| CPC G06Q 20/4014 (2013.01) [G06F 21/31 (2013.01); G06F 21/316 (2013.01); H04L 9/3271 (2013.01); H04L 63/0876 (2013.01); G06F 2221/2149 (2013.01); H04L 9/3213 (2013.01); H04L 9/3226 (2013.01); H04L 9/3273 (2013.01)] | 20 Claims |
|
1. A computer-implemented method for authenticating a request for access to a host computing device, the host computing device in communication with an authenticating computing device, said method comprising:
receiving, at the host computing device, the request by a candidate user for access to data stored on the host computing device;
sending, by the host computing device to the authenticating computing device, an authentication request including at least one of a media access control (MAC) address and an Internet protocol (IP) address of a user device associated with the candidate user, wherein the authenticating computing device has access to a database storing transaction data comprising a plurality of records each corresponding to one of a plurality of previously completed payment transactions;
receiving, at the host computing device from the authenticating computing device, a challenge question and a correct answer to the challenge question, wherein the challenge question and the correct answer correspond to at least one of the previously completed payment transactions associated with the at least one of the MAC address and the IP address, and wherein the transaction data is not exposed to the host computing device;
causing, by the host computing device, the challenge question and a plurality of answers to be displayed to the candidate user, the plurality of answers including the correct answer and at least one incorrect answer;
receiving, at the host computing device from the candidate user, a selected answer from among the plurality of answers; and
determining, by the host computing device, whether to grant the requested access based on whether the selected answer matches the correct answer.
|