Dynamic risk engine

US 9,203,860 B1
Filed: 03/20/2012
Issued: 12/01/2015
Est. Priority Date: 03/20/2012
Status: Active Grant

First Claim

Patent Images

1. A method of determining whether to allow a user to engage in an activity comprising:

engaging in an initial contact with the user via a channel, wherein engaging in the initial contact with the user comprises acquiring identifying information relating to the user that is based at least in part on the channel;

receiving, from the user, a request to engage in the activity;

determining an activity trust threshold required for the activity, wherein determining the activity trust threshold is based on rules relating to a risk of the activity, wherein the risk of the activity is determined based at least in part on security preferences identified by the user;

determining, based on the identifying information and a comparison of current user behavior with historical user behavior, an initial identity trust score for the user;

comparing the initial identity trust score with the activity trust threshold to determine whether to allow the user to engage in the activity; and

based on the comparison of the initial identity trust score with the activity trust threshold, performing one of;

allowing the user to engage in the activity,collecting additional identifying information until a revised identity trust score meets or exceeds the activity trust threshold, orrejecting the request to engage in the activity,wherein the identifying information is at least one of;

a username, a password, an automatic number identification, a token, a one-time password, a grid card code, information known to the user, a physical attribute of the user, location information, device identification, past channel usage, language, network, an internet service provider, or information identifying a device, wherein the device is associated with the user,wherein the activity is performed during a session, the session being a continuous dialogue with the user, andwherein the channel is one of;

an internet portal, face-to-face contact, a mobile application, an instant messaging system, or a voice communication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of the present invention generally relate to identity authentication and/or recognition. Some embodiments provide a method for determining when a user may engage in a restricted activity, including engaging in an initial contact with a user via a channel, acquiring identifying information relating to the user, receiving, from the user, a request to engage in an activity, determining an activity trust threshold required for the activity, based on the identifying information, determining an initial identity trust score for the user based on the identifying information, comparing the initial identity trust score with the activity trust threshold. Based on the comparison, the user is either allowed to engage in the activity, rejected from engaging in the activity, or additional identifying information is collected.

Citations

14 Claims

1. A method of determining whether to allow a user to engage in an activity comprising:
- engaging in an initial contact with the user via a channel, wherein engaging in the initial contact with the user comprises acquiring identifying information relating to the user that is based at least in part on the channel;
  
  receiving, from the user, a request to engage in the activity;
  
  determining an activity trust threshold required for the activity, wherein determining the activity trust threshold is based on rules relating to a risk of the activity, wherein the risk of the activity is determined based at least in part on security preferences identified by the user;
  
  determining, based on the identifying information and a comparison of current user behavior with historical user behavior, an initial identity trust score for the user;
  
  comparing the initial identity trust score with the activity trust threshold to determine whether to allow the user to engage in the activity; and
  
  based on the comparison of the initial identity trust score with the activity trust threshold, performing one of;
  
  allowing the user to engage in the activity,collecting additional identifying information until a revised identity trust score meets or exceeds the activity trust threshold, orrejecting the request to engage in the activity,wherein the identifying information is at least one of;
  
  a username, a password, an automatic number identification, a token, a one-time password, a grid card code, information known to the user, a physical attribute of the user, location information, device identification, past channel usage, language, network, an internet service provider, or information identifying a device, wherein the device is associated with the user,wherein the activity is performed during a session, the session being a continuous dialogue with the user, andwherein the channel is one of;
  
  an internet portal, face-to-face contact, a mobile application, an instant messaging system, or a voice communication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein receiving, from the user, the request to engage in the activity comprises a request to perform the activity over the channel.
  - 3. The method of claim 1, wherein the risk of the activity is further determined based at least in part on one of the following:
    - type of the activity, perceived threats, regulations, transaction amount, or destination of funds.
  - 4. The method of claim 1, wherein the identifying information comprises the historical user behavior, wherein the historical user behavior comprises information related to logon attempts and information related to historical user activities.
  - 5. The method of claim 1, wherein the activity is initially performed via a first channel during the session with the user, wherein the session with the user is later continued via a second channel, wherein the first channel and the second channel are different types of channels.
  - 6. The method of claim 5, wherein the activity is performed via the second channel after the initial identity trust score or the revised identity trust score meets or exceeds an activity trust threshold in connection with the second channel.
  - 7. The method of claim 1, wherein rejecting the request to engage in the activity comprises associating a fraud alert with the user.
  - 8. The method of claim 3, wherein the risk of the activity comprises information from a third party.
  - 9. The method of claim 1, wherein allowing the user to engage in the activity comprises allowing the user to engage in the activity only if the initial identity trust score or the revised identity trust score meets or exceeds the activity trust threshold.
  - 10. The method of claim 1, wherein collecting the additional identifying information until the revised identity trust score meets or exceeds the activity trust threshold comprises collecting the additional identifying information until the revised identity trust score meets or exceeds the activity trust threshold only if the initial identity trust score is below the activity trust threshold.
  - 11. The method of claim 1, wherein rejecting the request to engage in the activity comprises rejecting the request to engage in the activity only if the additional identifying information cannot raise the initial identity trust score or the revised identity trust score to or above the activity trust threshold.
  - 12. The method of claim 1, wherein the identifying information comprises language, wherein identifying certain languages decreases the initial identity trust score.

13. A non-transitory, computer-readable storage medium containing a set of instructions which, when executed by one or more processors, cause the one or more processors to:
- engage in an initial contact with a user via a channel, wherein engaging in the initial contact with the user comprises instructions to cause the one or more processors to acquire identifying information relating to the user that is based in part on the channel;
  
  receive, from the user, a request to engage in an activity, wherein the request to engage in the activity comprises a request to perform the activity over the channel;
  
  determine an activity trust threshold required for the activity, wherein determining the activity trust threshold required for the activity comprises instructions to cause the one or more processors to generate the activity trust threshold based on rules relating to a risk of the activity and information collected in connection with the channel, wherein the risk of the activity is determined based at least in part on security preferences identified by the user;
  
  determine an initial identity trust score for the user based on the identifying information and a comparison of current user behavior with historical user behavior;
  
  compare the initial identity trust score with the activity trust threshold to determine whether to allow the user to engage in the activity; and
  
  based on the comparison of the initial identity trust score with the activity trust threshold, perform one of;
  
  allow the user to engage in the activity if the initial identity trust score meets or exceeds the activity trust threshold,collect additional identifying information until a revised identity trust score meets or exceeds the activity trust threshold if the initial identity trust score is below the activity trust threshold, andreject the request to engage in the activity if the additional identifying information cannot raise the initial identity trust score to or above the activity trust threshold, wherein rejecting the request to engage in the activity comprises instructions that cause the one or more processors to associate a fraud alert with the user,wherein the identifying information is at least one of;
  
  information known to the user, a physical attribute of the user, location information, past channel usage, language, network, an internet service provider, or information identifying a device, wherein the device is associated with the user,wherein the activity is performed during a session, the session being a continuous dialogue with the user, andwherein the channel is one of;
  
  an internet portal, face-to-face contact, a mobile application, an instant messaging system, or a voice communication.

14. A system for determining whether to allow a user to engage in an activity comprising:
- a memory; and
  
  a processor in communication with the memory, the processor operable to execute software modules, the software modules comprising;
  
  a channel information collection module operable to;
  
  engage in an initial contact with the user via a channel, wherein engaging in the initial contact with the user comprises;
  
  acquiring identifying information relating to the user that is based in part on the channel, andreceiving, from the user, a request to engage in the activity, wherein the request to engage in the activity comprises a request to perform the activity over the channel;
  
  an activity trust threshold module operable to;
  
  determine an activity trust threshold required for the activity, wherein determining the activity trust threshold required for the activity comprises instructions to cause the processor to generate the activity trust threshold based on rules relating to a risk of the activity, wherein the risk of the activity is based at least in part on security preferences identified by the user;
  
  an identity trust score module operable to;
  
  determine, based on the identifying information and a comparison of current user behavior with historical user behavior, an initial identity trust score for the user; and
  
  a comparison module operable to;
  
  compare the initial identity trust score with the activity trust threshold to determine whether to allow the user to engage in the activity, andbased on the comparison of the initial identity trust score with the activity trust threshold, perform one of;
  
  allow the user to engage in the activity if the initial identity trust score meets or exceeds the activity trust threshold,collect additional identifying information until a revised identity trust score meets or exceeds the activity trust threshold if the initial identity trust score is below the activity trust threshold, andreject the request to engage in the activity if the additional identifying information cannot raise the initial identity trust score to or above the activity trust threshold, wherein rejecting the request to engage in the activity comprises associating a fraud alert with the user,wherein the identifying information is at least one of;
  
  information known to the user, a physical attribute of the user, location information, past channel usage, language, network, an internet service provider, or information identifying a device, wherein the device is associated with the user,wherein the activity is performed during a session, the session being a continuous dialogue with the user, andwherein the channel is one of;
  
  an internet portal, face-to-face contact, a mobile application, an instant messaging system, or a voice communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United Services Automobile Association
Original Assignee
United Services Automobile Association
Inventors
Casillas, Debra, Morris, Michael Frank, Mortensen, Maland Keith, Sanclemente, Tammy, Davey, Richard Andrew, Row, John David, Buckingham, Thomas
Primary Examiner(s)
ABYANEH, ALI S

Application Number

US13/425,227
Time in Patent Office

1,351 Days
Field of Search

726/5, 726/22, 726/1, 726/25
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/46   by designing passwords or c...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0869   for achieving mutual authen...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

Dynamic risk engine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic risk engine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links