US20190287109A1 - Method and apparatus for facilitating performing payment option aggregation utilizing an automated authentication engine - Google Patents

Method and apparatus for facilitating performing payment option aggregation utilizing an automated authentication engine Download PDF

Info

Publication number
US20190287109A1
US20190287109A1 US15/424,596 US201715424596A US2019287109A1 US 20190287109 A1 US20190287109 A1 US 20190287109A1 US 201715424596 A US201715424596 A US 201715424596A US 2019287109 A1 US2019287109 A1 US 2019287109A1
Authority
US
United States
Prior art keywords
payment
entities
user
identification information
identifying information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US15/424,596
Inventor
Wendell Brown
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Averon US Inc
Original Assignee
Averon US Inc
CloudWear Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Averon US Inc, CloudWear Inc filed Critical Averon US Inc
Priority to US15/424,596 priority Critical patent/US20190287109A1/en
Assigned to AVERON US, INC. reassignment AVERON US, INC. CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: Cloudwear, Inc.
Priority to US15/938,322 priority patent/US20180234418A1/en
Priority to US15/938,252 priority patent/US20180268476A1/en
Priority to US15/938,260 priority patent/US20180232740A1/en
Priority to US15/938,276 priority patent/US20180232718A1/en
Priority to US15/938,240 priority patent/US20180225671A1/en
Priority to US15/938,191 priority patent/US20180229689A1/en
Priority to US15/938,226 priority patent/US20180232514A1/en
Priority to US15/938,230 priority patent/US20180316670A1/en
Priority to US15/938,423 priority patent/US20180316671A1/en
Assigned to Cloudwear, Inc. reassignment Cloudwear, Inc. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BROWN, WENDELL
Publication of US20190287109A1 publication Critical patent/US20190287109A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/08Auctions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • Embodiments described herein generally relate to an improved payment or checkout process resulting in a more secure and less cumbersome process for the user.
  • embodiments described herein relate to identifying potential payment options by providing payment entities authenticated identification information, and specifically to a method, apparatus, and computer program product for receiving each of a plurality of payment options, ordering and configuring the payment options for display, and receiving selection of a payment option.
  • providing a payment typically involves collecting various information from the buyer (e.g., credit card number, expiration date of the credit card, security codes, address information, etc.) as both a means to identify the account to bill the transaction to, but also that same information often serves to confirm the user's identify, all while assuming that only the user would have additional information about the credit card to charged.
  • buyer e.g., credit card number, expiration date of the credit card, security codes, address information, etc.
  • Embodiments herein describe a process for completing transactions, such as purchasing good or services, making donations, or transferring money via, for example, an e-commerce platform, either on a mobile device, a desktop computer, or the like.
  • a system disclosed herein may provide the authenticated information to each of a plurality of payment entities (e.g., credit card companies, banks, payment processors, or the like) which, with the authenticated identification information, can perform a reverse look-up process to identify potential payment options. That is, users typically have their mobile device phone number, name, billing address, etc. associated with each of their payment accounts. After performing the reverse look-up process, each of the payment entities may determine if they have a payment option associated with the authenticated identification information. Those that do may return the payment option to the system.
  • a payment entities e.g., credit card companies, banks, payment processors, or the like
  • each of the payment entities may determine if they have a payment option associated with the authenticated identification information. Those that do may return the
  • the system may then present each of a plurality of payment options for the users, for example, in such a way that no sensitive information is displayed, but still conveying any necessary information (e.g., the credit card issuer, the last 4 digits) and, in some embodiments, any benefits that will be conferred on the user or their account if chosen (e.g., points, miles, etc.).
  • any necessary information e.g., the credit card issuer, the last 4 digits
  • any benefits that will be conferred on the user or their account if chosen e.g., points, miles, etc.
  • each of the plurality of payment entities may determine whether to return a payment option and at least a bid including a bid amount and any placement or presentation elements associated therewith (e.g., $0.05 for top placement, $0.02 for bold, etc.).
  • a payment entity may also determine a logo, a description of the payment option, a description of the benefits, etc.
  • the system may then receive payment options and any associated bids, order the payment options in accordance with the bids, and configured the payment options for display in accordance with the bids.
  • Embodiments described herein provide an improved payment process resulting in a more secure and less cumbersome process for the user.
  • a method, apparatus, and computer program product are provided for identifying potential payment options by providing payment entities authenticated identification information, receiving each of a plurality of payment options, ordering and configuring the payment options for display, and receiving selection of a payment option.
  • a method for performing payment option aggregation, the method comprising receiving, from an e-commerce platform, a request to complete a transaction, the request comprising identifying information and a transaction amount, authenticating a user utilizing the identifying information, accessing one or more payment entities using the authenticated user identifying information to identify payment options, each payment option having an associated payment method, billing address, and shipping address, providing, for display, a descriptor associated with each of a portion of the identified payment options, and receiving an indication of a selection of at least one payment option.
  • the authenticating step comprises receiving, from a first entity, an indication of a request received at the first entity to access an account from a device associated with a user, the indication comprising at least one instance of first device identification information of at least one device having authorization to access the account, providing a network address to the first entity, the network address configured to be sent to the device from the first entity, receiving, from a second entity, second device identification information, the second device identification information determined upon the device accessing to the network address, performing a real-time comparison between the first device identification information and second device identification information, and prompting the first entity to grant the device access to the account if a match is detected between the first device identification information and second device identification information.
  • the transaction is at least one of a purchase, transfer, or a donation.
  • the method may further comprise determining a subset of one or more payment entities from which to solicit payment options.
  • the descriptor does not include a credit card number.
  • the subset of one or more payment entities from which to solicit payment options comprise predetermined set of one or more credit card companies, payment processors, or banks, each member of the subset of one or more payment entities from which to solicit payment options configured to identify known and authorized payment accounts associated with the identifying information.
  • the method may further comprise, subsequent to determining the one or more payment entities from which to solicit payment options, providing the determined one or more payment entities with the device identifying information and the transaction amount, and receiving a bid amount from a subset of the determined one or more payment entities, the bid amount indicative of a bid amount each of the one or more payment entities would be willing to pay for placement.
  • the method may further comprise, subsequent to determining the one or more payment entities from which to solicit payment options, providing the determined one or more payment entities with the device identifying information and the transaction amount, and receiving an indication of one or more benefits with which to display in conjunction with an indication of the payment option during placement.
  • the method may further comprise a pre-processing step of opting-in at one or more payment processors, each having one or more associated payment methods, and a pre-processing step of using the frictionless 2FA process to log into e-commerce platform.
  • a computer program product may be provided for performing payment option aggregation, the computer program product comprising at least one non-transitory computer-readable storage medium having computer-executable program code instructions stored therein, the computer-executable program code instructions comprising program code instructions for receiving, from an e-commerce platform, a request to complete a transaction, the request comprising identifying information and a transaction amount, authenticating a user utilizing the identifying information, accessing one or more payment entities using the authenticated user identifying information to identify payment options, each payment option having an associated payment method, billing address, and shipping address, providing, for display, a descriptor associated with each of a portion of the identified payment options, and receiving an indication of a selection of at least one payment option.
  • the authenticating step comprises receiving, from a first entity, an indication of a request received at the first entity to access an account from a device associated with a user, the indication comprising at least one instance of first device identification information of at least one device having authorization to access the account, providing a network address to the first entity, the network address configured to be sent to the device from the first entity, receiving, from a second entity, second device identification information, the second device identification information determined upon the device accessing to the network address, performing a real-time comparison between the first device identification information and second device identification information, and prompting the first entity to grant the device access to the account if a match is detected between the first device identification information and second device identification information.
  • the transaction is at least one of a purchase, transfer, or a donation.
  • the computer-executable program code instructions further comprise program code instructions for determining a subset of one or more payment entities from which to solicit payment options.
  • the descriptor does not include a credit card number.
  • the subset of one or more payment entities from which to solicit payment options comprise predetermined set of one or more credit card companies, payment processors, or banks, each member of the subset of one or more payment entities from which to solicit payment options configured to identify known and authorized payment accounts associated with the identifying information.
  • the computer-executable program code instructions further comprise program code instructions for subsequent to determining the one or more payment entities from which to solicit payment options, providing the determined one or more payment entities with the device identifying information and the transaction amount, and receiving a bid amount from a subset of the determined one or more payment entities, the bid amount indicative of a bid amount each of the one or more payment entities would be willing to pay for placement.
  • the computer-executable program code instructions further comprise program code instructions for subsequent to determining the one or more payment entities from which to solicit payment options, providing the determined one or more payment entities with the device identifying information and the transaction amount, and receiving an indication of one or more benefits with which to display in conjunction with an indication of the payment option during placement.
  • the computer-executable program code instructions further comprise program code instructions for a pre-processing step of opting-in at one or more payment processors, each having one or more associated payment methods, and a pre-processing step of using the frictionless 2FA process to log into e-commerce platform.
  • an apparatus for performing payment option aggregation, the apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the processor, cause the apparatus to at least receive, from an e-commerce platform, a request to complete a transaction, the request comprising identifying information and a transaction amount, authenticate a user utilizing the identifying information, accessing one or more payment entities using the authenticated user identifying information to identify payment options, each payment option having an associated payment method, billing address, and shipping address, provide, for display, a descriptor associated with each of a portion of the identified payment options, and receive an indication of a selection of at least one payment option.
  • the authentication comprises receiving, from a first entity, an indication of a request received at the first entity to access an account from a device associated with a user, the indication comprising at least one instance of first device identification information of at least one device having authorization to access the account, providing a network address to the first entity, the network address configured to be sent to the device from the first entity, receiving, from a second entity, second device identification information, the second device identification information determined upon the device accessing to the network address, performing a real-time comparison between the first device identification information and second device identification information, and prompting the first entity to grant the device access to the account if a match is detected between the first device identification information and second device identification information.
  • the transaction is at least one of a purchase, transfer, or a donation.
  • the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to determine a subset of one or more payment entities from which to solicit payment options.
  • the descriptor does not include a credit card number.
  • the subset of one or more payment entities from which to solicit payment options comprise predetermined set of one or more credit card companies, payment processors, or banks, each member of the subset of one or more payment entities from which to solicit payment options configured to identify known and authorized payment accounts associated with the identifying information.
  • the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to subsequent to determining the one or more payment entities from which to solicit payment options, provide the determined one or more payment entities with the device identifying information and the transaction amount, and receive a bid amount from a subset of the determined one or more payment entities, the bid amount indicative of a bid amount each of the one or more payment entities would be willing to pay for placement.
  • the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to subsequent to determining the one or more payment entities from which to solicit payment options, provide the determined one or more payment entities with the device identifying information and the transaction amount, and receiving an indication of one or more benefits with which to display in conjunction with an indication of the payment option during placement.
  • the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to perform a pre-processing step of opting-in at one or more payment processors, each having one or more associated payment methods, and perform a pre-processing step of using the frictionless 2FA process to log into e-commerce platform.
  • an apparatus for performing payment option aggregation, the apparatus comprising means for receiving, from an e-commerce platform, a request to complete a transaction, the request comprising identifying information and a transaction amount, means for authenticating a user utilizing the identifying information, means for accessing one or more payment entities using the authenticated user identifying information to identify payment options, each payment option having an associated payment method, billing address, and shipping address, means for providing, for display, a descriptor associated with each of a portion of the identified payment options, and means for receiving an indication of a selection of at least one payment option.
  • the means for authenticating comprises means for receiving, from a first entity, an indication of a request received at the first entity to access an account from a device associated with a user, the indication comprising at least one instance of first device identification information of at least one device having authorization to access the account, means for providing a network address to the first entity, the network address configured to be sent to the device from the first entity, means for receiving, from a second entity, second device identification information, the second device identification information determined upon the device accessing to the network address, means for performing a real-time comparison between the first device identification information and second device identification information, and means for prompting the first entity to grant the device access to the account if a match is detected between the first device identification information and second device identification information.
  • FIG. 1 is a block diagram of a system that may be specifically configured in accordance with an example embodiment of the present invention
  • FIG. 2 is a block diagram of an apparatus that may be specifically configured in accordance with an example embodiment of the present invention
  • FIGS. 3, 4A, and 4B are data flow diagrams, each showing an exemplary operation of an example system in accordance with an embodiment of the present invention
  • FIGS. 5, 6A, and 6B depict flowcharts, each showing an exemplary method of operating an example apparatus in accordance with an embodiment of the present invention
  • FIG. 7 is data flow diagram showing an exemplary operation of an example system in accordance with an embodiment of the present invention.
  • FIG. 8 depicts a flowchart showing an exemplary method of operating an example apparatus in accordance with an embodiment of the present invention
  • FIG. 9 is data flow diagram showing an exemplary operation of an example system in accordance with an embodiment of the present invention.
  • FIG. 10 depicts a flowchart showing an exemplary method of operating an example apparatus in accordance with an embodiment of the present invention.
  • data As used herein, the terms “data,” “content,” “information,” and similar terms may be used interchangeably to refer to data capable of being transmitted, received, and/or stored in accordance with embodiments of the present invention. Thus, use of any such terms should not be taken to limit the spirit and scope of embodiments of the present invention.
  • a computing device is described herein to receive data from another computing device
  • the data may be received directly from the another computing device or may be received indirectly via one or more intermediary computing devices, such as, for example, one or more servers, relays, routers, network access points, base stations, hosts, and/or the like, sometimes referred to herein as a “network.”
  • intermediary computing devices such as, for example, one or more servers, relays, routers, network access points, base stations, hosts, and/or the like, sometimes referred to herein as a “network.”
  • the data may be sent directly to the another computing device or may be sent indirectly via one or more intermediary computing devices, such as, for example, one or more servers, relays, routers, network access points, base stations, hosts, and/or the like.
  • device identification information refers to any information that may identify a computing device.
  • device identification information may refer to a user's subscriberlD, which may be similar or the same as a mobile device's phone number/CallerID number, the mobile device's phone number, the mobile device's callerlD number, International Mobile Equipment Identity (IMEI)/unique serial number (ICCID) data, network-based, MAC addresses, billing record's modem certificate, DOCSIS hub/Media Access Layer routing assignments, Cable modem's certificate, device serial number, etc., Intel vPro and Trusted Platform Module key, or the like.
  • IMEI International Mobile Equipment Identity
  • ICCID uniform resource indicator
  • MAC addresses billing record's modem certificate
  • DOCSIS hub/Media Access Layer routing assignments Cable modem's certificate
  • device serial number etc.
  • Intel vPro and Trusted Platform Module key or the like.
  • Device identification information may be stored, transmitted, and/or received, in some embodiments, in a hashed, one-way hashed, encrypted, digitally signed, using public/private key encryption or other means of encrypting, or other similar algorithms (e.g., for system/customer/bank/wireless network/other privacy or other reasons) data form.
  • a “network provider” as used herein may be, for example, wireless network provider (e.g., Verizon, AT&T, T-Mobile, etc.) which may have data such as a user's name, billing address, equipment installation address, birthdate, tower routing/router information to the user's wireless device (e.g., mobile phone), IP WAN address, IP LAN address, IP DMZ info, wireless device equipment information (serial number, certificate number, model number, IMEI number etc.), and other information, that it could similarly supply to a third-party.
  • wireless network provider e.g., Verizon, AT&T, T-Mobile, etc.
  • data such as a user's name, billing address, equipment installation address, birthdate, tower routing/router information to the user's wireless device (e.g., mobile phone), IP WAN address, IP LAN address, IP DMZ info, wireless device equipment information (serial number, certificate number, model number, IMEI number etc.), and other information, that it could similarly supply to
  • a “network provider” may be, for example, in those embodiments in which a user may access the internet through a wired connection (e.g., via cable, DSL, any non-wireless-phone-carrier means such as via a satellite dish system), a wired network provider.
  • a user's cable company for example—cox cable
  • a “secured system” as used herein may refer to, for example, any organization, person, company, government, or other entity seeking to provide a secure data environment, including, for example, a bank, an e-commerce company, an entertainment company, an IOT device/company, (IOT meaning internet of things), a fintech company, a social web company, a file storage company, or the like.
  • a “match” may be detected, determined, and/or reported in, for example, a binary form or a more granular form (e.g., a score, for example, ranging from 0-100 or the like).
  • Methods, apparatuses, and computer program products of the present invention may be embodied by any of a variety of devices.
  • the method, apparatus, and computer program product of an example embodiment may be embodied by a networked device, such as a server or other network entity, configured to communicate with one or more devices, such as one or more user devices, network operators/providers, and providers of secured platforms, and payment systems (e.g., banking systems, payment systems, e-commerce platforms, IoT devices, IoT device company or any other organization, person, company, government, or other entity such as a fintech company, a social web platform or company, a file storage platform or company.).
  • a networked device such as a server or other network entity
  • payment systems e.g., banking systems, payment systems, e-commerce platforms, IoT devices, IoT device company or any other organization, person, company, government, or other entity such as a fintech company, a social web platform or company, a file storage platform or company.
  • the networked device may include fixed computing devices, such as a personal computer or a computer workstation.
  • example embodiments may be embodied by any of a variety of mobile terminals, such as a portable digital assistant (PDA), mobile telephone, smartphone, laptop computer, tablet computer, or any combination of the aforementioned devices.
  • PDA portable digital assistant
  • FIG. 1 shows an example computing system within which embodiments of the present invention may operate.
  • authentication service 102 which may comprise server 114 and database 116 , may be operable to receive first device identification information from secured system 104 indicative of, for example, a user or a device having pre-authorized access to secured system 104 , receive second device identification information indicative of the actual user or device attempting to gain access to the secured system 104 , compare the first and second device identification information, and in an instance in which they match, prompt the secured system 104 to allow access.
  • Authentication service 102 may be embodied by, for example, a web server, a cloud server, a Linux or LAMP server stack, a windows server, a mobile device, and be connected to the internet, wireless communication infrastructure, and associated routers and other related devices
  • the server 114 may be embodied as a single computer or multiple computers and may provide for authenticating user and/or device access to secured systems 104 A- 104 N.
  • Database 116 may be embodied as a data storage device such as a Network Attached Storage (NAS) device or devices, or as a separate database server or servers.
  • Database 116 includes information accessed and stored by the server 114 to facilitate the operations of the authentication service 102 .
  • NAS Network Attached Storage
  • users operating, for example, user devices 108 A- 108 N may access or attempt to access secured systems 104 A- 104 N via a network 112 (e.g., the internet, or the like).
  • the data traffic may be routed through or otherwise be managed by the network provider 110 A- 110 N.
  • the secured systems 104 A- 104 N may access the authentication service 102 via network 112 to, for example, authenticate the user and/or device attempting to access the system.
  • user devices 108 A- 108 N and/or secured systems 104 A- 104 N may access or attempt to access, via a network 112 , payment systems 106 A- 106 N.
  • the user devices 108 A- 108 N may be any computing device as known in the art and operated by a user. Electronic data received by secured systems 104 A- 104 N, payment systems 106 A- 106 N, or the network provider 110 A- 110 N from the user devices 108 A- 108 N may be provided in various forms and via various methods.
  • the user devices 108 A- 108 N may include mobile devices, such as laptop computers, smartphones, netbooks, tablet computers, wearable devices (e.g., electronic watches, wrist bands, glasses, etc.), and the like. Such mobile devices may provide requests or search queries to or otherwise attempt to access secured system 104 .
  • a user device 108 A- 108 N is a mobile device, such as a smart phone or tablet
  • the user device 108 A- 108 N may execute an “app” or “user application” to interact with secured systems 104 A- 104 N, payment systems 106 A- 106 N and/or network provider 110 A- 110 N.
  • apps are typically designed to execute on mobile devices, such as tablets or smartphones, without the use of a browser.
  • an app may be provided that executes on mobile device operating systems such as Apple Inc.'s iOS®, Alphabet Inc.'s Android®, or Microsoft Corp.'s Windows 10®.
  • These platforms typically provide frameworks that allow apps to communicate with one another and with particular hardware and software components of mobile devices.
  • the mobile operating systems named above each provide frameworks for interacting with location services circuitry, wired and wireless network interfaces, user contacts, and other applications in a manner that allows for improved interactions between apps while also preserving the privacy and security of users.
  • a mobile operating system may also provide for improved communication interfaces for interacting with external devices (e.g., home and/or or automobile security and/or automation systems, navigation systems, and the like).
  • APIs application programming interfaces
  • user devices 108 A- 108 N may interact through the secured systems 104 A- 104 N and/or payment systems 106 A- 106 N via a web browser.
  • the user devices 108 A- 108 N may include various hardware or firmware designed to interface with the one or more secured systems 104 A- 104 N and/or payment systems 106 A- 106 N (e.g., where the user devices 108 A- 108 N is a purpose-built device offered for the primary purpose of communicating with secured systems 104 A- 104 N and/or payment systems 106 A- 106 N, such as a store kiosk).
  • System 100 supports communications between user devices 108 A- 108 N and the secured systems 104 A- 104 N and/or payment systems 106 A- 106 N, via network 112 . While the system 100 may support communication via 5G, an Long Term Evolution (LTE) or LTE-Advanced (LTE-A) network, some embodiments may also support communications between the user devices 108 A- 108 N and the secured system 104 including those configured in accordance with wideband code division multiple access (W-CDMA), CDMA2000, global system for mobile communications (GSM), general packet radio service (GPRS), the IEEE 802.11 standard including, for example, the IEEE 802.11ah or 802.11ac standard or other newer amendments of the standard, wireless local access network (WLAN), Worldwide Interoperability for Microwave Access (WiMAX) protocols, universal mobile telecommunications systems (UMTS) terrestrial radio access network (UTRAN) and/or the like, as well as other standards, for example, with respect to multi-domain networks
  • W-CDMA wideband code division
  • Secured systems 104 A- 104 N and/or payment systems 106 A- 106 N may be embodied by any of a variety of network entities, such as, for example, a server or the like.
  • the network entities may include mobile telephones, smart phones, portable digital assistants (PDAs), desktop computers, laptop computers, tablet computers any of numerous other hand held or portable communication devices, computation devices, content generation devices, content consumption devices, (e.g., mobile media player, a virtual reality device, a mixed reality device, a wearable device, a virtual machine, a cloud-based device or combinations thereof), Internet of Thing (IoT) devices, sensors, meters, or the like.
  • PDAs portable digital assistants
  • desktop computers laptop computers
  • tablet computers any of numerous other hand held or portable communication devices
  • computation devices e.g., mobile media player, a virtual reality device, a mixed reality device, a wearable device, a virtual machine, a cloud-based device or combinations thereof
  • IoT Internet of Thing
  • the IoT devices, sensors, and/or meters may be deployed in a variety of different applications including in home and/or automobile security and/or automation applications to serve, for example, in environmental monitoring applications, in industrial process automation applications, vehicular or transportation automation application, in healthcare and fitness applications, in building automation and control applications and/or in temperature sensing applications.
  • the authentication service 102 and/or server 114 may be embodied as or otherwise include an apparatus 200 that is specifically configured to perform the functions of the respective device, as generically represented by the block diagram of FIG. 2 . While the apparatus may be employed, for example, as shown in FIG. 2 , it should be noted that the components, devices or elements described below may not be mandatory and thus some may be omitted in certain embodiments. Additionally, some embodiments may include further or different components, devices or elements beyond those shown and described herein.
  • authentication service 102 or server 112 may include or be associated with an apparatus 200 as shown in FIG. 2 .
  • the apparatus may include or otherwise be in communication with a processor 202 , a memory device 2044 , a communication interface 206 , a user interface 208 , and comparison module 30 .
  • a processor 202 may include or otherwise be in communication with a processor 202 , a memory device 2044 , a communication interface 206 , a user interface 208 , and comparison module 30 .
  • devices or elements are shown as being in communication with each other, hereinafter such devices or elements should be considered to be capable of being embodied within the same device or element and thus, devices or elements shown in communication should be understood to alternatively be portions of the same device or element.
  • the processor 202 may be in communication with the memory device 204 via a bus for passing information among components of the apparatus.
  • the memory device may include, for example, one or more volatile and/or non-volatile memories.
  • the memory device may be an electronic storage device (for example, a computer readable storage medium) comprising gates configured to store data (for example, bits) that may be retrievable by a machine (for example, a computing device like the processor).
  • the memory device may be configured to store information, data, content, applications, instructions, or the like for enabling the apparatus 200 to carry out various functions in accordance with an example embodiment of the present invention.
  • the memory device could be configured to buffer input data for processing by the processor. Additionally or alternatively, the memory device could be configured to store instructions for execution by the processor.
  • the apparatus 200 may be embodied by authentication service 102 or server 114 configured to employ one or more example embodiments of the present invention.
  • the apparatus may be embodied as a chip or chip set.
  • the apparatus may comprise one or more physical packages (for example, chips) including materials, components and/or wires on a structural assembly (for example, a baseboard).
  • the structural assembly may provide physical strength, conservation of size, and/or limitation of electrical interaction for component circuitry included thereon.
  • the apparatus may therefore, in some cases, be configured to implement an embodiment of the present invention on a single chip or as a single “system on a chip.”
  • a chip or chipset may constitute means for performing one or more operations for providing the functionalities described herein.
  • the processor 202 may be embodied in a number of different ways.
  • the processor may be embodied as one or more of various hardware processing means such as a coprocessor, a microprocessor, a controller, a digital signal processor (DSP), a processing element with or without an accompanying DSP, or various other processing circuitry including integrated circuits such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), a microcontroller unit (MCU), a hardware accelerator, a special-purpose computer chip, or the like.
  • the processor may include one or more processing cores configured to perform independently.
  • a multi-core processor may enable multiprocessing within a single physical package.
  • the processor may include one or more processors configured in tandem via the bus to enable independent execution of instructions, pipelining and/or multithreading.
  • the processor 202 may be configured to execute instructions stored in the memory device 204 or otherwise accessible to the processor.
  • the processor may be configured to execute hard coded functionality.
  • the processor may represent an entity (for example, physically embodied in circuitry) capable of performing operations according to an embodiment of the present invention while configured accordingly.
  • the processor when the processor is embodied as an ASIC, FPGA or the like, the processor may be specifically configured hardware for conducting the operations described herein.
  • the processor when the processor is embodied as an executor of software instructions, the instructions may specifically configure the processor to perform the algorithms and/or operations described herein when the instructions are executed.
  • the processor may be a processor of a specific device configured to employ an embodiment of the present invention by further configuration of the processor by instructions for performing the algorithms and/or operations described herein.
  • the processor may include, among other things, a clock, an arithmetic logic unit (ALU) and logic gates configured to support operation of the processor.
  • the processor may also include user interface circuitry configured to control at least some functions of one or more elements of the user interface 208 .
  • the communication interface 206 may be any means such as a device or circuitry embodied in either hardware or a combination of hardware and software that is configured to receive and/or transmit data.
  • the communication interface 206 may include, for example, an antenna (or multiple antennas) and supporting hardware and/or software for enabling communications wirelessly.
  • the communication interface may include the circuitry for interacting with the antenna(s) to cause transmission of signals via the antenna(s) or to handle receipt of signals received via the antenna(s).
  • the communications interface may be configured to communicate wirelessly with wearable device (e.g., head mounted displays), such as via Wi-Fi, Bluetooth or other wireless communications techniques.
  • the communication interface may alternatively or also support wired communication.
  • the communication interface may include a communication modem and/or other hardware/software for supporting communication via cable, digital subscriber line (DSL), universal serial bus (USB) or other mechanisms.
  • the communication interface may be configured to communicate via wired communication with other components of the computing device.
  • the user interface 208 may be in communication with the processor 202 , such as the user interface circuitry, to receive an indication of a user input and/or to provide an audible, visual, mechanical, or other output to a user.
  • the user interface may include, for example, a keyboard, a mouse, a joystick, a display, a touch screen display, a microphone, a speaker, and/or other input/output mechanisms.
  • a display may refer to display on a screen, on a wall, on glasses (for example, near-eye-display), in the air, etc.
  • the user interface may also be in communication with the memory 204 and/or the communication interface 206 , such as via a bus.
  • FIG. 3 depicts an example data flow 300 illustrating interactions between a user device, for example, a user device 302 such as one of user devices 108 A- 108 N, a secured system 304 such as one of Secured systems 104 A- 104 N, a network provider 306 such as one of network providers 110 A- 110 N and authentication system 102 .
  • the data flow 300 illustrates how electronic information may be passed among various systems in accordance with embodiments of the present invention.
  • user device 350 transmits data (e.g., a page request) or, for example in some embodiments, launches an API, attempting to access secured system 360 .
  • data e.g., a page request
  • an API e.g., a program that executes the application.
  • a login page is provided and a user, operating user device, at step 306 , provides login credentials.
  • login credentials are saved and the providing of the login credentials requires no instant input from the user.
  • the secured system requiring two-factor authentication, then at step 308 requests authentication of the user device by providing an authentication request and, for example first device identification information to the authentication service 380 .
  • the first device identification information may comprise one or more phone numbers for each of one or more user devices having pre-authorized access to the secured system. For example, when registering or at a previous login, a user may provide a list of authorized devices and/or device identification information of authorized devices, giving them access to the account.
  • the system in an effort to determine the identification information of the user device that is currently attempting access to the secured system may perform one or more of a number of processes.
  • the system may be configured to direct the user device to a destination where the identification information may be determined, detected, identified, or otherwise accessed.
  • the user device may be provided with a URL to ping, an app to which to connect, or the like.
  • the destination may be received from, in some embodiments, the secured system, while in other embodiments, the destination may be received from authentication service.
  • the destination may be provided directly to the user device, to a browser executing thereon, to an app executing there, via an API call, via a bot, by sending an SMS message thereby requiring a click, via a notification from an app, or any other form of, for example, user-to-machine electronic communication.
  • the authentication service 380 may, for example, at step 310 request a network address and at step 312 receive the network address, the network address, for example, may be a URL or the like configured to be passed to the secured system or directly to the user device, for the user device to ping or otherwise access.
  • the authentication service provides the network address to the secured system and at step 316 , the network address is provided to the user device.
  • the user device pings or otherwise access the network address, where, for example, the network provider, at step 320 , receives, reads, extracts, or otherwise determines the device identification information, for example, from a packet header.
  • a user device may store or otherwise be associated with identification information.
  • a subscriber identification module SIM
  • Universal Subscriber Identity Module USIM
  • R-UIM Removable User Identity Module
  • CDMA Subscriber Identity Module CDMA Subscriber Identity Module
  • SIM subscriber identification module
  • UICCID unique serial number
  • IMSI international mobile subscriber identity
  • the SIM card as referred to herein, may be a mini, micro, nano, virtual, or emdedded(e) SIM.
  • the network provider provides and the authentication service receives the second device identification information, which indicates the device identification information of the device attempting to access secured system 360 .
  • the authentication service may be configured to perform a different process for two-factor authentication where, for example, the authentication service, utilizing the first identification information provides a code or the like to the user device, and the request the user to provide, via the user device, the code (e.g., input into the app or browser) to the secured system, for example, which may have the authentication session open.
  • the authentication service compares the first device identification information and the second device identification information.
  • the first device identification information as received from the secured system and/or the second device identification information as received from the network provider may be raw, tokenized, hashed, or otherwise transcoded, for example, for security reasons.
  • the comparison may first involve, for example, decoding the device identification information and comparing raw data or comparing transcoded information.
  • the comparison may also involve, in some embodiments, normalization of the device identification information.
  • the first identification information may be in a convenient format, for example, for input or display within the user's online account—which may or may not include elements such as punctuation (e.g., dashes, parentheses, brackets, or the like), country codes, spaces, etc. the comparison may simply ignore such elements, strip the elements, or otherwise clean the data, etc.
  • punctuation e.g., dashes, parentheses, brackets, or the like
  • the comparison may simply ignore such elements, strip the elements, or otherwise clean the data, etc.
  • the second device identification information may be passed to the secured system at the initial request—enabling the secured system to pass data, for example, the data packet header, which may be tokenized, hashed, or otherwise transcoded, to the authentication system with or after the first device identification information.
  • the authentication service 380 may authenticate and/or prompt the secured system to authenticate or grant access to the user device.
  • the secured system may then, at step 328 , grant access to the user device.
  • the authentication service 380 may notify and/or prompt the secured system indicating its inability to authenticate.
  • the secured system may then, at step 332 , deny access to the user device.
  • FIG. 4A depicts an example data flow 400 illustrating interactions between a user device, for example, a user device 302 such as one of user devices 108 A- 108 N, a secured system 304 such as one of secured systems 104 A- 104 N, a network provider 306 such as one of network providers 110 A- 110 N and authentication system 102 .
  • the data flow 300 illustrates how electronic information may be passed among various systems in accordance with embodiments of the present invention, and in particular, FIG. 4 shows how the use of biometric data may augment or otherwise aid in the authentication process of FIG. 3 .
  • the secured system and/or the authentication service may be configured to perform additional authentication. While in other embodiments, the secured system and/or the authentication service may be configured to perform authentication using both the frictionless two-factor authentication shown in FIG. 3 as well as biometric data. That is, in an instance in which both the frictionless two-factor authentication shown in FIG. 3 as well as biometric data are used in parallel, the secured system may be configured to provide, at step 308 , for example, biometric data of one or more users having been previously authorized to access the system. In other embodiments, for example, as shown in FIG. 4A , biometric data may be provided upon the determination that the first device identification information matches the second device identification information.
  • the authentication service may request the biometric data of the user operating the device currently attempting to access the secured system, and at step 415 , that biometric data is received. Subsequently, at step 420 , the authentication service may be configured to determine whether the previously registered biometric data and current biometric data match.
  • the authentication service may authenticate and/or prompt the secured system to authenticate or grant access to the user device.
  • the secured system may then, at step 430 , grant access to the user device.
  • the authentication service 380 may notify and/or prompt the secured system that the match as not made. The secured system may then deny access to the secured system.
  • FIG. 4B depicts an example data flow 400 illustrating interactions between a user device, for example, a user device 302 such as one of user devices 108 A- 108 N, a secured system 304 such as one of secured systems 104 A- 104 N, a network provider 306 such as one of network providers 110 A- 110 N and authentication system 102 .
  • the data flow 300 illustrates how electronic information may be passed among various systems in accordance with embodiments of the present invention, and in particular, FIG. 4 shows how the use of location data may augment or otherwise aid in the authentication process of FIG. 3 .
  • the secured system and/or the authentication service may be configured to perform additional authentication.
  • the secured system and/or the authentication service may be configured to perform authentication using both the frictionless two-factor authentication shown in FIG. 3 as well as location data.
  • the secured system may be configured to provide, at step 308 for example, location data of one or more users having been previously authorized to access the system.
  • location data may be provided upon the determination that the first device identification information matches the second device identification information.
  • the network provider may be configured to provide, for example, at step 322 , location data of the user device currently attempting to access the secured system. Similar to the device identification information, the user device, for example, within a data packet header or the like, may provide location information to the network provider, while in other embodiments, the network provider may determine the location, within a particular variance, based on where the connection is made. In other embodiments, for example, as shown in FIG. 4B , location data may be provided upon the determination that the first device identification information matches the second device identification information.
  • the authentication service may request and receive the location data of one or more users having been previously authorized to access the secured system.
  • the authentication service may request and, at step 465 , receive, from the network provider, the location data of the user device currently attempting to access the secured system.
  • the authentication service may request from the user device, and, at step 475 , receive, from the user device, the location data of the user device currently attempting to access the secured system.
  • the authentication service may be configured to determine whether the previously registered location data and current location data match.
  • the authentication service may authenticate and/or prompt the secured system to authenticate or grant access to the user device.
  • the secured system may then, at step 490 , grant access to the user device.
  • the authentication service 380 may notify and/or prompt the secured system that the match as not made. The secured system may then deny access to the secured system.
  • apparatus 200 may be configured to perform frictionless two-factor authentication.
  • FIGS. 5, 6A, and 6B illustrate exemplary processes for determining whether to authenticate a user device, prompting the approval or denial of access to an account.
  • FIG. 5 illustrates a flow diagram depicting an example of a process 500 for authenticating a device in accordance with embodiments of the present invention.
  • the process illustrates how, upon reception of the authentication request, an authentication system or an API related thereto may receive identification information of devices having previously given authorization to access a secured system (e.g., a banking account) and identification information of a device currently attempting to access the secured system, and upon reception, performing a real-time match to determine whether to prompt the secured system to allow access.
  • the process 500 may be performed by an apparatus, such as the apparatus 200 described above with respect to FIG. 2 .
  • a first entity may receive the login credentials to an account.
  • the first entity opens an authentication session, for example, via an API provided by the authentication service.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive, from a first entity, an indication of a request.
  • the request is or was received at the first entity, to access an account from a device associated with a user.
  • the indication of the request, as received at the authentication service may comprise at least one instance of first device identification information of at least one user and/or device having authorization to access the account.
  • a user may provide their bank or online banking platform with a list of one or more phone numbers (e.g., their cellular phone number).
  • a user may provide a list of users (e.g., their first and last names or the like) authorized to access an account.
  • the first entity may provide one or more instances of device identification information in their possession indicative of users or devices having authorized access.
  • the authentication service upon receiving the indication of the request to access the secured system, may initiate a process in which it determines the device identification information of the device currently attempting to access the account.
  • the authentication service may provide the first entity or the device, directly, with a URL to ping.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to transmit, to a second entity, a request for a network address and as shown in block 515 of FIG. 5 , the apparatus, for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive, from the second entity, the network address.
  • the authentication service may then, as described above, transmit the network address to the first entity or directly to the device.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to provide the network address to the first entity.
  • the network address may be configured to be sent to the device from the first entity.
  • the network provider may detect, determine or otherwise identify, for example, device identification information of the device currently attempting to access the account and then transmit the device identification information to the authentication service.
  • the authentication receives that information, in particular, for example, a subscriberlD (e.g., a phone number) and/or, in some embodiments, other information, as described above, that the network provider may have associated with the device (e g, name on account, billing address, or the like). Accordingly, as shown in block 525 of FIG.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive, from a second entity, second device identification information.
  • the second device identification information may be determined upon the device pinging or otherwise accessing or attempting to the network address.
  • the format of the information may vary.
  • the first identification information may comprise, as described above, punctuation, spaces, etc.
  • the second device identification information may be in a same or different format. Therefore, in some embodiments, the authentication may “clean” or normalize the device identification information, for example, to aid in the comparison of the first identification information to the second identification information.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to normalize the data.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to perform a real-time comparison between the first device identification information and second device identification information.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to prompt the first entity to grant the device access to the account. That is, where a match is detected, the authentication service may determine that device attempting to access the account is, in fact, authorized to access the account, and may notify the secured system.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to prompt the first entity to deny the device access to the account. That is, where a match is not detected, the authentication service may not determine that device attempting to access the account is, in fact, authorized to access the account, and may notify the secured system inasmuch.
  • the authentication service may report a binary result (e.g., match/no match). As described above, in some embodiments, however, the authentication service may report more granular results, such as, for example, a confidence level. For example, where the phone number of a device attempting to access the account does not match a pre-authorized phone number, the authentication service may see that identification information (e.g., a name on the account) matches a name to which the phone number of the device attempting the account is registered. As such, a binary result may be that of no match, a more granular result may provide the secured system with confidence to allow access or, in some embodiments, prompt for more information.
  • a binary result e.g., match/no match
  • the authentication service may report more granular results, such as, for example, a confidence level. For example, where the phone number of a device attempting to access the account does not match a pre-authorized phone number, the authentication service may see that identification information (e.g., a name on
  • the first device identification information may comprise each of a plurality of data elements such as, for example, a phone number, a name, and a location (GPS related, a billing address, or the like).
  • the second device identification information for example, received from the network provider after the device pings the provided network address, may provide a subset of the data elements included in the first device identification information.
  • the authentication service may calculate a non-binary result upon making the comparison of the first device identification information and the second device identification information.
  • FIGS. 6A and 6B illustrate flow diagrams depicting example processes 600 and 650 , respectively, for authenticating a device and a user in accordance with embodiments of the present invention.
  • the processes illustrates how, upon reception of the authentication request, an authentication service or an API related thereto may first, perform the two-factor authentication process as shown in FIG. 5 , and upon authentication of the device, authenticate the user of the device using biometric data and location data, respectively.
  • an authentication service or an API related thereto may first, perform the two-factor authentication process as shown in FIG. 5 , and upon authentication of the device, further perform authentication of the device using location data and/or the user of the device using biometric data.
  • a frictionless three-factor authentication process which may include either the frictionless two-factor authentication process of FIG. 5 and either of the processes shown in FIG. 6A or 6B .
  • a frictionless four-factor authentication process is disclosed which may include the frictionless two-factor authentication process of FIG. 5 and the processes shown in FIG. 6A or 6B , each of which may be performed in parallel or in any order.
  • FIG. 6A illustrates a flow diagram depicting an example of a process 600 for authenticating a device and a user in accordance with embodiments of the present invention.
  • the process illustrates how, upon reception of the authentication request, an authentication service or an API related thereto may first, perform the two-factor authentication process as shown in FIG. 5 , and upon authentication of the device, authenticate the user of the device using biometric data.
  • the process 600 may be performed by an apparatus, such as the apparatus 200 described above with respect to FIG. 2 .
  • the process of FIG. 6A may include those steps of FIG. 5 , for example, as shown in blocks 505 - 530 , related to receiving
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to perform a real-time comparison between the first device identification information and second device identification information.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to prompt or request the first entity for biometric data.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive, from a first entity, with the indication of a request, received at the first entity, to access an account from a device associated with a user, first biometric data, the first biometric data captured at the device.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive second biometric data, the second biometric data being data associated with users having been granted authorized access to the account. For example, a user may have registered his fingerprint at account set up or any previous time of access.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to normalize the biometric data.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to perform a real-time comparison between the first biometric data and the second biometric data.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to prompt the first entity to grant the device access to the account.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to prompt the first entity to deny the device access to the account.
  • FIG. 6B illustrates a flow diagram depicting an example of a process 650 for authenticating a device and a user in accordance with embodiments of the present invention.
  • the process illustrates how, upon reception of the authentication request, an authentication service or an API related thereto may first, perform the two-factor authentication process as shown in FIG. 5 , and upon authentication of the device, authenticate the user of the device using location data.
  • the process 600 may be performed by an apparatus, such as the apparatus 200 described above with respect to FIG. 2 .
  • the process of FIG. 6B may include those steps of FIG. 5 , for example, as shown in blocks 505 - 530 , related to receiving the first device identification information and second device identification information. Subsequently, as shown in block 535 of FIG. 5 , an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to perform a real-time comparison between the first device identification information and second device identification information.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to prompt or request the first entity for location data.
  • the process of FIG. 6B may include those steps of FIG. 6A , for example, as shown in blocks 605 - 635 , related to receiving the first biometric data and second biometric data.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to prompt or request the first entity for location data.
  • the apparatus may be configured for further authenticating access using location.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive, from a first entity, with the indication of a request, received at the first entity, to access an account from a device associated with a user, first location data.
  • the first location data may be captured at the device and/or, in some embodiments, captured from the network provider (e.g., via triangulation, connections to a cellular base station having a known location and a radius, connection to a Wi-Fi access point, connection via Bluetooth, ZigBee or the like).
  • the network provider e.g., via triangulation, connections to a cellular base station having a known location and a radius, connection to a Wi-Fi access point, connection via Bluetooth, ZigBee or the like.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive second location data, the second location data being data associated with users having been granted authorized access to the account.
  • a user may have registered his address (e.g., home address, work address, or the like) at account set up or any previous time of access.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to normalize the location data.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to perform a real-time comparison between the first location data and the second location data.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to prompt the first entity to grant the device access to the account.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to prompt the first entity to deny the device access to the account.
  • an apparatus or computer program product may be provided to implement or execute a method, process, or algorithm for facilitating frictionless two-factor authentication in the attempted access to an IoT device such as, for example, (i) a security system (e.g., a physical lock outfitted with an embodiment of the present invention) protecting or otherwise controlling access to a home, apartment, a hotel room, an automobile, storage unit, safe, lock (e.g., bike lock, case lock, briefcase lock, luggage lock, or the like), etc., (ii) an automation system (e.g., a system configured for controlling an automobile, one or more various switches in a power or dam system), or (iii) a ticketing system.
  • a security system e.g., a physical lock outfitted with an embodiment of the present invention
  • an automation system e.g., a system configured for controlling an automobile, one or more various switches in a power or dam system
  • a ticketing system e.g., a ticketing system.
  • the user for example, operating a user device with a mobile app installed thereon with a particular purpose (e.g., accessing security system such as the lock on their car) opens the app, which may or may not require login credentials. Once logged in, the user may then send a command to the security or automation system. The command serves as the request to access. As such, as described with regard to FIG. 5 , the authentication service receives the indication of the request.
  • a particular purpose e.g., accessing security system such as the lock on their car
  • the process may continue as above.
  • the user device sends the command to, for example, the secured system (e.g., an IoT device configured for unlocking your), the authentication service receives the indication of the request, the user device pings a network address, and the authentication service is provided with device identification information indicating the user device currently attempting to access the security system.
  • the secured system e.g., an IoT device configured for unlocking your
  • the authentication service receives the indication of the request
  • the user device pings a network address
  • the authentication service is provided with device identification information indicating the user device currently attempting to access the security system.
  • the lock opens by, in one instance where the security system is remote, the security system sending a signal to the lock instructing it to open, or in an instance in which the security system is local, instructing the lock to open.
  • the authentication service may be configured to further authenticate by confirming the ownership of the device via biometric data and/or proximity via location data.
  • a user device which may typically have access to a cellular network or wireless cable network, does not, temporarily or permanently, have access to the cellular network or the wireless cable network.
  • a local proximity network may be used using, for example, local proximity network signals.
  • the security system may receive the command (e.g., a request to access), which when using local proximity network signals (e.g., Bluetooth, Near-field radio signals, RF signals, etc.) does provide device identification information (i.e. a Bluetooth connection is only established by the requesting device identifying itself) and initiate an authentication session with the authentication service, for example, locally.
  • local proximity network signals e.g., Bluetooth, Near-field radio signals, RF signals, etc.
  • the security system in providing the indication of the request, provides both the device identification information provided by the device attempting access provided in establishing the Bluetooth connection and locally stored device identification information.
  • the authentication service compares the first device identification information and second device identification information as described above, and prompts the security system as described above. As such, even with no “outside” connection, the frictionless two-factor authentication system described herein may operate.
  • a ticketing system upon sale or re-sale of a ticket, embodiments of the present invention may be used to confirm authenticity of the ticket and owner combination.
  • a ticketing system may enable resale of a ticket (e.g., a season ticket hold is unable to make a game and sells the ticket).
  • a user having offered the ticket for sale, received, and accepted an offer may send a command to the ticketing system, for example, configured to enable their collection of the payment and transfer of the ticket.
  • the ticketing system may open an authentication session with the authentication service and provide the authentications service with the user device information of the user device known to having last purchased the ticket (e.g., the first device identification information).
  • the user device pings to network address, and the network provider provides, to the authentication service, the device identification information of the device currently attempting to access the ticketing system (e.g., the second device identification information).
  • the authentication service may prompt the ticketing system to complete the transaction—whereas, in an instance in which there is no match (the device identification information of the device attempting to sell a ticket does not match the device identification information of the device having last purchased the ticket), the authentication service prompts the ticketing system to deny the transaction.
  • a user device may present a ticket to a ticket collection device/kiosk connected to the ticketing system, the presentment of the ticket being the request to access.
  • the ticketing system (or the ticket collection device/kiosk) may initiate an authentication session with the authentication service. Again, the authentication service is provided with the indication of the request the device identification information of the user device having last purchased the ticket (e.g., the first device identification information).
  • the ticketing system may then prompt the user device to ping a network address, the user device pings to network address, and the network provider provides, to the authentication service, the device identification information of the device currently attempting to access the ticketing system (e.g., the second device identification information).
  • the authentication service may prompt the ticketing system to allow entry—whereas, in an instance in which there is no match (the device identification information of the device attempting to utilize the ticket for entrance does not match the device identification information of the device having last purchased the ticket), the authentication service prompts the ticketing system to deny entry.
  • the authentication service may be configured to determine, detect, identify, or otherwise access one or more databases with information able to correlate that information the secured system does provide (e.g., the registration information, such as name and address) with the second device identification information.
  • a user operating a user device initiates a process to open an account. Some amount of registration information is necessary.
  • the secured system may then initiate an authentication session with the authentication service and, provide the registration information, with the indication of the request.
  • the user device pings the network address and the authentication service receives the second device identification information.
  • authentication service 102 embodied by, for example, apparatus 200 may be configured to perform an improved payment or checkout process resulting in a more secure and easier process for the user.
  • FIGS. 7-10 illustrate exemplary processes for identifying potential payment options and determining which payment options to present, and causing placement of the payment options.
  • FIG. 7 shows a flowchart depicting an exemplary payment process 700 in accordance with embodiments of the present invention.
  • the process shows how, upon reception of a request, an authentication service or an API related thereto may identify potential payment options and present some or all of those payment options to a user.
  • the process 700 may be performed by an apparatus, such as the apparatus 200 described above with respect to FIG. 2 .
  • a user operating for example, a user device, as described above, such as a mobile phone or a computer, may indicate a readiness to remit payment, for example, in exchange for a product (e.g., goods or services), as a donation (e.g., to a charity), as a one-way transfer of money, bill payment, etc.
  • the secured system may open a session, for example, by calling an API or the like, requesting payment options.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive a request to complete a transaction.
  • the request may comprise identification information and a transaction amount.
  • the transaction may be any of a purchase, a transfer, or a donation.
  • a user's selection of a “checkout” or “complete transaction” icon may cause the secured system to open the session and transmit the request
  • a voice command indicative of a desire to complete a transaction, or a motion indicative of a desire to complete the transaction may cause the secured system to open the session and transmit the request.
  • the act of clicking or otherwise selecting media e.g., audio, video, or the like
  • consuming media e.g., listening to an audio file such as a podcast, advertisement, or the like, or watching a video, etc.
  • the secured system may open an authentication session in advance, to authenticate the user and/or user device (as described above), or the authentication session may, first include the authentication, as described above, and then the payment process, as being described.
  • authentication may not be performed or may be performed via conventional processes (e.g., logging in, conventional two-factor authentication, or the like).
  • the authenticated identification information (e.g., a mobile phone number) may then be sent to one or more payment entities (e.g., credit card companies, processors, or similar including by not limited to American Express, VISA, MasterCard, Discover, PayPal, Venmo, Amazon payments, etc., their affiliated or member banks (e.g., Capital One, Citibank, etc.), or related processors (Rocky Mountain Bank, First Credit), credit rating agencies (Experian, etc.)), for the purpose of determining or identifying one or more payment options.
  • payment entities e.g., credit card companies, processors, or similar including by not limited to American Express, VISA, MasterCard, Discover, PayPal, Venmo, Amazon payments, etc., their affiliated or member banks (e.g., Capital One, Citibank, etc.), or related processors (Rocky Mountain Bank, First Credit), credit rating agencies (Experian, etc.)
  • payment entities e.g., credit card companies, processors, or similar including by not limited to American Express, VISA, MasterCard, Discover, PayPal
  • any of the above described payment entities may be configured to perform a search/reverse index to collect and present various user's known payment accounts that are associated with the provided authenticated identification information (e.g., the mobile phone number) and/or associated information (e.g., the social security number of the user having the provided mobile phone number).
  • the provided authenticated identification information e.g., the mobile phone number
  • associated information e.g., the social security number of the user having the provided mobile phone number
  • his credit card information could be identified or detected (e.g., reversed indexed) by means of presenting various entities with the user's mobile phone number or other identifying means.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to provide a request for a payment option to each of one or more payment entities.
  • the request may comprise authenticated identifying information and a transaction amount.
  • the request may comprise the identification information and the transaction amount, wherein the payment entity is configured to authenticate the identification information.
  • the authenticated identification information may be encrypted, tokenized, hashed, or otherwise transcoded to minimize fraud.
  • a set or subset of payment entities may be queried, in real-time, by providing those payment entities with the user's authenticated identification information, such that each payment entity may then return to a checkout or payment offer.
  • a payment entity may check that the user or account associated with the identification information has sufficient credit available prior to providing a response to the request for a checkout/payment offer.
  • an extension or granting of additional credit may be considered prior to extending a payment option for the transaction.
  • the payment entity may open an authentication session with authentication service, or in other embodiments, may perform another type of authentication of the user and/or user device.
  • the request may comprise a time limit in which to provide a response.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive one or more payment options.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to provide, for display, a descriptor associated with each of a portion of the identified payment options. For example, a graphical icon, which may be pre-selected or otherwise associated with the payment options may be presented on the display of the use device.
  • a display of a graphic or icon may be displayed with, for example, next to the payment offer, and in some embodiments, along with an identification of the user's particular credit card (e.g., “xx1234” displaying only the last four digits of the card so the user can identify the credit card), a picture or pseudo picture of the user's credit card, or other information about this particular account (e.g., remaining credit available, etc.).
  • a graphic or icon e.g., MasterCard logo, Capital One bank logo, etc.
  • an identification of the user's particular credit card e.g., “xx1234” displaying only the last four digits of the card so the user can identify the credit card
  • a picture or pseudo picture of the user's credit card e.g., remaining credit available, etc.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive an indication of a selection of at least one payment option.
  • FIG. 8 depicts an example data flow 800 illustrating interactions between a user device, for example, a user device such as one of user devices 108 A- 108 N, a secured system such as one of secured systems 104 A- 104 N, a network provider such as one of network providers 110 A- 110 N and Payment option aggregation system, embodied by for example, authentication system 102 .
  • the data flow 800 illustrates how electronic information may be passed among various systems in accordance with embodiments of the present invention.
  • user device transmits data (e.g., a page request) or, for example in some embodiments, launches an API, attempting to access secured system.
  • data e.g., a page request
  • a login page is provided and a user, operating user device, at step 806 , provides login credentials.
  • login credentials are saved and the providing of the login credentials requires no instant input from the user.
  • the secured system may require two-factor authentication, and as such, not shown, but in accordance with either conventional two-factor authentication or in accordance with the frictionless two-factor authentication shown above, may authenticate the user and/or user device. That is at step 808 , the secured system may provide device information needing authentication and at step 810 , the Payment option aggregation system may, for example, using the frictionless two-factor authentication process shown above, authenticate the user and/or device. Subsequently or in parallel with providing the authentication request, the secured system may provide a request for payment options.
  • the Payment option aggregation service may, for example, at step 812 then request from one or more payment entities, payment options.
  • each of a plurality of payment entities may provide one or more payment options, which are received at the Payment option aggregation system.
  • the Payment option aggregation system orders the payment options and configures some portion of the received payment options for display/presentment to the user device.
  • the user device displays one or more payment options to the user.
  • the user may provide a selection, and as such, at step 820 , the secured system receives the selection of a payment option.
  • the Payment option aggregation system receives an indication of the selection and, at step 824 , provides a notification to the selected payment entity.
  • FIG. 9 shows a flowchart depicting an exemplary payment process 900 in accordance with embodiments of the present invention.
  • the process shows how, upon reception of a request, an authentication service or an API related thereto may identify potential payment options, request bids from each, and present some or all of those payment options to a user in accordance with the bids.
  • the process 900 may be performed by an apparatus, such as the apparatus 200 described above with respect to FIG. 2 .
  • a user operating for example, a user device, such as a mobile phone or a computer, may indicate a readiness to remit payment to a secured system, for example, in exchange for a product (e.g., goods or services), as a donation, as an exchange of currency, etc.
  • the secured system may open a session, for example, by calling an API or the like, requesting payment options.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive a request to complete a transaction, the request comprising identifying information and a transaction amount.
  • a user's selection of a “checkout” or “complete transaction” icon may cause the secured system to open the session and transmit the request
  • a voice command indicative of a desire to complete a transaction, or a motion indicative of a desire to complete the transaction may cause the secured system to open the session and transmit the request.
  • the act of clicking or otherwise selecting media e.g., audio, video, or the like
  • consuming media e.g., listening to an audio file such as a podcast, advertisement, or the like, or watching a video, etc.
  • the secured system may open an authentication session in advance, to authenticate the user and/or user device, as described above in figures above.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to perform an authentication process. That is, in some embodiments, the authentication service may receive first and second identification information and perform a comparison. In some embodiments, the authentication service may further utilize biometric data and/or location data to perform the authentication of the user and/or user device.
  • the apparatus may determine which payment entities will be queried. Though, in some embodiments, each of a plurality of payment entities are queried. Some factors for determining which payment entities are queried include geography, instructions from the user and/or user device and/or the secured system. Accordingly, as shown in block 915 of FIG. 9 , an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to determine a subset of one or more payment entities from which to solicit payment options.
  • a request may then be provided.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to provide a request for payment option to each of one or more payment entities.
  • the request may comprise the authenticated identification information and a transaction amount.
  • authenticated identification information e.g., a mobile phone number
  • authentication may be requested by the payment entity, the payment entity having location data (e.g., a billing address, etc.) stored therein.
  • location data e.g., a billing address, etc.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive a request to authenticate from the payment entity using location data provided by payment entity.
  • a payment entity e.g., a payment processor
  • the request may further comprise an indication of a time period in which the request is open. That is, while the process happens in real-time, or near real-time, a request may be open for 5 ms, 10 ms, or the like. Any response received after the time period is expired may be ignored.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive one or more payment options.
  • a payment entity may provide a bid for a particular presentation characteristic element (e.g., to appear in bold type face), while it may place a different bid for a different presentation characteristic element (e.g., for placement priority—to be listed at the top of the list).
  • the bid may be determined, authorized by, or provided from the payment entity, for example, with the payment option, or, in some embodiments, from a third-party indirectly (e.g., an ad network, ad resellers, bundlers, or the like).
  • various information may be utilized.
  • the system may provide data (e.g., enabling a bidder to determine an appropriate bid) including but not limited to the transaction amount, identity of the buyer, actual or estimated buyer's credit rating, location of the buyer, historical transaction data for this particular buyer, user's device type, user's carrier information (e.g., prepaid/postpaid), user's communication preferences, or the like.
  • data e.g., enabling a bidder to determine an appropriate bid
  • data including but not limited to the transaction amount, identity of the buyer, actual or estimated buyer's credit rating, location of the buyer, historical transaction data for this particular buyer, user's device type, user's carrier information (e.g., prepaid/postpaid), user's communication preferences, or the like.
  • other loyalty or benefits e.g., earn 567 airline miles for this purchase
  • a payment entity may bid to pay a computed fee to compete for real-time placement, for example, for this particular user, for this particular transaction, such that this payment entity will be shown in a preferential position (e.g., top), or presented in a preferential way (e.g., in time, displayed only first for the first 5 seconds, visual format) as a means for this payment entity to bid to increase the likelihood that this user, for this transaction, will select this payment means.
  • a payment entity may bid to pay a computed fee to compete for real-time placement, for example, for this particular user, for this particular transaction, such that this payment entity will be shown in a preferential position (e.g., top), or presented in a preferential way (e.g., in time, displayed only first for the first 5 seconds, visual format) as a means for this payment entity to bid to increase the likelihood that this user, for this transaction, will select this payment means.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive a bid amount from a subset of the determined one or more payment entities, the bid amount indicative of a bid amount each of the one or more payment entities would be willing to pay for placement.
  • the apparatus may be further configured to provide one or more bid amount, each associated with a presentation characteristic element. That is, the payment entity may provide a bid amount for the presentation characteristic element of being the top placed payment options, a second bid amount for the presentation characteristic element of being the second placed payment option, a different bid amount for the presentation characteristic element of being presented in a bold font, etc.
  • the payment entities may also provide information indication of one or more benefits (e.g., points, miles, etc.) Accordingly, as shown in block 940 of FIG. 9 , an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive an indication of one or more benefits with which to display in conjunction with an indication of the payment option during placement. In some embodiments, a payment option's interest rate or other charges or fees (e.g. 0% interest for all purchase for 12 months) may be displayed. Payment entities may elect dynamic incentives (0% interest for 12 months, no interest for 90 days, etc.) depending upon the individual user's characteristics.
  • benefits e.g., points, miles, etc.
  • the apparatus may be configured to receive and consider one or more bids, determine a presentation order (e.g., in position order, time order, visual impact order, audio order, etc.) for example, in accordance with the received bid amounts. For example, a first payment entity may bid $0.25 for this user for this transaction, while a second payment entity may bid $0.10 for this user for this transaction, thus the first payment entity may be listed first (e.g., in time, placement visual impact, etc.) in preference over the lesser-bidding payment entities.
  • a secured system may elect to supplement the bid-for-placement bid, for example if a merchant wants to encourage users to utilize a particular payment options.
  • the presentation order of payment options is ordered based on the bid amounts (e.g., from high-bid to low-bid).
  • the presentation order may be ordered based on additional inputs such as the user's prior choices, other user's choices for this merchant, other buyer's choices in this geographic area, time, user demographic, age, or other related inputs.
  • payment offers may be presented, then later re-ordered, in various times (later received bids are presented later).
  • all received payment options are presented, while in other embodiments, only a limited number (e.g., only the first of a number of payment options) are presented.
  • payment options may be displayed in a default currency, while in other embodiments, the type of currency may be a presentation characteristic element.
  • a user's default ship-to information (e.g., as associated with the payment entity), may also be displayed to the user, then provided to the secured system (e.g., the merchant) both making it less effort (e.g., no need to type in their ship-to address), while also making it safer (e.g., less fraud since items can only be shipped to pre-authorized ship-to locations).
  • the secured system e.g., the merchant
  • one or more pre-authorized ship-to locations may be displayed, and the buyer (e.g., with one or more touches) may select both a payment offer and a ship-to address.
  • buyer information (e.g., credit card information, ship-to addresses, etc.) may be stored by a payment entity.
  • one or more data fields may be stored by different databases (e.g., one payment entity may authorize any ship-to address associated with the user, on another database (e.g., a second payment entity), or in a ship-to address associated with this user on a public or private block chain.
  • one payment entity may authorize any ship-to address associated with the user, on another database (e.g., a second payment entity), or in a ship-to address associated with this user on a public or private block chain.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to determine which payment options to display, a presentation order, associated presentation character elements, and provide, for display, a descriptor associated with each of a portion of the identified payment options.
  • a user may then “single click” an on offer to accept it.
  • a user may “hover” (e.g., mouse over) an offer to see additional information about that offer.
  • a user may “touch” (e.g., on a mobile or other touch-sensitive device) an offer to see additional information about that offer.
  • a user may “touch lightly” (e.g., on a mobile or other touch-sensitive device) an offer to see additional information about that offer, then “touch harder” to accept that offer, which requires a touch display that can sense different levels of touch force.
  • an apparatus for example, apparatus 200 embodied by, for example, authentication service 102 , server 114 , or the like, may be configured to receive an indication of a selection of at least one payment option.
  • FIG. 10 depicts an example data flow 1000 illustrating interactions between a user device, for example, a user device such as one of user devices 108 A- 108 N, a secured system such as one of secured systems 104 A- 104 N, a network provider such as one of network providers 110 A- 110 N and multi-element bidding system, embodied by for example, authentication system 102 .
  • the data flow 1000 illustrates how electronic information may be passed among various systems in accordance with embodiments of the present invention.
  • user device transmits data (e.g., a page request) or, for example in some embodiments, launches an API, attempting to access secured system.
  • data e.g., a page request
  • a login page is provided and a user, operating user device, at step 1006 , provides login credentials.
  • login credentials are saved and the providing of the login credentials requires no instant input from the user.
  • the secured system may require two-factor authentication, and as such, not shown, but in accordance with either conventional two-factor authentication or in accordance with the frictionless two-factor authentication shown above, may authenticate the user and/or user device. That is at step 1008 , the secured system may provide device information needing authentication and at step 1010 , the multi-element bidding system may, for example, using the frictionless two-factor authentication process shown above, authenticate the user and/or device. Subsequently or in parallel with providing the authentication request, the secured system may provide a request for payment options.
  • the multi-element bidding system service may, for example, at step 1012 then request from one or more payment entities, payment options.
  • Each of a plurality of payment entities may then, as shown at step 1014 determine a bid amount, for example, as a function of the user, user device, transaction amount, merchant, etc.
  • Each of one or more payment entities may further determine any specific placement instructions, character elements (e.g., bold), or the like to place a bid for.
  • each of a plurality of payment entities may provide one or more payment options and bids, which are received at the multi-element bidding system.
  • the multi-element bidding system orders the payment options and configures some portion of the received payment options for display/presentment to the user device.
  • the user device displays one or more payment options to the user.
  • the user may provide a selection, and as such, at step 1022 , the secured system receives the selection of a payment option.
  • the multi-element bidding system receives an indication of the selection and, at step 1026 , provides a notification to the selected payment entity.
  • the Payment option aggregation and/or multi-element bidding service disclosed herein may be embodied by a mobile or desktop app, the app configured to provide a checkout/payment option (e.g., payment options may be paid placement, as described above). The user may then select one from the one or more payment options, the payment options sorted/ordered by method of paid placement.
  • a checkout/payment option e.g., payment options may be paid placement, as described above.
  • the payment “page” may be driven by embodiments disclosed herein (e.g., configured to identify device identification information, such as for example, a mobile ID number, which reverse-indexes into one or more credit card databases, to then present a compiled and filtered and then presented to the user in an order, for example, in the paid placement bid order, etc.).
  • device identification information such as for example, a mobile ID number, which reverse-indexes into one or more credit card databases, to then present a compiled and filtered and then presented to the user in an order, for example, in the paid placement bid order, etc.
  • the Payment option aggregation and/or multi-element bidding service disclosed herein may be embodied by a web browser. For example, a user may navigate to a website, then to a checkout/payment page, the payment page driven by embodiment described herein, and the payment options may then be presented as described above.
  • the Payment option aggregation and/or multi-element bidding service disclosed herein may be embodied by a mobile or desktop app, the app configured to include a media player, where media presents audio data (e.g., audio ads played before an audio media selected is played before a podcast, before a song, etc., video ads played before/after/during a video played on the YouTube app), thus the transaction checkout page may be presented in association with the media player.
  • media e.g., audio ads played before an audio media selected is played before a podcast, before a song, etc., video ads played before/after/during a video played on the YouTube app
  • a pre-roll video ad could be played before a YouTube video selection, and the ad might be for example to donate $5 to the Red Cross video, played on the YouTube app.
  • the multi-element bidding service disclosed herein may be implemented such that the user can quickly and easily checkout (e.g., in this case, donate $5 to the Red Cross after seeing a 30-second Red Cross video), thus in this embodiment the invention is embodied by and/or coupled with a media player (e.g., the YouTube app), and the request is made by an action by the user consuming the media content, which then results in receiving the payment options such that the user is immediately presented (e.g., in response to a desire to donate to the red cross), with a pre-filtered, sorted, ordered list of that user's individual payment options (which were associated, resulted from, the media play).
  • a media player e.g., the YouTube app
  • Media may include video, audio, etc. Accordingly, a user may quickly and easily transact (e.g., donate, buy, or the like) in association with consumed media (e.g., a viewed video, audio, a video ad, an audio ad, an infomercial, etc.).
  • embodiments described herein may be utilized where “payment/checkout process” is entirely in audio form. For example, while a user may be listening to a podcast, or a radio, or watching a TV commercial, their pre-authenticated, pre-populated, pre-sorted payment choices may be provided in audio form (e.g., “read out loud” to the user), and selections may be received via voice. In particular, a user may hear checkout payment options via audio (“Do you wish to pay using your default credit and pre-authenticated credit card American Express ending in x1234?”) and may respond by confirming (e.g., “Yes”).
  • the “payment/checkout process” may be entirely in audio form, in association with a phone call.
  • a user may call a restaurant to order a pizza, and, in accordance with embodiments of the present invention, payment options are identified and subsequently provided in an audio format (e.g., “read out loud”). That is, pre-authenticated, pre-populated, pre-sorted payment options are provided via audio, and the selection of a preferred payment options is received via a voice command.
  • an audio format e.g., “read out loud”. That is, pre-authenticated, pre-populated, pre-sorted payment options are provided via audio, and the selection of a preferred payment options is received via a voice command.
  • the selection of the pre-authenticated, pre-populated, pre-sorted presented payment options may be received via a keypad or touch pad input, or in other embodiments, via voice command.
  • the selection of the pre-authenticated, pre-populated, pre-sorted presented payment options may be received via a motion using, for example, a body or body part, detected by a motion sensor on a wearable device (e.g., a VR headset), a wrist motion, an eye motion (e.g., detected with an eye sensor), an eye stare, an eye flick, etc.
  • a motion sensor on a wearable device e.g., a VR headset
  • an eye motion e.g., detected with an eye sensor
  • an eye stare e.g., an eye flick, etc.
  • FIGS. 3, 4A, 4B, 5, 6A, 6B, and 7-10 show data flows or flowcharts (hereinafter, flowcharts) of the exemplary operations performed by a method, apparatus and computer program product in accordance with embodiments of the present invention.
  • flowcharts data flows or flowcharts (hereinafter, flowcharts) of the exemplary operations performed by a method, apparatus and computer program product in accordance with embodiments of the present invention.
  • each block of the flowcharts, and combinations of blocks in the flowcharts may be implemented by various means, such as hardware, firmware, processor, circuitry and/or other device associated with execution of software including one or more computer program instructions.
  • one or more of the procedures described above may be embodied by computer program instructions.
  • the computer program instructions which embody the procedures described above may be stored by a memory 26 of an apparatus employing an embodiment of the present invention and executed by a processor 24 in the apparatus.
  • any such computer program instructions may be loaded onto a computer or other programmable apparatus (for example, hardware) to produce a machine, such that the resulting computer or other programmable apparatus provides for implementation of the functions specified in the flowchart block(s).
  • These computer program instructions may also be stored in a non-transitory computer-readable storage memory that may direct a computer or other programmable apparatus to function in a particular manner, such that the instructions stored in the computer-readable storage memory produce an article of manufacture, the execution of which implements the function specified in the flowchart block(s).
  • the computer program instructions may also be loaded onto a computer or other programmable apparatus to cause a series of operations to be performed on the computer or other programmable apparatus to produce a computer-implemented process such that the instructions which execute on the computer or other programmable apparatus provide operations for implementing the functions specified in the flowchart block(s).
  • the operations of FIGS. 3, 4A, 4B, 5, 6A, 6B, and 7-10 when executed, convert a computer or processing circuitry into a particular machine configured to perform an example embodiment of the present invention.
  • the operations of FIGS. 3, 4A, 4B, 5, 6A, 6B, and 7-10 define an algorithm for configuring a computer or processing to perform an example embodiment.
  • a general purpose computer may be provided with an instance of the processor which performs the algorithms of FIGS. 3, 4A, 4B, 5, 6A, 6B, and 7-10 to transform the general purpose computer into a particular machine configured to perform an example embodiment.
  • blocks of the flowchart support combinations of means for performing the specified functions and combinations of operations for performing the specified functions. It will also be understood that one or more blocks of the flowcharts, and combinations of blocks in the flowcharts, can be implemented by special purpose hardware-based computer systems which perform the specified functions, or combinations of special purpose hardware and computer instructions.
  • certain ones of the operations herein may be unnecessary, modified or further amplified. It should be appreciated that each of the modifications, optional operations or amplifications may be included with the operations either alone or in combination with any others among the features described herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method, apparatus and computer program products are provided for performing payment option aggregation. One example method includes receiving, from an e-commerce platform, a request to complete a transaction, the request comprising identifying information and a transaction amount, authenticating a user utilizing the identifying information, accessing one or more payment entities using the authenticated user identifying information to identify payment options, each payment option having an associated payment method, billing address, and shipping address, providing, for display, a descriptor associated with each of a portion of the identified payment options, and receiving an indication of a selection of at least one payment option.

Description

    CROSS REFERENCE TO RELATED APPLICATIONS
  • This application claims priority to U.S. Provisional Application No. 62/290,491, filed Feb. 3, 2016, U.S. Provisional Application No. 62/313,845, filed Mar. 28, 2016, U.S. Provisional Application No. 62/325,478, filed Apr. 21, 2016, and U.S. Provisional Application No. 62/416,210, filed Nov. 2, 2016, the entire contents of each of which are incorporated herein by reference.
  • TECHNOLOGICAL FIELD
  • Embodiments described herein generally relate to an improved payment or checkout process resulting in a more secure and less cumbersome process for the user. In particular, embodiments described herein relate to identifying potential payment options by providing payment entities authenticated identification information, and specifically to a method, apparatus, and computer program product for receiving each of a plurality of payment options, ordering and configuring the payment options for display, and receiving selection of a payment option.
  • BACKGROUND
  • Providing payment options to a user for mobile and online transactions are of increasing importance to e-commerce since the payment and checkout is often the most time-consuming and inconvenient part of making purchases online. While conventional solutions involve one of a couple solutions, including the user signing into an online account such as PayPal®, Venmo®, Visa® checkout, American Express® checkout, Google Payments®, Apple Pay®, etc., where a user has pre-associated his payment information with that account, which are often referred to a “wallet” or form-fillers, password managers, or similar solutions that “auto-complete” a form with pre-defined payment information. In either case, payment information is typically stored online or on the user's mobile device or computer.
  • Moreover, providing a payment typically involves collecting various information from the buyer (e.g., credit card number, expiration date of the credit card, security codes, address information, etc.) as both a means to identify the account to bill the transaction to, but also that same information often serves to confirm the user's identify, all while assuming that only the user would have additional information about the credit card to charged.
  • Relying on these approaches has resulted in literally billions of dollars of fraud throughout the world, as these conventional methods insufficiently authenticate the person attempting to complete the transaction as the true account owner. Even with these grossly insufficient authentication processes, users often abandon a checkout (e.g., fails to complete the purchase) due to the time and effort involving in completing the checkout process.
  • In this regard, areas for improving known, existing and/or conventional checkout processes have been identified. Through applied effort, ingenuity, and innovation, solutions to improve such systems have been realized and are described in connection with embodiments of the present invention.
  • OVERVIEW
  • Embodiments herein describe a process for completing transactions, such as purchasing good or services, making donations, or transferring money via, for example, an e-commerce platform, either on a mobile device, a desktop computer, or the like. After authentication of a device (e.g., via a two-factor authentication process, and in some cases, of the user (e.g., using biometric data), a system disclosed herein may provide the authenticated information to each of a plurality of payment entities (e.g., credit card companies, banks, payment processors, or the like) which, with the authenticated identification information, can perform a reverse look-up process to identify potential payment options. That is, users typically have their mobile device phone number, name, billing address, etc. associated with each of their payment accounts. After performing the reverse look-up process, each of the payment entities may determine if they have a payment option associated with the authenticated identification information. Those that do may return the payment option to the system.
  • The system may then present each of a plurality of payment options for the users, for example, in such a way that no sensitive information is displayed, but still conveying any necessary information (e.g., the credit card issuer, the last 4 digits) and, in some embodiments, any benefits that will be conferred on the user or their account if chosen (e.g., points, miles, etc.).
  • With this process, the user does not have to input any payment information, nor does the user device need to store any sensitive payment information. Moreover, even with a user's login credentials, a hacker cannot complete a transaction process.
  • In further embodiments, each of the plurality of payment entities may determine whether to return a payment option and at least a bid including a bid amount and any placement or presentation elements associated therewith (e.g., $0.05 for top placement, $0.02 for bold, etc.). A payment entity may also determine a logo, a description of the payment option, a description of the benefits, etc. The system may then receive payment options and any associated bids, order the payment options in accordance with the bids, and configured the payment options for display in accordance with the bids.
  • BRIEF SUMMARY
  • Embodiments described herein provide an improved payment process resulting in a more secure and less cumbersome process for the user. In particular, a method, apparatus, and computer program product are provided for identifying potential payment options by providing payment entities authenticated identification information, receiving each of a plurality of payment options, ordering and configuring the payment options for display, and receiving selection of a payment option.
  • In some embodiments, a method may be provided for performing payment option aggregation, the method comprising receiving, from an e-commerce platform, a request to complete a transaction, the request comprising identifying information and a transaction amount, authenticating a user utilizing the identifying information, accessing one or more payment entities using the authenticated user identifying information to identify payment options, each payment option having an associated payment method, billing address, and shipping address, providing, for display, a descriptor associated with each of a portion of the identified payment options, and receiving an indication of a selection of at least one payment option.
  • In some embodiments, the authenticating step comprises receiving, from a first entity, an indication of a request received at the first entity to access an account from a device associated with a user, the indication comprising at least one instance of first device identification information of at least one device having authorization to access the account, providing a network address to the first entity, the network address configured to be sent to the device from the first entity, receiving, from a second entity, second device identification information, the second device identification information determined upon the device accessing to the network address, performing a real-time comparison between the first device identification information and second device identification information, and prompting the first entity to grant the device access to the account if a match is detected between the first device identification information and second device identification information.
  • In some embodiments, the transaction is at least one of a purchase, transfer, or a donation. In some embodiments, the method may further comprise determining a subset of one or more payment entities from which to solicit payment options. In some embodiments, the descriptor does not include a credit card number.
  • In some embodiments, the subset of one or more payment entities from which to solicit payment options comprise predetermined set of one or more credit card companies, payment processors, or banks, each member of the subset of one or more payment entities from which to solicit payment options configured to identify known and authorized payment accounts associated with the identifying information. In some embodiments, the method may further comprise, subsequent to determining the one or more payment entities from which to solicit payment options, providing the determined one or more payment entities with the device identifying information and the transaction amount, and receiving a bid amount from a subset of the determined one or more payment entities, the bid amount indicative of a bid amount each of the one or more payment entities would be willing to pay for placement.
  • In some embodiments, the method may further comprise, subsequent to determining the one or more payment entities from which to solicit payment options, providing the determined one or more payment entities with the device identifying information and the transaction amount, and receiving an indication of one or more benefits with which to display in conjunction with an indication of the payment option during placement.
  • In some embodiments, the method may further comprise a pre-processing step of opting-in at one or more payment processors, each having one or more associated payment methods, and a pre-processing step of using the frictionless 2FA process to log into e-commerce platform.
  • In some embodiments, a computer program product may be provided for performing payment option aggregation, the computer program product comprising at least one non-transitory computer-readable storage medium having computer-executable program code instructions stored therein, the computer-executable program code instructions comprising program code instructions for receiving, from an e-commerce platform, a request to complete a transaction, the request comprising identifying information and a transaction amount, authenticating a user utilizing the identifying information, accessing one or more payment entities using the authenticated user identifying information to identify payment options, each payment option having an associated payment method, billing address, and shipping address, providing, for display, a descriptor associated with each of a portion of the identified payment options, and receiving an indication of a selection of at least one payment option.
  • In some embodiments, the authenticating step comprises receiving, from a first entity, an indication of a request received at the first entity to access an account from a device associated with a user, the indication comprising at least one instance of first device identification information of at least one device having authorization to access the account, providing a network address to the first entity, the network address configured to be sent to the device from the first entity, receiving, from a second entity, second device identification information, the second device identification information determined upon the device accessing to the network address, performing a real-time comparison between the first device identification information and second device identification information, and prompting the first entity to grant the device access to the account if a match is detected between the first device identification information and second device identification information.
  • In some embodiments, the transaction is at least one of a purchase, transfer, or a donation. In some embodiments, the computer-executable program code instructions further comprise program code instructions for determining a subset of one or more payment entities from which to solicit payment options. In some embodiments, the descriptor does not include a credit card number. In some embodiments, the subset of one or more payment entities from which to solicit payment options comprise predetermined set of one or more credit card companies, payment processors, or banks, each member of the subset of one or more payment entities from which to solicit payment options configured to identify known and authorized payment accounts associated with the identifying information.
  • In some embodiments, the computer-executable program code instructions further comprise program code instructions for subsequent to determining the one or more payment entities from which to solicit payment options, providing the determined one or more payment entities with the device identifying information and the transaction amount, and receiving a bid amount from a subset of the determined one or more payment entities, the bid amount indicative of a bid amount each of the one or more payment entities would be willing to pay for placement.
  • In some embodiments, the computer-executable program code instructions further comprise program code instructions for subsequent to determining the one or more payment entities from which to solicit payment options, providing the determined one or more payment entities with the device identifying information and the transaction amount, and receiving an indication of one or more benefits with which to display in conjunction with an indication of the payment option during placement.
  • In some embodiments, the computer-executable program code instructions further comprise program code instructions for a pre-processing step of opting-in at one or more payment processors, each having one or more associated payment methods, and a pre-processing step of using the frictionless 2FA process to log into e-commerce platform.
  • In some embodiments, an apparatus may be provided for performing payment option aggregation, the apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the processor, cause the apparatus to at least receive, from an e-commerce platform, a request to complete a transaction, the request comprising identifying information and a transaction amount, authenticate a user utilizing the identifying information, accessing one or more payment entities using the authenticated user identifying information to identify payment options, each payment option having an associated payment method, billing address, and shipping address, provide, for display, a descriptor associated with each of a portion of the identified payment options, and receive an indication of a selection of at least one payment option.
  • In some embodiments, the authentication comprises receiving, from a first entity, an indication of a request received at the first entity to access an account from a device associated with a user, the indication comprising at least one instance of first device identification information of at least one device having authorization to access the account, providing a network address to the first entity, the network address configured to be sent to the device from the first entity, receiving, from a second entity, second device identification information, the second device identification information determined upon the device accessing to the network address, performing a real-time comparison between the first device identification information and second device identification information, and prompting the first entity to grant the device access to the account if a match is detected between the first device identification information and second device identification information.
  • In some embodiments, the transaction is at least one of a purchase, transfer, or a donation. In some embodiments, the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to determine a subset of one or more payment entities from which to solicit payment options.
  • In some embodiments, the descriptor does not include a credit card number. In some embodiments, the subset of one or more payment entities from which to solicit payment options comprise predetermined set of one or more credit card companies, payment processors, or banks, each member of the subset of one or more payment entities from which to solicit payment options configured to identify known and authorized payment accounts associated with the identifying information.
  • In some embodiments, the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to subsequent to determining the one or more payment entities from which to solicit payment options, provide the determined one or more payment entities with the device identifying information and the transaction amount, and receive a bid amount from a subset of the determined one or more payment entities, the bid amount indicative of a bid amount each of the one or more payment entities would be willing to pay for placement.
  • In some embodiments, the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to subsequent to determining the one or more payment entities from which to solicit payment options, provide the determined one or more payment entities with the device identifying information and the transaction amount, and receiving an indication of one or more benefits with which to display in conjunction with an indication of the payment option during placement.
  • In some embodiments, the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to perform a pre-processing step of opting-in at one or more payment processors, each having one or more associated payment methods, and perform a pre-processing step of using the frictionless 2FA process to log into e-commerce platform.
  • In some embodiments, an apparatus may be provided for performing payment option aggregation, the apparatus comprising means for receiving, from an e-commerce platform, a request to complete a transaction, the request comprising identifying information and a transaction amount, means for authenticating a user utilizing the identifying information, means for accessing one or more payment entities using the authenticated user identifying information to identify payment options, each payment option having an associated payment method, billing address, and shipping address, means for providing, for display, a descriptor associated with each of a portion of the identified payment options, and means for receiving an indication of a selection of at least one payment option.
  • In some embodiments, the means for authenticating comprises means for receiving, from a first entity, an indication of a request received at the first entity to access an account from a device associated with a user, the indication comprising at least one instance of first device identification information of at least one device having authorization to access the account, means for providing a network address to the first entity, the network address configured to be sent to the device from the first entity, means for receiving, from a second entity, second device identification information, the second device identification information determined upon the device accessing to the network address, means for performing a real-time comparison between the first device identification information and second device identification information, and means for prompting the first entity to grant the device access to the account if a match is detected between the first device identification information and second device identification information.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • Having thus described embodiments of the invention in general terms, reference will now be made to the accompanying drawings, which are not necessarily drawn to scale, and wherein:
  • FIG. 1 is a block diagram of a system that may be specifically configured in accordance with an example embodiment of the present invention;
  • FIG. 2 is a block diagram of an apparatus that may be specifically configured in accordance with an example embodiment of the present invention;
  • FIGS. 3, 4A, and 4B are data flow diagrams, each showing an exemplary operation of an example system in accordance with an embodiment of the present invention;
  • FIGS. 5, 6A, and 6B depict flowcharts, each showing an exemplary method of operating an example apparatus in accordance with an embodiment of the present invention;
  • FIG. 7 is data flow diagram showing an exemplary operation of an example system in accordance with an embodiment of the present invention;
  • FIG. 8 depicts a flowchart showing an exemplary method of operating an example apparatus in accordance with an embodiment of the present invention;
  • FIG. 9 is data flow diagram showing an exemplary operation of an example system in accordance with an embodiment of the present invention; and
  • FIG. 10 depicts a flowchart showing an exemplary method of operating an example apparatus in accordance with an embodiment of the present invention.
  • DETAILED DESCRIPTION
  • Some example embodiments will now be described more fully hereinafter with reference to the accompanying drawings, in which some, but not all embodiments are shown. Indeed, the example embodiments may take many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will satisfy applicable legal requirements. Like reference numerals refer to like elements throughout.
  • As used herein, the terms “data,” “content,” “information,” and similar terms may be used interchangeably to refer to data capable of being transmitted, received, and/or stored in accordance with embodiments of the present invention. Thus, use of any such terms should not be taken to limit the spirit and scope of embodiments of the present invention. Further, where a computing device is described herein to receive data from another computing device, it will be appreciated that the data may be received directly from the another computing device or may be received indirectly via one or more intermediary computing devices, such as, for example, one or more servers, relays, routers, network access points, base stations, hosts, and/or the like, sometimes referred to herein as a “network.” Similarly, where a computing device is described herein to send data to another computing device, it will be appreciated that the data may be sent directly to the another computing device or may be sent indirectly via one or more intermediary computing devices, such as, for example, one or more servers, relays, routers, network access points, base stations, hosts, and/or the like.
  • Moreover, the term “exemplary”, as may be used herein, is not provided to convey any qualitative assessment, but instead merely to convey an illustration of an example. Thus, use of any such terms should not be taken to limit the spirit and scope of embodiments of the present invention.
  • The term “device identification information” as used herein refers to any information that may identify a computing device. For example, device identification information may refer to a user's subscriberlD, which may be similar or the same as a mobile device's phone number/CallerID number, the mobile device's phone number, the mobile device's callerlD number, International Mobile Equipment Identity (IMEI)/unique serial number (ICCID) data, network-based, MAC addresses, billing record's modem certificate, DOCSIS hub/Media Access Layer routing assignments, Cable modem's certificate, device serial number, etc., Intel vPro and Trusted Platform Module key, or the like. Device identification information may be stored, transmitted, and/or received, in some embodiments, in a hashed, one-way hashed, encrypted, digitally signed, using public/private key encryption or other means of encrypting, or other similar algorithms (e.g., for system/customer/bank/wireless network/other privacy or other reasons) data form.
  • A “network provider” as used herein may be, for example, wireless network provider (e.g., Verizon, AT&T, T-Mobile, etc.) which may have data such as a user's name, billing address, equipment installation address, birthdate, tower routing/router information to the user's wireless device (e.g., mobile phone), IP WAN address, IP LAN address, IP DMZ info, wireless device equipment information (serial number, certificate number, model number, IMEI number etc.), and other information, that it could similarly supply to a third-party.
  • Similarly, a “network provider” may be, for example, in those embodiments in which a user may access the internet through a wired connection (e.g., via cable, DSL, any non-wireless-phone-carrier means such as via a satellite dish system), a wired network provider. For example, a user's cable company (for example—cox cable) may have data such as a user's name, billing address, equipment installation address, birthdate, among other fields, cable wire routing/router information to the user's cable modem (home), IP WAN address, IP LAN address, IP DMZ info, cable modem equipment information (serial number, certificate number, model number, etc.), and other information, that it could similarly supply to a third-party.
  • A “secured system” as used herein may refer to, for example, any organization, person, company, government, or other entity seeking to provide a secure data environment, including, for example, a bank, an e-commerce company, an entertainment company, an IOT device/company, (IOT meaning internet of things), a fintech company, a social web company, a file storage company, or the like.
  • As used herein, a “match” may be detected, determined, and/or reported in, for example, a binary form or a more granular form (e.g., a score, for example, ranging from 0-100 or the like).
  • System Architecture
  • Methods, apparatuses, and computer program products of the present invention may be embodied by any of a variety of devices. For example, the method, apparatus, and computer program product of an example embodiment may be embodied by a networked device, such as a server or other network entity, configured to communicate with one or more devices, such as one or more user devices, network operators/providers, and providers of secured platforms, and payment systems (e.g., banking systems, payment systems, e-commerce platforms, IoT devices, IoT device company or any other organization, person, company, government, or other entity such as a fintech company, a social web platform or company, a file storage platform or company.). Additionally or alternatively, the networked device may include fixed computing devices, such as a personal computer or a computer workstation. Still further, example embodiments may be embodied by any of a variety of mobile terminals, such as a portable digital assistant (PDA), mobile telephone, smartphone, laptop computer, tablet computer, or any combination of the aforementioned devices.
  • In this regard, FIG. 1 shows an example computing system within which embodiments of the present invention may operate. In particular, authentication service 102, which may comprise server 114 and database 116, may be operable to receive first device identification information from secured system 104 indicative of, for example, a user or a device having pre-authorized access to secured system 104, receive second device identification information indicative of the actual user or device attempting to gain access to the secured system 104, compare the first and second device identification information, and in an instance in which they match, prompt the secured system 104 to allow access. Authentication service 102 may be embodied by, for example, a web server, a cloud server, a Linux or LAMP server stack, a windows server, a mobile device, and be connected to the internet, wireless communication infrastructure, and associated routers and other related devices
  • The server 114 may be embodied as a single computer or multiple computers and may provide for authenticating user and/or device access to secured systems 104A-104N. Database 116 may be embodied as a data storage device such as a Network Attached Storage (NAS) device or devices, or as a separate database server or servers. Database 116 includes information accessed and stored by the server 114 to facilitate the operations of the authentication service 102.
  • Returning to FIG. 1, users operating, for example, user devices 108A-108N may access or attempt to access secured systems 104A-104N via a network 112 (e.g., the internet, or the like). In some embodiments, the data traffic may be routed through or otherwise be managed by the network provider 110A-110N. The secured systems 104A-104N may access the authentication service 102 via network 112 to, for example, authenticate the user and/or device attempting to access the system. In an e-commerce embodiment, user devices 108A-108N and/or secured systems 104A-104N may access or attempt to access, via a network 112, payment systems 106A-106N.
  • The user devices 108A-108N may be any computing device as known in the art and operated by a user. Electronic data received by secured systems 104A-104N, payment systems 106A-106N, or the network provider 110A-110N from the user devices 108A-108N may be provided in various forms and via various methods. The user devices 108A-108N may include mobile devices, such as laptop computers, smartphones, netbooks, tablet computers, wearable devices (e.g., electronic watches, wrist bands, glasses, etc.), and the like. Such mobile devices may provide requests or search queries to or otherwise attempt to access secured system 104.
  • In embodiments where a user device 108A-108N is a mobile device, such as a smart phone or tablet, the user device 108A-108N may execute an “app” or “user application” to interact with secured systems 104A-104N, payment systems 106A-106N and/or network provider 110A-110N. Such apps are typically designed to execute on mobile devices, such as tablets or smartphones, without the use of a browser. For example, an app may be provided that executes on mobile device operating systems such as Apple Inc.'s iOS®, Alphabet Inc.'s Android®, or Microsoft Corp.'s Windows 10®. These platforms typically provide frameworks that allow apps to communicate with one another and with particular hardware and software components of mobile devices. For example, the mobile operating systems named above each provide frameworks for interacting with location services circuitry, wired and wireless network interfaces, user contacts, and other applications in a manner that allows for improved interactions between apps while also preserving the privacy and security of users. In some embodiments, a mobile operating system may also provide for improved communication interfaces for interacting with external devices (e.g., home and/or or automobile security and/or automation systems, navigation systems, and the like).
  • Communication with hardware and software modules executing outside of the app is typically provided via application programming interfaces (APIs) provided by the mobile device operating system.
  • Additionally or alternatively, user devices 108A-108N may interact through the secured systems 104A-104N and/or payment systems 106A-106N via a web browser. As yet another example, the user devices 108A-108N may include various hardware or firmware designed to interface with the one or more secured systems 104A-104N and/or payment systems 106A-106N (e.g., where the user devices 108A-108N is a purpose-built device offered for the primary purpose of communicating with secured systems 104A-104N and/or payment systems 106A-106N, such as a store kiosk).
  • Again, referring back to FIG. 1, System 100 supports communications between user devices 108A-108N and the secured systems 104A-104N and/or payment systems 106A-106N, via network 112. While the system 100 may support communication via 5G, an Long Term Evolution (LTE) or LTE-Advanced (LTE-A) network, some embodiments may also support communications between the user devices 108A-108N and the secured system 104 including those configured in accordance with wideband code division multiple access (W-CDMA), CDMA2000, global system for mobile communications (GSM), general packet radio service (GPRS), the IEEE 802.11 standard including, for example, the IEEE 802.11ah or 802.11ac standard or other newer amendments of the standard, wireless local access network (WLAN), Worldwide Interoperability for Microwave Access (WiMAX) protocols, universal mobile telecommunications systems (UMTS) terrestrial radio access network (UTRAN) and/or the like, as well as other standards, for example, with respect to multi-domain networks, that may include, industrial wireless communication networks such as Bluetooth, ZigBee etc. and/or the like.
  • Secured systems 104A-104N and/or payment systems 106A-106N may be embodied by any of a variety of network entities, such as, for example, a server or the like. In other embodiments, the network entities may include mobile telephones, smart phones, portable digital assistants (PDAs), desktop computers, laptop computers, tablet computers any of numerous other hand held or portable communication devices, computation devices, content generation devices, content consumption devices, (e.g., mobile media player, a virtual reality device, a mixed reality device, a wearable device, a virtual machine, a cloud-based device or combinations thereof), Internet of Thing (IoT) devices, sensors, meters, or the like.
  • For example, the IoT devices, sensors, and/or meters may be deployed in a variety of different applications including in home and/or automobile security and/or automation applications to serve, for example, in environmental monitoring applications, in industrial process automation applications, vehicular or transportation automation application, in healthcare and fitness applications, in building automation and control applications and/or in temperature sensing applications.
  • The authentication service 102 and/or server 114 may be embodied as or otherwise include an apparatus 200 that is specifically configured to perform the functions of the respective device, as generically represented by the block diagram of FIG. 2. While the apparatus may be employed, for example, as shown in FIG. 2, it should be noted that the components, devices or elements described below may not be mandatory and thus some may be omitted in certain embodiments. Additionally, some embodiments may include further or different components, devices or elements beyond those shown and described herein.
  • Apparatus Architecture
  • Regardless of the type of device that embodies the authentication service 102 or server 112, authentication service 102 or server 112 may include or be associated with an apparatus 200 as shown in FIG. 2. In this regard, the apparatus may include or otherwise be in communication with a processor 202, a memory device 2044, a communication interface 206, a user interface 208, and comparison module 30. As such, in some embodiments, although devices or elements are shown as being in communication with each other, hereinafter such devices or elements should be considered to be capable of being embodied within the same device or element and thus, devices or elements shown in communication should be understood to alternatively be portions of the same device or element.
  • In some embodiments, the processor 202 (and/or co-processors or any other processing circuitry assisting or otherwise associated with the processor) may be in communication with the memory device 204 via a bus for passing information among components of the apparatus. The memory device may include, for example, one or more volatile and/or non-volatile memories. In other words, for example, the memory device may be an electronic storage device (for example, a computer readable storage medium) comprising gates configured to store data (for example, bits) that may be retrievable by a machine (for example, a computing device like the processor). The memory device may be configured to store information, data, content, applications, instructions, or the like for enabling the apparatus 200 to carry out various functions in accordance with an example embodiment of the present invention. For example, the memory device could be configured to buffer input data for processing by the processor. Additionally or alternatively, the memory device could be configured to store instructions for execution by the processor.
  • As noted above, the apparatus 200 may be embodied by authentication service 102 or server 114 configured to employ one or more example embodiments of the present invention. However, in some embodiments, the apparatus may be embodied as a chip or chip set. In other words, the apparatus may comprise one or more physical packages (for example, chips) including materials, components and/or wires on a structural assembly (for example, a baseboard). The structural assembly may provide physical strength, conservation of size, and/or limitation of electrical interaction for component circuitry included thereon. The apparatus may therefore, in some cases, be configured to implement an embodiment of the present invention on a single chip or as a single “system on a chip.” As such, in some cases, a chip or chipset may constitute means for performing one or more operations for providing the functionalities described herein.
  • The processor 202 may be embodied in a number of different ways. For example, the processor may be embodied as one or more of various hardware processing means such as a coprocessor, a microprocessor, a controller, a digital signal processor (DSP), a processing element with or without an accompanying DSP, or various other processing circuitry including integrated circuits such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), a microcontroller unit (MCU), a hardware accelerator, a special-purpose computer chip, or the like. As such, in some embodiments, the processor may include one or more processing cores configured to perform independently. A multi-core processor may enable multiprocessing within a single physical package. Additionally or alternatively, the processor may include one or more processors configured in tandem via the bus to enable independent execution of instructions, pipelining and/or multithreading.
  • In an example embodiment, the processor 202 may be configured to execute instructions stored in the memory device 204 or otherwise accessible to the processor. Alternatively or additionally, the processor may be configured to execute hard coded functionality. As such, whether configured by hardware or software methods, or by a combination thereof, the processor may represent an entity (for example, physically embodied in circuitry) capable of performing operations according to an embodiment of the present invention while configured accordingly. Thus, for example, when the processor is embodied as an ASIC, FPGA or the like, the processor may be specifically configured hardware for conducting the operations described herein. Alternatively, as another example, when the processor is embodied as an executor of software instructions, the instructions may specifically configure the processor to perform the algorithms and/or operations described herein when the instructions are executed. However, in some cases, the processor may be a processor of a specific device configured to employ an embodiment of the present invention by further configuration of the processor by instructions for performing the algorithms and/or operations described herein. The processor may include, among other things, a clock, an arithmetic logic unit (ALU) and logic gates configured to support operation of the processor. In one embodiment, the processor may also include user interface circuitry configured to control at least some functions of one or more elements of the user interface 208.
  • Meanwhile, the communication interface 206 may be any means such as a device or circuitry embodied in either hardware or a combination of hardware and software that is configured to receive and/or transmit data. In this regard, the communication interface 206 may include, for example, an antenna (or multiple antennas) and supporting hardware and/or software for enabling communications wirelessly. Additionally or alternatively, the communication interface may include the circuitry for interacting with the antenna(s) to cause transmission of signals via the antenna(s) or to handle receipt of signals received via the antenna(s). For example, the communications interface may be configured to communicate wirelessly with wearable device (e.g., head mounted displays), such as via Wi-Fi, Bluetooth or other wireless communications techniques. In some instances, the communication interface may alternatively or also support wired communication. As such, for example, the communication interface may include a communication modem and/or other hardware/software for supporting communication via cable, digital subscriber line (DSL), universal serial bus (USB) or other mechanisms. For example, the communication interface may be configured to communicate via wired communication with other components of the computing device.
  • The user interface 208 may be in communication with the processor 202, such as the user interface circuitry, to receive an indication of a user input and/or to provide an audible, visual, mechanical, or other output to a user. As such, the user interface may include, for example, a keyboard, a mouse, a joystick, a display, a touch screen display, a microphone, a speaker, and/or other input/output mechanisms. In some embodiments, a display may refer to display on a screen, on a wall, on glasses (for example, near-eye-display), in the air, etc. The user interface may also be in communication with the memory 204 and/or the communication interface 206, such as via a bus.
  • Data Flow
  • FIG. 3 depicts an example data flow 300 illustrating interactions between a user device, for example, a user device 302 such as one of user devices 108A-108N, a secured system 304 such as one of Secured systems 104A-104N, a network provider 306 such as one of network providers 110A-110N and authentication system 102. The data flow 300 illustrates how electronic information may be passed among various systems in accordance with embodiments of the present invention.
  • At step 302, user device 350 transmits data (e.g., a page request) or, for example in some embodiments, launches an API, attempting to access secured system 360. At 304, a login page is provided and a user, operating user device, at step 306, provides login credentials. In some embodiments, login credentials are saved and the providing of the login credentials requires no instant input from the user.
  • The secured system, requiring two-factor authentication, then at step 308 requests authentication of the user device by providing an authentication request and, for example first device identification information to the authentication service 380. The first device identification information may comprise one or more phone numbers for each of one or more user devices having pre-authorized access to the secured system. For example, when registering or at a previous login, a user may provide a list of authorized devices and/or device identification information of authorized devices, giving them access to the account.
  • The system, in an effort to determine the identification information of the user device that is currently attempting access to the secured system may perform one or more of a number of processes. Generally, the system may be configured to direct the user device to a destination where the identification information may be determined, detected, identified, or otherwise accessed. For example, the user device may be provided with a URL to ping, an app to which to connect, or the like. The destination may be received from, in some embodiments, the secured system, while in other embodiments, the destination may be received from authentication service. The destination may be provided directly to the user device, to a browser executing thereon, to an app executing there, via an API call, via a bot, by sending an SMS message thereby requiring a click, via a notification from an app, or any other form of, for example, user-to-machine electronic communication.
  • The authentication service 380 may, for example, at step 310 request a network address and at step 312 receive the network address, the network address, for example, may be a URL or the like configured to be passed to the secured system or directly to the user device, for the user device to ping or otherwise access. As such, at step 314, the authentication service provides the network address to the secured system and at step 316, the network address is provided to the user device. At step 318, the user device pings or otherwise access the network address, where, for example, the network provider, at step 320, receives, reads, extracts, or otherwise determines the device identification information, for example, from a packet header.
  • In particular, a user device may store or otherwise be associated with identification information. For example, in a mobile context, a subscriber identification module (SIM), Universal Subscriber Identity Module (USIM), a Removable User Identity Module (R-UIM), or a CDMA Subscriber Identity Module (CSIM), any of which may be a software application or integrated circuit, for example, stored on a SIM card or Universal Integrated Circuit Card (UICC), may comprise at least a unique serial number (ICCID) or an international mobile subscriber identity (IMSI) number. The SIM card, as referred to herein, may be a mini, micro, nano, virtual, or emdedded(e) SIM.
  • At step 322, the network provider provides and the authentication service receives the second device identification information, which indicates the device identification information of the device attempting to access secured system 360. In an instance in which no device identification of the device attempting to access secured system 360 (e.g., second device identification information) is available or able to be determined, detected, identified, or otherwise accessed, the authentication service may be configured to perform a different process for two-factor authentication where, for example, the authentication service, utilizing the first identification information provides a code or the like to the user device, and the request the user to provide, via the user device, the code (e.g., input into the app or browser) to the secured system, for example, which may have the authentication session open.
  • At step 324, the authentication service compares the first device identification information and the second device identification information. In some embodiments, as one of ordinary skill in the art would understand, the first device identification information as received from the secured system and/or the second device identification information as received from the network provider may be raw, tokenized, hashed, or otherwise transcoded, for example, for security reasons. The comparison may first involve, for example, decoding the device identification information and comparing raw data or comparing transcoded information. The comparison may also involve, in some embodiments, normalization of the device identification information. That is, the first identification information may be in a convenient format, for example, for input or display within the user's online account—which may or may not include elements such as punctuation (e.g., dashes, parentheses, brackets, or the like), country codes, spaces, etc. the comparison may simply ignore such elements, strip the elements, or otherwise clean the data, etc.
  • In some embodiments, because page requests are monitored, directed, or otherwise pass through network provider 370, the second device identification information may be passed to the secured system at the initial request—enabling the secured system to pass data, for example, the data packet header, which may be tokenized, hashed, or otherwise transcoded, to the authentication system with or after the first device identification information.
  • Upon making the comparison, the authentication service 380, at step 326, in an instance in which the comparison determines that a match exists between for example, the first device identification information and the second device identification information, may authenticate and/or prompt the secured system to authenticate or grant access to the user device. The secured system may then, at step 328, grant access to the user device.
  • However, in an instance in which the comparison determines that no match exists between for example, the first device identification information and the second device identification information, the authentication service 380, at step 330, may notify and/or prompt the secured system indicating its inability to authenticate. The secured system may then, at step 332, deny access to the user device.
  • FIG. 4A depicts an example data flow 400 illustrating interactions between a user device, for example, a user device 302 such as one of user devices 108A-108N, a secured system 304 such as one of secured systems 104A-104N, a network provider 306 such as one of network providers 110A-110N and authentication system 102. The data flow 300 illustrates how electronic information may be passed among various systems in accordance with embodiments of the present invention, and in particular, FIG. 4 shows how the use of biometric data may augment or otherwise aid in the authentication process of FIG. 3.
  • In some embodiments, upon a determination that the first device identification information matches the second device identification information, the secured system and/or the authentication service may be configured to perform additional authentication. While in other embodiments, the secured system and/or the authentication service may be configured to perform authentication using both the frictionless two-factor authentication shown in FIG. 3 as well as biometric data. That is, in an instance in which both the frictionless two-factor authentication shown in FIG. 3 as well as biometric data are used in parallel, the secured system may be configured to provide, at step 308, for example, biometric data of one or more users having been previously authorized to access the system. In other embodiments, for example, as shown in FIG. 4A, biometric data may be provided upon the determination that the first device identification information matches the second device identification information.
  • Regardless of when the biometric data of one or more users having been previously authorized to access the system is received, as shown at step 410, the authentication service may request the biometric data of the user operating the device currently attempting to access the secured system, and at step 415, that biometric data is received. Subsequently, at step 420, the authentication service may be configured to determine whether the previously registered biometric data and current biometric data match.
  • Similar to FIG. 3, in an instance in which the comparison determines that a match exists between for example, the previously registered biometric data and current biometric data, the authentication service, at step 425, may authenticate and/or prompt the secured system to authenticate or grant access to the user device. The secured system may then, at step 430, grant access to the user device.
  • However, in an instance in which the comparison determines that no match exists, the authentication service 380 may notify and/or prompt the secured system that the match as not made. The secured system may then deny access to the secured system.
  • FIG. 4B depicts an example data flow 400 illustrating interactions between a user device, for example, a user device 302 such as one of user devices 108A-108N, a secured system 304 such as one of secured systems 104A-104N, a network provider 306 such as one of network providers 110A-110N and authentication system 102. The data flow 300 illustrates how electronic information may be passed among various systems in accordance with embodiments of the present invention, and in particular, FIG. 4 shows how the use of location data may augment or otherwise aid in the authentication process of FIG. 3.
  • In some embodiments, upon a determination that the first device identification information and the second device identification information match, the secured system and/or the authentication service may be configured to perform additional authentication. In other embodiments, the secured system and/or the authentication service may be configured to perform authentication using both the frictionless two-factor authentication shown in FIG. 3 as well as location data.
  • In an instance in which both the frictionless two-factor authentication shown in FIG. 3 as well as location data are used in parallel, the secured system may be configured to provide, at step 308 for example, location data of one or more users having been previously authorized to access the system. In other embodiments, for example, as shown in FIG. 4B, location data may be provided upon the determination that the first device identification information matches the second device identification information.
  • Furthermore, in an instance in which both the frictionless two-factor authentication shown in FIG. 3 as well as location data are used in parallel, the network provider may be configured to provide, for example, at step 322, location data of the user device currently attempting to access the secured system. Similar to the device identification information, the user device, for example, within a data packet header or the like, may provide location information to the network provider, while in other embodiments, the network provider may determine the location, within a particular variance, based on where the connection is made. In other embodiments, for example, as shown in FIG. 4B, location data may be provided upon the determination that the first device identification information matches the second device identification information.
  • If however, the location data of one or more users having been previously authorized to access the system has not been received previously, as shown at step 455, the authentication service may request and receive the location data of one or more users having been previously authorized to access the secured system.
  • In an instance in which the location data of the user device currently attempting to access the secured system has not been received previously, as shown at step 460, the authentication service may request and, at step 465, receive, from the network provider, the location data of the user device currently attempting to access the secured system. In another embodiment, which may also be performed, as shown at step 470, the authentication service may request from the user device, and, at step 475, receive, from the user device, the location data of the user device currently attempting to access the secured system. Subsequently, at step 480, the authentication service may be configured to determine whether the previously registered location data and current location data match.
  • Similar to FIG. 3, in an instance in which the comparison determines that a match exists between for example, the previously registered location data and current location data, the authentication service, at step 485, may authenticate and/or prompt the secured system to authenticate or grant access to the user device. The secured system may then, at step 490, grant access to the user device. However, in an instance in which the comparison determines that no match exists, the authentication service 380 may notify and/or prompt the secured system that the match as not made. The secured system may then deny access to the secured system.
  • Exemplary Operation for Implementing Embodiments of the Present Invention
  • In some embodiments, apparatus 200 may be configured to perform frictionless two-factor authentication. FIGS. 5, 6A, and 6B illustrate exemplary processes for determining whether to authenticate a user device, prompting the approval or denial of access to an account.
  • Receiving an Authentication Request
  • FIG. 5 illustrates a flow diagram depicting an example of a process 500 for authenticating a device in accordance with embodiments of the present invention. The process illustrates how, upon reception of the authentication request, an authentication system or an API related thereto may receive identification information of devices having previously given authorization to access a secured system (e.g., a banking account) and identification information of a device currently attempting to access the secured system, and upon reception, performing a real-time match to determine whether to prompt the secured system to allow access. The process 500 may be performed by an apparatus, such as the apparatus 200 described above with respect to FIG. 2.
  • A first entity (e.g., a secured system as described above, which may include, for example, an online banking platform) may receive the login credentials to an account. Upon receiving the login credentials, the first entity opens an authentication session, for example, via an API provided by the authentication service. As such, as shown in block 505 of FIG. 5, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive, from a first entity, an indication of a request. In some embodiments, the request is or was received at the first entity, to access an account from a device associated with a user. The indication of the request, as received at the authentication service may comprise at least one instance of first device identification information of at least one user and/or device having authorization to access the account.
  • For example, at registration or any time thereafter, a user may provide their bank or online banking platform with a list of one or more phone numbers (e.g., their cellular phone number). In other embodiments, a user may provide a list of users (e.g., their first and last names or the like) authorized to access an account. As such, upon receiving a request to access the account, the first entity may provide one or more instances of device identification information in their possession indicative of users or devices having authorized access.
  • The authentication service, upon receiving the indication of the request to access the secured system, may initiate a process in which it determines the device identification information of the device currently attempting to access the account. In some embodiments, the authentication service may provide the first entity or the device, directly, with a URL to ping. As shown in block 510 of FIG. 5, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to transmit, to a second entity, a request for a network address and as shown in block 515 of FIG. 5, the apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive, from the second entity, the network address.
  • Once in possession of network address, the authentication service may then, as described above, transmit the network address to the first entity or directly to the device. As such, as shown in block 520 of FIG. 5, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to provide the network address to the first entity. The network address may be configured to be sent to the device from the first entity.
  • Subsequent to the device pinging or otherwise attempting to access the network address, the network provider may detect, determine or otherwise identify, for example, device identification information of the device currently attempting to access the account and then transmit the device identification information to the authentication service. The authentication then receives that information, in particular, for example, a subscriberlD (e.g., a phone number) and/or, in some embodiments, other information, as described above, that the network provider may have associated with the device (e g, name on account, billing address, or the like). Accordingly, as shown in block 525 of FIG. 5, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive, from a second entity, second device identification information. In some embodiments, the second device identification information may be determined upon the device pinging or otherwise accessing or attempting to the network address.
  • As one of ordinary skill would appreciate, the format of the information may vary. For example, the first identification information may comprise, as described above, punctuation, spaces, etc. whereas the second device identification information may be in a same or different format. Therefore, in some embodiments, the authentication may “clean” or normalize the device identification information, for example, to aid in the comparison of the first identification information to the second identification information. As such, as shown in block 530 of FIG. 5, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to normalize the data.
  • Having both the first identification information and the second identification information, a comparison may be made. Accordingly, as shown in block 535 of FIG. 5, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to perform a real-time comparison between the first device identification information and second device identification information.
  • In an instance of a match between the first device identification information and second device identification information, as shown in block 540 of FIG. 5, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to prompt the first entity to grant the device access to the account. That is, where a match is detected, the authentication service may determine that device attempting to access the account is, in fact, authorized to access the account, and may notify the secured system.
  • In an instance of no match between the first device identification information and second device identification information, as shown in block 545 of FIG. 5, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to prompt the first entity to deny the device access to the account. That is, where a match is not detected, the authentication service may not determine that device attempting to access the account is, in fact, authorized to access the account, and may notify the secured system inasmuch.
  • In some embodiments, the authentication service may report a binary result (e.g., match/no match). As described above, in some embodiments, however, the authentication service may report more granular results, such as, for example, a confidence level. For example, where the phone number of a device attempting to access the account does not match a pre-authorized phone number, the authentication service may see that identification information (e.g., a name on the account) matches a name to which the phone number of the device attempting the account is registered. As such, a binary result may be that of no match, a more granular result may provide the secured system with confidence to allow access or, in some embodiments, prompt for more information. In some embodiments, the first device identification information may comprise each of a plurality of data elements such as, for example, a phone number, a name, and a location (GPS related, a billing address, or the like). The second device identification information, for example, received from the network provider after the device pings the provided network address, may provide a subset of the data elements included in the first device identification information. The authentication service may calculate a non-binary result upon making the comparison of the first device identification information and the second device identification information.
  • FIGS. 6A and 6B illustrate flow diagrams depicting example processes 600 and 650, respectively, for authenticating a device and a user in accordance with embodiments of the present invention. The processes illustrates how, upon reception of the authentication request, an authentication service or an API related thereto may first, perform the two-factor authentication process as shown in FIG. 5, and upon authentication of the device, authenticate the user of the device using biometric data and location data, respectively. As one of ordinary skill would appreciate from the following disclosure, an authentication service or an API related thereto may first, perform the two-factor authentication process as shown in FIG. 5, and upon authentication of the device, further perform authentication of the device using location data and/or the user of the device using biometric data. That is, a frictionless three-factor authentication process is disclosed which may include either the frictionless two-factor authentication process of FIG. 5 and either of the processes shown in FIG. 6A or 6B. And a frictionless four-factor authentication process is disclosed which may include the frictionless two-factor authentication process of FIG. 5 and the processes shown in FIG. 6A or 6B, each of which may be performed in parallel or in any order.
  • FIG. 6A illustrates a flow diagram depicting an example of a process 600 for authenticating a device and a user in accordance with embodiments of the present invention. The process illustrates how, upon reception of the authentication request, an authentication service or an API related thereto may first, perform the two-factor authentication process as shown in FIG. 5, and upon authentication of the device, authenticate the user of the device using biometric data. The process 600 may be performed by an apparatus, such as the apparatus 200 described above with respect to FIG. 2.
  • The process of FIG. 6A may include those steps of FIG. 5, for example, as shown in blocks 505-530, related to receiving As shown in block 605 of FIG. 6A, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to. Subsequently, as shown in block 535 of FIG. 5, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to perform a real-time comparison between the first device identification information and second device identification information.
  • In an instance of a match between the first device identification information and second device identification information, as shown in block 605 of FIG. 6, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to prompt or request the first entity for biometric data.
  • As shown in block 610 of FIG. 6A, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive, from a first entity, with the indication of a request, received at the first entity, to access an account from a device associated with a user, first biometric data, the first biometric data captured at the device.
  • As shown in block 615 of FIG. 6A, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive second biometric data, the second biometric data being data associated with users having been granted authorized access to the account. For example, a user may have registered his fingerprint at account set up or any previous time of access.
  • As shown in block 620 of FIG. 6A, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to normalize the biometric data.
  • As shown in block 625 of FIG. 6A, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to perform a real-time comparison between the first biometric data and the second biometric data.
  • In an instance of a match between the first biometric data and second biometric data, as shown in block 630 of FIG. 6A, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to prompt the first entity to grant the device access to the account. In an instance of no match between the first biometric data and second biometric data, as shown in block 635 of FIG. 6A, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to prompt the first entity to deny the device access to the account.
  • FIG. 6B illustrates a flow diagram depicting an example of a process 650 for authenticating a device and a user in accordance with embodiments of the present invention. The process illustrates how, upon reception of the authentication request, an authentication service or an API related thereto may first, perform the two-factor authentication process as shown in FIG. 5, and upon authentication of the device, authenticate the user of the device using location data. The process 600 may be performed by an apparatus, such as the apparatus 200 described above with respect to FIG. 2.
  • The process of FIG. 6B may include those steps of FIG. 5, for example, as shown in blocks 505-530, related to receiving the first device identification information and second device identification information. Subsequently, as shown in block 535 of FIG. 5, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to perform a real-time comparison between the first device identification information and second device identification information.
  • In an instance of a match between the first device identification information and second device identification information, as shown in block 655 of FIG. 6B, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to prompt or request the first entity for location data.
  • In some embodiments, the process of FIG. 6B may include those steps of FIG. 6A, for example, as shown in blocks 605-635, related to receiving the first biometric data and second biometric data. In those embodiments, and in an instance of a match between the first biometric data and second biometric data, as shown in block 655 of FIG. 6B, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to prompt or request the first entity for location data.
  • Regardless of whether the apparatus is using the frictionless two-factor authentication process as shown in FIG. 5 or supplementing the process of FIG. 5 as shown in FIG. 6A, the apparatus may be configured for further authenticating access using location. As shown in block 660 of FIG. 6B, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive, from a first entity, with the indication of a request, received at the first entity, to access an account from a device associated with a user, first location data. The first location data may be captured at the device and/or, in some embodiments, captured from the network provider (e.g., via triangulation, connections to a cellular base station having a known location and a radius, connection to a Wi-Fi access point, connection via Bluetooth, ZigBee or the like).
  • As shown in block 665 of FIG. 6B, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive second location data, the second location data being data associated with users having been granted authorized access to the account. For example, a user may have registered his address (e.g., home address, work address, or the like) at account set up or any previous time of access.
  • As shown in block 670 of FIG. 6B, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to normalize the location data.
  • As shown in block 675 of FIG. 6B, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to perform a real-time comparison between the first location data and the second location data.
  • In an instance of a match between the first location data and second location data, as shown in block 680 of FIG. 6B, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to prompt the first entity to grant the device access to the account.
  • In an instance of no match between the first location data and second location data, as shown in block 685 of FIG. 6B, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to prompt the first entity to deny the device access to the account.
  • Use Cases
  • In an example embodiment of the present invention, an apparatus or computer program product may be provided to implement or execute a method, process, or algorithm for facilitating frictionless two-factor authentication in the attempted access to an IoT device such as, for example, (i) a security system (e.g., a physical lock outfitted with an embodiment of the present invention) protecting or otherwise controlling access to a home, apartment, a hotel room, an automobile, storage unit, safe, lock (e.g., bike lock, case lock, briefcase lock, luggage lock, or the like), etc., (ii) an automation system (e.g., a system configured for controlling an automobile, one or more various switches in a power or dam system), or (iii) a ticketing system.
  • Here, the user, for example, operating a user device with a mobile app installed thereon with a particular purpose (e.g., accessing security system such as the lock on their car) opens the app, which may or may not require login credentials. Once logged in, the user may then send a command to the security or automation system. The command serves as the request to access. As such, as described with regard to FIG. 5, the authentication service receives the indication of the request.
  • Two different embodiments exist. First, where the user device and the security system have access to, for example, a wireless network (e.g., a cellular network, a Wi-Fi network, a private network, or the like) the process may continue as above. In particular, the user device sends the command to, for example, the secured system (e.g., an IoT device configured for unlocking your), the authentication service receives the indication of the request, the user device pings a network address, and the authentication service is provided with device identification information indicating the user device currently attempting to access the security system. In the case of a match, the lock opens by, in one instance where the security system is remote, the security system sending a signal to the lock instructing it to open, or in an instance in which the security system is local, instructing the lock to open. Moreover, as described above, the authentication service may be configured to further authenticate by confirming the ownership of the device via biometric data and/or proximity via location data.
  • In another embodiment, a user device, which may typically have access to a cellular network or wireless cable network, does not, temporarily or permanently, have access to the cellular network or the wireless cable network. In such case, a local proximity network may be used using, for example, local proximity network signals. For example, upon establishing, for example, a Bluetooth connection with the user device, the security system may receive the command (e.g., a request to access), which when using local proximity network signals (e.g., Bluetooth, Near-field radio signals, RF signals, etc.) does provide device identification information (i.e. a Bluetooth connection is only established by the requesting device identifying itself) and initiate an authentication session with the authentication service, for example, locally. The security system, in providing the indication of the request, provides both the device identification information provided by the device attempting access provided in establishing the Bluetooth connection and locally stored device identification information. The authentication service then compares the first device identification information and second device identification information as described above, and prompts the security system as described above. As such, even with no “outside” connection, the frictionless two-factor authentication system described herein may operate.
  • In the instance of a ticketing system, upon sale or re-sale of a ticket, embodiments of the present invention may be used to confirm authenticity of the ticket and owner combination. For example, a ticketing system may enable resale of a ticket (e.g., a season ticket hold is unable to make a game and sells the ticket). Before the sale is confirmed, a user having offered the ticket for sale, received, and accepted an offer, may send a command to the ticketing system, for example, configured to enable their collection of the payment and transfer of the ticket. The ticketing system may open an authentication session with the authentication service and provide the authentications service with the user device information of the user device known to having last purchased the ticket (e.g., the first device identification information). The user device pings to network address, and the network provider provides, to the authentication service, the device identification information of the device currently attempting to access the ticketing system (e.g., the second device identification information). Upon a match, the authentication service may prompt the ticketing system to complete the transaction—whereas, in an instance in which there is no match (the device identification information of the device attempting to sell a ticket does not match the device identification information of the device having last purchased the ticket), the authentication service prompts the ticketing system to deny the transaction.
  • Moreover, when attempting to access an event, a user device may present a ticket to a ticket collection device/kiosk connected to the ticketing system, the presentment of the ticket being the request to access. The ticketing system (or the ticket collection device/kiosk) may initiate an authentication session with the authentication service. Again, the authentication service is provided with the indication of the request the device identification information of the user device having last purchased the ticket (e.g., the first device identification information). The ticketing system may then prompt the user device to ping a network address, the user device pings to network address, and the network provider provides, to the authentication service, the device identification information of the device currently attempting to access the ticketing system (e.g., the second device identification information). After comparison, upon a match, the authentication service may prompt the ticketing system to allow entry—whereas, in an instance in which there is no match (the device identification information of the device attempting to utilize the ticket for entrance does not match the device identification information of the device having last purchased the ticket), the authentication service prompts the ticketing system to deny entry.
  • In another use case, for instance, in the initial establishment of an account, where a user only provides registration information, and, for example, the secured system does not provide first device identification information (e.g., there is no previously authorized device), the authentication service may be configured to determine, detect, identify, or otherwise access one or more databases with information able to correlate that information the secured system does provide (e.g., the registration information, such as name and address) with the second device identification information.
  • In particular, a user operating a user device initiates a process to open an account. Some amount of registration information is necessary. The secured system may then initiate an authentication session with the authentication service and, provide the registration information, with the indication of the request. The user device pings the network address and the authentication service receives the second device identification information.
  • Payment Option Aggregation
  • In some embodiments, authentication service 102 embodied by, for example, apparatus 200 may be configured to perform an improved payment or checkout process resulting in a more secure and easier process for the user. FIGS. 7-10 illustrate exemplary processes for identifying potential payment options and determining which payment options to present, and causing placement of the payment options.
  • Receiving a Request for Payment Options
  • FIG. 7 shows a flowchart depicting an exemplary payment process 700 in accordance with embodiments of the present invention. The process shows how, upon reception of a request, an authentication service or an API related thereto may identify potential payment options and present some or all of those payment options to a user. The process 700 may be performed by an apparatus, such as the apparatus 200 described above with respect to FIG. 2.
  • A user, operating for example, a user device, as described above, such as a mobile phone or a computer, may indicate a readiness to remit payment, for example, in exchange for a product (e.g., goods or services), as a donation (e.g., to a charity), as a one-way transfer of money, bill payment, etc. Accordingly, the secured system may open a session, for example, by calling an API or the like, requesting payment options. As shown in block 705 of FIG. 7, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive a request to complete a transaction. In some embodiments, the request may comprise identification information and a transaction amount. The transaction may be any of a purchase, a transfer, or a donation.
  • In one embodiment, a user's selection of a “checkout” or “complete transaction” icon may cause the secured system to open the session and transmit the request, while in other embodiments, a voice command indicative of a desire to complete a transaction, or a motion indicative of a desire to complete the transaction may cause the secured system to open the session and transmit the request. In another embodiment, the act of clicking or otherwise selecting media (e.g., audio, video, or the like), consuming media (e.g., listening to an audio file such as a podcast, advertisement, or the like, or watching a video, etc.) may serve to cause the secured system to open the session and transmit the request.
  • In some embodiments, the secured system may open an authentication session in advance, to authenticate the user and/or user device (as described above), or the authentication session may, first include the authentication, as described above, and then the payment process, as being described. In other embodiments, authentication may not be performed or may be performed via conventional processes (e.g., logging in, conventional two-factor authentication, or the like).
  • The authenticated identification information (e.g., a mobile phone number) may then be sent to one or more payment entities (e.g., credit card companies, processors, or similar including by not limited to American Express, VISA, MasterCard, Discover, PayPal, Venmo, Amazon payments, etc., their affiliated or member banks (e.g., Capital One, Citibank, etc.), or related processors (Rocky Mountain Bank, First Credit), credit rating agencies (Experian, etc.)), for the purpose of determining or identifying one or more payment options. For example, any of the above described payment entities may be configured to perform a search/reverse index to collect and present various user's known payment accounts that are associated with the provided authenticated identification information (e.g., the mobile phone number) and/or associated information (e.g., the social security number of the user having the provided mobile phone number).
  • That is, because it may be common, for example, for a user's credit card user profile to include the user's mobile phone number, with the user's permission, his credit card information could be identified or detected (e.g., reversed indexed) by means of presenting various entities with the user's mobile phone number or other identifying means.
  • Accordingly, as shown in block 710 of FIG. 7, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to provide a request for a payment option to each of one or more payment entities. The request may comprise authenticated identifying information and a transaction amount. In some embodiments, the request may comprise the identification information and the transaction amount, wherein the payment entity is configured to authenticate the identification information. In some embodiments, the authenticated identification information may be encrypted, tokenized, hashed, or otherwise transcoded to minimize fraud.
  • That is, a set or subset of payment entities may be queried, in real-time, by providing those payment entities with the user's authenticated identification information, such that each payment entity may then return to a checkout or payment offer. In some embodiments, a payment entity may check that the user or account associated with the identification information has sufficient credit available prior to providing a response to the request for a checkout/payment offer. In some embodiments, an extension or granting of additional credit may be considered prior to extending a payment option for the transaction.
  • In some embodiments, the payment entity may open an authentication session with authentication service, or in other embodiments, may perform another type of authentication of the user and/or user device. In some embodiments, the request may comprise a time limit in which to provide a response.
  • As such, as shown in block 715 of FIG. 7, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive one or more payment options.
  • Once or more payment options have been received, all of some portion of the received payment options may be presented to the user device for selection. As shown in block 720 of FIG. 7, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to provide, for display, a descriptor associated with each of a portion of the identified payment options. For example, a graphical icon, which may be pre-selected or otherwise associated with the payment options may be presented on the display of the use device.
  • In some embodiments, a display of a graphic or icon (e.g., MasterCard logo, Capital One bank logo, etc.) may be displayed with, for example, next to the payment offer, and in some embodiments, along with an identification of the user's particular credit card (e.g., “xx1234” displaying only the last four digits of the card so the user can identify the credit card), a picture or pseudo picture of the user's credit card, or other information about this particular account (e.g., remaining credit available, etc.).
  • Upon display of one or more payment options, a user may select at least one of the payment options. As shown in block 725 of FIG. 7, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive an indication of a selection of at least one payment option.
  • Data Flow
  • FIG. 8 depicts an example data flow 800 illustrating interactions between a user device, for example, a user device such as one of user devices 108A-108N, a secured system such as one of secured systems 104A-104N, a network provider such as one of network providers 110A-110N and Payment option aggregation system, embodied by for example, authentication system 102. The data flow 800 illustrates how electronic information may be passed among various systems in accordance with embodiments of the present invention.
  • At step 802, user device transmits data (e.g., a page request) or, for example in some embodiments, launches an API, attempting to access secured system. At 804, a login page is provided and a user, operating user device, at step 806, provides login credentials. In some embodiments, login credentials are saved and the providing of the login credentials requires no instant input from the user.
  • The secured system may require two-factor authentication, and as such, not shown, but in accordance with either conventional two-factor authentication or in accordance with the frictionless two-factor authentication shown above, may authenticate the user and/or user device. That is at step 808, the secured system may provide device information needing authentication and at step 810, the Payment option aggregation system may, for example, using the frictionless two-factor authentication process shown above, authenticate the user and/or device. Subsequently or in parallel with providing the authentication request, the secured system may provide a request for payment options.
  • The Payment option aggregation service may, for example, at step 812 then request from one or more payment entities, payment options. As shown at step 814, each of a plurality of payment entities may provide one or more payment options, which are received at the Payment option aggregation system. At step, 816, the Payment option aggregation system orders the payment options and configures some portion of the received payment options for display/presentment to the user device. At step 818, the user device then displays one or more payment options to the user. Upon review, the user may provide a selection, and as such, at step 820, the secured system receives the selection of a payment option. At step 822, the Payment option aggregation system receives an indication of the selection and, at step 824, provides a notification to the selected payment entity.
  • Receiving a Request for Payment Options and a Corresponding Bid
  • FIG. 9 shows a flowchart depicting an exemplary payment process 900 in accordance with embodiments of the present invention. The process shows how, upon reception of a request, an authentication service or an API related thereto may identify potential payment options, request bids from each, and present some or all of those payment options to a user in accordance with the bids. The process 900 may be performed by an apparatus, such as the apparatus 200 described above with respect to FIG. 2.
  • As described above, a user, operating for example, a user device, such as a mobile phone or a computer, may indicate a readiness to remit payment to a secured system, for example, in exchange for a product (e.g., goods or services), as a donation, as an exchange of currency, etc. Accordingly, the secured system may open a session, for example, by calling an API or the like, requesting payment options. As shown in block 905 of FIG. 9, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive a request to complete a transaction, the request comprising identifying information and a transaction amount. In one embodiment, a user's selection of a “checkout” or “complete transaction” icon may cause the secured system to open the session and transmit the request, while in other embodiments, a voice command indicative of a desire to complete a transaction, or a motion indicative of a desire to complete the transaction may cause the secured system to open the session and transmit the request. In another embodiment, the act of clicking or otherwise selecting media (e.g., audio, video, or the like), consuming media (e.g., listening to an audio file such as a podcast, advertisement, or the like, or watching a video, etc.) may serve to cause the secured system to open the session and transmit the request. In some embodiments, the secured system may open an authentication session in advance, to authenticate the user and/or user device, as described above in figures above. Accordingly, as shown in block 910 of FIG. 9, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to perform an authentication process. That is, in some embodiments, the authentication service may receive first and second identification information and perform a comparison. In some embodiments, the authentication service may further utilize biometric data and/or location data to perform the authentication of the user and/or user device.
  • Once the user and/or user device is authenticated, payment options may be determined. In some embodiments, before identifying payment options, the apparatus may determine which payment entities will be queried. Though, in some embodiments, each of a plurality of payment entities are queried. Some factors for determining which payment entities are queried include geography, instructions from the user and/or user device and/or the secured system. Accordingly, as shown in block 915 of FIG. 9, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to determine a subset of one or more payment entities from which to solicit payment options.
  • Once the payment entities from which to solicit payment options are determined, a request may then be provided. As shown in block 920 of FIG. 9, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to provide a request for payment option to each of one or more payment entities. In some embodiments, the request may comprise the authenticated identification information and a transaction amount. As described above, with respect to block 710, authenticated identification information (e.g., a mobile phone number) may then be sent to one or more payment entities for the purpose of determining or identifying one or more payment options.
  • While the user and/or user device may have been authenticated, for example, using the mobile phone number of the like, in some embodiments, authentication may be requested by the payment entity, the payment entity having location data (e.g., a billing address, etc.) stored therein. As shown in block 925 of FIG. 9, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive a request to authenticate from the payment entity using location data provided by payment entity. In some embodiments, for example, a payment entity (e.g., a payment processor) may check that this user is, in real-time, within a geographical range of either his home, prior purchasing locations, within a geographical range of the seller (or merchant/store), and perform other geographic confirmations prior to presenting the user with a checkout/payment offer.
  • In some embodiments, the request may further comprise an indication of a time period in which the request is open. That is, while the process happens in real-time, or near real-time, a request may be open for 5 ms, 10 ms, or the like. Any response received after the time period is expired may be ignored.
  • After receiving the request, responses are then received. Accordingly, as shown in block 930 of FIG. 9, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive one or more payment options.
  • In some embodiments, a payment entity may provide a bid for a particular presentation characteristic element (e.g., to appear in bold type face), while it may place a different bid for a different presentation characteristic element (e.g., for placement priority—to be listed at the top of the list). The bid may be determined, authorized by, or provided from the payment entity, for example, with the payment option, or, in some embodiments, from a third-party indirectly (e.g., an ad network, ad resellers, bundlers, or the like). In some embodiments, for example in order for a bid to be determined, various information may be utilized. That is, the system may provide data (e.g., enabling a bidder to determine an appropriate bid) including but not limited to the transaction amount, identity of the buyer, actual or estimated buyer's credit rating, location of the buyer, historical transaction data for this particular buyer, user's device type, user's carrier information (e.g., prepaid/postpaid), user's communication preferences, or the like.
  • In some embodiments, a payment entity may calculate various benefits to the user (e.g., 2% cash back=12.34 for this purchase), or compute other loyalty or benefits (e.g., earn 567 airline miles for this purchase) for presentation to the user.
  • Thus, there may be one or more payment entities (e.g., a number of the user's credit cards) that may want to be selected to provide payment for this transaction. Because a payment entity may often get paid a fee or a percentage of a transaction, thus there is an incentive for the payment entity to be chosen by the user instead of the user's other presented choices, in some embodiments, a payment entity may bid to pay a computed fee to compete for real-time placement, for example, for this particular user, for this particular transaction, such that this payment entity will be shown in a preferential position (e.g., top), or presented in a preferential way (e.g., in time, displayed only first for the first 5 seconds, visual format) as a means for this payment entity to bid to increase the likelihood that this user, for this transaction, will select this payment means.
  • As such, as shown in block 935 of FIG. 9, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive a bid amount from a subset of the determined one or more payment entities, the bid amount indicative of a bid amount each of the one or more payment entities would be willing to pay for placement. In some embodiments, the apparatus may be further configured to provide one or more bid amount, each associated with a presentation characteristic element. That is, the payment entity may provide a bid amount for the presentation characteristic element of being the top placed payment options, a second bid amount for the presentation characteristic element of being the second placed payment option, a different bid amount for the presentation characteristic element of being presented in a bold font, etc.
  • In addition to the bid amounts and any presentation characteristic elements, the payment entities may also provide information indication of one or more benefits (e.g., points, miles, etc.) Accordingly, as shown in block 940 of FIG. 9, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive an indication of one or more benefits with which to display in conjunction with an indication of the payment option during placement. In some embodiments, a payment option's interest rate or other charges or fees (e.g. 0% interest for all purchase for 12 months) may be displayed. Payment entities may elect dynamic incentives (0% interest for 12 months, no interest for 90 days, etc.) depending upon the individual user's characteristics.
  • In some embodiments, the apparatus may be configured to receive and consider one or more bids, determine a presentation order (e.g., in position order, time order, visual impact order, audio order, etc.) for example, in accordance with the received bid amounts. For example, a first payment entity may bid $0.25 for this user for this transaction, while a second payment entity may bid $0.10 for this user for this transaction, thus the first payment entity may be listed first (e.g., in time, placement visual impact, etc.) in preference over the lesser-bidding payment entities. In some embodiments, a secured system may elect to supplement the bid-for-placement bid, for example if a merchant wants to encourage users to utilize a particular payment options. That is, in some embodiments, the presentation order of payment options is ordered based on the bid amounts (e.g., from high-bid to low-bid). In other embodiments, the presentation order may be ordered based on additional inputs such as the user's prior choices, other user's choices for this merchant, other buyer's choices in this geographic area, time, user demographic, age, or other related inputs.
  • In some embodiments, payment offers may be presented, then later re-ordered, in various times (later received bids are presented later). In some embodiments, all received payment options are presented, while in other embodiments, only a limited number (e.g., only the first of a number of payment options) are presented. In some embodiments, payment options may be displayed in a default currency, while in other embodiments, the type of currency may be a presentation characteristic element.
  • In some embodiments, a user's default ship-to information (e.g., as associated with the payment entity), may also be displayed to the user, then provided to the secured system (e.g., the merchant) both making it less effort (e.g., no need to type in their ship-to address), while also making it safer (e.g., less fraud since items can only be shipped to pre-authorized ship-to locations). In some embodiments, one or more pre-authorized ship-to locations may be displayed, and the buyer (e.g., with one or more touches) may select both a payment offer and a ship-to address. In some embodiments, buyer information (e.g., credit card information, ship-to addresses, etc.) may be stored by a payment entity. In another embodiment, one or more data fields may be stored by different databases (e.g., one payment entity may authorize any ship-to address associated with the user, on another database (e.g., a second payment entity), or in a ship-to address associated with this user on a public or private block chain.
  • Thus, as shown in block 945 of FIG. 9, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to determine which payment options to display, a presentation order, associated presentation character elements, and provide, for display, a descriptor associated with each of a portion of the identified payment options.
  • Thus competitive payment options are dynamically generated, then placed (via bid-for-placement), all typically done with zero input or effort on the user's part. In some embodiments, a user may then “single click” an on offer to accept it. In some embodiments, a user may “hover” (e.g., mouse over) an offer to see additional information about that offer. In some embodiments, a user may “touch” (e.g., on a mobile or other touch-sensitive device) an offer to see additional information about that offer. In some embodiments, a user may “touch lightly” (e.g., on a mobile or other touch-sensitive device) an offer to see additional information about that offer, then “touch harder” to accept that offer, which requires a touch display that can sense different levels of touch force. Accordingly, as shown in block 950 of FIG. 9, an apparatus, for example, apparatus 200 embodied by, for example, authentication service 102, server 114, or the like, may be configured to receive an indication of a selection of at least one payment option.
  • Data Flow
  • FIG. 10 depicts an example data flow 1000 illustrating interactions between a user device, for example, a user device such as one of user devices 108A-108N, a secured system such as one of secured systems 104A-104N, a network provider such as one of network providers 110A-110N and multi-element bidding system, embodied by for example, authentication system 102. The data flow 1000 illustrates how electronic information may be passed among various systems in accordance with embodiments of the present invention.
  • At step 1002, user device transmits data (e.g., a page request) or, for example in some embodiments, launches an API, attempting to access secured system. At 1004, a login page is provided and a user, operating user device, at step 1006, provides login credentials. In some embodiments, login credentials are saved and the providing of the login credentials requires no instant input from the user.
  • The secured system may require two-factor authentication, and as such, not shown, but in accordance with either conventional two-factor authentication or in accordance with the frictionless two-factor authentication shown above, may authenticate the user and/or user device. That is at step 1008, the secured system may provide device information needing authentication and at step 1010, the multi-element bidding system may, for example, using the frictionless two-factor authentication process shown above, authenticate the user and/or device. Subsequently or in parallel with providing the authentication request, the secured system may provide a request for payment options.
  • The multi-element bidding system service may, for example, at step 1012 then request from one or more payment entities, payment options. Each of a plurality of payment entities may then, as shown at step 1014 determine a bid amount, for example, as a function of the user, user device, transaction amount, merchant, etc. Each of one or more payment entities may further determine any specific placement instructions, character elements (e.g., bold), or the like to place a bid for. As shown at step 1016, each of a plurality of payment entities may provide one or more payment options and bids, which are received at the multi-element bidding system.
  • At step, 1018, the multi-element bidding system orders the payment options and configures some portion of the received payment options for display/presentment to the user device. At step 1020, the user device then displays one or more payment options to the user. Upon review, the user may provide a selection, and as such, at step 1022, the secured system receives the selection of a payment option. At step 1024, the multi-element bidding system receives an indication of the selection and, at step 1026, provides a notification to the selected payment entity.
  • Use Cases
  • In one exemplary embodiment, the Payment option aggregation and/or multi-element bidding service disclosed herein may be embodied by a mobile or desktop app, the app configured to provide a checkout/payment option (e.g., payment options may be paid placement, as described above). The user may then select one from the one or more payment options, the payment options sorted/ordered by method of paid placement. For example, inside an Uber or a Spotify app, the payment “page” may be driven by embodiments disclosed herein (e.g., configured to identify device identification information, such as for example, a mobile ID number, which reverse-indexes into one or more credit card databases, to then present a compiled and filtered and then presented to the user in an order, for example, in the paid placement bid order, etc.).
  • In another exemplary embodiment, the Payment option aggregation and/or multi-element bidding service disclosed herein may be embodied by a web browser. For example, a user may navigate to a website, then to a checkout/payment page, the payment page driven by embodiment described herein, and the payment options may then be presented as described above.
  • In another exemplary embodiment, the Payment option aggregation and/or multi-element bidding service disclosed herein may be embodied by a mobile or desktop app, the app configured to include a media player, where media presents audio data (e.g., audio ads played before an audio media selected is played before a podcast, before a song, etc., video ads played before/after/during a video played on the YouTube app), thus the transaction checkout page may be presented in association with the media player.
  • For example, a pre-roll video ad could be played before a YouTube video selection, and the ad might be for example to donate $5 to the Red Cross video, played on the YouTube app. The multi-element bidding service disclosed herein may be implemented such that the user can quickly and easily checkout (e.g., in this case, donate $5 to the Red Cross after seeing a 30-second Red Cross video), thus in this embodiment the invention is embodied by and/or coupled with a media player (e.g., the YouTube app), and the request is made by an action by the user consuming the media content, which then results in receiving the payment options such that the user is immediately presented (e.g., in response to a desire to donate to the red cross), with a pre-filtered, sorted, ordered list of that user's individual payment options (which were associated, resulted from, the media play). Media, as used herein, may include video, audio, etc. Accordingly, a user may quickly and easily transact (e.g., donate, buy, or the like) in association with consumed media (e.g., a viewed video, audio, a video ad, an audio ad, an infomercial, etc.). In another exemplary embodiment, embodiments described herein may be utilized where “payment/checkout process” is entirely in audio form. For example, while a user may be listening to a podcast, or a radio, or watching a TV commercial, their pre-authenticated, pre-populated, pre-sorted payment choices may be provided in audio form (e.g., “read out loud” to the user), and selections may be received via voice. In particular, a user may hear checkout payment options via audio (“Do you wish to pay using your default credit and pre-authenticated credit card American Express ending in x1234?”) and may respond by confirming (e.g., “Yes”).
  • In another exemplary embodiment, the “payment/checkout process” may be entirely in audio form, in association with a phone call. For example, a user may call a restaurant to order a pizza, and, in accordance with embodiments of the present invention, payment options are identified and subsequently provided in an audio format (e.g., “read out loud”). That is, pre-authenticated, pre-populated, pre-sorted payment options are provided via audio, and the selection of a preferred payment options is received via a voice command.
  • In another exemplary embodiment, the selection of the pre-authenticated, pre-populated, pre-sorted presented payment options, for example, presented to the user in visual, audio, or other media form, may be received via a keypad or touch pad input, or in other embodiments, via voice command.
  • In another exemplary embodiment, the selection of the pre-authenticated, pre-populated, pre-sorted presented payment options, for example, presented to the user in visual, audio, or other media form, may be received via a motion using, for example, a body or body part, detected by a motion sensor on a wearable device (e.g., a VR headset), a wrist motion, an eye motion (e.g., detected with an eye sensor), an eye stare, an eye flick, etc.
  • Operation
  • FIGS. 3, 4A, 4B, 5, 6A, 6B, and 7-10 show data flows or flowcharts (hereinafter, flowcharts) of the exemplary operations performed by a method, apparatus and computer program product in accordance with embodiments of the present invention. It will be understood that each block of the flowcharts, and combinations of blocks in the flowcharts, may be implemented by various means, such as hardware, firmware, processor, circuitry and/or other device associated with execution of software including one or more computer program instructions. For example, one or more of the procedures described above may be embodied by computer program instructions. In this regard, the computer program instructions which embody the procedures described above may be stored by a memory 26 of an apparatus employing an embodiment of the present invention and executed by a processor 24 in the apparatus. As will be appreciated, any such computer program instructions may be loaded onto a computer or other programmable apparatus (for example, hardware) to produce a machine, such that the resulting computer or other programmable apparatus provides for implementation of the functions specified in the flowchart block(s). These computer program instructions may also be stored in a non-transitory computer-readable storage memory that may direct a computer or other programmable apparatus to function in a particular manner, such that the instructions stored in the computer-readable storage memory produce an article of manufacture, the execution of which implements the function specified in the flowchart block(s). The computer program instructions may also be loaded onto a computer or other programmable apparatus to cause a series of operations to be performed on the computer or other programmable apparatus to produce a computer-implemented process such that the instructions which execute on the computer or other programmable apparatus provide operations for implementing the functions specified in the flowchart block(s). As such, the operations of FIGS. 3, 4A, 4B, 5, 6A, 6B, and 7-10 when executed, convert a computer or processing circuitry into a particular machine configured to perform an example embodiment of the present invention. Accordingly, the operations of FIGS. 3, 4A, 4B, 5, 6A, 6B, and 7-10 define an algorithm for configuring a computer or processing to perform an example embodiment. In some cases, a general purpose computer may be provided with an instance of the processor which performs the algorithms of FIGS. 3, 4A, 4B, 5, 6A, 6B, and 7-10 to transform the general purpose computer into a particular machine configured to perform an example embodiment.
  • Accordingly, blocks of the flowchart support combinations of means for performing the specified functions and combinations of operations for performing the specified functions. It will also be understood that one or more blocks of the flowcharts, and combinations of blocks in the flowcharts, can be implemented by special purpose hardware-based computer systems which perform the specified functions, or combinations of special purpose hardware and computer instructions.
  • In some embodiments, certain ones of the operations herein may be unnecessary, modified or further amplified. It should be appreciated that each of the modifications, optional operations or amplifications may be included with the operations either alone or in combination with any others among the features described herein.
  • Many modifications and other embodiments of the inventions set forth herein will come to mind to one skilled in the art to which these inventions pertain having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the inventions are not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Moreover, although the foregoing descriptions and the associated drawings describe example embodiments in the context of certain example combinations of elements and/or functions, it should be appreciated that different combinations of elements and/or functions may be provided by alternative embodiments without departing from the scope of the appended claims. In this regard, for example, different combinations of elements and/or functions than those explicitly described above are also contemplated as may be set forth in some of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims (27)

1. A method for performing payment option aggregation, the method comprising:
receiving, from an e-commerce platform, a request to complete a transaction, the request comprising device identifying information and a transaction amount;
authenticating a user device utilizing the device identifying information;
identifying one or more payment options, each payment option having an associated payment method associated with at least one of the one or more payment entities, the identification of the one or more payment options comprising:
querying, in real-time, one or more payment entities by providing the authenticated device identification information to the one or more payment entities; and
receiving return information to the querying, the return information indicative of at least one payment option of the one or more payment options;
providing, for display, a descriptor associated with each of a portion of the identified payment options; and
receiving an indication of a selection of at least one payment option.
2. The method according to claim 1, wherein the authenticating step comprises:
receiving, from the e-commerce platform, an indication of a request received at the e-commerce platform to complete the transaction utilizing a device associated with a user, the indication comprising the device identifying information;
providing a network address to the e-commerce platform, the network address configured to be sent to the device from the e-commerce platform;
receiving, from a second entity, second device identification information, the second device identification information determined upon the device accessing to the network address;
performing a real-time comparison between the device identifying information and second device identification information; and
authenticating the device identifying information if a match is detected between the device identifying information and second device identification information.
3. The method according to claim 1, wherein the transaction is at least one of a purchase, transfer, or a donation.
4. The method according to claim 1, further comprising: determining a subset of one or more payment entities from which to solicit payment options.
5. The method according to claim 1, where the descriptor does not include a credit card number.
6. The method according to claim 4, wherein the subset of one or more payment entities from which to solicit payment options comprise predetermined set of one or more credit card companies, payment processors, or banks, each member of the subset of one or more payment entities from which to solicit payment options configured to identify known and authorized payment accounts associated with the identifying information.
7. The method according to claim 1, further comprising: subsequent to determining the one or more payment entities from which to solicit payment options, providing the determined one or more payment entities with the device identifying information and the transaction amount; and receiving a bid amount from a subset of the determined one or more payment entities, the bid amount indicative of a bid amount each of the one or more payment entities would be willing to pay for placement.
8. The method according to claim 1, further comprising: subsequent to determining the one or more payment entities from which to solicit payment options, providing the determined one or more payment entities with the device identifying information and the transaction amount; and receiving an indication of one or more benefits with which to display in conjunction with an indication of the payment option during placement.
9. The method according to claim 1, further comprising: a pre-processing step of opting-in at one or more payment processors, each having one or more associated payment methods.
10. A computer program product for performing payment option aggregation, the computer program product comprising at least one non-transitory computer-readable storage medium having computer-executable program code instructions stored therein, the computer-executable program code instructions comprising program code instructions for:
receiving, from an e-commerce platform, a request to complete a transaction, the request comprising device identifying information and a transaction amount;
authenticating a user device utilizing the device identifying information;
identifying one or more payment options, each payment option having an associated payment method associated with at least one of the one or more payment entities, the identification of the one or more payment options comprising:
querying, in real-time, one or more payment entities by providing the authenticated device identification information to the one or more payment entities; and
receiving return information to the querying, the return information indicative of at least one payment option of the one or more payment options;
providing, for display, a descriptor associated with each of a portion of the identified payment options; and
receiving an indication of a selection of at least one payment option.
11. The computer program product according to claim 10, wherein the authenticating step comprises:
receiving, from the e-commerce platform, an indication of a request received at the e-commerce platform to complete the transaction utilizing a device associated with a user, the indication comprising the device identifying information;
providing a network address to the e-commerce platform, the network address configured to be sent to the device from the e-commerce platform;
receiving, from a second entity, second device identification information, the second device identification information determined upon the device accessing to the network address;
performing a real-time comparison between the device identifying information and second device identification information; and
authenticating the device identifying information if a match is detected between the device identifying information and second device identification information.
12. The computer program product according to claim 10, wherein the transaction is at least one of a purchase, transfer, or a donation.
13. The computer program product according to claim 10, wherein the computer-executable program code instructions further comprise program code instructions for: determining a subset of one or more payment entities from which to solicit payment options.
14. The computer program product according to claim 10, where the descriptor does not include a credit card number.
15. The computer program product according to claim 13, wherein the subset of one or more payment entities from which to solicit payment options comprise predetermined set of one or more credit card companies, payment processors, or banks, each member of the subset of one or more payment entities from which to solicit payment options configured to identify known and authorized payment accounts associated with the identifying information.
16. The computer program product according to claim 10, wherein the computer-executable program code instructions further comprise program code instructions for: subsequent to determining the one or more payment entities from which to solicit payment options, providing the determined one or more payment entities with the device identifying information and the transaction amount; and receiving a bid amount from a subset of the determined one or more payment entities, the bid amount indicative of a bid amount each of the one or more payment entities would be willing to pay for placement.
17. The computer program product according to claim 10, wherein the computer-executable program code instructions further comprise program code instructions for: subsequent to determining the one or more payment entities from which to solicit payment options, providing the determined one or more payment entities with the device identifying information and the transaction amount; and receiving an indication of one or more benefits with which to display in conjunction with an indication of the payment option during placement.
18. The computer program product according to claim 10, wherein the computer-executable program code instructions further comprise program code instructions for: a pre-processing step of opting-in at one or more payment processors, each having one or more associated payment methods.
19. An apparatus for performing payment option aggregation, the apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the processor, cause the apparatus to at least:
receive, from an e-commerce platform, a request to complete a transaction, the request comprising device identifying information and a transaction amount;
authenticate a user device utilizing the device identifying information;
identifying one or more payment options, each payment option having an associated payment method associated with at least one of the one or more payment entities, the identification of the one or more payment options comprising:
querying, in real-time, one or more payment entities by providing the authenticated device identification information to the one or more payment entities; and
receiving return information to the querying, the return information indicative of at least one payment option of the one or more payment options;
provide, for display, a descriptor associated with each of a portion of the identified payment options; and
receive an indication of a selection of at least one payment option.
20. The apparatus according to claim 19, wherein the authentication comprises:
receiving, from the e-commerce platform, an indication of a request received at the e-commerce platform to complete the transaction utilizing the user device associated with a user, the indication comprising the device identifying information;
providing a network address to the e-commerce platform, the network address configured to be sent to the device from the e-commerce platform;
receiving, from a second entity, second device identification information, the second device identification information determined upon the device accessing to the network address;
performing a real-time comparison between the device identifying information and second device identification information; and
authenticating the device identifying information if a match is detected between the device identifying information and second device identification information.
21. The apparatus according to claim 19, wherein the transaction is at least one of a purchase, transfer, or a donation.
22. The apparatus according to claim 19, the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to: determine a subset of one or more payment entities from which to solicit payment options.
23. The apparatus according to claim 19, where the descriptor does not include a credit card number.
24. The apparatus according to claim 22, wherein the subset of one or more payment entities from which to solicit payment options comprise predetermined set of one or more credit card companies, payment processors, or banks, each member of the subset of one or more payment entities from which to solicit payment options configured to identify known and authorized payment accounts associated with the identifying information.
25. The apparatus according to claim 19, wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to: subsequent to determining the one or more payment entities from which to solicit payment options, provide the determined one or more payment entities with the device identifying information and the transaction amount; and receive a bid amount from a subset of the determined one or more payment entities, the bid amount indicative of a bid amount each of the one or more payment entities would be willing to pay for placement.
26. The apparatus according to claim 19, wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to: subsequent to determining the one or more payment entities from which to solicit payment options, provide the determined one or more payment entities with the device identifying information and the transaction amount; and receiving an indication of one or more benefits with which to display in conjunction with an indication of the payment option during placement.
27. The apparatus according to claim 19, wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to: perform a pre-processing step of opting-in at one or more payment processors, each having one or more associated payment methods.
US15/424,596 2016-02-03 2017-02-03 Method and apparatus for facilitating performing payment option aggregation utilizing an automated authentication engine Abandoned US20190287109A1 (en)

Priority Applications (10)

Application Number Priority Date Filing Date Title
US15/424,596 US20190287109A1 (en) 2016-02-03 2017-02-03 Method and apparatus for facilitating performing payment option aggregation utilizing an automated authentication engine
US15/938,423 US20180316671A1 (en) 2016-02-03 2018-03-28 Method and apparatus for facilitating authorization of a specified task via multi-stage and multi-level authentication processes utilizing frictionless two-factor authentication
US15/938,276 US20180232718A1 (en) 2016-02-03 2018-03-28 Method and apparatus for facilitating payment option aggregation to complete a transaction initiated at a third party payment apparatus, utilizing an automated authentication engine
US15/938,252 US20180268476A1 (en) 2016-02-03 2018-03-28 Method and apparatus for facilitating multi-element bidding for influencing a position on a payment list generated by an automated authentication engine
US15/938,260 US20180232740A1 (en) 2016-02-03 2018-03-28 Method and apparatus for facilitating payment option aggregation and without additional user input, payment option selection, utilizing an automated authentication engine
US15/938,322 US20180234418A1 (en) 2016-02-03 2018-03-28 Method and apparatus for facilitating access to publish or post utilizing frictionless two-factor authentication
US15/938,240 US20180225671A1 (en) 2016-02-03 2018-03-28 Method and apparatus for facilitating performing payment option aggregation utilizing an automated authentication engine
US15/938,191 US20180229689A1 (en) 2016-02-03 2018-03-28 Method and apparatus for facilitating access to an automobile utilizing frictionless two-factor authentication
US15/938,226 US20180232514A1 (en) 2016-02-03 2018-03-28 Method and apparatus for facilitating access to a device utilizing frictionless two-factor authentication
US15/938,230 US20180316670A1 (en) 2016-02-03 2018-03-28 Method and apparatus for facilitating frictionless two-factor authentication

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201662290491P 2016-02-03 2016-02-03
US201662313845P 2016-03-28 2016-03-28
US201662325478P 2016-04-21 2016-04-21
US201662416210P 2016-11-02 2016-11-02
US15/424,596 US20190287109A1 (en) 2016-02-03 2017-02-03 Method and apparatus for facilitating performing payment option aggregation utilizing an automated authentication engine

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US15/424,597 Continuation-In-Part US20190287110A1 (en) 2016-02-03 2017-02-03 Method and apparatus for facilitating multi-element bidding for influencing a position on a payment list generated by an automated authentication engine

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/424,595 Continuation-In-Part US10587614B2 (en) 2016-02-03 2017-02-03 Method and apparatus for facilitating frictionless two-factor authentication

Publications (1)

Publication Number Publication Date
US20190287109A1 true US20190287109A1 (en) 2019-09-19

Family

ID=59499464

Family Applications (3)

Application Number Title Priority Date Filing Date
US15/424,596 Abandoned US20190287109A1 (en) 2016-02-03 2017-02-03 Method and apparatus for facilitating performing payment option aggregation utilizing an automated authentication engine
US15/424,597 Abandoned US20190287110A1 (en) 2016-02-03 2017-02-03 Method and apparatus for facilitating multi-element bidding for influencing a position on a payment list generated by an automated authentication engine
US15/424,595 Expired - Fee Related US10587614B2 (en) 2016-02-03 2017-02-03 Method and apparatus for facilitating frictionless two-factor authentication

Family Applications After (2)

Application Number Title Priority Date Filing Date
US15/424,597 Abandoned US20190287110A1 (en) 2016-02-03 2017-02-03 Method and apparatus for facilitating multi-element bidding for influencing a position on a payment list generated by an automated authentication engine
US15/424,595 Expired - Fee Related US10587614B2 (en) 2016-02-03 2017-02-03 Method and apparatus for facilitating frictionless two-factor authentication

Country Status (4)

Country Link
US (3) US20190287109A1 (en)
EP (1) EP3412017B1 (en)
CN (1) CN109076070A (en)
WO (1) WO2017134632A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230147228A1 (en) * 2021-11-05 2023-05-11 Cox Automotive, Inc. Systems and methods for improved transaction platforms

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109076070A (en) 2016-02-03 2018-12-21 艾佛伦美国公司 For assisting the method and apparatus without friction two-factor authentication
CN107483419B (en) * 2017-07-28 2020-06-09 深圳市优克联新技术有限公司 Method, device and system for authenticating access terminal by server, server and computer readable storage medium
CN110869963A (en) * 2017-08-02 2020-03-06 麦克赛尔株式会社 Biometric authentication settlement system, settlement system and cash register system
WO2019173620A1 (en) * 2018-03-07 2019-09-12 Averon Us, Inc. Method and apparatus for facilitating frictionless two-factor authentication
WO2019191369A1 (en) * 2018-03-28 2019-10-03 Averon Us, Inc. Method and apparatus for facilitating access to publish or post utilizing frictionless two-factor authentication
WO2019191433A1 (en) * 2018-03-28 2019-10-03 Averon Us, Inc. Method and apparatus for facilitating payment option aggregation and without additional user input, payment option selection, utilizing an automated authentication engine
WO2019191417A1 (en) * 2018-03-28 2019-10-03 Averon Us, Inc. Method and apparatus for facilitating access to an automobile utilizing frictionless two-factor authentication
WO2019191404A1 (en) * 2018-03-28 2019-10-03 Averon Us, Inc. Method and apparatus for facilitating payment option aggregation to complete a transaction initiated at a third party payment apparatus, utilizing an automated authentication engine
WO2019191365A1 (en) * 2018-03-28 2019-10-03 Averon Us, Inc. Method and apparatus for facilitating performing payment option aggregation utilizing an automated authentication engine
WO2019191427A1 (en) * 2018-03-28 2019-10-03 Averon Us, Inc. Method and apparatus for facilitating access to a device utilizing frictionless two-factor authentication
WO2019191362A1 (en) * 2018-03-28 2019-10-03 Averon Us, Inc. Method and apparatus for facilitating frictionless two-factor authentication
WO2019191394A1 (en) * 2018-03-28 2019-10-03 Averon Us, Inc. Method and apparatus for facilitating authorization of a specified task via multi-stage and multi-level authentication processes utilizing frictionless two-factor authentication
WO2019191367A1 (en) * 2018-03-28 2019-10-03 Averon Us, Inc. Method and apparatus for facilitating multi-element bidding for influencing a position on a payment list generated by an automated authentication engine
US11366841B2 (en) * 2019-02-14 2022-06-21 Bank Of Montreal Systems and methods for secure storage and retrieval of trade data
US11245680B2 (en) * 2019-03-01 2022-02-08 Analog Devices, Inc. Garbled circuit for device authentication
GB2582169B (en) 2019-03-13 2021-08-11 Trustonic Ltd Authentication method
US11070379B2 (en) * 2019-04-18 2021-07-20 Advanced New Technologies Co., Ltd. Signature verification for a blockchain ledger
US20230015789A1 (en) * 2021-07-08 2023-01-19 Vmware, Inc. Aggregation of user authorizations from different providers in a hybrid cloud environment
US11962596B2 (en) 2021-08-04 2024-04-16 Bank Of America Corporation Integrated multifactor authentication for network access control
CN113423116B (en) * 2021-08-25 2021-12-24 广州朗国电子科技股份有限公司 Configuration method of 5G hot spot default mode based on Android system
US11875034B2 (en) * 2021-09-27 2024-01-16 Honeywell International Inc. Systems and methods for flight deck customization and pilot performance analytics
US11647392B1 (en) 2021-12-16 2023-05-09 Bank Of America Corporation Systems and methods for context-aware mobile application session protection
CN114301687B (en) * 2021-12-29 2024-05-14 河南紫联物联网技术有限公司 Wireless communication equipment authentication method and device, electronic equipment and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120246702A1 (en) * 2011-03-21 2012-09-27 Webcetera, L.P. System, method and computer program product for access authentication
US20140149293A1 (en) * 2010-04-09 2014-05-29 Kevin Laracey Transaction token issuing authorities
US20140258110A1 (en) * 2013-03-11 2014-09-11 Digimarc Corporation Methods and arrangements for smartphone payments and transactions
US20150073980A1 (en) * 2013-09-06 2015-03-12 Ebay Inc. Bluetooth low energy (ble) pre-check in
US20170171199A1 (en) * 2015-12-15 2017-06-15 Verizon Patent And Licensing Inc. Network-based frictionless two-factor authentication service

Family Cites Families (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6014085A (en) 1997-10-27 2000-01-11 Lucent Technologies Inc. Strengthening the authentication protocol
CA2358129A1 (en) 2001-10-02 2003-04-02 Wmode Inc. Method and system for delivering confidential information
JP3610341B2 (en) 2002-02-19 2005-01-12 キヤノン株式会社 Network device and remote control relay server
US6993659B2 (en) 2002-04-23 2006-01-31 Info Data, Inc. Independent biometric identification system
US8751801B2 (en) * 2003-05-09 2014-06-10 Emc Corporation System and method for authenticating users using two or more factors
GB0400270D0 (en) 2004-01-07 2004-02-11 Nokia Corp A method of authorisation
US9391985B2 (en) * 2005-04-26 2016-07-12 Guy Hefetz Environment-based two-factor authentication without geo-location
US20070056022A1 (en) 2005-08-03 2007-03-08 Aladdin Knowledge Systems Ltd. Two-factor authentication employing a user's IP address
US8090945B2 (en) * 2005-09-16 2012-01-03 Tara Chand Singhal Systems and methods for multi-factor remote user authentication
EP2506184A1 (en) 2006-03-29 2012-10-03 The Bank of Tokyo-Mitsubishi UFJ, Ltd. Apparatus, method, and program for validating user
US8249965B2 (en) 2006-03-30 2012-08-21 Obopay, Inc. Member-supported mobile payment system
US20090112767A1 (en) 2007-10-25 2009-04-30 Ayman Hammad Escrow system and method
US8321285B1 (en) 2009-10-05 2012-11-27 Mocapay, Inc. Method and system for routing transactions to a mobile-commerce platform
CN101795196A (en) * 2010-03-10 2010-08-04 宇龙计算机通信科技(深圳)有限公司 Authentication method and authentication system for logging in to online banks
US8601602B1 (en) * 2010-08-31 2013-12-03 Google Inc. Enhanced multi-factor authentication
JP4713694B1 (en) * 2010-10-05 2011-06-29 株式会社シー・エス・イー Two-factor user authentication system and method
EP2448305A1 (en) * 2010-10-29 2012-05-02 France Telecom Data processing for securing local resources in a mobile device
CN102143482B (en) * 2011-04-13 2013-11-13 中国工商银行股份有限公司 Method and system for authenticating mobile banking client information, and mobile terminal
US8984605B2 (en) * 2011-08-23 2015-03-17 Zixcorp Systems, Inc. Multi-factor authentication
US8649768B1 (en) 2011-08-24 2014-02-11 Cellco Partnership Method of device authentication and application registration in a push communication framework
US8799655B1 (en) 2012-09-26 2014-08-05 Emc Corporation Mobile offline authentication using one-time passcodes
US20140136353A1 (en) 2012-11-15 2014-05-15 Wallaby Financial Inc. System and method for optimizing card usage in a payment transaction
GB2509895A (en) 2012-11-22 2014-07-23 Visa Europe Ltd Activation and Use of a Digital Wallet via Online Banking
US9355231B2 (en) 2012-12-05 2016-05-31 Telesign Corporation Frictionless multi-factor authentication system and method
US9143506B2 (en) 2013-02-13 2015-09-22 Daniel Duncan Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information
US9292832B2 (en) 2013-02-25 2016-03-22 Qualcomm Incorporated Collaborative intelligence and decision-making in an IoT device group
EP2989770A1 (en) * 2013-04-26 2016-03-02 Interdigital Patent Holdings, Inc. Multi-factor authentication to achieve required authentication assurance level
CN104574057B (en) 2013-10-25 2020-06-16 腾讯科技(深圳)有限公司 Online payment method and related equipment and system
EP2933981B1 (en) * 2014-04-17 2018-08-01 Comptel OY Method and system of user authentication
CN103944737B (en) * 2014-05-06 2018-11-02 中国联合网络通信集团有限公司 Method for authenticating user identity, Third Party Authentication platform, carrier authorization platform
US9032498B1 (en) 2014-05-25 2015-05-12 Mourad Ben Ayed Method for changing authentication for a legacy access interface
US9887995B2 (en) 2015-03-20 2018-02-06 Cyberdeadbolt Inc. Locking applications and devices using secure out-of-band channels
US10185948B2 (en) 2015-05-06 2019-01-22 Visa International Service Association Systems and methods to generate a location dependent alert in a mobile device of a user
EP3326138A4 (en) 2015-07-24 2019-01-16 Castor Pollux Holdings S.a.r.l. Device, system, and method for transfer of commodities
US10084780B2 (en) 2015-12-15 2018-09-25 Verizon Patent And Licensing Inc. Network-based authentication and security services
CN105654302B (en) 2015-12-24 2020-02-28 北京小米支付技术有限公司 Payment method and device
CN109076070A (en) 2016-02-03 2018-12-21 艾佛伦美国公司 For assisting the method and apparatus without friction two-factor authentication
US9949130B2 (en) 2016-02-04 2018-04-17 StarHome Mach GmbH Data security for internet of things (IOT) devices

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140149293A1 (en) * 2010-04-09 2014-05-29 Kevin Laracey Transaction token issuing authorities
US20120246702A1 (en) * 2011-03-21 2012-09-27 Webcetera, L.P. System, method and computer program product for access authentication
US20140258110A1 (en) * 2013-03-11 2014-09-11 Digimarc Corporation Methods and arrangements for smartphone payments and transactions
US20150073980A1 (en) * 2013-09-06 2015-03-12 Ebay Inc. Bluetooth low energy (ble) pre-check in
US20170171199A1 (en) * 2015-12-15 2017-06-15 Verizon Patent And Licensing Inc. Network-based frictionless two-factor authentication service

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230147228A1 (en) * 2021-11-05 2023-05-11 Cox Automotive, Inc. Systems and methods for improved transaction platforms

Also Published As

Publication number Publication date
US20190287110A1 (en) 2019-09-19
WO2017134632A1 (en) 2017-08-10
US20190260737A1 (en) 2019-08-22
EP3412017B1 (en) 2020-08-26
US10587614B2 (en) 2020-03-10
EP3412017A1 (en) 2018-12-12
CN109076070A (en) 2018-12-21

Similar Documents

Publication Publication Date Title
US20190287109A1 (en) Method and apparatus for facilitating performing payment option aggregation utilizing an automated authentication engine
US11481754B2 (en) Secure payment method and system
US11270287B2 (en) Wireless dongle facilitated mobile transactions
US20180225671A1 (en) Method and apparatus for facilitating performing payment option aggregation utilizing an automated authentication engine
US10268810B2 (en) Methods, apparatus and systems for securely authenticating a person depending on context
US20180232740A1 (en) Method and apparatus for facilitating payment option aggregation and without additional user input, payment option selection, utilizing an automated authentication engine
US20180268476A1 (en) Method and apparatus for facilitating multi-element bidding for influencing a position on a payment list generated by an automated authentication engine
US10332104B2 (en) Techniques for an in-vehicle electronic wallet
US20140351126A1 (en) Secure synchronization of payment accounts to third-party applications or websites
US20170116596A1 (en) Mobile Communication Device with Proximity Based Communication Circuitry
US20180232718A1 (en) Method and apparatus for facilitating payment option aggregation to complete a transaction initiated at a third party payment apparatus, utilizing an automated authentication engine
US20220343298A1 (en) System and method for third party payment at point of sale terminals
US20160035006A1 (en) Streamlined online checkout
KR101718789B1 (en) Mobile payment system with contactless mobile payment device using Bluetooth communication,and Payment data processing method using thereof
US20240214821A1 (en) Methods and systems for smart identification and step-up authentication
KR20180135007A (en) Access credential management device
CN108027923B (en) Dynamic portable communication system
WO2019191365A1 (en) Method and apparatus for facilitating performing payment option aggregation utilizing an automated authentication engine
KR101649995B1 (en) Contactless mobile payment device using Bluetooth communication, Payment data processing method of the mobile payment device, and Recording medium with a program for performing the method
WO2019191367A1 (en) Method and apparatus for facilitating multi-element bidding for influencing a position on a payment list generated by an automated authentication engine
WO2019191433A1 (en) Method and apparatus for facilitating payment option aggregation and without additional user input, payment option selection, utilizing an automated authentication engine
WO2019191404A1 (en) Method and apparatus for facilitating payment option aggregation to complete a transaction initiated at a third party payment apparatus, utilizing an automated authentication engine

Legal Events

Date Code Title Description
AS Assignment

Owner name: AVERON US, INC., NEVADA

Free format text: CHANGE OF NAME;ASSIGNOR:CLOUDWEAR, INC.;REEL/FRAME:043203/0026

Effective date: 20170203

AS Assignment

Owner name: CLOUDWEAR, INC., NEVADA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROWN, WENDELL;REEL/FRAME:045522/0904

Effective date: 20171109

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION