Adjustment of knowledge-based authentication

US 10,169,761 B1
Filed: 03/15/2017
Issued: 01/01/2019
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a non-transitory computer-readable storage medium for a financial services server comprising computer-executable instructions that direct the financial services server to;

receive, from a consumer computing device via the Internet, a request to open a new financial account with a financial service provider;

receive, from a consumer computing device via the Internet, device identification information associated with the consumer computing device gathered through device identification information gathering code, wherein the device identification information includes one or more of;

device ID,device location,browser type,browser time zone,browser language settings,proxy settings,stated IP address,real IP address,current GPS location data;

orhistorical GPS location data; and

transmit, to an authentication server, a request to set authentication requirements for the consumer and information allowing the authentication server to communicate with the consumer computing device;

receive, from the authentication server, a determination of whether the consumer is authenticated; and

in response to the determination, transmit, to the financial service server, an indication of whether the consumer is authenticated, wherein the financial service server determines whether to open the new financial account for the consumer based on the transmitted indication; and

a non-transitory computer-readable storage medium for the authentication server comprises computer-executable instructions that direct the authentication server to;

receive, from the financial services server via the Internet, the request to set authentication requirements for the consumer in response to the request transmitted from the consumer computing device to open the new financial account and device identification information associated with the consumer computing device, wherein the identity of the consumer is unknown to the financial service provider;

derive one or more behaviors of the consumer based on at least the device identification information;

calculate a fraud risk of the consumer based at least on the one or more derived behaviors of the consumer, wherein respective derived behaviors indicative of potential fraud cause the fraud risk to increase and respective derived behaviors not indicative of potential fraud cause the fraud risk to decrease;

generate one or more first user interfaces for the consumer, wherein the one or more first user interfaces includes an authentication question set having one or more authentication question, the authentication question set based on the calculated fraud risk;

receive a first response from the one or more first user interfaces indicative of a consumer'"'"'s response to at least a first authentication question of the authentication question set;

based at least on the consumer'"'"'s response to at least a first authentication question and the associated device identification information, automatically and dynamically adjust the authentication question set by changing one or more of the authentication questions, removing one or more of the authentication questions, and/or adding an additional authentication question;

generate one or more second user interfaces for the consumer, wherein the one or more second user interfaces includes the adjusted authentication question set having at least a second authentication question;

receive a second response indicative of the consumer'"'"'s response to at least the second authentication question of the adjusted authentication question set;

based at least on the first response, the second response, and the associated device identification information, determine whether the consumer is authenticated; and

transmit an indication of consumer authentication to the financial services server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for adjustment of difficulty level, quantity, and/or other parameters of knowledge-based authentication. The questions may be asked of a consumer based on one or more generated risk scores associated with the consumer'"'"'s behavior, which may be derived from information received from the consumer, a representative responsible for entering information regarding the consumer, and/or from the consumer'"'"'s computing device.

1063 Citations

21 Claims

1. A system comprising:
- a non-transitory computer-readable storage medium for a financial services server comprising computer-executable instructions that direct the financial services server to;
  
  receive, from a consumer computing device via the Internet, a request to open a new financial account with a financial service provider;
  
  receive, from a consumer computing device via the Internet, device identification information associated with the consumer computing device gathered through device identification information gathering code, wherein the device identification information includes one or more of;
  
  device ID,device location,browser type,browser time zone,browser language settings,proxy settings,stated IP address,real IP address,current GPS location data;
  
  orhistorical GPS location data; and
  
  transmit, to an authentication server, a request to set authentication requirements for the consumer and information allowing the authentication server to communicate with the consumer computing device;
  
  receive, from the authentication server, a determination of whether the consumer is authenticated; and
  
  in response to the determination, transmit, to the financial service server, an indication of whether the consumer is authenticated, wherein the financial service server determines whether to open the new financial account for the consumer based on the transmitted indication; and
  
  a non-transitory computer-readable storage medium for the authentication server comprises computer-executable instructions that direct the authentication server to;
  
  receive, from the financial services server via the Internet, the request to set authentication requirements for the consumer in response to the request transmitted from the consumer computing device to open the new financial account and device identification information associated with the consumer computing device, wherein the identity of the consumer is unknown to the financial service provider;
  
  derive one or more behaviors of the consumer based on at least the device identification information;
  
  calculate a fraud risk of the consumer based at least on the one or more derived behaviors of the consumer, wherein respective derived behaviors indicative of potential fraud cause the fraud risk to increase and respective derived behaviors not indicative of potential fraud cause the fraud risk to decrease;
  
  generate one or more first user interfaces for the consumer, wherein the one or more first user interfaces includes an authentication question set having one or more authentication question, the authentication question set based on the calculated fraud risk;
  
  receive a first response from the one or more first user interfaces indicative of a consumer'"'"'s response to at least a first authentication question of the authentication question set;
  
  based at least on the consumer'"'"'s response to at least a first authentication question and the associated device identification information, automatically and dynamically adjust the authentication question set by changing one or more of the authentication questions, removing one or more of the authentication questions, and/or adding an additional authentication question;
  
  generate one or more second user interfaces for the consumer, wherein the one or more second user interfaces includes the adjusted authentication question set having at least a second authentication question;
  
  receive a second response indicative of the consumer'"'"'s response to at least the second authentication question of the adjusted authentication question set;
  
  based at least on the first response, the second response, and the associated device identification information, determine whether the consumer is authenticated; and
  
  transmit an indication of consumer authentication to the financial services server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 21)
- - 2. The system of claim 1, wherein to derive one or more behaviors includes identifying an anomaly between the device identification information and predetermined information in a profile associated with the consumer.
  - 3. The system of claim 1, wherein the authentication question set is generated based on a level of difficulty corresponding to the fraud risk.
  - 4. The system of claim 1, wherein the fraud risk is updated based on the first response from the one or more first user interfaces.
  - 5. The system of claim 1, wherein the fraud risk comprises a risk score.
  - 6. The system of claim 1, wherein the first response includes an incorrect response, and the adjusted authentication question set is determined based on the incorrect response.
  - 7. The system of claim 1, wherein the first response includes an elapsed time to respond, and the adjusted authentication question set is determined based on the elapsed time to respond.
  - 21. The system of claim 1, wherein the system further comprises computer-executable instructions that direct the authentication server to:
    - compare, by the authentication server, location information of the consumer with location information from the device identification information, wherein to automatically and dynamically adjust the authentication question set is further based on the comparison of the location information.

8. A computer-implemented authentication method comprising:
- receiving a request to open a new financial account with a financial service provider;
  
  receiving device identification information associated with a consumer computing device gathered through device identification information gathering code, wherein the device identification information includes one or more of;
  
  device ID,device location,browser type,browser time zone,browser language settings,proxy settings,stated IP address,real IP address,current GPS location data;
  
  orhistorical GPS location data;
  
  transmitting a request to set authentication requirements for a consumer and information allowing an authentication server to communicate with the consumer computing device;
  
  receiving a determination of whether the consumer is authenticated; and
  
  in response to the determination, transmitting an indication of whether the consumer is authenticated, wherein a financial service server determines whether to open the new financial account for the consumer based on the transmitted indication; and
  
  for a first authentication session;
  
  receiving the request to set authentication requirements for the consumer in response to the request transmitted from the consumer computing device to open the new financial account and device identification information associated with the consumer computing device, wherein an identity of the consumer is unknown to the financial service provider;
  
  deriving one or more behaviors of the consumer based on at least the device identification information;
  
  calculating a fraud risk of the consumer based at least on the one or more derived behaviors of the consumer, wherein respective derived behaviors indicative of potential fraud cause the fraud risk to increase and respective derived behaviors not indicative of potential fraud cause the fraud risk to decrease;
  
  generating one or more first user interfaces for the consumer, wherein the one or more user first interfaces includes an authentication question set, the authentication question set based on the calculated fraud risk;
  
  receiving a first response from the one or more first user interfaces indicative of a consumer'"'"'s response to the authentication question set;
  
  based at least on the consumer'"'"'s response to at least a first authentication question and the associated device identification information, automatically and dynamically adjusting the authentication question set by changing one or more of the authentication questions, removing one or more of the authentication questions, and/or adding an additional authentication question; and
  
  transmitting an indication of consumer authentication to the financial services server;
  
  for a second authentication session;
  
  receiving, from the financial services server or another computing system, a second request to set authentication requirements for the consumer;
  
  based on at least the indication of consumer authentication, generating one or more second user interfaces for the consumer, wherein the one or more second user interfaces includes the adjusted authentication question set;
  
  receiving a second response to the adjusted authentication question set;
  
  based at least on the first response to the authentication question set, the second response, and the device identification information, determining whether the consumer is authenticated; and
  
  transmitting a second indication of consumer authentication to the financial services server.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the one or more user interfaces for the consumer provides a false indication of the correctness of the consumer'"'"'s response to the authentication question set.
  - 10. The method of claim 8, wherein the one or more user interfaces for the consumer does not indicate whether the consumer'"'"'s response to the authentication question set was correct.
  - 11. The method of claim 8, wherein the behaviors of the consumer comprises one or more of:
    - frequent attempts to open a new account, requesting a new account from more than one computing device, having a device IP address that matches a known IP addresses associated with a high risk of fraud, or submitting a password that matches a unique password known to be related to a high risk of fraud.
  - 12. The method of claim 8, wherein the device identification information gathering code includes embedded instructions sent to the consumer computing device to collect the device identification information, and to process information collected from the embedded instructions.
  - 13. The method of claim 8, further comprising:
    - determining whether the fraud risk is above a threshold; and
      
      in response to the determination that the fraud risk is above a threshold, sending a request to the consumer computing device for further device identification information.

14. A computer-implemented authentication method comprising:
- receiving, from a financial services server via the Internet, a request to set authentication requirements for a consumer in response to a request transmitted from a consumer computing device to open a new financial account and device identification information associated with the consumer computing device, wherein the the identity of the consumer is unknown to the financial services server, wherein the device identification information includes one or more of;
  
  device ID,device location,browser type,browser time zone,browser language settings,proxy settings,stated IP address,real IP address,current GPS location data;
  
  orhistorical GPS location data;
  
  deriving one or more behaviors of the consumer based on at least the device identification information;
  
  calculating a fraud risk of the consumer based at least on the one or more derived behaviors of the consumer, wherein respective derived behaviors indicative of potential fraud cause the fraud risk to increase and respective derived behaviors not indicative of potential fraud cause the fraud risk to decrease;
  
  generating one or more first user interfaces for the consumer, wherein the one or more first user interfaces includes an authentication question set having one or more authentication questions, the authentication question set based on the calculated fraud risk;
  
  receiving a first response from the one or more first user interfaces indicative of a consumer'"'"'s response to at least a first authentication question of the authentication question set;
  
  based at least on the consumer'"'"'s response to at least a first authentication question and the associated device identification information, automatically and dynamically adjusting the authentication question set by changing one or more of the authentication questions, removing one or more of the authentication questions, and/or adding an additional authentication question;
  
  generate one or more second user interfaces for the consumer, wherein the one or more second user interfaces includes the adjusted authentication question set having at least a second authentication question;
  
  receive a second response indicative of the consumer'"'"'s response to at least the second authentication question of the adjusted authentication question set;
  
  based at least on the first response, the second response, and the device identification, determine whether the consumer is authenticated; and
  
  transmitting an indication of the consumer authentication to the financial services server.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the authentication question set includes at least one trick question.
  - 16. The method of claim 14, wherein to automatically and dynamically adjust the authentication question set includes adjusting the difficulty of at least one question in the authentication question set.
  - 17. The method of claim 14, wherein to automatically and dynamically adjust the authentication question set includes adjusting the number of questions in the authentication question set.
  - 18. The method of claim 14, wherein the one or more behaviors of the consumer includes at last one of:
    - a total number of times authentication was requested for the consumer or a frequency at which authentication was requested for the consumer.
  - 19. The method of claim 14, further comprising:
    - determining whether the fraud risk is higher than a threshold; and
      
      in response to the determination that the fraud risk is higher than the threshold, transmitting an alert to the victim of the authentication fraud.
  - 20. The method of claim 14, further comprising:
    - determining whether the fraud risk is higher than a threshold; and
      
      in response to the determination that the fraud risk is higher than the threshold, performing a lock on an account associated with the victim of the authentication fraud.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Consumerinfo.com Incorporated (Experian plc)
Original Assignee
Consumerinfo.com Incorporated (Experian plc)
Inventors
Burger, Michael
Primary Examiner(s)
Misiaszek, Amber A

Application Number

US15/459,927
Time in Patent Office

657 Days
Field of Search

705 711- 742, 705 35, 705 38, 705 42, 705 44
US Class Current
CPC Class Codes

G06Q 10/0635   Risk analysis of enterprise...

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

G06Q 20/405   Establishing or using trans...

Adjustment of knowledge-based authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

1063 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Adjustment of knowledge-based authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1063 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links