Method and apparatus for token-based re-authentication

Assignee

• Bank of America Corporation · US

Inventors

• Rakesh Radhakrishnan · Ashburn, US
• Cynthia Ann Frick · Newark, US
• Radu Marian · Indian Trail, US
• Abdulkader Omar Barbir · Ottawa, CA
• Rajat P. Badhwar · Leesburg, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/33
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

According to one embodiment, an apparatus may store a plurality of tokens that indicate a user is using a device to access a resource over a network. The apparatus may detect at least one token indicating a change associated with at least one of the device, the network, or the resource. The apparatus may then determine to re-authenticate the user in response to the change. The apparatus may then request a password generated using personal information of the user, and receive a re-authentication token comprising the password generated using personal information of the user. The apparatus may then request, from the user, a second password. The request for the second password may include instructions on how to form the second password. The apparatus may receive a response comprising the second password and determine that the second password matches the password. The apparatus may then re-authenticate the user.