These days, a typical user of an electronic device has access to a plurality of applications, each of the plurality of applications being designed to help the user to solve a particular user-problem. For example, an e-mail application is designed to enable a user to send and receive electronic messages, either for work or pleasure purposes. A web browser allows the user to browse the Internet for resources that may be responsive to user queries, again, both for work-related and personal-related matters.
A typical service provider provides a number of electronic user-services, such as an e-mail service, a cloud storage service, a scheduling service, a movie download service and the like.
The user has access to a number of electronic devices (be it a desktop computer, a laptop computer, a wireless communication device, a smart TV or the like). Most of these electronic devices are connected to the Internet to help the user to solve one or more of user problems by accessing the Internet and finding resources that were created to help the user to solve her problems. Unfortunately, some malicious individuals can take advantage of such wide-spread proliferation of electronic devices coupled to the Internet to satisfy their malicious intents.
For example, some of such malicious individuals and organizations can “hack into” various user accounts and use them, for example, to access confidential user data, to bulk send unwanted e-mails (also known as SPAM), etc.
There are various techniques that are configured to prevent unauthorized access to a user account. One of such techniques may include generating a user profile having a user environment (user interaction parameters), which can be used by a user to access the service. Examples of the user interaction parameters may include geo-location data, IP-address, a browser, an operation system and others. If the user is trying to access the service with the unusual user interaction parameter, for example, from the location that differs from the one in the user profile, the service suggests the user to pass an additional verification. For example, the verification action can include: entering the phone number or answering another verification question or, for example, sending a message to the phone number and entering a verification code from the message to access the service.
U.S. Pat. No. 8,621,586 (published Dec. 31, 2013) teaches a method of using baselines profiles for adaptive authentication. An improved technique of processing an authentication request from an authentication requestor involves an adaptive authentication device comparing a behavioral history of fact values associated with a user over a current time window with a user's baseline profile that includes a behavioral history of the fact values. The adaptive authentication device accesses such a behavioral history over several previous time windows from a database whose entries include a user identifier, a time interval and user data which represents fact value behavioral history over the time interval. When the device receives an authentication request from an authentication requestor, the adaptive authentication device matches a username of the request with a user identifier of an entry of the database whose time period is the current time period. The adaptive authentication device then updates fact values representing the user's current behavioral history and compares the current behavioral history to the user's baseline profile.
US patent application 2006/248332, published Nov. 2, 2006, teaches a method and apparatus for providing a user-adapted service environment. The method includes authenticating a user, transmitting first user identification information for identifying the authenticated user to a controlled device, receiving a user profile corresponding to the first user identification information from the controlled device, and configuring a service environment using the received user profile.
US patent application 2005/0229001, published Oct. 13, 2005 teaches a system and associated method for providing the access to at least one specified application within a software system. The software system comprises security software and a software tool suite. The security software is adapted to authorize a user to access at least one specified application on a computer system comprising a security standard. The software tool suite is adapted to create or modify a user profile for the user. The user profile comprises at least one transaction necessary for the user to access the at least one specified application. The software tool suite is adapted to integrate in real time the user profile into the security software. The software tool suite is adapted to create a user profile report in real time to verify that the user profile is in compliance with the security standard of the computer system.