Methods and systems for authenticating users

US 8,826,030 B2
Filed: 03/22/2010
Issued: 09/02/2014
Est. Priority Date: 03/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating users to reduce transaction risks comprising:

generating a merchant authentication request using a merchant system for a payment transaction and transmitting the merchant authentication request to a service provider server, the service provider server being different than the merchant system and the merchant authentication request including at least a unique user identifier for completing the transaction;

transmitting a biometric authentication request from the service provider server over a first communications channel to a workstation, the biometric authentication request including at least a risk level of the payment transaction;

in response to receiving the biometric authentication request at the workstation, invoking a security application stored in a communications device;

initiating communications over a second communications channel by transmitting the biometric authentication request to an authentication system from the communications device over the second communications channel;

extracting a risk level from the biometric authentication request;

determining a biometric authentication data requirement corresponding to the extracted risk level;

generating a biometric authentication data capture request in response to the biometric authentication request, and transmitting the biometric authentication data capture request from the authentication system to the communications device;

validating the identity of a user;

generating a one-time pass-phrase, storing the one-time pass-phrase on the authentication system and transmitting the one-time pass-phrase to the communications device over the second communications channel when the user is validated as one of a plurality of authorized users;

obtaining the one-time pass-phrase from the communications device and inputting the one-time pass-phrase into the workstation;

transmitting the one-time pass-phrase from the workstation to the authentication system over the first communications channel, and comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase; and

completing the payment transaction with the unique user identifier when the identity of the user is validated, the transmitted and stored one-time pass-phrases match, and the stored one-time pass-phrase has not expired.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known. Moreover, the method includes determining a state of a communications device when the inputted information is known, and transmitting a biometric authentication request from a server to a workstation when the state of the communications device is enrolled. Additionally, the method includes obtaining biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and conducting the transaction when the transmitted and stored one-time pass-phrases match.

286 Citations

14 Claims

1. A method of authenticating users to reduce transaction risks comprising:
- generating a merchant authentication request using a merchant system for a payment transaction and transmitting the merchant authentication request to a service provider server, the service provider server being different than the merchant system and the merchant authentication request including at least a unique user identifier for completing the transaction;
  
  transmitting a biometric authentication request from the service provider server over a first communications channel to a workstation, the biometric authentication request including at least a risk level of the payment transaction;
  
  in response to receiving the biometric authentication request at the workstation, invoking a security application stored in a communications device;
  
  initiating communications over a second communications channel by transmitting the biometric authentication request to an authentication system from the communications device over the second communications channel;
  
  extracting a risk level from the biometric authentication request;
  
  determining a biometric authentication data requirement corresponding to the extracted risk level;
  
  generating a biometric authentication data capture request in response to the biometric authentication request, and transmitting the biometric authentication data capture request from the authentication system to the communications device;
  
  validating the identity of a user;
  
  generating a one-time pass-phrase, storing the one-time pass-phrase on the authentication system and transmitting the one-time pass-phrase to the communications device over the second communications channel when the user is validated as one of a plurality of authorized users;
  
  obtaining the one-time pass-phrase from the communications device and inputting the one-time pass-phrase into the workstation;
  
  transmitting the one-time pass-phrase from the workstation to the authentication system over the first communications channel, and comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase; and
  
  completing the payment transaction with the unique user identifier when the identity of the user is validated, the transmitted and stored one-time pass-phrases match, and the stored one-time pass-phrase has not expired.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method of authenticating users in accordance with claim 1, said determining a biometric authentication data requirement step comprising:
    - comparing the extracted risk level against policy risk levels included in an authentication policy; and
      
      determining the biometric authentication data requirement to be the biometric authentication data requirement that corresponds to the policy risk level that matches the extracted risk level.
  - 3. A method of authenticating users in accordance with claim 1, said transmitting a biometric authentication request from the service provider server over the first communications channel to a workstation step occurring when the communications device is associated with the unique user identifier and is enrolled in the authentication system.
  - 4. A method of authenticating users in accordance with claim 1, said validating step comprising:
    - obtaining the biometric authentication data capture request transmission;
      
      obtaining biometric authentication data in accordance with the biometric authentication data capture request from the user using the communications device;
      
      transmitting the obtained biometric authentication data from the communications device to the authentication system over the second communications channel; and
      
      comparing the obtained biometric authentication data against biometric authentication data of the user stored in the authentication system.
  - 5. A method of authenticating users in accordance with claim 1, further comprising associating the communications device with one of a plurality of authorized users, the user being the authorized user associated with the inputted information.
  - 6. A method of authenticating users in accordance with claim 3, further comprising:
    - inputting the unique user identifier into the workstation and transmitting the unique user identifier to the service provider server;
      
      determining whether the unique user identifier is known by comparing the unique user identifier against identifiers stored in the service provider server;
      
      transmitting the unique user identifier to the authentication system when the unique user identifier is known; and
      
      comparing the unique user identifier against identifiers stored in the authentication system, wherein the unique user identifier is a credit card number.

7. A method of authentication comprising:
- selecting a payment transaction method from a menu of payment transaction methods with a workstation to complete a payment transaction on a merchant system;
  
  prompting a workstation user to input a unique user identifier into the workstation prior to completing the payment transaction on the merchant system;
  
  generating a merchant authentication request with the merchant system and transmitting the merchant authentication request to a service provider server, the service provider server being different than the merchant system and the merchant authentication request including at least the unique user identifier;
  
  determining a risk level associated with the transaction and generating a server authentication request with the service provider server, the server authentication request including at least the risk level;
  
  transmitting the server authentication request to the workstation over a first communications channel;
  
  in response to the workstation receiving the server authentication request, transmitting the server authentication request from the device to an authentication system over a second communications channel;
  
  extracting the risk level from the server authentication request;
  
  determining a biometric authentication data requirement corresponding to the extracted risk level using the authentication system;
  
  obtaining biometric authentication data in accordance with the biometric authentication data requirement using the communications device;
  
  validating the identity of the workstation user by comparing the obtained biometric data against an enrollment data record of an authorized user that is associated with the communications device in the authentication system;
  
  generating a one-time pass-phrase with the authentication system and transmitting the one-time pass-phrase to the communications device when the obtained biometric data matches the enrollment data record;
  
  obtaining the one-time pass-phrase from a display of the communications device;
  
  entering the one-time pass-phrase into the workstation;
  
  transmitting the one-time pass-phrase from the workstation to the service provider server and from the service provider server to the authentication system;
  
  validating the one-time pass-phrase and verifying the one-time pass-phrase has not expired;
  
  determining that the workstation user is permitted to conduct the transaction; and
  
  transmitting the authentication confirmation message from the service provider server to the merchant system and completing the payment transaction with the unique user identifier.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A method of authentication in accordance with claim 7, said determining a biometric authentication data requirement step comprising:
    - comparing the extracted risk level against policy risk levels included in an authentication policy; and
      
      determining the biometric authentication data requirement to be the biometric authentication data requirement that corresponds to the policy risk level that matches the extracted risk level.
  - 9. A method of authentication in accordance with claim 7, said determining a risk level step comprising:
    - determining risk factors of the transaction;
      
      comparing risk levels associated with each of the risk factors to determine a greatest risk level; and
      
      determining the risk level to be the greatest risk level.
  - 10. A method of authentication in accordance with claim 7, said obtaining step comprising:
    - invoking a security application stored in the communications device, and transmitting an authentication data capture request from the authentication system to the communications device, the authentication data capture request including at least the biometric authentication data requirement;
      
      verifying the authentication data capture request was transmitted from the authentication system; and
      
      displaying the authentication data capture request when the authentication data capture request was verified as transmitted from the authentication system.
  - 11. A method of authentication in accordance with claim 10, said invoking step comprising one of:
    - transmitting a message from the authentication system to the communications device; and
      
      prompting the workstation user to obtain the communications device and activate an icon or button of the communications device.
  - 12. A method of authentication in accordance with claim 7, further comprising conducting said generating a merchant authentication request step when the communications device associated with the workstation user is enrolled in the authentication system.

13. A system for authenticating users that reduces transaction risks comprising:
- a computer configured as a service provider server, said service provider server comprising a database and being configured to store within said database at least a plurality of configurable policies, to determine whether inputted information is known, and to determine a risk level associated with at least one payment transaction;
  
  at least one workstation including at least a workstation computer configured to receive a one-time pass-phrase input into said workstation, said service provider server being configured to generate and transmit biometric authentication requests to said at least one workstation over a first communications channel;
  
  at least one merchant computer system configured to generate and transmit authentication requests and to complete the at least one payment transaction with a unique user identifier when the identity of a user is validated;
  
  an authentication computer system comprising an authentication database configured to store biometric authentication data associated with each of a plurality of authorized users, to store an authentication policy, and to conduct a biometric authentication process; and
  
  a communications hardware device configured to transmit a biometric authentication request to said authentication computer system over a second communications channel after the request is received by said workstation, to receive a biometric authentication data capture request transmitted from said authentication computer system, to obtain biometric authentication data in accordance with the biometric authentication data capture request from the user and transmit the obtained biometric data to said authentication computer system, wherein said service provider server, said at least one workstation, said at least one merchant computer system, said authentication computer system, and said communications hardware device are configured to communicate over a network,said authentication computer system is further configured to generate and store a one-time pass-phrase before transmitting the one-time pass-phrase to said communications hardware device over the second communications channel when the user is validated, receive a one-time pass-phrase from said workstation over the first communications channel, and compare the received one-time pass-phrase against the transmitted one-time pass-phrase, andsaid merchant computer system is further configured to conduct the at least one payment transaction when the user is validated, the received and transmitted one-time pass-phrases match, and the stored one-time pass-phrase has not expired.
- View Dependent Claims (14)
- - 14. A system in accordance with claim 13, said authentication computer system being further configured to compare the obtained biometric data against biometric authentication data of the user stored therein to validate the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Corporation DAON Technology
Original Assignee
Daon Holdings Limited
Inventors
White, Conor Robert, Peirce, Michael, Cramer, Jason Scott, Steiner, Chet Bradford, Diebes, Suzanna
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
AMORIN, CARLOS E

Application Number

US12/729,167
Publication Number

US 20110231911A1
Time in Patent Office

1,625 Days
Field of Search

None
US Class Current

713/186
CPC Class Codes

G06F 21/32 using biometric data, e.g. ...

H04L 63/08 for authentication of entit...

Methods and systems for authenticating users

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

286 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for authenticating users

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

286 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links