Dynamic pairing system for securing a trusted communication channel

US 10,395,250 B2
Filed: 09/08/2014
Issued: 08/27/2019
Est. Priority Date: 06/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a processor, a request from a mobile device for a transaction from a user;

retrieving, by the processor and from a trust mediator, security-related sensor data including at least one of changes or signatures in a security characteristic of a network component;

computing, by the processor, a risk level associated with the transaction, the risk level being based on the transaction and the security-related sensor data;

transmitting, by the processor and to the trust mediator, the risk level for modifying security safeguards in the network component to maintain a security level for the transaction;

receiving, by the processor and from the mobile device, user identification data of the user, the user identification data comprising decoded information,the mobile device obtaining the decoded information by capturing, using a camera, hidden coded information imprinted on a transaction instrument of the user and decoding, using pattern recognition software, the hidden coded information, the hidden coded information comprising a variation in a controllable parameter comprising at least one of a color, a text positioning offset, or a text shape, and the hidden coded information being undetectable by a human eye without assistance of a device capable of detecting the hidden coded information;

computing, by the processor, a user trust score of the user based on the user identification data;

matching, by the processor, the risk level to a corresponding one of a plurality of risk levels;

identifying, by the processor, one of a plurality of user trust scores that corresponds to the corresponding one of the plurality of risk levels matched in the matching; and

authorizing the transaction based on a determination, by the processor, that the user trust score associated with the user is greater than or equal to the corresponding one of the plurality of risk levels.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer-readable medium for securing a mobile financial transaction are provided. A table matches each one of a plurality of transaction risk levels to a corresponding one of a plurality of required user trust scores, correspondingly. A financial transaction risk level associated with a financial transaction is computed. A user trust score associated with the user is computed based on user identification data associated with the user. The financial transaction risk level is matched to a corresponding one of the plurality of transaction risk levels stored in the table. The one of the plurality of required trust scores that corresponds to the corresponding one of the plurality of transaction risk levels stored in the table is identified. If the user trust score is greater than or equal to the identified one of the plurality of required trust scores, then the financial transaction is authorized.

136 Citations

20 Claims

1. A method comprising:
- receiving, by a processor, a request from a mobile device for a transaction from a user;
  
  retrieving, by the processor and from a trust mediator, security-related sensor data including at least one of changes or signatures in a security characteristic of a network component;
  
  computing, by the processor, a risk level associated with the transaction, the risk level being based on the transaction and the security-related sensor data;
  
  transmitting, by the processor and to the trust mediator, the risk level for modifying security safeguards in the network component to maintain a security level for the transaction;
  
  receiving, by the processor and from the mobile device, user identification data of the user, the user identification data comprising decoded information,the mobile device obtaining the decoded information by capturing, using a camera, hidden coded information imprinted on a transaction instrument of the user and decoding, using pattern recognition software, the hidden coded information, the hidden coded information comprising a variation in a controllable parameter comprising at least one of a color, a text positioning offset, or a text shape, and the hidden coded information being undetectable by a human eye without assistance of a device capable of detecting the hidden coded information;
  
  computing, by the processor, a user trust score of the user based on the user identification data;
  
  matching, by the processor, the risk level to a corresponding one of a plurality of risk levels;
  
  identifying, by the processor, one of a plurality of user trust scores that corresponds to the corresponding one of the plurality of risk levels matched in the matching; and
  
  authorizing the transaction based on a determination, by the processor, that the user trust score associated with the user is greater than or equal to the corresponding one of the plurality of risk levels.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the transaction is a financial transaction and computing the risk level comprises computing the risk level based on a value of the financial transaction.
  - 3. The method of claim 2, wherein the computing the risk level further comprises:
    - computing, by the processor and based on the security-related sensor data, a probability that the financial transaction will be compromised; and
      
      computing, by the processor, a product of the value of the financial transaction and the probability that the financial transaction will be compromised.
  - 4. The method of claim 1 wherein the security-related sensor data comprises information relating to protection mechanisms implemented for the transaction.
  - 5. The method of claim 1, further comprising receiving, by the processor, the user identification data associated with the user from any one or a combination of:
    - (1) the mobile device, (2) an electronic communication device of a third party, or (3) a database.
  - 6. The method of claim 1, further comprising validating, by the processor, the user identification data associated with the user by comparing the user identification data to data retrieved from any one or a combination of:
    - (1) a database of a known party, (2) an electronic communication device of a third party, or (3) a database.
  - 7. The method of claim 1, wherein computing the user trust score associated with the user comprises:
    - retrieving, by the processor and from the database, individual trust scores corresponding to portions of the user identification data, respectively; and
      
      computing, by the processor, the user trust score based on the individual trust scores.

8. A system comprising:
- a processor; and
  
  a tangible, non-transitory memory configured to communicate with the processor,the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising;
  
  receiving, by the processor, a request from a mobile device for a transaction from a user;
  
  retrieving, by the processor and from a trust mediator, security-related sensor data including at least one of changes or signatures in a security characteristic of a network component;
  
  computing, by the processor, a risk level associated with the transaction, the risk level being based on the transaction and the security-related sensor data;
  
  transmitting, by the processor and to the trust mediator, the risk level for modifying security safeguards in the network component to maintain a security level for the transaction;
  
  receiving, by the processor and from the mobile device, user identification data of the user, the user identification data comprising decoded information,the mobile device obtaining the decoded information by capturing, using a camera, hidden coded information imprinted on a transaction instrument of the user and decoding, using pattern recognition software, the hidden coded information, the hidden coded information comprising a variation in a controllable parameter comprising at least one of a color, a text positioning offset, or a text shape, and the hidden coded information being undetectable by a human eye without assistance of a device capable of detecting the hidden coded information;
  
  computing, by the processor, a user trust score of the user based on the user identification data;
  
  matching, by the processor, the risk level to a corresponding one of a plurality of risk levels;
  
  identifying, by the processor, one of a plurality of user trust scores that corresponds to the corresponding one of the plurality of risk levels matched in the matching; and
  
  authorizing the transaction based on a determination, by the processor, that the user trust score associated with the user is greater than or equal to the corresponding one of the plurality of risk levels.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the transaction is a financial transaction and the processor is operable to compute the risk level based on a value of the financial transaction.
  - 10. The system of claim 9, wherein the processor is further operable to compute the risk level by:
    - computing, based on the security-related sensor data, a probability that the financial transaction will be compromised; and
      
      computing a product of the value of the financial transaction and the probability that the financial transaction will be compromised.
  - 11. The system of claim 8, wherein the security-related sensor data comprises information relating to protection mechanisms implemented for the transaction.
  - 12. The system of claim 8, wherein the processor is further operable to:
    - receive the user identification data associated with the user from any one or a combination of;
      
      (1) the mobile device, (2) an electronic communication device of a third party, or (3) a database.
  - 13. The system of claim 8, wherein the processor is further operable to:
    - validate the user identification data associated with the user by comparing the user identification data to data retrieved from any one or a combination of;
      
      (1) a database of a known party, (2) an electronic communication device of a third party, or (3) a database.
  - 14. The system of claim 8, wherein the processor is operable to compute the user trust score associated with the user by:
    - retrieving, from the database, individual trust scores corresponding to portions of the user identification data, respectively; and
      
      computing the user trust score based on the individual trust scores.

15. A non-transitory computer-readable medium having stored thereon sequences of instructions, the sequences of instructions including instructions, which, when executed by a computer system, cause the computer system to:
- receive, by the computer system, a request from a mobile device for a transaction from a user;
  
  retrieve, by the computer system and from a trust mediator, security-related sensor data including at least one of changes or signatures in a security characteristic of a network component;
  
  compute, by the computer system, a risk level associated with the transaction, the risk level being based on the transaction and the security-related sensor data;
  
  transmit, by the computer system and to the trust mediator, the risk level for modifying security safeguards in the network component to maintain a security level for the transaction;
  
  receive, by the computer system and from the mobile device, user identification data of the user, the user identification data comprising decoded information,the mobile device obtaining the decoded information by capturing, using a camera, hidden coded information imprinted on a transaction instrument of the user and decoding, using pattern recognition software, the hidden coded information, the hidden coded information comprising a variation in a controllable parameter comprising at least one of a color, a text positioning offset, or a text shape, and the hidden coded information being undetectable by a human eye without assistance of a device capable of detecting the hidden coded information;
  
  compute, by the computer system, a user trust score of the user based on the user identification data;
  
  match, by the computer system, the risk level to a corresponding one of a plurality of risk levels;
  
  identify, by the computer system, one of a plurality of user trust scores that corresponds to the corresponding one of the plurality of risk levels matched in the matching; and
  
  authorize the transaction based on a determination, by the computer system, that the user trust score associated with the user is greater than or equal to the corresponding one of the plurality of risk levels.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable medium of claim 15, wherein the transaction is a financial transaction and the risk level is computed based on a value of the financial transaction.
  - 17. The computer-readable medium of claim 16, wherein the risk level is computed by:
    - computing, by the computer system and based on the security-related sensor data, a probability that the financial transaction will be compromised; and
      
      computing, by the computer system, a product of the value of the financial transaction and the probability that the financial transaction will be compromised.
  - 18. The computer-readable medium of claim 15 wherein the security-related sensor data comprises information relating to protection mechanisms implemented for the transaction.
  - 19. The computer-readable medium of claim 15, wherein the sequences of instructions further include instructions, which, when executed by the computer system, cause the computer system to:
    - validate the user identification data associated with the user by comparing the user identification data to data retrieved from any one or a combination of;
      
      (1) a database of a known party, (2) an electronic communication device of a third party, or (3) a database.
  - 20. The computer-readable medium of claim 15, wherein the user trust score associated with the user is computed by:
    - retrieving, by the computer system and from the database, individual trust scores corresponding to portions of the user identification data, respectively; and
      
      computing, by the computer system, the user trust score based on the individual trust scores.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Bailey, Jr., Samuel A.
Primary Examiner(s)
Liu, Chia-Yi

Application Number

US14/480,169
Publication Number

US 20140379581A1
Time in Patent Office

1,814 Days
Field of Search

705 35- 45
US Class Current
CPC Class Codes

G06Q 20/322   Aspects of commerce using m...

G06Q 20/4016   involving fraud or risk lev...

G06Q 40/02   Banking, e.g. interest calc...

Dynamic pairing system for securing a trusted communication channel

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

136 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic pairing system for securing a trusted communication channel

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links