Methods, systems, and apparatuses are described herein for improving computer authentication processes using static authentication questions with answers that change based on user account information. A request for access to an account may be received. A static question may be received. The static question may comprise one or more prompts and a plurality of different predetermined answers. Transaction data may be received. Based on the transaction data, a portion of the plurality of different predetermined answers may that correspond to correct answers may be determined. The question may be presented to a user, and a candidate response may be received. Access to the account may be provided based on the candidate response.

Embodiments of the invention are directed to systems, methods, and computer program products for a scheme evaluation authentication system to evaluate user action and machine learned pattern recognition for misappropriation activity prevention. In this way, bot and token deployment is utilized for identification of user actions to generate a user idiosyncrasy database. Using the database, the system creates a real-time scheme evaluation authentication for user authentication upon user attempted authentications. As such, a user may by authenticate irrespective of user inputs, but instead based on a match of user actions at the authentication location in real-time compared to the idiosyncrasy database.

Provided is adaptive authentication that utilizes relational analysis, sentiment analysis, or both relational analysis and sentiment analysis to facilitate an authentication procedure. The relational analysis evaluates a transactional profile and a behavioral profile of the user. The sentiment analysis evaluates available user information that is obtained from various forms of Internet activity related to the user. A level of authentication is selectively modified based on a result of the relational analysis and/or the sentiment analysis.

Authentication is performed based on a user narrative. A narrative, such as a personal story, can be requested during a setup process. Content, voice signature, and emotion can be determined or inferred from analyzing the narrative. Subsequently, a user can provide vocal input associated with the narrative, such as by retelling the narrative or answering questions regarding the narrative. The vocal input can be analyzed for content, voice signature and emotion, and compared with the initial narrative. An authentication score can then generated based on the comparison.

Techniques for monitoring a computing environment for anomalous activity are presented. An example method includes receiving a request to invoke an action within the computing environment. An anomaly score is generated for the received request by applying a probabilistic model to properties of the request. The anomaly score generally indicates a likelihood that the properties of the request correspond to historical activity within the computing environment for a user associated with the request. The probabilistic model generally comprises a model having been trained using historical activity within the computing environment for a plurality of users, the historical activity including information identifying an action performed in the computing environment and contextual information about a historical request. Based on the generated anomaly score, one or more actions are taken to process the request such that execution of requests having anomaly scores indicative of unexpected activity may be blocked pending confirmation.

A method by a network device for dynamically detecting emotional states of a user operating a client end station to interact with an application. The method includes receiving information regarding user inputs received by the client end station from the user while the user interacted with the application during a particular time period and determining an emotional state of the user based on analyzing the information and information regarding user inputs received by the client end station from the user while the user interacted with the application during one or more previous time periods that together with the particular time period form a time window.

This document describes techniques and devices for occluded gesture recognition. Through use of the techniques and devices described herein, users may control their devices even when a user's gesture is occluded by some material between the user's hands and the device itself. Thus, the techniques enable users to control their mobile devices in many situations in which control is desired but conventional techniques do permit effective control, such as when a user's mobile computing device is occluded by being in a purse, bag, pocket, or even in another room.

A transaction authorization apparatus includes a processor in communication with a communications interface. The processor is configured to receive a request for a transaction requested by a user with whom a plurality of user devices are associated, to obtain respective transaction measurements from at least some available devices from among the plurality of user devices, and to confirm approval of the request for the transaction in response to confirmation that the transaction measurements satisfy a multi-device authorization policy associated with the transaction.

A system for creating a combined electronic identification that obtains user information (202) about a user of a hardware device (100), authenticates the user from the user information (202), obtains a hardware profile (208) of the device (100), the hardware profile 208 comprising user generated data stored on the device (100) and links the user information (202) and the hardware profile (208) as a combined electronic identification. The hardware device (100) can be comprised of a main processor, memory, a touchscreen interface, and a wireless communication module, such as a mobile phone, computer, or tablet computer.

Methods and systems for verifying a user's identity on a computing device using two-factor authentication are described. More particularly, the system can use a personal identification number input by a user, together with one or more of a secure browsing feature, a device fingerprint, and a token generator to authenticate the user on the computer.