Verification and authentication systems and methods
First Claim
1. A method of controlling access by a user to vendor information technology systems using a verification/authentication engine, comprising:
- (a) receiving an inquiry from a vendor system to verify a particular user for a particular transaction, wherein the vendor has assigned the particular transaction a level of risk;
(b) wherein the vendor has specified an appropriate verification level to meet the assigned level of risk, comprising specifying a plurality of data sources which contain information about the user;
(c) querying the user, using questions generated based on data from at least two of the data sources;
(d) determining the extent to which the user correctly answers the questions; and
(e) determining whether to grant or deny access by the user to the vendor information technology systems based on the extent to which the user correctly answers the questions.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide verification and/or authentication service engines that provide a customizable solution that can be “dialed” based on the risk level assigned to individual or grouped applications. The systems can also incorporate internal and external sources of data used to verify information provided by the user. It is dynamic and can pull information from a myriad of sources during the verification process, enabling credit reporting agencies (e.g., Equifax and others), FSPs, and other service providers to facilitate real-time approval and access to products and services.
-
Citations
50 Claims
-
1. A method of controlling access by a user to vendor information technology systems using a verification/authentication engine, comprising:
-
(a) receiving an inquiry from a vendor system to verify a particular user for a particular transaction, wherein the vendor has assigned the particular transaction a level of risk; (b) wherein the vendor has specified an appropriate verification level to meet the assigned level of risk, comprising specifying a plurality of data sources which contain information about the user; (c) querying the user, using questions generated based on data from at least two of the data sources; (d) determining the extent to which the user correctly answers the questions; and (e) determining whether to grant or deny access by the user to the vendor information technology systems based on the extent to which the user correctly answers the questions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A verification/authentication engine adapted to control access by a user to vendor information technology systems, comprising:
-
(a) a risk-setting option, wherein the vendor specifies an appropriate risk level for verifying and/or authenticating the user; and (b) a data source-setting option, wherein the vendor specifies at least two data sources to be searched in order to generate verification/authentication questions. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
Specification