Methods of authenticating a user for data exchange

US 9,892,409 B2
Filed: 06/20/2017
Issued: 02/13/2018
Est. Priority Date: 06/21/2016
Status: Active Grant

First Claim

Patent Images

1. A method of facilitating the exchange of data between a user having a computing device, and a remote entity, wherein a first connection has been established between the user and the remote entity, wherein the first connection between the user and the remote entity associated with a merchant is a phone call, and wherein the user has associated data exchange information with an application on the computing device, the data exchange information defining properties of the data to be exchanged between the user and the remote entity, the method comprising:

determining, at a server, whether the user has a registered payment method with the application;

in response to the user having a registered payment method for a transaction, establishing, at the server, a second connection to the computing device with an agent at a contact center, wherein a payment mode is initiated and starts recording the user'"'"'s phone call;

retrieving a user authentication attribute associated with the data exchange information;

retrieving a device authentication attribute associated with the data exchange information;

authenticating the user using the user authentication attribute; and

authenticating the computing device using the device authentication attribute, wherein data may be exchanged between the computing device and the remote entity in accordance with the data exchange information following authentication of the user and the computing device;

wherein in response to the user and the computing device being authenticated, processing the transaction with the payment method and deleting the recorded phone call sample; and

receiving an indication that the application is a third party payment application;

sending a message to the computing device, the message including a link for requesting a payment webpage;

receiving, from the computing device, a request for the payment webpage upon selection of the link;

generating the payment webpage; and

sending the generated payment webpage to the computing device; and

receiving an indication that the transaction has been authorized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of facilitating the exchange of data between a user having a computing device, and a remote entity, where a first connection has been established between the user and the remote entity, and where the user has associated data exchange information with an application on the computing device, the data exchange information defining properties of the data to be exchanged between the user and the remote entity. The method comprises establishing, at a server, a second connection to the computing device; enabling retrieval of a user authentication attribute associated with the data exchange information; enabling retrieval of a device authentication attribute associated with the data exchange information; enabling authentication of the user using the user authentication attribute; and enabling authentication of the computing device using the device authentication attribute, where data may be exchanged between the computing device and the remote entity in accordance with the data exchange information following authentication of the user and the computing device.

18 Citations

29 Claims

1. A method of facilitating the exchange of data between a user having a computing device, and a remote entity, wherein a first connection has been established between the user and the remote entity, wherein the first connection between the user and the remote entity associated with a merchant is a phone call, and wherein the user has associated data exchange information with an application on the computing device, the data exchange information defining properties of the data to be exchanged between the user and the remote entity, the method comprising:
- determining, at a server, whether the user has a registered payment method with the application;
  
  in response to the user having a registered payment method for a transaction, establishing, at the server, a second connection to the computing device with an agent at a contact center, wherein a payment mode is initiated and starts recording the user'"'"'s phone call;
  
  retrieving a user authentication attribute associated with the data exchange information;
  
  retrieving a device authentication attribute associated with the data exchange information;
  
  authenticating the user using the user authentication attribute; and
  
  authenticating the computing device using the device authentication attribute, wherein data may be exchanged between the computing device and the remote entity in accordance with the data exchange information following authentication of the user and the computing device;
  
  wherein in response to the user and the computing device being authenticated, processing the transaction with the payment method and deleting the recorded phone call sample; and
  
  receiving an indication that the application is a third party payment application;
  
  sending a message to the computing device, the message including a link for requesting a payment webpage;
  
  receiving, from the computing device, a request for the payment webpage upon selection of the link;
  
  generating the payment webpage; and
  
  sending the generated payment webpage to the computing device; and
  
  receiving an indication that the transaction has been authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of facilitating the exchange of data according to claim 1, wherein the data exchange information defines a payment method for a transaction and wherein the data exchanged in accordance with the data exchange information comprises payment information associated with the payment method.
  - 3. The method of facilitating the exchange of data according to claim 1, wherein establishing the second connection to the computing device comprises establishing a connection to the application.
  - 4. The method of facilitating the exchange of data according to claim 1, wherein enabling authentication of the user using the user authentication attribute comprises:
    - receiving a user authentication input from the user;
      
      comparing the user authentication input with the user authentication attribute; and
      
      authenticating the user if the user authentication input matches the user authentication attribute based on a confidence level.
  - 5. The method of facilitating the exchange of data according to claim 1, wherein the first connection between the user and the remote entity is an audio connection.
  - 6. The method of facilitating the exchange of data according to claim 5, wherein:
    - the user authentication attribute comprises a voice biometric;
      
      enabling authentication of the user using the user authentication attribute comprises receiving a user authentication input from the user; and
      
      receiving the user authentication input comprises recording audio data from the user.
  - 7. The method of facilitating the exchange of data according to claim 6, wherein the user has associated a plurality of data exchange information entries with the application, the method further comprising:
    - receiving a user selection of a data exchange information entry from the plurality of data exchange information entries;
      
      wherein receiving the user selection of the data exchange information entry comprises identifying the data exchange information entry from the recorded audio data.
  - 8. The method of facilitating the exchange of data according to claim 1, wherein enabling retrieval of the user authentication attribute associated with the data exchange information comprises:
    - determining a unique property relating to the user or the computing device; and
      
      retrieving the user authentication attribute from a database using the determined unique property.
  - 9. The method of facilitating the exchange of data according to claim 8, wherein enabling retrieval of the device authentication attribute associated with the data exchange information comprises retrieving the device authentication attribute from the database using the determined unique property.
  - 10. The method of facilitating the exchange of data according to claim 1, wherein enabling authentication of the computing device comprises:
    - receiving a device authentication input from the application;
      
      comparing the device authentication input with the device authentication attribute; and
      
      authenticating the computing device if the device authentication input matches the device authentication attribute.
  - 11. The method of facilitating the exchange of data according to claim 1, further comprising:
    - sending a command to the application to request authentication of the user and authentication of the computing device from a card issuer server;
      
      receiving an encrypted request from the application for authentication of the user and authentication of the computing device;
      
      directing the request for authentication of the user and authentication of the computing device to the card issuer server; and
      
      receiving an indication from the card issuer server that the user and the computing device have been authenticated.
  - 12. The method of facilitating the exchange of data according to claim 1, wherein the first connection between the user and the remote entity is an audio connection.

13. A server for facilitating the exchange of data between a user having a computing device, and a remote entity, wherein a first connection has been established between the user and the remote entity, wherein the first connection between the user and the remote entity associated with a merchant is a phone call, and wherein the user has associated data exchange information with an application on the computing device, the data exchange information defining properties of the data to be exchanged between the user and the remote entity, the server comprising an authentication processor operable to:
- determine, at a server, whether the user has a registered payment method with the application;
  
  in response to the user having a registered payment method for a transaction, establish a second connection to the application with an agent at a contact center, wherein a payment mode is initiated and starts recording the user'"'"'s phone call;
  
  retrieve, from a user database storing the data exchange information, a user authentication attribute associated with the data exchange information, and a device authentication attribute associated with the data exchange information;
  
  authenticate the user using the user authentication attribute; and
  
  authenticate the computing device using the device authentication attribute, wherein data may be exchanged between the computing device and the remote entity in accordance with the data exchange information following authentication of the user and the computing device;
  
  wherein, in response to the user and the computing device being authenticated, process the transaction with the payment method and delete the recorded phone call sample; and
  
  receive an indication that the application is a third party payment application;
  
  send a message to the computing device, the message including a link for requesting a payment webpage;
  
  receive, from the computing device, a request for the payment webpage upon selection of the link;
  
  generate the payment webpage; and
  
  send the generated payment webpage to the computing device, and receive an indication that the transaction has been authorized.

14. A method of facilitating the exchange of data between a user having a computing device, and a remote entity, wherein a first connection has been established between the user and the remote entity, wherein the first connection between the user and the remote entity associated with a merchant is a phone call, and wherein an application is on with the computing device, the method comprising:
- determining, at a server, whether the user has a registered payment method with the application;
  
  in response to the user having a registered payment method for a transaction, establishing, by the application, a second connection to the server with an agent at a contact center, wherein a payment mode is initiated and starts recording the user'"'"'s phone call;
  
  sending data exchange information to the server, the data exchange information defining properties of the data to be exchanged between the user and the remote entity;
  
  sending a user authentication attribute associated with the data exchange information to the server;
  
  sending a device authentication attribute associated with the data exchange information to the server; and
  
  exchanging data with the remote entity in accordance with the data exchange information following authentication of the user using the user authentication attribute being enabled by the server, and authentication of the computing device using the device authentication attribute being enabled by the server;
  
  in response to the user and the computing device being authenticated, processing the transaction with the payment method and deleting the recorded phone call sample; and
  
  receiving an indication that the application is a third party payment application;
  
  sending a message to the computing device, the message including a link for requesting a payment webpage;
  
  receiving, from the computing device, a request for the payment webpage upon selection of the link;
  
  generating the payment webpage; and
  
  sending the generated payment webpage to the computing device; and
  
  receiving an indication that the transaction has been authorized.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The method of facilitating the exchange of data according to claim 14, wherein the data exchange information defines a payment method for a transaction and wherein the data exchanged in accordance with the data exchange information comprises payment information associated with the payment method.
  - 16. The method of facilitating the exchange of data according to claim 14, wherein:
    - sending data exchange information to the server comprises receiving data exchange information from the user;
      
      sending the user authentication attribute to the server comprises receiving the user authentication attribute from the user; and
      
      sending the device authentication attribute to the server comprises determining a unique characteristic of the device and sending the determined unique characteristic to the server.
  - 17. The method of facilitating the exchange of data according to claim 14, further comprising:
    - sending at least one additional data exchange information entry to the server;
      
      sending at least one user authentication attribute to the server for association with the at least one additional data exchange information entry; and
      
      sending at least one device authentication attribute to the server for association with the at least one additional data exchange information entry.
  - 18. The method of facilitating the exchange of data according to claim 17, further comprising:
    - selecting a data exchange information entry from the plurality of data exchange information entries; and
      
      sending the selected data exchange information entry to the server.
  - 19. The method of facilitating the exchange of data according to claim 14, wherein the first connection between the user and the remote entity is an audio connection.
  - 20. The method of facilitating the exchange of data according to claim 19, wherein:
    - receiving the user authentication attribute from the user comprises receiving audio data input by the user; and
      
      sending the user authentication attribute to the server further comprises;
      
      recording audio data input by the user;
      
      generating a voice biometric based on the input audio data; and
      
      sending the voice biometric to the server.
  - 21. The method of facilitating the exchange of data according to claim 14, further comprising sending a unique property relating to the user or the computing device to the server for retrieval of the user authentication attribute or the device authentication attribute from a database.
  - 22. The method of facilitating the exchange of data according to claim 14, wherein authentication of the computing device being enabled by the server comprises sending, by the application, a device authentication input to the server for comparison with the device authentication attribute.
  - 23. The method of facilitating the exchange of data according to claim 14, further comprising:
    - receiving a command from the server to request authentication of the user and authentication of the computing device from a card issuer server;
      
      generating a request for authentication of the user and authentication of the computing device;
      
      encrypting the request for authentication of the user and authentication of the computing device; and
      
      sending the request for authentication of the user and authentication of the computing device to the server for redirection to the card issuer server.
  - 24. The method of facilitating the exchange of data according to claim 23, wherein generating the request for authentication of the user and authentication of the computing device comprises:
    - determining a device authentication input; and
      
      including, with the request for authentication of the user and authentication of the computing device, the device authentication input.

25. An application is run on a computing device and comprising a computer program, the application facilitating the exchange of data between the computing device and a remote entity, wherein a first connection has been established between a user of the computing device and the remote entity, wherein the first connection between the user and the remote entity associated with a merchant is a phone call, the computer program comprising instructions for enabling the computing device to:
- determine, at a server, whether the user has a registered payment method with the application;
  
  in response to the user having a registered payment method for a transaction, establish a second connection to the server with an agent at a contact center, wherein a payment mode is initiated and starts recording the user'"'"'s phone call;
  
  send data exchange information to the server, the data exchange information defining properties of the data to be exchanged between the user and the remote entity;
  
  send a user authentication attribute associated with the data exchange information to the server;
  
  send a device authentication attribute associated with the data exchange information to the server; and
  
  exchange data with the remote entity following authentication of the user using the user authentication attribute being enabled by the server and authentication of the computing device using the device authentication attribute being enabled by the server;
  
  wherein, in response to the user and the computing device being authenticated, process the transaction with the payment method and delete the recorded phone call sample; and
  
  receive an indication that the application is a third party payment application;
  
  send a message to the computing device, the message including a link for requesting a payment webpage;
  
  receive, from the computing device, a request for the payment webpage upon selection of the link;
  
  generate the payment webpage; and
  
  send the generated payment webpage to the computing device; and
  
  receive an indication that the transaction has been authorized.

26. A method of facilitating the exchange of data between a user having a computing device, and a remote entity, wherein an application is run on the user device, the method comprising:
- implementing, at the application, a method comprising the steps of;
  
  determining, at a server, whether the user has a registered payment method with the application;
  
  in response to the user having a registered payment method for a transaction, establishing, by the application, a second connection to the server with an agent at a contact center, wherein a payment mode is initiated and starts recording the user'"'"'s phone call;
  
  sending data exchange information to the server, the data exchange information defining properties of the data to be exchanged between the user and the remote entity;
  
  sending a user authentication attribute associated with the data exchange information to the server;
  
  sending a device authentication attribute associated with the data exchange information to the server; and
  
  exchanging data with the remote entity in accordance with the data exchange information following authentication of the user using the user authentication attribute being enabled by the server, and authentication of the computing device using the device authentication attribute being enabled by the server;
  
  in response to the user and the computing device being authenticated, processing the transaction with the payment method and deleting the recorded phone call sample; and
  
  receiving an indication that the application is a third party payment application;
  
  sending a message to the computing device, the message including a link for requesting a payment webpage;
  
  receiving, from the computing device, a request for the payment webpage upon selection of the link;
  
  generating the payment webpage; and
  
  sending the generated payment webpage to the computing device; and
  
  receiving an indication that the transaction has been authorized.

27. A system for facilitating the exchange of data between a user having a computing device, and a remote entity, wherein a first connection has been established between the user and the remote entity, the system comprising:
- a computing device comprising an applicationfacilitating the exchange of data between the computing device and a remote entity, wherein a first connection has been established between a user of the computing device and the remote entity, wherein the first connection between the user and the remote entity associated with a merchant is a phone call, the computer program comprising instructions for enabling the computing device to;
  
  determine, at a server, whether the user has a registered payment method with the application;
  
  in response to the user having a registered payment method for a transaction, establish a second connection to the server with an agent at a contact center, wherein a payment mode is initiated and starts recording the user'"'"'s phone call;
  
  send data exchange information to the server, the data exchange information defining properties of the data to be exchanged between the user and the remote entity;
  
  send a user authentication attribute associated with the data exchange information to the server;
  
  send a device authentication attribute associated with the data exchange information to the server; and
  
  exchange data with the remote entity following authentication of the user using the user authentication attribute being enabled by the server and authentication of the computing device using the device authentication attribute being enabled by the serverwherein, in response to the user and the computing device being authenticated, process the transaction with the payment method and delete the recorded phone call sample; and
  
  receive an indication that the application is a third party payment application;
  
  send a message to the computing device, the message including a link for requesting a payment webpage;
  
  receive, from the computing device, a request for the payment webpage upon selection of the link;
  
  generate the payment webpage; and
  
  send the generated payment webpage to the computing device; and
  
  receive an indication that the transaction has been authorized.

28. A non-transitory computer program comprising instructions that, when executed by a processor, enable a server comprising the processor to perform the method of facilitating the exchange of data between a user having a computing device, and a remote entity, wherein a first connection has been established between the user and the remote entity, wherein the first connection between the user and the remote entity associated with a merchant is a phone call, and wherein the user has associated data exchange information with an application on the computing device, the data exchange information defining properties of the data to be exchanged between the user and the remote entity, the method comprising:
- determining, at a server, whether the user has a registered payment method with the application;
  
  in response to the user having a registered payment method for a transaction, establishing, at the server, a second connection to the computing device with an agent at a contact center, wherein a payment mode is initiated and starts recording the user'"'"'s phone call;
  
  retrieving a user authentication attribute associated with the data exchange information;
  
  retrieving a device authentication attribute associated with the data exchange information;
  
  authenticating the user using the user authentication attribute; and
  
  authenticating the computing device using the device authentication attribute, wherein data may be exchanged between the computing device and the remote entity in accordance with the data exchange information following authentication of the user and the computing devicewherein in response to the user and the computing device being authenticated, processing the transaction with the payment method and deleting the recorded phone call sample; and
  
  receiving an indication that the application is a third party payment application;
  
  sending a message to the computing device, the message including a link for requesting a payment webpage;
  
  receiving, from the computing device, a request for the payment webpage upon selection of the link;
  
  generating the payment webpage; and
  
  sending the generated payment webpage to the computing device; and
  
  receiving an indication that the transaction has been authorized.

29. A computing device comprising an application run on the computing device and comprising a computer program, the application facilitating the exchange of data between the computing device and a remote entity, wherein a first connection has been established between a user of the computing device and the remote entity, wherein the first connection between the user and the remote entity associated with a merchant is a phone call, the computer program comprising instructions for enabling the computing device to:
- determine, at a server, whether the user has a registered payment method with the application;
  
  in response to the user having a registered payment method for a transaction, establish a second connection to the server with an agent at a contact center, wherein a payment mode is initiated and starts recording the user'"'"'s phone call;
  
  send data exchange information to the server, the data exchange information defining properties of the data to be exchanged between the user and the remote entity;
  
  send a user authentication attribute associated with the data exchange information to the server;
  
  send a device authentication attribute associated with the data exchange information to the server; and
  
  exchange data with the remote entity following authentication of the user using the user authentication attribute being enabled by the server and authentication of the computing device using the device authentication attribute being enabled by the serverwherein, in response to the user and the computing device being authenticated, process the transaction with the payment method and delete the recorded phone call sample; and
  
  receive an indication that the application is a third party payment application;
  
  send a message to the computing device, the message including a link for requesting a payment webpage;
  
  receive, from the computing device, a request for the payment webpage upon selection of the link;
  
  generate the payment webpage; and
  
  send the generated payment webpage to the computing device; and
  
  receive an indication that the transaction has been authorized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Eckoh UK Limited (Eckoh Plc)
Original Assignee
Eckoh UK Limited (Eckoh Plc)
Inventors
Ross, Cameron Peter Sutherland, Heath, James, Briden, Thomas Edward, Burton, Ashley, Downs, Paul
Primary Examiner(s)
GRACIA, GARY S

Application Number

US15/628,112
Publication Number

US 20170364912A1
Time in Patent Office

238 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/44   Program or device authentic...

G06Q 20/02   involving a neutral party, ...

G06Q 20/105   involving programming of a ...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/388   using mutual authentication...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/40145   Biometric identity checks

G06Q 30/0609   Buyer or seller confidence ...

H04L 63/083   using passwords cryptograph...

Methods of authenticating a user for data exchange

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Methods of authenticating a user for data exchange

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links