System and method for second factor authentication of customer support calls
First Claim
1. A system for authenticating information access requests includes:
- a customer service interface configured to receive an authentication request associated with an access request received from a client device over a first communication channel, the authentication request to determine whether the device is authorized to access an information sought by the access request;
a storage device configured to store client data comprising pre-verified contact information for the client device;
a client interface configured to push a second factor authentication request to the client device over a second communication channel established using the pre-verified contact information, and to receive an authentication response from the client device, wherein the second communication channel is different from the first communication channel; and
an authentication server, coupled to the customer service interface and client interface, for generating the second factor authentication request for a cryptogram from the client device, the cryptogram provided by a contactless card to the client device, and, in response to a match within a predetermined threshold between the authentication response and the stored client data, for selectively unlocking access to the information sought by the access request;
the authentication server further comprising;
a stored master key and a stored counter value associated with the contactless card; and
decryption logic for decrypting a cryptogram received in response to the second factor authentication request using a diversified key generated using the stored master key and the stored counter value to obtain a decrypted counter value, and wherein the match is between the decrypted counter value and the stored counter value.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are disclosed that leverage multi-factor authentication features of a service provider and intelligent call routing to increase security and efficiency at a customer call center. Pre-authentication of customer support requests reduces the potential for misappropriation of sensitive customer data during call handling. A contactless card uniquely associated with a client may provide a second factor of authentication via a backchannel to reduce the potential for malicious third-party impersonation of the client prior to transfer of the call to the customer call center. Pre-authorized customer support calls may be intelligently and efficiently routed directly to call center agents, without incurring further delay. During call handling, call center agents may initiate further client authentication processes, including contactless card authentication requests, over one or more different communication channels for authorizing access to sensitive information or to allay suspicion.
497 Citations
17 Claims
-
1. A system for authenticating information access requests includes:
-
a customer service interface configured to receive an authentication request associated with an access request received from a client device over a first communication channel, the authentication request to determine whether the device is authorized to access an information sought by the access request; a storage device configured to store client data comprising pre-verified contact information for the client device; a client interface configured to push a second factor authentication request to the client device over a second communication channel established using the pre-verified contact information, and to receive an authentication response from the client device, wherein the second communication channel is different from the first communication channel; and an authentication server, coupled to the customer service interface and client interface, for generating the second factor authentication request for a cryptogram from the client device, the cryptogram provided by a contactless card to the client device, and, in response to a match within a predetermined threshold between the authentication response and the stored client data, for selectively unlocking access to the information sought by the access request; the authentication server further comprising; a stored master key and a stored counter value associated with the contactless card; and decryption logic for decrypting a cryptogram received in response to the second factor authentication request using a diversified key generated using the stored master key and the stored counter value to obtain a decrypted counter value, and wherein the match is between the decrypted counter value and the stored counter value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for authenticating access requests includes the steps of:
-
receiving an authentication request associated with an access request received from a client device over a first communication channel, the authentication request to determine whether the device is able to access information sought by the access request; retrieving client data including pre-verified contact information for the client device from a data store; pushing an authentication request to the client device over a second communication channel using the pre-verified contact information, the authentication request comprising a request for a second factor authentication from the client device; receiving a second factor authentication response from the device over the second communication channel, the second factor authentication response comprising a cryptogram received from a contactless card to the client device; comparing the second factor authentication response to the client data; and selectively authenticating the client in response to the step of comparing, including selectively unlocking access to the information sought by the access request by; generating a diversified key from a stored master key and a stored counter value associated with the contactless card; and decrypting a cryptogram received in response to the second factor authentication request using the diversified key to obtain a decrypted counter value, and wherein the comparing is between the decrypted counter value and the stored counter. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for authenticating information access requests received by a customer service agent includes the steps of:
-
receiving an authentication request associated with an access request received over a first communication channel from a client device, the first communication channel including a session identifier, the authentication request to determine whether the client device is permitted to access information sought by the access request; retrieving pre-verified client contact information for the client device from a data store; pushing an authentication request to the client device using a second communication channel established using the pre-verified client contact information, the second communication channel differing from the first communication channel, the authentication request including a request for a cryptogram from a contactless card of the client; authenticating the access request including the steps of; receiving the cryptogram from the client device over the second communication channel, the cryptogram received from a contactless card engaged with the client device; decrypting the cryptogram using a diversified key generated using a stored master key and a stored counter value to provide decrypted counter value; comparing the decrypted counter value to the stored counter value; selectively authenticating the client device in response to the step of comparing, including selectively unlocking access to the information; and notifying the client device of the access request using a third communication channel generated in response to the pre-verified client contact information, wherein the third communication channel is different from both the first and second communication channels.
-
Specification