System and method for fraud monitoring, detection, and tiered user authentication

US 20060282660A1
Filed: 04/28/2006
Published: 12/14/2006
Est. Priority Date: 04/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a current request to access a server, the current access request originating from a network-connected device, the method comprising:

gathering identifying information concerning the device originating the current access request;

determining authentication interface selection criteria in dependence on the gathered identifying information;

presenting at the originating device an authentication interface selected from a plurality of authentication interfaces in dependence on the determined selection criteria; and

authenticating or not authenticating the current access request in dependence on information entered at the originating device in response to the presented authentication interface.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides systems and methods for authenticating access requests from user devices by presenting one of a plurality of graphical user interfaces selected depending on a perceived risk of fraud associated with the devices. User devices are identified with fingerprinting information, and their associated risks of fraud are determined from past experience with the device or with similar devices and from third party information. In preferred embodiments, different graphical user interfaces are presented based on both fraud risk and, in the case of a known user, usability. In preferred embodiments, this invention is implemented as a number of communicating modules that identify user devices, assess their risk of fraud, present selected user interfaces, and maintain databases of fraud experiences. This invention also includes systems providing these authentication services.

948 Citations

40 Claims

1. A method for authenticating a current request to access a server, the current access request originating from a network-connected device, the method comprising:
- gathering identifying information concerning the device originating the current access request;
  
  determining authentication interface selection criteria in dependence on the gathered identifying information;
  
  presenting at the originating device an authentication interface selected from a plurality of authentication interfaces in dependence on the determined selection criteria; and
  
  authenticating or not authenticating the current access request in dependence on information entered at the originating device in response to the presented authentication interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1 wherein the current access request comprises a request to logon or to perform a financial transaction and wherein the gathered identifying information uniquely identifies the device.
  - 3. The method of claim 1 wherein the gathered identifying information further comprises persistent data stored on the originating device.
  - 4. The method of claim 3 further comprising:
    - assembling a Device ID data item in dependence on at least part of the gathered identifying information; and
      
      storing the Device ID data item on the originating device as persistent data.
  - 5. The method of claim 3 wherein the persistent data comprises a cookie or information that is secured against alteration.
  - 6. The method of claim 1 wherein the gathered identifying information further comprises information related to characteristics of the originating device or characteristics of the network connection of the originating device.
  - 7. The method of claim 6 where the gathered device characteristics comprise at least one of communication adapter MAC address, a local time, a local time zone, a microprocessor type, a microprocessor processing characteristic, a microprocessor serial number network address, a network connection speed, a network rate for data upload to the server, or a network rate for data download from the server.
  - 8. The method of claim 1 wherein the interface selection criteria are determined also in dependence on the contents of the current access request.
  - 9. The method of claim 1 wherein the interface selection criteria are determined in dependence on further data from one or more third-party data providers.
  - 10. The method of claim 1 wherein the step of determining interface selection criteria further comprises applying rules, the rules encoding requirements for authenticating of access requests at the server.
  - 11. The method of claim 10 wherein the plurality of authentication interfaces comprises interfaces having various levels of security or usability, and wherein the step of applying rules further:
    - evaluates a risk that the current access request is fraudulent in dependence at least in part on the gathered identifying information; and
      
      determines interface selection criteria in dependence at least in part on the evaluated fraud risk so that a selected authentication interface can have a level of security or usability that corresponds at least in part to the evaluated fraud risk.
  - 12. The method of claim 1 further comprising:
    - evaluating risks of fraudulent requests originating from the device by applying rules encoding risk determination; and
      
      optionally, storing in a device central repository (DCR) the evaluated risks in association with the identifying information gathered from the device.
  - 13. The method of claim 12 wherein the risks of fraudulent requests are evaluated at least in part in dependence on the gathered identifying information, or on whether or not the current access request is authenticated and/or is fraudulent, or on data from one or more third-party providers.
  - 14. The method of claim 13 wherein the third-party data providers comprises a device geolocation data provider and/or a device blacklist data provider and/or a device whitelist data provider.
  - 15. The method of claim 13 further comprising retrieving from the DCR the evaluated risks associated with the currently gathered identifying information gathered from the device, wherein the interface selection criteria are determined at least in part in dependence on the retrieved evaluated risks.
  - 16. The method of claim 1 wherein the plurality of authentication interfaces comprises interfaces having various levels of security or usability, and further comprising:
    - retrieving risk information concerning the current request from a device central repository (DCR), wherein the DCR stores historical information concerning risks of fraudulent requests in association with information identifying their originating devices;
      
      determining authentication interface selection criteria by applying rules to information including the gathered device identifying information and the retrieved risk information;
      
      selecting an authentication interface from the plurality of authentication interfaces in dependence on the determined interface selection criteria so that the selected authentication interface has a level of security or usability that corresponds at least in part to the risks of fraudulent requests; and
      
      updating the historical risk information stored in the DCR with current risk information determined by applying rules to information including the authentication results from the current access request, wherein the historical risk information updated is that corresponding to the current gathered identifying information.
  - 17. The method of claim 16 wherein the gathered identifying information further comprises persistent data stored on the originating device, the persistent data comprising a Device ID data item uniquely identifying the originating device and being secured against alteration, or information related to characteristics of the originating device and/or characteristics of the network connection of the originating device.
  - 18. The method of claim 16 wherein the interface selection criteria are determined in dependence on further data comprising the contents of the current access request, or on further data received from one or more third-party data providers.
  - 19. The method of claim 18 wherein the third-party data providers comprises a device geolocation data provider and/or a device blacklist data provider and/or a device whitelist data provider.
  - 20. The method of claim 16 wherein the historical risk information stored in the DCR comprises a device blacklist and a device whitelist, and wherein updating the historical risk information further comprises applying rules to information including data received a device geolocation data provider and/or a device blacklist data provider and/or a device whitelist data provider.
  - 21. The method of claim 16 wherein the step of applying rules further:
    - evaluates a risk that the current access request is fraudulent in dependence at least in part on the gathered identifying information; and
      
      determines interface selection criteria in dependence at least in part on the evaluated fraud risk.

22. A computer system for authenticating a current request to access a service provider server application, the current access request originating from a network-connected device, the system comprising:
- a device central repository (DCR) database that stores historical information concerning risks of fraudulent requests in association with information identifying the devices originating the requests; and
  
  one or more network-connected authentication processors operatively coupled to the DCR and that perform;
  
  accepting a current access request from a server application;
  
  gathering identifying information concerning the device originating the current access request;
  
  retrieving risk information concerning the current request from a device central repository (DCR), wherein the DCR stores historical information concerning risks of fraudulent requests in association with information identifying their originating devices;
  
  determining authentication interface selection criteria by applying rules to information including the gathered device identifying information and the retrieved risk information;
  
  selecting an authentication interface in dependence on the determined interface selection criteria from a plurality of authentication interfaces having various levels of security and/or usability, wherein the security and/or usability of the selected authentication interface corresponds to the risks of fraudulent requests;
  
  presenting the selected authentication interface at the originating device;
  
  authenticating or not authenticating the current access request in dependence on information entered at the originating device in response to the presented authentication interface;
  
  updating the historical risk information stored in the DCR with current risk information determined by applying rules to information including the authentication results for the current access request, wherein the historical risk information updated is that corresponding to the current gathered identifying information; and
  
  providing the authentication information to the server application.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
- - 23. The system of claim 22 wherein the network-connected device originating the access request comprises a PC-type computer.
  - 24. The system of claim 22 wherein the network-connected device originating the access request comprises a user terminal.
  - 25. The system of claim 22 wherein the plurality of authentication interfaces is stored in an interface database.
  - 26. The system of claim 22 wherein one or more of the processes performing gathering, retrieving, determining, selecting, presenting, authenticating, updating, and providing are executed on a processor different from the processor executing the server application.
  - 27. The system of claim 22 wherein the processes performing updating is executed on a processor remote from the DCR database.
  - 28. The system of claim 22 wherein performing determination of interface selection criteria further comprises applying rules, the rules encoding requirements for authenticating of access requests at the server.
  - 29. The system of claim 28 wherein applying rules further:
    - evaluates a risk that the current access request is fraudulent in dependence at least in part on the gathered identifying information; and
      
      determines interface selection criteria in dependence at least in part on the evaluated fraud risk.
  - 30. The system of claim 22 further comprising a rules definition database for storing the applied rules.

31. A method for authenticating a current request to access an on-line application of a service provider, the current access request originating from a user at a network-connected device, the method comprising:
- gathering information describing one or more of the location of the user device, the user device, the user, and the transaction;
  
  determining in dependence on the gathered information one or more risks associated with the access request according to an access policy, wherein the access policy comprises risks related to the current location of the user device, risks related to the current user device, risks related to the current user, and risk related to the current transaction;
  
  providing for the service provider scores, alerts, and actions selected in dependence on the determined risks.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 32. The method of claim 31 wherein the gathered information optionally comprises a unique identifier of the user device that was previously stored on the device, and wherein risk determination further comprises determining an elevated risk related to the user device in case no unique identifier has been gathered, or in case the gathered identifier does not match the previously stored identifier.
  - 33. The method of claim 32 further comprising:
    - creating a new unique identifier in dependence on a new random data item upon each access request by a user device; and
      
      storing the new unique identifier on the user device.
  - 34. The method of claim 31 wherein risk determination further comprises determining risks in dependence on behavior patterns associated with one or more of user devices at the current location, the current user device, the current user, and the current transaction.
  - 35. The method of claim 34 wherein behavior patterns associated with the current user comprise making a plurality of access requests from user devices for which the gathered information does not include a previously-stored unique identifier, and wherein risk determination further comprises determining a risk for such a user that is reduced in comparison to a user not having such a behavior pattern in cases of such an access request.
  - 36. The method of claim 31 wherein the provided actions comprise one or more secondary authentication request to the user.
  - 37. The method of claim 36 wherein at least one secondary authentication request comprises requesting that the user make telephone contact with the service provider.
  - 38. The method of claim 31 wherein the access policy comprises one or more of:
    - one or more security models, wherein at least one security model comprises rules describing risks related to one or more of a location of a user device, a user device, and a user;
      
      one or more business models, wherein at least one business model comprises rules describing risks related to a transaction; and
      
      one or more workflow models;
      
      wherein at least one workflow model comprises rules describing risks related to a sequence of transaction requests.
  - 39. The method of claim 31 wherein the access policy is selected in dependence on the service provider.
  - 40. The method of claim 39 wherein the access policy includes at least one rule specific to the access provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Durai, Don Bosco, Varghese, Thomas Emmanual, Harris, Steven Lucas, Fisher, Jon Bryan

Granted Patent

US 7,908,645 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/552   involving long-term monitor...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G06Q 20/4016   involving fraud or risk lev...

G07F 7/1008   Active credit-cards provide...

G07F 7/1041   PIN input keyboard gets new...

G07F 7/1083   Counting of PIN attempts

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04W 12/71   Hardware identity

System and method for fraud monitoring, detection, and tiered user authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

948 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for fraud monitoring, detection, and tiered user authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

948 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links