What technology area does this patent fall under?

Primary CPC classification G06F21/316. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue May 01 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Automatic intelligent local device fraud detection

US9959399B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9959399-B2
Application number	US-201514598420-A
Country	US
Kind code	B2
Filing date	Jan 16, 2015
Priority date	Jan 16, 2015
Publication date	May 1, 2018
Grant date	May 1, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Methods, systems, computer-readable media, and apparatuses may provide a mobile device with the ability to locally detect fraudulent activity by an unauthorized user. A mobile device may include a fraud detection module that may build a historical usage pattern of a user of the mobile device. The fraud detection module may monitor usage of the mobile device for multiple parameters and record events pertaining to the parameters. Periodically or in response to each event, the fraud detection module may compute a current usage pattern using each of the current parameter values. The fraud detection module may compare the current usage pattern with the historical usage pattern and may use the comparison result to compute a confidence score. The fraud detection module may then compare the confidence score with a preset confidence score to determine whether fraudulent activity is occurring at the mobile device.

First claim

Opening claim text (preview).

I claim: 1. An apparatus comprising: a communication transceiver; a hardware processor; and a computer readable medium storing instructions that, when executed by the hardware processor, cause the apparatus to: store a plurality of usage parameters associated with the apparatus, wherein the plurality of usage parameters includes an app usage parameter, a location parameter, and an in-app use parameter; store a first signature including a first set of parameter values for the plurality of usage parameters based on a first set of user inputs; generate a second signature including a second set of parameter values for the plurality of usage parameters based on a second set of user inputs; compare the second signature with the first signature to determine a signature difference value representative of a difference between the first signature and the second signature; compute an average signature difference value over a plurality of past signature difference values associated with usage of the apparatus; generate a confidence score for the second signature based at least on a ratio of the signature difference value to the average signature difference value; if the confidence score is greater than a preset maximum score threshold, identify the second set of user inputs as being fraudulent; and in response to determining that the communication transceiver is in an inactive state, activate the communication transceiver without alerting a user of the apparatus and establish a communication link with a remote server; and if the confidence score is less than or equal to the preset maximum score threshold, identify the second set of user inputs as being not fraudulent and update the average signature difference value based on the signature difference value. 2. The apparatus of claim 1 , wherein the computer readable medium stores instructions that, when executed by the hardware processor, further cause the apparatus to: if the confidence score is greater than the preset maximum score threshold, prevent access to one or more functions of the apparatus by the user; receive, from a remote computing device, an acknowledgement indicating that the user is an authorized user of the apparatus; and in response to the receiving, permit access to the one or more functions of the apparatus by the user. 3. The apparatus of claim 1 , wherein the computer readable medium stores instructions that, when executed by the hardware processor, further cause the apparatus to: if the confidence score is less than or equal to the preset maximum score threshold, update the first signature based on the second signature. 4. The apparatus of claim 3 , wherein the computer readable medium stores instructions that, when executed by the hardware processor, further cause the apparatus to: generate a third signature including a third set of parameter values for the plurality of usage parameters based on a third set of user inputs; compare the third signature with the updated first signature; generate a different signature difference value based on the comparing of the third signature with the updated first signature; generate a different confidence score for the third signature based on a ratio of the different signature difference value to the updated average signature difference value; in response to a determination that the different confidence score is greater than the preset maximum score threshold, identify the third set of user inputs as being fraudulent; and in response to a determination that the different confidence score is less than or equal to the preset maximum score threshold, update the updated first signature based on the third signature; and update the updated average signature difference value based on the different signature difference value. 5. The apparatus of claim 1 , wherein the computer readable medium stores instructions that, when executed by the hardware processor, further cause the apparatus to: generate a first set of signatures for the plurality of usage parameters; and appending each signature of the first set of signatures to generate the second signature. 6. The apparatus of claim 1 , wherein the app usage parameter is a parameter for a number to times each app installed at the apparatus is opened or accessed by a user or an application; wherein the location parameter is a parameter for a distance between a current geographic location of the apparatus and a previous geographic location of the apparatus; and wherein the in-app use parameter is a parameter for a number of emails opened or accessed by the user. 7. An apparatus comprising: a communication transceiver; a hardware processor; and a computer readable medium storing instructions that, when executed by the hardware processor, cause the apparatus to: generate a first signature representative of a historical usage pattern of the apparatus by an authorized user based on a first set of parameter values; receive, via one or more input interfaces, one or more inputs from a user; generate a second set of parameters values based at least in part on the one or more inputs of the user; generate a second signature representative of a usage pattern of the apparatus by the user based on the second set of parameter values, wherein a plurality of parameters is associated with the first set of parameter values and the second set of parameter values; determine a signature difference value representative of a difference between the first signature and the second signature; compute an average signature difference value over a plurality of past signature difference values associated with usage of the apparatus; generate a confidence score for the second signature based at least on a ratio of the signature difference value to the average signature difference value; if the confidence score is greater than a preset maximum score threshold, identify the user as being an unauthorized user; and in response to determining that the communication transceiver is in an inactive state, activate the communication transceiver without alerting the user of the apparatus and establish a communication link with a remote server; and if the confidence score is less than or equal to the preset maximum score threshold, identify the user as the authorized user and update the average signature difference value based on the signature difference value. 8. The apparatus of claim 7 , wherein the computer readable medium stores instructions that, when executed by the hardware processor, further cause the apparatus to: if the user is the unauthorized user, prevent access to one or more functions of the apparatus by the user. 9. The apparatus of claim 7 , wherein the computer readable medium stores instructions that, when executed by the hardware processor, further cause the apparatus to: if the user is the authorized user, update the first signature based on the second signature using an exponentially weighted moving average. 10. The apparatus of claim 7 , wherein the signature difference value is a Euclidean distance between the first signature and the second signature, and wherein the average signature difference value is an average Euclidean distance. 11. The apparatus of claim 7 , wherein the computer readable medium stores instructions that, when executed by the hardware processor, further cause the apparatus to: determine a plurality of signatures, wherein each signature is based on a parameter of the plurality of parameters; and append the plurality of signatures to generate the second signature. 12. The apparatus of claim 7 , wherein the computer readable medium stores instructions that, when exe

Assignees

Citrix Systems Inc

Inventors

Su Jiawen

Classifications

G06F21/88
Detecting or preventing theft or loss · CPC title
G06F21/552
involving long-term monitoring or reporting · CPC title
H04W12/12
Detection or prevention of fraud · CPC title
G06F21/316Primary
by observing the pattern of computer usage, e.g. typical user behaviour · CPC title
H04L63/10
for controlling access to devices or network resources · CPC title

Patent family

Related publications grouped by family.

View patent family 56406189

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9959399B2 cover?: Methods, systems, computer-readable media, and apparatuses may provide a mobile device with the ability to locally detect fraudulent activity by an unauthorized user. A mobile device may include a fraud detection module that may build a historical usage pattern of a user of the mobile device. The fraud detection module may monitor usage of the mobile device for multiple parameters and record ev…
Who is the assignee on this patent?: Citrix Systems Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/316. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue May 01 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).