METHODS AND SYSTEMS FOR AUTHENTICATING USERS
3 Assignments
0 Petitions
Accused Products
Abstract
A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known. Moreover, the method includes determining a state of a communications device when the inputted information is known, and transmitting a biometric authentication request from a server to a workstation when the state of the communications device is enrolled. Additionally, the method includes obtaining biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and conducting the transaction when the transmitted and stored one-time pass-phrases match.
211 Citations
21 Claims
-
1. (canceled)
-
2. A method of authenticating users to reduce transaction risks, said method comprising:
-
transmitting a biometric authentication request from a server over a first communications channel to a workstation, the biometric authentication request including at least a level of risk; invoking a security application stored in a communications device; initiating communications over a second communications channel by transmitting the biometric authentication request to an authentication system from the communications device over the second communications channel; extracting a level of risk from the biometric authentication request; determining a biometric authentication data requirement corresponding to the extracted level of risk; generating a biometric authentication data capture request in response to the biometric authentication request, and transmitting the biometric authentication data capture request from the authentication system to the communications device; validating the identity of a user; and conducting a transaction when the identity of the user is validated. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of authentication comprising:
-
selecting a transaction method from a menu of transaction methods at a workstation to complete a transaction on a merchant system; prompting a workstation user to input a unique user identifier at the workstation prior to completing the transaction on the merchant system; generating a merchant authentication request at the merchant system and transmitting the merchant authentication request to a server, the merchant authentication request including at least the unique user identifier; determining a level of risk associated with the transaction and generating a server authentication request at the server, the server authentication request including at least the level of risk; extracting the level of risk from the server authentication request; determining a biometric authentication data requirement corresponding to the extracted level of risk at an authentication system; obtaining biometric authentication data in accordance with the biometric authentication data requirement with a communications device; determining that the workstation user is permitted to conduct the transaction; and transmitting an authentication confirmation message from the server to the merchant system and completing the transaction. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for authenticating users that reduces transaction risks comprises:
-
a computer configured as a server, said server comprises a database and is configured to store within said database at least a plurality of configurable policies, to determine whether the inputted information is known, and to determine a level of risk associated with at least one transaction; at least one workstation including at least a workstation computer configured to at least communicate with said server; at least one merchant system configured to communicate with said at least one workstation, said at least one merchant system being operable to generate and transmit authentication requests and to complete the at least one transaction when the identity of a user is validated; an authentication system comprises an authentication database and is configured to communicate with said server, to store within said authentication database biometric authentication data associated with each of a plurality of authorized users, to store an authentication policy, and to conduct a biometric authentication process; and a communications device configured to transmit a biometric authentication request to said authentication system for initiating the biometric authentication process, to receive a biometric authentication data capture request transmitted from said authentication system, to obtain biometric authentication data in accordance with the biometric authentication data capture request from the user and transmit the obtained biometric data to said authentication system. - View Dependent Claims (19, 20, 21)
-
Specification