US2013212640A1PendingUtilityA1

Methods and systems for authenticating users

50
Assignee: WHITE CONOR ROBERTPriority: Mar 22, 2010Filed: Mar 18, 2013Published: Aug 15, 2013
Est. expiryMar 22, 2030(~3.7 yrs left)· nominal 20-yr term from priority
H04L 63/08G06F 21/32
50
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known. Moreover, the method includes determining a state of a communications device when the inputted information is known, and transmitting a biometric authentication request from a server to a workstation when the state of the communications device is enrolled. Additionally, the method includes obtaining biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and conducting the transaction when the transmitted and stored one-time pass-phrases match.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for authenticating users comprising:
 obtaining at least one unique user identifier from a user;   determining whether the obtained at least one unique user identifier matches a user identifier and, upon determining a match, determining a risk level corresponding to a transaction;   determining a biometric authentication data requirement corresponding to the determined risk level with a processor;   validating the user with data corresponding to the biometric authentication data requirement; and   conducting the transaction after successfully validating the user.   
     
     
         2 . A method of authenticating users in accordance with  claim 1 , said determining a risk level step comprising determining a different risk level for different transactions. 
     
     
         3 . A method of authenticating users in accordance with  claim 1 , said determining a biometric authentication data requirement step comprising determining more demanding biometric authentication data requirements as the risk level increases. 
     
     
         4 . A method of authenticating users in accordance with  claim 1 , said determining a risk level step comprising:
 determining a risk factor for the transaction and a risk level adjustment for the risk factor; and   adjusting the determined risk level according to the risk level adjustment.   
     
     
         5 . A method of authenticating users in accordance with  claim 1  further comprising:
 determining that a plurality of transactions is pending; 
 determining the risk level for each pending transaction; and 
 determining a maximum risk level to be the determined risk level. 
 
     
     
         6 . A method for authenticating users comprising:
 determining a risk level corresponding to a transaction desired to be conducted by a user and including the determined risk level in an authentication request;   extracting the determined risk level from the authentication request and determining an authentication data requirement corresponding to the determined risk level with a processor; and   validating the user with data corresponding to the authentication data requirement.   
     
     
         7 . A method for authenticating users in accordance with  claim 6 , further comprising determining whether a unique user identifier matches a user identifier and when there is a match conducting said determining a risk level step. 
     
     
         8 . A method for authenticating users in accordance with  claim 6 , further comprising determining the authentication data requirement includes different biometric types as the risk level increases. 
     
     
         9 . A method for authenticating users in accordance with  claim 6 , said determining an authentication data requirement step further comprising adjusting the determined risk level according to a risk level adjustment for the transaction. 
     
     
         10 . A method for authenticating users in accordance with  claim 6 , said validating step comprising comparing biometric data captured from the user against user biometric data with the processor, wherein the captured and user biometric data correspond to the authentication data requirement. 
     
     
         11 . A method for authenticating users in accordance with  claim 6 , said validating step comprising comparing biometric data captured from the user against corresponding user biometric data with a second processor remote from the processor. 
     
     
         12 . A method for authenticating users in accordance with  claim 6 , said determining an authentication data requirement step comprising comparing the determined risk level against an authentication policy with the processor to determine a matching risk level, wherein the authentication data requirement corresponds to the matching risk level. 
     
     
         13 . A method for authenticating users in accordance with  claim 6 , said determining an authentication data requirement step comprising comparing the determined risk level against an authentication policy with a second processor remote from the processor, wherein the authentication data requirement corresponds to the matching risk level. 
     
     
         14 . A method for authenticating users in accordance with  claim 6 , wherein:
 said validating step comprises comparing biometric data captured from the user against corresponding user biometric data with the processor, the processor being included in an authentication system; and   said determining an authentication data requirement step comprises comparing the determined risk level against an authentication policy with a second processor included in a communications device, the communications device being remote from the authentication system.   
     
     
         15 . A hand-held authentication system comprising:
 a processor; and   a memory configured to store at least user authentication data, said system being configured to:   extract a risk level corresponding to a transaction desired to be conducted by a user from an authentication request;   determine a biometric authentication data requirement corresponding to the risk level; and   validate the user with data corresponding to the biometric authentication data requirement.   
     
     
         16 . A hand-held authentication system in accordance with  claim 15  further configured to communicate with a remote processor to validate the user with biometric authentication data.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.