Systems and methods for authenticating user identities in networked computer systems

US 10,496,988 B2
Filed: 06/23/2015
Issued: 12/03/2019
Est. Priority Date: 06/23/2014
Status: Active Grant

First Claim

Patent Images

1. A terminal device, comprising:

a communications interface;

a memory storing software instructions; and

one or more processors coupled to the memory and to the communications unit, the one or more processors being configured to execute the software instructions to perform one or more operations, the operations comprising;

receiving authentication data from a client device via the communications interface, the authentication data comprising an authentication code corresponding to an exchange of data initiated between the client device and a first computing system and a first portion of authentication information associated with the initiated data exchange, and the first portion of the authentication information comprising packetized data that includes a header or a footer portion;

based on the authentication code, determining a transaction type that characterizes the initiated data exchange, and obtaining a second portion of the authentication information associated with the determined transaction type;

detecting an incompatibility between the first portion of the authentication information and the transaction type;

in response to the detected incompatibility, modifying a format of the header or footer portion of the first portion of the authentication information in accordance with the transaction type;

generating modified authentication data that includes the first and second portions of the authentication information; and

transmitting, via the communications interface, the modified authentication data to a second computing system,wherein the second computing system is configured to validate the initiated data exchange based on a comparison between the modified authentication data and validation data characterizing a prior authentication transaction validated by the second computing system, and to generate and transmit, to the first computing system, validation information characterizing the validated data exchange, andwherein the first computing system is configured to execute the initiated data exchange based on the validation information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed embodiments include methods and point-of-sale terminals for authenticating a user. The disclosed embodiments include, for example, a method for receiving, by one or more processors, authentication data from an authentication network, the authentication data including an authentication code identifying an authentication transaction associated with an authenticating partner system. The method may also include validating, by the one or more processors, the authentication data, the validating comprising comparing the authentication data with validation data corresponding to a prior authentication event associated with the user. The method may also include generating, by the one or more processors, validation information based on the validating, the validation information comprising a determination whether to validate the user for the authentication transaction. The method may also include providing, by the one or more processors, the validation information to the authentication network.

51 Citations

18 Claims

1. A terminal device, comprising:
- a communications interface;
  
  a memory storing software instructions; and
  
  one or more processors coupled to the memory and to the communications unit, the one or more processors being configured to execute the software instructions to perform one or more operations, the operations comprising;
  
  receiving authentication data from a client device via the communications interface, the authentication data comprising an authentication code corresponding to an exchange of data initiated between the client device and a first computing system and a first portion of authentication information associated with the initiated data exchange, and the first portion of the authentication information comprising packetized data that includes a header or a footer portion;
  
  based on the authentication code, determining a transaction type that characterizes the initiated data exchange, and obtaining a second portion of the authentication information associated with the determined transaction type;
  
  detecting an incompatibility between the first portion of the authentication information and the transaction type;
  
  in response to the detected incompatibility, modifying a format of the header or footer portion of the first portion of the authentication information in accordance with the transaction type;
  
  generating modified authentication data that includes the first and second portions of the authentication information; and
  
  transmitting, via the communications interface, the modified authentication data to a second computing system,wherein the second computing system is configured to validate the initiated data exchange based on a comparison between the modified authentication data and validation data characterizing a prior authentication transaction validated by the second computing system, and to generate and transmit, to the first computing system, validation information characterizing the validated data exchange, andwherein the first computing system is configured to execute the initiated data exchange based on the validation information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17)
- - 2. The terminal device of claim 1, wherein:
    - the initiated data exchange corresponds to an authentication transaction;
      
      the terminal device further comprises a display unit coupled to the at least one processor;
      
      the second computing system corresponds to a validation partner system configured to validate the authentication transaction based on the comparison between the modified authentication data and the validation data;
      
      the first computing system corresponds to an authentication partner system that is configured to approve the authentication transaction based on validation information; and
      
      the operations further comprise;
      
      receiving, via the communications interface unit and from the authentication partner system, an authentication confirmation reflecting the approval of the authentication transaction by the authentication partner system; and
      
      presenting, via the display unit, a portion of the authentication confirmation within a graphical user interface.
  - 3. The terminal device of claim 2, wherein the operations further comprise providing the authentication confirmation to a client device.
  - 4. The terminal device of claim 1, wherein the modified authentication data includes at least one of:
    - a personal identification number associated with the user;
      
      account information corresponding to an account associated with the user;
      
      time data reflecting a time of an event, wherein the event relates to one of receiving the first authentication data or transmitting the modified authentication data to the second computing system;
      
      location data reflecting a location associated with the initiated data exchange;
      
      entity data reflecting a particular entity associated with the terminal device;
      
      orentity type data reflecting a type of the particular entity associated with the terminal device.
  - 5. The terminal device of claim 1, wherein the operations further comprise identifying the second computing system based on the transaction type.
  - 6. The terminal device of claim 1, wherein the operations further comprise decoding the authentication code and obtaining the transaction type from the decoded authentication code.
  - 7. The terminal device of claim 1, wherein the operations further comprise receiving the authentication data from a client device.
  - 8. The terminal device of claim 1, wherein:
    - the validation information comprises a validation confirmation indicative of the validated data exchange; and
      
      the first computing system is further configured to execute the initiated data exchange based on the validation confirmation.
  - 9. The terminal device of claim 1, wherein:
    - the validation data specifies at least one of a temporal validation condition or a geographic validation condition;
      
      the first or second portions of the modified authentication information comprise at least one of temporal data associated with the initiated data exchange or location data associated with the terminal device or the initiated data exchange; and
      
      the second computing system is further configured to;
      
      determine that at least one of (i) the temporal data satisfies the temporal validation condition or (ii) the location data satisfies the geographic validation condition; and
      
      validate the initiated data exchange based on the established consistency and based on the determination that the temporal data satisfies the temporal validation condition or the location data satisfies the geographic validation condition.
  - 10. The terminal device of claim 1, wherein the operations further comprise:
    - determine that the initiated data exchange corresponds to an authentication transaction based on the authentication code; and
      
      based on the determination that the initiated data exchange corresponds to the authentication transaction, transmitting the modified first authentication data to the second computing system across a corresponding authentication network.
  - 11. The terminal device of claim 1, wherein the operations further comprise receiving, via the communications unit, the second portion of the authentication information from a client device associated with the initiated data exchange, the second portion of the authentication information comprising data characterizing at least one of the initiated data exchange or a user of the client device.
  - 13. The terminal device of claim 1, further comprising a display unit and an input unit coupled to the at least one processor, wherein the operations further comprise:
    - presenting, via the display unit, a graphical user interface that includes information indicative of a receipt of the authentication data;
      
      in response to the presentation of the graphical user interface, receiving transaction information via the input unit, the received transaction information specifying the transaction type; and
      
      identifying the second computing system based on the transaction type and on the authentication code.
  - 14. The terminal device of claim 13, further comprising an input unit coupled to the at least one processor, wherein:
    - the authentication code comprises a machine-readable code; and
      
      the operations further comprise;
      
      receiving, via the input unit, digital image data that includes the machine-readable code; and
      
      extracting the machine-readable code from the digital image data.
  - 15. The terminal device of claim 1, wherein the second computing system is further configured to:
    - extract, from the first or second portions of the authentication information, user information that identifies a user associated with the initiated data exchange;
      
      authenticate an identity of the user based on a comparison of the extracted user information and a portion of the validation data that characterizes a prior authentication of the user; and
      
      validate the initiated data exchange based on the authenticated user identity, the generated validation information being indicative of the authenticated user identity.
  - 16. The terminal device of claim 15, wherein:
    - the validation information comprises a portion of the extracted user information; and
      
      the first computing system is further configured to execute the initiated data exchange based on the portion of the extracted user information.
  - 17. The terminal device of claim 15, wherein:
    - the second computing system is further configured to validate the user for the initiated data exchange based on the authenticated user identity, the generated validation information being indicative of the validation of the user; and
      
      the first computing system is further configured to execute the initiated data exchange based on the validation of the user.

12. A computer-implemented method for authenticating a user, comprising,receiving, by one or more processors, authentication data from a client device, the authentication data comprising an authentication code corresponding to an exchange of data initiated between a client device and a first computing system and a first portion of authentication information associated with the initiated data exchange, and the first portion of the authentication information comprising packetized data that includes a header or a footer portion;
- based on the authentication code, and by the one or more processors, determining a transaction type that characterizes the initiated data exchange, and obtaining a second portion of the authentication information associated with the determined transaction type;
  
  detecting, by the one or more processors, an incompatibility between the first portion of the authentication information and the transaction type;
  
  in response to the detected incompatibility, and by the one or more processors, modifying a format of the header or footer portion of the first portion of the authentication information in accordance with the transaction type;
  
  generating, by the one or more processors, modified authentication data that includes the first and second portions of the authentication information; and
  
  transmitting, by the one or more processors, the modified authentication data to a second computing system,wherein the second computing system is configured to validate the initiated data exchange based on a comparison between the modified authentication data and validation data characterizing a prior authentication transaction validated by the second computing system, and to generate and transmit, to the first computing system, validation information characterizing the validated data exchange, andwherein the first computing system is configured to execute the initiated data exchange in accordance with the validation information.

18. A tangible, non-transitory computer-readable medium storing instructions that, when executed by at least one processor, cause the at least one processor to perform a method, comprising:
- receiving, from a client device, authentication data that includes an authentication code corresponding to an exchange of data initiated between the client device and a first computing system and a first portion of authentication information associated with the initiated data exchange, the first portion of the authentication information comprising packetized data that includes a header or a footer portion;
  
  based on the authentication code, determining a transaction type that characterizes the initiated data exchange, and obtaining a second portion of the authentication information associated with the determined transaction type;
  
  detecting an incompatibility between the first portion of the authentication information and the transaction type;
  
  in response to the detected incompatibility, modifying a format of the header or footer portion of the first portion of the authentication information in accordance with the transaction type;
  
  generating modified authentication data that includes the first and second portions of the authentication information; and
  
  transmitting the modified authentication data to a second computing system,wherein the second computing system is configured to validate the initiated data exchange based on a comparison between the modified authentication data and on validation data characterizing a prior authentication transaction validated by the second computing system, and to generate and transmit, to the first computing system, validation information characterizing the validated data exchange, andwherein the first computing system is configured to execute the initiated data exchange in accordance with the first authentication data and the validation information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Toronto-Dominion Bank
Original Assignee
Toronto-Dominion Bank
Inventors
Sivashanmugam, Prabaharan, Van Heerden, Lauren, Cummins, Michael D., Del Vecchio, Orin, Nadarajah, Gunalan, Lounsbury, Edward, Chan, Paul Mon-Wah, Barnett, Jonathan K., Metwalli, Ashraf, Danielak, Jakub
Primary Examiner(s)
Chein, Allen C

Application Number

US14/747,868
Publication Number

US 20160027009A1
Time in Patent Office

1,624 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/202   Interconnection or interact...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/4014   Identity check for transact...

G06Q 20/4015   using location information

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

Systems and methods for authenticating user identities in networked computer systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

51 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for authenticating user identities in networked computer systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links