EP-4309057-B1 - MONITORING USER INTERACTION WITH CLIENT DEVICES

Inventors

• PALYI, ISTVAN
• PHILLIPS, ANTHONY

Dates

Publication Date

20260506

Application Date

20210317

Claims (20)

1. A web enabled device (1) arranged for monitoring user interaction with the web enabled device, the web enabled device being arranged under the control of software to: run a web client (11) for loading and displaying webpages to a user; run a client side module (13) within the web client; send, using the client side module, data to a server; and carry out a monitoring operation, using the client side module, to monitor user interaction with at least one of the web enabled device (1) and, via the web enabled device, a webpage (12) loaded in the web client on the web enabled device, wherein the web enabled device is arranged under the control of software to: receive from the server a first configuration message, which message is arranged to configure the monitoring operation of the client side module (13) so as to cause monitoring of user interaction according to a first specification; configure the client side module (13) using the first configuration message and send to the server, using the client side module, information obtained by the monitoring operation of the client side module in accordance with the first specification; receive from the server (4) a second configuration message, which message is arranged to configure the monitoring operation of the client side module (13) so as to cause monitoring of user interaction according to a second specification; and configure the client side module (13) using the second configuration message and send to the server (4), using the client side module, information obtained by the monitoring operation of the client side module in accordance with the second specification, wherein the first configuration message is arranged to configure the client side module to monitor a first parameter and the second configuration message is arranged to configure the client side module (13) to monitor the first parameter but with sampling specification which differs from a sampling specification with which the first parameter is sampled in response to the first configuration message.
2. A web enabled device (1) according to claim 1 in which the monitoring of user interaction according to at least one of the first specification and the second specification comprises monitoring user interaction with the web page (12) loaded in the web client (11).
3. A web enabled device (1) according to claim 1 or claim 2 in which the monitoring of user interaction according to at least one of the first specification and the second specification comprises monitoring user interaction with the web enabled device which is distinct from interaction with the web page (12) loaded in the web client (11) and yet is detectable from within the web client by the client side module (13).
4. A web enabled device (1) according to any preceding claim in which the first configuration message is arranged to configure the client side module (13) to monitor a first parameter and the second configuration message is arranged to configure the client side module (13) to monitor at least one of: a second parameter which is different from the first parameter in place of monitoring the first parameter; and the first parameter and at least one further parameter.
5. A web enabled device (1) according to any preceding claim in which at least some of the monitoring is chosen with the aim of checking or collecting Biometric data associated with the user.
6. A web enabled device (1) according to any preceding claim in which at least one of the monitoring operation according to the first specification and the monitoring operation according to the second specification comprises, at the client side module (13), processing data obtained by monitoring user interaction with at least one of the web enabled device (1) and a webpage (12) loaded in the web client (11) on the web enabled device to generate said respective information obtained by the monitoring operation for sending to the server (4).
7. A web enabled device (1) according to any preceding claim in which the client side module (13) is arranged for receiving both the first configuration message and the second configuration message whilst said webpage (12) is loaded in the web client (11) and the client side module (13) is arranged for carrying out the monitoring operation according to the first specification and carrying out the monitoring operation according to the second specification whilst said webpage (12) is loaded in the web client.
8. A web enabled device (1) according to any preceding claim in which the client side module (13) runs within the webpage (12) loaded in the web client (11), preferably wherein the client side module is arranged for receiving both the first configuration message and the second configuration message whilst running in the webpage (12) loaded in the web client and the client side module is arranged for carrying out the monitoring operation according to the first specification and carrying out the monitoring operation according to the second specification whilst running in said webpage.
9. A web enabled device (1) according to any preceding claim in which the first configuration message comprises an initial configuration for the client side module (13) and the client side module is arranged under software to fall back to said initial configuration after having been configured in accordance with the second configuration where fall back conditions are met.
10. A user interaction monitoring server device arranged for monitoring user interaction with a client device (1) on which is running a software application arranged to carry out a monitoring operation to monitor user interaction with at least one of the client device (1) and a service accessed via the client device (1), the user interaction monitoring server device being in communication with the client device over a network in use and being arranged under the control of software to: receive data from the software application running on the client device (1); send from the server to the client device (1) a first configuration message, which message is arranged to configure the monitoring operation of the software application so as to cause monitoring of user interaction according to a first specification; receive at the server (4) from the software application running on the client device (1) information obtained by the monitoring operation of the software application in accordance with the first specification; analyse the information received from the software application; determine whether the information received from the software application meets predetermined criteria such that a change in configuration of the software application is justified; and where it is determined that a change in configuration of the software application is justified, send from the server (4) to the software application running on the client device (1), a second configuration message, which message is arranged to configure the monitoring operation of the software application so as to cause monitoring of user interaction according to a second specification, wherein the first configuration message is arranged to configure the software application to monitor a first parameter and the second configuration message is arranged to configure the software application to monitor the first parameter but with sampling specification which differs from a sampling specification with which the first parameter is sampled in response to the first configuration message.
11. A user interaction monitoring server device according to claim 10 in which the user interaction monitoring server device is arranged under the control of software to determine an appropriate change in data to be collected at the software application and hence determine a content of the second configuration message once a determination has been made that a change in configuration of the software application is justified and before sending the second configuration message to the client.
12. A user interaction monitoring server device according to claim 10 or claim 11 in which the user interaction monitoring server device is arranged to send an alert message in response to an alert condition being determined at the user interaction monitoring server device.
13. A user interaction monitoring server device according to any one of claims 10 to 12 in which the user interaction monitoring server device is arranged under the control of software, as part of determining whether a change in configuration of the software application is justified, to compare user behaviour as identified from the information received from the software application with expected user behaviour held in a store in respect of an authorised user of a service being accessed at the client device (1), preferably wherein the user interaction monitoring server device is arranged under the control of software to determine that a change in configuration of the software application is at least potentially justified when a difference between the user behaviour as identified from the information received from the software application and the expected user behaviour exceeds a threshold, more preferably wherein the user interaction monitoring server device is arranged under the control of software to determine whether other predetermined conditions are met before a change in configuration is initiated.
14. A user interaction monitoring server device according to any one of claims 10 to 13 in which the user interaction monitoring server device is arranged under the control of software to: i) determine that a change in configuration of the software application is at least potentially justified when a difference between the user behaviour as identified from the information received from the software application and the expected user behaviour exceeds a threshold; ii) determine whether other predetermined conditions are met; and where i) and ii) are determined, to send from the server to the software application running on the client device (1), a second configuration message, which message is arranged to configure the monitoring operation of the software application so as to cause monitoring of user interaction according to a second specification.
15. A user interaction monitoring server device according to any one of claims 10 to 14 in which the user interaction monitoring server device is arranged under the control of software, as part of determining whether a change in configuration of the software application is justified, to determine whether the activity being conducted via a service being accessed at client device (1) falls within a predefined category of activities.
16. A user interaction monitoring server device according to any one of claims 10 to 15 in which the user interaction monitoring server device is arranged under the control of software, as part of determining whether a change in configuration of the software application is justified, to compare user behaviour as identified from the information received from the software application with expected user behaviour held in a store in respect of an authorised user of a service being accessed at client device (1); and to determine a score which is indicative of how closely the user behaviour as identified from the information received from the client side module matches with expected user behaviour, preferably wherein the user interaction monitoring server device is arranged under the control of software, as part of determining an appropriate change in data to be collected at the software application and hence determining a content of the second configuration message, to determine a content of the second configuration message based on said score, more preferably wherein the user interaction monitoring server device is arranged under the control of software to select the content of the second configuration message so as to give a lower level of monitoring when a first score is determined than when a second score is determined where the second score is indicative of the detected behaviour being further from the expected behaviour than the first score.
17. A user interaction monitoring server device according to claim 16 in which the user interaction monitoring server device is arranged under the control of software to: store a table of entries, each entry comprising one of a score and a score range and at least one monitoring characteristic associated with said one of a score and a score range; wherein each monitoring characteristic comprises at least one of a parameter and a parameter and sampling specification pair; and the user interaction monitoring server device is arranged under the control of software to select the content of the second configuration message based on the at least one monitoring characteristic which is associated in the table with said one of a score and a score range which matches the determined score indicating how closely the user behaviour as identified from the information received from the software application matches with expected user behaviour.
18. A user interaction monitoring server device according to either of claims 16 or 17 which is arranged under the control of software to use at least one of a machine learning technique, a neural network, linear regression, and a decision tree in determining at least one of said score and a content of the second configuration message.
19. A user interaction monitoring system for monitoring user interaction with a client device (1), comprising: a client device (1) arranged to run a software application which is arranged to carry out a monitoring operation to monitor user interaction with at least one of the client device (1) and a service accessed via the client device; and a user interaction monitoring server device as claimed in any one of claims 10 to 18.
20. A user interaction monitoring server device according to any one of claims 10 to 18 in which the client device (1) is a web enabled device where in use there is a client side module running within a web client on the user web enabled device and the client side module is arranged to carry out said monitoring operation at the client device (1) and the user interaction monitoring server device is arranged to receive said data from the client side module, send said first configuration message to the client side module, receive said information obtained by the monitoring operation from the client side module and send said second configuration message to the client side module.

Description

This invention relates to monitoring user interaction with client devices, say web enabled devices, in particular monitoring user interaction with a web enabled device using a client side module running within a web client on the web enabled device. Providing systems for authenticating users and helping prevent fraud is an issue of significant importance. Ideally authentication systems are effective and convenient for users. It has been recognised by the applicants that various aspects of a user's interaction with a web page and a web enabled device can be characteristic of a particular user and as such these characteristics can be considered as biometric information and be useful in authenticating a user. This authentication can be carried out without any proactive action by the user, so is attractive. However using such a system will likely necessitate the gathering of a high volume of data in respect of user interaction with a web enabled device or a web page loaded on the web enabled device and this can create technical issues. There are existing systems for monitoring user interaction with web pages loaded into a web client such as a browser. Such systems allow the monitoring of various kinds of user interactions with a web page at differing levels of granularity. Due to the amount of processing which is required at the client side module, and the time that this may take and the detrimental effect that this may have on user experience and/or the volume of data that must be sent to the server device and/or the complexities of processing massive amounts of data at the central server it is impractical with existing systems to monitor all possible types of user interaction with a web enabled device and report these to a server. The precise details of the monitoring which is carried out is typically determined in a one time operation which sets up a client side module (or data collection agent) to perform monitoring of certain user interactions and report these user interactions back to a monitoring server device. This has restrictions and can cause issues if the system is set to capture very high volumes of data. To facilitate user authentication and for other reasons it would be desirable to provide the facility to collect high volumes of data relating to user interactions with a client device say a web enabled device to enable enhanced functionality but at the same time arrive at a practical system which does not overwhelm computer or network resources. US10/922631B1 describes a system and method for secure authentication of user entity and user entity device identity and aims to allow an identity to be continuously proven because of user entity's behaviour and their biometrics. US2007/239604A1 describes systems and methods for detecting fraudulent behaviour during an Internet commerce session. Onespan: "Continuous Authentication", 2021-01-24, XP055854814 (https://web.archive.org/web/20210124224335/https://www.onespan.com/topics /continuous-authentication) describes methods of confirming a customer's identity in real time when they are banking. US2015/046216A1 describes a real-time fraud prevention system to enable merchants and commercial organizations on-line to assess and protect themselves from high-risk users comprising a centralized database configured to build and store dossiers of user devices and behaviours collected from subscriber websites in real-time. CN108574605A describes acquisition methods of user behaviour data, comprising the steps of, Software Development Kit (SDK) initialization when the client application starts; monitoring a user's operation behaviour, recording user behaviour data; filtering rules of the SDK according to the configuration; and reporting filtered user behaviour data into server end. US2018/034850A1 describes devices, systems, and methods of generating and managing behavioural biometric cookies. The system monitors user-interactions of a user, that are performed via an input unit of an end-user device; and extracts a set of user-specific characteristics, which are used as a behavioural profile or behavioural signature. According to one aspect of the present invention there is provided a web enabled device in accordance with claim 1. This allows dynamic monitoring of user interaction with the web enabled device. In particular, it allows, for example, for the monitoring to be conducted at the web enabled device to be modified based on monitoring information obtained at the web enabled device and sent to the server. Moreover, this is facilitated in a scalable way where, by use of a configurable client side module, dynamic monitoring can be provided across multiple different websites using a common monitoring tool - that is with different instances of the client side module. Typically the first specification will be different from the second specification. The dynamic monitoring may be used in a way to target more detailed/granular monitoring to situations where this is