Adaptive secondary authentication criteria based on account data

US 9,530,133 B2
Filed: 04/13/2015
Issued: 12/27/2016
Est. Priority Date: 12/31/2012
Status: Active Grant

First Claim

Patent Images

1. A method of generating secondary authentication questions, the method comprising:

accessing, via one or more hardware processors, an activities history of an account associated with an online store, wherein the online store includes digital media including at least one of music, movies, books or apps;

deriving a set of questions based on the activities history of an at least quasi-unique identifier associated with the account;

deriving a set of questions based on a presumed media genre preference associated with the at least quasi-unique identifier;

filtering questions from one or more sets of questions based on privacy settings;

transmitting the one or more questions to a device to authenticate the at least quasi-unique identifier associated with the account;

receiving a set of question metrics gathered during authentication, the set of question metrics related to a frequency in which a type of question is asked or answered;

submitting the set of question metrics to a metrics database, wherein the set of question metrics includes a frequency in which certain type of question is filtered by privacy settings and the frequency in which a certain type of question is asked;

receiving an update to a quality score for one or more questions based on the set of question metrics; and

adjusting the one or more questions based on the update to the quality score.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.

Citations

20 Claims

1. A method of generating secondary authentication questions, the method comprising:
- accessing, via one or more hardware processors, an activities history of an account associated with an online store, wherein the online store includes digital media including at least one of music, movies, books or apps;
  
  deriving a set of questions based on the activities history of an at least quasi-unique identifier associated with the account;
  
  deriving a set of questions based on a presumed media genre preference associated with the at least quasi-unique identifier;
  
  filtering questions from one or more sets of questions based on privacy settings;
  
  transmitting the one or more questions to a device to authenticate the at least quasi-unique identifier associated with the account;
  
  receiving a set of question metrics gathered during authentication, the set of question metrics related to a frequency in which a type of question is asked or answered;
  
  submitting the set of question metrics to a metrics database, wherein the set of question metrics includes a frequency in which certain type of question is filtered by privacy settings and the frequency in which a certain type of question is asked;
  
  receiving an update to a quality score for one or more questions based on the set of question metrics; and
  
  adjusting the one or more questions based on the update to the quality score.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as in claim 1, further comprising:
    - receiving a periodic quality score update for at least one of the one or more questions; and
      
      adjusting the at least one of the one or more questions based on the periodic quality score update.
  - 3. The method as in claim 1, further comprising establishing correctness criteria for each set of questions and adjusting one or more questions based on quality score updates.
  - 4. The method as in claim 3 wherein establishing correctness criteria for a set of questions comprises establishing correctness criteria for each question in the set of questions.
  - 5. The method as in claim 1, further comprising:
    - adjusting the one or more questions based on the quality score to increase difficulty of the question for a malicious attacker or decrease difficulty of the question for a legitimate user of the account.
  - 6. The method as in claim 1, wherein the set of question metrics additionally includes a frequency in which certain type of question is answered correctly.
  - 7. The method as in claim 6, wherein the set of question metrics additionally includes the frequency in which a certain type of question is answered incorrectly.
  - 8. The method as in claim 1, wherein the activities history includes a purchase history associated with the account.

9. A data processing system comprising:
- one or more processors; and
  
  a non-transitory machine readable memory storing instructions which, when executed by the one or more processors, cause the one or more processors to perform operations to;
  
  accessing, via one or more processors, an activities history of an account associated with an online store, wherein the online store includes digital media including at least one of music, movies, books or apps;
  
  derive a set of questions based on the activities history of an at least quasi-unique identifier associated with the account;
  
  deriving a set of questions based on a presumed media genre preference associated with the at least quasi-unique identifier;
  
  filter questions from one or more sets of questions based on privacy settings associated with the account;
  
  transmit one or more adaptively determined authentication questions to a device to authenticate the at least quasi-unique identifier associated with the account;
  
  receive a set of question metrics gathered during authentication, submit the set of question metrics to a metrics database;
  
  receive an update to a quality score for one or more questions based on the set of question metrics, wherein the set of question metrics includes a frequency in which a certain type of question is filtered by privacy settings and the frequency in which a certain type of question is asked; and
  
  adjust the one or more questions based on the update to the quality score.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The data processing system as in claim 9, wherein the set of question metrics additionally includes a frequency in which certain type of question is answered correctly or the frequency a certain type of question is answered incorrectly.
  - 11. The data processing system as in claim 9 storing additional instructions to cause the one or more processors to receive a periodic update to the quality score for one or more questions and adjust one or more questions based on the periodic update to the quality score.
  - 12. The data processing system as in claim 9 storing additional instructions to cause the one or more processors to establish correctness criteria for question in each set of questions and adjust one or more questions based on quality score updates.
  - 13. The data processing system as in claim 9, wherein the activities history includes a purchase history associated with the account.
  - 14. The data processing system as in claim 9, storing additional instructions to cause the one or more processors to:
    - adjust the one or more questions based on the quality score to increase difficulty of the question for a malicious attacker or decrease difficulty of the question for a legitimate user of the account.

15. A non-transitory computer-readable medium storing instructions which, when performed by one or more processors, cause the one or more processors to perform operations comprising:
- accessing an activities history of an account associated with an online store, wherein the online store includes digital media including at least one of music, movies, books or apps;
  
  deriving a set of questions based on the activities history of an at least quasi-unique identifier associated with the account;
  
  deriving a set of questions based on a presumed media genre preference associated with the at least quasi-unique identifier;
  
  filtering questions from one or more sets of questions based on privacy settings;
  
  transmitting the one or more questions to a device to authenticate the at least quasi-unique identifier associated with the account;
  
  receiving a set of question metrics gathered during authentication;
  
  submitting the set of question metrics to a metrics database, wherein the set of question metrics includes a frequency in which certain type of question is filtered by privacy settings and the frequency in which a certain type of question is asked;
  
  receiving a periodic update of a quality score for one or more questions based on the set of question metrics; and
  
  adjusting the one or more questions based on the periodic update to the quality score.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium as in claim 15, wherein the activities history includes a purchase history associated with the account.
  - 17. The non-transitory computer-readable medium as in claim 15, the operations further comprising establishing correctness criteria for each set of questions and adjusting one or more questions based on quality score updates.
  - 18. The non-transitory computer-readable medium as in claim 17, wherein establishing correctness criteria for a set of questions comprises establishing correctness criteria for each question in the set of questions.
  - 19. The non-transitory computer-readable medium as in claim 15, wherein the set of question metrics additionally includes a frequency in which certain type of question is answered correctly or the frequency a certain type of question is answered incorrectly.
  - 20. The non-transitory computer-readable medium as in claim 15, further comprising adjusting the one or more questions based on the quality score to increase difficulty of the question for a malicious attacker or decrease difficulty of the question for a legitimate user of the account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
McLachlan, Jonathan G., Farrugia, Augustin J., Sullivan, Nicholas T.
Primary Examiner(s)
BEHESHTI SHIRAZI, SAYED ARESH

Application Number

US14/685,429
Publication Number

US 20150220926A1
Time in Patent Office

624 Days
Field of Search

726/5, 726/6, 726/7, 726/26, 705/2
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06Q 20/4014   Identity check for transact...

H04L 63/08   for authentication of entit...

H04L 63/1425   Traffic logging, e.g. anoma...

H04W 12/126   Anti-theft arrangements, e....

Adaptive secondary authentication criteria based on account data

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive secondary authentication criteria based on account data

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links