Electronic verification service systems and methods

US 7,979,894 B2
Filed: 01/08/2008
Issued: 07/12/2011
Est. Priority Date: 01/08/2008
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating an applicant, the method performed by a computer executing a program stored on a computer readable medium, the method comprising:

receiving an indication of an existing financial account purportedly owned by the applicant;

transmitting a question request message to a purported issuer of the financial account that has stored at least one challenge question, the question request message identifying the account and requesting one or more questions relating to the account to be asked to the applicant, at least one of which asks for information about a detail of the account that changes over time;

receiving from the issuer of the account a first reply in response to the question request message, the first reply comprising a set of the one or more questions;

asking the applicant the set of one or more questions relating to the account;

receiving answers to the questions from the applicant;

transmitting an answer message to the issuer of the account, the answer message comprising the applicant'"'"'s answers to the questions; and

receiving a second reply from the issuer of the account in response to the answer message, the second reply indicating whether the applicant is authenticated as the owner of the account;

and wherein the messages and replies are carried over an electronic funds transfer network.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for authenticating an applicant. In one implementation, the applicant indicates to an acquirer an existing account for which the applicant wishes to be authenticated. The acquirer sends a message over an electronic funds transfer (EFT) network to an issuer of the account requesting a set of questions to ask the applicant. The issuer replies with a set of questions. The acquirer asks the applicant the questions, and forwards the applicant'"'"'s answers to the issuer. The issuer compares the answers with known information relating to the account and decides, based on the comparison, whether the applicant is authenticated. The issuer then communicates its decision to the acquirer. Preferably, the messages and their associated replies are added to the set of messages handled by the EFT network, so that authentication may be handled in a standardized way without proliferating applicants'"'"' secret information.

Citations

26 Claims

1. A method of authenticating an applicant, the method performed by a computer executing a program stored on a computer readable medium, the method comprising:
- receiving an indication of an existing financial account purportedly owned by the applicant;
  
  transmitting a question request message to a purported issuer of the financial account that has stored at least one challenge question, the question request message identifying the account and requesting one or more questions relating to the account to be asked to the applicant, at least one of which asks for information about a detail of the account that changes over time;
  
  receiving from the issuer of the account a first reply in response to the question request message, the first reply comprising a set of the one or more questions;
  
  asking the applicant the set of one or more questions relating to the account;
  
  receiving answers to the questions from the applicant;
  
  transmitting an answer message to the issuer of the account, the answer message comprising the applicant'"'"'s answers to the questions; and
  
  receiving a second reply from the issuer of the account in response to the answer message, the second reply indicating whether the applicant is authenticated as the owner of the account;
  
  and wherein the messages and replies are carried over an electronic funds transfer network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the first reply is supplied by an operator of the electronic funds transfer network.
  - 3. The method of claim 1, wherein the at least one question is the amount of a most recent deposit into the account.
  - 4. The method of claim 1, further comprising reformatting at least one of the questions before asking the applicant the questions.
  - 5. The method of claim 1, wherein interaction with the applicant is accomplished through a series of web pages served over the Internet.
  - 6. The method of claim 1, wherein interaction with the applicant is accomplished via telephone or at least in part via wireless communication.
  - 7. The method of claim 1, wherein the method is performed by an acquirer, and wherein the acquirer does not learn the content of the answer message.
  - 8. The method of claim 1, further comprising encrypting the content of the answer message before sending it over the electronic funds transfer network.
  - 9. The method of claim 1, wherein the method is performed by an acquirer, and wherein the applicant is an applicant for enrollment in a service offered by the acquirer.

10. A method of authenticating an applicant, the method performed by a computer executing a program stored on a computer readable medium, comprising:
- receiving at a financial institution a question request message, the question request message identifying an existing account of the financial institution and requesting a set of one or more questions relating to the account to be asked of the applicant;
  
  transmitting a reply to the question request message, the reply to the question request message comprising the set of one or more questions, at least one of which asks for information about a detail of the account that changes over time;
  
  receiving an answer message, the answer message comprising a set of answers given by an applicant to the set of one or more questions relating to the account;
  
  comparing the answers with known information relating to the account;
  
  deciding, based on the comparison, whether the applicant is authenticated as the account owner; and
  
  transmitting a reply in response to the answer message, the reply to the answer message indicating whether the applicant is authenticated;
  
  wherein the messages and replies are carried over an electronic funds transfer network.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 11. The method of claim 10, further comprising selecting the one or more questions from a set of standard questions defined by an operator of the electronic funds transfer network.
  - 12. The method of claim 11, further comprising supplying in advance, by an issuer of the account to an operator of the electronic funds transfer network, a list of challenge questions, and wherein the operator supplies the first reply comprising one or more questions from the list.
  - 13. The method of claim 10, wherein at least one of the questions tests the applicant'"'"'s knowledge of secret information previously shared between the issuer and the holder of the account.
  - 14. The method of claim 10, wherein at least one of the questions tests the applicant'"'"'s knowledge of a transaction history of the account.
  - 15. The method of claim 14, wherein at least one of the questions tests the applicant'"'"'s knowledge of one or more patterns or anomalies in the transaction history of the account.
  - 16. The method of claim 10, wherein at least one of the questions tests the applicant'"'"'s knowledge of a card associated with the account.
  - 17. The method of claim 10, wherein at least one of the questions is formed such that the correct answer to the question changes over time.
  - 18. The method of claim 10, wherein at least one of the questions tests the applicant'"'"'s knowledge of an object or piece of information provided by the issuer to the account holder for the purpose of later authentication.
  - 19. The method of claim 10, wherein at least one of the questions is a multiple choice question.
  - 20. The method of claim 10, wherein the first reply comprises formatting guidance for use in presenting the questions to the applicant.
  - 21. The method of claim 10, wherein deciding, based on the comparison, whether the applicant is authenticated as the account owner further comprises deciding that the applicant is authenticated when the comparison indicates that the applicant supplied a first predetermined number of correct answers to a second predetermined number of questions.

22. A system for authenticating an applicant, the system comprising:
- a host computer executing a program stored on a computer readable medium, the host computer configured toreceive an indication of an account purportedly owned by the applicant;
  
  transmit, over an electronic funds transfer network and to a purported issuer of the financial account that has stored at least one challenge question, a question request message, the question request message identifying the account and requesting a set of one or more questions about the account to be asked to the applicant;
  
  receive from the issuer of the account, over the electronic funds transfer network, a first reply in response to the question request message, the first reply comprising the set of one or more questions, at least one of which asks for information about a detail of the account that changes over time;
  
  ask the applicant the questions;
  
  receive, from the applicant, answers to the questions;
  
  transmit, over the electronic funds transfer network, an answer message to the issuer of the account, the answer message comprising the applicant'"'"'s answers to the questions; and
  
  receive, over the electronic funds transfer network, a second reply from the issuer of the account in response to the answer message, the second reply indicating whether the applicant is authenticated as the owner of the account.
- View Dependent Claims (23)
- - 23. The system of claim 22, wherein the host computer is configured to interact with the applicant via a series of web pages served over the Internet.

24. A system for authenticating an applicant, the system comprising:
- a host computer of a financial institution, the host computer executing a program stored on a computer readable medium, the host computer configured toreceive from an acquirer or service provider, over an electronic funds transfer network, a question request message, the question request message identifying an account of the financial institution and requesting one or more questions relating to the account to be asked of the applicant;
  
  transmit to the acquirer or service provider, over the electronic funds transfer network in response to the question request message a first reply, the first reply comprising the one or more questions, at least one of which asks for information about a detail of the account that changes over time;
  
  receive, over the electronic funds transfer network, an answer message, the answer message comprising a set of answers given by the applicant to the questions;
  
  compare the answers with known information relating to the account;
  
  decide, based on the comparison, whether the applicant is authenticated as the account owner; and
  
  transmit to the acquirer or service provider, over the electronic funds transfer network, a second reply in response to the answer message, the second reply indicating whether the applicant is authenticated.

25. A method comprising adding, to a set of messages handled by an electronic funds transfer network, two messages and their associated replies, wherein:
- the first message is generated by a computer system of an acquirer or service provider and is transmitted to a computer system of an issuer financial institution having an account for which authentication is being sough, wherein the first message requests a set of questions to be asked of an applicant for authentication of the account;
  
  the reply to the first message comprises a set of questions to ask the applicant that was received from the computer system of the issuer financial institution, at least one of which asks for information about a detail of the account that changes over time;
  
  the second message is generated by the computer system of the acquirer or the service provider and communicates the applicant'"'"'s answers to the computer system of the issuer financial institution; and
  
  the reply to the second message is generated by the computer system of the operator of the issuer financial institution and communicates an indication of whether the applicant is authenticated.
- View Dependent Claims (26)
- - 26. The method of claim 25, wherein the questions and answers are carried in existing data elements in a message format based at least in part on the ISO 8583 standard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Conway, Craig, Freisheim, Robert A. Jr., Ruppe, Daniel J., Sindaco, Jean M., Royyuru, Vijay K.
Primary Examiner(s)
Song; Hosuk

Application Number

US11/971,060
Publication Number

US 20090178120A1
Time in Patent Office

1,281 Days
Field of Search

726 1- 6, 713168-170, 713182-183, 705/50, 705 62- 70, 705/72, 705 74- 79
US Class Current

726/2
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G07C 9/23   by means of a password

G07F 7/1008   Active credit-cards provide...

Electronic verification service systems and methods

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Electronic verification service systems and methods

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links