Generating user authentication challenges based on social network activity information
First Claim
1. A computer-implemented method for generating user authentication challenges performed on one or more computing devices, the method comprising:
- receiving, on the one or more computing devices, a login request from a user wherein the login request includes an account owner'"'"'s correct username and password and additional login information from the user;
in response to receiving the login request, detecting a potential fraudulent login attempt based on the additional login information from the user;
analyzing social network activity information of the account owner, wherein the analysis includes determining a pattern of social network activity and a deviation from the pattern of social network activity;
performing security analysis of the social network activity information underlying including the pattern and the deviation from the pattern to determine whether the underlying social network activity information is a secure basis for an authentication challenge;
in response to determining the social network activity information as the secure basis for the authentication challenge, generating the authentication challenge based at least in part on the social network activity information and the deviation from the pattern of social network activity; and
sending the authentication challenge for display;
wherein the underlying social network information is a secure basis for the authentication challenge when the underlying social network activity is not publicly available and not personally identifiable, the authentication challenge generated is based at least in part on personally unidentifiable social network activity information.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for generating user authentication challenges based at least in part on an account owner'"'"'s social network activity information. A login request including an account owner'"'"'s correct username and password as well as additional login information is received from a user. The login attempt is detected as a potentially fraudulent based on the additional login information from the user. The account owner'"'"'s social network activity information is analyzed. An authentication challenge based at least in part on the account owner'"'"'s social network activity information is generated and sent for display. The login request is allowed or denied based on the completion on the authentication challenge.
-
Citations
26 Claims
-
1. A computer-implemented method for generating user authentication challenges performed on one or more computing devices, the method comprising:
-
receiving, on the one or more computing devices, a login request from a user wherein the login request includes an account owner'"'"'s correct username and password and additional login information from the user; in response to receiving the login request, detecting a potential fraudulent login attempt based on the additional login information from the user; analyzing social network activity information of the account owner, wherein the analysis includes determining a pattern of social network activity and a deviation from the pattern of social network activity; performing security analysis of the social network activity information underlying including the pattern and the deviation from the pattern to determine whether the underlying social network activity information is a secure basis for an authentication challenge; in response to determining the social network activity information as the secure basis for the authentication challenge, generating the authentication challenge based at least in part on the social network activity information and the deviation from the pattern of social network activity; and sending the authentication challenge for display; wherein the underlying social network information is a secure basis for the authentication challenge when the underlying social network activity is not publicly available and not personally identifiable, the authentication challenge generated is based at least in part on personally unidentifiable social network activity information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for generating user authentication challenges, the system comprising:
-
one or more processors; a login receiver engine stored on a memory and executable by the one or more processors for receiving a login request, wherein the login request includes an account owner'"'"'s correct username and password and additional login information from a user; a fraudulent login detection engine stored on a memory and executable by the one or more processors for detecting a potentially fraudulent login attempt based on the additional login information from the user; a social network activity information analysis engine stored on a memory and executable by the one or more processors for analyzing the social network activity information of the account owner including determining a pattern of social network activity and a deviation from the pattern of social network activity, and performing security analysis of the social network activity information underlying the pattern and the deviation from the pattern to determine whether the underlying social network activity information is a secure basis for an authentication challenge; and a challenge generation engine stored on a memory and executable by the one or more processors for generating an authentication challenge based at least in part on the social network activity information that is determined as the secure basis for the authentication challenge and the deviation from the pattern of social network activity and sending the authentication challenge for display; wherein the underlying social network information is a secure basis for the authentication challenge when the underlying social network activity is not publicly available and not personally identifiable, the authentication challenge generated by the challenge generation engine is based at least in part on personally unidentifiable social network activity information. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. An apparatus comprising a non-transitory computer readable medium encoding instructions thereon that in response to execution by a computing device cause the computing device to perform operations comprising:
-
receiving a login request from a user wherein the login request includes an account owner'"'"'s correct username and password and additional login information from the user; in response to receiving the login request, detecting a potential fraudulent login attempt based on the additional login information from the user; analyzing social network activity information of the account owner, wherein the analysis includes determining a pattern of social network activity and a deviation from the pattern of social network activity; performing security analysis of the social network activity information underlying including the pattern and the deviation from the pattern to determine whether the underlying social network activity information is a secure basis for an authentication challenge; in response to determining the social network activity information as the secure basis for the authentication challenge, generating the authentication challenge based at least in part on the social network activity information and the deviation from the pattern of social network activity; and sending the authentication challenge for display; wherein the underlying social network information is a secure basis for the authentication challenge when the underlying social network activity is not publicly available and not personally identifiable, and generating the authentication challenge based at least in part on personally unidentifiable social network activity information. - View Dependent Claims (25, 26)
-
Specification