Electronic device theft self-detection and locking
US-9220011-B1 · Dec 22, 2015 · US
Machine-learning behavioral analysis to detect device theft and unauthorized device usage
US9536072B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9536072-B2 |
| Application number | US-201514682838-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 9, 2015 |
| Priority date | Apr 9, 2015 |
| Publication date | Jan 3, 2017 |
| Grant date | Jan 3, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosure relates to machine-learning behavioral analysis to detect device theft and unauthorized device usage. In particular, during a training phase, an electronic device may generate a local user profile that represents observed user-specific behaviors according to a centroid sequence, wherein the local user profile may be classified into a baseline profile model that represents aggregate behaviors associated with various users over time. Accordingly, during an authentication phase, the electronic device may generate a current user profile model comprising a centroid sequence re-expressing user-specific behaviors observed over an authentication interval, wherein the current user profile model may be compared to plural baseline profile models to identify the baseline profile model closest to the current user profile model. As such, an operator change may be detected where the baseline profile model closest to the current user profile model differs from the baseline profile model in which the electronic device has membership.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for detecting unauthorized electronic device usage, comprising: generating one or more training feature vectors that represent one or more user-specific behaviors observed on an electronic device over a predefined training period L; generating a local user profile model from the one or more training feature vectors, wherein the local user profile model re-expresses the one or more user-specific behaviors observed over the predefined training period L according to K centroids that indicate a temporal context associated therewith; transmitting, by the electronic device, the local user profile model to a server, wherein the server is configured to execute a clustering algorithm on the local user profile model transmitted from the electronic device and local user profile models transmitted from one or more other electronic devices to create plural baseline profile models; receiving, from the server, the plural baseline profile models and information indicating one of the plural baseline profile models in which the electronic device has membership; generating one or more feature vectors representing a temporal context associated with one or more user-specific behaviors observed on the electronic device, wherein the user-specific behaviors are observed from sensor data acquired on the electronic device; generating a current user profile model from the one or more feature vectors, wherein the current user profile model comprises a centroid sequence that re-expresses the temporal context associated with the one or more user-specific behaviors and a data grammar that defines one or more rules to represent patterns in the centroid sequence; comparing the current user profile model generated from the one or more feature vectors to the plural baseline profile models stored at the electronic device to identify one of the plural baseline profile models closest to the current user profile model; and detecting an operator change at the electronic device in response to determining that the baseline profile model closest to the current user profile model differs from the baseline profile model in which the electronic device has membership. 2. The method recited in claim 1 , wherein the server is further configured to classify the local user profile model transmitted from the electronic device into one of the plural baseline profile models closest to the local user profile model, wherein the baseline profile model in which the electronic device has membership corresponds to the baseline profile model closest to the local user profile model. 3. The method recited in claim 1 , wherein the one or more user-specific behaviors used to generate the current user profile model are observed over an authentication period M that is substantially shorter than the predefined training period L. 4. The method recited in claim 1 , wherein the plural baseline profile models created at the server comprise K baseline profile models. 5. The method recited in claim 1 , wherein the server is further configured to track the membership associated with the electronic device over time to maintain an anonymous user behavior profile associated with the electronic device. 6. The method recited in claim 1 , wherein comparing the current user profile model to the plural baseline profile models comprises: calculating one or more metrics that define a distance from the current user profile model to each baseline profile model to quantify a similarity between the data grammar associated with the current user profile model and each baseline profile model; and identifying one of the plural baseline profile models having a smallest distance from the current user profile model, wherein the identified baseline profile model corresponds to the baseline profile model closest to the current user profile model. 7. The method recited in claim 6 , wherein the one or more calculated metrics comprise at least one metric that quantifies the similarity between the data grammar associated with the current user profile model and each baseline profile model according to a global comparison between the one or more rules defined in the data grammar associated with the current user profile model and each baseline profile model. 8. The method recited in claim 6 , wherein the one or more calculated metrics comprise at least one metric that quantifies the similarity between the data grammar associated with the current user profile model and each baseline profile model according to a content-based comparison between one or more individual rules in the data grammar associated with the current user profile model and each baseline profile model. 9. The method recited in claim 1 , further comprising: authenticating a current operator associated with the electronic device in response to determining that the baseline profile model closest to the current user profile model matches the baseline profile model in which the electronic device has membership. 10. The method recited in claim 1 , further comprising: triggering one or more of a recovery action or a protective action in response to detecting the operator change. 11. The method recited in claim 1 , wherein the electronic device has at least one of an accelerometer, a gyroscope, or a touchscreen configured to acquire the sensor data. 12. The method recited in claim 1 , wherein the one or more user-specific behaviors include at least one of pulling the electronic device from a pocket, motion of the electronic device when walking, unlocking the electronic device, entering data into the electronic device, or answering a call received at the electronic device. 13. A method for detecting unauthorized electronic device usage, comprising: storing plural baseline profile models at an electronic device, wherein the electronic device has membership in one of the plural baseline profile models; generating one or more feature vectors representing a temporal context associated with one or more user-specific behaviors observed on the electronic device, wherein the one or more user-specific behaviors are observed from sensor data acquired on the electronic device; generating a current user profile model from the one or more feature vectors, wherein the current user profile model represents one or more patterns in the temporal context associated with the one or more user-specific behaviors; comparing the current user profile model generated from the one or more feature vectors to the plural baseline profile models stored at the electronic device to identify one of the plural baseline profile models closest to the current user profile model; detecting an operator change at the electronic device in response to determining that the baseline profile model closest to the current user profile model differs from the baseline profile model in which the electronic device has membership; comparing the current user profile model to one or more authorized user profile models stored on the electronic device in response to the detected operator change; and generating a notification indicating that a current operator is authorized to use the electronic device in response to determining that a distance from the current user profile model to at least one of the authorized user profile models is under a threshold value. 14. The method recited in claim 13 , further comprising: triggering one or more of a recovery action or a protective action in response to determining that the distance from the current user profile model to each authorized user profile is above the threshold value. 15. An electronic device, comprising: means for gen
Assignees
Inventors
Classifications
Distances to cluster centroïds · CPC title
with fixed number of clusters, e.g. K-means clustering · CPC title
Syntactic representation, e.g. by using alphabets or grammars · CPC title
- G06F21/316Primary
by observing the pattern of computer usage, e.g. typical user behaviour · CPC title
Detecting or preventing theft or loss · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9536072B2 cover?
- The disclosure relates to machine-learning behavioral analysis to detect device theft and unauthorized device usage. In particular, during a training phase, an electronic device may generate a local user profile that represents observed user-specific behaviors according to a centroid sequence, wherein the local user profile may be classified into a baseline profile model that represents aggrega…
- Who is the assignee on this patent?
- Qualcomm Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/316. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 03 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).