Browse Prior Art Database

Building user profiles during instant messaging conversations and using them for subsequent identification

IP.com Disclosure Number: IPCOM000229940D
Publication Date: 2013-Aug-08
Document File: 3 page(s) / 27K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a technique for automatically building user profiles during instant messaging conversations and using them for subsequent identification

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 44% of the total text.

Page 01 of 3

Building user profiles during instant messaging conversations and using them for subsequent identification

BACKGROUND

This publication describes techniques for fingerprinting users of Instant Messaging applications. This will help in preventing the potential danger of leaking data to an unintended audience. An instance where this would be helpful is when two users are having an instant messaging conversation with each other and one of the messaging partners moves away without the knowledge of the other user. While the messaging partner is away, a stranger accesses the terminal and tries to chat with the other user.

The proposed technique is about a user identification technique using which during an ongoing instant messaging conversation, it can be detected if any of the users are using stolen credentials or if any of the users is not the intended user.

CURRENTLY AVAILABLE SYSTEMS AND THEIR DRAWBACKS

In currently available instant messaging applications, such as MSN Messenger, there are cases when impersonation might go undetected:


Messaging applications are vulnerable to security breaches, as once logged in, the messenger is open for anybody to type. This is particularly true if the authenticated user doesn't follow security guidelines like locking the computer while leaving the place.


Current messaging applications do not have the ability to alert users if credentials have been stolen by hackers.


Current messaging applications do not have the ability to raise any kind of warning if a user is chatting with an impersonator.

NEED OF A SOLUTION

The following scenarios justify the need for this solution:

In an instant messaging session, when a user leaves his machine for a while to attend to some


1.

errand, another person (who may have been shoulder surfing him) takes control of the instant messaging application and starts chatting with the user's contacts .

A hacker steals someone's instant messaging credentials and initiates a chat session with one


2.

of the contacts. The user at the other end may not know that an impersonator is communicating.

In organizations, offending messages can lead to serious actions for employees. In order to


3.

reconfirm the offending message scenario, the proposed solution can be used to record deviations in the user's fingerprints for the messages, with their date-time contexts (typically

1


Page 02 of 3

stored on the server-side). These fingerprints can be used to confirm that the user's credentials were not compromised or that someone misused the user's messenger session as described in above scenarios.

Many solutions are only based on various authentication techniques at login time only.

Some of the other solutions focus around collecting statistics which is only analyzed at a later time and not a real time technique to identify users and alert messaging partners.

All of these scenarios can lead to leakage of personal and sensitive data, as well as misunderstandings between participants in a chat con...