Systems and methods for multifactor authentication

Description

RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No. 14/313,159 filed Jun. 24, 2014, which is a continuation of U.S. application Ser. No. 11/610,289 filed Dec. 13, 2006, which claims priority to U.S. Provisional Application Ser. No. 60/830,672 filed Jul. 14, 2006, all of which is incorporated herein by reference in their entirety.

BACKGROUND OF THE INVENTION

Authenticating people, particularly remotely, has been a difficult operation to make resistant to attack. Since single authenticating techniques are vulnerable to theft, it has become attractive to various groups to devise ways to do multifactor authentication, where more than one of (something you have, something you know, something you are) is used in demonstrating the identity of a person whose identity is to be established.

Typically, doing this has involved using relatively complex or expensive devices such as cards with keyboards on them (where you authenticate to the card and then use it), fingerprint readers, or digital certificates requiring public/private encryption to validate that the presenter is in possession both of a password and of a private key.

All this complexity has delayed widespread use of such systems, since the cost of giving out hundreds of millions of copies of devices has been kept high by the need to authenticate two or more things, as well as by the cost of building the system components themselves.

The invention addresses these problems and others that are present in known systems.

SUMMARY OF THE INVENTION

The invention provides a method for performing an authentication (and a system for performing the method), in conjunction with a transaction, utilizing a primary channel and a secondary channel. The method may include an authenticating entity, such as a bank, (1) receiving from a customer primary authentication information via a primary channel; (2) the authenticating entity processing the primary authentication information, and retrieving customer information based on the primary authentication information; (3) the authenticating entity transmitting secondary authentication information to the customer via a secondary channel, the secondary channel being different than the primary channel; (4) the authenticating entity receiving from the customer at least a portion of the secondary authentication information; and (5) the authenticating entity performing authentication processing on the secondary authentication information received from the customer. Based on the successful authentication of the primary authentication information and the secondary authentication information received from the customer, the authenticating entity approves the customer for the transaction.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention can be more fully understood by reading the following detailed description together with the accompanying drawings, in which any like reference indicators are used to designate like elements, and in which:

FIG. 1 is a flow chart generally showing an authentication process in accordance with one embodiment of the invention;

FIG. 2 is a flow chart generally showing a further authentication process in accordance with one embodiment of the invention;

FIG. 3 is a block diagram showing an authentication system in accordance with one embodiment of the invention;

FIG. 4 is a block diagram showing further details of the authentication system of FIG. 3, and in particular the authentication entity system, in accordance with one embodiment of the invention;

FIG. 5 is a further flow chart showing an enrollment authentication process in accordance with one embodiment of the invention;

FIG. 6 is a flow chart showing an authentication process utilizing multiple transaction approvers in accordance with one embodiment of the invention;

FIG. 7 is a flowchart showing further details of the secondary authentication, performed in the process of FIG. 6, in accordance with one embodiment of the invention; and

FIG. 8 is a flowchart showing aspects of soliciting approval from multiple transaction approvers, performed in the process of FIG. 7, in accordance with one embodiment of the invention.

DETAILED DESCRIPTION OF THE INVENTION

Hereinafter, various aspects of embodiments of the invention will be described. As used herein, any term in the singular may be interpreted to be in the plural, and alternatively, any term in the plural may be interpreted to be in the singular.

What is proposed here is a system and method which provides a form of two factor authentication which resists fraud. The invention can be supported using relatively very simple hardware and/or existing hardware.

More specifically, the invention provides methods and systems for performing an authentication, in conjunction with a transaction. Embodiments of the invention utilize a primary channel and a secondary channel. In accordance with one embodiment of the invention, a primary authentication is performed on the primary channel. In addition, a secondary authentication is performed on a secondary communications, i.e., the secondary authentication relies at least in part on a secondary communication channel. Thus, security is offered by the entities indeed possessing the devices to communicate on both the first channel and the second communications, as well as the information needed to effect such communications. Various details are set forth below.

As described herein, the invention utilizes a primary authentication (or first authentication) on a first communication channel and a secondary authentication (or second authentication) on a secondary communication channel, the first channel being different than the second. It should be well appreciated what is generally known as a “different” communication channel to one of ordinary skill in the art. For example, clearly a land phone communicating with another land phone over telephone lines is a different communication channel vis-à-vis two computers communicating over an internal network. However, for purposes of definition as described herein, a “different communication channel” means that a first communication channel between two entities utilizes either different information or a different device (or both different information and a different device) vis-à-vis another communication channel. Thus, for example, a computer using a dial-up connection via the telephone line is considered a different communication channel vis-à-vis a telephone using the same telephone line, i.e., (1) the computer is a different device vis-à-vis the telephone set, and (2) the computer uses a URL (for example) vis-à-vis a telephone number. Commonly, the use of different devices goes hand in hand with different information needed to use such devices. In accordance with one aspect of the invention, the security provided by the two channel authentication described herein resides in that different information (and different devices) are needed to communicate over a first channel vis-à-vis a second channel. Such mandates that the communicating entities both are in possession of the devices to perform such communications, and are also in possession of the information to utilize such devices. In further explanation, FIG. 1 is a flow chart generally showing an authentication process in accordance with one embodiment of the invention. As illustrated, the authentication process starts in step 100 and passes to step 110. In step 110, customer information is sent from a customer device to the authenticating entity on a primary channel (e.g. sent via the Internet with the customer at a computer terminal—interfacing with a web page). In step 120, the authenticating entity receives the customer information. Then the process passes to step 130.

Step 130 shows that, on the primary channel (such as the Internet), communications are exchanged between customer and authenticating entity to perform a primary authentication. For example, this step might include the customer providing a user name and PIN, and the bank verifying the submitted user name and PIN.

Then, in step 140, the authenticating entity effects a communication to the customer on a secondary channel. For example, the authenticating entity (bank) makes an outbound phone call, sends a SMS (short message service) message or sends an e-mail to the customer. Such customer contact information might be pulled from the authenticating entity database. The customer may also be contacted as to which secondary channel is preferable to them. Thus, the out-bound call, or other communication from the bank, is effected on a secondary channel.

The communication from the authenticating entity to the customer on the secondary channel contains secondary authentication information. This secondary authentication information might be in the form of a one-time password or PIN. Once received, the customer enters the one-time password or PIN onto the website, in accordance with one embodiment of the invention.

That is, in step 150, in accordance with one embodiment of the invention, the customer receives a communication over the secondary channel and responds by submitting the secondary authentication information to the authenticating entity via the primary channel (e.g., the customer enters the password or PIN into the web page of the bank).

Then, the process passes to step 160. In step 160, the authentication request is processed based on the primary authentication and the secondary authentication. That is, the authentication information from the customer is compared with authentication information maintained by the authenticating entity. In this example, the authentication is verified.

Accordingly, in step 170, the authentication process, being successful, is terminated. Thereafter, for example, the requested transaction is processed, i.e., the merchant is given approval, or some other requested action is performed.

FIG. 2 is a further flow chart showing an authentication process in accordance with one embodiment of the invention. While similar to the process of FIG. 1, FIG. 2 shows further specifics of one embodiment.

As shown, the process of FIG. 2 starts in step 200 and passes to step 210. In step 210, a customer working at a PC (personal computer) exchanges communications with a bank over the Internet via the bank's web page. The Internet is thus the primary channel in this example. The exchanged communications over the primary channel include primary authentication information such as a PIN. In step 220, the bank (i.e., an authenticating entity) receives the PIN via the Internet and authenticates the PIN, i.e., a primary authentication is performed.

Then, in step 240, the bank makes an outbound phone call to the customer (i.e., effects a communication via a second channel). In accordance with this embodiment of the invention, the call contains a one time password. Then, in step 245, the customer receives the one time password via the phone call from the bank. The customer then enters the password into the bank website. Alternatively, the customer might be instructed to call the bank and receive the password in some suitable manner. That is, in some manner, the customer would advise the bank of the customer's identity, and the bank in turn would provide the one-time password.

FIG. 2 also shows an alternative embodiment in which the customer the customer sends the password back via the telephone, i.e., instead of the customer conveying the password back to the bank via the Internet (the primary channel). For example, the customer might receive the phone call with the one-time password, and the phone call message advises the client to call back on a separate number. Alternatively, the phone call might prompt the customer to enter back the password that has just been provided to the customer. Such embodiment (over the secondary channel) would confirm that there was indeed a person at the called number, and that the person repeated back the password, which was provided to him.

Returning now to step 245 of FIG. 2, after step 245, the process passes to step 250, as shown in FIG. 2. In step 250, the bank receives the one-time password from the customer via the Internet, such as via the banks website, for example. The bank then authenticates the one time password (i.e., a secondary authentication is performed). In step 260, based on the primary authentication and the secondary authentication, authentication is granted for the transaction such that the desired transaction is authorized. The transaction is then processed. In step 270, the authentication process ends.

FIG. 3 is a block diagram showing an authentication system 300 in accordance with one embodiment of the invention. The authentication system 300 includes a primary authentication device 310 and a secondary authentication device 320. Both the primary authentication device 310 and the secondary authentication device 320 interface with a user 302, i.e., a customer 302. For example, the primary authentication device 310 may be in the form of a personal computer (of the user) with access to the web, for example. On the other hand, the secondary authentication device 320 may be in the form of a telephone of the user, for example. The authentication entity system 340 may be a bank with a bank processing platform, for example. The authentication system 300 may be used to practice the various embodiments of the invention as described herein.

As shown in FIG. 3, the primary authentication device 310 includes an interface portion 314. The interface portion 314 may be in the form of a monitor with keyboard and mouse, for example, i.e., the user interface of a computer. The primary authentication device 310 may further include a communication portion 312. The communication portion 312 may be in the form of an Internet connection, e.g., a modem or other interface.

In this example, the primary authentication device 310 communicates with the authentication entity system 340 over the primary communication channel 362, i.e., the Internet. On the other hand, the secondary authentication device 320 communicates with the authentication entity system 340 over the secondary communication channel 364, i.e., in this example, telephones communicating over a standard phone network.

FIG. 4 is a block diagram showing further details of the authentication entity system 340 of FIG. 3, in accordance with one embodiment of the invention. The authentication entity system 340 includes a communication interface portion 342 and a memory portion 344. The communication interface portion 342 interfaces with the communication channels 362, 364 so as to communicate data, i.e., such as authentication information, with the primary authentication device 310 and the secondary authentication device 320. Accordingly, the communication interface portion 342 is provided with the functionality to interface with a variety of channels, such as an Internet interface and telephony interface, for example. The memory portion 344 serves as a database to store various data associated with, and needed by, operation of the authentication entity system 340, i.e., such as customer information. For example, when a username and password comes in from a customer on the primary channel, the authenticating entity may pull the customer's phone number, or other contact information, from the memory portion 344. The customer's phone number is then used, in this example, to forward a one-time password to the customer via the secondary communication channel 364, in accordance with one embodiment of the invention.

The authentication entity system 340 also includes an authenticating processing portion 350. The authenticating processing portion 350 performs various processing of the authentication entity system 340. In particular, the authenticating processing portion 350 includes a comparison portion 354. The comparison portion 354 performs a comparison between submitted authentication information and information that is on file with the authenticating entity, i.e., stored in the memory portion 344. Based on such comparison, the comparison portion 354 either denies the transaction, approves the transactions, or moves the processing to the next step in the authentication. The authentication processing is performed on the primary authentication, as well as the secondary authentication.

The authenticating processing portion 350 further includes a risk determination portion 356. The risk determination portion 356, in accordance with one embodiment of the invention, is used by the authenticating processing portion 350 to determine the risk associated with a particular transaction. For example, the risk determination portion 356 might flag the transaction if the dollar amount is sufficiently high and/or if the transaction is through a particular merchant, for example. However, as desired, any criteria might be used to flag a particular transaction. For example, criteria relating to the particulars of the customer might be used. Accordingly, the secondary authentication (over the secondary communication channel 364) might only be used if the transaction is flagged by the risk determination portion 356. With un-flagged transactions, e.g., transactions with a low dollar amount, the authentication entity system 340 may rely only on processing (including authentication) over the primary communication channel 362.

The authenticating processing portion 350 further includes a time-out portion. The time-out portion monitors the time elapsed during a complete authentication process. In particular, the time-out portion monitors the time between the primary authentication and the secondary authentication. The measurement of elapsed time may work off any particular event or events in the authentication process. For example, the time-out portion might measure the time between when a PIN is received from the customer (in conjunction with the primary authentication) vis-à-vis when the customer submits secondary authentication information. However, any other suitable events might be used. Further aspects of the time-out portion are described below.

FIG. 5 is a flow chart showing specifics of a further authentication process in accordance with one embodiment of the invention. In particular, the process of FIG. 5 relates to enrollment of a customer in a service offered by the authenticating entity. FIG. 5 shows the various steps in such enrollment process.

The illustrative process of FIG. 5 starts in step 500. Then in step 510, a customer working at his computer exchanges communications with the bank, over the Internet, via the bank's web page. Accordingly, in this example, the Internet is the primary channel. The exchanged communications between the customer and the bank include the customer's User ID and PIN. That is, in this example, the user, who wishes to enroll in a service, is an existing customer of the bank who possesses a User ID and PIN. For example, the service might be newly offered by the bank.

After step 510, the process passes to step 520. In step 520, the bank, i.e., the authenticating entity, receives the User ID and PIN (submitted by the customer) via the Internet and recognizes that information is from a new machine. That is, for that particular service, the bank has not seen the user's computer. However, the bank does recognize the user as a customer.

In step 530, the bank then checks the information on file for that particular customer, i.e., to authenticate the User ID and PIN. Also, the bank checks what contact information the bank has on file for that particular customer. In this example, the bank determines, based on a check of the bank's records, that the user has an e-mail address and a telephone number.

Then, the process passes to step 540. In step 540, the bank generates and presents the user with a message regarding which mode of communication, i.e., upon which communication channel, the user would like to perform the secondary authentication. For example, the bank presents the user, on the user's computer, with a message:

“DO YOU WANT TO CONFIRM IDENTITY VIA E-MAIL OR PHONE”

In this example, the customer responds that he would like to confirm identity via telephone. Accordingly, in step 540, the bank makes an outbound phone call to the customer. That is, the bank initiates a secondary authentication on a secondary channel. Then, the customer takes the call and retrieves the one time password that is in the call. For example, an automated voice-message system managed by the bank might verbally convey the one time password.

The process then passes to step 560. In step 560, the customer enters the password, obtained via the telephone call from the bank to the customer, into the bank website.

In step 570, the bank receives the password from the customer via the Internet (the bank website) and authenticates the password, i.e., the secondary authentication is performed by the bank. Then in step 580, based on the primary authentication and the secondary authentication, authorization is granted for the enrollment. As a result, the authentication loop, operating over two channels is closed. Based on the authentication of the customer, the enrollment is then processed. In step 590 of FIG. 5, the process ends.

As described herein, various schemes are utilized to authenticate the customer (e.g. individual/entity) to an authenticating entity, such as a bank. It is appreciated that in conjunction with the processes of the embodiments described herein, it may be needed or desired for the authenticating entity to authenticate to the customer. For example, a caller identification (caller ID) might be used such that the customer knows that the authenticating entity is calling. Illustratively, the customer may be on-line and doing a purchase. In accordance with the embodiments discussed herein, the bank calls the customer, i.e., the system sends a call to the customer (on the home phone of the customer) with the one time password. The caller ID on the customer's phone may be provided to come up as the authenticating entity, e.g. Chase Bank. Other arrangements may be used to authenticate the authenticating entity (e.g. bank) to the customer. On the other hand, caller ID might also be used to authenticate the customer, such as authenticating the customer's cell phone (prior to receiving instructions from such cell phone).

FIG. 6 is a flow chart showing an authentication process utilizing multiple transaction approvers in accordance with one embodiment of the invention. Each of the multiple transaction approvers may be associated with one or more authentication devices. That is, in this embodiment, multiple persons are contacted (on the secondary channel) to seek approval of the transaction.

As shown in FIG. 6, the process starts in step 600 and passes to step 610. In step 610, the customer requests a transaction to be processed at a retail merchant POS (point-of-sale). The merchant runs the card through the point of sale device and collects information from the customer, for example from the customer and/or the card itself. This information includes the primary authentication information, with the primary PIN. Then, in step 620, the primary authentication information (with primary PIN) is forwarded to the acquiring bank that is associated with the particular merchant, and then on to the card issuing bank that is associated with the particular card that the customer is using. The process passes to step 630.

In step 630, the card issuing bank (authenticating entity) receives the authentication information with PIN and authenticates the primary PIN. Then, in accordance with this embodiment, in step 640, the authentication entity performs secondary authentication for the transaction. Further details of step 640 are shown in both FIGS. 7 and 8. After step 640, the process passes to step 650.

In step 650, the process determines whether the authentication of the primary and secondary password was successful. If yes, the issuing bank approves the transaction. If no, the transaction is declined. Then in step 670, the approval/non-approval is forwarded back to the merchant. The transaction is then completed, i.e., the sale is made or the transaction is terminated. In step 680, the authentication process ends.

As noted above, FIG. 7 is a flowchart showing further details of the secondary authentication, performed in the process of FIG. 6, in accordance with one embodiment of the invention. The subprocess begins in step 640 and passes to step 642.

In step 642, the authenticating entity bank retrieves account data from its records. The account data includes particulars of the account, including secondary authentication rules. The secondary rules may vary as desired. For example, the secondary rules may designate a dollar amount at which the secondary authentication will be invoked, particulars of the secondary authentication and the transaction approver(s) associated with the secondary authentication, which transaction approvers are contacted under what circumstances, and/or any other desired criteria.

In the example of FIG. 7, in step 643, the process, based on the secondary authentication rules, determines which persons and/or entities are transaction approvers for the requested transaction associated with the particular card. Accordingly, in step 644, the process solicits approval from the transaction approvers, i.e., forwards respective communications to the transaction approver requesting their approval of the requested transaction. The authenticating entity then inputs responses from the transaction approvers. The responses may include YES, NO, or DON″T KNOW, for example. Further details of step 644 are illustrated in the flowchart of FIG. 8.

After step 644 of FIG. 7, the process passes to step 646. In step 646, the process determines whether the responses from the transaction approvers satisfy the rules, so as to approve the transaction. Such determination determines whether the secondary authentication will be successful or not.

Then, the process passes to step 647. In step 647, a geographical check is performed on the transaction for the transaction approvers. That is, as described below, a plurality of transaction approvers are contacted to determine if they approve of the transaction. In conjunction with such communications, the authenticating entity may also perform a further check on the validity of the requested transaction. This further check uses geographical information regarding the transaction approver devices, and where they are located, in conjunction with other particulars of the transaction devices. The further check, in short, performs an analysis to determine (based on what the authenticating entity knows) could the requested transaction legitimately take place. For example, assume each of the transaction approvers utilizes a cell phone, and that each have indicated they want to be contacted on their cell phone for any requested secondary authentication. In the course of communications with the transaction approvers, the authenticating entity can determine the geographical location of their respective cell phones. If none of the transaction approvers are at a location of the transaction, then the transaction may be denied. For example, if all the transaction approvers are on the east coast (as determined by the location determination of the cell phones) and the transaction is on the west coast (as determined from knowledge about the merchants point-of-sale), such suggests the transaction is fraudulent. It is appreciated that tolerances and exceptions may be utilized as desired. For example, exceptions might be provided for slight variations in geographical location, i.e., of a POS vis-à-vis authentication devices, for example.

After step 647 of FIG. 7, the process passes to step 648. In step 648, the process returns to step 650 of FIG. 6.

FIG. 8 is a flowchart showing aspects of soliciting approval from multiple transaction approvers, performed in the process of FIG. 7, in accordance with one embodiment of the invention. In this example, responses may include (YES, NO, or DON'T KNOW).

After starting in step 644, the subprocess of FIG. 8 passes to step 645. In step 645, the authenticating entity determines that, in this particular example, there are three (3) transaction approvers:

(1) transaction approver 1 is a mother with a cell phone;

(2) transaction approver 2 is the father with a PDA; and

(3) transaction approver 3 is a son with a cell phone.

Further, the authenticating entity determines that transaction approver 3 is the transaction approver that is indeed requesting the transaction. It should be noted that is not needed that the authenticating entity determine which transaction approver is indeed requesting the transaction. Rather, such may be suitably controlled by the rules that are in place.

FIG. 8 then shows the authenticating entity contacting each of the transaction approvers in parallel. The authenticating entity first contacts transaction approver 3, i.e., the son with a cell phone, who requested the transaction. That is, in step 662 of FIG. 8, the authenticating entity calls transaction approver 3. The call provides the secondary password (for this particular transaction) and requests the transaction approver 3 to provide the one-time password to the merchant (so as to show approval of the transaction). Then, in step 663, the transaction approver 1 has submitted the one-time password, i.e., the secondary password, to the merchant POS, and the authenticating entity receives the secondary password from the merchant POS, i.e., via the primary channel (thus approval from transaction approver 3 is secured).

In parallel to securing the approval of transaction approver 3, the authenticating entity also seeks out the approval of transaction approvers 1 and 2.

That is, in step 666 a call is made to transaction approver 1 (cell phone). The call provides particulars of the transaction (e.g. amount) and requests transaction approver 1 to approve the transaction. In step 667, the authenticating entity receives a response from the transaction approver 1, and the response is “YES”.

Also, in step 664, a transmission is sent to transaction approver 2 (who uses a PDA). The transmission provides particulars of the transaction (e.g. amount) and requests that transaction approver 2 approve the transaction. In step 665, the authenticating entity receives a response from the transaction approver 2. The response is “MAYBE”. Then in step 669, the process returns to step 646 of FIG. 7.

As described above, in step 646, the authenticating entity determines whether the responses from the transaction approvers satisfy the rules, so as to approve the transaction. In this example, transaction approver 3 and transaction approver 1 both indicated yes, while transaction approver 2 indicated maybe, i.e., indicating that transaction approver 2 is neutral. Thus, in this example, the rules are satisfied, and the transaction is approved. As noted herein, any suitable set of rules may be utilized based on various factors. For example, the rules may dictate that all the transaction approver will be contacted only of the dollar amount is above a certain amount. In general, the rules may control which transaction approvers are contacted under which conditions. For example, the rules may only require that only one parent respond affirmatively to a requested transaction.

As described above, the transaction approvers are contacted “in parallel.” However, such is not needed to be the case. The transaction approvers might be contacted in turn, i.e. in serial fashion based on a suitable rule set. Indeed, the rules may provide for a hierarchy of transaction approvers. That is, one transaction approver might be contacted after which the process is not continued till the authenticating entity receives a YES response from that transaction approver (or alternately a MAYBE or DON'T KNOW response might be required before moving on to the next transaction approver). Such hierarchical processing might be used in conjunction with the processing of FIG. 8, e.g. the approval of one transaction approver might be required before contacting the other transaction approvers in parallel (that is, the other transaction approvers are contacted in parallel to each other, but only after the first transaction approver has approved the transaction. It is appreciated that variations of such processing may be used, as is desired.

Various geographic related authentication techniques have been described herein. The invention may also utilize a geographic check performed for computers on the Internet. That is, a geographic check may be performed to determine where a customer's computer is (who is requesting a transaction). Thus, the authenticating entity can tell where the request is corning from. For example, if the authenticating entity (bank) is in an internet banking session and the customer lives in Wilmington, Del., and the request is coming from Russia, a rule set may then direct the system to immediately go into a secondary verification, as described above, or take other appropriate action.

Further, with regard to cell phones, the authenticating entity (or one acting on behalf of the authenticating entity) can determine the location of a cell phone by the tower it is using. Thus, if the authenticating entity determines that the computer the customer is using is in Wilmington, Del. and the location of the cell phone (determined via the secondary authentication) is also in Wilmington, the risk is small that the transaction is fraudulent. However, if the same customer (with the computer in Wilmington) is determined to be calling from a cell phone in Virginia, such scenario identifies that the transaction may be fraudulent. Accordingly, further authentication techniques may be used to dispel the possibility of fraud or decline the transaction.

The systems and methods of embodiments of the invention may be used in any “transaction”, including a conveyance of information, in which authentication of a user is needed or desired. Such transaction might include an enrollment, a telephone transaction, Internet transaction (such as an Internet purchase), network transaction, infrared transaction, radio signal transaction, credit card transaction, debit card transaction, smart card transaction, ACH transaction, stock trade transaction, mutual fund transaction, swap, PAYPAL® transaction, BILL ME LATER® transaction, electronic funds transfer transaction, financial application transaction, an arrangement to set up payments to an entity, a verification, an ATM transaction, an identification message verification, and/or a confirmation of identify, for example. For example, such a transaction might include a message from one human user to another human user, a human user communicating with an electronic device, and/or two electronic devices communicating with each other. The transaction may or may not be in a financial context, i.e., for example, the message might be authorizing the opening of a door or the transfer of a non-financial related message, for example.

Any communication channel which carries suitable communications (e.g. as described herein) may be used for either the primary channel or the secondary channel. The use of one channel for the primary authentication information and a different channel for the secondary authentication information (i.e., for at least one transmission of the secondary authentication information, e.g. from the bank to the customer) lends substantial prevention of fraud. Thus, for example, the communications, over their respective channels, may include network communications, Internet communications, SMS communications, text message communications, telephone communications, land-line telephone communications, cell phone communications, RFID communications, satellite communications, e-mail communications, electronic communications, communications via an ATM, VRU (voice-recognition-unit) communications, and/or radio communications, for example.

Further, the communications in the practice of the invention may utilize and be supported by any suitable device including any of telephone, land phone, cell phone, satellite phone, telegraph, fax, beeper, one-way cable TV, one-way satellite, dial-out terminal, on-line terminal, Internet, Intranet or Extranet, SmartPhone, 2-way beeper, pager, Personal Digital Assistant (PDA), Personal Computer (PC), browser, radio transmission device, desktop computer, laptop computer, a buffer storing retrievable data, express mail delivery, commercial express delivery and various systems of-the-type or similar in nature to those mentioned herein. Such lists set forth herein are merely illustrative, and is not exhaustive.

In one embodiment, the invention herein described can be incorporated in payment systems with very minor changes at issuer sites and using mainly existing merchant facilities. For example, the method might use the secondary authentication information, e.g. the one time password, in place of the commonly used CVV code.

As described above with reference to FIG. 2, secondary authentication information is conveyed to the customer via a phone call from the bank to the customer. This secondary authentication information is then conveyed back to the bank via the customer entering the information into a web page. Illustratively, however, the roles of the two channels may of course be reversed, as they may also be reversed in the other embodiments discussed herein. Further, the secondary authentication information might of course be conveyed to the customer in ways other than via a phone call. That is, any suitable channel may be respectively used for either the primary channel and/or the secondary channel.

FIG. 1 for example, as well as other embodiments, show the customer interacting directly with the authenticating entity, e.g. a bank. Such might be the case when enrolling with the bank, when the customer is checking balances on an account, or when the customer transfers funds from one account to another account. However, in the embodiment of FIG. 1, as well as other embodiments, a merchant (or other point of sale (POS)) may be involved in the transaction. For example, FIG. 3 shows that a merchant 390 might be disposed in the primary communication channel 362, i.e., such that communications (e.g. PIN) from the customer pass through the merchant to the authenticating entity. Thus, a merchant may be disposed in the embodiments described herein in any suitable manner.

In accordance with one embodiment of the invention, the primary channel is an Internet website (of the authenticating entity) accessed via a dial-up connection over a telephone line. The secondary channel is a telephone call (with one-time password or code) to the customer over the same telephone line. Thus, the customer must go off-line from the website to receive the telephone call. The customer then goes back on-line the web site to transmit the secondary authentication information back to the authenticating entity. Accordingly, it is not necessary that the additional verification using the secondary communication channel, i.e., the out-of-band or secondary channel, be concurrent with the communications on the primary communication channel. Thus, for example, communications on the primary channel might take place before and after the secondary authentication information is exchanged on the secondary channel. However, such non-concurrent primary authentication and secondary authentication might take longer. Accordingly, such may be taken into account in the monitoring performed by the time-out portion, described herein. In accordance with one embodiment of the invention, the time-out portion might monitor the particular modes of communication utilized, and adjust allotted time accordingly. In implementation of the invention, it is not needed that numbers be used for either the primary authentication information and/or the secondary authentication information. That is, any of a wide variety of graphics, letters, symbols, gliffs, ruuns, images, biometrics or any other indicia or information, for example, might be used in lieu (or in combination) with numbers. Depending on the nature of the authentication information, point of sale locations might need to be provided with particular devices. However, such would depend on the particular implementation of the invention.

As described above, the customer and the user communicate over a first channel to perform a primary authentication. As can be appreciated, such communication over the primary channel may be effected, and initiated, in any suitable manner. For example, the customer might access a bank's web page, the bank might call the customer, the customer might call the bank, or a bank might send out mailings to targeted customers, for example. As described herein, once the primary authentication is performed on the primary channel, or in conjunction with performing the primary authentication, a communication is established over a secondary channel. As described above the bank might make a telephone call to the customer, thereby providing a one-time password.

As described above, any of a variety of communication channels may be used as the primary channel and the secondary channel. Accordingly, in accordance with one aspect of the invention, a decision process is needed to determine which communication channels should be used. With reference to FIG. 4, the decision process of which communication channel to use may be performed by the authenticating processing portion 350. The particular selection of communication channel may be performed in any suitable manner. For example, the communication channel used might be selected based on accessing the customer's contact information in a suitable database. Alternatively, the communication channel might be manually selected. In regard to the secondary communication channel, such secondary channel might be selected based on information communicated from the client on the primary channel, i.e., the customer might be prompted (on the primary channel) as to what channel to use as the secondary channel.

However, in order to enhance security, it may be desirable for the authenticating entity to provide some integral portion of the information used to effect the secondary authentication over the secondary communication channel. For example, during communication over the primary channel, the bank might ask the user what channel to use as the second channel. In response, the customer might provide a preferred channel, but not the complete information to effect the secondary communications. That is, the customer might be provided with the options (and prompted to select one of):

• • <Cell phone>
  • <home phone>
  • <pager>
    However, the customer would not be provided with, nor able to specify, the specifics of such communication channel, e.g., the customer would not be allowed to specify the cell phone number. Rather, upon a selection, the authenticating entity would indeed have the information to effect the desired communications, e.g. the bank would have the phone number or the pager number in its database.

Any of a variety of approaches might be utilized to select the particular channel to be used for the primary channel and/or the secondary channel. For example, the systems and methods disclosed in U.S. Pat. No. 6,535,855 to Cahill et al. and issued Mar. 18, 2003 entitled “PUSH BANKING SYSTEM AND METHOD”, incorporated herein in its entirety, might be used to select the first and second communication channels.

It should be appreciated that the various features of the present invention may be used in conjunction with other encryption technology and/or features. In particular, the various features of the present invention may be used in combination with any of the features described in U.S. patent application Ser. No. 11/137,409 filed May 26, 2005, which is incorporated herein by reference in its entirety.

As described above, a primary authentication is performed over a primary channel. Thereafter, a secondary authentication is performed over a secondary channel. That is, at least some portion of the communications to effect the secondary authentication are performed over a secondary channel. In accordance with one aspect of the invention, the proximity in time between performing the primary authentication and the secondary authentication is controlled. That is, if too much time passes between performing the primary authentication vis-à-vis the secondary authentication, the authentication becomes suspect and more at risk for fraud. As a result, the time between the primary authentication and the secondary authentication may be monitored.

For example, the authenticating processing portion 350 may be provided with the time-out portion 358 described above, in accordance with one embodiment of the invention. The time-out portion 358 monitors the time elapsed between the primary authentication vis-à-vis the secondary authentication. If too much time elapses, the time-out portion 358 will cancel the transaction, or in some suitable manner terminate the authentication process. The customer may then be notified in some manner, and asked to restart the transaction in some suitable manner. Accordingly, the authentication entity system 340 may be provided to monitor the time-out portion 358, and re-start the transaction if needed. As described above, the time afforded before a time-out might be variably controlled based on the particular communication channels utilized.

As described above, FIGS. 3 and 4 show embodiments of structure and system of the invention. Further, FIGS. 1, 2 and 5-8 show various steps in accordance with embodiments of the invention. It is appreciated that the systems and methods described herein may be implemented using a variety of technologies. Hereinafter, general aspects regarding possible implementation of the systems and methods of the invention will be described.

It is understood that the system of the invention, and portions of the system of the invention, may be in the form of a “processing machine,” such as a general purpose computer, for example. As used herein, the term “processing machine” is to be understood to include at least one processor that uses at least one memory. The at least one memory stores a set of instructions. The instructions may be either permanently or temporarily stored in the memory or memories of the processing machine. The processor executes the instructions that are stored in the memory or memories in order to process data. The set of instructions may include various instructions that perform a particular task or tasks, such as those tasks described above in the flowcharts. Such a set of instructions for performing a particular task may be characterized as a program, software program, or simply software.

As noted above, the processing machine executes the instructions that are stored in the memory or memories to process data. This processing of data may be in response to commands by a user or users of the processing machine, in response to previous processing, in response to a request by another processing machine and/or any other input, for example.

As noted above, the processing machine used to implement the invention may be a general purpose computer. However, the processing machine described above may also utilize any of a wide variety of other technologies including a special purpose computer, a computer system including a microcomputer, mini-computer or mainframe for example, a programmed microprocessor, a micro-controller, a peripheral integrated circuit element, a CSIC (Customer Specific Integrated Circuit) or ASIC (Application Specific Integrated Circuit) or other integrated circuit, a logic circuit, a digital signal processor, a programmable logic device such as a FPGA, PLD, PLA or PAL, or any other device or arrangement of devices that is capable of implementing the steps of the process of the invention.

It is appreciated that in order to practice the method of the invention as described above, it is not necessary that the processors and/or the memories of the processing machine be physically located in the same geographical place. That is, each of the processors and the memories used in the invention may be located in geographically distinct locations and connected so as to communicate in any suitable manner. Additionally, it is appreciated that each of the processor and/or the memory may be composed of different physical pieces of equipment. Accordingly, it is not necessary that the processor be one single piece of equipment in one location and that the memory be another single piece of equipment in another location. That is, it is contemplated that the processor may be two pieces of equipment in two different physical locations. The two distinct pieces of equipment may be connected in any suitable manner. Additionally, the memory may include two or more portions of memory in two or more physical locations.

To explain further, processing as described above is performed by various components and various memories. However, it is appreciated that the processing performed by two distinct components as described above may, in accordance with a further embodiment of the invention, be performed by a single component. Further, the processing performed by one distinct component as described above may be performed by two distinct components. In a similar manner, the memory storage performed by two distinct memory portions as described above may, in accordance with a further embodiment of the invention, be performed by a single memory portion. Further, the memory storage performed by one distinct memory portion as described above may be performed by two memory portions.

Further, various technologies may be used to provide communication between the various processors and/or memories, as well as to allow the processors and/or the memories of the invention to communicate with any other entity; i.e., so as to obtain further instructions or to access and use remote memory stores, for example. Such technologies used to provide such communication might include a network, the Internet, intranet, Extranet, LAN, an Ethernet, or any client server system that provides communication, for example. Such communications technologies may use any suitable protocol such as TCP/IP, UDP, or OSI, for example.

As described above, a set of instructions is used in the processing of the invention. The set of instructions may be in the form of a program or software. The software may be in the form of system software or application software, for example. The software might also be in the form of a collection of separate programs, a program module within a larger program, or a portion of a program module, for example The software used might also include modular programming in the form of object oriented programming. The software tells the processing machine what to do with the data being processed.

Further, it is appreciated that the instructions or set of instructions used in the implementation and operation of the invention may be in a suitable form such that the processing machine may read the instructions. For example, the instructions that form a program may be in the form of a suitable programming language, which is converted to machine language or object code to allow the processor or processors to read the instructions. That is, written lines of programming code or source code, in a particular programming language, are converted to machine language using a compiler, assembler or interpreter. The machine language is binary coded machine instructions that are specific to a particular type of processing machine, i.e., to a particular type of computer, for example. The computer understands the machine language.

Any suitable programming language may be used in accordance with the various embodiments of the invention. Illustratively, the programming language used may include assembly language, Ada, APL, Basic, C, C++, COBOL, dBase, Forth, Fortran, Java, Modula-2, Pascal, Prolog, REXX, Visual Basic, and/or JavaScript, for example. Further, it is not necessary that a single type of instructions or single programming language be utilized in conjunction with the operation of the system and method of the invention. Rather, any number of different programming languages may be utilized as is necessary or desirable.

Also, the instructions and/or data used in the practice of the invention may utilize any compression or encryption technique or algorithm, as may be desired. An encryption module might be used to encrypt data. Further, files or other data may be decrypted using a suitable decryption module, for example.

As described above, the invention may illustratively be embodied in the form of a processing machine, including a computer or computer system, for example, that includes at least one memory. It is to be appreciated that the set of instructions, i.e., the software for example, that enables the computer operating system to perform the operations described above may be contained on any of a wide variety of media or medium, as desired. Further, the data that is processed by the set of instructions might also be contained on any of a wide variety of media or medium. That is, the particular medium, i.e., the memory in the processing machine, utilized to hold the set of instructions and/or the data used in the invention may take on any of a variety of physical forms or transmissions, for example. Illustratively, the medium may be in the form of paper, paper transparencies, a compact disk, a DVD, an integrated circuit, a hard disk, a floppy disk, an optical disk, a magnetic tape, a RAM, a ROM, a PROM, a EPROM, a wire, a cable, a fiber, communications channel, a satellite transmissions or other remote transmission, as well as any other medium or source of data that may be read by the processors of the invention.

Further, the memory or memories used in the processing machine that implements the invention may be in any of a wide variety of forms to allow the memory to hold instructions, data, or other information, as is desired. Thus, the memory might be in the form of a database to hold data. The database might use any desired arrangement of files such as a flat file arrangement or a relational database arrangement, for example.

In the system and method of the invention, a variety of “user interfaces” may be utilized to allow a user to interface with the processing machine or machines that are used to implement the invention. As used herein, a user interface includes any hardware, software, or combination of hardware and software used by the processing machine that allows a user to interact with the processing machine. A user interface may be in the form of a dialogue screen for example. A user interface may also include any of a mouse, touch screen, keyboard, voice reader, voice recognizer, dialogue screen, menu box, list, checkbox, toggle switch, a pushbutton or any other device that allows a user to receive information regarding the operation of the processing machine as it processes a set of instructions and/or provide the processing machine with information. Accordingly, the user interface is any device that provides communication between a user and a processing machine. The information provided by the user to the processing machine through the user interface may be in the form of a command, a selection of data, or some other input, for example.

As discussed above, a user interface is utilized by the processing machine that performs a set of instructions such that the processing machine processes data for a user. The user interface is typically used by the processing machine for interacting with a user either to convey information or receive information from the user. However, it should be appreciated that in accordance with some embodiments of the system and method of the invention, it is not necessary that a human user actually interact with a user interface used by the processing machine of the invention. Rather, it is contemplated that the user interface of the invention might interact, i.e., convey and receive information, with another processing machine, rather than a human user. Accordingly, the other processing machine might be characterized as a user. Further, it is contemplated that a user interface utilized in the system and method of the invention may interact partially with another processing machine or processing machines, while also interacting partially with a human user.

It will be readily understood by those persons skilled in the art that the present invention is susceptible to broad utility and application. Many embodiments and adaptations of the present invention other than those herein described, as well as many variations, modifications and equivalent arrangements, will be apparent from or reasonably suggested by the present invention and foregoing description thereof, without departing from the substance or scope of the invention.

Accordingly, while the present invention has been described here in detail in relation to its exemplary embodiments, it is to be understood that this disclosure is only illustrative and exemplary of the present invention and is made to provide an enabling disclosure of the invention. Accordingly, the foregoing disclosure is not intended to be construed or to limit the present invention or otherwise to exclude any other such embodiments, adaptations, variations, modifications or equivalent arrangements.