Self-adjusting multifactor network authentication

US 10,462,126 B2
Filed: 08/17/2017
Issued: 10/29/2019
Est. Priority Date: 08/17/2017
Status: Active Grant

First Claim

Patent Images

1. A network authentication system, comprising:

a cloud server implemented in hardware, configured to;

store information linked with one or more accounts for a user;

receive a request for user history for the user from an authentication server; and

send the requested user history information for the user to the authentication server; and

an authentication server implemented in hardware, wherein the authentication server is in signal communication with the cloud server, and configured to;

receive an authentication key request from a user device, wherein the authentication key request identifies an account linked with the user;

obtain an authentication key in response to receiving the authentication key request;

establish a first set of authentication rules for the authentication key, wherein the first set of authentication rules identifies;

a first number of authentication rules selected by the user; and

an authentication type for each authentication rule in the first set of authentication rules selected by the user;

identify one or more triggering events for the account, wherein a triggering event is an event associated with an increased threat to the account;

establish a second set of authentication rules for the authentication key, wherein;

the second set of authentication rules identifies;

a second number of authentication rules; and

an authentication type for each authentication rule in the second set of authentication rules; and

the second set of authentication rules is different from the first set of authentication rules;

configure key validation for the authentication key using the first set of authentication rules;

send the authentication key to the user device;

detect a triggering event from the one or more triggering events has occurred; and

configure the key validation for the authentication key using the second set of authentication rules in response to detecting the triggering event.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network authentication device that includes an authentication engine. The authentication engine is configured to receive an authentication key request from a user device that identifies an account. The authentication engine is configured to obtain an authentication key and to establish a first set of authentication rules for the authentication key. The authentication engine is configured to identify one or more triggering events associated with an increased threat to the account and to establish a second set of authentication rules for the authentication key. The authentication engine is configured to perform key validation for the authentication key using the first set of authentication rules and to send the authentication key to the user device. The authentication engine is configured to detect a triggering event from the one or more triggering events has occurred and perform the key validation for the authentication key using the second set of authentication rules.

25 Citations

View as Search Results

20 Claims

1. A network authentication system, comprising:
- a cloud server implemented in hardware, configured to;
  
  store information linked with one or more accounts for a user;
  
  receive a request for user history for the user from an authentication server; and
  
  send the requested user history information for the user to the authentication server; and
  
  an authentication server implemented in hardware, wherein the authentication server is in signal communication with the cloud server, and configured to;
  
  receive an authentication key request from a user device, wherein the authentication key request identifies an account linked with the user;
  
  obtain an authentication key in response to receiving the authentication key request;
  
  establish a first set of authentication rules for the authentication key, wherein the first set of authentication rules identifies;
  
  a first number of authentication rules selected by the user; and
  
  an authentication type for each authentication rule in the first set of authentication rules selected by the user;
  
  identify one or more triggering events for the account, wherein a triggering event is an event associated with an increased threat to the account;
  
  establish a second set of authentication rules for the authentication key, wherein;
  
  the second set of authentication rules identifies;
  
  a second number of authentication rules; and
  
  an authentication type for each authentication rule in the second set of authentication rules; and
  
  the second set of authentication rules is different from the first set of authentication rules;
  
  configure key validation for the authentication key using the first set of authentication rules;
  
  send the authentication key to the user device;
  
  detect a triggering event from the one or more triggering events has occurred; and
  
  configure the key validation for the authentication key using the second set of authentication rules in response to detecting the triggering event.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the user selects:
    - the second number of authentication rules; and
      
      the authentication types for each authentication rule in the second set of authentication rules.
  - 3. The system of claim 1, wherein detecting the triggering event comprises:
    - receiving device information for the user device using the authentication key; and
      
      determining the user device is not a member of the one or more user devices associated with the user.
  - 4. The system of claim 1, wherein:
    - the authentication server is configured to obtain location history linked with the user from the cloud server, wherein the location history identifies one or more frequently visited locations by the user; and
      
      detecting the triggering event comprises;
      
      determining a current location for the user device using the authentication key; and
      
      determining the current location for the user device is not a location from among the one or more frequently visited locations by the user.
  - 5. The system of claim 1, wherein:
    - detecting the triggering event comprises;
      
      receiving location information for the user device using the authentication key;
      
      determining a current location for the user based the location information; and
      
      determining the current location is a location associated with a high threat level for the account; and
      
      detecting the triggering event occurs before an authentication request is received in the current location.
  - 6. The system of claim 1, wherein:
    - the authentication server is configured to;
      
      obtain user history information linked with the user from the cloud server, wherein the user history information identifies;
      
      transactions linked with the user; and
      
      vendors associated with the transactions linked with the user;
      
      receive an authentication request comprising a vendor identifier and the authentication key; and
      
      detecting the triggering event comprises determining the vendor identifier is not associated with one of the vendors associated with the transactions linked with the user.

7. A network authentication device comprising:
- a network interface in signal communication with one or more user devices associated with a user; and
  
  an authentication engine implemented in hardware, wherein the authentication server is in signal communication with the network interface, and configured to;
  
  receive an authentication key request from the user device, wherein the authentication key request identifies an account linked with the user;
  
  obtain an authentication key in response to receiving the authentication key request;
  
  establish a first set of authentication rules for the authentication key, wherein the first set of authentication rules identifies;
  
  a first number of authentication rules selected by the user; and
  
  an authentication type for each authentication rule in the first set of authentication rules selected by the user;
  
  identify one or more triggering events for the account, wherein a triggering event is an event associated with an increased threat to the account;
  
  establish a second set of authentication rules for the authentication key, wherein;
  
  the second set of authentication rules identifies;
  
  a second number of authentication rules; and
  
  an authentication type for each authentication rule in the second set of authentication rules; and
  
  the second set of authentication rules is different from the first set of authentication rules;
  
  configure key validation for the authentication key using the first set of authentication rules;
  
  send the authentication key to the user device;
  
  detect a triggering event from the one or more triggering events has occurred; and
  
  configure the key validation for the authentication key using the second set of authentication rules in response to detecting the triggering event.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The device of claim 7, wherein the user selects:
    - the second number of authentication rules; and
      
      the authentication types for each authentication rule in the second set of authentication rules.
  - 9. The device of claim 7, wherein detecting the triggering event comprises:
    - receiving device information for the user device using the authentication key; and
      
      determining the user device is not a member of the one or more user devices associated with the user.
  - 10. The device of claim 7, wherein:
    - the network interface is in signal communication with a cloud server;
      
      the authentication engine is configured to obtain location history linked with the user from the cloud server, wherein the location history identifies one or more frequently visited locations by the user; and
      
      detecting the triggering event comprises;
      
      determining a current location for the user device using the authentication key; and
      
      determining the current location for the user device is not a location from among the one or more frequently visited locations by the user.
  - 11. The device of claim 7, wherein:
    - detecting the triggering event comprises;
      
      receiving location information for the user device using the authentication key;
      
      determining a current location for the user based the location information; and
      
      determining the current location is a location associated with a high threat level for the account; and
      
      detecting the triggering event occurs before an authentication request is received in the current location.
  - 12. The device of claim 7, wherein:
    - the network interface is in signal communication with a cloud server;
      
      the authentication engine is configured to;
      
      obtain user history information linked with the user from the cloud server, wherein the user history information identifies;
      
      transactions linked with the user; and
      
      vendors associated with the transactions linked with the user;
      
      receive an authentication request comprising a vendor identifier and the authentication key; and
      
      detecting the triggering event comprises determining the vendor identifier is not associated with one of the vendors associated with the transactions linked with the user.
  - 13. The device of claim 7, wherein the second set of authentication rules comprises at least one authentication rule with a biometric authentication type.

14. An authentication method, comprising:
- receiving, by an authentication server, an authentication key request from a user device, wherein the authentication key request identifies an account linked with the user;
  
  obtaining, by the authentication server, an authentication key in response to receiving the authentication key request;
  
  establishing, by the authentication server, a first set of authentication rules for the authentication key, wherein the first set of authentication rules identifies;
  
  a first number of authentication rules selected by the user; and
  
  an authentication type for each authentication rule in the first set of authentication rules selected by the user;
  
  identifying, by the authentication server, one or more triggering events for the account, wherein a triggering event is an event associated with an increased threat to the account;
  
  establishing, by the authentication server, a second set of authentication rules for the authentication key, wherein;
  
  the second set of authentication rules identifies;
  
  a second number of authentication rules; and
  
  an authentication type for each authentication rule in the second set of authentication rules; and
  
  the second set of authentication rules is different from the first set of authentication rules;
  
  configuring, by the authentication server, key validation for the authentication key using the first set of authentication rules;
  
  sending, by the authentication server, the authentication key to the user device;
  
  detecting, by the authentication server, a triggering event from the one or more triggering events has occurred; and
  
  configuring, by the authentication server, the key validation for the authentication key using the second set of authentication rules in response to detecting the triggering event.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the user selects:
    - the second number of authentication rules; and
      
      the authentication types for each authentication rule in the second set of authentication rules.
  - 16. The method of claim 14, wherein detecting the triggering event comprises:
    - receiving device information for the user device using the authentication key; and
      
      determining the user device is not a member of the one or more user devices associated with the user.
  - 17. The method of claim 14, further comprising obtaining, by the authentication server, location history linked with the user from a cloud server, wherein the location history identifies one or more frequently visited locations by the user;
    - andwherein detecting the triggering event comprises;
      
      determining a current location for the user device using the authentication key; and
      
      determining the current location for the user device is not a location from among the one or more frequently visited locations by the user.
  - 18. The method of claim 14, wherein:
    - detecting the triggering event comprises;
      
      receiving location information for the user device using the authentication key;
      
      determining a current location for the user based the location information; and
      
      determining the current location is a location associated with a high threat level for the account; and
      
      detecting the triggering event occurs before an authentication request is received in the current location.
  - 19. The method of claim 14, further comprising:
    - obtaining, by the authentication server, user history information linked with the user from a cloud server, wherein the user history information identifies;
      
      transactions linked with the user; and
      
      vendors associated with the transactions linked with the user;
      
      receiving, by the authentication server, an authentication request comprising a vendor identifier and the authentication key; and
      
      wherein detecting the triggering event comprises determining the vendor identifier is not associated with one of the vendors associated with the transactions linked with the user.
  - 20. The method of claim 14, wherein the second set of authentication rules comprises at least one authentication rule with a biometric authentication type.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Kurian, Manu J., Heddleson, James M., Allen, Morgan S., Arora, Ashish
Primary Examiner(s)
Jeudy, Josnel

Application Number

US15/679,994
Publication Number

US 20190058702A1
Time in Patent Office

803 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/205   involving negotiation or de...

Self-adjusting multifactor network authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Self-adjusting multifactor network authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links