Search

US-12619693-B2 - User credential authentication using blockchain and machine learning

US12619693B2US 12619693 B2US12619693 B2US 12619693B2US-12619693-B2

Abstract

A method for user credential authentication includes receiving real-time logs from a blockchain network that is configured to perform an authentication process of a user. The real-time logs are normalized and bucketized to generate processed real-time logs, which are stored in a block and are added to a blockchain. The processed real-time logs are analyzed to identify the plurality of real-time behavioral patterns of the user. A first authentication score is determined by comparing a first real-time behavioral pattern to a respective first historical behavioral pattern. The first authentication score is compared to a first authentication score threshold, which corresponds to the first real-time behavioral pattern and the respective first historical behavioral pattern. In response to the first authentication score being less than the first authentication score threshold, a first instruction is sent to the blockchain network to temporarily stop the authentication process of the user.

Inventors

  • Ashok Kumar
  • Narsing Raj
  • Siva Kumar Venkata Lakshmi Sai Devulapalli

Assignees

  • BANK OF AMERICA CORPORATION

Dates

Publication Date
20260505
Application Date
20221018

Claims (20)

  1. 1 . An apparatus comprising: a blockchain network comprising a plurality of nodes, wherein the blockchain network is configured to perform an authentication process of a user; an authentication monitoring system communicatively coupled to the blockchain network, wherein the authentication monitoring system comprises: a memory storing a machine learning algorithm and a database, wherein the database comprises: a blockchain storing historical logs associated with historical authentication events of the user, wherein the blockchain comprises a plurality of blocks and the historical logs are stored in a first set of blocks of the plurality of blocks and wherein each block of the first set of blocks stores a corresponding historical log; a plurality of historical behavioral patterns of the user, wherein the plurality of historical behavioral patterns are identifiable from the historical logs and wherein the historical behavioral patterns comprise historical location information of the user and historical authentication time information of the user; and a plurality of authentication score thresholds, wherein each of the plurality of authentication score thresholds corresponds to a respective one of the plurality of historical behavioral patterns; a processor communicatively coupled to the memory, wherein the processor, when executing the machine learning algorithm, is configured to: receive real-time logs from the blockchain network, wherein the real-time logs comprise real-time logs related to a real-time location and a real-time authentication time information of the user during the authentication process of the user; normalize and bucketize the real-time logs to generate processed real-time logs, wherein the real-time logs are bucketed based on grouping the real-time location of the user and grouping the real-time authentication time information of the user; store the processed real-time logs in a second block; add the second block to the blockchain, wherein the second block is added after the first set of blocks on the blockchain; analyze the processed real-time logs to identify a plurality of real-time behavioral patterns of the user, wherein the plurality of real-time behavioral patterns comprises a real-time location information of the user and a real-time authentication time information of the user; and determine a plurality of authentication scores based on comparing one or more of a plurality of real-time behavioral patterns with a respective one or more of a plurality of historical behavioral patterns, wherein: the plurality of authentication scores comprises a first authentication score and a second authentication score; the plurality of real-time behavioral patterns comprises a first real-time behavioral pattern and a second real-time behavioral pattern; the plurality of historical behavioral patterns comprises a first historical behavioral pattern and a second historical behavioral pattern; wherein the determining the plurality of authentication scores comprises: determining the first authentication score by comparing the first real-time behavioral pattern to the respective first historical behavioral pattern, wherein the first real-time behavioral pattern comprises the real-time location information of the user and the first historical behavioral pattern is the historical location information of the user; comparing the first authentication score to a first authentication score threshold, wherein the first authentication score threshold corresponds to the first real-time behavioral pattern and the respective first historical behavioral pattern; and in response to the first authentication score being less than the first authentication score threshold, sending a first instruction to the blockchain network to temporarily stop the authentication process of the user; in response to the first authentication score being greater than or equal to the first authentication score threshold, determining the second authentication score by comparing the second real-time behavioral pattern to the respective second historical behavioral pattern; comparing the second authentication score to a second authentication score threshold, wherein the second authentication score threshold corresponds to the second real-time behavioral pattern and the respective second historical behavioral pattern; and in response to the second authentication score being less than the second authentication score threshold, sending a second instruction to the blockchain network to temporarily stop the authentication process of the user.
  2. 2 . The apparatus of claim 1 , wherein the historical behavioral patterns comprise time zone information of the user, or authentication frequency information of the user.
  3. 3 . The apparatus of claim 1 , wherein the processor is further configured to: after sending the first instruction to blockchain network to temporarily stop the authentication process of the user, request from the user a confirmation that it is indeed the user who initiated the authentication process; determine if a response from the user is received or not; in response to determining that the response is received, determine if the response is positive or negative; and in response to determining that the response is positive, send a second instruction to the blockchain network to resume the authentication process of the user.
  4. 4 . The apparatus of claim 3 , wherein the processor is further configured to: in response to determining that the response is negative, send a third instruction to the blockchain network to terminate the authentication process of the user.
  5. 5 . The apparatus of claim 3 , wherein the processor is further configured to: in response to determining that the response is not received, send a third instruction to the blockchain network to terminate the authentication process of the user.
  6. 6 . The apparatus of claim 1 , wherein the second real-time behavioral pattern is the real-time authentication time information of the user and the second historical behavioral pattern is the historical authentication time of the user.
  7. 7 . The apparatus of claim 1 , wherein the processor is further configured to: update the plurality of historical behavioral patterns based on the plurality of real-time behavioral patterns.
  8. 8 . A method comprising: receiving real-time logs from a blockchain network, wherein the blockchain network is configured to perform an authentication process of a user, and wherein the real-time logs comprise real-time logs related to a real-time location and a real-time authentication time information of the user during the authentication process of the user, wherein the blockchain network comprises a blockchain; storing, in the blockchain, historical logs associated with historical authentication events of the user, wherein the blockchain comprises a plurality of blocks and the historical logs are stored in a first set of blocks of the plurality of blocks and wherein each block of the first set of blocks stores a corresponding historical log; normalizing and bucketizing the real-time logs to generate processed real-time logs, wherein the real-time logs are bucketed based on grouping the real-time location of the user and grouping the real-time authentication time information of the user; storing the processed real-time logs in a second block; adding the second block to a blockchain, wherein the second block is added after the first set of blocks on the blockchain; analyzing the processed real-time logs to identify a plurality of real-time behavioral patterns of the user, wherein the plurality of real-time behavioral patterns comprises a real-time location information of the user and a real-time authentication time information of the user; and determining a plurality of authentication scores based on comparing one or more of a plurality of real-time behavioral patterns with a respective one or more of a plurality of historical behavioral patterns, wherein: the plurality of authentication scores comprises a first authentication score and a second authentication score; the plurality of real-time behavioral patterns comprises a first real-time behavioral pattern and a second real-time behavioral pattern; and the plurality of historical behavioral patterns comprises a first historical behavioral pattern and a second historical behavioral pattern; and wherein the determining the plurality of authentication scores comprises: determining the first authentication score by comparing the first real-time behavioral pattern to the respective first historical behavioral pattern, wherein the first real-time behavioral pattern comprises the real-time location information of the user and the first historical behavioral pattern is a historical location information of the user; comparing the first authentication score to a first authentication score threshold, wherein the first authentication score threshold corresponds to the first real-time behavioral pattern and the respective first historical behavioral pattern; and in response to the first authentication score being less than the first authentication score threshold, sending a first instruction to the blockchain network to temporarily stop the authentication process of the user; in response to the first authentication score being greater than or equal to the first authentication score threshold, determining the second authentication score by comparing the second real-time behavioral pattern to the respective second historical behavioral pattern; comparing the second authentication score to a second authentication score threshold, wherein the second authentication score threshold corresponds to the second real-time behavioral pattern and the respective second historical behavioral pattern; and in response to the second authentication score being less than the second authentication score threshold, sending a second instruction to the blockchain network to temporarily stop the authentication process of the user.
  9. 9 . The method of claim 8 , wherein the historical behavioral patterns comprise time zone information of the user, authentication frequency information of the user, or authentication time information of the user.
  10. 10 . The method of claim 8 , further comprising: after sending the first instruction to blockchain network to temporarily stop the authentication process of the user, requesting from the user a confirmation that it is indeed the user who initiated the authentication process; determining if a response from the user is received or not; in response to determining that the response is received, determining if the response is positive or negative; and in response to determining that the response is positive, sending a second instruction to the blockchain network to resume the authentication process of the user.
  11. 11 . The method of claim 10 , further comprising: in response to determining that the response is negative, sending a third instruction to the blockchain network to terminate the authentication process of the user.
  12. 12 . The method of claim 10 , further comprising: in response to determining that the response is not received, sending a third instruction to the blockchain network to terminate the authentication process of the user.
  13. 13 . The method of claim 8 , wherein the second real-time behavioral pattern is the real-time authentication time information of the user and the second historical behavioral pattern is the historical authentication time of the user.
  14. 14 . The method of claim 8 , further comprising: updating the plurality of historical behavioral patterns based on the plurality of real-time behavioral patterns.
  15. 15 . A non-transitory computer-readable medium storing instructions that, when executed by a processor, cause the processor to: receive real-time logs from a blockchain network, wherein the blockchain network is configured to perform an authentication process of a user, and wherein the real-time logs comprise real-time logs related to a real-time location and a real-time authentication time information of the user during the authentication process of the user, wherein the blockchain network comprises a blockchain; store, in the blockchain, historical logs associated with historical authentication events of the user, wherein the blockchain comprises a plurality of blocks and the historical logs are stored in a first set of blocks of the plurality of blocks and wherein each block of the first set of blocks stores a corresponding historical log; normalize and bucketize the real-time logs to generate processed real-time logs, wherein the real-time logs are bucketed based on grouping the real-time location of the user and grouping the real-time authentication time information of the user; store the processed real-time logs in a second block; add the second block to a blockchain, wherein the second block is added after the first set of blocks on the blockchain; analyze the processed real-time logs to identify a plurality of real-time behavioral patterns of the user, wherein the plurality of real-time behavioral patterns comprises a real-time location information of the user and a real-time authentication time information of the user; and determine a plurality of authentication scores based on comparing one or more of a plurality of real-time behavioral patterns with a respective one or more of a plurality of historical behavioral patterns, wherein: the plurality of authentication scores comprises a first authentication score and a second authentication score; the plurality of real-time behavioral patterns comprises a first real-time behavioral pattern and a second real-time behavioral pattern; and the plurality of historical behavioral patterns comprises a first historical behavioral pattern and a second historical behavioral pattern; and wherein the determining the plurality of authentication scores comprises: determining the first authentication score by comparing the first real-time behavioral pattern to the respective first historical behavioral pattern, wherein the first real-time behavioral pattern comprises the real-time location information of the user and the first historical behavioral pattern is a historical location information of the user; comparing the first authentication score to a first authentication score threshold, wherein the first authentication score threshold corresponds to the first real-time behavioral pattern and the respective first historical behavioral pattern; and in response to the first authentication score being less than the first authentication score threshold, sending a first instruction to the blockchain network to temporarily stop the authentication process of the user; in response to the first authentication score being greater than or equal to the first authentication score threshold, determining the second authentication score by comparing the second real-time behavioral pattern to the respective second historical behavioral pattern; comparing the second authentication score to a second authentication score threshold, wherein the second authentication score threshold corresponds to the second real-time behavioral pattern and the respective second historical behavioral pattern; and in response to the second authentication score being less than the second authentication score threshold, sending a second instruction to the blockchain network to temporarily stop the authentication process of the user.
  16. 16 . The non-transitory computer-readable medium of claim 15 , wherein the historical behavioral patterns comprise time zone information of the user, authentication frequency information of the user, or authentication time information of the user.
  17. 17 . The non-transitory computer-readable medium of claim 15 , wherein the instructions, when executed by the processor, further cause the processor to: after sending the first instruction to blockchain network to temporarily stop the authentication process of the user, request from the user a confirmation that it is indeed the user who initiated the authentication process; determine if a response from the user is received or not; in response to determining that the response is received, determine if the response is positive or negative; and in response to determining that the response is positive, send a second instruction to the blockchain network to resume the authentication process of the user.
  18. 18 . The non-transitory computer-readable medium of claim 17 , wherein the instructions, when executed by the processor, further cause the processor to: in response to determining that the response is negative, send a third instruction to the blockchain network to terminate the authentication process of the user.
  19. 19 . The non-transitory computer-readable medium of claim 17 , wherein the instructions, when executed by the processor, further cause the processor to: in response to determining that the response is not received, send a third instruction to the blockchain network to terminate the authentication process of the user.
  20. 20 . The non-transitory computer-readable medium of claim 15 , wherein the second real-time behavioral pattern is the real-time authentication time of the user and the second historical behavioral pattern is the historical authentication time of the user.

Description

TECHNICAL FIELD The present disclosure relates generally to a secure user credential authentication, and more specifically to a system and method for user credential authentication using blockchain and machine learning. BACKGROUND User identity and access management is important for many organizations. The identity and access management has an important role in identifying, authenticating, and authorizing access to various services or systems. Central identity management systems are usually used for identity and access management. The central identity management systems are usually the first targets of hackers or bad actors for gaining unauthorized system-wide access to various services or systems of an organization. As a risk of security threats continues to increase, the central identity management systems are becoming “single-points of failure.” SUMMARY The system described in the present disclosure provides several practical applications and technical advantages that overcome the current technical problems with user credential authentication, such as, for example, problems associated with “single-point of failure” of centralized identity management systems. The following disclosure is particularly integrated into practical applications of improving the security of user credential authentication. This, in turn, improves the security of the underlying computer system. The system disclosed in the present application provides a technical solution to the technical problems discussed above by providing an authentication system that uses a combination of distributed blockchain and artificial intelligence/machine learning (AI/ML) to authenticate a user before allowing the user access to requested resources. The authentication system is a decentralized system that includes a distributed blockchain network communicatively coupled to an authentication monitoring system. The blockchain network includes a peer-to-peer network of nodes, with each of the nodes storing a copy of a blockchain. The disclosed authentication system provides several practical applications and technical advantages, which include a process for providing enhanced information security by using storing hashed user credentials in blockchains of the distributed blockchain network, and by using a majority consensus mechanism of the peer-to-peer network of nodes to validate user credentials of the user. The immutability of the blockchain allows for the secure storage of the hashed user credentials. The majority consensus mechanism allows for avoiding “single-point of failure” issues for the authentication system, since the authentication system may be compromised if a majority of the nodes (and not a single node) are hijacked by a bad actor, which requires insurmountable amount of computing resources and is impractical. The authentication monitoring system implements AI/ML algorithms to monitor the user credential authentication process performed by the distributed blockchain network. The authentication monitoring system receives real-time logs from the distributed blockchain network and determines a real-time behavioral pattern of the user from the real-time logs. The real-time behavioral patterns are compared to historical behavioral patterns stored in the authentication monitoring system to determine a suspicious activity. In response to determining that the real-time behavior of the user does not match the real-time behavior of the user, the authentication monitoring system sends an instruction to the distributed blockchain network to temporarily stop (or pause) the authentication process of the user. The authentication monitoring system requests a confirmation from the user that it is indeed the user who initiated the authentication process. In response to receiving a positive response from the user, the authentication monitoring system sends an instruction to the distributed blockchain network to resume the authentication process of the user. In response to receiving a negative response from the user or in response to not receiving a response at all, the authentication monitoring system sends an instruction to the distributed blockchain network to terminate the authentication process of the user. Furthermore, the authentication monitoring system stores the real-time and historical logs in a blockchain, which is in turn is stored in a database. This allows for improved security due to immutability of the blockchain and improved data retrieval speed due to using the database. Accordingly, the authentication monitoring system further improves the security of the authentication process, since a bad actor will be denied an access even if the bad actor obtains access to the user credentials of the user. This process provides information security because a bad actor will need to both obtain the user credentials of the user and replicate the behavioral pattern of the user to successfully complete the authentication process. In one embodiment, an appar