Methods and systems for authenticating users
First Claim
1. A method for authenticating users that reduces transaction risks comprising:
- indicating a desire to conduct at least one transaction at a workstation and determining whether the at least one transaction requires access to protected resources, such that when the at least one transaction requires access to protected resources information is manually input into the workstation by a workstation user;
determining whether the inputted information is known and determining a state of a communications device when the inputted information is known;
extracting a level of risk from a biometric authentication request transmitted from a server and determining a biometric authentication data requirement corresponding to the extracted level of risk at an authentication system;
generating a biometric authentication data capture request in response to the authentication request, and transmitting the biometric authentication data capture request to the communications device, wherein the communications device is associated with one of a plurality of authorized users and the one authorized user is associated with the inputted information; and
obtaining the biometric authentication data capture request transmission, capturing biometric authentication data in accordance with the biometric authentication data capture request from the workstation user with the communications device, and transmitting the captured biometric authentication data from the communications device to the authentication system.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction and determining whether the transaction requires access to protected resources. Moreover, the method determines whether inputted information is known, determines a state of a communications device when the inputted information is known, and transmits a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled. Additionally, the method includes validating the communications device, capturing biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and granting access to the protected resources when the transmitted and stored one-time pass-phrases match.
430 Citations
37 Claims
-
1. A method for authenticating users that reduces transaction risks comprising:
-
indicating a desire to conduct at least one transaction at a workstation and determining whether the at least one transaction requires access to protected resources, such that when the at least one transaction requires access to protected resources information is manually input into the workstation by a workstation user; determining whether the inputted information is known and determining a state of a communications device when the inputted information is known; extracting a level of risk from a biometric authentication request transmitted from a server and determining a biometric authentication data requirement corresponding to the extracted level of risk at an authentication system; generating a biometric authentication data capture request in response to the authentication request, and transmitting the biometric authentication data capture request to the communications device, wherein the communications device is associated with one of a plurality of authorized users and the one authorized user is associated with the inputted information; and obtaining the biometric authentication data capture request transmission, capturing biometric authentication data in accordance with the biometric authentication data capture request from the workstation user with the communications device, and transmitting the captured biometric authentication data from the communications device to the authentication system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of authenticating users for conducting at least one transaction, said method comprising:
-
transmitting an authentication request from a server system to an authentication system over a network, the authentication request including a level of risk associated with the at least one transaction; extracting the level of risk from the authentication request; determining an authentication data requirement corresponding to the level of risk; transmitting an authentication capture request from the authentication system over another network to a communication device, the authentication capture request including the authentication data requirement; obtaining authentication data with the communication device from a user of the communication device, the obtained authentication data corresponding to the authentication data requirement; transmitting the obtained authentication data to the authentication system over the other network; and validating the identity of the user. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system for authenticating a user attempting to conduct a transaction requiring access to protected resources, said system comprising:
-
a first device, said first device being a global positioning system enabled device; an authentication system operable to at least store global positioning system coordinates as coordinate data, determine coordinates of said first device as home address coordinate data, establish a geographic area, and communicate with said first device, the established geographical area being a circle centered about the home address coordinate data having a radius based on behavior of the user; and a second device operable to communicate with at least said first device and said authentication system to determine a location of said second device, wherein said authentication system is further operable to determine whether said second device is inside or outside of the established geographic area, such that when said second device is outside of the established geographic area an identity of the user can not be verified and when said second device is within the established geographic area the identity of the user can be verified.
-
-
23. A computer program recorded on a non-transitory computer-readable recording medium included in an authentication computer system for enabling authentication of an identity of a user attempting to conduct at least one transaction, the computer program causing the authentication computer system to execute at least the following:
-
transmitting an authentication request from a server system to an authentication system over a network, the authentication request including a level of risk associated with the at least one transaction, the server system, the authentication system, and the network being included in the authentication computer system; extracting the level of risk from the authentication request; determining an authentication data requirement corresponding to the level of risk; transmitting an authentication capture request from the authentication system over another network to a communications device, the authentication capture request including the authentication data requirement, the other network and the communications device being included in the authentication computer system; obtaining authentication data with the communications device from a user of the communications device, the obtained authentication data corresponding to the authentication data requirement; transmitting the obtained authentication data to the authentication system over the other network; and validating the identity of the user. - View Dependent Claims (24, 25, 26)
-
-
27. An authentication computer system comprising:
-
a server system, said server system including at least a database and being configured to at least determine a level of risk associated with at least one transaction; a workstation operationally coupled to said server system over a first network, said workstation being configured to at least receive information input by a user; an authentication system including an authentication database, said authentication system being configured to at least communicate with said server system over the first network, store within said authentication database authentication data and personal data associated with each of a plurality of authorized users, receive an authentication request transmitted from said server system, extract a level of risk from the authentication request, determine an authentication data requirement corresponding to the level of risk, and initiate an authentication process over a second network in response to a communication from the first network; and a communications device associated with one of a plurality of authorized users being configured to at least communicate with said authentication system over said second network, receive an authentication data request transmitted over said second network from said authentication system, capture authentication data from the user in accordance with the authentication data request, and transmit the captured authentication data to said authentication system over said second network, wherein said authentication system is further configured to initiate the authentication process by transmitting the authentication data request including the authentication data requirement to said communications device, and is further configured to compare the captured authentication data against authentication data of the one authorized user. - View Dependent Claims (28)
-
-
29. A method of authenticating a user attempting to conduct at least one transaction, said method comprising:
-
extracting a risk level of at least one transaction from an authentication request; determining an authentication data requirement corresponding to the risk level with an authentication system; validating an identity of a user by comparing captured biometric data of the user against biometric data of an authorized user, the captured biometric data corresponding to the authentication data requirement; validating a one-time pass-phrase after successfully validating the identity of the user; and conducting the at least one transaction with a system different than the authentication system when the one-time pass-phrase is valid and has not expired. - View Dependent Claims (30, 31, 32, 33, 34)
-
-
35. A method of authenticating a user attempting to conduct at least one transaction, said method comprising:
-
extracting a risk level of at least one transaction from an authentication request; determining an authentication data requirement corresponding to the risk level with an authentication system; conducting a first validation of the user with data corresponding to the authentication data requirement; conducting a second validation of the user with different data after the first validation verifies an identity of the user; and conducting the at least one transaction with a system different than the authentication system when the different data is validated and has not expired. - View Dependent Claims (36, 37)
-
Specification