Methods and systems for leveraging transaction data to dynamically authenticate a user
First Claim
1. A computer-implemented method for authenticating a candidate user for facilitating accessing a host computing device as an authentic user, the host computing device in communication with an authenticating computing device, said method comprising:
- receiving, by the authenticating computing device, an authentication request for accessing secure data stored on the host computing device, the secure data not including transaction data;
retrieving, by the authenticating computing device from a database, the transaction data associated with the authentic user based on a user identifier;
generating, by the authenticating computing device, a challenge question and a correct answer to the challenge question based on the transaction data associated with the authentic user;
generating, by the authenticating computing device, a plurality of incorrect answers to the challenge question by comparison to the transaction data; and
transmitting, by the authenticating computing device, the challenge question, the correct answer, and the plurality of incorrect answers to the host computing device without exposing the transaction data to the host computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for authenticating a candidate user accessing a host computing device as an authentic user is provided. The host computing device is in communication with an authenticating computing device. The method includes receiving, by the authenticating computing device, a request to authenticate the candidate user as an authentic user. The authentication request includes a user identifier. The method also includes retrieving, by the authenticating computing device, transaction data including payment transactions performed by the authentic user based on the user identifier. The method also includes generating, by the authenticating computing device, a challenge question and a correct answer based on the transaction data associated with the authentic user, and transmitting the challenge question for display on a candidate user computing device used by the candidate user.
63 Citations
21 Claims
-
1. A computer-implemented method for authenticating a candidate user for facilitating accessing a host computing device as an authentic user, the host computing device in communication with an authenticating computing device, said method comprising:
-
receiving, by the authenticating computing device, an authentication request for accessing secure data stored on the host computing device, the secure data not including transaction data; retrieving, by the authenticating computing device from a database, the transaction data associated with the authentic user based on a user identifier; generating, by the authenticating computing device, a challenge question and a correct answer to the challenge question based on the transaction data associated with the authentic user; generating, by the authenticating computing device, a plurality of incorrect answers to the challenge question by comparison to the transaction data; and transmitting, by the authenticating computing device, the challenge question, the correct answer, and the plurality of incorrect answers to the host computing device without exposing the transaction data to the host computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An authenticating computing device for use in authenticating a candidate user accessing a host computing device as an authentic user, the host computing device in communication with the authenticating computing device, the authenticating computing device comprising a memory and a processor coupled to the memory, the processor configured to:
-
receive an authentication request for accessing secure data stored on the host computing device, the secure data not including transaction data; retrieve, from a database, the transaction data associated with the authentic user based on a user identifier; generate a challenge question and a correct answer to the challenge question based on the transaction data associated with the authentic user; generate a plurality of incorrect answers to the challenge question by comparison to the transaction data; and transmit the challenge question, the correct answer, and the plurality of incorrect answers to the host computing device without exposing the transaction data to the host computing device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable storage medium having computer-executable instructions for authenticating a candidate user accessing a host computing device as an authentic user embodied thereon, wherein, when executed by at least one processor, the computer-executable instructions cause the at least one processor to:
-
receive an authentication request for accessing secure data stored on the host computing device, the secure data not including transaction data; retrieve, from a database, the transaction data associated with the authentic user based on a user identifier; generate a challenge question and a correct answer to the challenge question based on the transaction data associated with the authentic user; generate a plurality of incorrect answers to the challenge question by comparison to the transaction data; and transmit the challenge question, the correct answer, and the plurality of incorrect answers to the host computing device without exposing the transaction data to the host computing device. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification