Authentication system and method

US 8,255,971 B1
Filed: 03/03/2008
Issued: 08/28/2012
Est. Priority Date: 03/03/2008
Status: Active Grant

First Claim

Patent Images

1. A customer authentication computing system for authenticating a customer making a request related to a customer account of a financial institution, the customer authentication computing system comprising:

at least one computer processor executing multiple applications for receiving customer requests and collecting customer data for customers of a financial institution each having at least one customer account, and the customer requests being input to the financial institution through multiple channels coupled to the at least one computer processor executing multiple applications for processing customer requests;

a central authentication computing system comprising at least one processor programmed to at least perform the following operations;

receiving the customer requests and customer data from the at least one computer processor executing the multiple applications;

determining, based on authentication policy, whether the collected customer data is sufficient to authenticate each customer in order to fulfill the customer request, the collected customer data including at least customer data processed at the multiple applications;

extracting, using a risk assessment engine, information from at least one information source to determine a customer risk level, the extracted information includes customer account activity located in a customer profile; and

returning conclusions to the at least one computer processor executing the multiple applications; and

a fraud policy computing system, the fraud policy computing system using at least one processor to centrally manage at least one authentication policy implemented by the central authentication computing system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the invention relate to a customer authentication system for authenticating a customer making a request related to a customer account. The customer authentication system may include multiple application level data receiving and processing mechanisms for receiving customer requests and collecting customer data. The customer authentication system may additionally include a central authentication system for receiving the customer requests and customer data from the multiple application level data receiving and processing mechanisms, the central authentication system determining, based on authentication policy, whether the collected customer data is sufficient to authenticate each customer in order to fulfill the customer request. The central authentication system may return its conclusions and instructions to the multiple application level data receiving and processing mechanisms. The customer authentication system may additionally include a fraud policy system for centrally managing authentication policy implemented by the central authentication system.

126 Citations

View as Search Results

16 Claims

1. A customer authentication computing system for authenticating a customer making a request related to a customer account of a financial institution, the customer authentication computing system comprising:
- at least one computer processor executing multiple applications for receiving customer requests and collecting customer data for customers of a financial institution each having at least one customer account, and the customer requests being input to the financial institution through multiple channels coupled to the at least one computer processor executing multiple applications for processing customer requests;
  
  a central authentication computing system comprising at least one processor programmed to at least perform the following operations;
  
  receiving the customer requests and customer data from the at least one computer processor executing the multiple applications;
  
  determining, based on authentication policy, whether the collected customer data is sufficient to authenticate each customer in order to fulfill the customer request, the collected customer data including at least customer data processed at the multiple applications;
  
  extracting, using a risk assessment engine, information from at least one information source to determine a customer risk level, the extracted information includes customer account activity located in a customer profile; and
  
  returning conclusions to the at least one computer processor executing the multiple applications; and
  
  a fraud policy computing system, the fraud policy computing system using at least one processor to centrally manage at least one authentication policy implemented by the central authentication computing system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the multiple applications include an account origination application, an account transaction application, and an account servicing application.
  - 3. The system of claim 1, wherein the central authentication computing system comprises a policy rule engine containing policy rules pertaining to customer authentication.
  - 4. The system of claim 3, wherein the policy rule engine enumerates data required to authenticate a customer based on a customer risk level.
  - 5. The system of claim 4, further comprising an authentication engine for conducting an authentication dialog with the risk assessment engine and the policy rule engine to determine if a customer can be authenticated based on received customer data.
  - 6. The system of claim 1, wherein the central authentication computing system passes instructions for collecting additional data back to the at least one computer processor executing the multiple applications.
  - 7. The system of claim 1, wherein the fraud policy system sets policy and risk parameters for the central authentication computing system.
  - 8. The system of claim 7, wherein the fraud policy system updates based on data and analysis collected during a business change cycle.

9. A computer-implemented method for authenticating customers of a financial institution making requests related to customer accounts with the financial institution, each customer making a request through any one of multiple channels providing multiple inputs for requests to the financial institution, each request received by one of multiple processing applications for processing customer requests, the multiple processing applications collecting and processing customer data, the method comprising:
- transmitting, using computer processing components, the customer request and processed customer data from each processing application to a central authentication computing system;
  
  assessing, at a risk assessment engine a level of risk associated with each customer by extracting information from at least one information source, said extracting includes;
  
  accessing a customer profile for each customer, the customer profile including customer activity processed at the multiple processing applications conducted through the multiple channels;
  
  determining, based on the level of risk, whether additional customer data is required in order to authenticate each customer; and
  
  passing each determination back to each transmitting application.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising transmitting a voice recognition confidence level from one of the multiple processing applications to the central authentication system.
  - 11. The method of claim 9, further comprising consulting a policy rule engine to determine whether the processed customer data is sufficient to authenticate the customer in accordance with the risk level.
  - 12. The method of claim 9, further comprising providing the policy rule engine with policy rules that enumerate data required to authenticate a customer based on the customer risk level.
  - 13. The method of claim 12, further comprising implementing an authentication engine for conducting an authentication dialog with the risk assessment engine and the policy rule engine to determine if a customer can be authenticated based on received customer data.
  - 14. The method of claim 13, further comprising passing instructions for collecting additional data from the authentication engine back to the multiple applications.
  - 15. The method of claim 9, further comprising setting policy and risk parameters for the central authentication system with a fraud policy system.
  - 16. The method of claim 15, further comprising updating the fraud policy system updates based on collected data and analysis during a business change cycle.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Webb, Timothy A., Pletz, Tracy M.
Primary Examiner(s)
Patel, Haresh N
Assistant Examiner(s)
HO, DAO Q

Application Number

US12/041,033
Time in Patent Office

1,639 Days
Field of Search

705/26, 705/38, 705/17, 705/18, 726/1
US Class Current

726/1
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

G06Q 20/405   Establishing or using trans...

Authentication system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

126 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

126 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links