System and method for utilizing behavioral characteristics in authentication and fraud prevention
First Claim
1. A method of verifying that a user is authorized to access a computer-accessible resource, the method comprising:
- maintaining data reflecting, in aggregate, a range of behaviors of fraudulent automated access attempts performed during voice call sessions;
maintaining a communication number of a verification device associated with a user;
receiving a request by the user to access a computer-accessible resource;
utilizing the communication number to establish a voice call session with the user'"'"'s verification device in order to send a request that the user perform a verification action;
monitoring one or more voice call characteristics indicative of the user'"'"'s behavior during the voice call session;
determining whether the user successfully performed the requested verification action;
comparing the monitored one or more voice call characteristics with an authentication rule to determine whether the authentication rule has been satisfied by the monitored voice call characteristics, wherein the authentication rule is not satisfied if the monitored one or more voice call characteristics fall within the range of behaviors indicative of fraudulent automated access attempts performed during voice call sessions as reflected by the maintained data; and
if the verification action has been successfully completed by the user and if the authentication rule has been satisfied by the monitored voice call characteristics, generating an authentication response that indicates that the user has been authenticated for access to the computer-accessible resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A behavioral characteristics authentication system and method (“BCA system”) that facilitates authentication of the identity of a user, registrant, or applicant of a website, application, or other accessible computer resource using a verification process that incorporates behavioral characteristics. In operation, the BCA system compares a single user'"'"'s behavior with their previous behavior, a user'"'"'s behavior with behavior generally attributed to non-fraudulent behavior, or a user'"'"'s behavior with behavior generally attributed to fraudulent behavior. The population of other users that a user'"'"'s behavior is compared with may be selected to have similar demographic or other characteristics as the user. By analyzing various behavioral characteristics associated with legitimate or fraudulent multi-factor authentication attempts, the BCA system adds another layer of security to online transactions.
59 Citations
24 Claims
-
1. A method of verifying that a user is authorized to access a computer-accessible resource, the method comprising:
-
maintaining data reflecting, in aggregate, a range of behaviors of fraudulent automated access attempts performed during voice call sessions; maintaining a communication number of a verification device associated with a user; receiving a request by the user to access a computer-accessible resource; utilizing the communication number to establish a voice call session with the user'"'"'s verification device in order to send a request that the user perform a verification action; monitoring one or more voice call characteristics indicative of the user'"'"'s behavior during the voice call session; determining whether the user successfully performed the requested verification action; comparing the monitored one or more voice call characteristics with an authentication rule to determine whether the authentication rule has been satisfied by the monitored voice call characteristics, wherein the authentication rule is not satisfied if the monitored one or more voice call characteristics fall within the range of behaviors indicative of fraudulent automated access attempts performed during voice call sessions as reflected by the maintained data; and if the verification action has been successfully completed by the user and if the authentication rule has been satisfied by the monitored voice call characteristics, generating an authentication response that indicates that the user has been authenticated for access to the computer-accessible resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium encoded with instructions that, when executed by a processor, perform a method in a computing system of verifying that a user is authorized to access a computer-accessible resource, the method comprising:
-
maintaining data reflecting, in aggregate, a range of behaviors of fraudulent automated access attempts performed during voice call sessions; maintaining a communication number of a verification device associated with a user; receiving a request by the user to access a computer-accessible resource; utilizing the communication number to establish a voice call session with the user'"'"'s verification device in order to send a request that the user perform a verification action; monitoring one or more voice call characteristics indicative of the user'"'"'s behavior during the voice call session; determining whether the user successfully performed the requested verification action; comparing the monitored one or more voice call characteristics with an authentication rule to determine whether the authentication rule has been satisfied by the monitored voice call characteristics, wherein the authentication rule is not satisfied if the monitored one or more voice call characteristics fall within the range of behaviors indicative of fraudulent automated access attempts performed during voice call sessions as reflected by the maintained data; and if the verification action has been successfully completed by the user and if the authentication rule has been satisfied by the monitored voice call characteristics, generating an authentication response that indicates that the user has been authenticated for access to the computer-accessible resource. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification