US2007240230A1PendingUtilityA1

User-browser interaction analysis authentication system

49
Assignee: O'CONNELL BRIAN MPriority: Apr 10, 2006Filed: Apr 10, 2006Published: Oct 11, 2007
Est. expiryApr 10, 2026(expired)· nominal 20-yr term from priority
G06F 21/55
49
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Systems, methods and media for authenticating a user based on user-browser interaction are disclosed. Embodiments of a method may include, during an e-commerce session with a user, receiving a request for an action from the user and determining whether the requested action requires additional authentication. Embodiments may also include requesting analysis of user-browser interaction for the session, receiving a pattern matching score for the session, and performing an action based on the pattern matching score and the requested action. The pattern matching score may provide an indication of a comparison between the user's interaction with a browser during the session and a user-browser interaction profile for the user. The performed action may include completing an e-commerce transaction, accessing or modifying information, changing a password, requesting additional information, denying the requested action, or other action. Further embodiments may provide for authenticating the user with a first-level authentication.

Claims

exact text as granted — not AI-modified
1 . A method for authenticating a user during an Internet commerce session, the method comprising: 
 during an e-commerce session with a user, receiving a request for an action from the user;    determining whether the requested action requires additional authentication;    in response to determining that the requested action requires additional authentication, requesting analysis of user-browser interaction for the session;    receiving a pattern matching score for the session, the pattern matching score providing an indication of a comparison between the user's interaction with a browser during the session and a user-browser interaction profile for the user; and    performing an action based on the pattern matching score and the requested action.    
   
   
       2 . The method of  claim 1 , further comprising establishing the e-commerce session with the user.  
   
   
       3 . The method of  claim 1 , further comprising authenticating the user with a first-level authentication.  
   
   
       4 . The method of  claim 1 , further comprising before performing the action based on the pattern matching score and the requested action, analyzing the pattern matching score.  
   
   
       5 . The method of  claim 1 , wherein receiving the pattern matching score for the session comprises determining the pattern matching score for the session.  
   
   
       6 . The method of  claim 5 , wherein determining the pattern matching score for the session comprises determining user-browser interaction data associated with the session and comparing the user-browser interaction data to determined patterns in previous interaction data.  
   
   
       7 . The method of  claim 1 , wherein the requested action comprises one or more of completion of an e-commerce transaction, access to restricted information, modification of user information, or change to a password.  
   
   
       8 . The method of  claim 1 , wherein performing the action based on the pattern matching score and the requested action comprises one or more of completing an e-commerce transaction, accessing restricted information, modifying user information, changing a password for the user, requesting additional information, or denying the requested action.  
   
   
       9 . A machine-accessible medium containing instructions effective, when executing in a data processing system, to cause said data processing system to perform operations comprising: 
 during an e-commerce session with a user, receiving a request for an action from the user;    determining whether the requested action requires additional authentication;    in response to determining that the requested action requires additional authentication, requesting analysis of user-browser interaction for the session;    receiving a pattern matching score for the session, the pattern matching score providing an indication of a comparison between the user's interaction with a browser during the session and a user-browser interaction profile for the user; and    performing an action based on the pattern matching score and the requested action.    
   
   
       10 . The machine-accessible medium of  claim 9 , further comprising establishing the e-commerce session with the user.  
   
   
       11 . The machine-accessible medium of  claim 9 , further comprising authenticating the user with a first-level authentication.  
   
   
       12 . The machine-accessible medium of  claim 9 , further comprising before performing the action based on the pattern matching score and the requested action, analyzing the pattern matching score.  
   
   
       13 . The machine-accessible medium of  claim 9 , wherein the requested action comprises one or more of completion of an e-commerce transaction, access to restricted information, modification of user information, or change to a password.  
   
   
       14 . The machine-accessible medium of  claim 9 , wherein performing the action based on the pattern matching score and the requested action comprises one or more of completing an e-commerce transaction, accessing restricted information, modifying user information, changing a password for the user, requesting additional information, or denying the requested action.  
   
   
       15 . An e-commerce authentication system, the system comprising: 
 an application server in communication with an incoming interaction server and a pattern matching server, the application server comprising: 
 an e-commerce application to establish a session with a user of a client computer system to determine that additional authentication is required in response to a request by the user for an action;  
 a pattern matching requester in communication with the e-commerce application to request analysis of user-browser interaction for the established session and to receive a pattern matching score for the established session; and  
 wherein the e-commerce application is adapted to perform an action based on the pattern matching score for the established session and the requested action.  
   
   
   
       16 . The system of  claim 15 , further comprising: 
 an incoming interaction server in communication with the application server, the incoming interaction server comprising: 
 a session data listener to receive user-browser interaction data from one or more client computer systems;  
 an interaction data manager to associate received user-browser interaction data with a user login; and  
 an interaction database interface to store the user-browser interaction and associated information in a user-browser interaction database.  
   
   
   
       17 . The system of  claim 15 , wherein the interaction data manager further comprises a profile matcher to match the received user-browser interaction data and user login with a user-browser interaction profile associated with the user.  
   
   
       18 . The system of  claim 15 , further comprising: 
 a pattern matching server in communication with the application server, the pattern matching server comprising: 
 an application server interface to receive a request for a pattern matching score for a session from the application server and to transmit a determined pattern matching score to the application server;  
 an interaction database interface to access stored user-browser interaction data; and  
 an interaction data analyzer to analyze the stored user-browser interaction data associated with the session for patterns and to compare the determined patterns to user-browser interaction data associated with the session to determine a pattern matching score for the session.  
   
   
   
       19 . The system of  claim 15 , further comprising a user-browser interaction database to store user-browser interaction data and associated information.  
   
   
       20 . The system of  claim 15 , further comprising a client computer system having a browser to receive input from a user.  
   
   
       21 . A method for processing user-browser interaction data for an e-commerce session, the method comprising: 
 during an e-commerce session with a user, receiving user-browser interaction data from a client computer system;    associating the received user-browser interaction data with a user login for the session; and    storing the user-browser interaction data and associated information in a user-browser interaction database, the associated information comprising an indication of the user login for the session.    
   
   
       22 . The method of  claim 21 , wherein associating the received user-browser interaction data with the user login for the session comprises matching the received user-browser interaction data with a user-browser interaction profile associated with the user.  
   
   
       23 . A method for determining a pattern matching score for an e-commerce session, the method comprising: 
 determining user-browser interaction data associated with a current session;    accessing user-browser interaction data associated with previous sessions for a user associated with the current session;    analyzing the previous session user-browser interaction data to determine patterns in the user-browser interaction data; and    determining a pattern matching score for the current session.    
   
   
       24 . The method of  claim 23 , further comprising before determining the user-browser interaction data associated with a current session, receiving a request to analyze user-browser interaction data for a session.  
   
   
       25 . The method of  claim 23 , further comprising transmitting the determined pattern matching score.  
   
   
       26 . The method of  claim 23 , wherein determining user-browser interaction data associated with the current session comprises determining user-browser interaction data associated with a user-browser interaction profile associated with the current session.  
   
   
       27 . The method of  claim 23 , wherein determining a pattern matching score for the session comprises comparing user-browser interaction data for the current session with the determined patterns.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.