View All Documents & Correspondence
Systems And Methods For Authenticating A Requestor At An Atm
Abstract: An authentication computing device including at least one processor in communication with a memory is provided. The processor stores, within the memory, an authentication profile associated with an account holder. The authentication profile includes an account identifier associated with a payment account of the account holder and authentication information. The processor further receives an authentication request associated with the payment account and a payment card action request from a requestor for a payment card action to be performed through an automated teller machine (ATM). The processor also retrieves the stored authentication profile, generates an authentication challenge based on the authentication profile, transmits the authentication challenge to a client device and/or the ATM, receives an authentication response from the requestor, and determines an authentication result based, at least in part, on the authentication response. The authentication result indicates if the requestor is the authenticated account holder of the payment account.
Notices, Deadlines & Correspondence
Patent Information
Applicants
MASTERCARD INTERNATIONAL INCORPORATED
Inventors
1. KOHLI, Manoneet
Specification
This application claims the benefit of, and priority to, U.S. Application No. 15/167,386 filed on May 27, 2016. The entire disclosure of the above application is incorporated herein by reference.
BACKGROUND
The field of the disclosure relates generally to authenticating requestors for payment card accounts, and more specifically, authenticating requestors to perform payment card actions through automatic teller machines (ATMs).
At least some known automatic teller machines (ATMs) enable cardholders and other users (referred to herein as "requestors") to purchase a prepaid payment card. These prepaid cards may be used like debit cards to make purchases with merchants up to the amount associated with the prepaid cards. The use of a prepaid card instead of other methods of payment may be beneficial in some cases such as for gifts and travel. The prepaid card may be gifted to another person to make purchases. In another example, the prepaid card may be used during travel to a foreign country to make purchases without converting any currency. In addition, using the prepaid card may prevent payment card fraud of the requestor's other payment cards (e.g., credit or debit cards) while in the foreign country.
Moreover, at least some known ATMs enable a cardholder to receive other payment cards (e.g., credit and debit cards) in real-time or substantially real-time without visiting an issuer (e.g., a bank) or receiving the payment cards via mail delivery. In other words, these known ATMs will generate a payment card and eject the generated payment card from the ATM to the cardholder while the cardholder is visiting the ATM. Typically, these known ATMs generate white label or non-personalized payment cards. The ATM may be providing the cardholder with a new payment card (i.e., for a new account), an updated payment card (i.e., for expired payment cards), and/or a replacement payment card (i.e., the original payment card was lost or stolen). However, these known ATMs are not configured to authenticate the requestor when generating and providing a payment card. For example, if the
requestor provides a check or cash in exchange for a prepaid card, the ATMs are not configured to authenticate the purchase. In other known ATMs, the authentication process used may be long and frustrating for requestors, which may potentially lead to reduced purchases of prepaid cards.
BRIEF DESCRIPTION
In one aspect, an authentication computing device including at least one processor in communication with a memory is provided. The processor stores, within the memory, an authentication profile associated with an account holder. The authentication profile includes an account identifier associated with a payment account of the account holder and authentication information. The processor further receives an authentication request associated with the payment account and a payment card action request from a requestor for a payment card action to be performed through an automated teller machine (ATM). The processor also retrieves the stored authentication profile, generates an authentication challenge based on the
authentication profile, transmits the authentication challenge to a client device and/or the ATM, receives an authentication response from the requestor, and determines an authentication result based, at least in part, on the authentication response. The authentication result indicates if the requestor is the authenticated account holder of the payment account.
In another aspect, a method for authenticating a requestor for a payment action request using an authentication system is provided. The method is, at least partially, implemented by an authentication computing device. The method includes storing, within a memory, an authentication profile associated with an account holder, the authentication profile including an account identifier associated with a payment account of the account holder and authentication information associated with the account holder. The method also includes receiving an
authentication request associated with the payment account of the account holder and with a payment card action request from a requestor for a payment card action to be performed through an ATM, retrieving the stored authentication profile for the payment account, generating an authentication challenge based on the stored authentication profile, transmitting the authentication challenge to at least one of a client device and the ATM, receiving an authentication response from the requestor, and determining an authentication result based, at least in part, on the authentication response. The authentication result indicates if the requestor is the authenticated account holder of the payment account.
In yet another aspect, a non-transitory computer-readable storage media for authenticating a requestor for a payment action request through an ATM using an authentication system is provided. The computer-readable storage media has computer-executable instructions embodied thereon. When executed by at least one processor, the computer-executable instructions cause the processor to store, within a memory, an authentication profile associated with an account holder, the
authentication profile including an account identifier associated with a payment account of the account holder and authentication information associated with the account holder. The computer-executable instructions further cause the processor to receive an authentication request associated with the payment account of the account holder and with a payment card action request from a requestor for a payment card action to be performed through the ATM, retrieve the stored authentication profile for the payment account, generate an authentication challenge based on the stored authentication profile, transmit the authentication challenge to at least one of a client device and the ATM, receive an authentication response from the requestor, and determine an authentication result based, at least in part, on the authentication response. The authentication result indicates if the requestor is the authenticated account holder of the payment account.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram of an example authentication platform for authenticating requestors before performing payment card actions.
FIG. 2 is a block diagram of an example authentication system for authenticating a requestor for payment card actions at an automated teller machine (ATM) for use with the platform of FIG. 1.
FIG. 3 illustrates an example configuration of a remote computing device used to authenticate a requestor for use with the authentication system shown in FIG. 2.
FIG. 4 illustrates an example configuration of a host system for use with the authentication system shown in FIG. 2.
FIG. 5 is a data flow diagram of the authentication system shown in
FIG. 2.
FIG. 6 is a flow diagram of an example method of authenticating a requestor for payment card actions at an ATM using the system shown in FIG. 2.
FIG. 7 is a diagram of components of one or more example computing devices that may be used in the environment shown in FIG. 6.
DETAILED DESCRIPTION
The system described herein is configured to authenticate a requestor's identity for performing a payment card action at an automated teller machine (ATM) using authentication information from a registered account holder and the requestor. In particular, the system is configured to provide a requestor with an authentication challenge in response to a request to perform a payment card action (e.g., receive a payment card, unblock a payment card, etc.) to authenticate the requestor. The system includes an authentication computing device including a processor and a memory. In the example embodiment, the authentication computing device is associated with, in communication with, and/or integral to an electronic funds transfer (EFT) network configured to process requests initiated by requestors using an ATM.
During at least some requests, at least one party receiving the request initiates an authentication process. The authentication process is designed to prevent fraudulent requests by authenticating the identity of the requestor. Various authentication processes may be performed by various parties. For example, the party that initiates the authentication may contract with another party that provides the authentication service (which may be, for example, one of a merchant bank or an issuer, or may be the EFT network, or may be another third party). Upon
authentication of the cardholder's identity, the authentication service provides an indication of authentication (sometimes with a score or level of confidence) to the authentication-initiating party. The request may then be resumed and transmitted for an authorization process. The payment processor collects request data associated with these requests (e.g., authentication and/or authorization) for further processing.
In the example embodiment, the authentication computing device is associated with an authentication service. As described above, the authentication service may be provided to merchants, merchant banks, and/or issuer banks by the EFT network and/or by another third party. The authentication computing device is further in communication with one or more ATM computing devices. Each ATM computing device is part of an ATM and may be associated with a merchant, a bank, an issuer, and/or another third party providing financial services at the ATM. In one embodiment, the authentication computing device may store, receive, retrieve, and/or otherwise access a lookup table that includes the ATM computing devices, wherein the lookup table indicates whether or not each of the ATM computing devices is associated with an automated payment card service.
At least one ATM computing device is configured to provide an automated payment card service. In particular, the ATM computing device is configured to enable a requestor to perform payment card actions at the ATM, such as request a payment card from the ATM. At least some payment cards may be purchased through the ATM computing device. For example, prepaid cards may be purchased and activated through the ATM computing device. The prepaid card is associated with an account stored at the ATM computing device (or another computing device associated with the ATM computing device) that includes an amount based on the payment made by the requestor. Additionally or alternatively, the payment card actions may include reissuing payment cards, renewing expired payment cards, and unblocking payment cards. That is, the ATM computing device and the authentication computing device are configured to enable cardholders to perform these payment card actions that typically require the cardholders to contact or visit an issuer (e.g., a bank) at an ATM.
To purchase a prepaid card or receive another payment card, the requestor registers with the authentication service. In one embodiment, the ATM computing device begins an enrollment process by prompting the requestor to provide registration information. The registration information may include, but is not limited to, a username, a name, an age, an address, and a bank identifier of the requestor. In another embodiment, the requestor may register via an app or web service at a client device associated with the requestor. The client device may include a smartphone, a laptop, a desktop, a tablet, a wearable device, a smartwatch, and/or another type of computing device. When registering, the requestor is prompted to input authentication information that uniquely identifies the requestor. In the example embodiment, the authentication information is biometric information, such as a fingerprint or image of the requestor. The ATM computing device and/or the client device includes at least one component for collecting authentication information from the requestor, such as a fingerprint scanner, a touchscreen, a microphone, and/or a camera. In some embodiments, the authentication information may be retrieved from or linked from a user information database that stores authentication information, such as a database of national identifications (IDs). Additionally or alternatively, the requestor may be prompted to provide other authentication information, such as a password or other unique identifier.
Based on the registration information and/or the authentication information, a registration profile may be created for the requestor and stored in a memory associated with the authentication computing device. In some embodiments, the registration profile may be linked to an existing user account of the requestor with a financial institution (e.g., an online account with a bank). When the requestor subsequently requests to perform a payment card action, the ATM computing device or the client device prompts the requestor to input user credentials such as a username or other information that may identify the requestor. Alternatively, the ATM computing device or the client device may prompt the requestor for user credentials before submitting the request. The user credentials may be associated with the requestor's user account with the financial institution. The ATM computing device or the client device may determine that the user credentials are associated with a requestor enrolled in the authentication service. The ATM computing device or the client device generates an authentication request with the user credentials and transmits the authentication request to the authentication computing device.
The authentication computing device is configured to identify a stored registration profile that is associated with the authentication request (e.g., based on the user credentials of the authentication request). The identified registration profile is retrieved for authentication. In some embodiments, the authentication computing device generates an authentication challenge and transmits the authentication challenge to the ATM computing device and/or the client device for authentication. The authentication challenge is based on the authentication information associated with the identified registration profile. For example, if the requestor provided a fingerprint during registration for the authentication service, the authentication challenge prompts the requestor to provide a similar fingerprint for comparison as described below. The authentication information may be stored with the identified registration profile and/or in a different memory, such as the national ID database. In other embodiments, another computing device such as a biometric authentication server or a computing device associated with the national ID database may generate the authentication challenge.
Once the ATM computing device and/or the client device receive the authentication challenge, the requestor is prompted to respond. In certain
embodiments, the requestor may be given a time limit to respond to the biometric challenge. If the time limit is exceeded, the request to perform the payment card action may be automatically declined. Once the ATM computing device or the client device collects authentication information from the requestor, the ATM computing device or the client device transmits an authentication response including the collected authentication information to the authentication computing device to be used in an authentication process. Additionally or alternatively, a different computing device associated with the authentication challenge (e.g., the biometric authentication server) may receive the authentication response to perform the authentication process.
In some embodiments, when the client device receives the authentication challenge, the client device may be configured to provide location data (e.g., coordinates) to the authentication computing device and/or the ATM computing device to determine a location of the account holder relative to the ATM. The location information may be provided with the authentication response. For example, the authentication computing device may request Global Positioning System (GPS) coordinates from the client device. When the authentication computing device receives the location data of the client device, the authentication computing device retrieves location data associated with the ATM used by the requestor to initiate that payment card action request. The location data may be retrieved, for example, from the ATM computing device or from the memory of the authentication computing device. Alternatively, the authentication computing device may receive the location data of the ATM before retrieving the location data of the client device. The authentication computing device compares the location of the client device to the locations of the ATM to determine whether or not the account holder is present at the ATM. Alternatively, the client device may communicate with the ATM computing device to determine a relative location of the account holder to the ATM. If the account holder is within a predefined radius of an ATM, the payment card action request may be more likely to be initiated by the authentic cardholder than a fraudulent requestor. Conversely, if the client device is not present at the ATM, the request may be fraudulent. In certain embodiments, the authentication result is based in part of the comparison of the location data.
The collected authentication information is compared to stored authentication information associated with the registration profile of the requestor. If the collected authentication information is substantially similar (e.g., there is a match) to the stored authentication information, the authentication computing device may determine that the requestor is authenticated. Otherwise, if the collected
authentication information is not substantially similar (e.g., no match) to the stored authentication information, the authentication computing device may determine that the requestor is not authenticated ("declined"). The authentication computing device may generate an authentication value for each set of authentication information and compare the authentication values to authenticate the requestor. For example, if a difference between the authentication values is within a predetermined threshold, the authentication computing device may determine that the requestor is authenticated.
In the example embodiment, the ATM computing device receives a result (also referred to as an "authentication result") of the authentication process from the authentication computing device. In another embodiment, the requestor's client device transmits the authentication request and receives the result from the authentication computing device. The client device, upon receiving the authentication result, transmits the authentication result to the ATM computing device while the requestor is located near the ATM computing device via near-field communication (NFC), Bluetooth, or another form of communication. The authentication result indicates whether or not the requestor was authenticated or declined during the authentication process. In some embodiments, the result may include a confidence score that indicates the confidence of the authentication computing device that the authentic cardholder is requesting to perform the payment card action at the ATM. If the requestor is authenticated, the ATM computing device may proceed with processing the request to perform the payment card action. In some embodiments, the authentication computing device or the client device may transmit a token or other unique identifier to the ATM computing device to indicate that the requestor has been authenticated.
For example, if a prepaid card was requested, the ATM computing device may be configured to create a prepaid account associated with the requestor and the prepaid card. The ATM computing device is configured to receive cash, check, a payment card, payment information from a digital wallet, and/or another method of payment to add money to the prepaid account. The ATM computing device
writes account information of the prepaid account to a physical card stored in the ATM and dispenses the card to the requestor such that the card may be used to conduct financial transactions with merchants using the money associated with the prepaid account.
In another example, if a new, updated, or replacement payment card was requested, the ATM computing device may be configured to update the existing user account of the requestor with the payment card information. More specifically, the ATM computing device may update or remove payment card information from the user account that is associated an expired, lost, or stolen payment card. Similar to the prepaid card, the ATM computing device writes account information to a physical card stored in the ATM and dispenses the card to the requestor.
Once the card has been dispensed, the ATM computing device may automatically log the requestor out after a predetermined period of time. In some embodiments, the ATM computing device may transmit a notification to the client device to provide information about the prepaid card and the authentication result.
The notification may be an email, a text message, a phone call, a multimedia message, an app notification, and/or a different type of notification. In other embodiments, the ATM computing device is configured to display the notification.
The systems and methods described herein are configured to facilitate (a) secure payment card actions at ATMs; (b) performing payment card actions without requiring a cardholder to contact or visit an issuer; (c) reduce the amount of time to process payment card actions; and (d) reduced number of payment card actions manually processed by a financial institution.
The technical effects of the systems and methods described herein can be achieved by performing at least one of the following steps: (i) storing, within a memory, an authentication profile associated with an account holder, the
authentication profile including an account identifier associated with a payment account of the account holder and authentication information associated with the account holder; (ii) receiving an authentication request associated with the payment account of the account holder, the authentication request associated with a payment card action request from a requestor for a payment card action to be performed through an ATM; (iii) retrieving the stored authentication profile for the payment account; (iv) transmitting the authentication challenge to at least one of a client device and the ATM; (v) generating an authentication challenge based on the stored
registration profile; (vi) receiving an authentication response from the requestor; and (vii) determining an authentication result based, at least in part, on the authentication response, the authentication result indicates if the requestor is the authentic account holder of the payment account.
The following detailed description of the embodiments of the disclosure refers to the accompanying drawings. The same reference numbers in different drawings may identify the same or similar elements. Also, the following detailed description does not limit the claims.
Described herein are computer systems such as the authentication computing device, client devices, and ATM computing devices. As described herein, all such computer systems include a processor and a memory. However, any processor in a computer device referred to herein may also refer to one or more processors wherein the processor may be in one computing device or a plurality of computing devices acting in parallel. Additionally, any memory in a computer device referred to herein may also refer to one or more memories wherein the memories may be in one computing device or a plurality of computing devices acting in parallel.
As used herein, a processor may include any programmable system including systems using micro-controllers, reduced instruction set circuits (RISC), application specific integrated circuits (ASICs), logic circuits, and any other circuit or processor capable of executing the functions described herein. The above examples are example only, and are thus not intended to limit in any way the definition and/or meaning of the term "processor."
As used herein, the term "database" may refer to either a body of data, a relational database management system (RDBMS), or to both. As used herein, a database may include any collection of data including hierarchical databases, relational databases, flat file databases, object-relational databases, object oriented databases, and any other structured collection of records or data that is stored in a computer system. The above examples are example only, and thus are not intended to limit in any way the definition and/or meaning of the term database. Examples of RDBMS 's include, but are not limited to including, Oracle® Database, MySQL, IBM® DB2, Microsoft® SQL Server, Sybase®, and PostgreSQL. However, any database may be used that enables the systems and methods described herein. (Oracle is a registered trademark of Oracle Corporation, Redwood Shores, California; IBM is a registered trademark of International Business Machines Corporation, Armonk,
New York; Microsoft is a registered trademark of Microsoft Corporation, Redmond, Washington; and Sybase is a registered trademark of Sybase, Dublin, California.)
In one embodiment, a computer program is provided, and the program is embodied on a computer readable medium. In an example embodiment, the system is executed on a single computer system, without requiring a connection to a sever computer. In a further embodiment, the system is being run in a Windows® environment (Windows is a registered trademark of Microsoft Corporation, Redmond, Washington). In yet another embodiment, the system is run on a mainframe environment and a UNIX® server environment (UNIX is a registered trademark of X/Open Company Limited located in Reading, Berkshire, United Kingdom). The application is flexible and designed to run in various different environments without compromising any major functionality. In some embodiments, the system includes multiple components distributed among a plurality of computing devices. One or more components may be in the form of computer-executable instructions embodied in a computer-readable medium.
As used herein, an element or step recited in the singular and proceeded with the word "a" or "an" should be understood as not excluding plural elements or steps, unless such exclusion is explicitly recited. Furthermore, references to "example embodiment" or "one embodiment" of the present disclosure are not intended to be interpreted as excluding the existence of additional embodiments that also incorporate the recited features.
As used herein, the terms "software" and "firmware" are interchangeable, and include any computer program stored in memory for execution by a processor, including RAM memory, ROM memory, EPROM memory, EEPROM memory, and non-volatile RAM (NVRAM) memory. The above memory types are example only, and are thus not limiting as to the types of memory usable for storage of a computer program.
As used herein, the terms "transaction card," "financial transaction card," and "payment card" refer to any suitable transaction card, such as a credit card, a debit card, a prepaid card, a charge card, a membership card, a promotional card, a frequent flyer card, an identification card, a prepaid card, a gift card, and/or any other device that may hold payment account information, such as mobile phones,
Smartphones, personal digital assistants (PDAs), key fobs, and/or computers. Each type of transactions card can be used as a method of payment for performing a
transaction. In addition, consumer card account behavior can include but is not limited to purchases, management activities (e.g., balance checking), bill payments, achievement of targets (meeting account balance goals, paying bills on time), and/or product registrations (e.g., mobile application downloads).
The systems and processes are not limited to the specific embodiments described herein. In addition, components of each system and each process can be practiced independent and separate from other components and processes described herein. Each component and process also can be used in combination with other assembly packages and processes.
The following detailed description illustrates embodiments of the disclosure by way of example and not by way of limitation. It is contemplated that the disclosure has general application to the determination and analysis of characteristics of devices used in payment transactions.
FIG. 1 is a schematic diagram illustrating an example authentication platform 10 that includes a funds transfer network 12 for performing financial transactions and other financial account actions between payment accounts. In the example embodiment, authentication platform 10 is configured to authenticate a user or requestor before performing a payment card action (e.g., generating a new payment card, activating a payment card, etc.). Network 12 may be, for example, an electronic funds transfer (EFT) network. In the example embodiment, network 12 is communicatively coupled to a plurality of bank computing devices 14, a plurality of ATMs 16, and transfer devices 18. In other embodiments, network 12 may be communicatively coupled to additional, fewer, or alternative computing devices, including those described elsewhere herein.
Network 12 is configured to receive and transmit electronic messages associated with payment accounts between the computing devices. The payment accounts are generated and stored by bank computing devices 14. Bank computing devices 14 are associated with one or more financial institutions that provide payment accounts to customers, such as banks and credit unions. The payment accounts may be used to perform financial transactions with merchants through network 12 or a different network. At least some payment accounts are associated with a payment card that enables the financial transactions to be performed. Bank computing devices 14 enable account holders to perform various payment card actions using network 12. In particular, these payment card actions are actions perform for the account holder's payment account or between the payment account and a second payment account. The payment accounts may be associated with different account holders or the same account holder. For example, an account holder may transfer funds between payment accounts, open a new payment account (e.g., a prepaid account), renew payment cards, and/or unblock or activate a payment account.
In the example embodiment, bank computing devices 14 include a web interface to enable the account holders to access information associated with their payment accounts and perform at least some payment card actions. Some payment card actions, such as opening or activating a payment account, may not be available through the web interface to prevent fraudulent activity. Bank computing devices 14 may also be operated by administrative users (e.g., employees of the financial institutions) to perform payment card actions on-behalf of the account holders when the account holders visit or contact the associated financial institution. The payment card actions may not be limited when performed by the administrative users because the administrative users can physically authenticate the identity of the account holder before performing the payment card action.
In the example embodiment, ATMs 16 are communicatively coupled to bank computing devices 14 through network 12 to enable account holders to perform payment card actions. ATMs 16 include components such as a card reader, keypad, camera, and fingerprint scanner for verifying an identity of the account holder. ATMs 16 request authorization from bank computing devices 14 to conduct the payment card actions. ATMs 16 are configured to store and dispense money and payment cards for certain payment card actions. To operate ATM 1 , an account holder provides a user identifier that identifies the account holder or the payment account to ATM 16. ATM 16 is configured to retrieve information associated with the payment account and prompt the account holder to select an available payment card action. After ATM 16 receives a selection and verifies the identity of the account holder, ATM 1 transmits a message to bank computing device 14 to request authorization of the action.
In one example, to withdraw money from a payment account of an account holder, the account holder presents a payment card associated with the account to a card reader of ATM 16 to identify the account holder and the payment account. After a withdrawal amount is specified, ATM 16 transmits a message to bank computing device 14 that stores the account indicating the amount and dispenses money to match the withdrawal amount in response to receiving approval from bank computing device 14,
In the example embodiment, transfer devices 18 are configured to perform payment card actions through network 12. Transfer devices 18 may not be associated with a financial institution that provides payment accounts to customers. For example, transfer device 18 may be associated with a wire transfer institution that enables customers to transfer physical funds (e.g., check, money, etc.) to a payment account within network 12 without transferring said funds from another account. Transfer device 18 may also be configured to perform payment card actions between network 12 and a different network, such as a network provided in a different country.
As described below, platform 10 includes authentication system 100. ATMs 16 are in communication with authentication system 100 that provides an authentication service to payment account holders. Account holders are given an option to register to the authentication service to enable secure payment card actions at ATMs 16. In some embodiments, the account holders may be automatically enrolled in the authentication service. Authentication system 100 is configured to receive authentication information (e.g., biometric information) associated with the account holder during registration and transmit an authentication challenge to the account holder in response to a request to perform a payment card action using the account holder's payment account. Authentication system 100 receives a challenge response from the account holder and determines an authentication result. That is, authentication system 100 is configured to authenticate or decline the request.
Authentication system 100 transmits the authentication result to ATM 16 and/or bank computing device 14 to process the request.
FIG. 2 is a block diagram of a portion of authentication platform 10 shown in FIG. 1. More specifically, FIG. 2 is a block diagram of authentication system 100 in communication with an ATM computing device 102 of ATM 16 and a client device 104 to authenticate users for payment accounts actions at ATM 16. In the example embodiment, system 100 includes an authentication computing device 106 and a database 108. In other embodiments, system 100 may include additional, fewer, or alternative components, including those described elsewhere herein.
In the example embodiment, ATM computing device 102 is a computing device integrated with ATM 16. In other embodiments, ATM computing device 102 may be communicatively coupled to ATM 16. ATM computing device
102 is configured to communicate with client device 104 and/or authentication computing device 106 to facilitate authenticating a requestor for a payment card action. As used herein, a requestor may be an account holder or a user with permission to perform payment card actions using the payment account. In some cases, the requestor may also be a fraudulent party that is attempting to perform a fraudulent payment card action using the account holder's payment account. In the example embodiment, ATM computing device 102 is also communicatively coupled to network 12 to communicate with bank computing devices 14 (both shown in FIG. 1). In at least some embodiments, ATM computing device 102 is in communication with an authentication component 110 of ATM 16 for collecting authentication information from a requestor. The authentication component 110 may include, for example, a fingerprint scanner, a camera, a microphone, a touchscreen, or another component configured to collection authentication information.
Client device 104 is a computing device associated with the account holder. For example, client device 104 may be a smartphone, tablet, smartwatch, wearable electronic, laptop, desktop, vehicle computing device, or another type of computing device associated with the account holder. Client device 104 includes an input component 112 such as a fingerprint scanner, a camera, a microphone, a touchscreen, or another component configured to collection authentication information. Client device 104 is communicatively coupled to ATM computing device 102 and/or authentication computing device 106 to perform payment card actions and provide authentication information from the account holder.
Authentication computing device 106 is configured to provide an authentication service for the account holder to facilitate secure payment card actions at ATM 16. During registration of the account holder's payment account or at a later time, the account holder may be prompted to enroll in the authentication service. If the account holder accepts, an enrollment process begins. During the enrollment process, authentication computing device 106 receives a user identifier associated with the account holder and/or the payment account. The user identifier may include, but is not limited to, a name, an primary account number (PAN), a username, a password, and/or another unique identifier. The user identifier is used to identify which account holder and payment account is associated with an authorization request as described herein. The account holder provides a device identifier to authentication computing device 106 to link client device 104 to the enrolled payment account. In addition, authentication computing device 106 is configured to prompt the account holder to provide authentication information. In the example embodiment, the authentication information is biometric information, such as a fingerprint, image, or voiceprint. Input component 112 of client device 104 may be used to collect the biometric information. In other embodiments, the authentication information may be a different type of information, such as device information. Once the user identifier, the device identifier, and the authentication information have been received,
authentication computing device 106 is configured to generate an authentication profile associated with the account holder and store the authentication profile in a memory associated with authentication computing device 106. For example, database 108 may be configured to store the authentication profile.
In some embodiments, at least some information may be automatically retrieved by authentication computing device 106 during the enrollment process. For example, at least a portion of the user identifier may be retrieved from the payment account. In another example, authentication computing device 106 is in
communication with an external user information database (e.g., a national ID database) that includes authentication information of the account holder. In such an example, the authentication information may not be stored with the authentication profile, but rather is retrieved from the user information database during an authentication process as described herein.
In the example embodiment, authentication computing device 106 is configured to notify ATM computing device 106 that the payment account has been enrolled in the authentication service. ATM computing device 106 stores the notification such that ATM computing 106 is configured to identify payment accounts enrolled in the authentication service. Additionally or alternatively, authentication computing device 102 may notify a different computing device, such as bank computing device 14 (shown in FIG. 1), that the payment account has been enrolled.
In some cases, the account holder may already be enrolled in the authentication service. Authentication computing device 106 is configured to detect whether an authentication profile already exists for the account holder during the enrollment process. If the authentication profile already exists, authentication computing device 106 is configured to link the authentication profile to the account holder's payment account. In certain embodiments, the account holder may register for the authentication service without linking to a payment account. Authentication computing device 106 may be configured to push an application to client device 104 after the account holder has enrolled.
In the example embodiment, a requestor transmits a payment card action request to ATM computing device 102 to request a payment card action be performed through ATM 16. In one embodiment, the payment card action request is transmitted from client device 104. In another embodiment, the payment card action request is inputted by the requestor at ATM 16. The payment card action request includes one or more user identifiers that identify the requestor and/or an account identifier for the associated payment account. ATM computing device 102 is configured to determine if the requestor and/or the payment account is enrolled in the authentication service. In some embodiments, if the requestor and the payment account are not enrolled, ATM computing device 102 may automatically decline the request. If the requestor and the payment account are enrolled, ATM computing device 102 is configured to generate and transmit an authentication request to authentication computing device 106. The authentication request includes the user and/or account identifiers from the payment card action request. Alternatively, the authentication request may include a identifier that uniquely identifies the authentication profile of the payment account. In certain embodiments, rather than sending the payment card action request to ATM computing device 102, client device 104 may be configured to transmit the authentication request directly to authentication computing device 106.
In the example embodiment, authentication computing device 106 is configured to receive the authentication request and identify an authentication profile associated with the authentication request. Authentication computing device 106 retrieves the authentication profile to begin the authentication process. In some embodiments, if the stored authentication information from the enrollment process is not stored with the authentication profile, authentication computing device 106 may retrieve the authentication information. Authentication computing device 106 is configured to generate an authentication challenge and transmit said challenge to ATM computing device 102 and/or client device 104. The authentication challenge is configured to prompt the requestor to provide similar authentication information as the stored authentication information form the enrollment process. For example, if a thumbprint was provided during the enrollment process, the authentication challenge may request a thumbprint from the same thumb. In certain embodiments, ATM
computing device 102 may transmit the authentication challenge to client device 104. If client device 104 receives the authentication challenge, the user of client device 104 (e.g., the payment account holder) may have the option to report the payment card action request as potentially fraudulent if the user is not the requestor.
WE CLAIMED
1. An authentication computing device including at least one processor in communication with a memory, said processor configured to:
store, within the memory, an authentication profile associated with an account holder, the authentication profile including an account identifier associated with a payment account of the account holder and authentication information associated with the account holder;
receive an authentication request associated with the payment account of the account holder, the authentication request associated with a payment card action request from a requestor for a payment card action to be performed through an automated teller machine (ATM);
retrieve the stored authentication profile for the payment account; generate an authentication challenge based on the stored authentication profile;
transmit the authentication challenge to at least one of a client device and the ATM;
receive an authentication response from the requestor; and determine an authentication result based, at least in part, on the authentication response, the authentication result indicates if the requestor is the authenticated account holder of the payment account.
2. The authentication computing device in accordance with Claim
1, wherein said processor is further configured to transmit the authentication result to at least one of the client device and the ATM.
3. The authentication computing device in accordance with Claim 1 wherein said processor is further configured to:
receive the authentication information from a user information database based upon the account identifier, the account identifier including user information associated with the account holder; and
link the authentication information to the stored authentication profile.
4. The authentication computing device in accordance with Claim 3, wherein said processor is further configured to:
retrieve the linked authentication information from the user information database in response to the authentication request; and
generate the authentication challenge based, at least in part, on the linked authentication information.
5. The authentication computing device in accordance with Claim 1, wherein the authentication information of the stored authentication profile is biometric information and the authentication challenge is a biometric challenge, the authentication challenge prompting a requestor to provide biometric information.
6. The authentication computing device in accordance with Claim 1, wherein said processor is further configured to compare the authentication response to the authentication profile to determine the authentication result
7. The authentication computing device in accordance with Claim
6, wherein said processor is further configured to:
compare the stored authentication information of the authentication profile to the collected authentication information of the authentication response; and determine the stored authentication information and the collected authentication information match based on the comparison.
8. The authentication computing device in accordance with Claim 1, wherein the payment card action includes at least one of generating a payment card, unblocking the payment account, and adding funds to a payment card.
9. The authentication computing device in accordance with Claim 1, wherein the processor is further configured to:
receive location data associated with the client device in response to transmitting the authentication challenge to the client device;
retrieve location data associated with the ATM;
compare the location data associated with the client device to the location data associated with the ATM; and
determine the authentication results based in part on the comparison, the comparison indicates if the client device is within a predetermined radius of the ATM.
10. A method for authenticating a requestor for a payment action request using an authentication system, said method comprising:
storing, within a memory associated with an authentication computing device, an authentication profile associated with an account holder, the authentication profile including an account identifier associated with a payment account of the account holder and authentication information associated with the account holder;
receiving, by the authentication computing device, an authentication request associated with the payment account of the account holder, the authentication request associated with a payment card action request from a requestor for a payment card action to be performed through an automated teller machine (ATM);
retrieving the stored authentication profile for the payment account; generating, by the authentication computing device, an authentication challenge based on the stored authentication profile;
transmitting the authentication challenge to at least one of a client device and the ATM;
receiving an authentication response from the requestor; and determining, by the authentication computing device, an authentication result based, at least in part, on the authentication response, the authentication result indicates if the requestor is the authenticated account holder of the payment account.
11. The method in accordance with Claim 10 further comprising transmitting the authentication result to at least one of the client device and the ATM.
12. The method in accordance with Claim 10, wherein storing the authentication profile further comprises:
receiving the authentication information from a user information database based upon the account identifier, the account identifier including user information associated with the account holder; and
linking the authentication information to the stored authentication profile.
13. The method in accordance with Claim 12, wherein generating the authentication challenge further comprises:
retrieving the linked authentication information from the user information database in response to the authentication request; and
generating the authentication challenge based, at least in part, on the linked authentication information.
14. The method in accordance with Claim 10, wherein the stored authentication information of the authentication profile is biometric information and the authentication challenge is a biometric challenge, the authentication challenge prompting a requestor to provide biometric information.
15. The method in accordance with Claim 10, wherein determining the authentication result further comprises comparing the authentication response to the authentication profile to determine the authentication result.
16. The method in accordance with Claim 15, wherein determining the authentication result further comprises:
comparing the stored authentication information of the authentication profile to the collected authentication information of the authentication response; and determining, by the authentication computing device, the stored authentication information and the collected authentication information match based on the comparison.
17. The method in accordance with Claim 10, wherein the payment card action includes at least one of generating a payment card, unblocking the payment account, and adding funds to a payment card.
18. The method in accordance with Claim 10, wherein determining the authentication results further comprises:
receiving location data associated with the client device in response to transmitting the authentication challenge to the client device;
retrieving location data associated with the ATM;
comparing, by the authentication computing device, the location data associated with the client device to the location data associated with the ATM; and determining the authentication results based in part on the comparison, the comparison indicates if the client device is within a predetermined radius of the ATM.
19. A non-transitory computer-readable storage media for authenticating a requestor for a payment action request through an automated teller machine (ATM) using an authentication system, the computer-readable storage media having computer-executable instructions embodied thereon, wherein, when executed by at least one processor, the computer-executable instructions cause the processor to:
store, within a memory, an authentication profile associated with an account holder, the authentication profile including an account identifier associated with a payment account of the account holder and authentication information associated with the account holder;
receive an authentication request associated with the payment account of the account holder, the authentication request associated with a payment card action request from a requestor for a payment card action to be performed through the ATM;
retrieve the stored authentication profile for the payment account; generate an authentication challenge based on the stored authentication profile;
transmit the authentication challenge to at least one of a client device and the ATM;
receive an authentication response from the requestor; and determine an authentication result based, at least in part, on the authentication response, the authentication result indicates if the requestor is the authenticated account holder of the payment account.
20. The non-transitory computer-readable storage media in accordance with Claim 19, wherein the computer-executable instructions further causes the processor to transmit the authentication result to at least one of the client device and the ATM.
21. The non-transitory computer-readable storage media in accordance with Claim 19, wherein the computer-executable instructions further causes the processor to:
receive the authentication information from a user information database based upon the account identifier, the account identifier including user information associated with the account holder; and
link the authentication information to the stored authentication profile.
22. The non-transitory computer-readable storage media in accordance with Claim 21 , wherein the computer-executable instructions further causes the processor to:
retrieve the linked authentication information from the user information database in response to the authentication request; and
generate the authentication challenge based, at least in part, on the linked authentication information.
23. The non-transitory computer-readable storage media in accordance with Claim 19, wherein the stored authentication information of the authentication profile is biometric information and the authentication challenge is a
biometric challenge, the authentication challenge prompting a requestor to provide biometric information.
24. The non-transitory computer-readable storage media in accordance with Claim 19, wherein the computer-executable instructions further causes the processor to compare the authentication response to the authentication profile to determine the authentication result.
25. The non-transitory computer-readable storage media in accordance with Claim 24, wherein the computer-executable instructions further causes the processor to:
compare the stored authentication information of the authentication profile to the collected authentication information of the authentication response; and determine the stored authentication information and the collected authentication information match based on the comparison.
26. The non-transitory computer-readable storage media in accordance with Claim 19, wherein the payment card action includes at least one of generating a payment card, unblocking the payment account, and adding funds to a payment card.
27. The non-transitory computer-readable storage media in accordance with Claim 19, wherein the computer-executable instructions further causes the processor to:
receive location data associated with the client device in response to transmitting the authentication challenge to the client device;
retrieve location data associated with the ATM;
compare the location data associated with the client device to the location data associated with the ATM; and
determine the authentication results based in part on the comparison, the comparison indicates if the client device is within a predetermined radius of the ATM.
Documents
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 201817043666-IntimationOfGrant24-06-2024.pdf | 2024-06-24 |
| 1 | 201817043666.pdf | 2018-11-20 |
| 2 | 201817043666-PatentCertificate24-06-2024.pdf | 2024-06-24 |
| 2 | 201817043666-STATEMENT OF UNDERTAKING (FORM 3) [20-11-2018(online)].pdf | 2018-11-20 |
| 3 | 201817043666-REQUEST FOR EXAMINATION (FORM-18) [20-11-2018(online)].pdf | 2018-11-20 |
| 3 | 201817043666-Annexure [02-04-2024(online)].pdf | 2024-04-02 |
| 4 | 201817043666-PROOF OF RIGHT [20-11-2018(online)].pdf | 2018-11-20 |
| 4 | 201817043666-FORM 3 [02-04-2024(online)].pdf | 2024-04-02 |
| 5 | 201817043666-Written submissions and relevant documents [02-04-2024(online)].pdf | 2024-04-02 |
| 5 | 201817043666-POWER OF AUTHORITY [20-11-2018(online)].pdf | 2018-11-20 |
| 6 | 201817043666-FORM 18 [20-11-2018(online)].pdf | 2018-11-20 |
| 6 | 201817043666-Correspondence to notify the Controller [16-03-2024(online)].pdf | 2024-03-16 |
| 7 | 201817043666-US(14)-ExtendedHearingNotice-(HearingDate-20-03-2024).pdf | 2024-03-08 |
| 7 | 201817043666-FORM 1 [20-11-2018(online)].pdf | 2018-11-20 |
| 8 | 201817043666-REQUEST FOR ADJOURNMENT OF HEARING UNDER RULE 129A [19-02-2024(online)].pdf | 2024-02-19 |
| 8 | 201817043666-FIGURE OF ABSTRACT [20-11-2018(online)].pdf | 2018-11-20 |
| 9 | 201817043666-DRAWINGS [20-11-2018(online)].pdf | 2018-11-20 |
| 9 | 201817043666-US(14)-HearingNotice-(HearingDate-20-02-2024).pdf | 2024-01-25 |
| 10 | 201817043666-DECLARATION OF INVENTORSHIP (FORM 5) [20-11-2018(online)].pdf | 2018-11-20 |
| 11 | 201817043666-CLAIMS [03-06-2021(online)].pdf | 2021-06-03 |
| 11 | 201817043666-COMPLETE SPECIFICATION [20-11-2018(online)].pdf | 2018-11-20 |
| 12 | 201817043666-DRAWING [03-06-2021(online)].pdf | 2021-06-03 |
| 12 | 201817043666-Power of Attorney-261118.pdf | 2018-12-05 |
| 13 | 201817043666-FER_SER_REPLY [03-06-2021(online)].pdf | 2021-06-03 |
| 13 | 201817043666-OTHERS-261118.pdf | 2018-12-05 |
| 14 | 201817043666-Correspondence-261118.pdf | 2018-12-05 |
| 14 | 201817043666-FORM 3 [03-06-2021(online)].pdf | 2021-06-03 |
| 15 | 201817043666-Information under section 8(2) [03-06-2021(online)].pdf | 2021-06-03 |
| 15 | abstract.jpg | 2018-12-21 |
| 16 | 201817043666-FORM 3 [08-05-2019(online)].pdf | 2019-05-08 |
| 16 | 201817043666-OTHERS [03-06-2021(online)].pdf | 2021-06-03 |
| 17 | 201817043666-PETITION UNDER RULE 137 [03-06-2021(online)].pdf | 2021-06-03 |
| 18 | 201817043666-OTHERS [03-06-2021(online)].pdf | 2021-06-03 |
| 18 | 201817043666-FORM 3 [08-05-2019(online)].pdf | 2019-05-08 |
| 19 | 201817043666-Information under section 8(2) [03-06-2021(online)].pdf | 2021-06-03 |
| 19 | abstract.jpg | 2018-12-21 |
| 20 | 201817043666-Correspondence-261118.pdf | 2018-12-05 |
| 20 | 201817043666-FORM 3 [03-06-2021(online)].pdf | 2021-06-03 |
| 21 | 201817043666-FER_SER_REPLY [03-06-2021(online)].pdf | 2021-06-03 |
| 21 | 201817043666-OTHERS-261118.pdf | 2018-12-05 |
| 22 | 201817043666-DRAWING [03-06-2021(online)].pdf | 2021-06-03 |
| 22 | 201817043666-Power of Attorney-261118.pdf | 2018-12-05 |
| 23 | 201817043666-CLAIMS [03-06-2021(online)].pdf | 2021-06-03 |
| 23 | 201817043666-COMPLETE SPECIFICATION [20-11-2018(online)].pdf | 2018-11-20 |
| 24 | 201817043666-DECLARATION OF INVENTORSHIP (FORM 5) [20-11-2018(online)].pdf | 2018-11-20 |
| 24 | 201817043666-FER.pdf | 2021-10-18 |
| 25 | 201817043666-DRAWINGS [20-11-2018(online)].pdf | 2018-11-20 |
| 25 | 201817043666-US(14)-HearingNotice-(HearingDate-20-02-2024).pdf | 2024-01-25 |
| 26 | 201817043666-REQUEST FOR ADJOURNMENT OF HEARING UNDER RULE 129A [19-02-2024(online)].pdf | 2024-02-19 |
| 26 | 201817043666-FIGURE OF ABSTRACT [20-11-2018(online)].pdf | 2018-11-20 |
| 27 | 201817043666-US(14)-ExtendedHearingNotice-(HearingDate-20-03-2024).pdf | 2024-03-08 |
| 27 | 201817043666-FORM 1 [20-11-2018(online)].pdf | 2018-11-20 |
| 28 | 201817043666-Correspondence to notify the Controller [16-03-2024(online)].pdf | 2024-03-16 |
| 29 | 201817043666-Written submissions and relevant documents [02-04-2024(online)].pdf | 2024-04-02 |
| 30 | 201817043666-FORM 3 [02-04-2024(online)].pdf | 2024-04-02 |
| 31 | 201817043666-Annexure [02-04-2024(online)].pdf | 2024-04-02 |
| 32 | 201817043666-PatentCertificate24-06-2024.pdf | 2024-06-24 |
| 33 | 201817043666-IntimationOfGrant24-06-2024.pdf | 2024-06-24 |
Search Strategy
| 1 | 2020-11-3016-13-12E_30-11-2020.pdf |