Familiar dynamic human challenge response test content

US 9,195,822 B2
Filed: 12/20/2012
Issued: 11/24/2015
Est. Priority Date: 12/20/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving transaction data associated with a plurality of transactions;

scrubbing the transaction data of personally identifiable information that can be used to identify a person or an account associated with the transaction data;

extracting, by a server computer, a plurality of challenge items from the scrubbed transaction data using an extraction algorithm, the extraction algorithm selecting the plurality of challenge items from data strings in the transaction data, wherein the plurality of challenge items include a plurality of different types of transaction data;

storing the plurality of challenge items in a challenge repository, wherein the plurality of challenge items may be used to generate distorted challenge messages; and

electronically providing a distorted challenge message comprising one or more of the plurality of challenge items from the challenge repository.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are directed to human challenge response test delivery systems and methods. Specifically, embodiments of the present invention are directed to secure human challenge response test delivery services of configurable difficulty for user devices. One embodiment of the present invention is directed to methods and systems for implementing a familiar and dynamic human challenge response test challenge repository created from transaction data. The dynamic human challenge response test challenge repository may be created by a server computer receiving a plurality of transaction data. Challenge items may be extracted from the transaction data using an extraction algorithm. Furthermore, in some embodiments a challenge message may be sent to a requestor, a verification request may be received, and the verification request may be compared to the challenge message. Another embodiment may be directed at using user information in a human challenge response test to mutually authenticate a user and a service provider.

Citations

22 Claims

1. A method comprising:
- receiving transaction data associated with a plurality of transactions;
  
  scrubbing the transaction data of personally identifiable information that can be used to identify a person or an account associated with the transaction data;
  
  extracting, by a server computer, a plurality of challenge items from the scrubbed transaction data using an extraction algorithm, the extraction algorithm selecting the plurality of challenge items from data strings in the transaction data, wherein the plurality of challenge items include a plurality of different types of transaction data;
  
  storing the plurality of challenge items in a challenge repository, wherein the plurality of challenge items may be used to generate distorted challenge messages; and
  
  electronically providing a distorted challenge message comprising one or more of the plurality of challenge items from the challenge repository.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - receiving a challenge message request from a requestor;
      
      determining a difficulty level for the challenge message request;
      
      generating a challenge message comprising one or more of the plurality of challenge items from the challenge repository;
      
      distorting the challenge message to create the distorted challenge message;
      
      sending the distorted challenge message to the requestor;
      
      receiving a challenge verification request including a user input from the requestor;
      
      determining whether the user input included in the challenge verification request matches the one or more of the plurality of the challenge items included in the challenge message; and
      
      sending a challenge verification response indicating whether the user input included in the challenge verification request matches the one or more of the plurality of the challenge items included in the challenge message, wherein the challenge verification response indicates that a user associated with the requestor is human where the challenge verification response indicates the user input matches the one or more of the plurality of the challenge items in the challenge message.
  - 3. The method of claim 2 wherein extracting the plurality of challenge items from the transaction data further comprises:
    - determining a location of the user; and
      
      extracting the plurality of challenge items from transaction data associated with transactions initiated near the location of the user.
  - 4. The method of claim 2 wherein determining the difficulty level for the challenge message request further comprises determining a security level based on requestor information, wherein the requestor information includes the identity of the requestor, a type of service provided by the requestor, or the location of the requestor.
  - 5. The method of claim 2, wherein a number of challenge items included in the challenge message is determined by the difficulty level.
  - 6. The method of claim 2, wherein the challenge message is distorted according to the difficulty level, wherein the distorted challenge message has a high amount of distortion if the difficulty level is high and a low amount of distortion if the difficulty level is low.
  - 7. The method of claim 1, wherein the plurality of challenge items are stored according to their level of complexity.
  - 8. The method of claim 1, wherein the challenge items include at least two of a group including a merchant name, a transaction amount, a transaction time, a transaction date, a transaction origination address, a portion of an account number, an expiration date, a zip code, a city name, a street name, an address number, and a product name.
  - 9. The method of claim 1, wherein the challenge request includes at least two challenge items, wherein each of the at least two challenge items is associated with different transactions from the transaction data.

10. A server computer comprising:
- a processor; and
  
  a non-transitory computer readable medium coupled to the processor and comprising code executable by the processor to implement a method, the method comprising;
  
  receiving transaction data associated with a plurality of transactions;
  
  scrubbing the transaction data of personally identifiable information that can be used to identify a person or an account associated with the transaction data;
  
  extracting a plurality of challenge items from the transaction data using an extraction algorithm, the extraction algorithm selecting the plurality of challenge items from data strings in the transaction data, wherein the plurality of challenge items include a plurality of different types of transaction data;
  
  storing the plurality of challenge items in a challenge repository, wherein the plurality of challenge items may be used to generate distorted challenge messages; and
  
  providing a distorted challenge message comprising one or more of the plurality of challenge items from the challenge repository.
- View Dependent Claims (11, 12, 13)
- - 11. The server computer of claim 10, wherein the method further comprises:
    - receiving a challenge message request from a requestor;
      
      determining a difficulty level for the challenge message request;
      
      generating a challenge message comprising one or more of the plurality of challenge items from the challenge repository;
      
      distorting the challenge message to create the distorted challenge message;
      
      sending the distorted challenge message to the requestor;
      
      receiving a challenge verification request including a user input from the requestor;
      
      determining whether the user input included in the challenge verification request matches the one or more of the plurality of the challenge items included in the challenge message; and
      
      sending a challenge verification response indicating whether the user input included in the challenge verification request matches the one or more of the plurality of the challenge items included in the challenge message, wherein the challenge verification response indicates that a user associated with the requestor is human where the challenge verification response indicates the user input matches the one or more of the plurality of the challenge items in the challenge message.
  - 12. The server computer of claim 11 wherein extracting the plurality of challenge items from the transaction data further comprises:
    - determining a location of the user; and
      
      extracting the plurality of challenge items from transaction data associated with transactions initiated near the location of the user.
  - 13. The server computer of claim 11 wherein determining the difficulty level for the challenge message request further comprises determining a security level based on requestor information, wherein the requestor information includes the identity of the requestor, a type of service provided by the requestor, or the location of the requestor.

14. A method comprising:
- receiving a user identifier;
  
  determining a challenge repository associated with the user identifier;
  
  generating, by a server computer, a challenge message including a personal challenge item from the challenge repository and one or more false challenges, wherein the personal challenge item is associated with a challenge question and wherein the false challenges are associated with the challenge question;
  
  distorting the challenge message to create a distorted challenge message;
  
  providing the distorted challenge message and the challenge question to a user, wherein the challenge question is associated with the personal challenge item;
  
  receiving a challenge response including a user input from the user;
  
  determining whether the user input included in the challenge response matches the personal challenge item in the distorted challenge message; and
  
  authenticating the user as being both a human and being associated with the user identifier where the user input included in the challenge response matches the personal challenge item, and wherein the user authenticates the server computer as being legitimate where the user recognizes the personal challenge item from the one or more false challenges.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14 wherein the challenge data comprises account information associated with the user identifier.
  - 16. The method of claim 14 wherein the challenge data comprises transaction data associated with the user identifier.
  - 17. The method of claim 14 further comprising determining a difficulty level for the challenge message, wherein a number of false challenges and the personal challenge item is determined by the difficulty level.
  - 18. The method of claim 14, wherein the challenge repository associated with the user identifier was generated by:
    - determining a user information database associated with the user identifier;
      
      scrubbing the user information database of personally identifiable information that can be used to identify the user or an account associated with the user information database; and
      
      extracting a plurality of personal challenge items from the scrubbed transaction data using an extraction algorithm, the extraction algorithm selecting the plurality of personal challenge items from data strings in the scrubbed user information database, wherein the plurality of personal challenge items include a plurality of different types of user information.

19. A server computer comprising:
- a processor; and
  
  a non-transitory computer readable medium coupled to the processor and comprising code, executable by the processor, the code being configured to perform the steps of;
  
  receiving a user identifier;
  
  determining challenge data associated with the user identifier;
  
  generating a challenge message including a personal challenge item from the challenge repository and one or more false challenges, wherein the personal challenge item is associated with a challenge question and wherein the false challenges are associated with the challenge question;
  
  distorting the challenge message to create a distorted challenge message;
  
  providing the distorted challenge message and the challenge question to a user;
  
  receiving a challenge response from the user;
  
  determining whether the challenge response matches the personal challenge item; and
  
  authenticating the user as being both a human and being associated with the user identifier where the user input included in the challenge response matches the personal challenge item, and wherein the user authenticates the server computer as being legitimate where the user recognizes the personal challenge item from the one or more false challenges.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19 wherein the challenge data comprises account information associated with the user identifier.
  - 21. The server computer of claim 19 wherein the challenge data comprises transaction data associated with the user identifier.
  - 22. The server computer of claim 19 wherein the method further comprises determining a difficulty level for the challenge message, wherein a number of false challenges is determined by the difficulty level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Carlson, Mark, Mayor, Shalini
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
KAPLAN, BENJAMIN A

Application Number

US13/721,647
Publication Number

US 20130160098A1
Time in Patent Office

1,069 Days
Field of Search

726/6
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G06F 2221/2133   Verifying human interaction...

H04L 63/0876   based on the identity of th...

H04L 63/20   for managing network securi...

Familiar dynamic human challenge response test content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Familiar dynamic human challenge response test content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links