摘要 |
An improved technique authenticates a user based on an ability to corroborate previous transaction data sent by a user device. Along these lines, the improved technique makes use of an independent information source for verifying the accuracy of previous transaction data obtained by a given collector. For example, when a collector of location data is a GPS unit of a cell phone, an independent information source may be a cell tower closest to the cell phone at the time of the transaction. While location data provided by the cell tower may not be as precise as that provided by the GPS unit, such data is useful for corroborating the location data from the GPS unit. In this scenario, if the data provided by the cell tower fails to corroborate that provided by the GPS unit, then the GPS unit adds significant risk to authenticating the user. |
主权项 |
1. A method of providing user authentication, the method comprising:
after completion of an authentication operation resulting in successful authentication of a user based on an initial value of a risk-based authentication factor from an electronic device, obtaining, by processing circuitry, a corroborating value from an independent information source to corroborate the initial value of the risk-based authentication factor; receiving, by the processing circuitry, an authentication request to authenticate the user, the authentication request including a new value of the risk-based authentication factor from the electronic device; and in response to the authentication request, authenticating, by the processing circuitry, the user based on (i) the new value of the risk-based authentication factor, (ii) the initial value of the risk-based authentication factor, and (iii) the corroborating value obtained from the independent information source; wherein authenticating includes:
obtaining, by the processing circuitry, an age of the corroboration value obtained from the independent information source;comparing, by the processing circuitry, the age of the corroboration value to a threshold to produce a comparison result indicating whether the corroboration value is too old to be used in authenticating the user;inputting, by the processing circuitry, (i) the new value of the risk-based authentication factor, (ii) the initial value of the risk-based authentication factor, and (iii) the corroborating value into a risk engine to produce a risk score in response to the comparison result indicating that the corroboration value is not too old to be used in authenticating the user; andinputting, by the processing circuitry, (i) the new value of the risk-based authentication factor and (ii) the initial value of the risk-based authentication factor into the risk engine to produce a risk score in response to the comparison result indicating that the corroboration value is too old to be used in authenticating the user. |