Enhanced secure authentication

US 10,200,364 B1
Filed: 04/01/2016
Issued: 02/05/2019
Est. Priority Date: 04/01/2016
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user of a mobile electronic computing device to perform one or more operations on a first electronic computing device, the method comprising:

on the first electronic computing device, receiving a first request to access the first electronic computing device;

in response to the first request to access, sending a first identifier to the mobile electronic computing device;

receiving a second identifier from a second electronic computing device, the second electronic computing device being different from the mobile electronic computing device;

when the first identifier matches the second identifier, calculating a first trust score for the user;

when the first trust score is equal to or greater than a first threshold, authenticating the user to login to the first electronic computing device;

receiving a second request to perform an operation on the first electronic computing device;

when a determination is made that the first trust score is not high enough to permit the user to perform the operation;

sending a third request to the mobile electronic computing device for the user to respond to one or more first questions;

receiving from the mobile electronic computing device user answers to the one or more first questions; and

based on the first trust score and the user answers to the one or more first questions, calculating a second trust score for the user; and

when the second trust score is greater than or equal to a second threshold, the second threshold being higher than the first threshold, permitting the user to perform the operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a user of a mobile electronic computing device to perform operations on a first electronic computing device includes receiving a request to access the first electronic computing device. In response to the request to access, a first identifier is sent to the mobile electronic computing device. A second identifier is received from a second electronic computing device. The second electronic computing device is different from the mobile electronic computing device. A determination is made as to whether the first identifier matches the second identifier. When the first identifier matches the second identifier, a trust score is calculated for the user. A determination is made as to whether the trust score is equal to or greater than a threshold. When the trust score is equal to or greater than the threshold, the user is authenticated to login to the first electronic computing device.

69 Citations

View as Search Results

17 Claims

1. A method for authenticating a user of a mobile electronic computing device to perform one or more operations on a first electronic computing device, the method comprising:
- on the first electronic computing device, receiving a first request to access the first electronic computing device;
  
  in response to the first request to access, sending a first identifier to the mobile electronic computing device;
  
  receiving a second identifier from a second electronic computing device, the second electronic computing device being different from the mobile electronic computing device;
  
  when the first identifier matches the second identifier, calculating a first trust score for the user;
  
  when the first trust score is equal to or greater than a first threshold, authenticating the user to login to the first electronic computing device;
  
  receiving a second request to perform an operation on the first electronic computing device;
  
  when a determination is made that the first trust score is not high enough to permit the user to perform the operation;
  
  sending a third request to the mobile electronic computing device for the user to respond to one or more first questions;
  
  receiving from the mobile electronic computing device user answers to the one or more first questions; and
  
  based on the first trust score and the user answers to the one or more first questions, calculating a second trust score for the user; and
  
  when the second trust score is greater than or equal to a second threshold, the second threshold being higher than the first threshold, permitting the user to perform the operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein when the first trust score is less than the first threshold, further comprising:
    - sending a second request to the mobile electronic computing device for the user to respond to one or more first questions;
      
      receiving from the mobile electronic computing device user answers to the one or more first questions;
      
      based on the first trust score and the user answers to the one or more first questions, calculating a second trust score for the user;
      
      when the second trust score is greater than or equal to the first threshold, authenticating the user to login to the first electronic computing device.
  - 3. The method of claim 2, wherein the one or more first questions are personalized questions based on recent activity of the user.
  - 4. The method of claim 3, where at least one of the one or more first questions is based on a recent purchase made by the user.
  - 5. The method of claim 1, wherein after a first answer to the one or more first questions is sent to the user:
    - obtaining an evaluation of the first answer to the one or more first questions; and
      
      determining an additional question to ask the user based on the evaluation of the first answer.
  - 6. The method of claim 1, wherein when the second trust score is less than the second threshold, further comprising sending a fourth request to the mobile electronic computing device for the user to respond to one or more second questions, the one or more second questions having answers pre-recorded by the user.
  - 7. The method of claim 6, further comprising:
    - receiving a voice response from the user for each the one or more second questions;
      
      comparing the voice response with the answers pre-recorded by the user;
      
      based on the second trust score and the voice response to the one or more second questions, calculating a third trust score for the user;
      
      when the third trust score is greater than or equal to the second threshold, permitting the user to perform the operation.
  - 8. The method of claim 7, wherein when the third trust score is less than the second threshold, further comprising sending a fifth request to the mobile electronic computing device for the user to provide biometric data.
  - 9. The method of claim 8, further comprising:
    - receiving biometric data from the user;
      
      analyzing the biometric data;
      
      comparing the biometric data with biometric data previously obtained from the user;
      
      based on the third trust score and the received biometric data, calculating a fourth trust score for the user; and
      
      when the fourth trust score is greater than or equal to the first threshold, permitting the user to perform the operation.
  - 10. The method of claim 9, wherein analyzing the biometric data comprises using one or more of facial recognition and an analysis of facial movement of the user, including lip movement.
  - 11. The method of claim 1, wherein calculating the first trust score comprises:
    - determining a context for the user based on a current location for the user and a type of operation being requested by the user; and
      
      using the context for the user and profile information for the user to calculate the first trust score.
  - 12. The method of claim 1, wherein the first identifier is included in a token sent to the mobile electronic computing device, the first identifier uniquely identifying a communication session with the mobile electronic computing device, the token also including a uniform resource locator (URL) associated with the first electronic computing device.

13. A first electronic computing device comprising:
- a processing unit; and
  
  system memory, the system memory including instructions which, when executed by the processing unit, cause the first electronic computing device to;
  
  receive a request to login to the first electronic computing device;
  
  in response to the request to login, send a first token to a mobile electronic computing device;
  
  receive a second token from a second electronic computing device associated with an embedded sensor;
  
  when the first unique identifier in the first token matches a second unique identifier in the second token, calculating a first trust score for a user;
  
  when the first trust score is equal to or greater than a threshold, authenticating the user to login to the first electronic computing device;
  
  when the first trust score is less than the threshold, further comprising;
  
  send a first request to the mobile electronic computing device for the user to respond to one or more first questions;
  
  receive from the mobile electronic computing device user answers to the one or more first questions;
  
  based on the first trust score and the user answers to the one or more first questions, calculate a second trust score for the user;
  
  when the second trust score is greater or equal than the threshold, authenticating the user to login to the first electronic computing device; and
  
  when the second trust score is less than the threshold;
  
  send a second request to the mobile electronic computing device for the user to respond to one or more second questions, the one or more second questions having answers pre-recorded by the user;
  
  receive a voice response from the user for each the one or more second questions;
  
  compare the voice response with the answers pre-recorded by the user;
  
  revise the second trust score based on the comparing to calculate a third trust score; and
  
  when the third trust score is greater than or equal to the threshold, authenticate the user to login to the first electronic computing device.
- View Dependent Claims (14, 15, 16)
- - 14. The first electronic computing device of claim 13, wherein when the third trust score is less than the threshold, further causing the first electronic computing device to send a third request to the mobile electronic computing device for the user to provide biometric data.
  - 15. The first electronic computing device of claim 14, further causing the first electronic computing device to:
    - receive the biometric data from the user;
      
      analyze the biometric data;
      
      compare the biometric data with biometric data previously obtained from the user;
      
      revise the third trust score based on the comparing to form a fourth trust score; and
      
      when the fourth trust score is greater than or equal to the threshold, authenticate the user to login to the first electronic computing device.
  - 16. The first electronic computing device of claim 15, wherein analyze the biometric data comprises using one or more of facial recognition and an analysis of user facial movement, including lip movement.

17. A first electronic computing device comprising:
- a processing unit; and
  
  system memory, the system memory including instructions which, when executed by the processing unit, cause the first electronic computing device to;
  
  receive a first request from a mobile electronic computing device to login to the first electronic computing device;
  
  determine a first threshold for a first authentication trust score for logging onto the first electronic computing device;
  
  calculate the first authentication trust score, the first authentication trust score being based on a current location of a user and a profile for the user;
  
  when a determination is made that the first authentication trust score is greater than or equal to the first threshold, permit the user to login to the first electronic computing device;
  
  receive a second request from the mobile electronic computing device to perform an operation on an application running on the first electronic computing device;
  
  identify the operation to be performed;
  
  determine a second threshold for an authentication trust score for performing the operation, the second threshold being based on a type of the operation to be performed, the second threshold being equal to or greater than the first threshold;
  
  when a determination is made that the first authentication trust score is greater than or equal to the second threshold, permit the user to perform the operation;
  
  when a determination is made that the first authentication trust score is less than the second threshold;
  
  send a third request to the mobile electronic computing device for the user to respond to one or more first questions, the one or more first questions being personalized questions based on recent activity of the user;
  
  receive from the mobile electronic computing device user answers to the one or more first questions;
  
  based on the first authentication trust score and the user answers to the one or more first questions, calculate a second authentication trust score for the user;
  
  when a determination is made that the second authentication trust score is greater than or equal to the second threshold, permit the user to perform the operation; and
  
  when the second authentication trust score is less than the second threshold;
  
  send a fourth request to the mobile electronic computing device for the user to respond to one or more second questions, the one or more second questions having answers pre-recorded by the user;
  
  receive from the mobile electronic computing device a voice response for each of the one or more second questions;
  
  compare the voice response with the answers pre-recorded by the user;
  
  based on the second authentication trust score and the voice response to the one or more second questions, calculate a third authentication trust score for the user; and
  
  when a determination is made that the third authentication trust score is greater than or equal to the second threshold, permit the user to perform the operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Original Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Inventors
Ketharaju, Rameshchandra B., Sridharan, Srivathsan C.
Primary Examiner(s)
Doan, Trang T

Application Number

US15/088,698
Time in Patent Office

1,040 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/205   involving negotiation or de...

H04W 12/06   Authentication

H04W 12/66   Trust-dependent, e.g. using...

Enhanced secure authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

69 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced secure authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links