User authentication by token and comparison to visitation pattern

US 10,121,142 B2
Filed: 04/11/2014
Issued: 11/06/2018
Est. Priority Date: 04/11/2014
Status: Active Grant

First Claim

Patent Images

1. An apparatus disposed proximate a financial institution location, the apparatus for receiving a token from a wearable device carried by a customer, the token for user authentication based on a visitation pattern of the customer, the apparatus comprising:

a memory;

a processor; and

a module stored in the memory, executable by the processor, and configured to;

receive, from the wearable device carried by the customer, the token comprising user authentication information associated with the customer, wherein receiving the token indicates a current visit of the customer to the financial institution location;

receive, from the wearable device carried by the customer, financial transaction limitation information indicating at least one limitation on transactions performed with the token;

access, based at least in part on the user authentication information, a visitation history from a customer profile associated with the customer;

determine, based at least in part on the visitation history, whether the current visit falls within a recognized visitation pattern;

if so, determine that a required level of authentication for the current visit is a soft level of authentication, wherein the soft level of authentication is one of a plurality of levels of authentication comprising a continuum of authentication; and

if not, determine that the required level of authentication for the current visit is a hard level of authentication, wherein the hard level of authentication is one of the plurality of levels of authentication comprising the continuum of authentication and wherein the hard level of authentication requires full authentication credentials;

receive a request to perform a financial transaction from the customer;

determine that the requested financial transaction exceeds the at least one limitation indicated by the financial transaction limitation information;

in response to determining that the requested financial transaction exceeds the at least one limitation, identify that the requested financial transaction qualifies for an exception to the at least one limitation indicated by the financial transaction limitation information based on at least one of;

identifying that a number of days between a current real-time date and an expiration date of the token is less than a predetermined limit; and

identifying that a category of the requested financial transaction is within a predetermined list of categories; and

in response to determining that the requested financial transaction qualifies for the exception, authenticate, based on the required level of authentication, the customer to initiate the financial transaction at the financial institution location.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to receiving a token from a wearable device carried by a customer, the token for user authentication based on a visitation pattern of the customer. Embodiments include receive, from the wearable device carried by the customer, the token comprising user authentication information associated with the customer, wherein receiving the token indicates a current visit of the customer to the financial institution location; access, based at least in part on the user authentication information, a visitation history from a customer profile associated with the customer; determine, based at least in part on the visitation history, whether the current visit falls within a recognized visitation pattern; and authenticate, based at least in part on the determination, the customer for performing a transaction at the financial institution location.

Citations

15 Claims

1. An apparatus disposed proximate a financial institution location, the apparatus for receiving a token from a wearable device carried by a customer, the token for user authentication based on a visitation pattern of the customer, the apparatus comprising:
- a memory;
  
  a processor; and
  
  a module stored in the memory, executable by the processor, and configured to;
  
  receive, from the wearable device carried by the customer, the token comprising user authentication information associated with the customer, wherein receiving the token indicates a current visit of the customer to the financial institution location;
  
  receive, from the wearable device carried by the customer, financial transaction limitation information indicating at least one limitation on transactions performed with the token;
  
  access, based at least in part on the user authentication information, a visitation history from a customer profile associated with the customer;
  
  determine, based at least in part on the visitation history, whether the current visit falls within a recognized visitation pattern;
  
  if so, determine that a required level of authentication for the current visit is a soft level of authentication, wherein the soft level of authentication is one of a plurality of levels of authentication comprising a continuum of authentication; and
  
  if not, determine that the required level of authentication for the current visit is a hard level of authentication, wherein the hard level of authentication is one of the plurality of levels of authentication comprising the continuum of authentication and wherein the hard level of authentication requires full authentication credentials;
  
  receive a request to perform a financial transaction from the customer;
  
  determine that the requested financial transaction exceeds the at least one limitation indicated by the financial transaction limitation information;
  
  in response to determining that the requested financial transaction exceeds the at least one limitation, identify that the requested financial transaction qualifies for an exception to the at least one limitation indicated by the financial transaction limitation information based on at least one of;
  
  identifying that a number of days between a current real-time date and an expiration date of the token is less than a predetermined limit; and
  
  identifying that a category of the requested financial transaction is within a predetermined list of categories; and
  
  in response to determining that the requested financial transaction qualifies for the exception, authenticate, based on the required level of authentication, the customer to initiate the financial transaction at the financial institution location.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein the current visit falls within the recognized visitation pattern;
    - and wherein determining that the current visit requires the soft level of authentication comprises determining a zero level of authentication wherein authentication requires no additional credentials.
  - 3. The apparatus of claim 1, wherein the current visit falls within the recognized visitation pattern;
    - wherein determining the soft level of authentication requires authentication that is less than a full level of authentication; and
      
      wherein the soft level of authentication requires at least one additional authentication credential.
  - 4. The apparatus of claim 1, wherein the visitation history comprises time information indicating when the customer typically visits the financial institution location;
    - andwherein determining whether the current visit falls within the recognized visitation pattern comprises comparing a time, date, and/or day of a week associated with the current visit and the time information.
  - 5. The apparatus of claim 1, wherein the visitation history comprises transaction information indicating an amount of a transaction conducted when the customer visits the financial institution location;
    - andwherein determining whether the current visit falls within the recognized visitation pattern comprises comparing a transaction amount associated with the current visit and the transaction information.

6. A method for receiving a token from a wearable device carried by a customer, the token for user authentication based on a visitation pattern of the customer, the method comprising:
- receiving, at an apparatus proximate a financial institution location and from the wearable device carried by the customer, the token comprising user authentication information associated with the customer, wherein receiving the token indicates a current visit of the customer to the financial institution location;
  
  receiving, by the apparatus, financial transaction limitation information indicating at least one limitation on transactions performed with the token from the wearable device carried by the customer;
  
  accessing, by the apparatus and based at least in part on the user authentication information, a visitation history from a customer profile associated with the customer;
  
  determining, by the apparatus and based at least in part on the visitation history, whether the current visit falls within a recognized visitation pattern;
  
  if so, determining that a required level of authentication for the current visit is a soft level of authentication, wherein the soft level of authentication is one of a plurality of levels of authentication comprising a continuum of authentication; and
  
  if not, determining that the required level of authentication for the current visit is a hard level of authentication, wherein the hard level of authentication is one of the plurality of levels of authentication comprising the continuum of authentication and wherein the hard level of authentication requires full authentication credentials;
  
  receiving a request to perform a financial transaction from the customer;
  
  determining that the requested financial transaction exceeds the at least one limitation indicated by the financial transaction limitation information;
  
  in response to determining that the requested financial transaction exceeds the at least one limitation, identify that the requested financial transaction qualifies for an exception to the at least one limitation indicated by the financial transaction limitation information based on at least one of;
  
  identifying that a number of days between a current real-time date and an expiration date of the token is less than a predetermined limit; and
  
  identifying that a category of the requested financial transaction is within a predetermined list of categories; and
  
  in response to determining that the requested financial transaction qualifies for the exception, authenticating, by the apparatus and based at least in part on the determination, the customer to initiate the financial transaction at the financial institution location.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the current visit falls within the recognized visitation pattern;
    - and wherein determining that the current visit requires the soft level of authentication comprises determining a zero level of authentication wherein the soft level of authentication requires no additional credentials.
  - 8. The method of claim 6, wherein the current visit falls within the recognized visitation pattern;
    - wherein determining the soft level of authentication comprises determining the soft level of authentication requires authentication that is less than a full level of authentication; and
      
      wherein the soft level of authentication requires at least one additional authentication credential.
  - 9. The method of claim 6, wherein the visitation history comprises time information indicating when the customer typically visits the financial institution location;
    - andwherein determining whether the current visit falls within the recognized visitation pattern comprises comparing a time, date, and/or day of a week associated with the current visit and the time information.
  - 10. The method of claim 6, wherein the visitation history comprises transaction information indicating an amount of a transaction conducted when the customer visits the financial institution location;
    - andwherein determining whether the current visit falls within the recognized visitation pattern comprises comparing a transaction amount associated with the current visit and the transaction information.

11. A computer program product for receiving a token from a wearable device carried by a customer, the token for user authentication based on a visitation pattern of the customer, the computer program product comprising a non-transitory computer-readable medium comprising code causing a first apparatus to:
- receive, from the wearable device carried by the customer, the token comprising user authentication information associated with the customer, wherein receiving the token indicates a current visit of the customer to the financial institution location;
  
  receive, from the wearable device carried by the customer, financial transaction limitation information indicating at least one limitation on transactions performed with the token;
  
  access, based at least in part on the user authentication information, a visitation history from a customer profile associated with the customer;
  
  determine, based at least in part on the visitation history, whether the current visit falls within a recognized visitation pattern;
  
  if so, determine that a required level of authentication for the current visit is a soft level of authentication, wherein the soft level of authentication is one of a plurality of levels of authentication comprising a continuum of authentication; and
  
  if not, determine that the required level of authentication for the current visit is a hard level of authentication, wherein the hard level of authentication is one of the plurality of levels of authentication comprising the continuum of authentication and wherein the hard level of authentication requires full authentication credentials;
  
  receive a request to perform a financial transaction from the customer;
  
  determine that the requested financial transaction exceeds the at least one limitation indicated by the financial transaction limitation information;
  
  in response to determining that the requested financial transaction exceeds the at least one limitation, identify that the requested financial transaction qualifies for an exception to the at least one limitation indicated by the financial transaction limitation information based on at least one of;
  
  identifying that a number of days between a current real-time date and an expiration date of the token is less than a predetermined limit; and
  
  identifying that a category of the requested financial transaction is within a predetermined list of categories; and
  
  in response to determining that the requested financial transaction qualifies for the exception, authenticate, based on the required level of authentication, the customer to initiate the financial transaction at the financial institution location.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer program product of claim 11, wherein the visitation history comprises time information indicating when the customer typically visits the financial institution location;
    - andwherein determining whether the current visit falls within the recognized visitation pattern comprises comparing a time, date, and/or day of a week associated with the current visit and the time information.
  - 13. The computer program product of claim 11, wherein the visitation history comprises transaction information indicating an amount of a transaction conducted when the customer visits the financial institution location;
    - andwherein determining whether the current visit falls within the recognized visitation pattern comprises comparing a transaction amount associated with the current visit and the transaction information.
  - 14. The computer program product of claim 11, wherein the current visit falls within the recognized visitation pattern;
    - and wherein determining that the current visit requires the soft level of authentication comprises determining a zero level of authentication wherein the soft level of authentication requires no additional credentials.
  - 15. The computer program product of claim 11, wherein the current visit falls within the recognized visitation pattern;
    - wherein determining the soft level of authentication comprises determining the soft level of authentication requires authentication that is less than a full level of authentication; and
      
      wherein the soft level of authentication requires at least one additional authentication credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Grigg, David M., Starbuck, Richard Andrew, Hanson, Carrie Anne, Jones, Alicia C.
Primary Examiner(s)
Stanford, Christopher

Application Number

US14/251,291
Publication Number

US 20150294306A1
Time in Patent Office

1,670 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/321   using wearable devices

G06Q 20/363   with the personal data of a...

G06Q 20/3821   Electronic credentials

G06Q 20/385   using an alias or single-us...

G06Q 20/4016   involving fraud or risk lev...

G06Q 2220/00   Business processing using c...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

User authentication by token and comparison to visitation pattern

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication by token and comparison to visitation pattern

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links