In knowledge-based authentication (KBA), an organization questions a user for particular personal information. Such questions may include “when were you married?”, “what was the make and model of your first car?”, and “what was the name of your first pet?”. The user must answer the set of questions correctly in order to prove to the organization that he or she is not an imposter.
Conventional KBA service providers form questions that an organization presents to a particular user based on facts concerning the particular user. To this effect, KBA service providers perform searching operations on facts in a database for instances of a user identifier corresponding to the particular user. The facts resulting from the searching operations are used to form the questions.
Along these lines, suppose that a conventional KBA service provider retrieves facts of multiple users from a LexisNexis® server and stores the facts in a database. Further, suppose that when the KBA service provider later performs an authentication operation on a user having an identifier User P, the KBA service provider retrieves facts stored in the database that are connected to User P. An example of such a fact includes “User P and User Q bought a house in Westborough, Mass. on Mar. 30, 2011 for $355,500 using agent User R.” The KBA service provider uses this fact to form questions, such as “On what day did you [User P] purchase your house in Westborough, Mass.?”, and “How much was the purchase price of your [User P's] home in Westborough, Mass.?”.