Authentication and interaction tracking system and method

US 9,734,501 B2
Filed: 12/14/2015
Issued: 08/15/2017
Est. Priority Date: 03/03/2008
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating authentication of entities engaging in transactions, the authentication based on a record of interactions initiated by the entities, the method comprising:

receiving interaction requests from a requesting entity over a network at a central authentication and interaction tracking system including at least one computer memory and at least one computer processor, the interaction requests originating from the entities using multiple diverse applications and including a plurality of authentication factors;

executing instructions stored in the computer memory using the computer processor to perform steps including;

deriving, from each interaction request, an entity print for each requesting entity;

building, from each interaction request, an interaction signature;

classifying each interaction signature as at least one of a valid interaction signature or a fraudulent interaction signature;

processing the interaction signature with previously classified interaction signatures;

comparing the derived entity print with a pre-existing historical entity;

generating, based at least on said steps of processing and comparing, a confidence level that a requesting entity is authentic and a risk level associated with authenticity of the interaction request;

determining the risk level and confidence level meet requirements for authentication according to at least one policy;

providing positive feedback to an authentication engine when the risk level and confidence level meet requirements for authentication and opening an authentication dialog with the authentication engine when the risk level and confidence level do not meet the requirements;

executing policy rule sets at the authentication engine during the authentication dialogue to reach an authentication conclusion, the conclusion including one of a requirement for more information, a positive authentication decision, and a negative authentication decision.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the invention relate to a central authentication and interaction tracking system for authenticating an entity making a request related to a financial account. The system facilitates authentication of an entity engaging in an interaction with a financial institution, the authentication based on a record of interactions initiated by the entity. The system includes an application interface receiving interaction requests over a network, the interaction requests originating from multiple entities and including a plurality of authentication factors. The system further includes a computer processor and computer memory capable of building, from each interaction request, an entity print record for each of the multiple entities, wherein each entity print record includes indicators of the authentication factors from each initiated transaction request. The system further facilitates deriving, from the entity print record, an entity print and storing the entity print in at least one computer memory, comparing received authentication factors for a requested interaction with the entity print, and making an authentication determination based on the comparison.

Citations

21 Claims

1. A method for facilitating authentication of entities engaging in transactions, the authentication based on a record of interactions initiated by the entities, the method comprising:
- receiving interaction requests from a requesting entity over a network at a central authentication and interaction tracking system including at least one computer memory and at least one computer processor, the interaction requests originating from the entities using multiple diverse applications and including a plurality of authentication factors;
  
  executing instructions stored in the computer memory using the computer processor to perform steps including;
  
  deriving, from each interaction request, an entity print for each requesting entity;
  
  building, from each interaction request, an interaction signature;
  
  classifying each interaction signature as at least one of a valid interaction signature or a fraudulent interaction signature;
  
  processing the interaction signature with previously classified interaction signatures;
  
  comparing the derived entity print with a pre-existing historical entity;
  
  generating, based at least on said steps of processing and comparing, a confidence level that a requesting entity is authentic and a risk level associated with authenticity of the interaction request;
  
  determining the risk level and confidence level meet requirements for authentication according to at least one policy;
  
  providing positive feedback to an authentication engine when the risk level and confidence level meet requirements for authentication and opening an authentication dialog with the authentication engine when the risk level and confidence level do not meet the requirements;
  
  executing policy rule sets at the authentication engine during the authentication dialogue to reach an authentication conclusion, the conclusion including one of a requirement for more information, a positive authentication decision, and a negative authentication decision.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the multiple diverse applications include origination applications, transaction applications, and servicing applications.
  - 3. The method of claim 1, further comprising modifying the historical entity print after each interaction for each of the multiple entities, such that the historical entity print is representative of all recorded interactions over time with each of the multiple entities.
  - 4. The method of claim 1, further comprising building from each interaction request, an interaction signature for each interaction and classifying each interaction signature as a valid interaction signature or a fraudulent interaction signature.
  - 5. The method of claim 1, wherein the device identifiers include an IP address.
  - 6. The method of claim 1, wherein the personal identifier includes at least one of an RSID and a biometric indicator.
  - 7. The method of claim 1, wherein the geographical transaction features are determined by geolocation.
  - 8. The method of claim 1, wherein the authentication methods utilized include at least one of passwords, security questions, and biometric authentication factors.
  - 9. The method of claim 1, wherein the authentication engine receives input from multiple interconnected systems including an entity print system, an interaction signature system, and a policy and risk assessment system in order to make an authentication determination.

10. A method for facilitating authentication of entities engaging in transactions, the authentication based on a record of interactions initiated by the entities, the method comprising:
- receiving interaction requests from a requesting entity over a network at a central authentication and interaction tracking system including at least one computer memory and at least one computer processor, the interaction requests originating from the entities using multiple diverse applications and including a plurality of authentication factors;
  
  executing instructions stored in the computer memory using the computer processor to perform steps including;
  
  deriving, from each interaction request, an entity print for each requesting entity, wherein each entity print incorporates the authentication factors from each initiated interaction request, the authentication factors including multiple factors selected from the group including temporal transaction features, geographical transactions features, parties to transaction, identity of accounts, access method, device identifiers, personal identifiers, and authentication method utilized;
  
  comparing the derived entity print with a pre-existing historical entity print to produce an identity confidence level for the requesting entity and a risk level for the requesting entity;
  
  building from each interaction request, an interaction signature for each interaction and classifying each interaction signature as a valid interaction signature or a fraudulent interaction signature;
  
  comparing the received authentication factors for a requested interaction with the entity print and comparing the interaction signature for a received interaction request with the classified interaction signatures, wherein the comparisons yield a level of risk for each transaction;
  
  determining the risk level and confidence level meet requirements for authentication according to at least one policy;
  
  providing positive feedback to an authentication engine when the risk level and confidence level meet requirements for authentication and opening an authentication dialog with the authentication engine when the risk level and confidence level do not meet the requirements;
  
  executing policy rule sets at the authentication engine during the authentication dialogue to reach an authentication conclusion, the conclusion including one of a requirement for more information, a positive authentication decision, and a negative authentication decision;
  
  passing the conclusion from the authentication engine to an application utilized to initiate the interaction request, the application selected from the multiple diverse applications.

11. A central authentication and interaction tracking system for facilitating authentication of entities engaging in transactions, the authentication based on a record of interactions initiated by the entities, the method comprising:
- an application interface receiving interaction requests from a requesting entity over a network, the interaction requests originating from the entities using multiple diverse applications and including a plurality of authentication factors;
  
  at least one computer memory storing information from the interaction requests and instructions for processing the information; and
  
  at least one computer processor accessing the computer memory and executing the stored instructions in the computer memory to perform steps including;
  
  deriving, from each interaction request, an entity print for each requesting entity;
  
  building, from each interaction request, an interaction signature;
  
  classifying each interaction signature as at least one of a valid interaction signature or a fraudulent interaction signature;
  
  processing the interaction signature with previously classified interaction signatures;
  
  comparing the derived entity print with a pre-existing historical entity print;
  
  generating, based at least on said steps of processing and comparing, a confidence level that a requesting entity is authentic and a risk level associated with authenticity of the interaction request;
  
  determining the risk level and confidence level meet requirements for authentication according to at least one policy;
  
  providing positive feedback to an authentication engine when the risk level and confidence level meet requirements for authentication and opening an authentication dialog with the authentication engine when the risk level and confidence level do not meet the requirements;
  
  executing policy rule sets at the authentication engine during the authentication dialogue to reach an authentication conclusion, the conclusion including one of a requirement for more information, a positive authentication decision, and a negative authentication decision.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the multiple diverse applications include origination applications, transaction applications, and servicing applications.
  - 13. The system of claim 11, wherein the computer processor further performs the step of modifying the historical entity print after each interaction for each of the multiple entities, such that the historical entity print is representative of all recorded interactions over time with each of the multiple entities.
  - 14. The system of claim 11, wherein the computer processor further performs the step of building from each interaction request, an interaction signature for each interaction and classifying each interaction signature as a valid interaction signature or a fraudulent interaction signature.
  - 15. The system of claim 11, wherein the device identifiers include an IP address.
  - 16. The system of claim 11, wherein the personal identifier includes at least one of an RSID and a biometric indicator.
  - 17. The system of claim 11, wherein the geographical transaction features are determined by geolocation.
  - 18. The system of claim 11, wherein the authentication methods utilized include at least one of passwords, security questions, and biometric authentication factors.
  - 19. The system of claim 11, wherein the authentication engine receives input from multiple interconnected systems including an entity print system, an interaction signature system, and a policy and risk assessment system in order to make an authentication determination.

20. A central authentication and interaction tracking system for facilitating authentication of entities engaging in transactions, the authentication based on a record of interactions initiated by the entities, the method comprising:
- an application interface receiving interaction requests from a requesting entity over a network, the interaction requests originating from the entities using multiple diverse applications and including a plurality of authentication factors;
  
  at least one computer memory storing information from the interaction requests and instructions for processing the information; and
  
  at least one computer processor accessing the computer memory and executing the stored instructions in the computer memory to perform steps including;
  
  receiving interaction requests from a requesting entity over a network at a central authentication and interaction tracking system including at least one computer memory and at least one computer processor, the interaction requests originating from the entities using multiple diverse applications and including a plurality of authentication factors;
  
  executing instructions stored in the computer memory using the computer processor to perform steps including;
  
  deriving, from each interaction request, an entity print for each requesting entity, wherein each entity print incorporates the authentication factors from each initiated interaction request, the authentication factors including multiple factors selected from the group including temporal transaction features, geographical transactions features, parties to transaction, identity of accounts, access method, device identifiers, personal identifiers, and authentication method utilized;
  
  comparing the derived entity print with a pre-existing historical entity print to produce an identity confidence level for the requesting entity and a risk level for the requesting entity;
  
  building from each interaction request, an interaction signature for each interaction and classifying each interaction signature as a valid interaction signature or a fraudulent interaction signature;
  
  comparing the received authentication factors for a requested interaction with the entity print and comparing the interaction signature for a received interaction request with the classified interaction signatures, wherein the comparisons yield a level of risk for each transaction;
  
  determining the risk level and confidence level meet requirements for authentication according to at least one policy;
  
  providing positive feedback to an authentication engine when the risk level and confidence level meet requirements for authentication and opening an authentication dialog with the authentication engine when the risk level and confidence level do not meet the requirements;
  
  executing policy rule sets at the authentication engine during the authentication dialogue to reach an authentication conclusion, the conclusion including one of a requirement for more information, a positive authentication decision, and a negative authentication decision; and
  
  passing the conclusion from the authentication engine to an application utilized to initiate the interaction request, the application selected from the multiple diverse applications.

21. A non-transitory computer readable storing instructions for facilitating authentication of entities engaging in transactions, the authentication based on a record of interactions initiated by the entities, the instructions executed by a computer processor to perform steps including:
- receiving interaction requests from a requesting entity over a network at a central authentication and interaction tracking system including at least one computer memory and at least one computer processor, the interaction requests originating from the entities using multiple diverse applications and including a plurality of authentication factors;
  
  deriving, from each interaction request, an entity print for each requesting entity;
  
  building, from each interaction request, an interaction signature;
  
  classifying each interaction signature as at least one of a valid interaction signature or a fraudulent interaction signature;
  
  processing the interaction signature with previously classified interaction signatures;
  
  comparing the derived entity print with a pre-existing historical entity print;
  
  generating, based at least on said steps of processing and comparing, a confidence level that a requesting entity is authentic and a risk level associated with authenticity of the interaction request;
  
  determining the risk level and confidence level meet requirements for authentication according to at least one policy;
  
  providing positive feedback to an authentication engine when the risk level and confidence level meet requirements for authentication and opening an authentication dialog with the authentication engine when the risk level and confidence level do not meet the requirements;
  
  executing policy rule sets at the authentication engine during the authentication dialogue to reach an authentication conclusion, the conclusion including one of a requirement for more information, a positive authentication decision, and a negative authentication decision; and
  
  passing the conclusion from the authentication engine to an application utilized to initiate the interaction request, the application selected from the multiple diverse applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Durney, Stephen, Pletz, Tracy M., Webb, Timothy A.
Primary Examiner(s)
HO, DAO Q

Application Number

US14/967,496
Publication Number

US 20160110719A1
Time in Patent Office

610 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

H04L 63/08   for authentication of entit...

H04L 65/1101   Session protocols

H04L 9/40   Network security protocols

Authentication and interaction tracking system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication and interaction tracking system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links