Generating authentication challenges based on social network activity information

US 9,037,864 B1
Filed: 09/21/2011
Issued: 05/19/2015
Est. Priority Date: 09/21/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for generating user authentication challenges, the method comprising:

receiving a login request from a user wherein the login request includes an account owner'"'"'s correct username and password and additional login information from the user;

in response to receiving the login request, detecting a potential fraudulent login attempt based on the additional login information from the user;

analyzing social network activity information of the account owner using aggregate statistical data of a plurality of users to determine a plurality of social network activity patterns or social network activity information of the account owner to serve as a basis for an authentication challenge;

performing analysis to determine which social network activity pattern or social network activity information of the account owner from the plurality of social network activity patterns or social network activity information serve as a secure basis for generating the authentication challenge;

generating the authentication challenge based at least in part on one or more of the determined social network activity information and the determined social network activity pattern of the account owner that are determined as the secure basis for the authentication challenge; and

sending the authentication challenge for display, wherein the authentication challenge includes an inquiry regarding the social network activity information of the account owner.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for generating user authentication challenges based at least in part on an account owner'"'"'s social network activity information. A login request including an account owner'"'"'s correct username and password as well as additional login information is received from a user. The login attempt is detected as a potentially fraudulent based on the additional login information from the user. The account owner'"'"'s social network activity information is analyzed. An authentication challenge based at least in part on the account owner'"'"'s social network activity information is generated and sent for display. The login request is allowed or denied based on the completion on the authentication challenge.

45 Citations

View as Search Results

18 Claims

1. A computer-implemented method for generating user authentication challenges, the method comprising:
- receiving a login request from a user wherein the login request includes an account owner'"'"'s correct username and password and additional login information from the user;
  
  in response to receiving the login request, detecting a potential fraudulent login attempt based on the additional login information from the user;
  
  analyzing social network activity information of the account owner using aggregate statistical data of a plurality of users to determine a plurality of social network activity patterns or social network activity information of the account owner to serve as a basis for an authentication challenge;
  
  performing analysis to determine which social network activity pattern or social network activity information of the account owner from the plurality of social network activity patterns or social network activity information serve as a secure basis for generating the authentication challenge;
  
  generating the authentication challenge based at least in part on one or more of the determined social network activity information and the determined social network activity pattern of the account owner that are determined as the secure basis for the authentication challenge; and
  
  sending the authentication challenge for display, wherein the authentication challenge includes an inquiry regarding the social network activity information of the account owner.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, further comprising:
    - receiving a response from the user; and
      
      assessing completion of the authentication challenge based on the response from the user.
  - 3. The computer-implemented method of claim 1, wherein the authentication challenge is based at least in part on social network activity information selected at random.
  - 4. The computer-implemented method of claim 1, wherein the authentication challenge includes an inquiry regarding the social network activity information of the account owner.
  - 5. The computer-implemented method of claim 1, wherein the additional login information includes the user'"'"'s IP address, geographic location, or device identification number.
  - 6. The computer-implemented method of claim 2, further comprising:
    - determining that the user failed to complete the first authentication challenge;
      
      generating a new authentication challenge;
      
      sending the new authentication challenge to the user;
      
      receiving a new response from the user; and
      
      assessing the completion of the new authentication challenge based on the new response.

7. A system for generating user authentication challenges, the system comprising:
- one or more processors;
  
  a login receiver engine stored on a memory and executable by the one or more processors for receiving a login request, wherein the login request includes an account owner'"'"'s correct username and password and additional login information from a user;
  
  a fraudulent login detection engine stored on a memory and executable by the one or more processors for detecting a potentially fraudulent login based on the additional login information from the user;
  
  a social network activity information analysis engine stored on a memory and executable by the one or more processors for analyzing the social network activity information of the account owner using aggregate statistical data of a plurality of users to determine a plurality of social network activity patterns or social network activity information of the account owner to serve as a basis for an authentication challenge, andperforming analysis to determine which social network activity pattern or social network activity information of the account owner from the plurality of social network activity patterns or social network activity information serve as a secure basis for generating the authentication challenge;
  
  a challenge generation engine stored on a memory and executable by the one or more processors for generating the authentication challenge based at least in part on one or more of the determined social network activity information and the determined social network activity pattern that are determined as the secure basis for the authentication challenge, and for sending the authentication challenge for display.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, further comprising:
    - a challenge assessment engine for receiving a response from the user and assessing completion of the authentication challenge based on the response from the user.
  - 9. The system of claim 7, wherein the authentication challenge generated by the challenge generation engine is based on social network activity information selected at random.
  - 10. The system of claim 7, wherein the authentication challenge generated by the challenge generation engine includes an inquiry regarding the social network activity information of the account owner.
  - 11. The system of claim 7, wherein the additional login information used by the fraudulent login detection engine includes the user'"'"'s IP address, geographic location, or device identification number.
  - 12. The system of claim 8, wherein the challenge generation engine generates a new authentication challenge responsive to the challenge assessment engine determining that the user failed to complete the first authentication challenge, and sends the new authentication challenge to the user, and wherein the challenge assessment engine receives a user'"'"'s response to the new authentication challenge and assesses the completion of the new authentication challenge based on the user'"'"'s response to the new authentication challenge.

13. A computer program product comprising a non-transitory computer usable storage medium including a computer readable program, the computer readable program when executed by a processor causes the processor to:
- receive a login request from a user wherein the login request includes an account owner'"'"'s correct username and password and additional login information from the user;
  
  in response to receiving the login request, detect a potential fraudulent login attempt based on the additional login information from the user;
  
  analyze social network activity information of the account owner using aggregate statistical data of a plurality of users to determine a plurality of social network activity patterns or social network activity information of the account owner to serve as a basis for an authentication challenge;
  
  perform analysis to determine which social network activity pattern or social network activity information of the account owner from the plurality of social network activity patterns or social network activity information serve as a secure basis for generating the authentication challenge;
  
  generate the authentication challenge based at least in part on one or more of the determined social network activity information and the determined social network activity pattern of the account owner that are determined as the secure basis for the authentication challenge; and
  
  send the authentication challenge for display, wherein the authentication challenge includes an inquiry regarding the social network activity information of the account owner.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13, wherein the computer readable program further causes the processor to:
    - receive a response from the user; and
      
      assess completion of the authentication challenge based on the response from the user.
  - 15. The computer program product of claim 13, wherein the authentication challenge is based at least in part on social network activity information selected at random.
  - 16. The computer program product of claim 13, wherein the authentication challenge includes an inquiry regarding the social network activity information of the account owner.
  - 17. The computer program product of claim 13, wherein the additional login information includes the user'"'"'s IP address, geographic location, or device identification number.
  - 18. The computer program product of claim 14, wherein the computer readable program further causes the processor to:
    - determine that the user failed to complete the first authentication challenge;
      
      generate a new authentication challenge;
      
      send the new authentication challenge to the user;
      
      receive a new response from the user; and
      
      assess the completion of the new authentication challenge based on the new response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Staddon, Jessica, Archer, Andrew M., Thakur, Madhukar Narayan, Hearn, Michael Christopher
Primary Examiner(s)
Brown, Christopher

Application Number

US13/239,026
Time in Patent Office

1,336 Days
Field of Search

713/182, 726/27
US Class Current

713/182
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2133   Verifying human interaction...

Generating authentication challenges based on social network activity information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Generating authentication challenges based on social network activity information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links