A wide variety of applications are now available for various computing platforms. Many of these applications comprise licensed software. In the past, it was not very common for one user to share an execution platform with another user. However, as the size of an execution platform has been reduced with advances in technology, it is now very common for users to share the hardware platform that is used to execute a particular application. In this sense, when an application is installed on a particular hardware platform—for example, a notebook computer, a personal organizer or a media access device—that application can be used by the borrowing user.
Not only can a borrowing user or use an application that is installed on an execution platform that the user has borrowed, the borrowing user can in many instances access digital content by using a particular application that is also installed on a borrowed hardware platform. As such, where the borrowing user has borrowed, for example, a media access device, the borrowing user can enjoy content that is owned or licensed to the user that actually owns the execution platform. Such access is becoming more and more prevalent. The concern is that a borrowing user is able to use applications or enjoy content that has been licensed to a different user, i.e. the user that loaned the execution platform to the borrowing user.
There are many ways which have already been devised for identifying a particular user before granting access to an application or to some form of digital content. The ubiquitous password is often used to identify a particular user. The problem with using a password is that the owner of the execution platform can simply provide the password to the borrowing user. Again, the borrowing user is allowed to use an application or to enjoy content that is rightfully licensed to the owner of the execution platform. Another technique for identifying a current user relies on some form of token. A token can include such items as a smart card, a card with a magnetic stripe, or a dongle that can be communicatively associated with the execution platform in order to identify a particular user. It should be appreciated that a dongle or any other token is typically associated with a valid access license and is not necessarily associated with a user. Again, a borrowing user can simply obtain the token from the owner of the execution platform.
More sophisticated means for identifying a current user rely on biometrics. The biometrics refers to the mechanics of identifying a physical characteristic for a particular user. For example, a fingerprint, a retinal pattern, vocal or facial characteristics have all been used to identify a current user. These techniques are more effective in identifying a current user because a current user simply cannot loan his personal biometrics signatures to a borrowing user. The drawback with these biometrics techniques is that they often require specialized hardware and are costly to implement.
The invention, in one aspect, features a method for authenticating the usage of an application. The method includes receiving, from a user device, request to execute a first application. The method also includes executing, on the user device, a second application in response to the request. The method also includes receiving, from the user device, an application-level usage indicator, wherein the application-level usage indicator corresponds to current operation of the second application by a user and comprises at least (i) user input commands and (ii) passive usage metrics. The method also includes determining the identity of the user-by comparing the application-level usage indicator with a pre-established user profiles wherein the user profile is associated with previous operation of the second application by the user and comprises at least (i) user input commands and (ii) passive usage metrics. The method also includes executing, at the user device, the first application if the identified user is entitled to use the first application according to the user profile.
In some embodiments, any of the above aspects can include one or more of the following features. In some embodiments, receiving an application-level usage indicator includes receiving an email application usage indicator including at least one of an email client password, a mail recipient indicator, and a mail sender indicator. In some embodiments, receiving an application-level usage indicator includes receiving an content presentation application usage indicator including at least one of an access password, a content file-open indicator, a presentation time indicator, and a content navigation indicator. In some embodiments, receiving an application-level usage indicator comprises receiving a word processing application usage indicator including at least one of a document navigation indicator, a document file-open indicator, and a document file-save indicator. In some embodiments, receiving an application-level usage indicator includes receiving a web browser application usage indicator including at least one of a web-page address indicator, and a web-page dwell indicator.
In some embodiments, executing the first application includes determining a user identity confidence level based on the comparison of the application-level usage indicator with the pre-established user profile, and executing the first application if the identified user is entitled to use the first application based on the user profile and if the user identity confidence level meets a minimum confidence level for the second application. In some embodiments, executing the first application includes determining a user identity confidence level based on the comparison of the application-level usage indicator with the pre-established user profile, and requesting additional identity information from the user if the user identity confidence level fails to meets a minimum confidence level for the second application.
In some embodiments, requesting additional identity information from the user includes requesting the user to execute a third application, receiving an application-level usage indicator corresponding to current operation of the third application by the user and comprising at least (i) user input commands and (ii) passive usage metrics, and refining the determination of the identity of the user by comparing the application-level usage indicator corresponding to current operation of the third application by the user with a pre-established user profile, wherein the user profile is associated with previous operation of the third application by the user and comprises at least (i) user input commands and (ii) passive usage metrics. In some embodiments, requesting additional identity information from the user includes requesting the user to execute a password-protected third application, receiving a password from the user upon executing the third application, and refining the determination of the identity of the user by comparing the received password with a pre-established user profile, wherein the user profile is associated with previous operation of the third application and comprises at least a predefined password.
In some embodiments, the method includes creating a user profile based on one or more application-level usage indicators received from the user device during a registration period of the application. In some embodiments, the method includes identifying the user through a login process if a predominate user of the first application has not yet been determined, receiving, from the user device, an application-level usage indicator corresponding to current operation of the first application by a user and comprising at least (i) user input commands and (ii) passive usage metrics, creating a user profile for the indentified user based on the application-level usage indicator corresponding to the current operation of the first application by the user, and determining that the identified user is the predominate user when the user profile meets a minimum confidence level for the first application.
In some embodiments, the passive usage metrics includes a length of time that the second application has been executing, a length of time that the second application has displayed a particular piece of content, a timestamp that the second application was executed, or any combination thereof.