Apparatuses, methods, and computer program products for programmatically parsing, classifying, and labeling data objects
US-2022207163-A1 · Jun 30, 2022 · US
Utilizing contact information for device risk assessment
US11941129B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11941129-B2 |
| Application number | US-202117218368-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 31, 2021 |
| Priority date | Mar 31, 2021 |
| Publication date | Mar 26, 2024 |
| Grant date | Mar 26, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments disclosed are directed to a computing system that performs steps to perform enhanced device fingerprinting using user contacts data. The computing system receives, from an application, a first plurality of device attributes identifying a client device on which the application is being used. The first plurality of device attributes includes first device identification data and first user contacts data. Subsequently, when a user is attempting to perform a transaction using the application on the client device, the computing system receives, from the application, a second plurality of device attributes identifying the client device on which the application is being used. The second plurality of device attributes includes second device identification data and second user contacts data. The computing system compares the second plurality of device attributes to the first plurality of device attributes to determine whether the user is authorized to perform the transaction.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for device fingerprinting, the computer-implemented method comprising: receiving, at a first time by one or more computing devices and from an application, a first plurality of device attributes identifying a client device on which the application is being used, wherein the first plurality of device attributes comprises first device identification data and a total number of contacts in a first user's contact list; receiving, at a second time by the one or more computing devices and from the application, an indication that a user is attempting to perform a transaction using the application on the client device; requesting, by the one or more computing devices and in response to receiving the indication, a second plurality of device attributes identifying the client device on which the application is being used, wherein the second plurality of device attributes is different than the first plurality of device attributes and comprises second device identification data and a total number of contacts in a second user's contact list; receiving, by the one or more computing devices and in response to requesting the second plurality of device attributes, the second plurality of device attributes; comparing, by the one or more computing devices, the second plurality of device attributes to the first plurality of device attributes; and determining, by the one or more computing devices and based on the comparing the second plurality of device attributes to the first plurality of device attributes, a device risk score indicating whether the user is authorized to perform the transaction using the application. 2. The computer-implemented method of claim 1 , further comprising: determining, by the one or more computing devices, that the device risk score is equal to or greater than a maximum device risk score threshold value; and preventing, by the one or more computing devices and in response to determining that the device risk score is equal to or greater than the maximum device risk score threshold value, the user from performing the transaction using the application. 3. The computer-implemented method of claim 1 , further comprising: determining, by the one or more computing devices, that the device risk score is less than a maximum device risk score threshold value and equal to or greater than a minimum device risk score threshold value; and performing, by the one or more computing devices and in response to determining that the device risk score is less than the maximum device risk score threshold value and equal to or greater than the minimum device risk score threshold value, a supplemental authentication technique to determine whether the user is authorized to perform the transaction using the application. 4. The computer-implemented method of claim 1 , further comprising: determining, by the one or more computing devices, that the device risk score is less than a minimum device risk score threshold value; and authorizing, by the one or more computing devices and in response to determining that the device risk score is less than the minimum device risk score threshold value, the user to perform the transaction using the application. 5. The computer-implemented method of claim 1 , wherein: the application is a first application; the client device is a first client device; the indication is a first indication; the transaction is a first transaction; the device risk score is a first device risk score; and the computer-implemented method further comprises: receiving, at a third time by the one or more computing devices and from a second application, a second indication that the user is attempting to perform a second transaction using the second application on a second client device; requesting, by the one or more computing devices and in response to receiving the second indication, a third plurality of device attributes identifying the second client device on which the second application is being used, wherein the third plurality of device attributes is different than the first plurality of device attributes and comprises third device identification data and third user contacts data; receiving, by the one or more computing devices and in response to requesting the third plurality of device attributes, the third plurality of device attributes; comparing, by the one or more computing devices, the third plurality of device attributes to the first plurality of device attributes; and determining, by the one or more computing devices and based on the comparing the third plurality of device attributes to the first plurality of device attributes, a second device risk score indicating whether the user is authorized to perform the second transaction using the second application. 6. A non-transitory computer readable medium including instructions for causing a processor to perform operations for device fingerprinting, the operations comprising: receiving, at a first time and from an application, a first plurality of device attributes identifying a client device on which the application is being used, wherein the first plurality of device attributes comprises first device identification data and a total number of contacts in a first user's contact list; receiving, at a second time and from the application, an indication that a user is attempting to perform a transaction using the application on the client device; requesting, in response to receiving the indication, a second plurality of device attributes identifying the client device on which the application is being used, wherein the second plurality of device attributes is different than the first plurality of device attributes and comprises second device identification data and a total number of contacts in a second user's contact list; receiving, in response to requesting the second plurality of device attributes, the second plurality of device attributes; comparing the second plurality of device attributes to the first plurality of device attributes; and determining, based on the comparing the second plurality of device attributes to the first plurality of device attributes, a device risk score indicating whether the user is authorized to perform the transaction using the application. 7. The non-transitory computer readable medium of claim 6 , wherein the operations further comprise: determining that the device risk score is equal to or greater than a maximum device risk score threshold value; and preventing, in response to determining that the device risk score is equal to or greater than the maximum device risk score threshold value, the user from performing the transaction using the application. 8. The non-transitory computer readable medium of claim 6 , wherein the operations further comprise: determining that the device risk score is less than a maximum device risk score threshold value and equal to or greater than a minimum device risk score threshold value; and performing, in response to determining that the device risk score is less than the maximum device risk score threshold value and equal to or greater than the minimum device risk score threshold value, a supplemental authentication technique to determine whether the user is authorized to perform the transaction using the application. 9. The non-transitory computer readable medium of claim 6 , wherein the operations further comprise: determining that the device risk score is less than a minimum device risk score threshold value; and authorizing, in response to determining that the device risk score is less than the minimum device risk score threshold value, the user to perform the transaction using the application. 10. The non
Assignees
Inventors
Classifications
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
User authentication · CPC title
Program or device authentication · CPC title
Structures or tools for the administration of authentication · CPC title
to features or functions of an application · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11941129B2 cover?
- Embodiments disclosed are directed to a computing system that performs steps to perform enhanced device fingerprinting using user contacts data. The computing system receives, from an application, a first plurality of device attributes identifying a client device on which the application is being used. The first plurality of device attributes includes first device identification data and first …
- Who is the assignee on this patent?
- Capital One Services Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 26 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).