Triggering a request for an authentication

US 9,426,139 B1
Filed: 03/30/2015
Issued: 08/23/2016
Est. Priority Date: 03/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method of determining when to request multifactor authentication, the method comprising:

generating one or more session profiles using communication session metrics for previous communication sessions between a user, a client device or both, and a service provider;

setting one or more thresholds representing an acceptable deviation from the one or more session profiles;

receiving a request from the client device to perform an action within the service provider;

determining whether a session metric for an active communication session exceeds the one or more thresholds;

requesting a multifactor authentication for the user prior to responding to the request to perform the action if the session metric exceeds the one or more thresholds; and

wherein the communication session metrics for the previous communication sessions include session performance characteristics that include rendering speeds for the client device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates to multifactor-based authentication systems. Multifactor authentication occurs during a communication session in response to detecting a trigger event, such as an anomalous condition. Historical metrics, such as performance metrics (e.g., rendering speeds), behavioral metrics (e.g., click-stream behavior), environmental metrics (e.g., noise), etc., can be used as a baseline to compare against metrics for a current communication session. An anomalous condition, such as a current session metric exceeding a threshold, can result in an authentication service transmitting a multifactor authentication request.

72 Citations

View as Search Results

19 Claims

1. A method of determining when to request multifactor authentication, the method comprising:
- generating one or more session profiles using communication session metrics for previous communication sessions between a user, a client device or both, and a service provider;
  
  setting one or more thresholds representing an acceptable deviation from the one or more session profiles;
  
  receiving a request from the client device to perform an action within the service provider;
  
  determining whether a session metric for an active communication session exceeds the one or more thresholds;
  
  requesting a multifactor authentication for the user prior to responding to the request to perform the action if the session metric exceeds the one or more thresholds; and
  
  wherein the communication session metrics for the previous communication sessions include session performance characteristics that include rendering speeds for the client device.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the communication session metrics for the previous communication sessions include one or more of the following:
    - environmental metrics associated with the previous sessions, clickstream data associated with the previous sessions.
  - 3. The method of claim 1, wherein the communication session metrics include purchase history.
  - 4. The method of claim 1, further including causing one or more measurement devices to be transported to a location of the client device in order to capture the session metric.

5. A computer-readable storage medium including instructions that upon execution cause a computer system to:
- generate one or more thresholds for a client communication session with a service provider, the one or more thresholds being based on historical communication session metrics;
  
  receive a request for a client action in a current authenticated communication session with the service provider;
  
  receive a metric associated with the current authenticated communication session, wherein the metric is associated with rendering speeds for previous client communication sessions; and
  
  determine if the metric exceeds the one or more thresholds, and, if so, request an authentication prior to responding to the request.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 6. The computer-readable storage medium according to claim 5, wherein the instructions, upon execution, further cause the computer system to:
    - generate a profile based on the historical communication session metrics;
      
      wherein generating the one or more thresholds includes determining a deviation from an average of the profile.
  - 7. The computer-readable storage medium according to claim 5, wherein the request of the authentication includes requesting the user to provide information regarding a wireless access point near a location of a user making the request.
  - 8. The computer-readable storage medium according to claim 7, wherein the instructions, upon execution, further cause the computer system to:
    - cause a mobile wireless access point to be transported to a user'"'"'s location so that the user can access the wireless access point.
  - 9. The computer-readable storage medium according to claim 8, wherein the transport of the mobile wireless access point includes using a ground vehicle or an unmanned aerial vehicle.
  - 10. The computer-readable storage medium according to claim 5, wherein the instructions, upon execution, further cause the computer system to:
    - only perform the determination if the action is a candidate action for the authentication.
  - 11. The computer-readable storage medium according to claim 5, wherein the instructions, upon execution, further cause the computer system to:
    - wherein the action is a request to access secure information associated with a user account with the service provider.
  - 12. The computer-readable storage medium according to claim 5, wherein the metric includes an environmental metric associated with the communication session.
  - 13. The computer-readable storage medium according to claim 12, wherein the environmental metric includes an ambient noise level associated with the communication session.
  - 14. The computer-readable storage medium according to claim 5, wherein the metric includes behavioral information associated with a user making the request.
  - 15. The computer-readable storage medium according to claim 5, wherein the metric includes session performance characteristics for the previous sessions.
  - 16. The computer-readable storage medium according to claim 15, wherein the session performance characteristics include rendering times on a client device from which the action is received.
  - 17. The computer-readable storage medium according to claim 5, wherein the instructions, upon execution, further cause the computer system to:
    - receive a user authentication prior to receiving the action.

18. A system for requesting authentication, comprising:
- a monitoring service for capturing metrics between a client device and a service provider, wherein the captured metrics include session performance characteristics associated with rendering speeds for the client device;
  
  a profiling service coupled to the monitoring service for generating a user profile based on the captured metrics, the profiling service setting one or more thresholds of an acceptable deviation from the captured metrics; and
  
  an authentication service coupled to the profiling service, the authentication service for requesting additional authentication in response to the profiling service detecting a deviation in the captured metrics from typical metrics.
- View Dependent Claims (19)
- - 19. The system of claim 18, wherein the captured metrics include one or more of the following:
    - environmental metrics associated with an environment of the client device or behavioral metrics associated with behavior patterns of the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
McClintock, Jon Arron, Canavor, Darren Ernest, Stathakopoulos, George Nikolaos
Primary Examiner(s)
Tabor, Amare F

Application Number

US14/673,609
Time in Patent Office

512 Days
Field of Search

726/3, 726/4, 726/30, 713/170
US Class Current

1/1
CPC Class Codes

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/554   involving event detection a...

G06F 2221/2103   Challenge-response

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

Triggering a request for an authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

72 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Triggering a request for an authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links