News Column

"Adaptive Secondary Authentication Criteria Based on Account Data" in Patent Application Approval Process

July 22, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- A patent application by the inventors McLachlan, Jonathan G. (San Francisco, CA); Farrugia, Augustin J. (Los Altos Hills, CA); Sullivan, Nicholas T. (San Francisco, CA), filed on December 31, 2012, was made available online on July 10, 2014, according to news reporting originating from Washington, D.C., by VerticalNews correspondents.

This patent application is assigned to Apple Inc.

The following quote was obtained by the news editors from the background information supplied by the inventors: "An online service provider is an organization or individual that provides digital or physical goods or services to customers, for which at least a portion of the interaction between the provider and the customer is performed through a computer network. Customers of the online service provider typically interact with the service, which can also be an online store, via some form of user account. Each customer's previous interactions are typically stored in some data structures or databases associated with the customer or user account of the online service provider, or online store. To differentiate between customers, an account identifier is typically assigned to each account. This identifier can be a specific number, a customer name or address, or an email address.

"Customers provide their account identifier in order to make transactions that are associated with their account. A security issue can arise if others know the identifier associated with a customer; a person other than the legitimate account user may attempt to fraudulently interact with the service as if they are an authorized user of the account. To authenticate the identity of a given customer, services typically employ a password system as a form of authentication, in which the customer presents a password with the account identifier to prove their identity as a legitimate customer. This is an example of single-factor authentication. In single factor authentication, if the primary authentication is compromised, for example, if customer's password is stolen, someone can use the authentication method to fraudulently access the account."

In addition to the background information obtained for this patent application, VerticalNews journalists also obtained the inventors' summary information for this patent application: "The embodiments described relate to a system and associated methods for an authentication challenge system for performing secondary authentication for an account associated with an online service provider, such as an online store for digital media and applications. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications (e.g., apps) for electronic computing devices.

"In one embodiment, the question engine can generate questions for use during secondary authentication by accessing a purchase history associated with an account of an online media store; deriving a set of questions based on the purchase history of a unique identifier associated with the account, including the digital media purchase history of the account; deriving a set of questions based on a presumed media genre preference associated with the unique identifier; and filtering questions from one or more sets of questions based on privacy settings. In one embodiment, the question generation engine can be configured to derive questions based on the location history of a device associated with the unique identifier of an account of the online store.

"In one embodiment, the confidence engine can determine a confidence value associated a unique identifier associated with an account on the online store that is proportional to the authentication system's degree of confidence that the unique identifier associated with the account is being used by a legitimate or authorized user. The confidence engine can determine this value by examining details such as the account activity history associated with the unique identifier, the devices used with the account, the networks used to access the online store, and the geographic locations from which the device is used to access the online store. In one embodiment, a primary authentication confidence factor based on primary authentication statistics associated with the unique identifier can also be used.

"In one embodiment, the confidence engine can compute a score to model a risk of account fraud based on account activity. The confidence engine can compute the score by assigning a score to account activity, such as purchasing media from the online store, purchasing in-app assets via the online store, restoring past purchases from the online store; viewing financial information associated with the account; and changing financial information associated with the account.

"In one embodiment, the quality engine can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics by analyzing the frequency which certain questions or question types are asked, and the frequency which certain questions or question types are answered correctly, and applying a quality score to the questions based on the analysis of the question metrics. In one embodiment, the quality score can be determined by considering metrics associated with the difficulty level of a question as assessed against legitimate and illegitimate users.

"The above summary does not include an exhaustive list of all aspects of the present invention. It is contemplated that the invention includes all systems and methods that can be practiced from all suitable combinations of the various aspects summarized above, and also those disclosed in the Detailed Description below.

BRIEF DESCRIPTION OF THE DRAWINGS

"The present invention is illustrated by way of example and not limitation in the figures of the accompanying drawings in which like references indicate similar elements, and in which:

"FIG. 1 is a block diagram of one embodiment of an authentication challenge system for online service providers;

"FIG. 2 is a flow diagram illustrating an overview of one embodiment of the authentication challenge system;

"FIG. 3 is a flow diagram of the question engine logic according to one embodiment;

"FIG. 4 is a flow diagram of the confidence engine logic according to one embodiment;

"FIG. 5A is a flow diagram of the quality engine when configured to perform a difficulty assessment for generated questions, according to one embodiment;

"FIG. 5B is a flow diagram of the quality engine when configured to perform an aggregate quality assessment based on question metrics, according to one embodiment;

"FIG. 6 is flow diagram of the authentication challenge system authorization logic flow according to one embodiment;

"FIG. 7 is a block diagram illustrating one embodiment of a data processing system that can be used in a client device according to one embodiment; and

"FIG. 8 is a block diagram illustrating one embodiment of a data processing system, which can be used as an asset-purchasing device in conjunction with an online store application, or can be used as an online store server according to embodiments of the invention."

URL and more information on this patent application, see: McLachlan, Jonathan G.; Farrugia, Augustin J.; Sullivan, Nicholas T. Adaptive Secondary Authentication Criteria Based on Account Data. Filed December 31, 2012 and posted July 10, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=93&p=2&f=G&l=50&d=PG01&S1=20140703.PD.&OS=PD/20140703&RS=PD/20140703

Keywords for this news article include: Apple Inc., Legal Issues, Information Technology, Information and Data Processing.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters