is lesser than the threshold.

15. A computer-implemented method, comprising:
- generating, via at least one of one or more computing devices comprising a processor and a memory, a plurality of stored behavioral events associated with a user identity based at least in part on an action of a user, the action comprising a predefined sequence of behavioral events;
  
  receiving, via at least one of the one or more computing devices, an assertion of the user identity from a client device;
  
  receiving, via at least one of the one or more computing devices, behavior verification data created by a server associated with a network site and stored in a data store as a user specification, the behavioral verification data comprising a plurality of behavioral events expressed by the client device relative to a resource of the network site;
  
  performing, via at least one of the one or more computing devices, a comparison of the plurality of behavioral events and the plurality of stored behavioral events; and
  
  generating, via at least one of the one or more computing devices, an inverse identity confidence score as to whether the user identity does not belong to the user at the client device based at least in part on the comparison.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein the plurality of behavioral events include adding a respective item to a shopping list or a wish list on the network site.
  - 17. The method of claim 15, wherein the plurality of behavioral events include accessing a respective network page from the network site.
  - 18. The method of claim 15, wherein the behavior verification data is received from at least one of the server or the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Johansson, Jesper M., Stathakopoulos, George N.
Primary Examiner(s)
Abedin, Shanto M

Application Number

US14/727,183
Publication Number

US 20150261945A1
Time in Patent Office

1,100 Days
Field of Search

726 2- 7, 705 1425, 705 1426, 705 2635, 705 67, 705 75, 713168
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

Behavior-based identity system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Behavior-based identity system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links