Method and apparatus of providing enhanced authentication and security for financial institution transactions

US 10,373,246 B1
Filed: 12/06/2011
Issued: 08/06/2019
Est. Priority Date: 12/06/2011
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a user transaction, the method comprising:

receiving, via an authenticating computing device, first user authentication information of a first type from a user during the user transaction;

receiving, via a receiver of an authenticating computing device, and from a mobile device of the user, second user authentication information, of a second type different than the first type, during the user transaction;

confirming, via a processor, the second user authentication information is correct;

performing at least one of triangulation and global positioning via communication with a base station communicating with the mobile device to determine a current location of the mobile device;

comparing the location of the mobile device to a known location of an entity associated with the user transaction;

identifying a plurality of location positions of the mobile device prior to the user transaction;

logging the plurality of location positions of the mobile device by periodically updating location information of the mobile device in a location database over a predetermined amount of time prior to the user transaction;

comparing the plurality of location positions of the mobile device to the known location of the entity associated with the user transaction;

performing, via the authenticating computing device, a first authentication of the user transaction based on the first user authentication information; and

performing, via the authenticating computing device, a second authentication of the user transaction based on the second user authentication information, wherein the second user authentication information includes information identifying a current location of the mobile device with respect to at least one of the plurality of location positions, wherein,in response to the first authentication being successful and the second authentication indicating that the at least one of the plurality of location positions of mobile device are within a predetermined distance of the known location of the entity associated with the user transaction, then remotely controlling a first level of access granted to the user for the user transaction, andin response to the first authentication being successful and the second authentication not indicating that the at least one of the plurality of location positions of mobile device are within a predetermined distance of the known location of the entity associated with the user transaction, then remotely controlling a second level of access, less than the first level of access, is granted to the user for the user transaction.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of the present invention may include a method and apparatus configured to authenticate a user transaction (e.g., point-of-sale, ATM transactions, etc.). One example method may include receiving user authentication information during the user transaction and confirming the user authentication information is correct. The method may also include determining a current user location by a location associated with the user'"'"'s mobile device, and comparing the current user location to a known location of an entity associated with the user transaction. The method may also include authenticating the transaction if the current user location is within a predetermined distance of the known location of the entity associated with the user transaction.

Citations

20 Claims

1. A method of authenticating a user transaction, the method comprising:
- receiving, via an authenticating computing device, first user authentication information of a first type from a user during the user transaction;
  
  receiving, via a receiver of an authenticating computing device, and from a mobile device of the user, second user authentication information, of a second type different than the first type, during the user transaction;
  
  confirming, via a processor, the second user authentication information is correct;
  
  performing at least one of triangulation and global positioning via communication with a base station communicating with the mobile device to determine a current location of the mobile device;
  
  comparing the location of the mobile device to a known location of an entity associated with the user transaction;
  
  identifying a plurality of location positions of the mobile device prior to the user transaction;
  
  logging the plurality of location positions of the mobile device by periodically updating location information of the mobile device in a location database over a predetermined amount of time prior to the user transaction;
  
  comparing the plurality of location positions of the mobile device to the known location of the entity associated with the user transaction;
  
  performing, via the authenticating computing device, a first authentication of the user transaction based on the first user authentication information; and
  
  performing, via the authenticating computing device, a second authentication of the user transaction based on the second user authentication information, wherein the second user authentication information includes information identifying a current location of the mobile device with respect to at least one of the plurality of location positions, wherein,in response to the first authentication being successful and the second authentication indicating that the at least one of the plurality of location positions of mobile device are within a predetermined distance of the known location of the entity associated with the user transaction, then remotely controlling a first level of access granted to the user for the user transaction, andin response to the first authentication being successful and the second authentication not indicating that the at least one of the plurality of location positions of mobile device are within a predetermined distance of the known location of the entity associated with the user transaction, then remotely controlling a second level of access, less than the first level of access, is granted to the user for the user transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein determining the current user mobile device location is performed via GPS.
  - 3. The method of claim 1, wherein determining the current user mobile device location is performed via triangulation.
  - 4. The method of claim 1, wherein determining the current user mobile device location is performed after the user authentication information is received.
  - 5. The method of claim 1, wherein determining the current user mobile device location is performed prior to the user authentication information being received.
  - 6. The method of claim 1, further comprising:
    - authenticating the user transaction if at least one of the plurality of location positions was identified within the predetermined amount of time, and if the user authentication information is correct.
  - 7. The method of claim 1, wherein if the current user mobile device location is not within a predetermined distance of the known location of the entity associated with the user transaction, then disabling predefined functions specified by a user application operating on the mobile device.

8. An apparatus configured to authenticate a user transaction, the apparatus comprising:
- a receiver configured to receive, during a user transaction, both first user authentication information of a first type from a user, and second user authentication information, of a second type different than the first type, from a mobile device associated with the user; and
  
  a processor configured to;
  
  confirm the second user authentication information is correct,perform at least one of triangulation and global positioning via communication with a base station communicating with the mobile device to determine a current location of the mobile device,compare the location of the mobile device to a known location of an entity associated with the user transaction,identify a plurality of location positions of the mobile device prior to the user transaction,log the plurality of location positions of the mobile device by periodically updating location information of the mobile device in a location database over a predetermined amount of time prior to the user transaction,compare the plurality of location positions of the mobile device to the known location of the entity associated with the user transaction,perform a first authentication of the user transaction based on the first user authentication information; and
  
  perform a second authentication of the user transaction based on the second user authentication information, wherein the second user authentication information includes information identifying a current location of the mobile device with respect to at least one of the plurality of location positions, wherein,in response to the first authentication being successful and the second authentication indicating that the at least one of the plurality of location positions of mobile device are within a predetermined distance of the known location of the entity associated with the user transaction, then remotely control a first level of access granted to the user for the user transaction, andin response to the first authentication being successful and the second authentication not indicating that the at least one of the plurality of location positions of mobile device are within a predetermined distance of the known location of the entity associated with the user transaction, then remotely control a second level of access, less than the first level of access, is granted to the user for the user transaction.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein the current user mobile device location is determined via GPS.
  - 10. The apparatus of claim 8, wherein the current user mobile device location is determined via triangulation.
  - 11. The apparatus of claim 8, wherein the current user mobile device location is determined after the user authentication information is received.
  - 12. The apparatus of claim 8, wherein the current user mobile device location is determined prior to the user authentication information being received.
  - 13. The apparatus of claim 8, wherein the processor is further configured to identify if at least one of the plurality of location positions was identified within the predetermined amount of time, and if the user authentication information is correct.
  - 14. The apparatus of claim 8, wherein if the current user mobile device location is not within a predetermined distance of the known location of the entity associated with the user transaction, then the processor is further configured to disable predefined functions specified by a user application operating on the user'"'"'s mobile device.

15. A non-transitory computer readable storage medium configured to store instructions that when executed by a processor cause the processor to perform authenticating a user transaction, the processor being further configured to perform:
- receiving first user authentication information of a first type from a user during the user transaction;
  
  receiving second user authentication, of a second type different than the first type, during the user transaction;
  
  confirming the second user authentication information is correct;
  
  performing at least one of triangulation and global positioning via communication with a base station communicating with the mobile device to determine a current location of the mobile device;
  
  comparing the location of the mobile device to a known location of an entity associated with the user transaction;
  
  identifying a plurality of location positions of the mobile device prior to the user transaction;
  
  logging the plurality of location positions of the mobile device by periodically updating location information of the mobile device in a location database over a predetermined amount of time prior to the user transaction;
  
  comparing the plurality of location positions of the mobile device to the known location of the entity associated with the user transaction;
  
  performing, via the authenticating computing device, a first authentication of the user transaction based on the first user authentication information; and
  
  performing, via the authenticating computing device, a second authentication of the user transaction based on the second user authentication information, wherein the second user authentication information includes information identifying a current location of the mobile device with respect to at least one of the plurality of location positions, wherein,in response to the first authentication being successful and the second authentication indicating that the at least one of the plurality of location positions of mobile device are within a predetermined distance of the known location of the entity associated with the user transaction, then remotely controlling a first level of access granted to the user for the user transaction, andin response to the first authentication being successful and the second authentication not indicating that the at least one of the plurality of location positions of mobile device are within a predetermined distance of the known location of the entity associated with the user transaction, then remotely controlling a second level of access, less than the first level of access, is granted to the user for the user transaction.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein determining the current user mobile device location is performed via GPS.
  - 17. The non-transitory computer readable storage medium of claim 15, wherein determining the current user mobile device location is performed via triangulation.
  - 18. The non-transitory computer readable storage medium of claim 15, wherein determining the current user mobile device location is performed after the user authentication information is received.
  - 19. The non-transitory computer readable storage medium of claim 15, wherein determining the current user mobile device location is performed prior to the user authentication information being received.
  - 20. The non-transitory computer readable storage medium of claim 15, wherein the processor is further configured to perform:
    - authenticating the user transaction if at least one of the plurality of location positions was identified within the predetermined amount of time, and if the user authentication information is correct.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
West Technology Group LLC (West Corporation)
Original Assignee
West Corporation
Inventors
Groenjes, Jason H., Brown, Michael P., Price, Gerald M.
Primary Examiner(s)
Apple, Kirsten S

Application Number

US13/312,019
Time in Patent Office

2,800 Days
Field of Search

705 35- 45
US Class Current
CPC Class Codes

G06Q 40/00 Finance; Insurance; Tax str...

Method and apparatus of providing enhanced authentication and security for financial institution transactions

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus of providing enhanced authentication and security for financial institution transactions

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links