×

Methods and systems for authenticating users

  • US 7,865,937 B1
  • Filed: 02/22/2010
  • Issued: 01/04/2011
  • Est. Priority Date: 08/05/2009
  • Status: Active Grant
First Claim
Patent Images

1. A system for authenticating users that reduces transaction risks, said system comprising:

  • a computer configured as a server, said server including at least a database, said server being configured to store within said database protected resources, to determine whether at least one transaction requires access to the protected resources when a workstation user indicates a desire to conduct the at least one transaction, to receive information inputted by the workstation user and to determine whether the inputted information is known;

    at least one workstation comprising at least a workstation computer operationally coupled to said server, said at least one workstation being configured to receive information input by the workstation user, wherein said at least one workstation, said server and a network comprise a first communications channel;

    an authentication system including an authentication database, said authentication system being configured to communicate with said server, to store within said authentication database biometric authentication data and personal data associated with each of a plurality of authorized users, to verify that the at least one transaction is pending, and to initiate a biometric authentication process over a second communications channel in response to a communication from said first communications channel; and

    a communications device included in said second communications channel, said communications device being associated with one of the plurality of authorized users and being configured to communicate with said authentication system over said second communications channel, to receive a biometric authentication data capture request generated by said authentication system and transmitted over said second communications channel from said authentication system, to capture biometric authentication data from the workstation user in accordance with the biometric authentication data capture request, and transmit the captured biometric data to said authentication system over said second communications channel, whereinthe one authorized user is associated with information inputted by the workstation user,said authentication system is further configured to validate said communications device, to determine a state of said communications device when the inputted information is known, to validate the identity of the user by comparing the captured biometric data against biometric authentication data of the one authorized user, to generate a one-time pass-phrase, store the one-time pass-phrase, and transmit the one-time pass-phrase to said communications device over said second communications channel when the workstation user is authenticated as the one authorized user,said server is further configured to transmit a biometric authentication request over said first communications channel to said authentication system when the state of said communications device is enrolled,said authentication system is further configured to extract a level of risk from the biometric authentication request, determine a biometric authentication data requirement corresponding to the extracted level of risk by consulting an authentication policy including policy levels of risk associated with biometric authentication data requirements, to compare the extracted level of risk against the policy levels of risk, to determine, the biometric authentication data requirement to be the biometric authentication data requirement that corresponds to the policy level of risk that matches the extracted level of risk, and to transmit the biometric authentication data capture request corresponding to the level of risk of the at least one transaction,said communications device is further configured to display the at least one transaction, to receive and display the one-time pass-phrase such that the one-time pass-phrase can be inputted into said at least one workstation and transmitted over said first communications channel to said authentication system,said authentication system is further configured to compare the one-time pass-phrase transmitted from said authentication system against the one-time pass-phrase received by said authentication system, andsaid server is configured to grant access to the protected resources of the one authorized user when the one-time pass-phrase transmitted from said authentication system matches the one-time pass-phrase received by said authentication system.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×