US 9516035 B1 - Behavioral Profiling Method And System To Authenticate A User - The Lens

Behavioral Profiling Method And System To Authenticate A User

Published: Dec 6, 2016
Earliest Priority: Mar 20 2012
Family: 4
Cited Works: 1
Cited by: 14
Cites: 2
Additional Info: Cited Works Full text

Abstract

Methods and systems for behavioral profiling, and in particular, utilizing crowd-managed data architectures to store and manage that profile, are described. In some embodiments, a method includes observing behavioral characteristics of user interactions during a current session with the user through one of a plurality of channels. Variations between the behavioral characteristics of the user interactions observed during the current session and a behavioral profile previously developed based on prior usage patterns of the user through the plurality of channels are identified, in real-time or near real-time.

Claims

A method of user verification comprising:
observing, by a computer processor, behavioral characteristics of user interactions during a current session with a user through a channel;

identifying, in real-time or near real-time, variations between the behavioral characteristics of the user interactions observed during the current session and a behavioral profile previously developed based on prior usage patterns of the user through the channel, wherein the behavioral profile is based on clicktrail data and authentication logs;

implementing, by the computer processor, a challenge to proceed in the current session, the challenge based on the variations between the behavioral characteristics and the behavioral profile and on a risk level of requested activities of the current session; and

when the challenge to proceed in the current session disallows the user to continue in the current session:
analyzing, by the computer processor, behavioral biometrics of the user,

comparing, by the computer processor, the behavioral biometrics of the user with one or more previous samples of the behavioral biometrics of the user, and

when the comparison of the behavioral biometrics of the user with the one or more previous samples of the behavioral biometrics of the user is within a tolerance, allowing, by the computer processor, the current session to proceed.
The method of claim 1, further comprising receiving current device information, and wherein identifying the variations between the behavioral characteristics and the behavioral profile includes comparing the current device information with historical device information stored in the behavioral profile.
The method of claim 2, wherein the current device information includes at least one of the following: device location, device identification, channel usage on a current device, language, network, or internet service provider.
The method of claim 1, wherein identifying the variations includes estimating a distance between the behavioral characteristics in the current session and the behavioral profile, wherein the behavioral profile was further developed based on website behaviors specific to a generation of the user.
The method of claim 1, the method further comprising:
developing the behavioral profile by identifying typical usage patterns of behavior of the user from historical usage data;

calculating a distance between the behavioral characteristics in the current session and the behavioral profile; and

validating the behavioral profile during the current session when the behavioral characteristics in the current session are within a predetermined distance from the typical usage patterns of behavior of the user.
The method of claim 1, wherein the challenge requires the user to actively provide a response.
The method of claim 1, wherein the challenge comprises receiving current device information without the user actively providing a response.
The method of claim 1, wherein the risk level of requested activities is based, at least, on the type of activity, wherein the type of activity comprises at least one of: a deposit activity, a transfer activity, or a logon request activity.
The method of claim 8, wherein the behavioral profile is initially created using demographic data of users similar to the user.
The method of claim 9, the method further comprising:
removing or deemphasizing at least a portion of the demographic data from the behavioral profile as the behavioral profile of the user is adapted with the behavioral characteristics of the user interactions observed during the current session.
The method of claim 1, wherein the behavioral biometrics comprises at least one of: a cadence of typing, a temporal spacing between key presses, or a duration of each key press.
The method of claim 11, wherein the challenge includes at least one of:
allowing the user to proceed with the current session, collecting identifying information, noting suspicious activity, or disallowing the user to proceed with the current session.
The method of claim 1, wherein the variations are indicative of a second user, and wherein the method further comprises:
determining that the second user is authorized by the user; and

developing a behavioral profile for the second user.
The method of claim 1, the method further comprising:
adapting the behavior profile based on the identified variations between the behavior characteristics of the user interactions observed during the current session and the behavior profile.
The method of claim 1, wherein the channel comprises at least one of: an internet portal, face-to-face contact, a mobile application, or an instant messaging system.
The method of claim 1, wherein the challenge is further based on a security characteristic, the security characteristic pertaining to at least one of: a physical security event, an IP address from which an attack has previously been received, an IP address associated with a known fraudulent user, a system or network known to contain mal-ware, or a risk score associated with an IP address or network.
A computer-implemented method of fraud prediction comprising:
passively identifying a user interacting through a channel during a current session;

retrieving, from a database, a predictive behavioral profile associated with the user, wherein the predictive behavioral profile receives current user interactions with the channel and estimates a distance from prior usage patterns of the user, and wherein the predictive behavioral profile is based on clicktrail data and authentication logs;

identifying, by a computer processor, in real-time or near real-time, variations between current usage patterns of the user and the predictive behavioral profile;

calculating similarity or distance measures between the current session of the user and the predictive behavioral profile;

translating a set of the calculated similarity or distance measures into a single confidence measure;

implementing a challenge to proceed in the current session, wherein the challenge is based on a risk level of requested activities of the current session; and

when the challenge to proceed in the current session disallows the user to continue in the current session:
analyzing, by the computer processor, behavioral biometrics of the user,

comparing, by the computer processor, the behavioral biometrics of the user with one or more previous samples of the behavioral biometrics of the user, and

when the comparison of the behavioral biometrics of the user with the one or more previous samples of the behavioral biometrics of the user is within a tolerance, allowing, by the computer processor, the current session to proceed.
The computer-implemented method of claim 17, further comprising developing the predictive behavioral profile using at least one of the following: Bayesian network, statistical-based anomaly detection techniques, one or more Markov models, knowledge-based techniques, neural networks, clustering and outlier detection, demographic analysis, genetic algorithms, or fuzzy logic techniques.
A system for authenticating a user, the system comprising:
a memory; and

a processor in communication with the memory, the processor configured to execute software modules, the software modules comprising:
a channel communication module configured to engage in one or more sessions with a user via a channel;

an information gathering module configured to:
monitor user behavior during the one or more sessions; and

collect demographic data relating to the user;

a behavioral profile generation module configured to:
develop a user behavioral profile based on the user behavior, the user behavioral profile including patterns of behavior that are typical of the user, wherein the user behavioral profile is based on clicktrail data and authentication logs;

the channel communication module further configured to observe the user behavior during a session;

a variation determining module configured to determine, in near real-time, variations between the user behavior observed during the session and the user behavioral profile; and

a challenge module configured to:
implement a challenge to proceed with the session based on the variations, wherein the challenge is based on a risk level of requested activities of the session;

adapt the user behavioral profile with the user behavior from the session; and

when the challenge to proceed in the session disallows the user to continue in the session:
analyzing behavioral biometrics of the user,

comparing the behavioral biometrics of the user with one or more previous samples of the behavioral biometrics of the user, and

when the comparison of the behavioral biometrics of the user with the one or more previous samples of the behavioral biometrics of the user is within a tolerance, allowing the session to proceed.
The system of claim 19, wherein the user behavioral profile is further based on website behaviors specific to a generation of the user.