US 12,314,360 B2
Supervised learning system for identity compromise risk computation
Sayed Hassan Abdelaziz, Redmond, WA (US); Maria Puertas Calvo, Seattle, WA (US); Laurentiu Bogdan Cristofor, Redmond, WA (US); and Rajat Luthra, Redmond, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Dec. 18, 2023, as Appl. No. 18/543,897.
Application 18/543,897 is a continuation of application No. 16/165,255, filed on Oct. 19, 2018, granted, now 11,899,763.
Claims priority of provisional application 62/732,470, filed on Sep. 17, 2018.
Prior Publication US 2024/0119129 A1, Apr. 11, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/00 (2022.01); G06F 21/31 (2013.01); G06N 20/00 (2019.01); H04L 9/40 (2022.01)
CPC G06F 21/316 (2013.01) [G06N 20/00 (2019.01); H04L 63/102 (2013.01); H04L 63/105 (2013.01); H04L 63/1441 (2013.01); H04L 63/308 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer system that facilitates recall utility for identity risk scores, said computer system comprising:
one or more processors; and
one or more computer-readable hardware storage devices that store instructions that are executable by the one or more processors to cause the computer system to:
access data associated with a set of sign-in events corresponding to an entity;
based on the data, identify a set of sign-in detectors, wherein the set of sign-in detectors includes one or more sign-in detectors for each sign-in event in the set of sign-in events;
generate a set of quantified risk levels based on the set of sign-in detectors by applying a group of one or more machine learning tools to the set of sign-in detectors;
generate an identity risk score for the entity, wherein generating the identity risk score is based on the set of quantified risk levels;
use the identity risk score to update data used to train a machine learning tool selected from the group of one or more machine learning tools;
based on the updated data, further tune the machine learning tool, resulting in at least one machine learning tool in the group of one or more machine learning tools being further trained;
iteratively update the identity risk score for the entity or generate a new identity risk score for the entity by reapplying the group of one or more machine learning tools to generate a new set of quantified risk levels;
in response to iteratively updating the identity risk score for the entity or in response to generating the new identity risk score for the entity, modify a second identity risk score for a second entity, wherein modifying the second identity risk score is performed independently to new sign-in data being received for the second entity such that a modification to the identity risk score impacts the second identity risk score;
detect a request from the entity, which corresponds to a new sign-in event;
identify the new identity risk score corresponding to the entity; and
in response to determining the new identity risk score exceeds a predetermined threshold, trigger a remedial action to the request, or alternatively, in response to determining the new identity risk score falls below the predetermined threshold, grant the request.