	US 12,278,813 B2
	System architecture and database for context-based authentication
Brian Piel, Ballwin, MO (US)
Assigned to MASTERCARD INTERNATIONAL INCORPORATED, Purchase, NY (US)
Filed by MASTERCARD INTERNATIONAL INCORPORATED, Purchase, NY (US)
Filed on Mar. 4, 2022, as Appl. No. 17/687,279.
Application 17/687,279 is a continuation of application No. 16/025,851, filed on Jul. 2, 2018, granted, now 11,271,930.
Prior Publication US 2022/0191198 A1, Jun. 16, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01); G06Q 20/40 (2012.01)

CPC H04L 63/0861 (2013.01) [H04L 63/102 (2013.01); H04L 63/105 (2013.01); H04L 63/20 (2013.01); G06Q 20/4014 (2013.01)]

20 Claims

1. An authentication correlation (AC) computing device in communication with at least one secure computer network, the AC computing device comprising at least one processor and a memory, the AC computing device configured to:

store one or more authentication rules in the memory, wherein the one or more authentication rules define a timeframe and an authentication level threshold for approval of subsequent authentication requests after a first authentication request;

in response to a user initiating access of a first secure computer network, receive the first authentication request for the accessing of the first secure computer network, the first authentication request including a first user identifier, a first timestamp, and a first authentication factor, the first authentication factor representing a type of authentication performed in authenticating the user for accessing the first secure computer network;

determine, based upon the first authenticator factor, a first security level of the type of authentication performed in authenticating the user as a legitimate user authorized to access the first secure computer network;

in response to the user initiating access of a second secure computer network, receive a second authentication request for the accessing of the second secure computer network, wherein the second authentication request includes a second user identifier, a second timestamp, and a second authentication factor, and wherein the first and second user identifiers are associated with the same user;

determine a second security level associated with the second authentication factor;

determine whether the second security level is less secure than the first security level;

in response to determining that (i) the second security level is less secure than the first security level, (ii) the second authentication request was received within the timeframe based on a comparison of the first and second timestamps, and (iii) the first security level satisfies the authentication level threshold, apply the one or more authentication rules to the second authentication request; and

authenticate, based upon the application of the one or more authentication rules, the user as the legitimate user, thereby enabling access to the user to the first secure computer network and the second secure computer network without requiring additional authentication input from the user.