Authentication System and Method

US 20120297446A1
Filed: 08/06/2012
Published: 11/22/2012
Est. Priority Date: 03/03/2008
Status: Active Grant

First Claim

Patent Images

1-10. -10. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the invention relate to a customer authentication system for authenticating a customer making a request related to a customer account. The customer authentication system may include multiple application level data receiving and processing mechanisms for receiving customer requests and collecting customer data. The customer authentication system may additionally include a central authentication system for receiving the customer requests and customer data from the multiple application level data receiving and processing mechanisms, the central authentication system determining, based on authentication policy, whether the collected customer data is sufficient to authenticate each customer in order to fulfill the customer request. The central authentication system may return its conclusions and instructions to the multiple application level data receiving and processing mechanisms. The customer authentication system may additionally include a fraud policy system for centrally managing authentication policy implemented by the central authentication system.

230 Citations

47 Claims

1-10. -10. (canceled)

11. An authentication computing system for providing authentication of a customer of a financial institution making a request related to a customer account of the financial institution from a receiving application through any one of multiple channels, the authentication computing system comprising:
- at least one computer processor executing multiple receiving applications for receiving customer requests and collecting customer data, the customer requests received through multiple channels coupled to the at least one computer processor;
  
  a central authentication computing system including computer processing components programmed for performing operations including;
  
  receiving the request and customer data from the receiving applications at an authentication engine;
  
  accessing an information source containing data pertaining to customer activity with respect to the account, determining a level of risk associated with the customer, and communicating the risk level from a risk assessment engine to the authentication engine;
  
  providing authentication criteria from a policy rule engine to the authentication engine for authentication of the customer; and
  
  determining, through the authentication engine, whether the customer is sufficiently authenticated based on the risk level provided by the risk assessment engine and the authentication criteria provided by the policy rule engine, the central authentication computing system determining partly based on the receiving applications.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40)
- - 12. The authentication computing system of claim 11, further comprising a fraud policy computing system for monitoring operation of the authentication computing system and updating the policy rule engine and the risk assessment engine.
  - 13. The system of claim 12, wherein the fraud policy computing system sets policy and risk parameters for the central authentication computing system.
  - 14. The system of claim 12, wherein the fraud policy computing system updates based on collected data and analysis during a business change cycle.
  - 15. The system of claim 11, wherein the receiving applications comprise at least one voice recognition unit and the receiving applications collect a voiceprint from the customer.
  - 16. The system of claim 11, wherein the customer profile contains customer security data and customer knowledge factors.
  - 17. The system of claim 11, wherein the information source includes a customer profile, the customer profile containing a customer account profile and a customer activity record.
  - 18. The system of claim 11, wherein the policy rule engine enumerates data required to authenticate a customer based on a customer risk level.
  - 19. The system of claim 11, wherein the authentication engine passes instructions for collecting additional data back to the receiving application.
  - 30. The system of claim 11, wherein the multiple receiving applications include an origination application, a transaction application, and a servicing application.
  - 31. The system of claim 30, wherein the origination applications establish accounts and account features, the transactions applications execute financial transactions, and the servicing applications perform account related actions including customer profile changes and answering questions.
  - 32. The system of claim 11, wherein the multiple channels include at least two of telephone, mobile device, internet, banking center, POS terminal, and ATM.
  - 33. The system of claim 11, further comprising application level authentication tools selected for each channel, wherein the authentication level authentication tools pass received authentication information to the authentication computing system.
  - 34. The system of claim 33, wherein the application level authentication tools include at least one of fingerprint recognitions, a voice recognition unit with a voice confidence level indicator, fingerprint recognition tools, iris pattern recognition tools, hand print recognition tools, spoken response recognition tools, tone recognition tools, pressure recognition tools, password recognition tools, PIN recognition tools, IP address recognition components, email address verification components, ANI, and SIM card recognition.
  - 35. The system of claim 11, wherein the policy rule engine includes rule sets for multiple risk levels.
  - 36. The system of claim 35, wherein a high risk level requires more criteria for authentication than a medium risk level.
  - 37. The system of claim 35, wherein the policy rule engine stores credentials as tasks such that one series of tasks can be swapped or sequenced with another series of tasks.
  - 38. The system of claim 11, further comprising a customer profile, wherein the customer profile stores customer security data, customer activity including customer transactions, and a customer account profile.
  - 40. The system of claim 30, wherein the origination engine establishes accounts and account features, the account transaction engine executes financial transactions, and the account servicing engine performs account related actions including customer profile changes and answering questions.

20-28. -28. (canceled)

29. A customer authentication computing system for authenticating a customer of a financial institution making a request related to a customer account with the financial institution, the customer authentication computing system comprising:
- at least one computer processor executing multiple applications for receiving customer requests and collecting customer data, said multiple applications receiving data from customer requests over a multiple channels, thereby providing multiple inputs for requests to the financial institution;
  
  a central authentication computing system for receiving the customer requests and customer data, the central authentication computing system determining, based on authentication policy, whether the collected customer data is sufficient to authenticate each customer in order to fulfill the customer request, the central authentication computing system returning conclusions to the multiple applications, the central authentication computing system comprising computer processing components programmed to perform operations including;
  
  receiving the customer requests and customer data from the multiple applications at an authentication engine;
  
  accessing a customer profile containing data pertaining to customer activity with respect to the customer account;
  
  determining a level of risk associated with the customer based on at least the customer activity conducted over the multiple channels at the multiple applications;
  
  communicating the risk level from a risk assessment engine to the authentication engine;
  
  providing authentication criteria from a policy rule engine to the authentication engine for authentication of the customer; and
  
  determining, through the authentication engine, whether the customer is sufficiently authenticated based on the risk level provided by the risk assessment engine and the authentication criteria provided by the policy rule engine; and
  
  a fraud policy computing system, the fraud policy computing system using at least one processor to for centrally manage at least one authentication policy implemented by the central authentication computing system.
- View Dependent Claims (39, 41, 42, 43, 44, 45, 46, 47)
- - 39. The system of claim 29, wherein the multiple applications include an account origination engine, an account transaction engine, and an account servicing engine.
  - 41. The system of claim 29, wherein the multiple channels include at least two of telephone, internet, banking center, POS terminal, and ATM.
  - 42. The system of claim 29, further comprising application level authentication tools selected for each channel, wherein the authentication level authentication tools pass received authentication information to the authentication computing system.
  - 43. The system of claim 42, wherein the application level authentication tools include at least one of fingerprint recognitions, a voice recognition unit with a voice confidence level indicator, fingerprint recognition tools, iris pattern recognition tools, hand print recognition tools, spoken response recognition tools, tone recognition tools, pressure recognition tools, password recognition tools, PIN recognition tools, IP address recognition components, email address verification components, ANI, and SIM card recognition.
  - 44. The system of claim 29, wherein the policy rule engine includes rule sets for multiple risk levels.
  - 45. The system of claim 44, wherein a high risk level requires more criteria for authentication than a medium risk level.
  - 46. The system of claim 44, wherein the policy rule engine stores credentials as tasks such that one series of tasks can be swapped or sequenced with another series of tasks.
  - 47. The system of claim 29, further comprising a customer profile, wherein the customer profile stores customer security data, customer activity including customer transactions, and a customer account profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Timothy A. Webb, Tracy M. Pletz
Original Assignee
Timothy A. Webb, Tracy M. Pletz
Inventors
Webb, Timothy A., Pletz, Tracy M.

Granted Patent

US 8,826,371 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

G06Q 20/405   Establishing or using trans...

Authentication System and Method

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

230 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication System and Method

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

230 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links