Method and system for user authentication

US 10,454,912 B2
Filed: 09/16/2016
Issued: 10/22/2019
Est. Priority Date: 09/16/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

dynamically generating, by an authentication system based on transaction data associated with a user of a user device, a plurality of authentication questions;

dynamically generating, based on the plurality of authentication questions, for each of the plurality of authentication questions, one or more valid answers and one or more false answers;

transmitting, to the user device, a first authentication question of the plurality of authentication questions and a plurality of selectable options comprising one or more valid answers and one or more false answers associated with the first authentication question;

receiving, from the user device for the first authentication question, an indication of at least one selected valid answer and at least one unselected false answer from the plurality of selectable options;

transmitting, to the user device, a second authentication question of the plurality of authentication questions and a plurality of selectable options comprising one or more valid answers and one or more false answers associated with the second authentication question;

receiving, from the user device for the second authentication question, an indication of at least one selected valid answer and at least one unselected false answer from the plurality of selectable options;

determining, based on the indication of the at least one unselected false answer for the first authentication question and the indication of the at least one unselected false answer for the second authentication question, that a threshold is satisfied; and

establishing an authenticated session with the user device based on the determination that the threshold is satisfied.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are methods and systems for user authentication. User-specific data is aggregated by an authentication system. Answers to authentication questions are identified in the aggregated data. A user device attempting to authenticate with the authentication system is presented with the authentication question and selectable options for answering the authentication question. The selectable options include one or more valid answers and one or more false answers. A user device is authenticated after correctly answering one or more presented authentication questions.

5 Citations

View as Search Results

20 Claims

1. A method comprising:
- dynamically generating, by an authentication system based on transaction data associated with a user of a user device, a plurality of authentication questions;
  
  dynamically generating, based on the plurality of authentication questions, for each of the plurality of authentication questions, one or more valid answers and one or more false answers;
  
  transmitting, to the user device, a first authentication question of the plurality of authentication questions and a plurality of selectable options comprising one or more valid answers and one or more false answers associated with the first authentication question;
  
  receiving, from the user device for the first authentication question, an indication of at least one selected valid answer and at least one unselected false answer from the plurality of selectable options;
  
  transmitting, to the user device, a second authentication question of the plurality of authentication questions and a plurality of selectable options comprising one or more valid answers and one or more false answers associated with the second authentication question;
  
  receiving, from the user device for the second authentication question, an indication of at least one selected valid answer and at least one unselected false answer from the plurality of selectable options;
  
  determining, based on the indication of the at least one unselected false answer for the first authentication question and the indication of the at least one unselected false answer for the second authentication question, that a threshold is satisfied; and
  
  establishing an authenticated session with the user device based on the determination that the threshold is satisfied.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising aggregating at least a portion of the transaction data from a third party service.
  - 3. The method of claim 1, wherein the one or more valid answers and the one or more false answers for each authentication question are dynamically generated based on a social network profile associated with the user.
  - 4. The method of claim 2, wherein aggregating the at least a portion of the transaction data is facilitated by at least one of authentication credentials or permissions obtained from the user.
  - 5. The method of claim 1, wherein the threshold is satisfied based on a determination that a threshold number of the one or more valid answers associated with the first authentication question are selected by the user.
  - 6. The method of claim 1, wherein the one or more valid answers and the one or more false answers associated with the first authentication question comprise at least four answers.
  - 7. The method of claim 1, wherein the one or more valid answers and the one or more false answers associated with the second authentication question comprise at least four answers.
  - 8. The method of claim 1, wherein the threshold is satisfied based on a determination that a threshold number of the one or more false answers associated with the first authentication question are not selected by the user.
  - 9. The method of claim 1, further comprising selecting the plurality of selectable options as a number of selectable options defined by a user preference.
  - 10. The method of claim 1, wherein transmitting the first authentication question and the plurality of selectable options comprises transmitting a user interface to the user device, the user interface comprising a plurality of selectable elements corresponding to the plurality of selectable options.

11. A method comprising:
- selecting, by an authentication system, at least one authentication question;
  
  determining, based on transaction data associated with a user of a user device, at least one valid answer for each of the at least one authentication question, wherein the transaction data comprises one or more transactions associated with one or more purchases using a payment method associated with the user;
  
  transmitting, to the user device, the at least one authentication question and a plurality of selectable options comprising the at least one valid answer and at least one false answer;
  
  receiving, from the user device for each of the at least one authentication question, an indication of at least one selected answer and at least one non-selected answer from the plurality of selectable options;
  
  transmitting, to the user device, at least one further authentication question and a further plurality of selectable options comprising at least one valid answer and at least one false answer;
  
  receiving, from the user device for each of the at least one further authentication question, an indication of at least one selected answer and at least one non-selected answer from the further plurality of selectable options;
  
  determining, based on the indication of the at least one selected answer and the at least one non-selected answer for the at least one authentication question and the at least one selected answer and the at least one non-selected answer for the at least one further authentication question, that a first threshold and a second threshold are satisfied; and
  
  establishing an authenticated session with the user device based on the determination that the first threshold and the second threshold are satisfied.

12. A system, comprising:
- at least one computing device, configured to;
  
  dynamically generate, based on transaction data associated with a user of a user device, a plurality of authentication questions;
  
  dynamically generate, based on the plurality of authentication questions, for each of the plurality of authentication questions, one or more valid answers and one or more false answers;
  
  transmit, to the user device, a first authentication question of the plurality of authentication questions and a plurality of selectable options comprising one or more valid answers and one or more false answers associated with the first authentication question;
  
  receive, from the user device for the first authentication question, an indication of at least one selected valid answer and at least one unselected false answer from the plurality of selectable options;
  
  transmit, to the user device, a second authentication question of the plurality of authentication questions and a plurality of selectable options comprising one or more valid answers and one or more false answers associated with the second authentication question;
  
  receive, from the user device for the second authentication question, an indication of at least one selected valid answer and at least one unselected false answer from the plurality of selectable options;
  
  determine, based on the indication of the at least one unselected false answer for the first authentication question and the indication of the at least one unselected false answer for the second authentication question, that a threshold is satisfied; and
  
  establish an authenticated session with the user device based on the determination that the threshold is satisfied.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system of claim 12, wherein the at least one computing device is further configured to aggregate at least a portion of the transaction data from a third party service.
  - 14. The system of claim 12, wherein the one or more valid answers and the one or more false answers for each authentication question are dynamically generated based on a social network profile associated with the user.
  - 15. The system of claim 13, wherein aggregating the at least a portion of the transaction data is facilitated by at least one of authentication credentials or permissions obtained from the user.
  - 16. The system of claim 12, wherein the threshold is satisfied based on a determination that a threshold number of the one or more valid answers associated with the first authentication question are selected by the user.
  - 17. The system of claim 12, wherein the one or more valid answers and the one or more false answers associated with the first authentication question comprise at least four answers.
  - 18. The system of claim 12, wherein the one or more valid answers and the one or more false answers associated with the second authentication question comprise at least four answers.
  - 19. The system of claim 12, wherein the threshold is satisfied based on a determination that a threshold number of the one or more false answers associated with the first authentication question are not selected by the user.
  - 20. The system of claim 12, wherein the threshold is satisfied based on a determination that a threshold number of the one or more false answers associated with the second authentication question are not selected by the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Total System Services Incorporated (Global Payments Incorporated)
Original Assignee
Total System Services Incorporated (Global Payments Incorporated)
Inventors
Riddick, Donald Morford
Primary Examiner(s)
Desrosiers, Evans

Application Number

US15/267,882
Publication Number

US 20170078262A1
Time in Patent Office

1,131 Days
Field of Search

726 7
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

G06F 3/0482   Interaction with lists of s...

H04L 63/08   for authentication of entit...

Method and system for user authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

5 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for user authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links