On July 3, 2014, the US Patent & Trademark Office published a patent application from Apple that reveals a new dual-factor authentication system for Apple's iTunes Store and beyond. Whether you're buying a Mac or renting a movie from iTunes, Apple wants to beef up security to safeguard your account. The new system will introduce two key elements to their authorization process that will make it extremely difficult for un-Authorized user's to make a purchase on your account. Technically Apple will be adding a third factor, by asking questions about your purchase history.
Apple's Patent Background
An online service provider is an organization or individual that provides digital or physical goods or services to customers, for which at least a portion of the interaction between the provider and the customer is performed through a computer network. Customers of the online service provider typically interact with the service, which can also be an online store, via some form of user account. Each customer's previous interactions are typically stored in some data structures or databases associated with the customer or user account of the online service provider, or online store. To differentiate between customers, an account identifier is typically assigned to each account. This identifier can be a specific number, a customer name or address, or an email address.
Customers provide their account identifier in order to make transactions that are associated with their account. A security issue can arise if others know the identifier associated with a customer; a person other than the legitimate account user may attempt to fraudulently interact with the service as if they are an authorized user of the account.
To authenticate the identity of a given customer, services typically employ a password system as a form of authentication, in which the customer presents a password with the account identifier to prove their identity as a legitimate customer. This is an example of single-factor authentication. In single factor authentication, if the primary authentication is compromised, for example, if customer's password is stolen, someone can use the authentication method to fraudulently access the account.
Apple Invents Dual-Factor Authentication System
Apple's invention generally relates to a system and associated methods for an authentication challenge system for performing secondary authentication for an account associated with an online service provider, such as an online store for digital media and applications.
In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can be iTunes which includes digital media, such as music, movies, books or applications (e.g., apps) for electronic computing devices.
Questions based on Purchase History
In one embodiment, the question engine can generate questions for use during secondary authentication by accessing a purchase history associated with an account of an online media store; deriving a set of questions based on the purchase history of a unique identifier associated with the account, including the digital media purchase history of the account; deriving a set of questions based on a presumed media genre preference associated with the unique identifier; and filtering questions from one or more sets of questions based on privacy settings. In one embodiment, the question generation engine can be configured to derive questions based on the location history of a device associated with the unique identifier of an account of the online store.
Apple's Confidence Engine
In one embodiment notes that their new confidence engine can determine a confidence value associated a unique identifier associated with an account on the online store that is proportional to the authentication system's degree of confidence that the unique identifier associated with the account is being used by a legitimate or authorized user. The confidence engine can determine this value by examining details such as the account activity history associated with the unique identifier, the devices used with the account, the networks used to access the online store, and the geographic locations from which the device is used to access the online store.
In one embodiment, a primary authentication confidence factor based on primary authentication statistics associated with the unique identifier can also be used.
In one embodiment, the confidence engine can compute a score to model a risk of account fraud based on account activity. The confidence engine can compute the score by assigning a score to account activity, such as purchasing media from the online store, purchasing in-app assets via the online store, restoring past purchases from the online store; viewing financial information associated with the account; and changing financial information associated with the account.
Apple's Quality Engine
In another embodiment, Apple introduces their new quality engine that can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics by analyzing the frequency which certain questions or question types are asked, and the frequency which certain questions or question types are answered correctly, and applying a quality score to the questions based on the analysis of the question metrics. In one embodiment, the quality score can be determined by considering metrics associated with the difficulty level of a question as assessed against legitimate and illegitimate users.
Apple credits Jonathan McLachlan, Augustine Farrugia and Nicholas Sullivan as the inventors of patent application 20140189829 which was originally filed in Q4 2012. Considering that this is a patent application, the timing of such a product to market is unknown at this time.
A Note for Tech Sites covering our Report: We ask tech sites covering our report to kindly limit the use of our graphics to one image. Thanking you in advance for your cooperation.
Patently Apple presents a detailed summary of patent applications with associated graphics for journalistic news purposes as each such patent application is revealed by the U.S. Patent & Trade Office. Readers are cautioned that the full text of any patent application should be read in its entirety for full and accurate details. About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments. Comments are reviewed daily from 4am to 8pm MST and sporadically over the weekend.
New on Patently Mobile this Week