Always on authentication
First Claim
1. A computer system for monitoring transactions for an individual, the computer system comprising:
- a computing device in communication with a physical data store storing profile data for an individual, wherein the computing device is configured to;
receive, from a user computing device, a request to authenticate an identity for an individual, wherein the request includes at least some personally identifying information for the individual;
authenticate the identity of the individual, based on the personally identifying information for the individual and based on profile data for the individual accessed from the physical data store;
issue, to the user computing device, a virtual credential for the individual;
associate the virtual credential with the profile data for the individual;
receive, from a requesting entity, a request to authenticate a transaction, wherein the request includes the virtual credential;
access a risk profile associated with the profile data for the individual, wherein the profile data for the individual is accessed using the virtual credential;
determine whether a level of trust for the transaction is below a threshold trust level, wherein the level of trust is based on an analysis of the risk profile and the transaction; and
in response to a determination that the level of trust for the transaction is below the threshold trust level, provide an indication to the requesting entity that further authentication of the individual is recommended.
2 Assignments
0 Petitions
Accused Products
Abstract
An Always-On Authentication (“AOA”) system comprises a computer system, such as a server, that automatically monitors and authenticates an enrolled individual'"'"'s online transactions and/or activities to, for example, detect and/or prevent fraud. The AOA system actively monitors and/or authenticates the individual'"'"'s online transactions and/or activities with service providers. A risk level may be associated with transactions and/or activities, and if a monitored transaction or activity is determined to exceed risk level for the individual, the individual may be prompted for further authentication information. A risk profile may be built for the individual over time based on the individual'"'"'s history or pattern of transactions and activities. The AOA system may issue a virtual credential to the individual and/or to one or more of the individual'"'"'s computing devices. The virtual credential may be provided to participating service provider(s) to enable seamless authentication of the individual during his/her interactions with the service provider(s).
581 Citations
20 Claims
-
1. A computer system for monitoring transactions for an individual, the computer system comprising:
a computing device in communication with a physical data store storing profile data for an individual, wherein the computing device is configured to; receive, from a user computing device, a request to authenticate an identity for an individual, wherein the request includes at least some personally identifying information for the individual; authenticate the identity of the individual, based on the personally identifying information for the individual and based on profile data for the individual accessed from the physical data store; issue, to the user computing device, a virtual credential for the individual; associate the virtual credential with the profile data for the individual; receive, from a requesting entity, a request to authenticate a transaction, wherein the request includes the virtual credential; access a risk profile associated with the profile data for the individual, wherein the profile data for the individual is accessed using the virtual credential; determine whether a level of trust for the transaction is below a threshold trust level, wherein the level of trust is based on an analysis of the risk profile and the transaction; and in response to a determination that the level of trust for the transaction is below the threshold trust level, provide an indication to the requesting entity that further authentication of the individual is recommended. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A computer-implemented method for authenticating a transaction for an individual, the computer-implemented method comprising:
-
receiving, from a requesting entity, a request to authenticate a transaction for an individual, wherein the request includes a virtual credential, wherein the virtual credential was provided to the requesting entity from the individual; accessing a risk profile associated with profile data for the individual, wherein the profile data for the individual is accessed from a profile data store using the virtual credential; determining whether a level of trust for the transaction is below a threshold trust level, wherein the level of trust is based on an analysis of the risk profile and the transaction; and in response to a determination that the level of trust for the transaction is below the threshold trust level, providing an indication to the requesting entity that further authentication of the individual is recommended;
orin response to a determination that the level of trust for the transaction is not below the threshold trust level, updating the risk profile to record information about the transaction. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. Non-transitory computer storage having stored thereon a computer program, the computer program including modules configured for execution by a computing system and including at least:
-
an individual authentication module configured to; receive, from a user computing device, a request to authenticate an identity for an individual, wherein the request includes at least some personally identifying information for the individual; authenticate the identity of the individual, based on the personally identifying information for the individual and based on profile data for the individual accessed from the physical data store; issue, to the user computing device, a virtual credential for the individual; associate the virtual credential with the profile data for the individual; a risk assessment module configured to; receive, from a requesting entity, a request to authenticate a transaction, wherein the request includes the virtual credential; access a risk profile associated with the profile data for the individual, wherein the profile data for the individual is accessed using the virtual credential; determine whether a level of trust for the transaction is below a threshold trust level, wherein the level of trust is based on an analysis of the risk profile and the transaction; and in response to a determination that the level of trust for the transaction is below the threshold trust level, provide an indication to the requesting entity that further authentication of the individual is recommended. - View Dependent Claims (17, 18, 19, 20)
-
Specification