Dynamic authentication engine
First Claim
1. A system comprising:
- a communication interface configured to receive an electronic request to access a financial account requiring authentication that a person is authorized to access the financial account; and
a processor operatively coupled to the communication interface and configured to use the communication device to;
access a datastore maintained by the institution, the datastore comprising information gathered by the institution about use of the financial account or behaviors of an authorized person when using the financial account;
determine that there is insufficient information in the datastore to generate one or more authentication questions for a request requiring authentication;
use the communication interface to communicate with a third-party provider of authentication questions or information about an authorized person that can be used to generate one or more authentication questions;
generate authentication questions based at least in part on the electronic request and information about the financial account, wherein the authentication questions generated include one or more of financial behavior, financial history, or financial transaction associated with the financial account;
provide authentication questions each time a request is received requiring authentication to access or use the financial account, wherein the processor is configured to provide the authentication questions such that the authentication questions are not repeated in two or more consecutive requests;
track an amount of time between providing the authentication questions generated and receiving answer responses in response to the authentication questions provided;
determine whether the amount of time is less than or equal to a first predetermined threshold period;
in response to determining the amount of time is less than or equal to the first threshold period, authorize access to the financial account based on the answer responses received for the authentication questions;
in response to determining the amount of time is greater than the first threshold period but less than or equal to a second threshold period, provide an additional authentication question; and
in response to determining the amount of time is greater than the second threshold period, reject the request to access the financial account.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention relate to apparatuses and methods for identity verification. For example, in one embodiment, a financial institution has a system to generate authentication questions to be used when authenticating a customer when the customer is trying to access and/or use the customer'"'"'s account. The authentication system is configured to ask one or more authentication questions each time the customer tries to access or use the account, where the authentication questions are generally out-of-wallet questions that constantly change from one authentication attempt to the next. For example, in one embodiment, the questions include behavioral, historical, and transaction based questions generated from information available about a customer'"'"'s financial account. In some embodiments, the authentication engine is configured to generate authentication questions based at least partially on a risk rating associated with the authentication request and/or on the communication channel from which the request is received.
149 Citations
29 Claims
-
1. A system comprising:
-
a communication interface configured to receive an electronic request to access a financial account requiring authentication that a person is authorized to access the financial account; and a processor operatively coupled to the communication interface and configured to use the communication device to; access a datastore maintained by the institution, the datastore comprising information gathered by the institution about use of the financial account or behaviors of an authorized person when using the financial account; determine that there is insufficient information in the datastore to generate one or more authentication questions for a request requiring authentication; use the communication interface to communicate with a third-party provider of authentication questions or information about an authorized person that can be used to generate one or more authentication questions; generate authentication questions based at least in part on the electronic request and information about the financial account, wherein the authentication questions generated include one or more of financial behavior, financial history, or financial transaction associated with the financial account; provide authentication questions each time a request is received requiring authentication to access or use the financial account, wherein the processor is configured to provide the authentication questions such that the authentication questions are not repeated in two or more consecutive requests; track an amount of time between providing the authentication questions generated and receiving answer responses in response to the authentication questions provided; determine whether the amount of time is less than or equal to a first predetermined threshold period; in response to determining the amount of time is less than or equal to the first threshold period, authorize access to the financial account based on the answer responses received for the authentication questions; in response to determining the amount of time is greater than the first threshold period but less than or equal to a second threshold period, provide an additional authentication question; and in response to determining the amount of time is greater than the second threshold period, reject the request to access the financial account. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system comprising:
-
a communication interface receiving a request to authenticate that a person is authorized to access a financial account; and a processor operatively coupled to the communication interface and configured to; access a datastore including information about the financial account or a person authorized to access the financial account, wherein the datastore information about the financial account or the person authorized to access the financial account is updated in real time or near real time; determine that there is insufficient information in the datastore to generate one or more authentication questions for a request requiring authentication; use the communication interface to communicate with a third-party provider of authentication questions or information about an authorized person that can be used to generate one or more authentication questions; determine authentication questions based on information about the request, information associated with the third-party provider, and information stored in the datastore about the account or the person authorized to access the financial account, wherein the authentication questions determined include one or more of financial behavior, financial history, or financial transaction associated with the financial account; use the communication interface to provide the authentication questions in response to the request received, wherein the authentication questions are provided such that any two consecutive requests to access the financial account are provided different authentication questions; track an amount of time between providing the authentication questions generated and receiving answer responses in response to the authentication questions provided; determine whether the amount of time is less than or equal to a first predetermined threshold period; in response to determining the amount of time is less than or equal to the first threshold period authorize access to the financial account based at least in part on the answer responses received for the authentication questions; in response to determining the amount of time is greater than the first threshold period but less than or equal to a second threshold period, provide an additional authentication question; and in response to determining the amount of time is greater than the second threshold period, reject the request to access the financial account.
-
-
21. A method comprising:
-
receiving, using a communication interface, an electronic request to access a financial account requiring authentication that a person is authorized to access the financial account; accessing a datastore maintained by the institution, the datastore comprising information gathered by the institution about use of the financial account or behaviors of an authorized person when using the financial account; determining that there is insufficient information in the datastore to generate one or more authentication questions for a request requiring authentication; using the communication interface to communicate with a third-party provider of authentication questions or information about an authorized person that can be used to generate one or more authentication questions; generating authentication questions based at least in part on the electronic request and information about the financial account, wherein the authentication questions generated include one or more of financial behavior, financial history, or financial transaction associated with the financial account; providing, using a processor, automatically in response to the electronic request, the authentication questions generated based on the electronic request such that any two consecutive electronic requests to access the financial account generate different authentication questions, wherein correct answer responses for the different authentication questions in any two consecutive electronic requests are different; tracking an amount of time between providing the authentication questions generated and receiving answer responses in response to the authentication questions provided; determining whether the amount of time is less than or equal to a first predetermined threshold period; in response to determining the amount of time is less than or equal to the first threshold period, authorizing access to the financial account based on correct answer responses received for the authentication questions; in response to determining the amount of time is greater than the first threshold period but less than or equal to a second threshold period, providing additional authentication questions; and in response to determining the amount of time is greater than the second threshold period, rejecting the request to access the financial account. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
Specification