Event-based security challenges

US 9,298,898 B2
Filed: 07/18/2013
Issued: 03/29/2016
Est. Priority Date: 07/18/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a computer executing a security application, a request from a requestor, the request for a challenge question and a response comprising an answer to the challenge question, wherein the challenge question and the response are used by the requestor to authenticate a user device;

accessing, by the computer, event data corresponding to a user of the user device, wherein the event data relates to a transaction that does not occur at the user device;

determining, by the computer, a difficulty level for the challenge question, the difficulty level comprising a degree of accuracy associated with an amount of the transaction;

generating, by the computer, the challenge question based upon the event data and the difficulty level;

generating, by the computer, the response based upon the event data, the response comprising a valid response to the challenge question; and

providing, by the computer, the challenge question and the response to the requestor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Concepts and technologies are disclosed herein for event-based security challenges. A computer can execute a security application. The computer can receive a request for authentication information associated with a user device. The computer can access event data corresponding to the user device. The computer can generate, based upon the event data, a challenge question and a response to the challenge question. The computer can provide data indicating the challenge question and the response to a requestor associated with the request.

Citations

17 Claims

1. A method comprising:
- receiving, at a computer executing a security application, a request from a requestor, the request for a challenge question and a response comprising an answer to the challenge question, wherein the challenge question and the response are used by the requestor to authenticate a user device;
  
  accessing, by the computer, event data corresponding to a user of the user device, wherein the event data relates to a transaction that does not occur at the user device;
  
  determining, by the computer, a difficulty level for the challenge question, the difficulty level comprising a degree of accuracy associated with an amount of the transaction;
  
  generating, by the computer, the challenge question based upon the event data and the difficulty level;
  
  generating, by the computer, the response based upon the event data, the response comprising a valid response to the challenge question; and
  
  providing, by the computer, the challenge question and the response to the requestor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the requestor presents the challenge question to the user device, receives a further response from the user device, and compares the further response from the user device to the response.
  - 3. The method of claim 1, wherein the difficulty level is further.
  - 4. The method of claim 1, wherein the event data comprises location data that identifies a geographic location at which the transaction occurred;
    - andtime information that identifies a time at which the transaction occurred.
  - 5. The method of claim 1, further comprising:
    - obtaining the event data from a further user device; and
      
      storing the event data at a data store.
  - 6. The method of claim 1, wherein the transaction comprises a purchase from a media service.
  - 7. The method of claim 1, wherein the transaction comprises a banking transaction.

8. A system comprising:
- a processor; and
  
  a memory storing computer-executable instructions that, when executed by the processor, cause the processor to perform operations comprisingreceiving a request from a requestor, the request for a challenge question and a response comprising an answer to the challenge question;
  
  accessing event data corresponding to a user of a user device, wherein the event data relates to a transaction that does not occur at the user device;
  
  determining a difficulty level for the challenge question, the difficulty level comprising a degree of accuracy associated with an amount of the transaction;
  
  generating the challenge question based upon the event data and the difficulty level;
  
  generating the response based upon the event data, the response comprising a valid response to the challenge question; and
  
  providing the challenge question and the response to the requestor.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the event data is generated by a further user device used to conduct the transaction.
  - 10. The system of claim 9, wherein generating the event data comprises:
    - detecting the transaction at the further user device;
      
      determining an event type associated with the transaction;
      
      determining that the event data is to be captured for the transaction based upon the event type; and
      
      storing the event data at a data storage device.
  - 11. The system of claim 8, wherein determining the difficulty level for the challenge question is further based upon a preference.
  - 12. The system of claim 8, wherein the requestor comprises a web server hosting a web application.
  - 13. The system of claim 8, wherein the event data comprises:
    - local device data that identifies a local device in a proximity of a device associated with the user when the transaction is conducted.
  - 14. The system of claim 8, wherein the event data comprises:
    - location data that identifies a geographic location associated with the transaction; and
      
      time data that identifies a time associated with the transaction.

15. A computer storage medium having computer-executable instructions stored thereon that, when executed by a processor, cause the processor to perform operations comprising:
- receiving a request from a requestor, the request for a challenge question and a response comprising an answer to the challenge question, wherein the challenge question and the response are used by the requestor to authenticate a user device;
  
  accessing event data corresponding to a user of the user device, wherein the event data relates to a transaction that does not occur at the user device;
  
  determining a difficulty level for the challenge question, the difficulty level comprising a degree of accuracy associated with an amount of the transaction;
  
  generating the challenge question based upon the event data and the difficulty level;
  
  generating the response based upon the event data, the response comprising a valid response to the challenge question; and
  
  providing the challenge question and the response to the requestor.
- View Dependent Claims (16, 17)
- - 16. The computer storage medium of claim 15, wherein the computer-executable instructions, when executed by the processor, cause the processor to perform operations further comprising:
    - obtaining the event data from a further user device; and
      
      storing the event data at a data storage device with data indicating an identity of the further user device.
  - 17. The computer storage medium of claim 15, wherein the computer-executable instructions, when executed by the processor, cause the processor to perform operations further comprising:
    - obtaining a preference that is to be used to generate the challenge question and the response; and
      
      storing the preference with the event data, wherein generating the challenge question further comprises generating the challenge question based upon the preference, and wherein generating the response further comprises generating the response based upon the preference.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Koch, Robert Alan, Bridger, Robert II, Lee, James T Jr.
Primary Examiner(s)
Abrishamkar, Kaveh
Assistant Examiner(s)
Stoica, Adrian

Application Number

US13/945,359
Publication Number

US 20150026796A1
Time in Patent Office

985 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

H04L 63/08   for authentication of entit...

Event-based security challenges

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Event-based security challenges

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links