US 11,790,062 B2
Processing authentication requests to secured information systems based on machine-learned user behavior profiles
Michael E. Toth, Charlotte, NC (US); Hitesh Shah, Seattle, WA (US); and Xianhong Zhang, Seattle, WA (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Oct. 11, 2021, as Appl. No. 17/498,317.
Application 17/498,317 is a continuation of application No. 16/210,010, filed on Dec. 5, 2018, granted, now 11,176,230.
Prior Publication US 2022/0027441 A1, Jan. 27, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/31 (2013.01); G06F 21/62 (2013.01); G06N 20/00 (2019.01); H04L 67/306 (2022.01); H04L 67/50 (2022.01)
CPC G06F 21/316 (2013.01) [G06F 21/6218 (2013.01); G06N 20/00 (2019.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); G06F 2221/2141 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computing platform, comprising:
at least one processor;
a communication interface communicatively coupled to the at least one processor; and
memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
receive, via the communication interface, from an account portal computing platform, a first authentication request corresponding to a request for a first user of a first client computing device to access one or more secured information resources associated with a first user account in a first client portal session;
based on receiving the first authentication request from the account portal computing platform, capture one or more parameters associated with the first client computing device;
evaluate the one or more parameters associated with the first client computing device using a first profile associated with the first user account to determine a first deviation score;
based on the first deviation score, select a first authentication action from a plurality of pre-defined authentication actions;
generate, based on the first authentication action selected from the plurality of pre-defined authentication actions, one or more commands directing the account portal computing platform to allow access, conditionally allow access, or prevent access to the one or more secured information resources associated with the first user account in the first client portal session; and
send, via the communication interface, to the account portal computing platform, the one or more commands directing the account portal computing platform to allow access, conditionally allow access, or prevent access to the one or more secured information resources associated with the first user account in the first client portal session,
wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
prior to receiving the first authentication request from the account portal computing platform:
capture first interaction data associated with the first user using the first client computing device to access the one or more secured information resources associated with the first user account;
log the first interaction data in a client authentication database;
capture second interaction data associated with the first user using a second client computing device to access the one or more secured information resources associated with the first user account;
log the second interaction data in the client authentication database;
build the first profile associated with the first user account based on the first interaction data and the second interaction data; and
store the first profile associated with the first user account in the client authentication database.