Systems and methods for multifactor authentication

US 9,240,012 B1
Filed: 06/24/2014
Issued: 01/19/2016
Est. Priority Date: 07/14/2006
Status: Active Grant

First Claim

Patent Images

1. A method for performing a multifactor authentication between an authenticating entity and a customer remote from the authenticating entity, utilizing a primary communication channel and a secondary communication channel, the method comprising:

receiving from the customer, by a processing machine of the authenticating entity, primary authentication information via the primary communication channel;

processing the primary authentication information by the processing machine of the authenticating entity, and retrieving customer information based on the primary authentication information;

presenting a message to the customer regarding a desired mode of communication through which the customer would like to perform a secondary authentication;

receiving from the customer a selection of the desired mode of communication, which desired mode of communication comprises the secondary communication channel;

transmitting, by the processing machine of the authenticating entity, secondary authentication information to the customer via the secondary communication channel, the secondary communication channel being different than the primary communication channel;

receiving from the customer via the primary communication channel at least a portion of the secondary authentication information;

processing the secondary authentication information received from the customer by the processing machine of the authenticating entity to authenticate the customer; and

based on successful authentication of the primary authentication information and receipt of the at least a portion of the secondary authentication information from the customer, the processing machine of the authenticating entity authenticating the customer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a method for performing an authentication (and a system for performing the method), in conjunction with a transaction, utilizing a primary channel and a secondary channel. The method may include an authenticating entity, such as a bank, (1) receiving from a customer primary authentication information via a primary channel; (2) the authenticating entity processing the primary authentication information, and retrieving customer information based on the primary authentication information; (3) the authenticating entity transmitting secondary authentication information to the customer via a secondary channel, the secondary channel being different than the primary channel; (4) the authenticating entity receiving from the customer at least a portion of the secondary authentication information; and (5) the authenticating entity performing authentication processing on the secondary authentication information received from the customer. Based on the successful authentication of the primary authentication information and the secondary authentication information received from the customer, the authenticating entity approves the customer for the transaction.

600 Citations

24 Claims

1. A method for performing a multifactor authentication between an authenticating entity and a customer remote from the authenticating entity, utilizing a primary communication channel and a secondary communication channel, the method comprising:
- receiving from the customer, by a processing machine of the authenticating entity, primary authentication information via the primary communication channel;
  
  processing the primary authentication information by the processing machine of the authenticating entity, and retrieving customer information based on the primary authentication information;
  
  presenting a message to the customer regarding a desired mode of communication through which the customer would like to perform a secondary authentication;
  
  receiving from the customer a selection of the desired mode of communication, which desired mode of communication comprises the secondary communication channel;
  
  transmitting, by the processing machine of the authenticating entity, secondary authentication information to the customer via the secondary communication channel, the secondary communication channel being different than the primary communication channel;
  
  receiving from the customer via the primary communication channel at least a portion of the secondary authentication information;
  
  processing the secondary authentication information received from the customer by the processing machine of the authenticating entity to authenticate the customer; and
  
  based on successful authentication of the primary authentication information and receipt of the at least a portion of the secondary authentication information from the customer, the processing machine of the authenticating entity authenticating the customer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the primary communication channel is the Internet and the secondary authentication information is transmitted via at least one of a telephone call, text message, or e-mail to the customer.
  - 3. The system of claim 1, wherein the customer uses a first computing device to transmit the primary authentication information to the authenticating entity and a second computing device, different from the first computing device, to transmit the secondary authentication information to the authenticating entity.
  - 4. The method of claim 1, wherein the authenticating entity is a bank.
  - 5. The method of claim 1, wherein processing performed by the authenticating entity includes referring to secondary authentication rules before invoking utilization of the secondary authentication information.
  - 6. The method of claim 5, wherein at least one rule in the secondary authentication rules is based on a dollar amount of a transaction involving the customer.
  - 7. The method of claim 5, wherein at least one rule in the secondary authentication rules is based on a merchant with which the customer is transacting.
  - 8. The method of claim 7, wherein the merchant is identified by a merchant ID received by the processing machine of the authenticating entity.
  - 9. The method of claim 1, wherein the primary authentication information includes a username and password.
  - 10. The method of claim 1, wherein the secondary authentication information includes at least one selected from the group consisting of a one-time password and a one-time authentication code.
  - 11. The method of claim 1, wherein the authentication is performed in conjunction with a transaction.
  - 12. The method of claim 11, wherein the transaction is a purchase of a product or service by the customer.
  - 13. The method of claim 12, wherein the transaction is enrollment of the customer into a service offered by the authenticating entity.
  - 14. The method of claim 11, wherein the transaction requires approval from at least one transaction approver, the method further comprising soliciting approval from the at least one transaction approver before authenticating the customer.
  - 15. The method of claim 14, further comprising determining a geographical location of the at least one transaction approver;
    - andcomparing the geographical location of the at least one transaction approver with a location of the transaction, so as to determine legitimacy of the transaction.
  - 16. The method of claim 1, wherein the primary communication channel is a website of the authenticating entity and the secondary communication channel is a telephone call, text message or e-mail to the customer, the method further comprising:
    - the customer receiving the telephone call, text message or e-mail from the authenticating entity via the secondary communication channel; and
      
      the customer transmitting, via the website, the at least a portion of the secondary authentication information back to the authenticating entity.
  - 17. The method of claim 1, wherein the customer information comprises a land-line telephone number, a cell number, an email address, or SMS information of the customer, by which to contact the customer on a channel different than the primary communication channel.

18. A method for performing a multifactor authentication between an authenticating entity and a customer remote from the authenticating entity, utilizing a primary communication channel and a secondary communication channel, the method comprising:
- receiving from the customer, by a processing machine of the authenticating entity, primary authentication information via the primary communication channel;
  
  processing the primary authentication information by the processing machine of the authenticating entity, and retrieving customer information based on the primary authentication information;
  
  transmitting, by the processing machine of the authenticating entity, secondary authentication information to the customer via the secondary communication channel, the secondary communication channel being different than the primary communication channel;
  
  receiving from the customer via the primary communication channel at least a portion of the secondary authentication information;
  
  processing the secondary authentication information received from the customer by the processing machine of the authenticating entity to authenticate the customer; and
  
  based on successful authentication of the primary authentication information and receipt of the at least a portion of the secondary authentication information from the customer, the processing machine of the authenticating entity authenticating the customer; and
  
  wherein the authentication times out upon expiration of a time-out period, which time-out period starts after receipt of the primary authentication information via the primary communication channel.

19. A system that performs authentication processing, the system including:
- a communication interface portion configured to interface with a customer and receive primary authentication information from the customer via a primary communication channel;
  
  an authenticating portion that is located remote from the customer, the authenticating portion configured to;
  
  authenticate the primary authentication information received from the customer, and based on the primary authentication information, retrieve customer information, the customer information verifying at least in part the primary authentication information,present a message to the customer regarding a desired mode of communication through which the customer would like to perform a secondary authentication;
  
  receive from the customer a selection of the desired mode of communication, which desired mode of communication comprises a secondary communication channel;
  
  output secondary authentication information to the customer via the secondary communication channel that is different than the primary communication channel, the secondary authentication information comprising at least one selected from the group consisting of a password and an authentication code;
  
  process the secondary authentication information, received from the customer via the primary communication channel, to authenticate the customer, andbased on successful receipt of the primary authentication information and the secondary authentication information from the customer, output an approval for the transaction.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system of claim 19, wherein the primary communication channel is the Internet and the secondary authentication information is transmitted via at least one of a telephone call, text message, or e-mail to the customer.
  - 21. The system of claim 19, wherein the customer information comprises a land-line telephone number, a cell number, an email address, or SMS information of the customer, by which to contact the customer on a channel different than the primary communication channel.
  - 22. The system of claim 19, wherein the communication interface portion is further configured to determine whether the system recognizes a computer that the customer is using to send the primary authentication information via the primary communication channel.
  - 23. The system of claim 19, wherein the customer communicates with the system using a smartphone.
  - 24. The system of claim 23, wherein the customer also communicates with the system using a computer separate from the smartphone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Szwalbenest, Stanley A.
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Anderson, Michael D

Application Number

US14/313,159
Time in Patent Office

574 Days
Field of Search

705/42, 705/67, 380/33, 726/3
US Class Current

1/1
CPC Class Codes

G06Q 20/4014   Identity check for transact...

G06Q 20/4015   using location information

G06Q 20/425   using two different network...

G06Q 30/06   Buying, selling or leasing ...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

H04L 69/14   Multichannel or multilink p...

H04M 1/66   with means for preventing u...

Y02D 30/50   in wire-line communication ...

Systems and methods for multifactor authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

600 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for multifactor authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

600 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links