Verification and authentication systems and methods

US 8,239,677 B2
Filed: 10/10/2006
Issued: 08/07/2012
Est. Priority Date: 10/10/2006
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access by a user to vendor information technology systems using a verification/authentication engine, comprising:

(a) receiving an inquiry to the verification/authentication engine on an authentication server from a vendor system to verify a particular user for a particular transaction;

(b) based on an identification of a channel through which the user selects to access the vendor system and on vendor specified;

(i) assignment of a level of risk for the particular transaction;

(ii) a verification level to meet the assigned level of risk; and

(iii) a plurality of data sources which contain information about the user, querying the user, using questions generated based on the channel and data from at least two of the plurality of data sources;

(c) determining, by the verification/authentication engine on the authentication server, at least one of a confidence level or a score based on the extent to which the user correctly answers the questions; and

(d) sending the at least one of the confidence level or the score to the vendor system configured to determine whether to grant or deny access by the user to the vendor information technology systems based on the at least one of the confidence level or the score.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide verification and/or authentication service engines that provide a customizable solution that can be “dialed” based on the risk level assigned to individual or grouped applications. The systems can also incorporate internal and external sources of data used to verify information provided by the user. It is dynamic and can pull information from a myriad of sources during the verification process, enabling credit reporting agencies (e.g., Equifax and others), FSPs, and other service providers to facilitate real-time approval and access to products and services.

Citations

40 Claims

1. A method of controlling access by a user to vendor information technology systems using a verification/authentication engine, comprising:
- (a) receiving an inquiry to the verification/authentication engine on an authentication server from a vendor system to verify a particular user for a particular transaction;
  
  (b) based on an identification of a channel through which the user selects to access the vendor system and on vendor specified;
  
  (i) assignment of a level of risk for the particular transaction;
  
  (ii) a verification level to meet the assigned level of risk; and
  
  (iii) a plurality of data sources which contain information about the user, querying the user, using questions generated based on the channel and data from at least two of the plurality of data sources;
  
  (c) determining, by the verification/authentication engine on the authentication server, at least one of a confidence level or a score based on the extent to which the user correctly answers the questions; and
  
  (d) sending the at least one of the confidence level or the score to the vendor system configured to determine whether to grant or deny access by the user to the vendor information technology systems based on the at least one of the confidence level or the score.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1, wherein querying the user is based on a vendor specified number of questions from the data sources to be presented to the user.
  - 3. The method of claim 1, wherein querying the user is based on a vendor specified level of difficulty of questions from the data sources to be presented to the user.
  - 4. The method of claim 1, wherein the confidence level is a percentage associated with a confirmation of an identity of the user.
  - 5. The method of claim 1, wherein the confidence level is advice about whether to grant or deny access to the user of the vendor information technology systems.
  - 6. The method of claim 1, wherein the confidence level is a yes/no decision about whether or not to grant the user access to the vendor information technology systems.
  - 7. The method of claim 1, wherein determining at least one of the confidence level or the score is based on a scoring level specified by the vendor to accommodate for errors.
  - 8. The method of claim 1, further comprising determining a price to charge the vendor based on at least one of which and how many data sources are searched, whether the search pulls real-time data, or whether the data searched is public or from the vendor'"'"'s own data sources.
  - 9. The method of claim 1, wherein at least one of the plurality of data sources includes credit-related data relevant to the user.
  - 10. The method of claim 1, wherein the plurality of data sources comprises one or more of a credit reporting agency;
    - a small business information service;
      
      demand deposit accounts (DDA) data;
      
      Dunn &
      
      Bradstreet;
      
      credit reporting databases;
      
      mail databases;
      
      driver'"'"'s license databases;
      
      online phone books;
      
      who/where websites;
      
      reunion, high school or college databases;
      
      frequent flier databases;
      
      investment and retirement account information;
      
      insurance carrier information;
      
      medical information;
      
      passport data or other governmental information;
      
      phone company or utility company information;
      
      bill pay sites;
      
      automobile registration sites;
      
      funeral databases;
      
      or databases internal to the vendor.
  - 11. The method of claim 1, further comprising authorizing issuance of a digital certificate to the user upon grant of access to the vendor information technology system.
  - 12. The method of claim 1, wherein at least one of the plurality of data sources comprises data relating to an individual who is an officer or employee of a business.
  - 13. The method of claim 1, wherein the user is a small business and wherein the plurality of data sources includes data sources that comprise data about the small business, as well as sources that comprise data about owners, principals, or employees of the small business,wherein querying the user comprises generating a plurality of questions based on the data about the small business and the data about owners, principals, or employees of the small business.
  - 14. The method of claim 1, wherein receiving the inquiry to the verification/authentication engine on the authentication server from the vendor system, querying the user, and sending at least one of the confidence level or the score to the vendor system occurs over multiple channels.
  - 15. The method of claim 14, wherein the multiple channels include one or more of an internet, an intranet, e-mail, instant messaging, phone or voice systems, cell phone, ATM, kiosk, scanner, point of sale terminal, mobile system, handheld device, pocket PC, or wireless device.
  - 16. The method of claim 1, wherein the verification/authentication engine provides the vendor with a series of selections and scoring options relating to risk levels, data sources, prices, and channels.
  - 17. The method of claim 1, further comprising maintaining an audit trail.
  - 18. The method of claim 1, further comprising at least one of verifying or authenticating the user to provide access to aggregated accounts.
  - 19. The method of claim 1, wherein querying the user comprises:
    - using a first channel;
      
      detecting a failure of the first channel; and
      
      using an alternate manual channel.
  - 20. The method of claim 1, wherein the plurality of data sources comprise a single co-mingled database that has compiled information from various data sources and compiled the information in one location.
  - 21. The method of claim 1, wherein querying the user comprises querying the user through the vendor system.
  - 22. The method of claim 1, wherein the vender specified assignment of the level of risk for the particular transaction comprises a level based on at least one of:
    - an amount associated with the particular transaction;
      
      a type of the particular transaction;
      
      ora geographical region associated with the particular transaction.
  - 23. The method of claim 22, wherein the type of the particular transaction comprises a small business transaction.
  - 24. The method of claim 1, wherein the vendor specified verification level to meet the assigned level of risk comprises:
    - an identification of at least one type of data source; and
      
      a number of questions to be formulated based on information from the at least one type of data source.
  - 25. The method of claim 24, wherein the identification of at least one type of data source comprises an identification of at least a first type of data source and a second type of data source,wherein the number of questions to be formulated based on information from the at least one type of data source comprises a number of first questions to be formulated from the first type of data source and a number of second questions to be formulated from the second type of data source.

26. A system comprising:
- an authentication server capable of communicating with a vendor system, the authentication server comprising a verification/authentication engine configured to cause the authentication server to;
  
  receive an inquiry from the vendor system, the inquiry representing a request to verify a user for a transaction, the request comprising an identification of a channel adapted for selection through which the user accesses the vendor system and vendor specified;
  
  a level of risk for the transaction;
  
  a verification level for the level of risk; and
  
  a plurality of data sources which contain information about the user;
  
  formulate a plurality of questions based on the channel and data associated with the user from at least one of the plurality of data sources by selecting the data associated with the user based on the channel, the level of risk for the transaction, and the verification level for the level of risk;
  
  transmit the plurality of questions for presentation to the user;
  
  receive a plurality of answers for the plurality of questions from the user, each answer of the plurality of answers being for a question of the plurality of questions;
  
  determine a confidence level based on the plurality of answers; and
  
  transmit the confidence level to the vendor system that is configured to determine whether to grant or deny access by the user to information of the vendor system based on the confidence level.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 27. The system of claim 26, wherein the confidence level comprises at least one of:
    - a score;
      
      a verification percentage;
      
      ora decision on whether to grant or deny access by the user to the information of the vendor system.
  - 28. The system of claim 26, wherein the verification/authentication engine is configured to cause the authentication server to transmit the plurality of questions for presentation to the user and receive the plurality of answers the user through the vendor system.
  - 29. The system of claim 26, wherein the verification/authentication engine is configured to select the data associated with the user based on the level of risk for the transaction and the verification level for the level of risk by:
    - determining a subset of the plurality of data sources from which to obtain data associated with the user, the subset of the plurality of data sources being determined using the level of risk for the transaction and the verification level for the level of risk.
  - 30. The system of claim 26, wherein the verification/authentication engine is configured to cause the authentication server to:
    - transmit a menu to the vendor system, the menu comprising selectable options for the level of risk for the transaction and the verification level for the level of risk.
  - 31. The system of claim 26, wherein the verification/authentication engine is configured to cause the authentication server to:
    - communicate with the vendor system over a first channel;
      
      detect a failure of the first channel; and
      
      using a second channel to communicate with the vendor system.
  - 32. The system of claim 26, wherein the authentication server is capable of being in communication with a user device controlled by the user,wherein the verification/authentication engine is configured to cause the authentication server to:
    - transmit the plurality of questions to the user device capable of presenting the plurality of questions to the user; and
      
      receive the plurality of answers from the user device.
  - 33. The system of claim 26, wherein the verification/authentication engine is configured to cause the authentication server to formulate the plurality of questions based on the level of risk for the transaction and the verification level for the level of risk.
  - 34. The system of claim 26, wherein the level of risk for the transaction comprises a monetary amount for the transaction,wherein the verification/authentication engine is configured to cause the authentication server to determine a subset of the plurality of data sources from which to select data associated with the user based on the monetary amount for the transaction, the subset of the plurality of data sources comprising at least one of the plurality of data sources.
  - 35. The system of claim 26, wherein the verification/authentication engine is configured to cause the authentication server to generate a digital certificate for the user, wherein the digital certificate comprises:
    - an identification of the user;
      
      a verification level at which the user was verified; and
      
      an expiration date of the digital certificate,wherein the digital certificate is capable of being stored on a user device and provided to a plurality of vendor systems.
  - 36. The system of claim 26, wherein the verification/authentication engine is configured to cause the authentication server toformulate the plurality of questions by select a number of questions to formulate, wherein the number is received from the vendor system.
  - 37. The system of claim 26, wherein the level of risk for the transaction received in the inquiry from the vendor system comprises a level based on at least one of:
    - an amount associated with the particular transaction;
      
      a type of the particular transaction;
      
      ora geographical region associated with the particular transaction.
  - 38. The system of claim 37, wherein the type of the particular transaction comprises a small business transaction.
  - 39. The system of claim 26, wherein the verification level for the level of risk received in the inquiry from the vendor system;
    - comprises;
      
      an identification of at least one type of data source; and
      
      a number of questions to be formulated based on information from the at least one type of data source.
  - 40. The system of claim 39, wherein the identification of at least one type of data source comprises an identification of at least a first type of data source and a second type of data source,wherein the number of questions to be formulated based on information from the at least one type of data source comprises a number of first questions to be formulated from the first type of data source and a number of second questions to be formulated from the second type of data source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Equifax, Inc.
Original Assignee
Equifax, Inc.
Inventors
Colson, Christen J.
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US11/545,247
Publication Number

US 20080086759A1
Time in Patent Office

2,128 Days
Field of Search

713/166, 713/168, 713/182, 726/4, 726/5, 726/14, 726/15, 726/25, 705/51, 705/64, 705/67, 709/225, 709/228, 709/229
US Class Current

713/166
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/42   using separate channels for...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2111   Location-sensitive, e.g. ge...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 30/06   Buying, selling or leasing ...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/1416   Event detection, e.g. attac...

H04L 69/329   in the application layer [O...

H04L 9/3215   using a plurality of channe...

H04L 9/3226 : using a predetermined code,...

H04L 9/3234 : involving additional secure...

H04L 9/40 : Network security protocols

View All

Verification and authentication systems and methods

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Verification and authentication systems and methods

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links