公开(公告)号：US20190236249A1

公开(公告)日：2019-08-01

申请号：US15884993

申请日：2018-01-31

Applicant: Citrix Systems, Inc.

Inventor： Chris Pavlou ,  Georgios Oikonomou ,  Harold Teramoto

IPC: G06F21/31 ,  G06F15/18 ,  G06F21/55 ,  G06F17/30

CPC classification number: G06F21/316 ,  G06F16/24578 ,  G06F17/11 ,  G06F21/552 ,  G06N20/00

Abstract: Systems and methods for authenticating a user through behavioral analysis. The methods comprise: collecting observation data specifying an observed behavior of the user while interacting with a computing device; obtaining a confidence value reflecting a degree of confidence that the user is an authorized or unauthorized user of the computing device (where the confidence value is determined based on the observation data and a machine learning model trained with a known behavior pattern of the authorized user); using at least the confidence value and the observed behavior's amount of deviation from a normal behavior pattern to derive a risk level score value for a user account to which the computing device is associated; comparing the risk level score value to a threshold value; and performing at least one action to protect user account security when the threshold value is equal to or greater than the threshold value.

公开(公告)号：US20160337346A1

公开(公告)日：2016-11-17

申请号：US15150558

申请日：2016-05-10

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Chris Pavlou ,  Ola Nordstrom ,  Christopher Wade

IPC: H04L29/06 ,  H04W12/06 ,  G06F21/34

CPC classification number: H04L63/0853 ,  G06F21/34 ,  G06F21/41 ,  G06F21/83 ,  G06F2221/2139 ,  H04L9/0825 ,  H04L9/3247 ,  H04L63/0272 ,  H04L63/0815 ,  H04L63/0846 ,  H04L63/0884 ,  H04W12/06

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving a request from a user to access one or more resources via a first device. In response to receiving the request to access the one or more resources, the first device may send, e.g., to a second device, a request for user input of a credential at the second device. The first device may receive a credential from the second device, and the first device may authenticate the user based on the received credential. Additionally or alternatively, the second device may authenticate the user based on an input of a user credential, and the second device may send an indication of a successful authentication to the first device.

Abstract translation: 这里描述了用于认证通过设备访问一个或多个资源的用户的方法和系统。 认证可以基于或以其他方式依赖于多个设备。 例如，本文描述的方面针对用于从用户接收经由第一设备访问一个或多个资源的请求的系统和方法。 响应于接收到访问一个或多个资源的请求，第一设备可以例如向第二设备发送用户在第二设备处输入凭证的请求。 第一设备可以从第二设备接收凭证，并且第一设备可以基于所接收的凭证认证用户。 另外或替代地，第二设备可以基于用户凭证的输入来认证用户，并且第二设备可以向第一设备发送成功认证的指示。