REAL-TIME SELECTION OF AUTHENTICATION PROCEDURES BASED ON RISK ASSESSMENT

US 20190347666A1
Filed: 05/09/2018
Published: 11/14/2019
Est. Priority Date: 05/09/2018
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium storing instructions, the instructions comprising:

one or more instructions that, when executed by one or more processors, cause the one or more processors to;

receive, from a server device, a real-time notification indicating that one or more fields of a user account are being modified,wherein the one or more fields that are being modified include;

data describing personal information of a user associated with the user account, ordata identifying one or more authorized users of the user account;

receive, from a user device, a request associated with a high-risk transaction involving the user account;

request, from a data source, additional information associated with the user;

determine a risk score indicating a likelihood of the high-risk transaction being performed by an unauthorized user,wherein the risk score is determined using a data model that has been trained on historical account data associated with a group of user accounts, andwherein the one or more instructions, that cause the one or more processors to determine the risk score, cause the one or more processors to;

provide, as input to the data model, information associated with the real-time notification and information associated with the request associated with the high-risk transaction to cause the data model to output the risk score,

wherein the information associated with the real-time notification has a first time stamp,

wherein the information associated with the request associated with the high-risk transaction has a second time stamp, and

wherein a time period between the first time stamp and the second time stamp is a factor that the data model considers in determining the risk score;

increase or decrease the risk score based on the additional information associated with the user;

selectively identify an authentication procedure, of a group of authentication procedures, after increasing or decreasing the risk score,wherein the group of authentication procedures are associated with ranges of risk scores, andwherein the authentication procedure is identified based on the risk score falling within a particular range of risk scores of the ranges of risk scores; and

provide authentication instructions for the authentication procedure to the user device to allow the user device to perform the authentication procedure.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device may receive, from a server device, a real-time notification indicating that a field of a user account is being modified. The field may include personal information of a user associated with the user account and/or information identifying authorized users of the user account. The device may receive, from a user device, a request associated with a high-risk transaction involving the user account. The device may determine a risk score indicating a likelihood of the high-risk transaction being performed by an unauthorized user. The device may selectively identify an authentication procedure, of a group of authentication procedures, based on the risk score. The device may provide authentication instructions for the authentication procedure to the user device to allow the user device to perform the authentication procedure.

41 Citations

22 Claims

1. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions that, when executed by one or more processors, cause the one or more processors to;
  
  receive, from a server device, a real-time notification indicating that one or more fields of a user account are being modified,wherein the one or more fields that are being modified include;
  
  data describing personal information of a user associated with the user account, ordata identifying one or more authorized users of the user account;
  
  receive, from a user device, a request associated with a high-risk transaction involving the user account;
  
  request, from a data source, additional information associated with the user;
  
  determine a risk score indicating a likelihood of the high-risk transaction being performed by an unauthorized user,wherein the risk score is determined using a data model that has been trained on historical account data associated with a group of user accounts, andwherein the one or more instructions, that cause the one or more processors to determine the risk score, cause the one or more processors to;
  
  provide, as input to the data model, information associated with the real-time notification and information associated with the request associated with the high-risk transaction to cause the data model to output the risk score,
  
  wherein the information associated with the real-time notification has a first time stamp,
  
  wherein the information associated with the request associated with the high-risk transaction has a second time stamp, and
  
  wherein a time period between the first time stamp and the second time stamp is a factor that the data model considers in determining the risk score;
  
  increase or decrease the risk score based on the additional information associated with the user;
  
  selectively identify an authentication procedure, of a group of authentication procedures, after increasing or decreasing the risk score,wherein the group of authentication procedures are associated with ranges of risk scores, andwherein the authentication procedure is identified based on the risk score falling within a particular range of risk scores of the ranges of risk scores; and
  
  provide authentication instructions for the authentication procedure to the user device to allow the user device to perform the authentication procedure.
- View Dependent Claims (3, 4, 5, 6, 22)
- - 3. The non-transitory computer-readable medium of claim 1, wherein the one or more instructions, that cause the one or more processors to selectively identify the authentication procedure, cause the one or more processors to:
    - determine whether the risk score falls within a first range of risk scores, of the ranges of risk scores, or a second range of risk scores, of the ranges of risk scores, andidentify a first authentication procedure or a second authentication procedure, as the authentication procedure, based on determining whether the risk score falls within the first range of risk scores or the second range of risk scores,wherein the first authentication procedure is able to verify whether the user is an authorized user by providing the user device with a request for an authentication code,wherein the authentication code is to be provided to an authorized user device or an authorized electronic mailing address, andwherein the second authentication procedure is able to verify whether the user is the authorized user by providing the user device with authentication questions relating to the user or the user account.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the authentication procedure is:
    - a first authentication procedure that is able to verify that the user is an authorized user by providing the user device with a request for an authentication code,wherein the authentication code is to be provided to an authorized user device or an authorized electronic mailing address,a second authentication procedure that is able to verify that the user is the authorized user by providing the user device with authentication questions relating to the user or the user account, ora third authentication procedure that is able to verify that the user is the authorized user by requesting a biometric identification of the user.
  - 5. The non-transitory computer-readable medium of claim 1, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - receive an indication that the user device did not successfully complete the authentication procedure;
      
      select a new authentication procedure, of the group of authentication procedures, based on receiving the indication that the user device did not successfully perform the authentication procedure,wherein the new authentication procedure is able to determine whether the user is an authorized user by requesting a biometric identification of the user;
      
      provide new authentication instructions for the new authentication procedure to the user device to allow the user device to perform the new authentication procedure;
      
      receive an indication that the user device did not successfully complete the new authentication procedure; and
      
      provide, to a device associated with a law enforcement agency, an authentication report describing information associated with the authentication procedure and the new authentication procedure,wherein the authentication report includes at least one of;
      
      information indicating why the authentication procedure and the new authentication procedure did not succeed,information identifying the user device, orinformation identifying a location of the user device.
  - 6. The non-transitory computer-readable medium of claim 1, wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - receive data indicating whether the request associated with the high-risk transaction was an authorized request or an unauthorized request;
      
      determine that the risk score was not an accurate indicator of a likelihood of the request being unauthorized;
      
      determine one or more features to use for retraining the data model by processing additional information associated with the user or the user account,wherein the one or more features are able to be used as indicators of authorized or unauthorized requests; and
      
      retrain the data model using the one or more features to allow the data model to make more accurate risk score determinations.
  - 22. The non-transitory computer-readable medium of claim 1, wherein the authentication procedure includes a multi-modal authentication procedure;
    - andthe authentication instructions enable the multi-modal authentication procedure to be completed by the user device.

2. (canceled)

7. A device, comprising:
- one or more memories; and
  
  one or more processors, communicatively coupled to the one or more memories, to;
  
  receive a data model that has been trained on historical account data associated with a group of user accounts,wherein the historical account data includes data associated with fraudulent transactions and data associated with legitimate transactions;
  
  receive, from a server device, a real-time notification indicating that one or more fields of a user account are being modified,wherein the one or more fields that are being modified include at least one of;
  
  data describing personal information of a user associated with the user account, ordata identifying one or more authorized users of the user account;
  
  receive a request associated with a high-risk transaction involving the user account;
  
  determine, using the data model, a risk score associated with modifications to the one or more fields,wherein the risk score indicates a likelihood of the one or more fields being modified as part of an unauthorized use of the user account, andwherein the one or more processors, when determining the risk score, are to;
  
  provide, as input to the data model, information associated with the real-time notification to cause the data model to output the risk score,
  
  wherein the information associated with the real-time notification has a first time stamp,
  
  wherein the information associated with the request associated with a high-risk transaction has a second time stamp, and
  
  wherein a time period between the first time stamp and the second time stamp is a factor that the data model considers in determining the risk score;
  
  request, from a data source, additional information associated with the user;
  
  increase or decrease the risk score based on the additional information associated with the user;
  
  selectively identify, after increasing or decreasing the risk score, one or more actions to perform based on the risk score,wherein the one or more actions include at least one of;
  
  a first group of one or more actions to determine whether the modifications of the one or more fields is an unauthorized action, ora second group of one or more actions to prevent subsequent unauthorized access to the user account; and
  
  perform the one or more actions that have been selectively identified.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The device of claim 7, wherein the one or more processors are further to:
    - receive, from a user device, a new request associated with a new high-risk transaction involving the user account;
      
      determine, using the data model, a new risk score indicating a likelihood of the new request being an unauthorized request;
      
      select an authentication procedure, of a group of authentication procedures, based on the new risk score; and
      
      provide authentication instructions for the authentication procedure to the user device to allow the authentication procedure to be completed.
  - 9. The device of claim 7, wherein the one or more actions include at least one of:
    - a first action to provide authentication instructions for an authentication procedure a user device that was used to modify the one or more fields of the user account,a second action to determine, based on the additional information, whether the risk score is accurately identifying the likelihood of the one or more fields being modified as part of an unauthorized use of the user account, ora third action to restrict access to the user account or to request to restrict access to the user account.
  - 10. The device of claim 7, wherein the one or more processors, when selectively identifying the one or more actions to perform, are to:
    - selectively identify, as a first action of the one or more actions, an action to restrict access to the user account, andselectively identify, as a second action of the one or more actions, an action to provide authentication instructions for an authentication procedure to a user device that was used to modify the one or more fields of the user account; and
      
      wherein the one or more processors, when performing the one or more actions, are to;
      
      restrict the access to the user account to prevent the user device from continuing to access the user account, andprovide the authentication instructions for the authentication procedure to the user device to allow the authentication procedure to be completed.
  - 11. The device of claim 7, wherein the one or more processors, when selectively identifying the one or more actions to perform, are to:
    - selectively identify, as a first action of the one or more actions, an action to provide authentication instructions for an authentication procedure to a user device that was used to modify the one or more fields of the user account; and
      
      wherein the one or more processors, when performing the one or more actions, are to;
      
      provide the authentication instructions for the authentication procedure to the user device to allow the authentication procedure to be completed, anddetermine whether to restrict access to the user account based on whether the authentication procedure succeeds or fails.
  - 12. The device of claim 7, wherein the one or more processors, when selectively identifying the one or more actions to perform, are to:
    - selectively identify, as a first action of the one or more actions, an action to restrict access to the user account, andselectively identify, as a second action of the one or more actions, an action to provide authentication instructions for a multi-modal authentication procedure to a user device that was used to modify the one or more fields of the user account; and
      
      wherein the one or more processors, when performing the one or more actions, are to;
      
      restrict the access to the user account to prevent the user device from continuing to access the user account, andprovide the authentication instructions for the multi-modal authentication procedure to the user device to allow the multi-modal authentication procedure to be completed.
  - 13. The device of claim 7, wherein the one or more processors, when selectively identifying the one or more actions to perform, are to:
    - selectively identify, as a first action of the one or more actions, an action to provide authentication instructions for a multi-modal authentication procedure to a user device that was used to modify the one or more fields of the user account; and
      
      wherein the one or more processors, when performing the one or more actions, are to;
      
      provide the authentication instructions for the multi-modal authentication procedure to the user device to allow the multi-modal authentication procedure to be completed.

14. A method, comprising:
- receiving, by a device and from a server device, a real-time notification indicating that one or more fields of a user account are being modified,wherein the one or more fields that are being modified include;
  
  data describing personal information of a user associated with the user account, ordata identifying one or more authorized users of the user account;
  
  receiving, by the device and from a user device, a request associated with a high-risk transaction involving the user account;
  
  determining, by the device, a set of risk scores associated with a modification of the one or more fields of the user account,wherein the set of risk scores are determined using a data model that has been trained on historical account data associated with a group of user accounts,wherein the set of risk scores indicate a likelihood of the one or more fields being modified as part of an unauthorized use of the user account, andwherein determining the set of risk scores comprises;
  
  providing, as input to the data model, information associated with the real-time notification to cause the data model to output the set of risk scores,wherein the information associated with the real-time notification has a first time stamp,wherein the information associated with the request associated with the high-risk transaction has a second time stamp, andwherein a time period between the first time stamp and the second time stamp is a factor that the data model considers in determining the set of risk scores;
  
  request, from a data source, additional information associated with the user;
  
  increase or decrease a risk score, of the set of risk scores, based on the additional information associated with the user;
  
  selectively identifying, by the device, an authentication procedure, of a group of authentication procedures, after receiving the request associated with the high-risk transaction,wherein the authentication procedure is identified based on the risk score; and
  
  providing, by the device, authentication instructions for the authentication procedure to the user device to allow the authentication procedure to be completed.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 14, wherein selectively identifying the authentication procedure comprises:
    - selectively identifying the authentication procedure based on the risk score,wherein the authentication procedure is a first authentication procedure, of the group of authentication procedures, if the risk score satisfies a threshold amount of risk, or a second authentication procedure, of the group of authentication procedures, if the risk score does not satisfy the threshold amount of risk,wherein the first authentication procedure is able to verify whether the user is an authorized user by providing the user device with a request for an authentication code that is as part of the authentication instructions, andwherein the second authentication procedure is able to verify whether the user is the authorized user by providing the user device with authentication questions relating to the user or the user account.
  - 17. The method of claim 14, wherein the group of authentication procedures include at least one of:
    - a first authentication procedure that is able to verify whether the user is an authorized user by providing the user device with a request for an authentication code,a second authentication procedure that is able to verify whether the user is the authorized user by providing the user device with authentication questions relating to the user or the user account, ora third authentication procedure that is able to verify that the user is the authorized user by requesting a biometric identification of the user.
  - 18. The method of claim 14, wherein selectively identifying the authentication procedure comprises:
    - selectively identifying the authentication procedure based on the risk score,wherein the authentication procedure is a multi-modal authentication procedure that requires that authentication information be provided via a plurality of communication mediums.
  - 19. The method of claim 14, further comprising:
    - receiving an indication that the user device did not successfully perform the authentication procedure;
      
      selectively identifying a new authentication procedure, of the group of authentication procedures, based on receiving the indication that the user device did not successfully complete the authentication,wherein the new authentication procedure is able to verify that the user is an authorized user by requesting a biometric identification of the user; and
      
      providing new authentication instructions for the new authentication procedure to the user device to allow the user device to perform the new authentication procedure.
  - 20. The method of claim 14, further comprising:
    - receiving data indicating whether the modification of the one or more fields of the user account was authorized or unauthorized;
      
      receiving data indicating whether the request associated with the high-risk transaction was authorized or unauthorized;
      
      determining that the authentication procedure was not a best-available authentication procedure, of the group of authentication procedures, based on the data indicating whether the modification of the one or more fields of the user account was authorized or unauthorized and based on the data indicating whether the request associated with the high-risk transaction was authorized or unauthorized;
      
      determining one or more features to use for retraining the data model by processing additional information associated with the user or the user account,wherein the one or more features are able to be used as indicators of authorized or unauthorized actions; and
      
      retraining the data model using the one or more features to allow the data model to make more accurate risk score determinations.
  - 21. The method of claim 14, further comprising:
    - receiving, from the user device, a second request associated with a second high-risk transaction involving the user account;
      
      determining, using the data model, a second risk score indicating a likelihood of the second request being an unauthorized request;
      
      selecting a second authentication procedure, of the group of authentication procedures, based on the second risk score; and
      
      providing second authentication instructions for the second authentication procedure to the user device to allow the second authentication procedure to be completed.

15. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Financial Corporation
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
BERMUDEZ-CISNEROS, Maria, SCHWARTZ, Darlene, KELO, Michelle, FLIEG, Nicholas, RUBIN, Adam

Granted Patent

US 11,151,568 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06N 20/00   Machine learning

G06Q 20/389   Keeping log of transactions...

G06Q 20/401   Transaction verification

G06Q 20/40145   Biometric identity checks

G06Q 20/4016   involving fraud or risk lev...

G06Q 20/405   Establishing or using trans...

H04L 63/08   for authentication of entit...

H04L 63/107   wherein the security polici...

H04W 12/00   Security arrangements; Auth...

H04W 12/06   Authentication

REAL-TIME SELECTION OF AUTHENTICATION PROCEDURES BASED ON RISK ASSESSMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

REAL-TIME SELECTION OF AUTHENTICATION PROCEDURES BASED ON RISK ASSESSMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links