A computer device configured to passively authenticate a user includes a memory device including a user profile, and at least one processor coupled to the memory device. The at least one processor is programmed to execute a passive authentication system programmed to receive an indication that the user successfully performed an active authentication by interacting with the computing device, and set an authentication state of the user as authenticated in response to the successful active authentication. The passive authentication system is further programmed to receive a first plurality of interaction data indicative of one or more interactions between the user and the computer device, the one or more interactions performed after the indication of the successful active authentication; compare the one or more interactions to the user profile; and update the authentication state of the user based on the comparison.

In an example implementation according to aspects of the present disclosure, a system receives behavioral biometric data associated with a user of a computing device. The system determines whether an identity of the user is authenticated based on a comparison of the received behavior biometric data and historical behavioral biometric data associated with the user of the computing device. In response to determining that the identity of the user is not authenticated based on the comparison of the received behavioral biometric data and the historical behavioral biometric data, the system receives physiological biometric data associated with the user. The system determines whether the identity of the user is authenticated based on a comparison of the received physiological biometric data and historical physiological biometric data associated with the user of the computing device.

Systems and methods for authenticating identification information are disclosed. For example, a system may include an Automated Teller Machine (ATM). An ATM may comprise a user interface. The user interface may comprise a joystick. The user interface may be configured to receive joystick input from a user. The ATM may comprise at least one memory storing instructions. The ATM may comprise at least one processor configured to execute the instructions to perform operations. The operations may comprise receiving identification information from the user. The operations may comprise receiving the joystick input. The operations may comprise extracting a joystick sequence from the joystick input. When the joystick sequence is within a predetermined threshold from a stored joystick sequence corresponding to the identification information, the operations may comprise authenticating the user for an ATM operation.

Human interaction with a webpage may be determined by processing an event stream generated by the client device during the webpage interaction. A classification server receives the event stream and compares components of the event stream, including components of an event header message, with prerecorded datasets. The datasets include prerecorded event streams having a known interaction type. Training clients may be provided for generating the prerecorded datasets.

A variety of systems and methods can include evaluation of human user effort data. Various embodiments apply techniques to identify anomalous effort data for the purpose of detecting the efforts of a single person, as well as to segment and isolate multiple persons from a single collection of data. Additional embodiments describe the methods for using real-time anomaly detection systems that provide indicators for scoring effort data in synthesized risk analysis. Other embodiments include approaches to distinguish anomalous effort data when the abnormalities are known to be produced by a single entity, as might be applied to medical research and enhance sentiment analysis, as well as detecting the presence of a single person's effort data among multiple collections, as might be applied to fraud analysis and insider threat investigations. Embodiments include techniques for analyzing the effects of adding and removing detected anomalies from a given collection on subsequent analysis.

Methods and systems disclosed herein describe using machine learning to lock and unlock a device. Machine learning may be trained to recognize one or more features. Once the device has been trained to recognize one or more features, a user may define an unlock condition for the device using the one or more trained features. After defining the unlock condition, the device may be locked by verifying the one or more features that the user defined as the unlock condition using machine learning. When verification is successful, the device may be unlocked and the user allowed to access the device.

Systems and methods are provided for a content-based security for computing devices. An example method includes identifying content rendered by a mobile application, the content being rendered during a session, generating feature vectors from the content and determining that the feature vectors do not match a classification model. The method also includes providing, in response to the determination that the feature vectors do not match the classification model, a challenge configured to authenticate a user of the mobile device. Another example method includes determining a computing device is located at a trusted location, capturing information from a session, the information coming from content rendered by a mobile application during the session, generating feature vectors for the session, and repeating this until a training criteria is met. The method also includes training a classification model using the feature vectors and authenticating a user of the device using the trained classification model.

A method for automatic anonymous visitor identity resolution using machine learning, which includes generating a visitor histogram set from visitor events of a visitor event stream that include a visitor identifier and an internet protocol address, filtering a set of user identifiers into a candidate set of user identifiers based on the internet protocol address, obtaining one or more user histogram sets generated from user events that include user identifiers from the candidate set of user identifiers, and mapping the visitor identifier to a user identifier of the candidate set of user identifiers using a machine learning model and a histogram similarity matrix generated from the visitor histogram set, the one or more user histogram sets, and a set of histogram similarity functions. The method further includes presenting a response based on the mapping of the visitor identifier to the user identifier.

Provided is an authentication system that improves user convenience. This authentication system includes at least one first terminal, a plurality of second terminals, and a server device. The first terminal is capable of providing services using a biometric authentication function or non-biometric authentication function. Each of the second terminals is capable of switching between a biometric authentication function and a non-biometric authentication function and capable of providing services using the biometric authentication function or non-biometric authentication function. The server device is connected to the first terminal and the plurality of second terminals. The server device calculates the rate of usage of a biometric authentication function by the at least one first terminal. The server device determines an operation mode for at least one of the plurality of second terminals on the basis of the calculated rate of usage.

A user authentication device includes: a collection part collecting information of a user; a generation part generating a question for the user on the basis of the information of the user collected by the collection part and a skill model of the user; a presentation part presenting the question for the user generated by the generation part to the user; a reception part receiving, from the user, a response to the question presented by the presentation part; and a determination part determining authentication of the user on the basis of the response received by the reception part.