Automatic intelligent local device fraud detection
US-9959399-B2 · May 1, 2018 · US
Methods and devices for user authorization
US11379591B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11379591-B2 |
| Application number | US-202016831826-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 27, 2020 |
| Priority date | Mar 28, 2019 |
| Publication date | Jul 5, 2022 |
| Grant date | Jul 5, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosure relates to a method (100) for assessing user authorization, the method comprising: receiving (110), via a data communication network (330), a request from a user device (300) for an access; generating (120), based on data associated with the request, a risk score indicating a risk that the request was sent by a non-authorized user, wherein the risk score indicates a high risk, a medium risk, or a low risk that the user (400) is a non-authorized user; and signaling (130), via the data communication network (330), the user device (300) a need for further information to enable a decision about the authorization of the user (400), if the risk score indicates medium risk. A further aspect relates to a method (200) for user authorization and to an electronic device (300).
First claim
Opening claim text (preview).
What is claimed is: 1. A method for assessing user authorization, the method comprising: receiving, from a user device via a data communication network, a request for an access for a user; generating, based on data associated with the request, a user risk score indicating a risk that the request was sent by a non-authorized user, wherein the user risk score indicates a high risk in a case that the user risk score is above a first threshold value, a medium risk in a case that the user risk score is below the first threshold value and above a second threshold value, or a low risk in a case that the user risk score is below the second threshold value that the user is a non-authorized user; in a case that the user risk score indicates medium risk: sending, to the user device via the data communication network, instructions to run a program to generate a device generated risk score at the user device; receiving, from the user device via the data communication network in response to sending the instructions, the device generated risk score; and assessing authorization of the user based on the device generated risk score; in a case that the user risk score indicates high risk, rejecting the request and/or generating a fraud detection signal to signal a high probability of the request being from a non-authorized user; and in a case that the user risk score indicates low risk, allowing the request. 2. The method according to claim 1 , wherein the instructions to run the program comprise an instruction to use data of the user device to generate the device generated risk score, and the data of the user device is sensitive data not to be sent from the user device. 3. The method according to claim 1 , wherein the instructions to run the program are adapted for the user device according to at least one aspect of the request resulting in the device generated risk score signaling medium risk. 4. The method according to claim 3 , wherein the instructions to run the program comprise instructions to use data of the user device relating to a geographical position, in a case that the request is received from outside of a predefined region. 5. The method according to claim 1 , wherein the instructions to run the program comprise an instruction to use data relating to information about usage of the user device. 6. The method according to claim 1 , wherein the instructions for running the program comprise an instruction to use data stored locally at the user device for generating the device generated risk score. 7. The method according to claim 1 , wherein the instructions to run the program comprise instructions in a domain specific language. 8. The method according to claim 1 , wherein in a case that the device generated risk score or a combination of the device generated risk score and the user risk score indicates medium risk, the method further comprises: sending, to the user device via the data communication network, additional instructions to run the program to generate a further device generated risk score at the user device; and receiving, from the user device via the data communication network in response to sending the additional instructions, the further device generated risk score. 9. A method for user authorization, the method comprising: sending, to an electronic device via a data communication network, a request for an access for a user; receiving, from the electronic device via the data communication network in a case that a user risk score indicates medium risk, instructions to run a program to generate the user risk score, wherein the generating is based on data associated with the request, and the user risk score indicating a high risk in a case that the user risk score is above a first threshold value, indicating a medium risk in a case that the user risk score is below the first threshold value and above a second threshold value, or indicating a low risk in a case that the user risk score is below the second threshold value that the user is a non-authorized user; running the program, in response to receiving the instructions, to generate a device generated risk score indicating a risk that the request was sent by a non-authorized user; sending, via the data communication network, the device generated risk score; receiving, from the electronic device via the data communication network in a case that the user risk score indicates high risk, a first indication that the request is rejected; and receiving, from the electronic device via the data communication network in a case that the user risk score indicates low risk, a second indication that the request is allowed. 10. The method according to claim 9 , wherein the device generated risk score is sent without sending data used to generate the device generated risk score. 11. The method according to claim 9 , wherein data used to generate the device generated risk score relates to information about usage of a user device. 12. An electronic device, comprising: a transceiver configured to transmit data to another electronic device and receive data from the another electronic device, via a data communication network; and processing circuitry configured to receive, from the another electronic device via the data communication network, a request for an access for a user; generate, based on data associated with the request, a user risk score indicating a risk that the request was sent by a non-authorized user, wherein the user risk score indicates a high risk in a case that the user risk score is above a first threshold value, a medium risk in a case that the user risk scare is below the first threshold value and above a second threshold value, or a low risk in a case that the user risk score is below the second threshold value that the user is a non-authorized user; in a case that the user risk score indicates medium risk: send, to the another electronic device via the data communication network, instructions to run a program to generate a device generated risk score at the another electronic device; receive, from the another electronic device via the data communication network in response to sending the instructions, the device generated risk score from the another electronic device; and assess authorization of the user based on the device generated risk score; in a case that the user risk score indicates high risk, reject the request and/or generate a fraud detection signal to signal a high probability of the request being from a non-authorized user; and in a case that the user risk score indicates low risk, allow the request.
Assignees
Inventors
Classifications
- H04W4/021Primary
Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences · CPC title
Program or device authentication · CPC title
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
involving the use of external additional devices, e.g. dongles or smart cards · CPC title
involving the movement of software or configuration parameters (network booting or remote initial program loading [RIPL] G06F9/4416) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11379591B2 cover?
- The disclosure relates to a method (100) for assessing user authorization, the method comprising: receiving (110), via a data communication network (330), a request from a user device (300) for an access; generating (120), based on data associated with the request, a risk score indicating a risk that the request was sent by a non-authorized user, wherein the risk score indicates a high risk, a …
- Who is the assignee on this patent?
- Sony Corp
- What technology area does this patent fall under?
- Primary CPC classification H04W4/021. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 05 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).