A METHOD OF AUTHENTICATING A USER OF A NETWORK TERMINAL DEVICE AND A SYSTEM THEREFOR
BACKGROUND OF THE INVENTION
THIS invention relates to a method of authenticating a user of a network terminal device and to a system therefor.
The network terminal device is typically a self-service kiosk. In one example, the network terminal device may be an automatic teller machine (ATM) which is used to conduct transactions on a user account.
ATMs are well known. A client of a financial institution is typically issued with a magnetic card or a smart card that they insert into an ATM to initiate transaction requests. The card is linked to the client's account with the financial institution. The ATM prompts the client to enter a personal identification number (PIN) and if the pin is correct the client is able to transact on their account.
Typically, ATMs are used to withdraw money, transfer funds from one client account, to another, pay a bill, pay a beneficiary, or obtain an account balance and/or a transaction history.
The key to accessing an ATM has always been the card which is issued to the client without which they are unable to use the ATM.
SUMMARY OF THE INVENTION
According to a first aspect of the invention there is provided a method of authenticating a user of a network terminal device, the method including:
linking an identification of a communications device to a client account with a financial institution;
receiving a request from a network terminal device to authenticate a user of the network terminal device and thereby to allow the user to conduct a transaction on a client account;
generating a password;
transmitting the password to the communications device linked to the client account;
receiving a password entered into the network terminal device; and
if the password received from the network terminal device matches the password transmitted to the communications device then authenticating the user of the network terminal device.
The request may include an identity of a communications device and wherein the identity of the communications device included in the request is compared with the identity of the communications device linked to the client.
The communications device may be a mobile communications device such as a mobile telephone.
The network terminal device may be an automatic teller machine (ATM).
The financial transaction may include at least one of withdrawing money, transferring funds from one client account to another, paying a bill, paying a beneficiary, obtaining information about the account or about previous transactions on the account.
The password transmitted to the mobile communications device may only be valid for a predetermined period of time.
In addition, the password may be unique.
In one example embodiment, the method may include:
receiving a request to conduct a transaction on a client account;
processing the transaction;
transmitting a transaction identification together with the password to the communications device;
receiving the transaction identification together with the password which have been input into the network terminal device; and
if the received transaction identification and password match the transaction identification and password transmitted to the communications device, then authenticating the user of the network terminal device.
The present invention extends to a system for authenticating a user of a network terminal device, the system including:
a memory for storing information relating to an identification of a communications device and information relating to a client account with a financial institution;
a processor disposed in communication with the memory, the processor being adapted to:
link an identification of a communications device to a client account with a financial institution;
receive a request to authenticate a user of the network terminal device and thereby to allow the user conduct a transaction on a client account;
generate a password;
transmit the password to the communications device linked to the client account;
receive a password entered into a network terminal device; and
if the password received from the network terminal device matches the password transmitted to the communications device then authenticating the user of the network terminal device.
The processor may receive a request including an identity of a communications device and wherein the identity of the communications device included in the request is compared with the identity of the communications device linked to the client.
The communications device may be a mobile communications device such as a mobile telephone.
The network terminal device may be an automatic teller machine (ATM).
The financial transaction may include at least one of withdrawing money, transferring funds from one client account to another, paying a bill, paying a beneficiary, obtaining information about the account or about previous transactions on the account.
The password transmitted to the mobile communications device may only be valid for a predetermined period of time.
In addition, the password may be unique.
The present invention further extends to a machine-readable medium comprising instructions, which when executed by a machine, cause the machine to perform the method of authenticating a user of a network terminal device as described above.
The present invention further extends to a network terminal device including:
a display device;
a data entry device; and
a processor in communication with the display device and the data entry device, the processor being adapted to prompt a user via the display device to enter an identity and a password via the data entry device, to transmit this information to a server and to receive instructions from the server to authenticate the user or not.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 shows a block diagram of one example of a system in which the invention may be implemented; and
Figure 2 is a flowchart showing one example of authenticating a user of network terminal device.
DESCRIPTION OF PREFERRED EMBODIMENTS
Referring to Figure 1 , a network terminal device in the form of an automatic teller machine (ATM) 10 allows a client of a financial institution to withdraw money, transfer funds from one client account to another, pay bills, obtain, pay beneficiaries, obtain an account balance and obtain a transaction history, for example.
These machines come in different forms depending on the financial institution they are associated with, if any, and the manufacturer of the machine.
These machines are sometimes referred to as self-service terminals and sometimes the machines also have other functionality, sometimes even being operated by an operator.
For example, certain point of sale devices at retail stores are able to connect to a server of a financial institution to conduct transactions. These may include withdrawal of cash from the point of sale device and may also include payment for goods on credit or debit at the point of sale device.
Thus, the phrase automatic teller machine is used in this specification in a very general sense.
In any event, the ATM 10 is connected to a server 12 by means of a network 14.
The server 12 may be a server operated by a financial institution or may be a server connected via another network to a second server 16 of the financial institution.
The server 12 and/or 16 includes a machine readable media typically in the form of a processor wherein when instructions are executed on the processor these cause the processor to implement one or more of the methodologies described below.
The server 12 and/or 16 will also typically include a memory for storing information thereon. Alternatively, the memory may take the form of a database to which the server is connected and on which the information is stored.
The information will be information including details of client accounts with the financial institution, for example.
Software executing on the server 12 enables the authentication of a user of the ATM.
The user authentication process to allow cardless banking can either be initiated at the ATM 10 or using the client's communications device 18. Both of these scenarios will be described below.
In either case, an identification of a client's communications device 18 is linked to a client account with a financial institution. The client's communications device 18 is typically a mobile telephone.
Describing first the user authentication process which is initiated at the ATM 10, a client wishing to transact at an ATM can approach the ATM and select a cardless banking option.
The client will be prompted to enter an identification which in one example may be their communications device identification number. As discussed above, this could be a Mobile Subscriber ISDN Number (MSISDN) or more typically the mobile telephone number dialed locally such as 083 123 4567.
The identification entered may be another form of identification such as an identification of the user or an identification of a financial transaction.
In any event, the request is transmitted to the server 12.
Thus, a request to authenticate a user and thereby to allow the user to conduct a financial transaction on a client account is received at server 12, the request including an identity which may be of the user's communications device 18.
This identity is compared at the server 12 with the identification of the client's communications device 18 which was previously linked to the client account with the financial institution.
A password for the financial transaction is generated by server 12 and the password is transmitted to the mobile communications device 18 identified in the request received.
The password will typically be transmitted using the Short Message Service (SMS) or Multimedia Message Service (MMS), but other methodologies may be used to transmit the password to the mobile communication device 18 over the network 14.
In one example, the password transmitted to the mobile communications device 18 is only valid for a single use and for a predetermined period of time. In addition, the password may be unique.
The client will now have received the password on their communications device 18 and the ATM will prompt the client to enter the password.
This password entered into the ATM 10 is transmitted to server 12 via the network 14 and the server uses the password to authenticate the user.
If the password received from the ATM 10 matches the password transmitted to the mobile communications device then the user is authenticated and allowed to proceed with one or more financial transactions using the ATM.
As mentioned above, the financial transaction may include withdrawing money, transferring funds from one user account to another, paying a bill, paying a beneficiary and obtaining information about the account or about previous transactions on the account, for example.
In another embodiment, the client could initiate the process using the client communications device 18.
A menu of financial transactions is accessed using the mobile communications device. The menu could either be stored locally on the mobile communication device with some software downloaded onto a processor of the mobile communications device. Alternatively, the menu could be located on the server 12 and accessed via the communications network using, for example, the Wireless Application Protocol (WAP).
In this embodiment, the client conducts the entire transaction on the client's communications device 18. This includes transaction specific information and the client's Personal Identification Number (PIN) associated with the client profile. For example, the client initiates a withdrawal request, enters the amount to withdraw, the account from which to withdraw and the PIN associated with their profile into the communications device 18. The communication device transmits the request over the network 14 or another network (not shown), which is received by the financial institution's server 12.
In response to receiving the request for the financial transaction, the server 12 will process the request and transmit a random password valid for a predefined period to the communications device 18 which password can then be used at the ATM.
The client now approaches the ATM and selects a cardless banking option.
The ATM is adapted to prompt a user via the display device to enter an identity, which may be the identity of a communications device or the identity of a financial transaction and the password sent to the client's communication device. This information is received from the client and transmitted to the server 12.
If the password received from the ATM 10 matches the password transmitted to the mobile communications device then the user is authenticated.
In the described example, the authenticated user will result in the ATM dispensing the required amount of cash to the client.
It will be appreciated that a difference between examples described above is the point of transaction selection. In some instances, the complete transaction is conducted on the customer's communications device and the ATM is used purely to conclude the transaction, e.g. the dispensing of cash (typically withdrawals). In other instances, a random password is requested in isolation without a bounded transaction request. The transaction selection takes place at the network terminal device as per standard ATM processing and the client experience after authentication is exactly as per card initiated transaction processing.
It will be appreciated that the ATM will need to be modified for the present invention and will typically include a display device, a data entry device and a processor in communication with the display device and the data entry device.
The processor is adapted to prompt a user via the display device to enter an identity and a password via the data entry device, to transmit this information to a server and to receive instructions from the server to authenticate a user or not.