Methods and systems for authenticating users
First Claim
1. A method of authenticating users to reduce transaction risks comprising:
- generating a merchant authentication request using a merchant system for a payment transaction and transmitting the merchant authentication request to a service provider server, the service provider server being different than the merchant system and the merchant authentication request including at least a unique user identifier for completing the transaction;
transmitting a biometric authentication request from the service provider server over a first communications channel to a workstation, the biometric authentication request including at least a risk level of the payment transaction;
in response to receiving the biometric authentication request at the workstation, invoking a security application stored in a communications device;
initiating communications over a second communications channel by transmitting the biometric authentication request to an authentication system from the communications device over the second communications channel;
extracting a risk level from the biometric authentication request;
determining a biometric authentication data requirement corresponding to the extracted risk level;
generating a biometric authentication data capture request in response to the biometric authentication request, and transmitting the biometric authentication data capture request from the authentication system to the communications device;
validating the identity of a user;
generating a one-time pass-phrase, storing the one-time pass-phrase on the authentication system and transmitting the one-time pass-phrase to the communications device over the second communications channel when the user is validated as one of a plurality of authorized users;
obtaining the one-time pass-phrase from the communications device and inputting the one-time pass-phrase into the workstation;
transmitting the one-time pass-phrase from the workstation to the authentication system over the first communications channel, and comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase; and
completing the payment transaction with the unique user identifier when the identity of the user is validated, the transmitted and stored one-time pass-phrases match, and the stored one-time pass-phrase has not expired.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known. Moreover, the method includes determining a state of a communications device when the inputted information is known, and transmitting a biometric authentication request from a server to a workstation when the state of the communications device is enrolled. Additionally, the method includes obtaining biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and conducting the transaction when the transmitted and stored one-time pass-phrases match.
286 Citations
14 Claims
-
1. A method of authenticating users to reduce transaction risks comprising:
-
generating a merchant authentication request using a merchant system for a payment transaction and transmitting the merchant authentication request to a service provider server, the service provider server being different than the merchant system and the merchant authentication request including at least a unique user identifier for completing the transaction; transmitting a biometric authentication request from the service provider server over a first communications channel to a workstation, the biometric authentication request including at least a risk level of the payment transaction; in response to receiving the biometric authentication request at the workstation, invoking a security application stored in a communications device; initiating communications over a second communications channel by transmitting the biometric authentication request to an authentication system from the communications device over the second communications channel; extracting a risk level from the biometric authentication request; determining a biometric authentication data requirement corresponding to the extracted risk level; generating a biometric authentication data capture request in response to the biometric authentication request, and transmitting the biometric authentication data capture request from the authentication system to the communications device; validating the identity of a user; generating a one-time pass-phrase, storing the one-time pass-phrase on the authentication system and transmitting the one-time pass-phrase to the communications device over the second communications channel when the user is validated as one of a plurality of authorized users; obtaining the one-time pass-phrase from the communications device and inputting the one-time pass-phrase into the workstation; transmitting the one-time pass-phrase from the workstation to the authentication system over the first communications channel, and comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase; and completing the payment transaction with the unique user identifier when the identity of the user is validated, the transmitted and stored one-time pass-phrases match, and the stored one-time pass-phrase has not expired. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of authentication comprising:
-
selecting a payment transaction method from a menu of payment transaction methods with a workstation to complete a payment transaction on a merchant system; prompting a workstation user to input a unique user identifier into the workstation prior to completing the payment transaction on the merchant system; generating a merchant authentication request with the merchant system and transmitting the merchant authentication request to a service provider server, the service provider server being different than the merchant system and the merchant authentication request including at least the unique user identifier; determining a risk level associated with the transaction and generating a server authentication request with the service provider server, the server authentication request including at least the risk level; transmitting the server authentication request to the workstation over a first communications channel; in response to the workstation receiving the server authentication request, transmitting the server authentication request from the device to an authentication system over a second communications channel; extracting the risk level from the server authentication request; determining a biometric authentication data requirement corresponding to the extracted risk level using the authentication system; obtaining biometric authentication data in accordance with the biometric authentication data requirement using the communications device; validating the identity of the workstation user by comparing the obtained biometric data against an enrollment data record of an authorized user that is associated with the communications device in the authentication system; generating a one-time pass-phrase with the authentication system and transmitting the one-time pass-phrase to the communications device when the obtained biometric data matches the enrollment data record; obtaining the one-time pass-phrase from a display of the communications device; entering the one-time pass-phrase into the workstation; transmitting the one-time pass-phrase from the workstation to the service provider server and from the service provider server to the authentication system; validating the one-time pass-phrase and verifying the one-time pass-phrase has not expired; determining that the workstation user is permitted to conduct the transaction; and transmitting the authentication confirmation message from the service provider server to the merchant system and completing the payment transaction with the unique user identifier. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for authenticating users that reduces transaction risks comprising:
-
a computer configured as a service provider server, said service provider server comprising a database and being configured to store within said database at least a plurality of configurable policies, to determine whether inputted information is known, and to determine a risk level associated with at least one payment transaction; at least one workstation including at least a workstation computer configured to receive a one-time pass-phrase input into said workstation, said service provider server being configured to generate and transmit biometric authentication requests to said at least one workstation over a first communications channel; at least one merchant computer system configured to generate and transmit authentication requests and to complete the at least one payment transaction with a unique user identifier when the identity of a user is validated; an authentication computer system comprising an authentication database configured to store biometric authentication data associated with each of a plurality of authorized users, to store an authentication policy, and to conduct a biometric authentication process; and a communications hardware device configured to transmit a biometric authentication request to said authentication computer system over a second communications channel after the request is received by said workstation, to receive a biometric authentication data capture request transmitted from said authentication computer system, to obtain biometric authentication data in accordance with the biometric authentication data capture request from the user and transmit the obtained biometric data to said authentication computer system, wherein said service provider server, said at least one workstation, said at least one merchant computer system, said authentication computer system, and said communications hardware device are configured to communicate over a network, said authentication computer system is further configured to generate and store a one-time pass-phrase before transmitting the one-time pass-phrase to said communications hardware device over the second communications channel when the user is validated, receive a one-time pass-phrase from said workstation over the first communications channel, and compare the received one-time pass-phrase against the transmitted one-time pass-phrase, and said merchant computer system is further configured to conduct the at least one payment transaction when the user is validated, the received and transmitted one-time pass-phrases match, and the stored one-time pass-phrase has not expired. - View Dependent Claims (14)
-
Specification