User authentication system and methods thereof

US 20030154406A1
Filed: 08/21/2002
Published: 08/14/2003
Est. Priority Date: 02/14/2002
Status: Active Grant

First Claim

Patent Images

1. A system authenticating users, comprising:

a programmed processor providing authentication rules, authenticating users according to the authentication rules responsive to user authentication requests and configuring the authentication rules in real-time, thereby allowing real-time customization of the system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system to authenticate users of vendors supplying services and/or products to the users, the system having programmed processors providing authentication rules, authenticating users according to the authentication rules responsive to user authentication requests, configuring the authentication rules in real-time, thereby allowing real-time customization of the system, providing multi-factor user authentication processes, using any data sources providing information about and/or known to the users to authenticate the users, thereby providing a data agnostic system, and authentication strategies correspond to the authentication rules, thereby allowing the system to support authentication strategy experimentation.

Citations

109 Claims

1. A system authenticating users, comprising:
- a programmed processor providing authentication rules, authenticating users according to the authentication rules responsive to user authentication requests and configuring the authentication rules in real-time, thereby allowing real-time customization of the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 74)
- - 2. The system of claim 1, wherein the programmed processor further provides user authentication processes using any data sources providing information about and/or known to the users to authenticate the users, thereby providing a data agnostic system;
    - wherein two or more authentication factors are used by the user authentication processes, thereby providing multi-factor user authentication processes; and
      
      wherein authentication strategies correspond to the authentication rules, thereby allowing the system to support authentication strategy experimentation.
  - 3. The system of claim 1, wherein the programmed processor further provides user authentication processes using any data sources providing information about and/or known to the users to authenticate the users, thereby providing a data agnostic system.
  - 4. The system of claim 1, wherein the programmed processor further provides multi-factor authentication processes to authenticate the users.
  - 5. The system of claim 1, wherein authentication strategies correspond to the authentication rules, thereby allowing the system to support authentication strategy experimentation.
  - 6. The system of claim 1, wherein multi-step user authentication processes according to authorization requirements of vendors correspond to the authentication rules.
  - 7. The system of claim 1, wherein the authentication rules further comprise one or more of data source mapping rules defining interfaces with the data sources and permission rules defining access privileges to the authentication rules.
  - 8. The system of claim 1, wherein the programmed processor further simulates authentication of the users according to the authentication rules.
  - 9. The system of claim 1, wherein the programmed processor further allows automatic and/or manual real-time versioning of the authentication rules and the users are authenticated according to a version of the authentication rules.
  - 10. The system of claim 1, wherein the programmed processor further correlates status information with the authentication rules.
  - 11. The system of claim 1, wherein the authentication rules comprise permission rules based upon organization information of vendors and the programmed processor further manages access to the authentication rules according to the permission rules.
  - 12. The system of claim 1, wherein the programmed processor further generates user authentication examinations based upon the authentication rules in real-time.
  - 13. The system of claim 1, wherein the authentication rules correspond to sub-process parameters specifying one or more authentication sub-processes of information validation, fraud detection and identity verification.
  - 14. The system of claim 1, wherein the authentication rules correspond to interactive-user-authentication question parameters.
  - 15. The system of claim 1, wherein authentication strategies correspond to the authentication rules which are modified responsive to performance data of the authentication strategies in real-time, thereby optimizing the system in real-time responsive to the performance data.
  - 16. The system of claim 2, wherein the authentication rules correspond to data source parameters specifying the data sources.
  - 17. The system of claim 2, wherein the authentication rules correspond to data source parameters specifying the data source by type.
  - 18. The system of claim 2, wherein the data sources comprises geographic data sources.
  - 19. The system of claim 2, wherein the data sources comprise demographic data sources.
  - 20. The system of claim 2, wherein the data sources comprise political data sources.
  - 21. The system of claim 2, wherein the data sources comprise government-supplied data sources.
  - 22. The system of claim 1, wherein the programmed processor further provides user authentication processes using real-time behavior and/or feeling information of the users.
  - 23. The system of claim 1, wherein the programmed processor further provides user authentication processes using real-time information based upon facial patterns, mannerisms, body movements, perspiration levels, anxiety levels, emotions, mental and/or voice distress data and/or polygraph data of the users.
  - 24. The system of claim 1, wherein the programmed processor further provides a user authentication process based upon multiple-choice user authentication questions that have none-of-the-above as an answer choice when data about the user from a data source is not required to ask the question and/or data about the user is not available.
  - 25. The system of claim 1, wherein the programmed processor further provides a display graphical user interface comprising a selection navigation area to select user authentication processes used to authenticate the users and to select configurations of the processes.
  - 26. The system of claim 1, wherein the programmed processor further provides a displayed graphical user interface comprising a side navigation area allowing selection of user authentication processes used to authenticate the users and tabbed folders providing configuration information corresponding to selected user authentication processes, thereby allowing configuration of the user authentication processes.
  - 27. The system of claim 1, wherein the authentication rules correspond to user authentication question parameters specifying questions, question grouping, question group priority, question type, question query order, question priority, question answer options, question point assignments, question time to answer, question retry criteria, question language and/or whether data about the user is not required to ask a question.
  - 28. The system of claim 1, wherein the authentication rules correspond to user authentication question multiple-choice answer options comprising numeric answer ranges, number of answer choices, context sensitive wrong answer choices and/or none-of-the-above as an answer choice.
  - 29. The system of claim 1, wherein the programmed processor further automatically generates authentication examinations and allows monitoring of transaction records corresponding to the examinations in real-time.
  - 30. The system of claim 1, wherein the programmed processor further groups user authentication questions according to predictability of the questions in the groups.
  - 31. The system of claim 1, wherein the programmed processor further groups user authentication questions, assigns correct answer points to each group and/or each question in the group, and calculates authentication confidence scores based upon the points scored by the users.
  - 32. The system of claim 1, wherein the programmed processor further groups user authentication questions according to a common association of the questions in each group.
  - 33. The system of claim 1, wherein the programmed processor further groups user authentication questions, assigns equal and/or variable correct answer points to each group and/or each question in the group, and calculates authentication confidence scores based upon the points scored by the users.
  - 34. The system of claim 1, wherein the programmed processor further calculates an authentication confidence score by scoring interactive user authentication questions based upon correct answer points assigned to the questions.
  - 35. The system of claim 1, wherein the programmed processor further communicates directly with vendor computers that interface with the users or communicates with the vendor computers via redirection of the users by the vendor computers to the programmed processor, thereby allowing open connectivity between the vendor computers and the system.
  - 36. The system of claim 2, wherein the multi-factor user authentication processes comprise verifying what a user has using one or more of digital certificates and personal identification documents of the users.
  - 37. The system of claim 2, wherein the multi-factor user authentication processes comprise verifying what a user is by using one or more biometric verifications of fingerprint scan, keystroke patterns, retinal scan, face recognition and DNA analysis.
  - 38. The system of claim 2, wherein the multi-factor user authentication processes comprise verifying what a user knows using one or more of responses to user authentication questions and real-time behavior and/or feeling information of the users.
  - 39. The system of claim 2, wherein vendor-configured multi-step authentication processes correspond to the authentication rules and the multi-step authentication processes comprise sequentially and/or simultaneously accessing data sources providing information about and/or known to the user to authenticate the users within an authentication session.
  - 40. The system of claim 1, wherein the programmed processor further communicates with vendor computers using business-to-business transactions or using user-interface redirection.
  - 41. The system of claim 1, wherein the programmed processor further correlates identifiers as live, retired and/or working as an operation status of user authentication processes used to authenticate the users.
  - 42. The system of claim 1, wherein the programmed processor further manages authentication of the users in compliance with applicable consumer privacy laws.
  - 43. The system of claim 1, wherein the programmed processor further randomly selects or selects according to a fixed order user authentication questions to authenticate the users.
  - 44. The system of claim 1, wherein the authentication rules correspond to authentication retry parameters specifying retry criteria of user authentication processes.
  - 45. The system of claim 2, wherein the strategy experimentation comprises assigning the authentication strategies to a business transaction, aggregating and evaluating performance data of the strategies for the business transaction, thereby allowing optimization of the system responsive to the performance data.
  - 46. The system of claim 2, wherein the strategy experimentation comprises assigning the authentication strategies to a business transaction, aggregating performance data of the strategies for the business transaction, and evaluating the performance data according to a champion challenger method.
  - 47. The system of claim 2, wherein the strategy experimentation comprises assigning an authentication strategy to a group of users for a business transaction, aggregating performance data of the strategy for each group, aggregating and evaluating the performance data of the strategy at various levels of the strategy, thereby allowing optimization of the system responsive to the performance data.
  - 48. The system of claim 2, wherein the strategy experimentation comprises assigning an authentication strategy to a group of users for a business transaction, aggregating performance data of the strategy for each group, aggregating the performance data of the strategy for authentication question groups and authentication questions within each group of the strategy and optimizing the strategy responsive to the performance data.
  - 49. The system of claim 1, wherein the programmed processor further selects a group of user authentication questions according to a priority based upon one or more of predictability and the data sources corresponding to the questions.
  - 50. The system of claim 1, wherein the authentication rules correspond to data source parameters specifying data sources providing information about and/or known to the users to authenticate the users for a vendor or for each user authentication process of the vendor.
  - 51. The system of claim 1, wherein the programmed processor further maintains the authentication rules via a web browser-based interface.
  - 52. The system of claim 1, wherein the programmed process further generates user authentication questions having context sensitive wrong answers to authenticate the users.
  - 53. The system of claim 1, wherein the programmed processor further limits authentication of the users according to one or more frequency and time criteria based upon attempted and/or answered authentication questions and attempted and/or completed authentication sessions.
  - 54. The system of claim 1, wherein authentication confidence scoring strategies correspond to the authentication rules, thereby allowing the system to support different scoring algorithms.
  - 55. The system of claim 1, wherein the authentication rules correspond to authorization parameters specifying authorization decisions according to authentication confidence scoring algorithms of a vendor.
  - 56. The system of claim 1, wherein the programmed processor further provides filtered user authentication question selection to select user authentication questions authenticating the users.
  - 57. The system of claim 1, wherein the programmed processor further provides filtered user authentication transaction reporting in real-time.
  - 58. The system of claim 1, wherein the programmed processor further allows a system/solution provider and/or a vendor to manage the authentication rules in real-time.
  - 59. The system of claim 1, wherein the programmed processor further automatically loads test authentication processes with key fields and the programmed processor simulates authentication of the users according to the test authentication processes.
  - 60. The system of claim 1, wherein the programmed processor stores user authentication transactions in real-time, thereby allowing the system to report, in real-time, the transactions via any interface with the system.
  - 61. The system of claim 1, wherein the programmed processor further groups user authentication questions and retrieves a number of user authentication questions from the group to authenticate the users.
  - 62. The system of claim 1, wherein the programmed processor further determines a number of user authentication questions to be generated to authenticate the users.
  - 63. The system of claim 1, wherein the programmed processor further generates user authentication questions having multiple-choice answers with only one answer correct, true/false answers, multi-select answers and/or fill in the blank answers.
  - 64. The system of claim 1, wherein the programmed processor further provides test authentication processes, simulates authentication of the users according to the test authentication processes, and provides correct answers in the simulation.
  - 65. The system of claim 1, wherein the programmed processor further allows operation of the system as a user authentication service or deployment as a software product.
  - 66. The system of claim 2, wherein the strategy experimentation comprises aggregating performance data of the authentication strategies and the programmed processor further optimizes the authentication rules responsive to the performance data.
  - 67. The system of claim 1, wherein interactive-user-authentication question parameters and user-authentication process parameters correspond to the authentication rules.
  - 74. The system of claim 2, wherein multi-factor authentication strategies correspond to the authentication rules and the programmed processor further aggregates performance data of the strategies to measure effectiveness of the strategies and modifies the authentication rules in real-time responsive to the performance data, thereby optimizing the system responsive to the performance data in real-time.

68. A system authenticating users, comprising a programmed processor providing user authentication processes using any data sources providing information about and/or known to users, thereby providing a data agnostic system.
- View Dependent Claims (69, 70)
- - 69. The system of claim 68, wherein the user authentication processes are multifactor.
  - 70. The system of claim 68, wherein the programmed processor further provides authentication rules corresponding to authentication strategies, thereby allowing the system to support authentication strategy experimentation.

71. A system authenticating users, comprising a programmed processor generating multi-factor authentication examinations to authenticate users.
- View Dependent Claims (72)
- - 72. The system of claim 71, wherein the programmed processor further provides multi-factor authentication rules corresponding to multi-factor user authentication processes and the multi-factor examinations are generated based upon the multi-factor authentication rules;
    - and wherein authentication strategies correspond to the multi-factor authentication rules, thereby allowing the system to support authentication strategy experimentation.

73. A system authenticating users, comprising a programmed processor providing authentication rules corresponding to authentication strategies, aggregating performance data of the authentication rules, and modifying the strategies responsive to the performance data, thereby optimizing the system responsive to the performance data.

75. A system authenticating users, comprising:
- an authentication engine having authentication rules and authenticating users according to the authentication rules responsive to user authentication requests; and
  
  an authentication rule designer allowing real-time configuration of the authentication rules, thereby customizing the system in real-time.

76. A system authenticating users, comprising:
- an authentication rule designer defining authentication rules; and
  
  an authentication engine applying authentication strategies defined by using the authentication rule designer to define and maintain the authentication rules, thereby allowing the system to support authentication strategy experimentation.

77. A computer-readable storage controlling a computer by storing user authentication information used to authenticate users of vendors providing services and/or products to the users, comprising:
- a data structure identifying vendor information comprising vendor identification information, organization information, including personnel information, of the vendor; and
  
  a data structure associating the vendor information with user authentication process identification information and access privilege information of the user authentication process based upon the vendor information.
- View Dependent Claims (78)
- - 78. The computer-readable medium of claim 77, wherein the user authentication process identification information further comprises user authentication process status information, user authentication process version information and/or user authentication process parameters.

79. A system authenticating users of vendors providing services and/or products to the users, comprising:
- a display screen configured to provide a graphical user interface comprising a side navigation area containing at least a first selection location allowing selection of user authentication processes and tabbed folders providing customization information corresponding to selected user authentication processes, thereby allowing customization of the system.
- View Dependent Claims (80, 81)
- - 80. The system of claim 79, wherein the side navigation area allows selection of at least one or more of simulation of the user authentication processes, printing of the customization information of the user authentication processes, auditing of user authentication transactions of the user authentication processes, and obtaining status information of the user authentication processes.
  - 81. The computer system according to claim 79, wherein the customization information comprises interactive-user-authentication question parameters.

82. A method, comprising:
- online defining customizations of an online user authentication service to authenticate users, associating the online user authentication service with a vendor that provides online transactions requiring authentication of the users, selecting/reviewing system development and implementation requirements to interface the online transactions with the customized online user authentication service, interfacing the vendor'"'"'s online transactions with the customized online user authentication service, generating online customized user authentication examinations, authenticating the users based upon the examinations, evaluating performance data of the examinations, and modifying the customizations in real-time, thereby customizing the online user authentication service depending on the performance data in real-time.
- View Dependent Claims (83)
- - 83. The method of claim 82, wherein the performance data is evaluated according to a vendor'"'"'s user authorization process.

84. A method to authenticate a user, comprising:
- receiving a user authentication request;
  
  determining a source of the authentication request, retrieving parameters associated with the source;
  
  retrieving data about the user according to the parameters; and
  
  authenticating the user according to the parameters and based upon the data about the user.
- View Dependent Claims (85, 86, 87, 88, 89, 90, 91, 92, 93)
- - 85. The method of claim 84, wherein authenticating the user comprises comparing information input about the user, according to the parameters, with the data about the user.
  - 86. The method of claim 84, wherein authenticating the user further comprises analyzing real-time behavior information of the user while the information about the user is input.
  - 87. The method according to claim 84, wherein the data about the user is retrieved from one or more of credit history, user profile, fraud, geographic, demographic, government-supplied, political, biometric and/or digital certificate data sources.
  - 88. The method according to claim 84 wherein authenticating the user comprises automatically generating interactive user authentication questions according to the parameters and based upon the data about the user, querying the user with the generated user authentication questions, and comparing information input about the user in response to the generated user authentication questions with the data about the user to determine an authentication result according to the parameters.
  - 89. The method according to claim 84, wherein the parameters comprise specifying generating interactive user authentication questions from one or more of questions having multiple choice answers with only one answer correct, true/false answers, multi-select answers and/or fill in the blank answers.
  - 90. The method according to claim 84, wherein the parameters comprise specifying interactive user authentication question parameters of query order and priority, answer options, point assignments, grouping and group priority of the interactive user authentication questions, time to answer, retry criteria and/or language.
  - 91. The method according to claim 84, wherein the parameters comprise specifying grouping of interactive user authentication questions according to a common association of the interactive user authentication questions and assigning points to each interactive user authentication question and/or each interactive user authentication group.
  - 92. The method according to claim 84, wherein the parameters comprise specifying grouping of interactive user authentication questions according to predictability of the interactive user authentication questions in a group and assigning points to each interactive user authentication question and/or each interactive user authentication group.
  - 93. The method of claim 84, further comprising authenticating the user according to a multi-factor authentication process.

94. A user authentication customizing system customizing user authentication processes of a vendor, comprising:
- a customizing processor allowing a vendor to define parameters of interactive user authentication questions, during an in progress user authentication process, thereby automatically generating real-time customized versions of the interactive user authentication questions.
- View Dependent Claims (95)
- - 95. The system of claim 94, wherein the customizing processor allows the vendor to simulate the interactive user authentication questions.

96. A system, comprising:
- at least two or more data sources providing information about and/or known to users; and
  
  a user authentication processor authenticating the users based upon a single set of interactive user authentication questions generated from the data sources.
- View Dependent Claims (97, 98, 99, 100, 101, 102)
- - 97. The system of claim 96, wherein the data sources comprise credit history, user profile, fraud, geographic, demographic, government-supplied, political, biometric and/or digital certificate data sources.
  - 98. The system of claim 96, wherein the questions are generated from a geographic data source comprising geographic area information pertaining to a geographic area known by a user.
  - 99. The system of claim 98, wherein the geographic area information comprises one or more of street name information, street intersection information, landmark information, and/or governmental information.
  - 100. The system of claim 96, wherein the questions are generated from a political data source comprising political information relating to a geographic area known by a user.
  - 101. The system of claim 100, wherein the political information comprise politician information and/or political party information.
  - 102. The system of claim 96, wherein the questions are generated from a user-profile data source comprising vehicle information, household information, employer history information, residence history information, tax information, and/or shopping tendency information.

103. A computer data signal providing a user authentication service and embodied in a carrier wave, comprising:
- a code segment controlling a computer to accept parameters of user authentication processes in real-time and to provide authentication examinations to users according to the parameters responsive to requests to authenticate users.
- View Dependent Claims (104)
- - 104. The data signal of claim 103, wherein the controlled computer is in communication with Internet.

105. A method, comprising:
- receiving a user authentication request;
  
  determining a source of the authentication request, retrieving parameters associated with the source, the parameters comprise specifying generating interactive user authentication questions from one or more of questions having multiple choice answers with only one answer correct, true/false answers, multi-select answers and/or fill in the blank answers, query order and priority for the interactive user authentication questions, answer options, point assignments, grouping and group priority for the interactive user authentication questions, time to answer, retry criteria and/or language;
  
  retrieving data about the user according to the parameters from one or more of credit history, user profile, fraud, geographic, demographic, government-supplied, political, biometric and/or digital certificate data sources;
  
  automatically generating interactive user authentication questions according to the parameters and based upon the data about the user, thereby producing a source-customized user authentication examination;
  
  querying the user with the generated interactive user authentication questions;
  
  comparing information input about the user in response to the generated user authentication questions with the data about the user to determine correctly answered questions;
  
  determining an authentication result by calculating a confidence score according to the parameters;
  
  aggregating performance data of the authentication results; and
  
  optimizing the parameters responsive to the performance data in real-time.

106. A system authenticating users, comprising:
- customizing means for customizing authentication processes to authenticate users in real-time.

107. A system authenticating users, comprising:
- data agnostic authentication means for allowing authentication of users based upon any data sources providing information about and/or known to the users.

108. A system authenticating users, comprising:
- experimentation means for allowing aggregation of user authentication performance data for a business transaction based upon authentication strategy experimentation for the business transaction; and
  
  optimization means for optimizing the system in real-time responsive to the performance data.

109. A system authentication user, comprising:
- multi-factor authentication means for authenticating user based upon two or more authentication factors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CGI Technologies and Solutions Incorporated (CGI Group)
Original Assignee
American Management Systems, Incorporated (CGI, Inc.)
Inventors
Honarvar, Laurence Toraj, Witte, Brandon Raymond, Fatigante, Steve Chance, Harless, Gary Lynn

Granted Patent

US 7,231,657 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06Q 10/10   Office automation; Time man...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 30/06   Buying, selling or leasing ...

G07C 9/37   using biometric data, e.g. ...

User authentication system and methods thereof

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

109 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication system and methods thereof

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

109 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links