ADAPTIVE SECONDARY AUTHENTICATION CRITERIA BASED ON ACCOUNT DATA

US 20140189829A1
Filed: 12/31/2012
Published: 07/03/2014
Est. Priority Date: 12/31/2012
Status: Active Grant

First Claim

Patent Images

1. An authentication challenge system comprising:

a question engine, to derive a series of questions based upon activity associated with an account of an online store;

a network interface, to transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store;

a confidence engine, to determine a required confidence level for a successful authentication, and to compute a confidence score of the user identity; and

a quality engine, to adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store, wherein the online store includes digital media including at least one of music, movies, books or apps.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.

178 Citations

23 Claims

1. An authentication challenge system comprising:
- a question engine, to derive a series of questions based upon activity associated with an account of an online store;
  
  a network interface, to transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store;
  
  a confidence engine, to determine a required confidence level for a successful authentication, and to compute a confidence score of the user identity; and
  
  a quality engine, to adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store, wherein the online store includes digital media including at least one of music, movies, books or apps.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein one or more unique identifiers is assigned to each account of the online store.
  - 3. The system of claim 2, wherein the question generation engine derives questions based on the digital media purchase history associated with the unique identifier of an account of the online store.
  - 4. The system of claim 2, wherein the question generation engine is configured to derive questions based on the location history of a device associated with the unique identifier of an account of the online store.
  - 5. The system of claim 1, wherein the question generation engine derives questions comprising one or more multiple-choice questions, Boolean decision questions, and free-form answer questions.
  - 6. The system of claim 1, wherein the network interface transports the series of one or more questions to a device associated with a user of the online store.
  - 7. The system of claim 2, wherein the confidence engine determines an identify confidence level based on the account activity associated with the unique identifier.
  - 8. The system of claim 7, wherein the confidence engine determines an authentication threshold required for successful secondary authentication.
  - 9. The system of claim 1, wherein the quality engine applies a machine-learning algorithm to analyze question and answer metrics to modify questions to improve the likelihood of detecting accounts with compromised credentials, wherein the question and answer metrics contain metrics for multiple user accounts.

10. A method of generating secondary authentication questions, the method comprising:
- accessing a purchase history associated with an account of an online store wherein the online store includes digital media including at least one of music, movies, books or apps;
  
  deriving a set of questions based on the purchase history of a unique identifier associated with the account;
  
  deriving a set of questions based on a presumed media genre preference associated with the unique identifier; and
  
  filtering questions from one or more sets of questions based on privacy settings.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method as in claim 10, further comprising:
    - receiving a periodic quality score update for one or more questions; and
      
      adjusting one or more questions based on the periodic quality score updates.
  - 12. The method as in claim 10, further comprising establishing correctness criteria for each set of questions and adjusting one or more questions based on quality score updates.
  - 13. The method as in claim 12 wherein establishing correctness criteria for a set of questions comprises establishing correctness criteria for each question in the set of questions.
  - 14. The method as in claim 10, further comprising:
    - transmitting one or more adaptively determined authentication questions to a device, to authenticate the unique identifier associated with an account of the online store;
      
      receiving, from the device, a set of question metrics gathered during the authentication; and
      
      submitting the set of question metrics to a metrics database.
  - 15. A non-transitory computer-readable media storing instructions, which, when performed by a processor, cause the processor to perform operations comprising the method as in claim 10.
  - 16. A non-transitory computer-readable media storing instructions, which, when performed by a processor, cause the processor to perform operations comprising the method as in claim 14.

17. A non-transitory computer-readable media storing instructions, which, when performed by a processor, cause the processor to perform operations to adaptively determine a confidence level, the operations comprising:
- receiving a request to determine an authentication threshold required to perform an account activity, wherein the account activity is associated with a unique identifier of the account associated with an online store;
  
  authenticating a user at a device using a primary authentication method;
  
  calculating an activity risk factor based on the requested account activity;
  
  determining an identity confidence factor for the unique identifier of the account; and
  
  determining an authentication threshold for a secondary authentication method based on the requested account activity and the identity confidence factor;
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable media as in claim 17, wherein determining an identity confidence factor for the unique identifier comprises:
    - determining a historical confidence value associated with the activity history of the unique identifier;
      
      determining a device confidence factor based on the activity history of the device, including the frequency of association of the unique identifier with the device;
      
      determining a network confidence factor based on a network address of the device of the user;
      
      determining a location confidence factor based on the geographic location of the device of the user in relation to an expected geographic location; and
      
      determining a primary authentication confidence factor based on primary authentication statistics associated with the unique identifier;
  - 19. The non-transitory computer-readable media as in claim 17, wherein calculating an activity risk factor based on the requested account activity comprises:
    - computing a score to model a risk of fraud, wherein computing the score comprises assigning a score to account activity, the account activity comprising;
      
      purchasing media from the online store,purchasing in-app assets via the online store,restoring past purchases from the online store;
      
      viewing financial information associated with the account; and
      
      changing financial information associated with the account.
  - 20. The non-transitory computer-readable media as in claim 19 wherein computing the score to model the risk of fraud of making or restoring purchases from the online store comprises assigning a score proportional to the value of the purchase.

21. A non-transitory computer-readable media storing instructions, which, when performed by a processor, cause the processor to perform operations, the operations comprising:
- receiving a question list and answer scores from a secondary authentication of the unique identifier associated with an account on an online store;
  
  searching a question history associated with the identifier for questions which have been previously asked; and
  
  increasing a difficulty score associated with repeated questions which were answered incorrectly during a secondary authentication session in which the identifier was authenticated;
- View Dependent Claims (22, 23)
- - 22. The non-transitory computer-readable media as in claim 21, comprising instructions for further operations comprising decreasing the difficulty score associated with repeated questions which were correctly answered during a secondary authentication session in which the identifier was authenticated;
  - 23. The non-transitory computer-readable media as in claim 22, wherein the media contains instructions to perform further operations, the operations comprising:
    - retrieving a set of metrics from a question metrics database;
      
      assessing an overall frequency with which a question from the set of questions is asked;
      
      assessing how often the question is answered correctly or incorrectly across a population of users of an online store;
      
      correlating answers with accounts determined to have had at least one compromise of primary credentials; and
      
      increasing attacker difficulty scores for incorrect questions that correlate with compromised primary credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
McLachlan, Jonathan G., Farrugia, Augustin J., Sullivan, Nicholas T.

Granted Patent

US 9,043,887 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06Q 20/4014   Identity check for transact...

H04L 63/08   for authentication of entit...

H04L 63/1425   Traffic logging, e.g. anoma...

H04W 12/126   Anti-theft arrangements, e....

ADAPTIVE SECONDARY AUTHENTICATION CRITERIA BASED ON ACCOUNT DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

178 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

ADAPTIVE SECONDARY AUTHENTICATION CRITERIA BASED ON ACCOUNT DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

178 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links