Authentication using biometric technology through a consumer device
First Claim
1. A method for authenticating a user for a payment transaction, comprising:
- storing, by a server computer, a user fraud profile and a queue;
associating, by the server computer, a predetermined period of time with the queue;
receiving, by the server computer and from a device, payment transaction data associated with the payment transaction and a biometric digital artifact;
comparing, by the server computer, the biometric digital artifact to other biometric digital artifacts stored in the user fraud profile;
authenticating, by the server computer, the payment transaction based on the comparison;
sending, by the server computer, an authentication result to the device;
storing, by the server computer, the biometric digital artifact in the queue;
determining, by the server computer, that the predetermined period of time associated with the queue has expired;
retrieving, by the server computer, the biometric digital artifact from the queue based on the determination; and
updating, by the server computer, the user fraud profile with the retrieved biometric digital artifact.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention provide strong user authentication on a consumer device without requiring the user to go through a formal registration process with the issuer or processing network. Certain embodiments allow the use of any biometric technology (e.g., fingerprint scan, iris scan, voice recognition, etc.) supported by their consumer device (e.g., smart phone, tablet computer, personal computer) to authenticate the user. Additionally, the consumer device provides unforgeable evidence of the biometric match in the form of a biometric digital artifact to provide proof to a processing network that the match occurred. The processing network maintains a history of these authenticated transactions and biometric digital artifacts and as more and more non-fraudulent authenticated transactions occur over time, a higher level of trust (i.e., lower risk) is associated with the consumer device, biometric registration process, and the user.
62 Citations
12 Claims
-
1. A method for authenticating a user for a payment transaction, comprising:
-
storing, by a server computer, a user fraud profile and a queue; associating, by the server computer, a predetermined period of time with the queue; receiving, by the server computer and from a device, payment transaction data associated with the payment transaction and a biometric digital artifact; comparing, by the server computer, the biometric digital artifact to other biometric digital artifacts stored in the user fraud profile; authenticating, by the server computer, the payment transaction based on the comparison; sending, by the server computer, an authentication result to the device; storing, by the server computer, the biometric digital artifact in the queue; determining, by the server computer, that the predetermined period of time associated with the queue has expired; retrieving, by the server computer, the biometric digital artifact from the queue based on the determination; and updating, by the server computer, the user fraud profile with the retrieved biometric digital artifact. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A server for authenticating a user for a payment transaction, comprising:
-
a processor; and a non-transitory computer-readable storage medium, comprising code executable by the processor for implementing a method comprising; storing a user fraud profile and a queue; associating a predetermined period of time with the queue; receiving, from a device, payment transaction data associated with the payment transaction and a biometric digital artifact; comparing the biometric digital artifact to other biometric digital artifacts stored in the user fraud profile; authenticating the payment transaction based on the comparison; sending an authentication result to the device; storing the biometric digital artifact in the queue; determining that the predetermined period of time associated with the queue has expired; retrieving the biometric digital artifact from the queue based on the determination; and updating, by the server computer, the user fraud profile with the retrieved biometric digital artifact. - View Dependent Claims (9, 10, 11, 12)
-
Specification