Dynamic authentication engine

US 8,745,698 B1
Filed: 06/09/2009
Issued: 06/03/2014
Est. Priority Date: 06/09/2009
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a communication interface configured to receive an electronic request to access a financial account requiring authentication that a person is authorized to access the financial account; and

a processor operatively coupled to the communication interface and configured to use the communication device to;

access a datastore maintained by the institution, the datastore comprising information gathered by the institution about use of the financial account or behaviors of an authorized person when using the financial account;

determine that there is insufficient information in the datastore to generate one or more authentication questions for a request requiring authentication;

use the communication interface to communicate with a third-party provider of authentication questions or information about an authorized person that can be used to generate one or more authentication questions;

generate authentication questions based at least in part on the electronic request and information about the financial account, wherein the authentication questions generated include one or more of financial behavior, financial history, or financial transaction associated with the financial account;

provide authentication questions each time a request is received requiring authentication to access or use the financial account, wherein the processor is configured to provide the authentication questions such that the authentication questions are not repeated in two or more consecutive requests;

track an amount of time between providing the authentication questions generated and receiving answer responses in response to the authentication questions provided;

determine whether the amount of time is less than or equal to a first predetermined threshold period;

in response to determining the amount of time is less than or equal to the first threshold period, authorize access to the financial account based on the answer responses received for the authentication questions;

in response to determining the amount of time is greater than the first threshold period but less than or equal to a second threshold period, provide an additional authentication question; and

in response to determining the amount of time is greater than the second threshold period, reject the request to access the financial account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention relate to apparatuses and methods for identity verification. For example, in one embodiment, a financial institution has a system to generate authentication questions to be used when authenticating a customer when the customer is trying to access and/or use the customer'"'"'s account. The authentication system is configured to ask one or more authentication questions each time the customer tries to access or use the account, where the authentication questions are generally out-of-wallet questions that constantly change from one authentication attempt to the next. For example, in one embodiment, the questions include behavioral, historical, and transaction based questions generated from information available about a customer'"'"'s financial account. In some embodiments, the authentication engine is configured to generate authentication questions based at least partially on a risk rating associated with the authentication request and/or on the communication channel from which the request is received.

149 Citations

29 Claims

1. A system comprising:
- a communication interface configured to receive an electronic request to access a financial account requiring authentication that a person is authorized to access the financial account; and
  
  a processor operatively coupled to the communication interface and configured to use the communication device to;
  
  access a datastore maintained by the institution, the datastore comprising information gathered by the institution about use of the financial account or behaviors of an authorized person when using the financial account;
  
  determine that there is insufficient information in the datastore to generate one or more authentication questions for a request requiring authentication;
  
  use the communication interface to communicate with a third-party provider of authentication questions or information about an authorized person that can be used to generate one or more authentication questions;
  
  generate authentication questions based at least in part on the electronic request and information about the financial account, wherein the authentication questions generated include one or more of financial behavior, financial history, or financial transaction associated with the financial account;
  
  provide authentication questions each time a request is received requiring authentication to access or use the financial account, wherein the processor is configured to provide the authentication questions such that the authentication questions are not repeated in two or more consecutive requests;
  
  track an amount of time between providing the authentication questions generated and receiving answer responses in response to the authentication questions provided;
  
  determine whether the amount of time is less than or equal to a first predetermined threshold period;
  
  in response to determining the amount of time is less than or equal to the first threshold period, authorize access to the financial account based on the answer responses received for the authentication questions;
  
  in response to determining the amount of time is greater than the first threshold period but less than or equal to a second threshold period, provide an additional authentication question; and
  
  in response to determining the amount of time is greater than the second threshold period, reject the request to access the financial account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The system of claim 1, wherein the processor is further configured to:
    - access a datastore including information about the account or the authorized person, wherein the information about the account or the authorized person is updated in real-time or near-real-time; and
      
      generate an authentication question based on information about the request and information stored in the datastore about the account or the authorized person.
  - 3. The system of claim 1, wherein the one or more authentication questions comprise a question about a prior use of the account.
  - 4. The system of claim 3, wherein the question about a prior use of the account comprises a question about a prior transaction involving the account.
  - 5. The system of claim 3, wherein the question about a prior use of the account comprises a question about a behavior of an authorized person when using the account.
  - 6. The system of claim 5, wherein the question about a behavior of an authorized person when using the account comprises a question about an authorized person'"'"'s use of one or more automated teller machines.
  - 7. The system of claim 1, wherein the account is maintained by an institution, and wherein the processor is further configured to:
    - access a datastore maintained by the institution, the datastore comprising information gathered by the institution about use of the account or behaviors of an authorized person when using the account; and
      
      generate one or more authentication questions from the information stored in the datastore.
  - 8. The system of claim 1, wherein the account is maintained by an institution, and wherein the processor is further configured toprovide one or more authentication questions based at least partially on authentication questions or information received from the third-party provider.
  - 9. The system of claim 8, wherein the third-party provider comprises a credit reporting agency.
  - 10. The system of claim 1, wherein the communication device is configured to receive the request through at least one of a plurality of different communication channels, and wherein the processor is configured to provide the one or more authentication questions based at least partially on the communication channel from which the request is received.
  - 11. The system of claim 10, wherein the plurality of communication channels comprise a telephone system channel, a customer service representative channel, an online channel, and a mobile channel.
  - 12. The system of claim 1, wherein the processor is configured to provide the one or more authentication questions based at least partially on the location or account access rights of the person requesting authentication.
  - 13. The system of claim 12, wherein the request requiring authentication comprise a request to authenticate a person with access to an account that is attempting to make a transaction using the account, wherein the processor is configured to provide one or more authentication questions that cannot be answered using information available via the person'"'"'s access to the account.
  - 14. The system of claim 1, wherein the processor is further configured to:
    - determine a risk rating for the request; and
      
      provide one or more authentication questions for the request based at least partially on the risk rating for the request.
  - 15. The system of claim 14, wherein the processor is configured to determine the risk rating for the request based at least partially on the amount of a requested transaction, an amount associated with the account, a channel of communication from which the request was received, a location of the person requesting authentication, the account'"'"'s history, a type of account, or a type of transaction.
  - 16. The system of claim 1, wherein the processor is further configured to:
    - store, in a memory, a history of the one or more authentication questions provided for the account in the past; and
      
      provide the one or more authentication questions to the person based at least partially on the history.
  - 17. The system of claim 16, wherein the processor is configured to use the history so as to not provide the same one or more authentication questions to a person for the account within a predefined period of time or number of authentication requests.
  - 18. The system of claim 1, wherein the processor is configured to:
    - perform one or more functions by executing computer-executable program code embodied in a non-transitory computer-readable medium, wherein the computer-executable program code is configured to instruct the processor to perform the one or more functions.
  - 19. The system of claim 1, wherein the processor is configured to:
    - track response time needed for the person to provide an answer to the authentication question; and
      
      determine an authentication decision based at least partially on the answer and the response time.

20. A system comprising:
- a communication interface receiving a request to authenticate that a person is authorized to access a financial account; and
  
  a processor operatively coupled to the communication interface and configured to;
  
  access a datastore including information about the financial account or a person authorized to access the financial account, wherein the datastore information about the financial account or the person authorized to access the financial account is updated in real time or near real time;
  
  determine that there is insufficient information in the datastore to generate one or more authentication questions for a request requiring authentication;
  
  use the communication interface to communicate with a third-party provider of authentication questions or information about an authorized person that can be used to generate one or more authentication questions;
  
  determine authentication questions based on information about the request, information associated with the third-party provider, and information stored in the datastore about the account or the person authorized to access the financial account, wherein the authentication questions determined include one or more of financial behavior, financial history, or financial transaction associated with the financial account;
  
  use the communication interface to provide the authentication questions in response to the request received, wherein the authentication questions are provided such that any two consecutive requests to access the financial account are provided different authentication questions;
  
  track an amount of time between providing the authentication questions generated and receiving answer responses in response to the authentication questions provided;
  
  determine whether the amount of time is less than or equal to a first predetermined threshold period;
  
  in response to determining the amount of time is less than or equal to the first threshold period authorize access to the financial account based at least in part on the answer responses received for the authentication questions;
  
  in response to determining the amount of time is greater than the first threshold period but less than or equal to a second threshold period, provide an additional authentication question; and
  
  in response to determining the amount of time is greater than the second threshold period, reject the request to access the financial account.

21. A method comprising:
- receiving, using a communication interface, an electronic request to access a financial account requiring authentication that a person is authorized to access the financial account;
  
  accessing a datastore maintained by the institution, the datastore comprising information gathered by the institution about use of the financial account or behaviors of an authorized person when using the financial account;
  
  determining that there is insufficient information in the datastore to generate one or more authentication questions for a request requiring authentication;
  
  using the communication interface to communicate with a third-party provider of authentication questions or information about an authorized person that can be used to generate one or more authentication questions;
  
  generating authentication questions based at least in part on the electronic request and information about the financial account, wherein the authentication questions generated include one or more of financial behavior, financial history, or financial transaction associated with the financial account;
  
  providing, using a processor, automatically in response to the electronic request, the authentication questions generated based on the electronic request such that any two consecutive electronic requests to access the financial account generate different authentication questions, wherein correct answer responses for the different authentication questions in any two consecutive electronic requests are different;
  
  tracking an amount of time between providing the authentication questions generated and receiving answer responses in response to the authentication questions provided;
  
  determining whether the amount of time is less than or equal to a first predetermined threshold period;
  
  in response to determining the amount of time is less than or equal to the first threshold period, authorizing access to the financial account based on correct answer responses received for the authentication questions;
  
  in response to determining the amount of time is greater than the first threshold period but less than or equal to a second threshold period, providing additional authentication questions; and
  
  in response to determining the amount of time is greater than the second threshold period, rejecting the request to access the financial account.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The method of claim 21, further comprising:
    - updating, in real time or near real time, information in a datastore stored in a memory, the datastore including information about the account or the authorized person;
      
      accessing the datastore; and
      
      generating an authentication question based on information about the request and information stored in the datastore about the account or the authorized person.
  - 23. The method of claim 21, wherein the one or more authentication questions comprise a question about a prior use of the account.
  - 24. The method of claim 21, wherein the account is maintained by an institution, and wherein the method further comprises:
    - accessing a datastore maintained by the institution, the datastore comprising information gathered by the institution about use of the account or behaviors of an authorized person when using the account; and
      
      generating one or more authentication questions from the information stored in the datastore.
  - 25. The method of claim 21, further comprising:
    - receiving the request through at least one of a plurality of different communication channels; and
      
      providing the one or more authentication questions based at least partially on the communication channel from which the request is received.
  - 26. The method of claim 21, further comprising:
    - providing the one or more authentication questions based at least partially on the location or account access rights of the person requesting authentication.
  - 27. The method of claim 21, further comprising:
    - determining a risk rating for the request; and
      
      providing one or more authentication questions for the request based at least partially on the risk rating for the request.
  - 28. The method of claim 21, further comprising:
    - storing, in a memory, a history of the one or more authentication questions provided for the account in the past; and
      
      providing one or more authentication questions to the person based at least partially on the history.
  - 29. The method of claim 21, where the one or more authentication questions comprise a multiple choice question or a true/false question.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Ashfield, James M., Shroyer, David C., McConnell, Eric Charles
Primary Examiner(s)
Choudhury, Azizul
Assistant Examiner(s)
NAJEE-ULLAH, TARIQ S

Application Number

US12/481,264
Time in Patent Office

1,820 Days
Field of Search

726/4, 726/26
US Class Current

726/4
CPC Class Codes

G06Q 20/4014   Identity check for transact...

G06Q 40/02   Banking, e.g. interest calc...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/08   for authentication of entit...

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04L 67/535   Tracking the activity of th...

H04W 12/63   Location-dependent; Proximi...

H04W 12/67   Risk-dependent, e.g. select...

H04W 4/029   Location-based management o...

Dynamic authentication engine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

149 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic authentication engine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

149 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links