KR20180005166A - Methods and systems for identity verification in self-service machines - Google Patents

Abstract

Methods and systems are provided for verifying aspects of a customer's identity or identity in a self-service machine, such as a vending machine. The customer provides the mobile device identifier to the vending machine and the mobile device identifier is associated with the customer for the verification process to occur. The self-service machine communicates with the collector system, and the collector system communicates with the carrier system. The collector system determines whether the customer owns the mobile device associated with the mobile device identifier, whether the customer is an actual person associated with the mobile device, and whether the mobile device is within proximity of the self-service machine.

Description

Methods and systems for identity verification in self-service machines

The present invention relates to transactions performed on a self-service machine, and more particularly, to a self-service service using customer relationship management (CRM) information stored in a mobile network carrier system. The present invention relates to the verification of the identity of a user of a machine.

Self-service machines allow merchants to provide services without direct service employee intervention. Self-service machines are replacing many face-to-face service transactions with more convenient, faster and more cost-effective service transactions. Examples of self-service machines include cash dispensers (ATMs), product vending machines, self-service car rental machines, and self-service ticket purchasing machines. Self-service machines can not properly identify and verify customers. As a result, there are limitations on categories of products or services that are distributed or sold through self-service machines, including fraud issues, age verification challenges, stolen identity issues, (Ie, limiting the number of times to a particular customer is allowed to perform a purchase or enter a purchase).

These and other features of the present invention, as well as the nature and various advantages of the present invention will become more apparent upon consideration of the following detailed description of the invention when taken in conjunction with the accompanying drawings.
1 is a block diagram of exemplary systems and devices implemented in a network environment in accordance with some embodiments of the present invention.
2 is a block diagram illustrating exemplary communication paths between systems and devices in accordance with some embodiments of the present invention.
3 is a block diagram of an exemplary collector system in accordance with some embodiments of the present invention.
4 is a block diagram of an exemplary merchant system in accordance with some embodiments of the present invention.
5 is a block diagram of an exemplary carrier system in accordance with some embodiments of the present invention.
6 is a block diagram of an exemplary client device in accordance with some embodiments of the present invention.
7 is a flow diagram of exemplary steps performed by a self-service machine when a customer's identity is verified in accordance with some embodiments of the present invention.
Figure 8 is a flow diagram of exemplary steps performed by the collector system as part of the process illustrated in Figure 7 in accordance with some embodiments of the present invention.

The invention is an invention relating to using customer relationship management (CRM) information stored in a carrier system in connection with transactions involving a self-service machine.

As used herein, the term "self-service machine" refers to any suitable component of a merchant system in which a customer can directly interact to enter a transaction with an associated merchant, device, Sub-system, or whole system. Examples of self-service machines include, but are not limited to, product vending machines, cash dispensers (ATMs), self-service car rental machines, self-service ticket purchasing machines, , Or any combination thereof. The self-service machine may be, for example, a point of sale device that does not require human interaction from the merchant side to trade sales with the customer. The self-service machine may be located at any other suitable location where the merchant identifies the need to provide retail facilities, public locations, commercial locations, or the ability of the customer to enter into transactions with the merchant system.

The self-service machine, according to the present invention, can verify the identity of the customer, certain aspects of the customer's identity (i.e., personal information), or both. In some embodiments, this is accomplished using a collector system communicatively coupled to the self-service machine. A collector system is an entity that is trusted (i.e., white-listed) by one or more carrier systems. A carrier system, also referred to as a mobile operator, provides mobile network services to a customer's mobile client device. In the United States, examples of carrier systems include, among others, systems operated by Verizon, AT & T, and Sprint. The collector system is communicatively coupled to the carrier systems. It should be understood that for purposes of clarity and simplification, and not limitation, the present invention will be described in the context of a single carrier system, but multiple carrier systems may be accommodated.

In one suitable approach, the self-service machine directs the customer to the customer's mobile device telephone number or any other appropriate mobile device identifier that can be used to identify and communicate with the customer's mobile device (e.g., An identifier provided by the proprietary application installed in the mobile device of the device. The self-service machine delivers the telephone number to the collector system using any suitable wired or wireless network. The collector system generates and transmits a verification message to the mobile device associated with the telephone number provided by the customer. For example, the collector system may send an SMS message addressed to a provided telephone number. The message may include, for example, a user selectable URL (e.g., implemented on a selectable link) to indicate to the collector system that a verification message has been received by the customer on the customer ' s mobile device . That is, the link may be directed to a server controlled by the collector system, which processes the selection of the link in the message as an indication that the customer has received the verification message on the mobile device associated with the telephone number provided by the customer something to do.

The collector system delivers the telephone number to the carrier system that services the mobile device associated with the telephone number entered by the customer. The carrier system accesses CRM information for the account associated with the telephone number provided. The CRM information may include, as used herein, personal information such as name, address, telephone number, email address, client device location (e.g., GPS data), payment or other financial information, Quot; is intended to refer to any suitable user-specific data, including any other suitable personal information, or any combination thereof. The carrier system typically stores CRM information associated with its users. Attempts to securely store the stored CRM information due to the sensitive nature of the personal information contained in the CRM information are made by the carrier system. The carrier system delivers specific CRM information to a collector system that is trusted by the carrier system. The collector system processes the CRM information to generate one or more knowledge-based authentication queries, which may include, for example, one or more questions and an individual number of multiple choice answers, one of which Is an accurate answer for each of the questions. These queries are conveyed by the collector system to the self-service machine. The self-service machine provides queries to customers who must choose an answer to each question.

In some embodiments, the collector system retrieves from the carrier system location information for the mobile device associated with the telephone number entered by the customer. For example, the carrier system may use the coordinates determined by GPS tracking to find the geographic location of the mobile device. Location information may be included as part of CRM information. The collector system uses the location information to ensure that the mobile device is within proximity of the self-service machine when the customer is attempting to perform the transaction.

2) when one or more of the knowledge-based authentication queries are correctly answered by the customer at the self-service machine, and 3) when the verification message is received by the customer at the customer's mobile device, When the mobile device associated with the phone number provided is within proximity of the self-service machine, the collector system verifies the customer's identity, specific information about the customer, or both. For example, such verification processes may be used in ATMs to prevent fraud by verifying that a customer attempting to perform a banking transaction for a particular bank account is actually the bank account holder. As another example, by verifying the age of the customer using the information provided by the carrier system CRM information, the vending machine can be manufactured to allow customers of legal age to sell and provide products such as cigarettes or alcoholic beverages.

1 is a block diagram of exemplary systems and devices implemented in a network environment in accordance with some embodiments of the present invention. The collector system 100, the merchant system 102, the carrier system 104, and the client device 106 may be coupled via the network 108. The network 108 may be implemented in any suitable local area network (LAN), a wide area network (WAN) (e.g., the Internet), a wireless local area network (WLAN), a mobile communication network, any other suitable network, And may include or communicate with any suitable one or more such network structures or structures. In some embodiments, the network 108 may include a carrier network that is provided and operated by the carrier system 104. The lines that couple network 108 to various systems and devices may represent wireless coupling, wireline coupling, any other suitable coupling, or any combination thereof. For example, devices and systems may be connected to the network 108 via a WiFi or Ethernet connection, with access to the Internet. In another example, a client device 106 may be connected to the network 108 using one or more mobile communication networks, such as 3G, 4G, LTE, cellular networks, any other suitable mobile communication network, Can be combined.

The collector system 100 may be used to provide information between the client device 106 and the carrier system 104, between the merchant system 102 and the carrier system 104, between the client device 106 and the merchant system 102, May be any suitable system that acts as an intermediary between two or more systems, such as, for example, a computer, a display, a display, a display, a display, and / or the like. The collector system 100 is capable of collecting payment information (e.g., credit card information, PayPal information, remittance number data, bank account information, billing address, legal name, social security number, (E.g., name, address, email, telephone number, social security number, payment information, any other appropriate information, or any combination thereof) and / And can act as intermediaries by facilitating the transmission of the same information. The collector system 100 is trusted (i.e., whitelisted) by the carrier system 104 to provide CRM information stored in the carrier system 104 for secure delivery to the merchant system 102 or the client device 106 Access. An example of a collector system 100 is a system developed and operated by Billund Mobile Inc. (located in San Jose, Calif.) That uses data provided by US carrier systems to provide merchants < RTI ID = 0.0 > To provide mobile payment services. In some embodiments of the present invention, the collector system 100 may be configured to provide CRM information to the client device 106 or the merchant system 102 for use in transactions via the network 108. [

The merchant system 102 may be any suitable one or more entities capable of entering into a transaction with a client device or a customer associated with the client device. Although a single merchant system 102 is shown, it should be understood that any suitable number of merchant systems may be utilized in the system shown in FIG. 1 according to the present invention. Examples of transactions include transactions that allow access to purchase transactions, remittance, billing, banking information, banking services, or both for products, services, or both, provided by merchant system 102, , Or any combination thereof. The merchant system 102 may include, for example, a web server for posting a website requesting personal information (e.g., payment information, registration information). Examples of merchant system 102 include, among other things, systems operated by Amazon.com, Citibank, and freecreditscore.com. In some embodiments, merchant system 102 may be one or more self-service machines or may include one or more self-service machines as components. In some embodiments, the merchant system 102 may be configured to communicate (e.g., enable transactions) with the client device 106 using the network 108. The merchant system 102 may similarly be configured to communicate with the collector system 100, the carrier system 104, or both, using the network 108.

The carrier system 104 may be any suitable system for providing mobile network services to the client device 106. Providing mobile network services to the client device 106 may include providing the client device 106 with a carrier network. For example, the carrier system may be a system operated by Verizon, Sprint, or AT & T.

The client device 106 is any suitable hardware, software, or both configured to provide communication services using the mobile network provided by the carrier system 104. The client device 106 may also provide a computing platform on which any suitable applications may be executed and on which any suitable hardware components may be interfaced. In some embodiments, the client device of the present invention may be a mobile phone. The mobile telephone may be associated with a mobile telephone number, a carrier system, any other mobile telephone identification information, or any combination thereof. The client device may be a mobile device, a tablet device, a laptop device, any other suitable client device, or any combination thereof. In some embodiments, the carrier system 104 may include CRM information associated with the client device 106, or may have access to CRM information, and may be provided to the collector system 100 via the network 108, May be configured to communicate information.

Figure 2 is a block diagram illustrating exemplary paths of communication between the systems and devices of Figure 1 in accordance with some embodiments of the present invention. The collector system 202 may be configured to communicate with the merchant system 204, the carrier system 208 and the client device 206 via communication channels 210, 212 and 218, respectively. The merchant system 204 may be configured to communicate with the collector system 202 and the client device 206 via communication channels 210 and 218, respectively. The client device 206 may be configured to communicate with the merchant system 204, the collector system 202 and the carrier system 208 via communication channels 216, 218 and 214, respectively. Carrier system 208 may be configured to communicate with collector system 202 and client device 206 via communication channels 212 and 214, respectively. Communication between systems and devices may involve communication over a network, such as the network 108 of FIG. 1, and may include receiving data, transmitting data, or both.

3 is a block diagram of an exemplary collector system 300 in accordance with some embodiments of the present invention. The collector system 300 may be any suitable collector system, such as the collector system 100 of FIG. 1, or the collector system 202 of FIG. In some embodiments, the collector system 300 may be implemented in a network environment, such as the network environment of FIG. The collector system 300 may include any suitable software, hardware, or both configured to implement the features as described herein. For example, the collector system 300 may include server hardware and software. The collector system 300 may include a communication circuit 302, a storage system 322, and processing equipment 320.

The communication circuitry 302 may be comprised of any suitable software for communicating with the database 304 and the processing equipment 320, hardware embedded instructions, or both, and may be configured to communicate with other systems and devices May include inputs, outputs, any other mechanisms, or any combination thereof to facilitate the operation of the apparatus. The input or output is a relative communication channel that can be used to receive or transmit data. The communication channel may be an IP protocol-based communication session using any suitable network infrastructure including the Internet, any proprietary LAN, a WAN, any other suitable network infrastructure, or any combination thereof. As shown in FIG. Inputs and outputs may be implemented as one or more physical ports, data storage devices, any other suitable hardware interface, software interface, or any combination thereof. For example, the collector system 300 includes a carrier input coupled to a carrier system and configured to receive data from the carrier system, a carrier output coupled to the carrier system and configured to output data to the carrier system, An affiliate store input coupled to the merchant system and configured to output data to the merchant system; a merchant store coupled to the client device and configured to receive data from the client device; A client device output coupled to the client device and configured to output data to the client device, any other suitable input or output, or It may include any combination of. Although different inputs and outputs are described, they need not be separate components and one or more of the inputs and / or outputs may be used to transmit or receive data on more than one destination or source, respectively It will be appreciated that the present invention may be implemented as a single component, For example, communication circuitry 302 may include a transceiver, such as an Ethernet card, or any other suitable device or circuitry that facilitates communication with other systems and devices.

The storage system 322 may be configured to implement an organic data storage system capable of storing one or more databases and information regarding, for example, merchant data, client device data, user data, authentication, rules, and carrier data May include any suitable hardware, software, or both. For example, the storage system 322 may include a database 304. In some embodiments, the storage system 322 may store information not stored in the database 304, such as application programming interfaces (APIs), HTML on content pages, any other appropriate information, As shown in FIG.

The database 304 includes any suitable hardware, software, or both, for implementing an organic data storage system capable of storing, for example, merchant data, client device data, user data, and carrier data . The information about the merchant data includes, for example, stock keeping units (SKUs) for goods for sale, customer service contact information (e.g., telephone numbers, email addresses, hyperlinks for web sites) , Any other merchant data, or any combination thereof. The information about the client device may include, for example, a mobile telephone number, identification information associated with the client device, any other client device data, or any combination thereof. In some embodiments, the database 304 may store encrypted information. For example, hashed information may be generated using a hash operation, and the hashed information may be stored in the database 304. The collector system 300 or the processing equipment or database of the collector system 300, for example, the database 304, may be configured so that the collector system 300 serves as a mediator between the systems and client devices, The privacy of the CRM information associated with the user can only be temporarily stored for the purpose of providing protected information. For example, the collector system 300 may temporarily store CRM information associated with a user of the client device until the information is delivered to the merchant system, where the collector system 300 may be used between the merchant system and the client device, And is configured to act as a mediator between the system and the carrier system. If the collector system 300, or any processing equipment or database of the collector system 300 is considered a trust system by a carrier system storing CRM information, and if the collector system 300 is allowed by the carrier system Once approved, the collector system 300 or any processing equipment or database of the collector system may be configured to store CRM information.

The processing equipment 320 processes data received from other systems and devices (e.g., a client device, a merchant system, a carrier system, or any other suitable system or device) (E. G., Generate authentication information), analyze the data (e. G., Identify the client device based on the identification information), and perform other tasks Or any combination of hardware and software. In some embodiments, the processing equipment 320 may include one or more circuits for performing functions as described herein, for example, a client device identification circuit 306, an authentication circuit 308 ), A credential engine 310, a transaction processing circuit 312, a request processing circuit 314, a data verification circuit 316, a data integration circuit 318, any other suitable processing equipment, Or any combination thereof. The circuits within processing equipment 320 may communicate with each other to implement features as described herein. In addition, the circuits within processing equipment 320 may be implemented together on one or more devices. In some embodiments, the processing equipment 320 may be configured to communicate with the communication circuitry 302 and the database (e. ≪ RTI ID = 0.0 > e. G., Identification information, authentication information, any other appropriate information, Lt; RTI ID = 0.0 > 304 < / RTI > For example, the processing device 320 may send identification information associated with a client device, such as a mobile telephone number, to the database 304 to retrieve additional information about the user or the owning client device have.

The client device identification circuitry 306 may be comprised of any suitable software, hardware, or both, for identifying the client device based on the client device identification information. For example, the client device identification circuitry 306 may be at least a portion of one or more integrated circuit processors. Identifying the client device enables the collector system 300 to access information associated with the client device, communicate with the client device, authenticate the client device, process transactions on the client device, To perform an operation. The client device may be identified by, for example, a mobile origin (MO) message identification technique, a mobile terminated (MT) identification technique, a header enhancement identification technique, any other suitable identification technique, or any combination thereof. In some embodiments, the client device identification circuitry 306 may be configured to store client device identification information in a database, such as database 304, As shown in FIG. The client device identification information may include, for example, information identifying the mobile telephone number associated with the client device, information identifying the carrier system associated with the client device, information identifying the software or hardware of the client device, Information identifying the user, any other appropriate identifying information, or any combination thereof. For example, the client device identification circuit 306 may identify the client device by identifying and storing the mobile telephone number associated with the client device based on the client device identification information received from the carrier system.

The authentication circuit 308 may be comprised of any suitable software, hardware embedded instructions, or both, for authenticating the client device. For example, the authentication circuit 308 may be at least a portion of one or more integrated circuit processors. In some embodiments, authenticating the client device may cause the client device to receive or request protection information (e.g., payment information), e.g., as part of a transaction. Authenticating the client device may include authenticating the user who owns the client device. In some embodiments, authenticating the user that owns the client device may include verifying the identity of the user. Verifying the user's identity may include, for example, requesting the user to provide identification information uniquely, requesting the user to provide a unique one-time pin, requesting the user to send a specific MO message Requesting the user to send a specific silent MO message, requesting the user to complete any other appropriate request, and so on. In some embodiments, authenticating the client device may include comparing any protected information regarding the user that owns the client device with any information stored in the database 304, such as stored in the database 304, Lt; RTI ID = 0.0 > information. ≪ / RTI > In some embodiments, the authentication circuit 308 may be further adapted to generate data that may be used to verify the authentication, e.g., authentication keys, credential information, any other suitable information, or any combination thereof. Lt; / RTI > For example, the authentication circuit 308 may be configured to generate credentials for an authenticated user who owns the client device.

Credential engine 310 may be any suitable hardware, software, or both configured to determine criteria for withdrawing authentication to an identified client device. Retiring authentication for an identified client device may prohibit the client device from participating in transactions that require authentication (e.g., requesting protection information for use in a transaction). In some embodiments, withdrawing authentication for an identified client device may include invalidating credentials for an authenticated user who owns the client device. The credential engine 310 may be configured to define criteria based on rules for revoking authentication received from a plurality of stakeholders. The criteria may include events and conditions that, when satisfied, indicate that the certification should be withdrawn. Rules received from a plurality of stakeholders may include various types, and in some embodiments the credential engine 310 may determine a criterion that includes only one rule of each type. Credential engine 310 may be configured to combine rules received from a plurality of stakeholders based on priorities associated with each of the rules. Interested parties may be aware of any suitable source (e.g., carrier systems, financial institutions, public utility companies, government agencies, universities, schools, any other suitable source Or any combination thereof), the country in which the client device operates, any other appropriate interested party, or any combination thereof.

The transaction processing circuitry 312 may comprise any suitable software, hardware embedded instructions, or both, for processing transactions on a merchant system, such as a client device, such as the client device 106 of FIG. 1B or a self- . For example, transaction processing circuitry 312 may be at least a portion of one or more integrated circuit processors. In some embodiments, the transaction processing circuitry 312 may utilize the information stored in the database 304 to process the transaction. Processing the transaction may include, for example, submitting payment information, completing the sale, any other suitable process, or any combination thereof. For example, a user attempting to perform a purchase transaction on a client device may be redirected from a web page of the merchant system to a web page associated with the collector system 300, and the transaction processing circuit 312 may Purchase transactions can be processed.

The request processing circuitry 314 is configured to process requests from other systems and devices, such as the merchant system 102 of FIG. 1, the carrier system 104 of FIG. 1, and the client device 106 of FIG. Any suitable software, hardware embedded instructions, or both. For example, the request processing circuitry 314 may be at least a portion of one or more integrated circuit processors. Requests include requests to output information, requests to accept information such as rules, requests to verify information, requests to process transactions, any other appropriate request, or any combination thereof can do. In some embodiments, one or more requests may be received by communication circuitry 302 and passed from communication circuitry 302 to request processing circuitry 314. The request processing circuitry 314 may be any suitable circuitry for processing one or more requests, such as processing information, retrieving information, transmitting information, any other suitable response, An appropriate response can be determined. In some embodiments, the request processing circuitry 314 may be configured to process requests received from other circuits in the processing equipment 320 and / or to respond to requests. For example, the request processing circuitry 314 may receive a request for information associated with the client device, and in response may retrieve information from the database 304 and may output the information to the communications circuitry 302 .

Data validation circuitry 316 may be any suitable software, hardware embedded instructions, or any other suitable means for verifying information associated with a client device, such as client device 106 of FIG. 1, a customer associated with the client device, Or both. For example, data validation module 316 may be at least a portion of one or more integrated circuit processors. In one embodiment, the collector system 300 may receive information associated with the client device from one or more sources, and the data verification circuit 316 may be configured to verify the information. In another embodiment, the request processing circuit 314 may receive the request from the merchant system to verify the information associated with the client device, and the data verification circuit 316 may verify the information. The verification may include comparing the received information with information stored in the database 304, comparing the received information with information received from one or more sources, deterministic matching, probabilistic matching, fuzzy matching, , Any other suitable verification technique, or any combination thereof. In some embodiments, verifying information associated with a client device may include verifying information associated with a user possessing the client device. In some embodiments, data validation circuitry 316 may generate knowledge-based authentication queries using CRM information received from a carrier system, such as, for example, carrier system 208 or carrier system 104 . In some embodiments, the verification circuit 316 may use the proximity information to verify that the client device is located within a certain distance from the merchant system (e.g., a self-service machine). Generally, information about the customer's personal information using the CRM information obtained from the carrier system, information about the customer's client device (e.g., mobile device), and proximity of the client device of the customer to the self- By verifying the information about the degree, the verification circuit 316 can be used to verify the identity of the customer at the self-service machine.

The data integrated circuit 318 may be comprised of any suitable software, hardware embedded instructions, or both, for accumulating information associated with a client device received from one or more sources. For example, the data integrated circuit 318 may be at least a portion of one or more integrated circuit processors. In one embodiment, the collector system 300 may receive information associated with the client device from one or more sources, and the data integration circuit 318 may collect data received from the one or more sources . Data aggregation may include, for example, removing inconsistencies between information from different sources, or information received from one source and information stored in a database (e.g., database 304), from different sources Removing redundant information between the information received from one or more sources of information and the information stored in the database (e. G., Database 304), any other suitable aggregation technique, or any combination thereof. have. The sources may include stakeholders such as, for example, carrier systems, financial institutions, public utility companies, government agencies, universities, schools, any other suitable sources, or any combination thereof .

4 is a block diagram of an exemplary merchant system 400 in accordance with some embodiments of the present invention. The merchant system 400 may be any suitable merchant system, for example, the merchant system 102 of FIG. 1 or the merchant system 204 of FIG. In some embodiments, the merchant system 400 may be implemented in a network environment, such as the network environment of FIG. The merchant system 400 may include any suitable software, hardware, or both configured to implement the features described herein. For example, the merchant system 400 may include server hardware and software. The merchant system 400 may include a communication circuit 402, a storage system 416, and a processing device 412.

Communications circuitry 402 may be comprised of any suitable software, hardware embedded instructions, or both, for communicating with database 414 and processing equipment 412, and may be configured to communicate with other systems and devices May include inputs, outputs, any other mechanisms, or any combination thereof to facilitate the operation of the apparatus. The input or output is a relative communication channel that can be used to receive or transmit data. The communication channel may be an IP protocol-based communication session using any suitable network infrastructure, any other suitable network infrastructure, or any combination thereof, including, for example, the Internet, any proprietary LAN, a WAN Can be constructed. Inputs and outputs may be implemented as one or more physical ports, data storage devices, any other suitable hardware interface, software interface, or any combination thereof. For example, merchant system 400 may include a carrier input coupled to a carrier system and configured to receive data from the carrier system, a carrier output coupled to the carrier system and configured to output data to the carrier system, A collector output coupled to the collector system and configured to receive data from the client device and configured to receive data from the collector device; a collector output coupled to the collector device and configured to receive data from the collector device; A client device output coupled to the client device and configured to output data to the client device, any other suitable input or output, or It may include any combination of. In the context of the present invention, it may be desirable for the merchant system 400 not to include a carrier input and a carrier output. That is, in the preferred embodiments of the present invention, the merchant system 400 need not be able to communicate with the carrier system. Although different inputs and outputs are described, they need not be separate components and two or more of the inputs and / or outputs may be used to transmit or receive data for more than one destination or source, respectively It will be appreciated that the present invention may be implemented as a single component, For example, communication circuitry 402 may include a transceiver, such as an Ethernet card, or any other suitable device or circuitry that facilitates communication with other systems and devices.

In some embodiments, communication circuitry 402 may be configured to detect client devices within proximity of merchant system 400 (e.g., when merchant system 400 is a self-service machine or any suitable merchant device) Hardware, software, or both. For example, the communications circuitry 402 may be any suitable transceiver that provides Bluetooth connectivity, RFID detection capabilities, Near Field Communication (NFC) connectivity, any other suitable proximity-based communications or detection techniques, (S).

The storage system 416 may implement an organic data storage system capable of storing one or more databases and information relating to, for example, merchant data, client device data, user data, authentication, rules, and carrier data May include any suitable hardware, software, or both. For example, the storage system 416 may include a database 414. In some embodiments, the storage system 416 may store information not stored in the database 414, such as information about merchant data, e.g., APIs, HTML on content pages, any other appropriate information, Can be stored. In some embodiments, the merchant system 400 may be configured to convey any information stored in the storage system 416 or in the database 414 to a trust collector system, such as the collector system 300.

The database 414 may include any suitable hardware, software, or both, for implementing an organic data storage system capable of storing, for example, merchant data, client device data, user data, and carrier data . The information about the merchant data includes, for example, SKUs related to the merchandise item, customer service contact information (e.g., telephone number, email address, hyperlink for the website), payload information, , Any other merchant data, or any combination thereof. The information about the client device may include, for example, a mobile telephone number, identification information associated with the client device, any other client device data, or any combination thereof. The information about the user data may include, for example, authentication information for the authenticated user, credential information for the authenticated user, any other user related information, or any combination thereof. The carrier data may include, for example, a carrier network associated with the client device. In some embodiments, the database 414 may store information in an encrypted form. For example, the hashed information may be generated using a hash operation, and the hashed information may be stored in the database 414.

The processing equipment 412 may process data received from other systems and devices (e.g., a client device, a collector system, or any other suitable system or device), and may be configured to output data to other systems and devices Software, or both configured to process data, generate data, analyze data (e.g., verify authentication information provided by the client device), and perform other tasks Lt; / RTI > In some embodiments, the processing equipment 412 may include one or more circuits for performing the functions described herein, for example, a payload generation circuit 404, an encryption circuit 406 ), Request processing circuitry 408, transaction processing circuitry 410, any other suitable processing equipment, or any combination thereof. The circuits within the processing equipment 412 may communicate with each other to implement features as described herein. In addition, the circuits in processing equipment 412 may all be implemented together on one or more devices. The processing equipment 412 may communicate with the communication circuitry 402 and the database 414 to retrieve and / or transmit information. For example, the processing equipment 412 may retrieve credential information associated with a user who owns the client device from the database 414 before the transaction is allowed on the client device.

The payload generation circuit 404 may be comprised of any suitable software, hardware embedded instructions, or both, to generate the payload. For example, the payload generation circuit 404 may be at least a portion of one or more integrated circuit processors. The payload is data where the client device enables communication with the collector system (e.g., via ARI calls). The payload may be generated by the payload generation circuit 404 and may be moved to the encryption circuit 406 to be subsequently encrypted and the encrypted payload may be transferred to the client device 106, Lt; / RTI > In some embodiments, a payload may be generated by combining association identification information, a timestamp value, and a nonce value. The association identification information may include, for example, the merchant generated identity associated with a particular client device transaction. In some embodiments, the association identification information may be a user identification value (e.g., a user ID) associated with a user who owns the client device. The timestamp value may include, for example, the current date and time. In some embodiments, the timestamp value may be expressed in the format "yyyyMMddHHmmss ", where" yyyy "represents the current year," MM "represents the current month," dd " Represents the current day, "HH" represents the hour, "mm" represents the current minute, and "ss" represents the current second. The timestamp value may not be represented in the above-described format, but may instead be expressed in any suitable format. In some embodiments, the temporary value may include a random value having a minimum length of, for example, 32 characters.

The encryption circuitry 406 can be any suitable device for encrypting, decrypting, or encrypting and decrypting information such as, for example, payload information to be stored in the database 414, any other suitable information, Lt; RTI ID = 0.0 > software, hardware embedded instructions, or both. For example, the encryption module 406 may be at least a portion of one or more integrated circuit processors. Encrypting information can prevent information from being stolen, hacked, or otherwise leaked to a source that is not allowed to access the information. In some embodiments, the information may be encrypted using a symmetric key, an encryption key such as an asymmetric key, any other suitable encryption method, or any combination thereof. For example, the collector system may provide the encryption key to the merchant system, and the merchant system may use the encryption key to encrypt the information. In some embodiments, when the information is encrypted by the encryption circuitry 406, an Advanced Encryption Standard (AES), or any other suitable robust symmetric-key block encryption, should be used. In some embodiments, the information to be encrypted may include a payload generated by payload generation circuitry 404. [ The merchant system 400 may pass the payload encrypted by the encryption circuit 406 to the client device and the encrypted payload may facilitate client-initiated interaction between the client device and the collector system . The encrypted payload may be unique to the client device, but may not be unique for each request made by the client device.

The request processing circuitry 408 may be any suitable system for processing requests from other systems and devices, such as the carrier system 104 of FIG. 1, the collector system 100 of FIG. 1, or the client device 106 of FIG. Any suitable software, hardware embedded instructions, or both. For example, the request processing circuitry 408 may be at least a portion of one or more integrated circuit processors. Requests may include a request to output information (e.g., identification information or authentication information), a request to acknowledge information, any other suitable request, or any combination thereof. In some embodiments, one or more requests may be received by the communication circuitry 402 and passed from the communication circuitry 402 to the request processing circuitry 408. The request processing circuitry 408 may determine an appropriate response for each of the one or more requests, including, for example, processing information, generating information, analyzing information, processing equipment 412, Sending data to the database 414, receiving data from the database 414, any other suitable response, or any combination thereof. In some embodiments, the request processing circuitry may process requests received from other circuits within the processing equipment 412, respond to those requests, or process and respond.

The transaction processing circuitry 410 may be comprised of any suitable software, hardware embedded instructions, or both, for processing transactions performed on the client device. For example, transaction processing circuitry 410 may be at least a portion of one or more integrated circuit processors. Processing the transaction may include, for example, submitting payment information, completing the sale, any other suitable process, or any combination thereof. The transaction may be a purchase transaction, a registration, any other suitable process, or any combination thereof. In some embodiments, transaction processing circuitry 410 may utilize data stored in database 414 to process transactions. In other embodiments, transaction processing circuitry 410 may utilize data received from other systems, such as a collector system, to process transactions. For example, the client device may visit a website displayed by the merchant system 400 to perform a purchase transaction, and the merchant system 400 may access the collector system 100 of FIG. 1 , ≪ / RTI > In some embodiments, the transaction processing circuitry 410 may pre-populate the transaction data fields with information received from another system or device, or information received from the database 414.

5 is a block diagram of an exemplary carrier system 500 in accordance with some embodiments of the present invention. The carrier system 500 may be any suitable carrier system, such as the carrier system 208 of FIG. 2 or the carrier system 104 of FIG. In some embodiments, the carrier system 500 may be implemented in a network environment, such as the network environment of FIG. The carrier system 500 may comprise any suitable software, hardware, or both, configured to implement features such as those described herein. For example, the carrier system 500 may include server hardware and software. The carrier system 500 may include a communication circuit 502, a storage system 518, and a processing equipment 516.

Communication circuitry 502 may be comprised of any suitable software, hardware embedded instructions, or both, for communicating with database 514 and processing equipment 516, and may be configured to communicate with other systems and devices May include inputs, outputs, any other mechanisms, or any combination thereof to facilitate the operation of the apparatus. The input or output is a relative communication channel that can be used to receive or transmit data, respectively. The communication channel may be an IP protocol-based communication session using any suitable network infrastructure including, for example, the Internet, any proprietary LAN, a WAN, any other suitable network infrastructure, or any combination thereof Can be constructed. Inputs and outputs may be implemented as one or more physical ports, a data storage device, any other suitable hardware interface, a software interface, or any combination thereof. For example, the carrier system 500 may include a collector input coupled to the collector system and configured to receive data from the collector system, a collector output coupled to the collector system and configured to output data to the collector system, An affiliate store input coupled to the merchant system and configured to receive data from the merchant system, an affiliate store output coupled to the merchant system and configured to output data to the merchant system, a client coupled to the client device and configured to receive data from the client device A client device output coupled to the client device and configured to output data to the client device, any other suitable input or output, or any combination thereof Sum. In the context of the present invention, it may be desirable for the carrier system 500 not to include a merchant input and a merchant output. That is, in the preferred embodiments of the present invention, the carrier system 500 need not be able to communicate with the merchant system. Although different inputs and outputs are described, they need not be separate components and two or more of the inputs and / or outputs may be used to transmit or receive data for more than one destination or source, respectively It will be appreciated that the present invention may be implemented as a single component, For example, communication circuitry 502 may include a transceiver, such as an Ethernet card, or any other suitable device or circuitry that facilitates communication with other systems and devices.

In some embodiments, communication circuitry 502 may comprise any suitable hardware, software, or other means for communicating with GPS satellites or other GPS-related infrastructures to determine the location coordinates of any particular one or more client devices Both can be included.

The storage system 518 may include one or more databases related to CRM information associated with, for example, account data, rules, and a user who owns the client device, and implementing an organic data storage system capable of storing information May include any suitable hardware, software, or both. For example, the storage system 518 may include a database 514. In some embodiments, the storage system 518 may store information that is not stored in the database 514 and the carrier system 500 may be configured to transfer such information to a trust collector system, such as the collector system 300 .

The database 514 may comprise any suitable hardware, software, or both, for implementing an organic data storage system capable of storing, for example, account data associated with a user owning a client device and information regarding CRM information . In some embodiments, the database 514 may store information in an encrypted form. For example, the hashed information may be generated using a hash operation, and the hashed information may be stored in the database 514.

The processing equipment 516 may process data received from other systems and devices (e.g., a client device, a collector system, or any other suitable system or device), and may be configured to output data to other systems and devices Software, or both, configured to process data (e. G., CRM information) and to perform other tasks. In some embodiments, the processing equipment 516 may include one or more circuits for performing the functions described herein, for example, a header enhancement circuit 504, a message generation circuit 506 ), Redirection circuitry 508, request processing circuitry 510, CRM information retrieval circuitry 512, any other suitable processing equipment, or any combination thereof. The circuits within processing equipment 516 may communicate with each other to implement features as described herein. In addition, the circuits in processing equipment 516 may be implemented together on one or more devices. The processing equipment 516 may be configured to communicate with the communication circuitry 502 and the database 514 to retrieve and / or transmit information regarding user account data, CRM information, any other information, or any combination thereof .

The header enhancement circuitry 504 may comprise any suitable software, hardware, or other means for entering one or more headers (e.g., a hypertext transfer protocol (http) header) in a request or response, such as an http redirect request or response. Built-in instructions, or both. For example, the header enhancement circuitry 504 may be at least a portion of one or more integrated circuit processors. The http redirect request and / or response may include a message header, and an http header may be inserted into the message header. In some embodiments, the http headers inserted in the http redirection request may include client device identification information, and the system receiving the http response in which the http headers were inserted in the corresponding http request may be used (E.g., for use in identifying a client device). For example, a client device on a carrier network operated by a carrier system 500 may be served by a collector system from a website displayed by a merchant system using an http redirection request processed by the carrier system 500 And the header enhancement circuitry 504 may insert one or more http headers into the http redirection request.

The message generation circuitry 506 may comprise any suitable software, hardware, or other means for generating messages such as, for example, Short Message Service (SMS) messages, Silent SMS messages, any other appropriate type of message, Built-in instructions, or both. For example, the message generation circuit 506 may be at least a portion of one or more integrated circuit processors. In some embodiments, the message generation circuit 506 may be configured to generate an SMS message in response to a request from another system or device, such as the collector system 100 of FIG. 1 or the client device 106 of FIG. 1 have. For example, the carrier system 500 can receive a request to create an SMS message and send it to the client device, and the message generating circuit can generate an SMS message and the message is sent to the mobile phone number Lt; / RTI >

The redirection circuit 508 may be comprised of any suitable software, hardware embedded instructions, or both, for example, to redirect requests, information, or both, from one system to another. For example, redirection circuitry 508 may be at least a portion of one or more integrated circuit processors. In some embodiments, redirection circuitry 508 may be configured to redirect SMS messages from one system or device to another system or device. In other embodiments, redirection circuitry 508 may be configured to perform http redirection from a web site associated with one system to a web site associated with another system. The redirection circuitry 508 can additionally be configured to perform any other appropriate redirection from one system to another. In some embodiments, the redirection circuitry 508 may receive instructions that cause the redirection to be performed. In some embodiments, redirection circuitry 508 may receive such instructions from request processing circuitry 410. In some embodiments,

The request processing circuitry 510 may include any suitable software for processing requests from other systems and devices, such as the collector system 100 of FIG. 1, or the client device 106 of FIG. 1, Instructions, or both. For example, the request processing circuit 510 may be at least a portion of one or more integrated circuit processors. The requests may include a request for information such as user account information or CRM information, any other suitable request, or any combination thereof. One or more requests may be received by communication circuitry 502 and passed from communication circuitry 502 to request processing circuitry 510. The request processing circuitry 510 may determine an appropriate response for each of the one or more requests, for example, processing information, communicating with other circuitry within the processing equipment 516, Sending data to database 514, receiving data from database 514, any other suitable response, or any combination thereof. In some embodiments, the request processing circuitry 510 may process requests received from other circuits within the processing equipment 516, respond to those requests, or process and respond.

The CRM information retrieval circuit 512 may comprise any suitable software, hardware embedded instructions, or both, for retrieving CRM information associated with the client device. For example, the CRM information retrieval circuit 512 may be at least a portion of one or more integrated circuit processors. In some embodiments, the CRM information includes information about the account (e.g., payment information, name, address, social security number, etc.) associated with the user who owns the client device, Or any other suitable information that can be obtained through interactions between the user and the user. It should be understood that the protected information associated with a user, such as a social security number, can only be accessed by trust systems and devices that have been approved by the user. The CRM information retrieval circuit 512 may be configured to retrieve the appropriate CRM information from the database 514. In some embodiments, the CRM information retrieval circuitry 512 may be configured to retrieve the appropriate CRM information in response to a request received from the request processing circuitry 510. [ For example, a collector system, such as the collector system 100 of FIG. 1, may request CRM information associated with the identified client device from the carrier system 500, and the CRM information retrieval circuit 512 may request the CRM information And provide CRM information to communication circuitry 502 to be output to the collector system.

6 is a block diagram of an exemplary client device 600 in accordance with some embodiments of the present invention. The client device 600 may be any suitable client device, such as the client device 206 of FIG. 2 or the client device 106 of FIG. In some embodiments, client device 600 may be implemented in a network environment, such as the network environment of FIG. The client device 600 may comprise any suitable software, hardware, or both, configured to implement features as described herein. The client device 600 includes a display 602, a communication circuit 616, a power supply 622, a speaker 610, a microphone 612, a keyboard 614, a memory 608 and a processing equipment 620 can do.

Display 602 can be configured to display any information stored in client device 600 or received by client device 600 in any suitable format. The information displayed may include, for example, information requested by a user of client device 600, information about client device 600, information about a transaction, information about a mobile application, information received from another system or device, Information to be transmitted to another system or device, an SMS message, any other suitable information, or any combination thereof. Display 602 may be, for example, a liquid crystal display, a flat panel display such as a plasma display, any other suitable display, or any combination thereof.

The power supply 622 may be configured to provide power to the client device 600. The power supply 622 may be any suitable internal or external power source, such as, for example, a battery.

The speaker 610 may be configured to provide an audible sound. The audible tone may be associated with a phone call on the client device 600, an application running on the client device 600, an alarm set on the client device 600, a transaction, any other suitable process or application, .

The microphone 612 may be configured to receive user input, such as an audible user input. The inputs received by the microphone 612 may include, for example, a telephone call on the client device 600, a user owning the client device 600, information relating to the transaction, any other appropriate information, . ≪ / RTI >

The keyboard 614 may be configured to receive user input, for example, text input. The inputs received by the keyboard 614 may include, for example, a message stored on the client device 600 or generated on the client device 600, a user owning the client device 600, information about the transaction, Other suitable information, or any combination thereof.

Communications circuitry 616 may include inputs, outputs, any other mechanisms, or any combination thereof to facilitate communication with other systems and devices. The input or output is a relative communication channel that can be used to receive or transmit data, respectively. The communication channel may be an IP protocol-based communication session using any suitable network infrastructure including, for example, the Internet, any proprietary LAN, a WAN, any other suitable network infrastructure, or any combination thereof Can be constructed. Inputs and outputs may be implemented as one or more physical ports, a data storage device, any other suitable hardware interface, a software interface, or any combination thereof. For example, the client device 600 may include a carrier input coupled to a carrier system and configured to receive data from the carrier system, a carrier output coupled to the carrier system and configured to output data to the carrier system, An affiliate store input coupled to the merchant system and configured to output data to the merchant system, a collector coupled to the collector system and configured to receive data from the collector system, An input, a collector output coupled to the collector system and configured to output data to the collector system, any other suitable input or output, or any combination thereof. Although different inputs and outputs are described, they need not be separate components and two or more of the inputs and / or outputs may be used to transmit or receive data for more than one destination or source, respectively It will be appreciated that the present invention may be implemented as a single component, For example, communication circuitry 616 may include a transceiver, such as an Ethernet card, or any other suitable device or circuitry that facilitates communication with other systems and devices. The communication circuitry 616 may be configured to communicate with the memory 608, the processing equipment 620, the speaker 610, the microphone 612, the keyboard 614, the power supply 622 and the display 602.

In some embodiments, communication circuitry 616 may be any suitable hardware, software, or both (e. G., In the form of a self-service machine) and proximity- . ≪ / RTI > For example, the communication circuitry 616 may be any suitable transceiver that provides Bluetooth connectivity, RFID tags, Near Field Communication (NFC) connectivity, any other suitable proximity-based communication or detection techniques, (S).

The memory 608 may be, for example, a hard disk drive, a flash memory, a random access memory (RAM), one or more suitable memory devices such as an optical disk, any other suitable memory device, . Memory 608 may include identification information 604 and other information 606. The identification information 604 may include any suitable identification information regarding the client device 600. For example, the identification information 604 may include information identifying the hardware or software of the client device 600, information identifying the mobile telephone number associated with the client device 600, identifying the device model of the client device 600 Information identifying the user that owns the client device 600, information identifying the carrier system associated with the client device 600, any other appropriate identifying information, or any combination thereof . Other information 606 may include any information stored in the memory 608 in addition to the identification information 604. [ For example, other information 606 may include information about applications, messaging, pictures and videos, transactions, merchants, networks, capacity and storage, any other suitable information, Can be stored.

The processing equipment 620 processes data received from other systems and devices (e.g., a merchant system, a carrier system, a collector system, or any other suitable system or device) Software, or both configured to process data to be output to a mobile device, to process the data for output to mobile devices, to perform data processing for mobile applications, and to perform other tasks. In some embodiments, the processing equipment 620 may include one or more circuits for performing the functions as described herein, for example, an authentication circuit 616, a processing circuit 618, Any other suitable processing equipment, or any combination thereof. The circuits within processing equipment 620 may communicate with each other to implement features as described herein. Additionally, the circuits within processing equipment 620 may all be implemented together on one or more devices. The processing equipment 620 may be configured to communicate with a communication circuit 616, a memory 608, a speaker 610, a microphone 612, a keyboard 614, a power supply 622 and a display 602.

The authentication circuit 616 may be comprised of any suitable software for authenticating the client device 600, hardware embedded instructions, or both. For example, the authentication circuit 616 may be at least a portion of one or more integrated circuit processors. In some embodiments, authenticating the client device 600 may include authenticating the user who owns the client device 600. [ In some embodiments, the authentication circuitry 616 may communicate with a system, such as a merchant system or a collector system, via the communication circuitry 616 to authenticate the client device 600. Authenticating the client device 600 may include directing the user who owns the client device 600 to enter information. The information may be input via display 602, keyboard 614, microphone 612, any other suitable user input, or any combination thereof. The information may include, for example, uniquely identifying the information about the user who owns the client device 600. In some embodiments, the authentication circuit 616 may communicate with the memory 608 to authenticate the client device 600. For example, the memory 608 may store information received from a collector system, such as the collector system 100 of FIG. 1, and subsequent to inducing information input to a user that owns the client device 600, Circuitry 616 may compare the information entered with the information stored in memory 608.

The processing circuitry 618 may be comprised of any suitable software, hardware embedded instructions, or both, to implement any features other than authentication. For example, the processing circuitry 618 may be at least a portion of one or more integrated circuit processors. For example, the processing circuitry 618 may be any suitable computing device capable of computing information, processing instructions, executing functions related to client device operation, executing any other suitable operation or implementation, or any combination thereof. May be configured to run applications.

The following discussion discusses with respect to Figures 1-6 in which the merchant system is implemented at least in part as a self-service machine and the client device is implemented as a mobile device, such as a mobile phone, operating on a carrier network provided by a carrier system The implementation of the system will be focused on. A customer who owns the mobile device and has an account registered with the carrier system can perform transactions or otherwise interact with the self-service machine. The customer is linked to the mobile device in the account information of the carrier system. In order to provide a safer and more enhanced experience, the system of the present invention may include aspects of the customer's personal information such as the customer's identity, age, birthday, residence, nationality, telephone number, any other appropriate personal information, And may be configured to verify any combination. 7 illustrates an example performed by a self-service machine (e.g., self-service machine 102, 204, or 400) as part of a customer verification process, for example, in accordance with some embodiments of the present invention ≪ / RTI > FIG. 8 is a flow diagram of exemplary steps performed by a collector system (e.g., collector system 100, 202, or 300) as part of the process illustrated in FIG.

Referring to FIG. 7, in step 702, the self-service machine queries the customer for the mobile device identifier. For example, when a customer attempts to initiate a transaction or interacts with a self-service machine for a particular purpose, the self-service machine sends a display requesting the customer to verify the identity by entering the customer's mobile phone number A visual query on the screen can be displayed. It should be appreciated that a self-service machine may provide any appropriate prompt, whether visible or audible, for a mobile device identifier such as a mobile telephone number.

In step 704, the self-service machine receives the mobile device identifier received by the customer. For example, any suitable input interface may be provided, such as a keyboard, touch-sensitive display, microphone, any other suitable input interface, or any combination thereof, that allows the customer to enter the customer's mobile telephone number .

At step 706, when the self-service machine receives the mobile device identifier, the self-service machine sends a request to the mobile device (e.g., mobile device 106, 206, or 600) associated with the mobile device identifier provided by the customer, So that the verification message is transmitted. For example, the self-service machine may communicate a verification request to the collector system using, for example, the communication circuit 402 (FIG. 4). The verification request may include a mobile device identifier (or any appropriate information indicating the mobile device identifier), may be configured in any suitable manner, and the collector system may send a verification message to the mobile device associated with the mobile device identifier And may include any suitable additional data to generate and deliver. A further discussion of the validation message is provided below with respect to FIG. In some embodiments, the self-service machine may generate a verification message and use the mobile device identifier (e. G., Via the network 108 (FIG. 1) And to forward the verification message to a mobile device associated with the mobile device.

At step 708, the self-service machine receives at least one knowledge-based authentication query, which may include, for example, communication circuitry 402 to query and individual multiple choice answers. The query is directed to any appropriate information to assist the customer in verifying in step 704 that the user is associated with a mobile device identifier provided by the customer at the self-service machine. The queries may be generated by the collector system using CRM information received from a carrier system (e.g., carrier system 104, 208, or 500), as described below with respect to FIG.

At step 710, the self-service machine displays at least a subset of the knowledge-based authentication questions and individual multiple-choice answers on the display device or provides any suitable visual or audible output on any suitable output device. It will be appreciated that using multiple choice answers as part of a knowledge-based authentication query is merely exemplary. In some embodiments, the customer may be prompted to provide a response to a knowledge-based authentication query by entering a response directly without using multiple choice answers.

In step 712, the self-service machine may use any suitable user input interface, such as a keyboard, touch-sensitive display, microphone, any other suitable input interface, or any combination thereof, Receive customer responses.

In step 714, the self-service machine forwards the responses provided by the customer to the collector system using, for example, the communications circuitry 402. The self-service machine can deliver the responses exactly as entered by the customer, format the responses, or perform any appropriate normalization of the input data, e.g., using the processing equipment 412.

At step 716, the self-service machine may receive proximity information from the mobile device to verify that the customer's mobile device is within a certain proximity of the self-service machine. The proximity information may be any suitable information for verifying that the mobile device is within range, for example, using any suitable communication protocol via communication circuitry 402 and 616. [ For example, the communication circuitry 402 and 406 may communicate using Bluetooth, NFC, RFID, any other suitable technology or protocol in order for the self-service machine to detect the presence of the customer's mobile device. The communication circuitry 616 may communicate information identifying the mobile device, such as a mobile device identifier (e.g., telephone number), to the communication circuitry 402. Using the processing equipment 412, for example, the self-service machine may compare the mobile device identifier received in step 704 with the mobile device identifier delivered by the communication circuitry 616 to confirm that they correspond to each other. If at least one mobile device is detected and the mobile device identifier received from one of the detected mobile devices corresponds to a mobile device identifier received from the customer, then the processing device 412 may determine that the customer's mobile device is on the self- Confirm that it is close. At step 718, the self-service machine communicates the results of the proximity check to the collector system using, for example, the communication circuitry 402.

Alternatively or additionally to step 716, the self-service machine may receive proximity information from the collector system. For example, GPS data relating to the location coordinates of the mobile device associated with the mobile device identifier received from the customer is obtained by the carrier system. The GPS data is then passed to a collector system, which in turn determines based on the GPS data whether the mobile device is within some proximity of the self-service machine. In one suitable approach, the self-service machine receives an indication from the collector system based on the GPS data whether the mobile device associated with the received mobile device identifier is within proximity of the self-service machine.

In some embodiments, the self-service machine is not provided with any proximity information (and need not determine any proximity information by itself). Rather, in such an embodiment, the self-service machine only receives an indication from the collector system as to whether the customer's identity (or information about the identity of the customer) is verified. The collector system, in such embodiments, processes proximity information, such as GPS data received from the carrier system, as well as any other relevant data to perform a final verification decision.

In some embodiments, the self-service machine performs proximity checks but does not deliver the results to the collector system. For example, after the self-service machine receives a validation decision from the collector system at step 720 (discussed below), and if the validation decision indicates that the identity of the customer or the identity of the customer has been verified, The self-service machine will process the result of the proximity check before proceeding with the transaction. If the result indicates that the mobile device associated with the provided mobile device identifier is within close range of the self-service machine, the self-service machine will determine that the verification was successful. Otherwise, despite the collector system indicating that the verification of the customer's identity was successful, the self-service machine will determine that the verification is not successful because the mobile device associated with the provided mobile device identifier (and further, the customer) Because it is not on the self-service machine.

At step 720, the self-service machine receives an indication that the customer has been verified to proceed with the desired transaction from the collector system using, for example, the communication circuit 402 or has not been verified to proceed with the desired transaction. Once verified, the self-service machine proceeds with the desired transaction with the customer.

8 showing a process at the collector system side, at step 802, the collector system uses the communication circuit 302, for example, to determine whether the mobile device identifier received by the self- And receives any other suitable data indicating the device identifier. At step 804, the collector system uses the processing equipment 320 and communication circuitry 302 to generate a verification message and pass the verification message to the mobile device associated with the mobile device identifier. For example, in some embodiments, the collector system generates an SMS message that includes, for example, a URL link or any other suitable link, code, any appropriate command, or any combination thereof. The message is communicated to the mobile device associated with the mobile device identifier using the communication circuitry 302, e.g., via the carrier network provided by the carrier system. In another suitable approach, the collector system communicates, using the communication circuitry 302, a notification to the mobile device associated with the mobile device and the identifier, and the notification is transmitted to the mobile device, To be provided to the mobile device user (i.e., the customer). It will be appreciated that any suitable technique for conveying a verification message to a mobile device associated with the mobile device identifier may be used.

In step 806, the collector system receives a response to the verification message, for example, using the communication circuitry 302. The response is generated when the customer receives the verification message and performs the necessary verification procedures. The validation procedure may include, for example, selecting a mounted link within a validation message that links to a server-side process in the collector system to detect that the link has been selected. In another suitable approach, the verification procedure may include, for example, instructing the customer to call the telephone number provided and when prompted to enter the verification code, which is processed by the collector system to determine the correct code . Any such suitable technique or any combination of such techniques may be used to verify that the customer has received a verification message on the mobile device associated with the mobile device identifier. This allows the collector system to use, for example, processing equipment 320 to determine, at step 808, that the customer attempting to perform the transaction at the self-service machine at least controls the mobile device associated with the mobile device identifier.

At step 810, the collector system uses, for example, communication circuitry 302 to deliver a request to the carrier system for CRM information associated with the account corresponding to the mobile device identifier. Since the collector system is an entity trusted by the carrier system (i.e., the collector system is white-listed by the carrier system), the carrier system will provide the CRM information requested to the collector system. The CRM information may be any specific CRM information requested by the collector system, all available CRM information about the specified account, or a specific predefined set of CRM information associated with the collector system. When allowed to specify desired CRM information, the collector system may use processing equipment 320 to determine which CRM information to request based on the type for which the self-service machine is requesting customer identity verification. For example, if the self-service machine is a cigarette or wine vending machine, the collector system will request CRM information from the carrier system that includes at least information corresponding to the birthday, age, or both associated with the mobile device identifier. It should be understood that CRM information can be provided by the carrier system in any suitable form readable by the collector system to process the CRM information for purposes of verifying customer identity, including generating knowledge-based authentication queries do. In step 812, from the carrier system, CRM information is received by the collector system, e.g., using the communications circuitry 320.

It will be appreciated that a single account may have more than one mobile device, each mobile device may have a separate mobile device identifier, and each mobile device may have a separate user identity. CRM information, in such cases, will be provided for the user associated with the particular mobile device identifier received in step 704.

At step 814, the collector system uses the processing equipment 320 to generate one or more knowledge-based authentication queries based on CRM information, any other suitable information, or any combination thereof. The knowledge-based authentication query may include any suitable question regarding the aspect of the user associated with the mobile device identifier. Ideally, the answers to these questions are likely to be known by the user, but are unlikely to be known by others. Examples of knowledge-based authentication queries include social security numbers, home phone numbers, home or work addresses (such as previous addresses), favorite movies, mother's maiden name, any other appropriate query, And includes a prompt for any combination. The knowledge-based authentication query may be in the form of a plurality of selection problems where the problem is associated with two or more answer choices and only one of which is correct. Incorrect answer choices may be generated by the collector system, or may be provided by the carrier system as part of the CRM information. The knowledge-based authentication queries are communicated to the self-service machine using, for example, communications circuits 302 and 320, and transmitted to the self-service machine as described above with respect to steps 708, 710, 712 and 714, Used by service machines.

At step 818, the collector system uses processing equipment 320 to determine that the responses to the knowledge-based authentication queries conveyed by the self-service machine to the collector system at step 714 are correct. The collector system determines the number of correctly answered questions and stores this number in the storage system 322, for example, for use at step 822. Alternatively, the collector may store a binary indication that all of the questions have been answered correctly or that none of the questions have been correctly answered. Any appropriate information regarding the responses provided by the customer and communicated to the collector system may be stored and may be used to determine whether the customer appropriately proves that the user is the user associated with the mobile device identifier received at step 704. [ And can be processed in an appropriate manner. The knowledge-based authentication queries are thus used by the collector system to determine whether the customer is a legal user of the mobile device associated with the mobile device identifier (i. E., In contrast, a non- .

At step 820, the collector system, for example, uses processing equipment 320 to determine proximity information of the mobile device associated with the mobile identifier for the self-service machine. In some embodiments, proximity information is an indication of whether the mobile device is within a certain proximity of the self-service machine (e.g., within 100 feet, within 2 feet, etc.). As previously described with respect to steps 716 and 718, the self-service machine may determine whether the mobile device is close to the self-service machine and delivers this information to the collector system. In some embodiments, the carrier system may provide GPS data relating to the mobile device associated with the mobile device identifier received at step 704 as part of the CRM information received by the collector system at step 812. The self-service machine processes the proximity information provided by the self-service machine, by the carrier system, or both, and determines whether the mobile device associated with the received mobile device identifier is close to the self- . This determination makes the collector system aware of whether the customer owns the mobile device while the customer is attempting to perform the desired transaction on the self-service machine.

At step 822, the collector system determines whether the information stored from processing equipment 320 and at least steps 808, 818, and 820 (i.e., whether the mobile device associated with the received mobile device identifier is within customer control, Whether the user is associated with the mobile device identifier in the carrier system, and whether the mobile device associated with the mobile device identifier is owned by the customer in the self-service machine) to verify the identity of the customer or at least the identity of the customer . In some embodiments, the collector system may determine, based on, for example, the type of self-service machine performing the verification request, the type of transaction attempted by the customer, any other suitable criteria, And determines whether to perform the type of verification. For example, if a customer attempts to purchase alcohol from a vending machine, the collector system may be configured to provide verification that the customer is at least as likely to be at the legal age necessary to purchase alcohol, but if the customer withdraws cash from the ATM The collector system will be configured to provide verification that the customer's identity is likely to be the account of the bank account holder.

In some embodiments, 1) the collector system checks that the mobile device is within customer control at step 808 when the verification message is received by the customer and acts accordingly, and 2) at least the minimum number of knowledge- The collector system verifies that it is correctly answered by the customer at the self-service machine at step 818, and 3) all three of the collector systems determine that the mobile device associated with the provided mobile device identifier is within proximity of the self- Verification is performed when the components are satisfied. In some embodiments, less than all three of these components are needed to determine the collector system to perform the requested verification. In some embodiments, if these three components can be processed serially so that if one component fails verification, the verification fails and the self-service machine does not proceed with the transaction and no additional components are processed To the self-service machine. For example, if the collector system can not verify that the verification message has been received by the customer on the mobile device associated with the received mobile device identifier, then the collector system will not perform any knowledge-based authentication query processing, - will not perform any processing to determine if it is close to the service machine. It will be appreciated that the verification components are not processed in any suitable order and necessarily in the order shown in Figures 7 and 8. [ In some embodiments, at least two of the verification components may be processed at the same time. For example, proximity verification may be processed while a verification message or knowledge-based authentication query verification is being processed.

At step 824, the collector system communicates the results of the verification of the identity of the customer or the identity of the customer's identity to the self-service machine 824, for example, using the communication circuitry 320. In some embodiments, the result is a binary indicator that the customer has been successfully verified or that the customer has not been successfully verified. In some embodiments, the collector system indicates a particular reason or reason for which the customer has not been verified.

It will be appreciated that the steps of FIGS. 7 and 8 are exemplary and that in some embodiments the steps may be added, removed, omitted, repeated, reordered, or modified in any other suitable manner.

The foregoing is merely illustrative of the principles of the invention, and various modifications may be made by those skilled in the art without departing from the scope of the invention. The foregoing embodiments are presented for purposes of illustration and non-limiting. The present invention may also have other forms than those explicitly set forth herein. Accordingly, it is emphasized that the present invention is not intended to be limited to the explicitly disclosed methods, systems and apparatuses, but is intended to cover variations and modifications of the present invention within the scope of the following claims.

Claims (24)

A method for verifying at least one aspect of a user's identity of a self-service machine,
Receiving a mobile device identifier entered by the user at the self-service machine;
Communicating a verification message to a mobile device associated with the mobile device identifier using a communication circuit;
Receiving a response to the verification message using the communication circuit;
Using the processing circuitry to verify that the mobile device associated with the mobile device identifier is owned by the user based on the response;
Transferring the mobile device identifier to a carrier system associated with a service network on which the mobile device operates using the communication circuit;
Receiving, from the carrier system, CRM information relating to an associated user corresponding to the mobile device identifier using the communication circuit;
Transferring at least one knowledge-based authentication query to the self-service machine based on the CRM information using the communication circuit;
Receiving, by the communication circuit, a response to the at least one knowledge-based authentication query provided by the user from the self-service machine;
Using the processing circuitry to determine whether a response to the at least one knowledge-based authentication query provided by the user is correct;
Using the processing circuitry to determine that the mobile device associated with the mobile identifier is within a certain proximity of the self-service machine;
When the processing circuit is used to determine that the response to the at least one knowledge-based authentication query provided by the user is correct when it is confirmed that the user owns the mobile device associated with the mobile device identifier, And verifying at least one aspect of the identity of the user when the mobile device associated with the mobile identifier is within a specific proximity of the self-service machine; And
Using the communication circuit, communicating to the self-service machine that at least one aspect of the user's identity has been verified
/ RTI >
Way. The method according to claim 1,
Wherein delivering a verification message to a mobile device associated with the mobile device identifier comprises communicating an SMS message to a mobile device associated with the mobile device identifier.
Way. The method according to claim 1,
Wherein the verification message includes a link,
Wherein receiving a response to the verification message comprises receiving an indication from the mobile device associated with the mobile device identifier that the link has been selected.
Way. The method according to claim 1,
Wherein the step of receiving the CRM information comprises receiving at least one of birthday information, name information, address information, telephone number information, and any combination thereof.
Way. The method according to claim 1,
Wherein the step of communicating the at least one knowledge-based authentication query comprises delivering at least one knowledge-based query and a plurality of associated multiple-
Way. The method according to claim 1,
Wherein determining that the mobile device associated with the mobile identifier is within a certain proximity of the self-service machine comprises receiving GPS data relating to the location of the mobile device associated with the mobile device identifier from the carrier system doing,
Way. The method according to claim 1,
The self-service machine is a cash dispenser,
Way. The method according to claim 1,
The self-service machine is a vending machine,
Way. The method according to claim 1,
The self-service machine is a sales device,
Way. A collector system communicatively coupled to a self-service machine,
A communication circuit coupled to at least one network; And
And a processing circuit coupled to the communication circuit,
The communication circuit comprising:
Receive a mobile device identifier entered by a user at the self-service machine;
Deliver a verification message to a mobile device associated with the mobile device identifier;
Receive a response to the verification message;
Convey the mobile device identifier to a carrier system associated with a service network on which the mobile device operates;
Receive from the carrier system CRM information relating to a user associated with the mobile device identifier;
Deliver at least one knowledge-based authentication query to the self-service machine based on the CRM information;
Receiving from the self-service machine a response to at least one knowledge-based authentication query provided by the user; And
To deliver to the self-service machine that at least one aspect of the user's identity has been verified,
The processing circuit comprising:
Confirm that the user owns a mobile device associated with the mobile device identifier based on the response;
Determine whether a response to the at least one knowledge-based authentication query provided by the user is correct;
Determine that the mobile device associated with the mobile identifier is within a specific proximity of the self-service machine; And
When a response to the at least one knowledge-based authentication query provided by the user is determined to be correct, and when it is determined that the mobile device associated with the mobile device identifier is owned by the user, Wherein the mobile device is configured to verify at least one aspect of the identity of the user when the mobile device is within a specific proximity of the self-
Collector system. 11. The method of claim 10,
Wherein the verification message comprises an SMS message,
Collector system. 11. The method of claim 10,
Wherein the verification message includes a link,
Wherein the response to the verification message comprises an indication that the link has been selected from a mobile device associated with the mobile device identifier,
Collector system. 11. The method of claim 10,
Wherein the CRM information comprises at least one of birthday information, name information, address information, telephone number information, and any combination thereof.
Collector system. 11. The method of claim 10,
Wherein the at least one knowledge-based authentication query comprises at least one knowledge-based query and a plurality of associated multiple-
Collector system. 11. The method of claim 10,
Wherein the communication circuit is further configured to receive GPS data relating to the location of the mobile device associated with the mobile device identifier from the carrier system,
Wherein the processing circuitry is further configured to determine that the mobile device associated with the mobile device identifier based on the GPS data is within a certain proximity of the self-
Collector system. 11. The method of claim 10,
The self-service machine is a cash dispenser,
Collector system. The method according to claim 1,
The self-service machine is a vending machine,
Collector system. The method according to claim 1,
The self-service machine is a sales device,
Collector system. 1. A non-transient computer readable medium having computer program instructions for performing the method recorded therein,
The method comprises:
Receiving, using a communication circuit, a mobile device identifier entered by a user at a self-service machine;
Transferring a verification message to a mobile device associated with the mobile device identifier using the communication circuit;
Receiving a response to the verification message using the communication circuit;
Using the processing circuitry to verify that the mobile device associated with the mobile device identifier is owned by the user based on the response;
Transferring the mobile device identifier to a carrier system associated with a service network on which the mobile device operates using the communication circuit;
Receiving, from the carrier system, CRM information regarding a user corresponding to the mobile device identifier using the communication circuit;
Transferring at least one knowledge-based authentication query to the self-service machine based on the CRM information using the communication circuit;
Receiving, by the communication circuit, a response to the at least one knowledge-based authentication query provided by the user from the self-service machine;
Using the processing circuitry to determine whether a response to the at least one knowledge-based authentication query provided by the user is correct;
Using the processing circuitry to determine that the mobile device associated with the mobile identifier is within a certain proximity of the self-service machine;
When the processing circuit is used to determine that the response to the at least one knowledge-based authentication query provided by the user is correct when it is confirmed that the user owns the mobile device associated with the mobile device identifier, And verifying at least one aspect of the identity of the user when the mobile device associated with the mobile identifier is within a specific proximity of the self-service machine; And
Using the communication circuit, communicating to the self-service machine that at least one aspect of the user's identity has been verified
/ RTI >
Computer readable medium. 20. The method of claim 19,
Wherein delivering a verification message to a mobile device associated with the mobile device identifier comprises communicating an SMS message to a mobile device associated with the mobile device identifier.
Computer readable medium. 20. The method of claim 19,
Wherein the verification message includes a link,
Wherein receiving a response to the verification message comprises receiving an indication from the mobile device associated with the mobile device identifier that the link has been selected.
Computer readable medium. 20. The method of claim 19,
Wherein the step of receiving the CRM information comprises receiving at least one of birthday information, name information, address information, telephone number information, and any combination thereof.
Computer readable medium. 20. The method of claim 19,
Wherein the step of communicating the at least one knowledge-based authentication query comprises delivering at least one knowledge-based query and a plurality of associated multiple-
Computer readable medium. 20. The method of claim 19,
Wherein determining that the mobile device associated with the mobile identifier is within a certain proximity of the self-service machine comprises receiving GPS data relating to the location of the mobile device associated with the mobile device identifier from the carrier system doing,
Computer readable medium.

Images