Dynamic security questions in electronic account management

US 10,216,943 B2
Filed: 12/17/2015
Issued: 02/26/2019
Est. Priority Date: 12/17/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing access to an electronic account, the method comprising:

receiving, by a first computer from a second computer over a network, in response to information entered into a graphical user interface (GUI) displayed on the second computer, a plurality of security questions and, for each security question, a plurality of answers and one or more rules for generating a security question from the plurality of security questions and an answer from the plurality of answers, wherein the one or more rules determine which of the security questions to generate based on first contextual information associated with the user, which answer to generate based on second contextual information associated with the user, the rules specifying the at least one answer of the plurality of answers include one or more dynamic elements based upon a time in a number of minutes associated with the user, the dynamic elements varying based upon the second contextual information associated with the user, and the GUI allows the user to disable each security question;

storing, by the first computer, the security questions, the answers, the rules for generating a security question, an answer, a name for each security question assigned by the user, and whether each security question is disabled in a database, whereby the security questions, the answers, and the rules for generating a security question and an answer are associated with additional security credentials of the user; and

in response to receiving, by the first computer from the second computer over the network, via information entered into the GUI on the second computer, a request to provide access to an electronic account associated with the user;

retrieving, by the first computer, from the database, the plurality of security questions, the plurality of answers, and the rules for generating a security question for each security question not disabled and an answer;

generating, by the first computer, a security question, based on the retrieved rules and the first contextual information associated with the user;

generating, by the first computer, a first answer to the generated security question, based on, the retrieved rules, and the second contextual information associated with the user;

transmitting, by the first computer, the generated security question to the second computer via the network;

receiving, by the first computer from the second computer over the network a second answer to the generated security question based on information entered into the GUI on the second computer displaying a time to the user including a number of minutes for the user to generate a currently correct answer of the plurality of answers;

determining, by the first computer, that the first answer matches the second answer; and

granting, by the first computer, the second computer access to the electronic account, based on the additional security credentials of the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Dynamic security questions. In an embodiment of the invention, a security question and one or more rules for generating an answer to the security question are received. The security question and the rules for generating and answer to the security question are associated with security credentials of a user. For authentication, a first answer to a security question associated with a user is received. One or more rules for generating an answer to the security question are retrieved. A second answer to the security question is generated, based on the retrieved rules. The first answer is compared with the second answer, and the user is authenticated, based on the first answer matching the second answer.

52 Citations

View as Search Results

18 Claims

1. A computer-implemented method for providing access to an electronic account, the method comprising:
- receiving, by a first computer from a second computer over a network, in response to information entered into a graphical user interface (GUI) displayed on the second computer, a plurality of security questions and, for each security question, a plurality of answers and one or more rules for generating a security question from the plurality of security questions and an answer from the plurality of answers, wherein the one or more rules determine which of the security questions to generate based on first contextual information associated with the user, which answer to generate based on second contextual information associated with the user, the rules specifying the at least one answer of the plurality of answers include one or more dynamic elements based upon a time in a number of minutes associated with the user, the dynamic elements varying based upon the second contextual information associated with the user, and the GUI allows the user to disable each security question;
  
  storing, by the first computer, the security questions, the answers, the rules for generating a security question, an answer, a name for each security question assigned by the user, and whether each security question is disabled in a database, whereby the security questions, the answers, and the rules for generating a security question and an answer are associated with additional security credentials of the user; and
  
  in response to receiving, by the first computer from the second computer over the network, via information entered into the GUI on the second computer, a request to provide access to an electronic account associated with the user;
  
  retrieving, by the first computer, from the database, the plurality of security questions, the plurality of answers, and the rules for generating a security question for each security question not disabled and an answer;
  
  generating, by the first computer, a security question, based on the retrieved rules and the first contextual information associated with the user;
  
  generating, by the first computer, a first answer to the generated security question, based on, the retrieved rules, and the second contextual information associated with the user;
  
  transmitting, by the first computer, the generated security question to the second computer via the network;
  
  receiving, by the first computer from the second computer over the network a second answer to the generated security question based on information entered into the GUI on the second computer displaying a time to the user including a number of minutes for the user to generate a currently correct answer of the plurality of answers;
  
  determining, by the first computer, that the first answer matches the second answer; and
  
  granting, by the first computer, the second computer access to the electronic account, based on the additional security credentials of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method in accordance with claim 1, wherein the first computer is selected from the group consisting of a mobile computing device and a cloud computing node.
  - 3. A method in accordance with claim 1, wherein the rules for generating a security question from the plurality of security questions and an answer from the plurality of answers comprise rules for selecting a question from a set of predefined questions and an answer from a set of predefined answers.
  - 4. A method in accordance with claim 1, wherein the second contextual information is configured by the user when configuring security to the electronic account, the first contextual information associated with the user and the second contextual information associated with and defined by the user each comprise one or more information selected from the group consisting of:
    - a current location of the user, a location of a recent transaction, a type of recent transaction, and recent transaction amount.
  - 5. A computer system in accordance with claim 1, wherein the GUI is a dedicated application and interfaces with a dynamic security question program on the first computer.
  - 6. A computer system in accordance with claim 1, wherein the GUI allows the user to specify conditions under which each security question is to be used as a dynamic security question with a specify conditions pane in the GUI.
  - 7. A computer system in accordance with claim 1, wherein the GUI allows the user to log on to disable dynamic security question generation via a user setting.
  - 8. A method in accordance with claim 1, wherein the one or more rules specify the static part and the one or more dynamic elements are represented within a character string.
  - 9. A method in accordance with claim 8, wherein the one or more rules specify that multiple dynamic elements are inserted at multiple reference character positions in the character string.
  - 10. A method in accordance with claim 8, wherein at least one of the one or more dynamic elements are based upon whether a time is even or odd, a time odd when a number of minutes is odd and even when the number of minutes is even.
  - 11. A method in accordance with claim 1, wherein the one or more rules specify the at least one answer of the plurality of answers includes a static part and two or more dynamic elements that vary based upon the second contextual information associated with the user, the static part and the two or more dynamic elements represented within the character string, each of the two or more dynamic elements inserted in the string based upon different numeric reference character positions.

12. A computer system for providing access to an electronic account, the computer system comprising:
- one or more computer processors, one or more non-transitory computer-readable storage media, and program instructions stored on the one or more non-transitory computer-readable storage media, which when executed cause at least one of the one or more processors to perform a method, comprising;
  
  receiving, by a first computer from a second computer over a network, in response to information entered into a graphical user interface (GUI) displayed on the second computer, a plurality of security questions and, for each security question, a plurality of answers and one or more rules for generating a security question from the plurality of security questions and an answer from the plurality of answers, wherein the one or more rules determine which of the security questions to generate based on first contextual information associated with the user, which answer to generate based on second contextual information associated with the user, the rules specifying the at least one answer of the plurality of answers include one or more dynamic elements based upon a time in a number of minutes associated with the user, the dynamic elements varying based upon the second contextual information associated with the user, and the GUI allows the user to disable each security question;
  
  storing, by the first computer, the security questions, the answers, the rules for generating a security question, an answer, a name for each security question assigned by the user, and whether each security question is disabled in a database, whereby the security questions, the answers, and the rules for generating a security question and an answer are associated with additional security credentials of the user; and
  
  in response to receiving, by the first computer from the second computer over the network via information entered into the GUI on the second computer, a request to provide access to an electronic account associated with the user;
  
  retrieving by the first computer, from the database, the plurality of security questions, the plurality of answers, and the rules for generating a security question for each security question not disabled and an answer;
  
  generating, by the first computer, a security question, based on the currently correct answer, the retrieved rules, and the first contextual information associated with the user;
  
  generating, by the first computer, a first answer to the generated security question, based on the retrieved rules and the second contextual information associated with the user;
  
  transmitting, by the first computer, the generated security question to the second computer via the network;
  
  receiving, by the first computer from the second computer over the network a second answer to the generated security question based on information entered into the GUI on the second computer displaying a time to the user including a number of minutes for the user to generate a currently correct answer of the plurality of answers;
  
  determining, by the first computer, that the first answer matches the second answer; and
  
  granting, by the first computer, the second computer access to the electronic account, based on the additional security credentials of the user.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. A computer system in accordance with claim 12, wherein the rules for generating a security question from the plurality of security questions and an answer from the plurality of answers comprise rules for selecting a question from a set of predefined questions and an answer from a set of predefined answers.
  - 14. A computer system in accordance with claim 12, wherein the second contextual information is configured by the user when configuring security to the electronic account, the first contextual information associated with the user and the second contextual information associated with and defined by the user each comprise one or more information selected from the group consisting of:
    - a current location of the user, a location of a recent transaction, a type of recent transaction, and recent transaction amount.
  - 15. A computer system in accordance with claim 12, wherein the second computer is selected from the group consisting of a mobile computing device and a cloud computing node.
  - 16. A computer system in accordance with claim 12, wherein the GUI is a web browser.
  - 17. A computer system in accordance with claim 12, wherein the GUI allows the user to specify conditions under which each security question is to be used as a dynamic security question with a specify conditions pane in the GUI.
  - 18. A computer system in accordance with claim 12, wherein the GUI allows the user to log on to disable dynamic security question generation via a user setting.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Krishna, Hariharan, Ramakrishnan, Arun, Shetty, Ashrith, Shetty, Rohit
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Teng, Louis C

Application Number

US14/972,145
Publication Number

US 20170177881A1
Time in Patent Office

1,167 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/604   Tools and structures for ma...

G06F 2221/2131   Lost password, e.g. recover...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Dynamic security questions in electronic account management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic security questions in electronic account management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links