MULTI-MODULE AUTHENTICATION PLATFORM

US 20090150320A1
Filed: 12/06/2007
Published: 06/11/2009
Est. Priority Date: 12/06/2007
Status: Active Grant

First Claim

Patent Images

1. An authentication platform for authenticating a user desiring access to an entity system, the authentication platform comprising:

two or more authentication modules, each authentication module operable to authenticate the user using a different authentication method;

a decision engine in communication with the two or more authentication modules, the decision engine operable to receive an authentication request from the user, the decision engine operable to send one or more items of authentication information to a first authentication module to authenticate the user, the decision engine operable to receive a return from the first authentication module, the decision engine operable to determine if the user has been authenticated by the first authentication module, the decision engine operable to inform the user that the user has been authenticated.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the disclosure generally relate to systems and methods for authenticating users of an entity system. In embodiments, an authentication platform receives a request for authentication. The authentication platform interacts with one of several authentication modules to authenticate the user. Each authentication module may use different information or procedures to authenticate the user. If authenticated, the user is allowed access to the system. Having access to two or more authentication modules allows the authentication platform to provide automatically a more robust authentication and alleviates the entity system from needing to integrate the several authentication modules.

43 Citations

View as Search Results

20 Claims

1. An authentication platform for authenticating a user desiring access to an entity system, the authentication platform comprising:
- two or more authentication modules, each authentication module operable to authenticate the user using a different authentication method;
  
  a decision engine in communication with the two or more authentication modules, the decision engine operable to receive an authentication request from the user, the decision engine operable to send one or more items of authentication information to a first authentication module to authenticate the user, the decision engine operable to receive a return from the first authentication module, the decision engine operable to determine if the user has been authenticated by the first authentication module, the decision engine operable to inform the user that the user has been authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The authentication platform as defined in claim 1, wherein the decision engine is operable to send one or more items of information to a second authentication module to authenticate the user if the first authentication module failed to authenticate the user, the decision engine operable to receive a return from the second authentication module, the decision engine operable to determine if the user has been authenticated by the second authentication module, the decision engine operable to inform the user that the user has been authenticated.
  - 3. The authentication platform as defined in claim 1, further comprising:
    - a user system in communication with the decision engine; and
      
      an entity system in communication with the decision engine.
  - 4. The authentication platform as defined in claim 1, wherein the decision engine comprises:
    - a user interface, the user interface operable to receive the authentication request, the user interface operable to receive one or more items of the authentication information from the user;
      
      an institution interface, the institution interface operable to receive one or more authentication rules from one or more entities;
      
      an authentication module interface, the authentication module interface operable to send information to one of the two or more authentication modules for authentication, the authentication module interface operable to receive the return from one of the two or more authentication modules for authentication;
      
      a rules datastore, the rules datastore operable to store one or more authentication rules; and
      
      a rules engine in communication with the user interface, the institution interface, the authentication module interface, and the rules datastore, the rules engine operable to store one or more authentication rules received from the institution interface into the rules datastore, the rules engine operable to receive an authentication request and the one or more items of authentication information from the user interface, the rules engine operable to read a rule from the rules datastore associated with the authentication request, the rules engine operable to send the authentication information to the authentication module interface for the first authentication module identified in the rule, the rules engine operable to receive a return from the first authentication module, the rules engine operable to determine if the user has been authenticated by the first authentication module, and the rules engine operable to inform the user that the user has been authenticated by sending a message through the user interface.
  - 5. The authentication platform as defined in claim 4, wherein the rules engine comprises:
    - a rule creation/learner module, the rule creation/learner module operable to receive the one or more authentication rules from the institution interface, the rule creation/learner module operable to store the one or more authentication rules in the rules datastore.
  - 6. The authentication platform as defined in claim 4, wherein the rules engine comprises:
    - an information receive module, the information receive module operable to receive the authentication request and the one or more items of authentication information from the user, the information receive module operable to extract the one or more items of authentication information, the information receive module operable to request one or more other items of authentication information from the user;
      
      the information receive module operable to receive the one or more other items of authentication information from the user.
  - 7. The authentication platform as defined in claim 6, wherein the rules engine comprises:
    - an ingest module, the ingest module operable to store one or more items of authentication information received from the user in a user information datastore, the ingest module operable to provide the one or more items of authentication information from the user information datastore, and the ingest module operable to retrieve one or more items of authentication information from one or more other sources accessed through a network.
  - 8. The authentication platform as defined in claim 4, wherein the rules engine comprises:
    - a workflow manager module, the workflow manager module operable to send the one or more items of authentication information to one or more authentication modules, the workflow manager module operable to receive a return from the one or more authentication modules.
  - 9. The authentication platform as defined in claim 4, wherein the rules engine comprises:
    - an authentication/measure module, the authentication/measure module operable to receive an authentication request and the one or more items of authentication information from an information receive module, the authentication/measure module operable to read a rule from the rules datastore associated with the authentication request, the authentication/measure module operable to send the authentication information to a workflow manager module for the first authentication module identified in the rule, the authentication/measure module operable to receive a return from the workflow manager module, the authentication/measure module operable to determine if the user has been authenticated by the first authentication module, and the authentication/measure module operable to inform the user that the user has been authenticated by sending an authentication signal to the user.
  - 10. The authentication platform as defined in claim 9, wherein the authentication/measure module is operable to determine that more authentication information is needed from the user, the authentication/measure module operable to request the information receive module to provide the more authentication information, and the information receive module operable to request the more authentication information.

11. A method for authenticating a user of an entity system using an authentication platform, the method comprising:
- receiving an authentication request from the user;
  
  extracting one or more items of authentication information;
  
  determining a first authentication module to use for the authentication;
  
  sending at least one of the one or more items of extracted authentication information to a first authentication module;
  
  receiving a return from the first authentication module;
  
  determining if the user has been authenticated by the first authentication module;
  
  if the user has been authenticated, allowing the user access to the entity system; and
  
  if the user has not been authenticated, denying the user access to the entity system.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method as defined in claim 11, further comprising:
    - if the user has not been authenticated, sending at least one of the one or more items of extracted authentication information to a second authentication module;
      
      receiving a return from the second authentication module;
      
      determining if the user has been authenticated by the second authentication module;
      
      if the user has been authenticated, allowing the user access to the entity system; and
      
      if the user has not been authenticated, denying the user access to the entity system.
  - 13. The method as defined in claim 11, wherein determining a first authentication module to use for the authentication comprises:
    - reading an authentication rule from a rules datastore; and
      
      reading an authentication module identifier for the authentication rule.
  - 14. The method as defined in claim 13, further comprising:
    - receiving institution information from the entity system;
      
      receiving transaction type information from the entity system;
      
      receiving a choice of one or more authentication modules from the entity system;
      
      determining authentication information required for the chosen one or more authentication modules;
      
      receiving success criteria from the entity system;
      
      receiving reaction information from the entity system; and
      
      storing the institution information, the transaction type information, the choice of one or more authentication modules, the authentication information required, the success criteria, and the reaction information into an authentication rule data structure.
  - 15. The method as defined in claim 11, wherein determining if the user has been authenticated by the first authentication module comprises:
    - reading the score from a success threshold field of an authentication rule stored in a rules datastore;
      
      comparing a returned score returned by the first authentication module with the score stored in the authentication rule; and
      
      determining if the returned score betters the score stored in the authentication rule.
  - 16. The method as defined in claim 11, further comprising:
    - requesting further authentication information from the user;
      
      receiving the further authentication information from the user; and
      
      sending at least a portion of the further authentication information to the first authentication module.

17. A computer program stored on a computer readable medium, the computer program embodied in one or more instructions for authenticating a user of an entity system, the computer program comprising:
- instructions to receive an authentication request;
  
  instructions to determine the entity system associated with the authentication request;
  
  instructions to determine a type of transaction associated with the authentication request;
  
  instructions to locate an authentication rule associated with the entity system and the type of transaction;
  
  instructions to read the authentication rule;
  
  instructions to determine the authentication module associated with the authentication rule;
  
  instructions to provide one or more items of authentication information to the authentication module;
  
  instructions to receive a return from the authentication module; and
  
  instructions to determine if the user is authenticated according to the return.
- View Dependent Claims (18, 19, 20)
- - 18. The computer program as defined in claim 17, further comprising:
    - instructions to receive institution information from the entity system;
      
      instructions to receive transaction type information from the entity system;
      
      instructions to receive a choice of one or more authentication modules from the entity system;
      
      instructions to determine authentication information required for the chosen one or more authentication modules;
      
      instructions to receive success criteria from the entity system;
      
      instructions to receive reaction information from the entity system;
      
      instructions to create the authentication rule; and
      
      instructions to store the institution information, the transaction type information, the choice of one or more authentication modules, the authentication information required, the success criteria, and the reaction information into the authentication rule.
  - 19. The computer program as defined in claim 18, wherein the institution information is stored in an institution information field, the transaction type information is stored in a transaction type field, the choice of one or more authentication modules is stored in an authentication module identifier field, the authentication information required is stored in an information required field, the success criteria is stored in a success threshold field, and the reaction information is stored in a reaction field.
  - 20. The computer program as defined in claim 17, further comprising instructions to send an authentication signal to the user indicating the user has been authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Geppert, Mike

Granted Patent

US 7,930,264 B2
Time in Patent Office

Days
Field of Search
US Class Current

706/47
CPC Class Codes

G06F 21/31 User authentication

MULTI-MODULE AUTHENTICATION PLATFORM

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MULTI-MODULE AUTHENTICATION PLATFORM

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links