US 12,170,657 B2
Generating dynamic security queries for knowledge-based authentication based on historical datasets
Joseph Benjamin Castinado, North Glenn, CO (US); Brandon Ingram, Charlotte, NC (US); Naoll Addisu Merdassa, Chakopee, MN (US); Kevin Graham Robberts, Charlotte, NC (US); and Ann Ta, Scottsdale, AZ (US)
Assigned to BANK OF AMERICA CORPORATION, Charlotte, NC (US)
Filed by BANK OF AMERICA CORPORATION, Charlotte, NC (US)
Filed on Jul. 29, 2021, as Appl. No. 17/388,550.
Prior Publication US 2023/0035919 A1, Feb. 2, 2023
Int. Cl. H04L 9/40 (2022.01); G06F 16/23 (2019.01); G06Q 40/02 (2023.01); G06Q 40/06 (2012.01)
CPC H04L 63/083 (2013.01) [G06F 16/2379 (2019.01); G06Q 40/02 (2013.01); G06Q 40/06 (2013.01)] 14 Claims
OG exemplary drawing
 
1. A system for user authentication, the system comprising:
one or more datastores, each datastore configured to store historical data associated with a plurality of users;
a computing platform including a memory, and one or more processing devices in communication with the memory, wherein the memory comprises Random Access Memory (RAM) and Read-Only Memory (ROM), wherein the ROM stores instructions that are executable by the one or more processing devices and configured to:
receive, from at least one of the one or more datastores, a historical dataset associated with one of the plurality of users,
apply, via an encryption engine, a plurality of encryption algorithms to a selected subset of data from the historical dataset, wherein the selected subset is selected at random,
generate, via the encryption engine, an authentication token, wherein the authentication token is based on a set of results of the plurality of encryption algorithms,
in response to generating the authentication token, exchange the authentication token amongst (i) a service or an application, and (ii) at least one of a user device or a managing entity, for storage at (i) the service or application, and (ii) at least one of the user device or the managing entity,
receive, from the one of the plurality of users, a request to access the service or the application,
in response to receiving the request, receive, from the at least one of the one or more datastores, the historical dataset associated with the one of the plurality of users,
determine one or more security queries and answers for the one or more security queries based on the historical dataset,
store the one or more security queries and the answers for the one or more security queries exclusively in the RAM,
authenticate the user by (i) presenting at least one of the one or more security queries to the user and receiving user responses to the least one of the one or more security queries that match the answers for the one or more security queries and (ii) transmitting the authentication token from the user device or the managing entity to the service or application to verify that the transmitted authentication token matches the exchanged authentication token stored at the service or the application, and
in response to authenticating the user, erase the one or more security queries and the answers for the one or more security queries from the RAM.