METHOD AND SYSTEM FOR PERFORMING A SECURITY CHECK FOR PROCESSING A SERVICE REQUEST
FIELD OF INVENTION
[0001] The invention herein disclosed generally refers to method and system for providing a service, and specifically to method and system for providing a service using a network.
BACKGROUND
[0002] In last few years, number of cases of fraud and unauthorized access related to the transactions has increased tremendously. The main reason behind these frauds is that current ways of authentication are not sufficient to gauge authenticity of a user.
[0003] Although, some measures to ensure security in these transactions have been implemented but these measures are not very effective and have a lot of drawbacks. Some of these measures are highly intrusive in nature and thus, are not easy to use. On the other hand, some of the measures are not very cost effective. Additionally, most of the measures currently available are reactive in nature rather than proactive.
[0004] In light of the above, there is a need for a method and a system that can prevent frauds and provide better authentication without being cumbersome and intrusive to use, and at the same time being proactive and cost-effective.
BRIEF DESCRIPTION OF FIGURES
[0005] The features of the present invention, which are believed to be novel, are set forth with particularity in the appended claims. The invention may best be understood by reference to the following description, taken in conjunction with the accompanying drawings, wherein:
[0006] Fig. la illustrates an exemplary network where some embodiments of the present invention can be practiced;
[0007] Fig. lb illustrates another exemplary network where some embodiments of the present invention can be practiced;
[0008] Fig. lc illustrates yet another exemplary network where some embodiments of the present invention can be practiced;
[0009] Fig. 2 illustrates a flowchart for a method of providing a service in accordance with an embodiment of the present invention; and
[0010] Fig, 3 illustrates an exemplary workflow for providing a service in accordance with an embodiment of the present invention.
[0011] Those with ordinary skill in the art will appreciate that the elements in the figures are illustrated for simplicity and clarity and are not necessarily drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated, relative to other elements, in order to improve the understanding of the present invention.
DETAILED DESCRIPTION
[0012] For one embodiment, a method for performing a security check for processing a service request is provided. The method includes receiving a request from a server for performing the security check for processing the service request. The method further includes determining a profile of a user. The method further includes determining a location of initiation of the service request. Furthermore, the method includes executing a process to calculate an index based on the profile of the user and the location of initiation of the service request. Moreover, the method includes transmitting the calculated index to the server and the server processes the service request by taking an action based on the calculated index. Further, the action taken by the server reduces the risk associated with the service comprehensively and keeps the intrusion to minimum..
[0013] Before describing the present invention in detail, it should be observed that the present invention utilizes a combination of method steps and apparatus components related to the providing a service to the user. Accordingly the apparatus components and the method steps have been represented where appropriate by conventional symbols in the drawings, showing only specific details that are pertinent for an understanding of the present invention so as not to obscure the disclosure with details that will be readily apparent to those with ordinary skill in the art having the benefit of the description herein.
[0014] While the specification concludes with the claims defining the features of the invention that are regarded as novel, it is believed that the invention will be better understood from a consideration of the following description in conjunction with the drawings figures, in which like reference numerals are carried forward.
[0015] As required, detailed embodiments of the present invention are disclosed herein; however, it is to be understood that the disclosed embodiments are merely exemplary of the invention, which can be embodied in various forms. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in
the art to variously employ the present invention in virtually any appropriately detailed structure. Further, the terms and phrases used herein are not intended to be limiting but rather to provide an understandable description of the invention.
[0016] The terms "a" or "an", as used herein, are defied as one or more than one.
The term "another", as used herein, is defined as at least a second or more. The terms "including" and/or "having" as used herein, are defined as comprising (i.e. open transition). The term "coupled" or "operatively coupled" as used herein, is defined as connected, although not necessarily directly, and not necessarily mechanically.
[0017] Fig. la illustrates an exemplary network 100 where some embodiments of the present invention can be practiced. In one embodiment, the network 100 can include a user 102, a first client device 104 associated with the user 102, and a second client device 106 also associated with the user 102. As an example, the first client device 104 can be any wireless communication devices, such as cellular phones, Personal Digital Assistants (PDAs), messaging devices, GPS devices and the like which can be carried by the user 102 mostly all times. The client device 104 can also be any other computational wireless device or GPS device that can be carried by the user 102 at all times. Further, it should be possible to get the location (current and/or history) of the first client device 104 either by the first client device 104 itself or through any association of the first client device 104 with other network elements. The location of the first client device 104 can be obtained by using any technologies, such as GPS, GSM, Triangulation, Time of arrival, Enhanced Observed time difference, CDMA, WiMax, Wi-Fi, Bluetooth based, and the like, known in the art.
[0018] The second client device 106 can be any computational device such as a personal computer, laptop, mobile phone, cellular phone, Personal Digital Assistants (PDAs), messaging devices, and the like, and the like which can be used by the user 102 to connect to the internet. Of course, the second client device 106 can also be computational devices, such as personal computers, that have an Internet Protocol (IP) address or Media Access Control (MAC) address associated with them. Additionally, the
second client device 106 can be any device that is capable of accessing the internet 110 either by wireless or wired means. As such, the network 100, as those skilled in the art will appreciate, can be configured to support both wireless and wired communication.
[0019] This invention is described below with an arrangement that the user 102 is trying to perform a transaction on the internet 110 using the second client device 106. It would be apparent to those skilled in the art that the first client device 104 and the second client device 106 can be of any type from the types of respective client devices mentioned above. However, for the sake of clarity, the present invention can be explained by considering the first client device 104 as a cellular phone and the second client device 106 as a laptop.
[0020] Now, in order to perform a transaction on the internet 110 using the second client device 106, the user 102 connects to the internet 110 using the second client device 106. In this example, we are focusing on a banking transaction. A banking transaction can included making a payment to a third party, resetting the password of the bank account, checking the account balance and the like. Although in the current example, only the banking transactions would be described, but it should be understood that the transaction is not limited to a banking transaction and it can include any other transaction such as checking an email account, sending an email messages, approving a request on a website using the internet 110, rejecting a request on a website using the internet 110. In another example, the user 102 can be a database administrator (DBA) of a database and the transactions can be related to management of the database. In yet another example, the user 102 may be a social networking site user and the transactions can be related to the transactions performed by any social networking user on the social networking site, such as resetting the password, or sharing the contact details with another user. In yet another example, the user 102 can be an employee of a company which has implemented an access control system and obtaining access to a particular area can also be a transaction.
[0021] Typically, the user 102 connects to the internet 110 using the second client device 106 to perform the transaction by opening an internet browser, such as Internet Explorer, Mozilla Fire Fox and the like, and opening a website of the bank by typing the URL of the bank's website in the address bar. Following this, the website of the bank is opened in the internet browser on which the user 102 can perform various banking transactions such as transferring an amount to another user's account, resetting the password, checking the balance, and other such banking transactions. However, before the user 102 can make any transactions on the website of the bank, the user 102 is required to log on to the website using the unique user identification number and a password. Once the user 102 has logged on to the website of the bank, the user 102 can perform various transactions on the website of the bank.
[0022] Now, as the user 102 initiates any transaction, for example transferring an amount to a friend, on the website of the bank, the request for performing the transaction is received by the server 114. In some cases, the user 102 logging on to the website using the unique user identification number and password can be taken as a transaction. The server 114, upon receiving the request for the transaction from the user 102, interacts with a network device 108 to make security checks in order to gauge authenticity of the user 102.
[0023] Examples of the network device 108 can be a computational device such as a server that includes information about the profiles and preferences of users and has processing capabilities to perform various calculations. The network device 108 can include the profiles of the users. Typically, a profile of a user includes the information related to past and present locations of the user. The location of the user can be determined by using the location of the mobile phone, PDA, messaging device, GPS device and the like carried by the user. For example, the location of the user 102 can be determined by calculating the location of the first client device 104 that is carried by the user 102. The location of the first client device 104 can be calculated using various techniques know in the art with the help of Base Transceiver Station (BTS) 112. Once the location of the first client device 104 is calculated, the location of the first client
device 104 (hence, location of the user 102) is transmitted to the network device 108. The location of first client device 104 can be transmitted to the network device 108 periodically. Typically, location information of the first client device 104 can be transmitted to the network device 108 multiple times during a day. Based on the location information received by the network device 108, profile of the user 102 can be determined.
[0024] In some cases, the user 102 may register more than one mobile phones with his profile. For example, the user 102 may register the first client device 104 and another client device, preferably a mobile phone, PDA, messaging device with his profile.
[0025] Further, the profile of the user can include information related to the preferences of the user. The preferences of the user can be a set of rules that user selects to be applied when a particular event happens. For example, the user 102 can select a rule according to which whenever a request for transfer of an amount from the user's bank account is received, then the user must be called by the bank to verify that transaction before processing. In another example, the user 102 can have a preference according to which the transaction should be completed only when the user 102 sends a mail or SMS to the bank after initiating the transaction on the website of the bank.
[0026] Preferences of the user can be customized as per the requirements of the user. Further, it should be noted that the examples described above are non-limiting and the preferences can be fully customized by the user.
[0027] In an embodiment, the preferences can also be set by the bank, service provider who is providing the desired services to the user 102. In this embodiment, some preferences can be set by the user 102 based on his/her personal likings and some preferences can be set by the service provider, say a bank, based on the processes or protocols being followed by the service provider.
[0028] The profile of the user can also include the personal information related to the user. The personal information can include the name of the user, profession of the user, date of birth of the user, father's name of the user, mother's name of the user, address of the user, number of the client devices (mobile phones) carried by the user, and list of profiles of other users associated with the profile of the user. It would be apparent to those skilled in the art that the personal information can include other information that would be required for proper functioning of the invention.
[0029] Now, the network device 108, which has already received a request from the server 114 for performing security checks to gauge the authenticity of the user 102, determines the profile of the user that has initiated the transaction, in this case the user 102. Following this, the network device 108 determines the location of initiation of the transaction. In this particular example, the network device 108 tries to determine the Internet Protocol (IP) address of the second client device 106 which has been used to initiate the transaction. In order to determine the location of initiation of the transaction, the network device 108 can use various techniques known in the art to accurately determine the location of initiation of the service. In one particular case, the network device 108 can take help of the server 114 or any other network component to determine the IP address of the second client device 106. Further, based on the IP address of the second client device 106, physical location of the initiation of transaction can be determined.
[0030] Accurate determination of transaction location (or location of initiation of service) depends on the mapping quality of address with Geographical Information System (GIS) Service providers. It also depends on the accuracy of the address availability of the transaction location from the entity which is providing the transaction services. For example, the GIS service provider may be able to provide accurate address up to street level when the location of initiation of service is in a metropolitan city, where as in case of a rural area or remote town, the address provided by the GIS service provider may not be very accurate. Similarly, the address provided by the bank for the
location of POS device might not have street level and so, the accuracy of the address in terms of latitude and longitude will be less.
[0031] Once the network device 108 has determined the location of initiation of the transaction, the network device 108 calculates an index based on one or more of the profile of the user 102, the location of initiation of the transaction, and transaction requested by the user 102.
[0032] In one particular case, the network device 108 determined the current location of the user 102 based on the profile of the user 102. In other cases, the network device 108 determines the current location of the user 102 independently as well. Further, the current location of the user 102 is compared with the location of the initiation of the transaction. Now, in this case, the user 102 can define a rule or preference that the transaction should be processed if the location of the initiation of the transaction is in close vicinity of the current location of the user 102 and the amount is less than a particular amount defined by the user 102.
[0033] As the precision and accuracy of location determined by the BTS 112 depends on various factors such as density of the BTSs of an operator in a given area. For example, in a large city such as New Delhi or Mumbai, the density of the BTSs for a mobile operator is very large as compared to the density of BTSs in a remote area or on a high way. Now, based on the density of the BTSs in a particular area of an operator can be one parameter which can be used to customize the rules. For example, the proximity of the location of initiation of the service (transaction) with the current location of the user can be more accurately determined in a large city as compared to that in a remote town or on a high way, therefore the rules for mapping the proximity limits with the index (which specifies the risk of fraud) can be different for different geographical locations and location service provider. In general, the index value is dependent on the accuracy of the location of the user (mobile of the user) and the accuracy of the location of initiation of service.
[0034] Now based on the geographical location, the rule or the preference can be defined. For example, in a large city, where density of BTSs is more, the proximity can be set of 500 meters, on the other hand, in case of a remote town where density of BTSs is less, the proximity can be set to as large as 5kms. Hence, the rules or the preferences can be customized as well as can be self learning in some cases.
[0035] In some cases, the network device 108 can calculate the location of all the client devices, such as mobile phones, PDAs, messaging devices, laptops etc., that are associated with the user. Now, in this case, the user 102 can define a rule or a preference that the transaction should be processed if the location of the initiation of the transaction is in close vicinity with the current location of the user 102 and at least two of the client devices associated with the user 102 are also in close vicinity.
[0036] In another case, the user 102 or bank or office or resident society can define a preference that the transaction should be processed if and only if the location of initiation of the transaction is a particular location, say location of the home of the user 102 or location of the office of the user 102. In yet another case, the user can define a preference or rule according to which the user 102 should receive a call from the bank in case the location of initiation is not in close vicinity of the current location of the user 102.
[0037] Now, based on the information available with the network device 108 in terms of current and previous locations of the user 102, the preferences or rules customized by the user 102, the personal details of the user 102, the inputs received from the user 102 or the server 114 (for example the type of transaction, amount in case of fund transfer), the network device 108 can calculate an index based on which the transaction is either completed, deferred, rejected, sent for taking user consent in some form, or sent for further processing.
[0038] Fig. lb illustrates another exemplary network 100 where some embodiments of the present invention can be practiced. In the arrangement described in Fig. lb, the
user 102 is making a transaction at a store using a Point-Of-Sale (POS) device 116 or at an ATM machine 116. Now, in order to perform the transaction, the user 102 swipes the credit card or debit card at the POS device 116 or at the ATM machine 116. As the credit card or the debit card of the user 102 is swiped at the POS device 116 or the ATM machine 116 and an amount is entered at the POS device 116 or the ATM machine 116, a request for performing the transaction is received by the server 114. The server 114, upon receiving the request for the transaction from the user 102, interacts with a network device 108 to make security checks in order to gauge authenticity of the user 102.
[0039] Now, the network device 108, which has already received a request from the server 114 for performing security checks to gauge the authenticity of the user 102, determines the profile of the user that has initiated the transaction, in this case the user 102. Following this, the network device 108 determines the location of initiation of the transaction. In this particular example, the network device 108 tries to determine the location of the particular POS device 116 or the ATM machine 116 from which the transaction has been initiated. In order to determine the location of initiation of the transaction, the network device 108 can use various techniques known in the art to accurately determine the location of initiation of the service. In one particular case, the network device 108 can take help of the server 114 to determine the location of the POS device 116 or the ATM machine 116.
[0040] Once the network device 108 has determined the location of initiation of the transaction, the network device 108 can calculate an index based on the information available with the network device 108. The index can be calculated based on the current and previous locations of the user 102, the transaction location, the preferences or rules customized by the user 102, the personal details of the user 102, and the inputs received from the user 102 or the server 114(for example the type of transaction, amount in case of fund transfer). Further, based on the index calculated by the network device 108, the transaction can be completed, deferred, rejected, sent for further processing or sent for taking user consent in some form.
[0041] In some cases, the network device 108 can send a confirmation message to the user 102 to check whether the user 102 wants to approve the transaction. This confirmation message can be sent before calculating the index or after it. Now, based on the response of the user 102, the index can be calculated or recalculated. Following this, based on the value of the index calculated, the transaction can be approved.
[0042] Fig. lc illustrates yet another exemplary network 100 where some embodiments of the present invention can be practiced. In the arrangement described in Fig. lc, the user 102 is making a transaction at a store using a Point-Of-Sale (POS) device 116 or at an ATM machine 116. Now, in order to perform the transaction, the user 102 swipes the credit card or debit card at the POS device 116 or at the ATM machine 116. As the credit card or the debit card of the user 102 is swiped at the POS device 116 or the ATM machine 116 and an amount is entered at the POS device 116 or the ATM machine 116, a request for performing the transaction is received by the server 114. The server 114, upon receiving the request for the transaction from the user 102, interacts with a network device 108 to make security checks in order to gauge authenticity of the user 102.
[0043] Additionally, in this case the user 102 has associated a profile of a second user 118 with his/her profile. The second user 118 can be a family member, friend, a colleague, or any other acquaintance of the user 102. By associating the profile of the second user 118, the user 102 has added one more level of security to the transactions made by the user 102. Although in Fig. lc only one user, i.e. the second user 118, has been associated with the profile of the user 102, however, it would be apparent to people skilled in the art that a plurality of users can be associated with the profile of the user 102. In some cases, the user 102 can associate other users with his/her profile, however, in other cases, other users can be associated with the profile of the user 102 by the bank or the service provider dynamically and based on the location of the user, or location of initiation of service.
[0044] In one particular case, the user 102 can associate a profile of a colleague with whom the user 102 usually pays at the cafeteria. By associating the profile of the colleague (second user 118), the transaction can only be approved only when the mobile of the user 102 is in close vicinity of the location of the POS 116, and the location of the mobile phone 120 of the colleague is also in close proximity with the POS 116 and the location of the mobile 104 of the user 102.
[0045] In another case, the user 102 can associate a profile of a family member, say wife of the user 102, with whom the user 102 usually goes out to shop for groceries at Reliance Fresh. By associating the profile of the wife 118 for transactions occurring at the POS device 116 associated with Reliance Fresh, the transaction initiated by the POS device 116 at Reliance Fresh can only be approved only when the mobile of the user 102 is in close vicinity of the location of the POS 116 at Reliance Fresh, and the location of the mobile phone 120 of the wife is also in close proximity with the POS 116 and the location of the mobile 104 of the user 102. The situation can also be an 'OR' combination instead of 'AND' combination. This means that the proximity of the mobile device 120 of either wife or the mobile device 104 of the user 102 is checked with the transaction location.
[0046] The user 102 can associate profiles of different users for transactions at various locations. For example, for the transactions originating from the POS at the cafeteria, the user 102 can associate the profile of the colleague. However, for the transaction originating from the POS at Reliance Fresh the user 102 can associate the profile of his wife. Similarly, for transactions originating from the ATM the user 102 can associate the profile of the driver who drives the user 102 to the ATM, and the like. Associating the profile of different users for different locations can add one more level of security check.
[0047] Now, the network device 108, which has already received a request from the server 114 for performing security checks to gauge the authenticity of the user 102, determines the profile of the user that has initiated the transaction, in this case the user
102. Following this, the network device 108 determines the location of initiation of the transaction. In this particular example, the network device 108 tries to determine the location of the particular POS device 116 or the ATM machine 116 from which the transaction has been initiated. In order to determine the location of initiation of the transaction, the network device 108 can use various techniques known in the art to accurately determine the location of initiation of the service. In one particular case, the network device 108 can take help of the server 114 to determine the location of the POS device 116 or the ATM machine 116.
[0048] The network device 108 also checks whether the user 102 has associated profile of any other user for the location of the POS or ATM 116 determined by the network device 108. If the user has associated profile of another user with the location of the POS or ATM 116, then the network device 108 determines the location of the second user 118 based on the profile of the second user 118. The second (or third or fourth...) user can be associated with the user even without the association of 116.
[0049] Once the network device 108 has determined the location of initiation of the transaction and whether the user 102 has associated profile of any other user for the location of the POS or the ATM 116, the network device 108 can calculate an index based on the information available with the network device 108. The index can be calculated based on the current and previous locations of the user 102 and the another user 118, the preferences or rules customized by the user 102, the personal details of the user 102, and the inputs received from the user 102 (for example the type of transaction, amount in case of fund transfer). Further, based on the index calculated by the network device 108, the transaction can be either completed, deferred, rejected or sent for further processing or taking consent of the user 102.
[0050] Apart from the examples described above, the present invention can also work for situations where physical transactions are taking place. For example, the user 102 can go to a bank to collect some cash from the cash counter. Now, before the transaction is processed, proximity of the location of the user device 104 can be checked
with the location of the transaction location (determined with the location of the bank). If both the locations are close and the value of the index calculated is under the acceptable limits, only then the bank will provide the cash to the user 102.
[0051] Additionally, based on the location and/or profile of the user 102, location of initiation of service and location profile, a community can be formed. For example, if a fraud transaction is taking place at a particular ATM location or POS terminal, then the nearby person such as guard or cashier can be informed. Any other user who is near the ATM where there is a possibility of fraud can also be informed about the incident besides Guard and cashier etc. In some cases, an input can also be taken from the Guard, cashier or other users. The input can be in form of a SMS, a phone call or an email.
[0052] Moving on to Fig. 2, Fig. 2 illustrates a flowchart for a method 200 for performing a security check for processing a service request initiated by the user 102. To describe the method 200, reference will be made to Figs, la, lb and lc, although it is understood that the method 200 can be implemented in any other suitable device, system or network. Moreover, the invention is not limited to the order of in which the steps are listed in the method 200. In addition, the method 200 can contain a greater or fewer numbers of steps than those shown in Fig. 2.
[0053] In one arrangement, the method 200 can include one or more method steps for performing a security check for processing a service request initiated by the user 102 via the network device 108 in the network 100. The service provided to the user 102 can be a banking service, a home security service, an office security service, an internet based service, a gaming service, an entertainment service, a marketing service, a transaction service, a reporting service, and an advertising service. Examples of a banking service can include a service where the user 102 can perform various transactions with the bank. The transactions can be logging in to the bank account, checking the balance in the bank account, transferring an amount to another user using the bank account, making a payment to a vendor online, withdrawing money by physically going to the bank, and the like. Examples of the home security service can include a service where the user 102 has
to pass through an authenticity check in order to open the door of the house. The authenticity check of the user 102 is done based on the location of the mobile phone (the first client device 104) of the user 102, and the profile of the user 102. Example of an office security service can be a service where the user 102 is provided to access to specific areas in the office based on the location of the mobile of the user 102. Examples of an internet based service can be a service which is accessed over the internet. An internet based service can be a banking service provided over the internet, a service being provided through e-commerce, email and the like. Examples of a gaming service can include games that are based on the location of the user 102. Examples of an advertising service can include a service where advertisements are transmitted to the mobile device or email id of the user based on the location and location profile of the user 102.
[0054] The method 200 initiates at step 202. At step 204, the network device 108 receives a request from the server 114 for performing the security check for processing the service request initiated by the user 102. Following this the network device 108 determines the profile of the user 102 to which the service has to be provided at step 206. The profile of the user 102 is determined based on initiation of a service by the user 102. The service can be initiated when a request is received by the network device 108 from the user 102 to initiate the service. The profile of the user 102 can include information related to the preferences of the user. The preferences of the user can be a set of rules that user selects to be applied when a particular event happens. For example, the user 102 can select a rule according to which whenever the user 102 enters a particular location or place, for example a shopping complex, then the user must get all the information about the discounts being offered by the shops in that shopping complex. In another example, the user 102 can select a rule according to which whenever a request for transfer of an amount from the user's bank account is received, then the user must be called by the bank to verify that transaction before processing.
[0055] Preferences of the user can be customized as per the requirements of the user. Further, it should be noted that the examples described above are non-limiting and the
preferences can be fully customized by the user or by the bank/ office/ housing societies etc.
[0056] The profile of the user can also include the personal information related to the user. The personal information can include the name of the user, profession of the user, date of birth of the user, father's name of the user, mother's name of the user, address of the user, and list of profiles of other users associated with the profile of the user. It would be apparent to those skilled in the art that the personal information can include other information that would be required for proper functioning of the invention.
[0057] Further, profile of the user 102 includes the present and past locations of the user. The information about the locations of the user 102 can be updated in real time. In fact, the profile of the user 102 can include a location profile of the user 102. The location profile of the user 102 includes the information about the location visited by the user 102, and the time for which the user 102 was at a particular location. For example, the location profile of the user 102 can include the location of the office of the user 102 and the time period, say from 9:00 am to 6:00 pm, for which the user 102 was in the office. Similarly, the location profile of the user 102 can include the location of the home of the user 102 and time, usually after 7:00 pm everyday, for which the user 102 is at his/her home. Using the location profile of the user 102, a probable location of the user 102 can also be determined.
[0058] Location profile of the user 102 can be generated by a self learning or artificial intelligence based tool. The location profile can be used to predict the probable location of the user 102 at a particular instance of time. In order to develop a location profile, initially the location of the user 102 is calculated at all instances for a predefined number of days. Afterwards, the frequency of data collection for location of the user 102 can be reduced and a sampling can be done. The tool that is used to generate and determine the location profile of the user 102 can be a self learning tool and can dynamically the location profile of the user 102 based on the data collected.
[0059] Now, once the profile of the user 102 has been determined at step 206, the network device 108 determines the location of initiation of the service request at step 208. Location of initiation of the service request can be determined by numerous methods known in the art. For example, if the user 102 has initiated a service, say an online banking service, using his laptop, then the location of initiation of the service can be determined based on the IP address of the laptop. In another example, if the user 102 is trying to access a restricted area in the office, then the location of initiation of the service is determined based on a look-up table which contains the location information of the restricted area. In yet another example, the user 102 has initiated a marketing service using which the user 102 can obtain information about the best deals which are being offered by shops in a particular locality. This service is provided via Blue Tooth or any other technology and as soon as the user 102 enters that particular locality, information about the best deals is provided to the user 102 on his/her mobile phone via Blue Tooth or SMS or any other technology. In this case, the location of initiation of the service, i.e. marketing service, is determined based on the location of a base station for Blue Tooth which is nearest to the user 102.
[0060] Once the profile of the user 102 has been determined and the location of initiation of the service has been determined, the network device 108 executes a process to calculate an index based on the profile of the user 102 and the location of initiation of the service request at step 210. Following this, the calculated index is transmitted to the server 114. The server 114 processes the service request by taking an action based on the calculated index. The action taken by the server 114 reduces the risk associated with the service comprehensively and keeps the intrusion to minimum. The actions taken by the server 114 can include a pass action, a fail action, an information action, and a confirmation action. The pass action indicates that the service is processed and provided to the user 102. The fail action indicates that service is denied and not provided to the user 102. The information action indicates that the information regarding processed or denial is provided to the user 102. The confirmation action indicates that security checks are performed based on the preferences of the user 102 to seek permission of the user 102 regarding the service. For example, if the user 102 has selected a preference according to
which the user 102 should be contacted via SMS or a phone call whenever a request for transfer of money from the bank account of the user 102 is received. Now, based on the user preference, the user 102 is contacted via SMS or a phone call and an input is sought from the user 102 regarding the transaction.
[0061] Following this, the network device 108 receives at least one input from the user 102. Examples of the input from the user 102 can include, but are not limited to, an SMS to confirm or decline transfer of funds, a GPRS based confirmation over http, an email to confirm or decline transfer of funds, a phone call to confirm or decline transfer of funds, and the like.
[0062] Moving forward, the network device 108 can recalculate the index based on the input received from the user 102. The index calculated by the network device 108 can be based on Artificial Intelligence, Neural Networks, or any other unique algorithm. The system can also take inputs in the form of normalized Index from the other systems and join that index with its own to calculate another Index.
[0063] In some cases, the server 114 can provide a feedback to the network device 108 on the calculated index. The feedback can be provided to indicate the cases where the calculated index indicated a positive false action or false positive action. Positive false action is a type of action when a legitimate transaction is indicated as a fraud by the system based on the calculation. On the other hand, a false positive action is a type of action when a fraudulent transaction is indicated as a legitimate transaction by the system based on the calculation. Now, based on the feedback provided by the server 114, the process to calculate the index can be configured in such a manner that positive false and false positives are further minimized. In this way, the method 200 is less intrusive as number of times where an input is required from the user 102 for authentication is very less, hence less intrusive. At the same time, the method 200 reduces the risk associated with the service comprehensively. Following this, the method 200 terminates at step 214.
[0064] Moving on to Fig. 3, Fig, 3 illustrates an exemplary workflow 300 for providing a service in accordance with an embodiment of the present invention. To describe the workflow 300, reference will be made to Figs, la, lb, lc and 2, although it is understood that the workflow 300 can be implemented in any other suitable device, system or network. Moreover, the invention is not limited to the order of in which the steps are described in the workflow 300. In addition, the workflow 300 can contain a greater or fewer numbers of steps than those shown in Fig. 3.
[0065] In an arrangement, the user 102 wants to perform a banking transaction through the website of the bank on the internet 100. The user 102 uses the second client device 106 for performing this transaction. Now, as the user 102 initiates the transaction by entering the details regarding the transaction, the request for performing the transaction are received by the server 114. The server 114, upon receiving the request for the transaction from the user 102, interacts with the network device 108 to make security checks in order to check authenticity of the user 102.
[0066] As described above, the network device 108 includes the user profile 302 of the user 102. Additionally, the user profile 302 includes the information related to past and present locations of the user 102, information related to the preferences of the user 102, and the personal information related to the user 102. On receiving the request for checking authenticity of the user 102, the network device 108 determines the profile of the user 102. Further, the network device 108 determines the location of initiation of transaction (service) 304. As described above, the network device 108 can use various methods known in the art to determine the location of initiation of transaction (service) 304.
[0067] Now, the network device 108 processes the information obtained from the user profile 302 and the location of initiation of transaction (service) 304 to generate the risk code (RM1) 306. Further, the network device 108 determines the location profile 308 of the user 102. In some cases, the location profile 308 is a subset of the user profile
302 of the user 102; however, in other cases the location profile 308 can be independently maintained by the network device 108.
[0068] Moving forward, the network device process the information obtained from the location profile 308 and other fraud parameter 310 to generate the risk code (RO) 312. Further, the network device 108 processes the outputs received from the risk code (RM1) 306 and the risk code (RO) 312 using the risk code (RM2) 314 to calculate the index.
[0069] Now, based on the index calculated by the risk code (RM2) 314, the network device 108 performs at least one of the actions. The network device 108 can be take the following actions based on the index calculated: The system is flexible and can be configured for more number of actions if so required.
• Information (314)
• Confirmation (316)
• Pass (318)
• Fail (320)
[0070] Information (314) can be transmitted to the user 102 via SMS, priority SMS, email, or Net. Information (314) can include notification about processing of a transaction or request and the like.
[0071] Confirmation (316) is a message that is transmitted to the user 102 to get the confirmation of the user 102 for a transaction that is associated with the account of the user 102. The confirmation (316) can be sought from the user 102 using a SMS, priority SMS, WAP, or any other client solution. Further, the confirmation (316) can be provided by the client by entering a transaction password, One Time Password that is generated for one time use only, or by answering a security question selected by the user 102 previously.
[0072] Now, based on the confirmation obtained from the user 102, the network device 108 either takes the action Pass (318) or action Fail (320). Action Pass (318) means that the transaction is approved by the network device 108 and the action Fail (320) means that the transaction is rejected by the network device 108.
[0073] In some of the cases, the transaction can be approved by taking the action Pass (318) or can be rejected by taking the action Fail (320) directly, without involving confirmation (316) from the user 102 and based on the index calculated by the network device 108.
[0074] Further, the network device 108 analyzes the actions that have been initiated based on the index calculated with the help of the analyzer 324. The analyzer 324 checks whether the actions that have been initiated by the network device 108 fall under the category of Positive False or False Positive and provides a feedback to the engine 328 that processes the actions. Positive False action is a type of action when a legitimate transaction is indicated as a fraud by the system based on the calculation. On the other hand, a false positive action is a type of action when a fraudulent transaction is indicated as a legitimate transaction by the system based on the calculation. Based on the feedback provided by the analyzer 324, the engine 328 learns via artificial intelligence and eliminates the positive false or false positive alerts in subsequent cases. It would be apparent to the people skilled in the art that the analyzer 324 need not necessarily use the artificial intelligence, and it can use other mechanisms for analysis.
[0075] In some cases, the modules of the risk code (RM1) 306, the risk code (RO) 312 and the risk code (RM2) 314 are configured and selected based on the application of the service, type of data available to the system, accuracy of the data available to the system, and the quality of service to be provided.
[0076] Various embodiments, as described above, provide a method and system for providing a service. The present invention makes the services described above more secure and reduces and eliminates chances of fraud. Additionally, the method and system
describe in the current invention are very less intrusive as compared to the solutions currently existing in the market and the user has to confirm the transactions only when the index values calculated by the system indicate a fraud. The present invention provides a balanced approach for security. The present invention provides a balance between intrusion and risk. The confirmation from the user is taken in very less cases. Most of the cases are either passed or failed. Some cases are rejected and very few cases of transaction where there is doubt about the fraudulent case are confirmed with the user.
[0077] While the invention has been disclosed in connection with the preferred embodiments shown and described in detail, various modifications and improvements thereon will become readily apparent to those skilled in the art. Accordingly, the spirit and scope of the present invention is not to be limited by the foregoing examples, but is to be understood in the broadest sense allowable by law.
[0078] All documents referenced herein are hereby incorporated by reference.

CLAIMS
What is claimed is:
1. A method for performing a security check for processing a service request, the method
comprising:
receiving a request from a server for performing the security check for processing the
service request;
determining a profile of a user;
determining a location of initiation of the service request;
executing a process to calculate an index based on the profile of the user and the location of initiation of the service request; and
transmitting the calculated index to the server, wherein the server processes the service request by taking an action based on the calculated index, and wherein the action taken by the server reduces the risk associated with the service comprehensively and keeps the intrusion to minimum.
2. The method of claim 1, wherein the service is selected from a group comprising a banking service, a home security service, an office security service, an internet based service, a gaming service, an entertainment service, a marketing service, a transaction service, a reporting service, and an advertising service
3. The method of claim 1, wherein the profile of the user comprises information related to past and present locations of the user.
4. The method of claim 1, wherein the profile of the user comprises information related to the preferences of the user.
5. The method of claim 1, wherein the profile of the user comprises personal information of the user.
6. The method of claim 1, wherein the location of initiation of the service request is determined based on an Internet Protocol Address associated with the location
7. The method of claim 1, wherein the location of initiation of the service request is determined based on a physical address associated with the location.
8. The method of claim 1, wherein the location of initiation of the service request is determined based on location of a base station of a wireless communication network, the base station being nearest to the user.
9. The method of claim 1 further comprising associating a profile of a second user with the profile of the user.
10. The method of claim 9 further comprising at least one of receiving at least one input from the second user and transmitting an information to the user based on the calculated index.
11. The method of claim 1 further comprising at least one of receiving at least one input from the user based on the calculated index and transmitting an information to the user based on the calculated index.
12. The method of claim 11 further comprising revising the calculated index based on the input received from the user.
13. The method of claim 1 further comprising receiving a feedback from the server on the calculated index.
14. The method of claim 13 further comprising configuring the process to calculate the index based on the feedback.
15. The method of claim 1 further comprising determining a location profile of the location of initiation of the service.
16. A method for developing a location profile of a user, the method comprising:
determining a location of the user after every predetermined time interval;
determining a time for which the user is at a particular determined location; and
developing the location profile of the user based on the determined location and the time for which the user is at the particular determined location, wherein the developed location profile is used to predict the location of the user at an instance of time.
17. A method for performing a security check for processing a service request, the method
comprising:
receiving a request from a server for performing the security check for processing the service request;
determining a profile of a user;
determining a location of initiation of the service request;
executing a process to calculate an index based on the profile of the user and the location of initiation of the service request;
associating a profile of a second user with the profile of the user; and
transmitting the calculated index to the server, wherein the server processes the service request by taking an action based on the calculated index, and wherein the action taken by the server reduces the risk associated with the service comprehensively and keeps the intrusion to minimum, and wherein the action taken by the server comprises informing the second user associated with the profile of the user.