US 11,792,176 B1
Scalable risk-based authentication methods and systems
Michael W. Lester, Fair Oaks Ranch, TX (US); Debra Randall Casillas, Helotes, TX (US); Richard A. Davey, San Antonio, TX (US); Michael Frank Morris, San Antonio, TX (US); Maland Keith Mortensen, San Antonio, TX (US); John David Row, San Antonio, TX (US); Thomas Bret Buckingham, Fair Oaks Ranch, TX (US); and Tammy Sanclemente, Helotes, TX (US)
Assigned to United Services Automobile Association (USAA), San Antonio, TX (US)
Filed by United Services Automobile Association (USAA), San Antonio, TX (US)
Filed on Sep. 21, 2021, as Appl. No. 17/480,774.
Application 17/480,774 is a continuation of application No. 16/536,080, filed on Aug. 8, 2019, granted, now 11,159,505.
Application 16/536,080 is a continuation of application No. 16/160,797, filed on Oct. 15, 2018, granted, now 10,432,605, issued on Oct. 1, 2019.
Application 16/160,797 is a continuation of application No. 14/034,100, filed on Sep. 23, 2013, abandoned.
Application 14/034,100 is a continuation in part of application No. 13/425,227, filed on Mar. 20, 2012, granted, now 9,203,860, issued on Dec. 1, 2015.
Claims priority of provisional application 61/814,636, filed on Apr. 22, 2013.
Claims priority of provisional application 61/704,180, filed on Sep. 21, 2012.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/08 (2013.01) 20 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, from a user device, an activity request from a user;
ranking authentication methods according to a level of invasiveness for the activity request, wherein the ranking assigns rank values, for each particular authentication method, according to a level of user-provided information the particular authentication method requires and a level of passive information provided by the user device for the particular authentication method; and
generating an authentication plan that includes an authentication method, wherein the authentication plan:
compares an identity trust score to an activity trust threshold for the activity request; and
selects the authentication method, in part, according to the level of invasiveness rankings such that authentication methods with higher levels of passive information provided by the user device are prioritized higher than authentication methods with higher levels of user-provided information.