Password-based fraud detection
US-9838384-B1 · Dec 5, 2017 · US
Compromise alert and reissuance
US10489565B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10489565-B2 |
| Application number | US-201715613581-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 5, 2017 |
| Priority date | Jun 3, 2016 |
| Publication date | Nov 26, 2019 |
| Grant date | Nov 26, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A user device operated by a user receives a compromise alert indicating a potentially compromised use of first access data associated with a user. The compromise alert enables the user to input a response to the compromise alert, where the response can indicate that the first access data is compromised along with a request to issue new access data for the user. The response is sent to a server computer, which then initiates a process to disable use of the first access data and generate the new access data. The new access data is transmitted to the user device. The user can utilize the new access data to request access to a resource.
First claim
Opening claim text (preview).
What is claimed: 1. A method comprising: receiving, by a server computer, a first request for access to a resource; determining, using a compromise engine of the server computer, that first access data associated with the first request for access to the resource has been potentially compromised based at least in part on information associated with historical interactions using the first access data with the resource and a threshold, the first access data associated with a user; sending, by the server computer to a user device associated with the user, a compromise alert that indicates a potential compromise of the first access data associated with the user; receiving, by the server computer, a request input by the user into the user device to issue second access data in response to the compromise alert, and identification information associated with the user or the user device; authenticating, by the server computer, the user based at least in part on the identification information; in response to authenticating the user: initiating, by the server computer, generation of the second access data, wherein the user can utilize the second access data to request access to the resource; and transmitting, by the server computer, the second access data to the user device. 2. The method of claim 1 , wherein initiating generation of the second access data comprises: sending, by the server computer, a second request to an authorization computer to issue the second access data for the user, wherein the authorization computer generates the second access data; and receiving, by the server computer, the second access data from the authorization computer. 3. The method of claim 2 , further comprising: generating, by the server computer, a token to include in the second access data, wherein the user can utilize the token to request access. 4. The method of claim 2 , further comprising: disabling, by the server computer, use of the first access data. 5. The method of claim 4 , further comprising: receiving, by the server computer, a third request for access to the resource; determining, by the server computer, that the third request for access to the resource was initiated using the first access data; and declining, by the server computer, the third request for access to the resource. 6. The method of claim 1 , wherein initiating generation of the second access data comprises: invalidating, by the server computer, the first access data including a first token; and generating, by the server computer, the second access data including a second token, wherein the user can utilize the second token to request access to the resource. 7. The method of claim 6 , further comprising: receiving, by the server computer, a second request for access to the resource; determining, by the server computer, that the second request for access to the resource was initiated using the invalidated first access data; and declining, by the server computer, the second request for access to the resource. 8. The method of claim 1 , further comprising: generating, by the server computer, a session identifier that is unique to the user device; sending, by the server computer, one or more messages with the session identifier; receiving, by the server computer, one or more messages with the session identifier; and determining, by the server computer, that the one or more messages are associated with the user device based on the session identifier. 9. The method of claim 1 , further comprising, prior to determining that the first access data associated with the user has been potentially compromised: generating, by the server computer, the compromise alert; and determining, by the server computer, contact information associated with the user for sending the compromise alert to the user device. 10. A server computer comprising: a processor; and a memory element comprising code, executable by the processor, for implementing a method comprising: receiving a first request for access to a resource; determining, using a compromise engine, that first access data associated with the first request for access to the resource has been potentially compromised based at least in part on information associated with historical interactions using the first access data with the resource and a threshold, the first access data associated with a user; sending, to a user device associated with the user, a compromise alert that indicates a potential compromise of the first access data associated with the user; receiving a request input by the user into the user device to issue second access data in response to the compromise alert, and identification information associated with the user or the user device; authenticating the user based at least in part on the identification information; initiating, in response to authenticating the user, generation of the second access data, wherein the user can utilize the second access data to request access to the resource; and transmitting the second access data to the user device. 11. The server computer of claim 10 , wherein the step of initiating generation of the second access data in the method comprises: sending a second request to an authorization computer to issue the second access data for the user, wherein the authorization computer generates the second access data; and receiving the second access data from the authorization computer. 12. The server computer of claim 11 , the method further comprising: generating a token to include in the second access data, wherein the user can utilize the token to request access. 13. The server computer of claim 11 , the method further comprising: disabling use of the first access data. 14. The server computer of claim 13 , the method further comprising: receiving a third request for access to the resource; determining that the third request for access to the resource was initiated using the first access data; and declining the third request for access to the resource. 15. The server computer of claim 10 , wherein the step of initiating generation of the second access data in the method comprises: invalidating the first access data including a first token; and generating the second access data including a second token, wherein the user can utilize the second token to request access to the resource. 16. The server computer of claim 15 , the method further comprising: receiving a second request for access to the resource; determining that the second request for access to the resource was initiated using the invalidated first access data; and declining the second request for access to the resource. 17. The server computer of claim 15 , the method further comprising: sending information indicating that the first access data is invalid to a service provider computer, wherein the service provider computer invalidates use of the first access data. 18. A user device associated with a user comprising: a processor; and a memory element comprising code, executable by the processor, for implementing a method comprising: receiving, from a server computer, a compromise alert that indicates a potential compromise of first access data associated with a request to access a resource, the first access data associated with the user, the potential compromise of the first access data determined by the server computer based at least in part on information associated with historical interactions using the first access data with the resource and a threshold; receiving a request input by
Assignees
Inventors
Classifications
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
- G06F21/31Primary
User authentication · CPC title
involving event detection and direct action · CPC title
Event detection, e.g. attack signature detection · CPC title
Structures or tools for the administration of authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10489565B2 cover?
- A user device operated by a user receives a compromise alert indicating a potentially compromised use of first access data associated with a user. The compromise alert enables the user to input a response to the compromise alert, where the response can indicate that the first access data is compromised along with a request to issue new access data for the user. The response is sent to a server …
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification G06F21/31. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 26 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).