WO2013050738A2 - User authentication - Google Patents

User authentication Download PDF

Info

Publication number
WO2013050738A2
WO2013050738A2 PCT/GB2012/052368 GB2012052368W WO2013050738A2 WO 2013050738 A2 WO2013050738 A2 WO 2013050738A2 GB 2012052368 W GB2012052368 W GB 2012052368W WO 2013050738 A2 WO2013050738 A2 WO 2013050738A2
Authority
WO
WIPO (PCT)
Prior art keywords
user
service
code
authentication
mobile
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/GB2012/052368
Other languages
English (en)
French (fr)
Other versions
WO2013050738A3 (en
WO2013050738A4 (en
Inventor
Jeremy GOLDSTONE
Dermot DWYER
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Barclays Bank PLC
Original Assignee
Barclays Bank PLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to JP2014533977A priority Critical patent/JP5992528B2/ja
Application filed by Barclays Bank PLC filed Critical Barclays Bank PLC
Priority to US14/349,454 priority patent/US11063933B2/en
Priority to CA2850942A priority patent/CA2850942C/en
Priority to AU2012320281A priority patent/AU2012320281A1/en
Priority to AP2014007607A priority patent/AP2014007607A0/xx
Priority to EP12788233.0A priority patent/EP2774344B1/en
Publication of WO2013050738A2 publication Critical patent/WO2013050738A2/en
Publication of WO2013050738A3 publication Critical patent/WO2013050738A3/en
Publication of WO2013050738A4 publication Critical patent/WO2013050738A4/en
Anticipated expiration legal-status Critical
Priority to ZA2014/03201A priority patent/ZA201403201B/en
Priority to AU2017232215A priority patent/AU2017232215A1/en
Priority to AU2019236638A priority patent/AU2019236638B2/en
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/313User authentication using a call-back technique via a telephone network
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/306Payment architectures, schemes or protocols characterised by the use of specific devices or networks using TV related infrastructures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3272Short range or proximity payments by means of M-devices using an audio code
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3276Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3274Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity

Definitions

  • This invention relates to methods and systems for user authentication.
  • User authentication is required in order to provide secure user access to a remote service, such as an online or telephone system, a messaging service or to a local service.
  • a remote service such as an online or telephone system, a messaging service or to a local service.
  • current user authentication processes can be frustrating for the user; for example, a user requesting a service over the telephone may be required to respond to numerous requests for passcodes or personal data. These requests may be repeated when a user is passed to another operator during a call. The user may find passcodes difficult to remember, yet these passcodes are easy to intercept.
  • personal data for the user may be easily obtainable from various public sources.
  • a user authentication method in which the user is authenticated by interaction with an application at a mobile telephony device, which then initiates a voice call to the remote system and sends an authentication code to the remote system within the voice call, for example as DTMF tones, synthesized voice, or as data within a Voice- over-IP call.
  • the remote system authenticates the user by means of the authentication code.
  • the user's authenticated state may be maintained at the remote system as the caller is transferred between operators, or the user may be prompted to re-authenticate at the mobile device.
  • the authentication code is validated by a mobile gateway which acts as an authentication server or service for the mobile application and remote service.
  • a user authentication method in which the user is authenticated by a mobile device, which then initiates a secure messaging session with a remote operator. Within the session, the user may issue an instruction which requires additional authorisation. The remote operator then initiates an additional authorisation request, which the user validates at the mobile telephony device, so that a validated request is then sent to the remote operator.
  • a user authentication method at a location at which a variable challenge code is provided A user captures the challenge code using a mobile device, the user is authenticated on the mobile device, and the mobile device sends the challenge code to a remote system for validation. If the challenge code is validated, the remote system sends a confirmation code to the mobile device, which outputs the confirmation code for capture by an operator at the location. The operator captures the confirmation code and sends the confirmation code to the remote system for validation. If the confirmation code is validated, the operator may provide a service to the user at the location, optionally having performed a further authentication with the user.
  • a mobile device there may be provided a mobile gateway, and associated computer programs arranged to carry out any of the above methods.
  • the mobile gateway, an application on the mobile device and an application at the remote or local service as appropriate, which enable one or more of the above methods, are believed to be novel and inventive.
  • Figure 1 is a block diagram showing the main components of a mobile user authentication system according to embodiments of the invention.
  • Figure 2 is a diagram of a method of user authentication in a first embodiment of the invention.
  • Figures 2a and 2b are schematic screenshots of the mobile device display, respectively during login and call type selection.
  • Figure 2c is a sequence diagram of a more detailed version of the first embodiment.
  • Figure 3 is a diagram of a method of user authentication in a second embodiment of the invention.
  • Figure 4 is a diagram of a method of user authentication in a third embodiment of the invention.
  • Figure 4a is a diagram of a user authentication system in a more detailed version of the third embodiment.
  • Figure 4b is a sequence diagram of the more detailed version of the third embodiment.
  • Figure 5 is a diagram showing details of a mobile device for use in embodiments of the invention.
  • Figure 6 is a diagram showing details of a computer system for use in embodiments of the invention.
  • a mobile authentication system comprises a wireless or mobile device 1 communicating over a wireless or mobile network 3 with a mobile gateway 4 by means of a mobile application la.
  • the mobile device 1 is of a type that is known per se, such as an iOSTM, BlackberryTM or AndroidTM based smartphone. In some em bodiments, the mobile device need not have a voice telephony function.
  • the network 3 may comprise a terrestrial cellular network such as a 2G, 3G or 4G network, a private or public wireless network such as a WiFiTM-based network and/or a mobile satellite network. It will be appreciated that a plurality of, and preferably a large number of mobile devices 1 are operable concurrently within the system.
  • the mobile gateway 4 also manages a repository 7, such as a database, including identification (I D) and registration data and status information of individual authentication sessions.
  • the mobile application la is preferably registered with the mobile gateway 4 during setup of the mobile application la on the mobile device 1.
  • Registration may involve setting up one or more cryptographic keys for secure communication between the mobile application la and the mobile gateway 4.
  • the key(s) may be generated from a passcode entered by the user during setup.
  • the passcode may be a PIN, graphical passcode and/or biometric data such as a fingerprint or iris scan.
  • the passcode may be modified by the user after setup.
  • Registration may also include recording the ID data in the repository 7.
  • the I D data may pertain to the mobile device 1, the mobile application la and/or the user.
  • the I D data is associated with the mobile application la, but includes user data entered during provisioning.
  • the user is required to enter the passcode as part of an authentication process.
  • the passcode may be entered as a numeric or alphanumeric input, a graphical input such as a signature or gesture, or a biometric input.
  • the passcode is validated remotely, for example by generating a cryptographic key from the passcode, which key is used to sign a message sent to the mobile gateway 4.
  • the mobile gateway 4 only responds as described in the embodiments below if the signature is validated. If not, the mobile gateway 4 may prompt the mobile application la to request the passcode again.
  • the mobile gateway 4 may block access by the mobile application la if it presents an invalid signature more than a predetermined number of times. In this way, the authentication process is made resistant to 'brute force' attacks.
  • the passcode may be validated locally against a passcode stored in a local secure area of the mobile device 1. If the passcode is validated, then the mobile application la is enabled to operate, for exam ple as described in the specific embodiments below. This enablement may include access to locally stored cryptographic key(s) for secure communication with the mobile gateway 4.
  • the mobile gateway 4 also communicates with a remote system 8, which may be a remote operator facility.
  • a remote system 8 which may be a remote operator facility.
  • the mobile gateway 4 may communicate with a local system 9, which may be a branch operator facility. These communications are preferably performed over one or more secure networks.
  • FIG. 2 is a diagram of a user authentication process in a first embodiment, in which the user makes a voice call to a remote service 9, such as a telephony service, using the mobile application la, with the mobile gateway 4 acting as an intermediary for authentication purposes.
  • a remote service 9 such as a telephony service
  • FIG. 1 shows an example of a suitable login display generated by the mobile application la.
  • the user may then select a service within the mobile application la that involves an inbound voice call to the remote service 9.
  • the user may make a selection and/or input data relating to the purpose of the voice call.
  • the user may be presented with a menu of the purpose of the call, such as setting up or changing a direct debit instruction, changing customer details, or speaking to an advisor for some other purpose.
  • the mobile application la generates a one-time passcode (OTP) (SI.2) which is sent to the mobile gateway 4, where the OTP is validated (SI.3) and a call identifier is sent to the mobile device 1.
  • OTP one-time passcode
  • SI.2 the OTP is validated
  • SI.3 a call identifier is sent to the mobile device 1.
  • the call identifier is variable and specific to the intended call, and may be a unique session identifier generated by the mobile gateway 4, or may comprise the OTP and ID data.
  • the OTP and/or call identifier may be recorded against the ID data in the repository 7, for example for auditing purposes.
  • the mobile application la In response to receipt of the call identifier, the mobile application la initiates a voice call to the remote service 9 and, when the call has been connected to the remote service 9, passes the call identifier to the remote service 9 within the voice call.
  • the call identifier may be encoded as an audio signal, such as DTMF (dual tone multi frequency) tones or synthesized voice, or embedded within the call so that the user is able to speak while the call identifier is being transferred.
  • the call identifier is a relatively short code that can be encoded in a short period of DTMF tones or voice synthesis.
  • the voice call is a Voice over IP (VoIP) call
  • the call identifier may be passed as non-audio data within the VoIP session.
  • VoIP Voice over IP
  • the ID data may be included with the call identifier.
  • the remote service 9 may record the Caller ID or CLI, which carries the number of the calling party, as ID data.
  • the remote service 9 receives the call (SI.5) and forwards the call identifier to the mobile gateway 4.
  • the call is answered automatically by an interactive voice response (IVR) system that is able to decode and forward the call identifier and the caller ID.
  • IVR interactive voice response
  • the mobile gateway 4 then validates (SI.6) the call identifier against the record previously received at step SI.3, for example by comparison with a record set up in the repository 7. If validation is successful, then the mobile gateway 4 sends a validation signal to the remote service 9.
  • the remote service 9 In response to receipt of the validation signal, the remote service 9 connects the mobile device 1 to a telephone operator at the remote service 9.
  • the telephone operator may comprise a human operator and/or an IVR instance.
  • information relating to the purpose of the call may be passed to the remote service 9; this information may be included in the OTP and call identifier, or may be sent separately to the remote service 9 at step S1.4.
  • the remote service 9 may route the call to a selected telephone operator based on the information relating to the purpose of the call.
  • the mobile application la may call a number dependent on the purpose of the call, for example as selected from the menu shown in Figure 2b.
  • the telephone operator performs a short verbal validation (SI.7) with the user of the mobile device 1, for example by confirming customer data relating to the user, before proceeding with the call.
  • the customer data may be obtained from the mobile gateway 4, or within the remote service 9, and presented to the telephone operator.
  • This verbal validation may be much shorter than the conventional type of verbal validation, since the user has already been authenticated by the process described above.
  • the customer data may also be used by the telephone operator to assist in handling the user's query.
  • FIG. 2c shows a more detailed sequence diagram of a variant of the first embodiment.
  • the remote service 9 is subdivided into a telephone switch 9a or ACD (automatic call distributor), an IVR platform 9b, an IVR application 9c running on the IVR platform 9b, a CTI (computer telephony integration) server 9d, and an operator terminal 9e.
  • the repository 7 is shown as a separate entity, connected to the mobile gateway 4.
  • the same reference numerals and terms are used to indicate the same entities and steps. However, the following specific features of this variant are highlighted below.
  • the switch 9a routes the call to the IVR platform 9b at step SI.4 and rerouting the call from the IVR platform 9b to the operator terminal 9e after step SI.6.
  • the repository 7 is used to validate the OTP against customer records and to generate and store the call identifier at step SI.3.
  • the customer data is retrieved from the repository 7 at step SI.6 and passed via the IVR platform 9b and the CTI server 9d to the operator terminal 9e before step SI.7.
  • the remote service 9 may transfer the user to another telephone operator within the call while preserving the authentication state and user identity, without requiring the user to re-authenticate. However, in some circumstances such as to confirm instructions for a transaction, it may be preferable to require the user to re-authenticate during a call, to generate a new call identifier. This may be done by sending a prompt message from the remote service 9 to the mobile application la, or the operator requesting the user to select a function in the mobile application la. The mobile application la then initiates generation and sending of a new call identifier, for example as in steps Sl.l to SI.6 above, but without clearing the current call.
  • the DTMF codes may be included in the dialling string used to initiate the call at step SI.4.
  • the dialling string may include one or more pauses to allow time for the remote service 9 to answer the call before receiving the call identifier.
  • the use of codes included within the dialling string is advantageous in environments where the mobile application la is prevented from interacting with a call, after call initiation.
  • the mobile application la waits for the call to be answered at step SI.5 before outputting the voice synthesis of the call identifier.
  • This example is suitable for environments where interaction with initiated voice calls is permitted.
  • the audio is muted to the user during output of the voice synthesis of the call identifier.
  • the call identifier may be passed to the remote service 9 within the VoIP protocol, before the voice call is initiated.
  • This example is generally compatible with VoIP applications.
  • FIG 3 is a diagram of a user authentication process in a second embodiment, in which the user initiates a secure messaging session to a remote service 9 using the mobile application la, with the mobile gateway 4 acting as an intermediary for authentication purposes.
  • the remote service 9 may request validation of user instructions within the secure messaging session.
  • the user is first required to enter the passcode (S2.1). The user may then select, within the mobile application la, a secure chat session with the remote service 9.
  • the mobile application la generates a one-time passcode (OTP) (S2.2) which is sent to the mobile gateway 4, where the OTP is validated (S2.3). Validation may include recording the OTP against the relevant ID data in the repository 7.
  • OTP one-time passcode
  • the mobile gateway then sends an authorisation signal to the mobile application la, authorising the mobile application la to initiate (S2.4) a secure messaging or 'chat' session through the mobile gateway (S2.5) to the remote service (S2.6).
  • the user may then exchange chat messages (S2.7) through the mobile gateway 4 (S2.8) to an operator at the remote service 9 (S2.9).
  • the mobile gateway 4 validates the user identity and the authorisation status of the messaging session before passing messages.
  • the messaging or chat session involves the bidirectional exchange of alphanumeric (text-based) messages between two parties (the user and the remote operator) within a session.
  • the messages may be passed between the two parties substantially instantly, in real time.
  • the messages are preferably encrypted, for example using a key established during session set-up (steps S2.4 to S2.6).
  • the remote operator may be a human operator or may be a computer program (e.g. a 'chat-bot' trained to respond appropriately to frequently asked questions, for example).
  • the user may send a message including an instruction (step S2.10), which requires the operator to perform an action.
  • This message is passed through the mobile gateway 4 (step 2.11) to the remote service 9, in the same way as any other chat message within the session.
  • the operator in response to receipt of the instruction and identification that an action is required, initiates an authorisation request (step 2.12), to obtain confirmation that the instruction is authorised by the user.
  • An authorisation request is sent through the mobile gateway 4 (S2.13) to the mobile application, including details of the action to be authorised.
  • the mobile application In response to receipt of the authorisation request, the mobile application displays the received details of the action to be authorised, and requests the user to enter a passcode to confirm the instruction (S2.14).
  • the passcode may the same as used in step S2.1, or a different passcode.
  • the mobile application la applies a cryptographic signature, for example based on the passcode, to the details of the authorised action, and sends the signed authorisation to the mobile gateway 4, which validates (S2.16) the cryptographic signature against the details sent to the mobile application la at step S2.13. If this validation is successful, the mobile gateway 4 sends the validated instruction details to the remote service 9, including a validation message. Alternatively, the signature may be validated directly with the remote service 9, without involvement of the mobile gateway 4.
  • the operator at the remote service 9 carries out the instruction (S2.17), and may optionally send a confirmation message to the user within the messaging session.
  • the instruction may relate to a money transfer of a specified value to a specified account, and the execution of the instruction involves initiation of the money transfer through a computerised banking system.
  • the present embodiment is not limited to banking or financial applications, but relates to telecommunication between remote parties, with an authentication and authorisation function.
  • Figure 4 is a diagram of a user authentication process in a third embodiment, in which the user is authenticated with a local service 8 using the mobile application la, with the mobile gateway 4 acting as an authentication service.
  • the mobile application la interacts with the local service 8 through one or more local and/or direct means, such as machine-accessible codes.
  • codes may comprise one- or two-dimensional barcodes, preferably Quick Response (Q.R) two- dimensional barcodes.
  • the codes may comprise audio codes, optionally embedded in other audio content.
  • the codes may be sent over one or more short-range wireless links, such as NFC (near-field communication) links.
  • the mobile gateway 4 generates a variable challenge code (S3.1), which is transmitted to the local service 8.
  • the challenge code preferably varies with time. In applications where there are a plurality of local services 8 at different physical locations, the challenge code preferably varies with each local service 8 and is therefore indicative of the location of the local service.
  • the local service 8 outputs the challenge code (S3.2) in a machine-accessible form, such as a barcode or Q.R code.
  • the challenge code is generated independently of any specific user authentication session, and is provided for capture by any user wishing to be authenticated.
  • the challenge code may be generated independently of the mobile gateway 4, from information that is verifiable by the mobile gateway 4.
  • a user wishing to be authenticated to the local service 8 uses the mobile application la to capture the challenge code (S3.3), and enters the passcode (S3.4) to log in to the mobile application la, in either order.
  • the mobile application la generates a response code, based on the challenge code and preferably identifying the mobile device 1 and/or the mobile application la.
  • the mobile application la then sends the response code to the mobile gateway 4, for example by initiating a call to the mobile gateway 4, and passing the response code within the call, for example as a DTMF string.
  • Other methods may be used, such as data transfer via an Internet connection, or a text message.
  • Validation may include checking that the response code is based on a challenge code generated and sent to the local service 8 within a predetermined time window prior to receipt of the response code from the mobile application la. Validation may also include checking that the mobile application la is authorised to use the authentication service.
  • the mobile gateway 4 In response to successful validation, the mobile gateway 4 generates a confirmation code derived from the response code and sends the confirmation code to the mobile application la, which outputs the confirmation code (S3.6) in a machine-accessible form.
  • the local service 8 captures the confirmation code (S3.7) and sends the confirmation code, or another code based on the confirmation code, to the mobile gateway 4.
  • the mobile gateway 4 then validates the confirmation code (S3.8), so as to confirm that the user has been successfully authenticated in the process described above.
  • Validation may include checking that the confirmation code corresponds to a challenge code that was previously sent to the local service 8 at step S3.1.
  • Validation may also include checking that the confirmation code was sent to the mobile application la previously at step S3.5 within a predetermined time window.
  • the mobile gateway 4 sends a validation message to the local service 8, preferably including one or more user records retrieved from the repository 7.
  • the local service 8 may further authenticate the user by asking the user to provide user information and checking this against the one or more user records.
  • the local service 8 may then carry out a service for the user.
  • the challenge code, response code and/or the confirmation code are preferably encrypted, secured, and/or cryptographically signed, to prevent spoofing of the codes or interception of information contained within them.
  • the challenge code may include a secure hash so as to prevent generation of false challenge codes.
  • the response code may be signed by the mobile application la.
  • the confirmation code may be signed by the mobile gateway 4, may be further signed by the mobile application la before output to the local service 8 and/or may be signed by the local service 8 before transmission to the mobile gateway 4.
  • the communications with the mobile gateway 4 may be via a secure channel.
  • the local service 8 is located at a branch of a bank. There may be a plurality of such local services, each located at a corresponding local branch of the bank.
  • the local service comprises at least a computer 8a, connected to a scanner 8b for scanning the confirmation code, and a display 8c for displaying the challenge code.
  • the computer 8a is connectable to the mobile gateway 4 via a network, such as the network 3.
  • the computer 8a is a counter service computer operable by a counter service operator
  • the scanner 8b may be a scanning device located at the counter, such as a handheld scanner.
  • the computer 8a and the scanner 8b form part of an automated kiosk for providing services, the kiosk including a user interface for providing services to the user via the computer 8a.
  • the computer 8a is a portable device and the scanner 8b is a camera integrated within the portable device.
  • the portable device may run an authentication application for use by staff at the local branch.
  • the portable device may be a smartphone, PDA or the like.
  • the display 8c may be connected to the computer 8a, or to another computer connectable to the mobile gateway 4.
  • the display 8c may be a thin client of the mobile gateway 4, such as an Internet-enabled TV connected to a web or image server of the mobile gateway 4.
  • the display 8c may comprise a printed display, preferably one that is updated periodically.
  • the display 8c is preferably accessible to any user in or around the local branch; for example, the display may be visible through a window of the local branch, or may be accessible on entry to the local branch.
  • step S3.2 the challenge code is displayed on the display 8c, and at step S3.3 the user scans the challenge code using a camera 16 on the mobile device 1.
  • each challenge code displayed concurrently or sequentially on the display 8c, with each challenge code corresponding to a different required service and having associated human readable information indicating the corresponding service.
  • each challenge code for loan applications, another for account queries, and so on.
  • the user scans the challenge code corresponding to the required service, and the confirmation code generated at step S3.5 may then include information identifying the required service.
  • the confirmation code is displayed by the mobile app la on the mobile display 11, and at step S3.7, the confirmation code is scanned with the scanner 8b.
  • the confirmation code generated at step S3.5 may include security features limiting the use of the confirmation code to a particular time and/or location.
  • the confirmation code may include a reference to the local service 8 at which the corresponding challenge code was displayed, and the confirmation code may be rejected if scanned by any other local service 8.
  • the confirmation code may include a reference to a validity period, such as the current date or a time window within that date, and the confirmation code may be rejected if the validity period does not match the time or date of scanning by the local service.
  • the time and/or location reference may be derived from the challenge code, via the response code, or alternatively from the time and/or location of the mobile device when the response code was sent, for example using location and/or time information provided by the mobile device.
  • the user may also provide personal data, such as a postcode or date of birth, and this personal data may be sent with the confirmation code to the mobile gateway for validation at step 3.8.
  • personal data such as a postcode or date of birth
  • step S3.9 user authentication takes place using the one or more user records (e.g. customer data) sent by the mobile gateway 4 at step S3.8, so that the user can be authenticated against the corresponding records, for example by requiring the user to provide personal details and/or a passcode.
  • This additional step helps to prevent fraud e.g. by theft of the mobile device 1.
  • a member of staff may first authenticate the user, for example using paper documents and/or a bank card belonging to the user.
  • the staff member may then obtain a challenge code from the display 8c or directly from the computer 8a, and may then perform steps S3.5 and S3.6 on behalf on the user.
  • the confirmation code may be printed out and handed to the user, who then presents the printed code at step S3.7.
  • a manual authentication service may be performed prior to the service required by the user, which may result in more efficient operation of a local branch.
  • the member of staff authenticating the user may also discover the type of service required by the user, and may then communicate this information as part of the challenge code.
  • the manual authentication service may provide a type of triage for banking customers.
  • An advantage of the detailed embodiment above is that the challenge code may be validated while the user is waiting to be served.
  • the local service 8 may also be informed of which users are waiting to be served, for example by an additional step of sending a report from the mobile gateway 4 to the local service 8. This report may include an indication of the services required by the user(s), as identified above.
  • the local service 8 such as the computer 8a, may then send a status message to the user, for example by sending a message to the user's mobile device 1, either within the mobile application la or via a separate messaging application, such as an SMS or text message; the status message may be a confirmation that the challenge code has been received and validated, a personalised waiting time, notification that the user can now be served and so on.
  • the message may be displayed on a display forming part of the local service; for example, the surname or a codeword for the next customer to be served may be displayed on the display 8c or another display generally visible to customers, so that the customer does not need to check their mobile device 1.
  • the local service 8 may additionally or alternatively make preparations for specific requirements of the users who are waiting to be served, for example as identified by the challenge code selected by the user.
  • the local service 8 may prioritise or manage specific users of the system described above, based for example on the corresponding user records or the service required.
  • a user requesting a specific service may be directed to a specific counter or kiosk dedicated to that service.
  • a user requiring a quick service may be prioritised ahead of a user requiring a lengthy service. This information may be communicated to the user by the status message.
  • Figure 5 shows further details of one example of the mobile device 1, comprising at least a processor 10, including for example hardware and an application platform, running the application la, and connected to memory 13 storing local data 14.
  • the application platform may be a mobile operating system such as iOSTM, AndroidTM or Blackberry OS.
  • the application la may comprise program code, which can be loaded or downloaded onto the mobile device 1.
  • the mobile device 1 has a display 11 and a manual input device 12, which may be integrated with the display as a touchscreen, and/or provided as a keypad.
  • An alternative or additional input device may be used, such as a trackball, trackpad, motion sensor or mouse.
  • the mobile device 1 may include a camera or scanner 16 for capturing optical images and/or codes.
  • the mobile device 1 includes a network interface 15 to the wireless or mobile network 3.
  • the mobile device 1 may also include an NFC interface 17.
  • the mobile gateway 4, local service 8 and/or remote service 9 herein may be implemented by computer systems such as computer system 1000 as shown in Figure 6.
  • Embodiments of the present invention may be implemented as programmable code for execution by such computer systems 1000. After reading this description, it will become apparent to a person skilled in the art how to implement the invention using other computer systems and/or computer architectures.
  • Computer system 1000 includes one or more processors, such as processor 1004.
  • Processor 1004 may be any type of processor, including but not limited to a special purpose or a general-purpose digital signal processor.
  • Processor 1004 is connected to a communication infrastructure 1006 (for example, a bus or network).
  • a communication infrastructure 1006 for example, a bus or network.
  • Computer system 1000 also includes a main memory 1008, preferably random access memory (RAM), and may also include a secondary memory 610.
  • Secondary memory 1010 may include, for example, a hard disk drive 1012 and/or a removable storage drive 1014, representing a floppy disk drive, a magnetic tape drive, an optical disk drive, etc.
  • Removable storage drive 1014 reads from and/or writes to a removable storage unit 1018 in a well-known manner.
  • Removable storage unit 1018 represents a floppy disk, magnetic tape, optical disk, etc., which is read by and written to by removable storage drive 1014.
  • removable storage unit 618 includes a computer usable storage medium having stored therein computer software and/or data.
  • secondary memory 1010 may include other similar means for allowing computer programs or other instructions to be loaded into computer system 1000.
  • Such means may include, for example, a removable storage unit 1022 and an interface 1020.
  • Examples of such means may include a removable memory chip (such as an EPROM, or PROM, or flash memory) and associated socket, and other removable storage units 1022 and interfaces 1020 which allow software and data to be transferred from removable storage unit 1022 to computer system 1000.
  • the program may be executed and/or the data accessed from the removable storage unit 1022, using the processor 1004 of the computer system 1000.
  • Computer system 1000 may also include a communication interface 1024.
  • Communication interface 1024 allows software and data to be transferred between computer system 1000 and external devices. Examples of communication interface 1024 may include a modem, a network interface (such as an Ethernet card), a communication port, a Personal Computer Memory Card International Association (PCMCIA) slot and card, etc.
  • Software and data transferred via communication interface 1024 are in the form of signals 1028, which may be electronic, electromagnetic, optical, or other signals capable of being received by communication interface 1024. These signals 1028 are provided to communication interface 1024 via a communication path 1026.
  • Communication path 1026 carries signals 1028 and may be implemented using wire or cable, fibre optics, a phone line, a wireless link, a cellular phone link, a radio frequency link, or any other suitable communication channel. For instance, communication path 1026 may be implemented using a combination of channels.
  • computer program medium and “computer usable medium” are used generally to refer to media such as removable storage drive 1014, a hard disk installed in hard disk drive 1012, and signals 1028. These computer program products are means for providing software to computer system 1000. However, these terms may also include signals (such as electrical, optical or electromagnetic signals) that embody the computer program disclosed herein.
  • Computer programs are stored in main memory 1008 and/or secondary memory 1010. Computer programs may also be received via communication interface 1024. Such computer programs, when executed, enable computer system 1000 to implement embodiments of the present invention as discussed herein. Accordingly, such computer programs represent controllers of computer system 1000. Where the embodiment is implemented using software, the software may be stored in a computer program product and loaded into computer system 1000 using removable storage drive 1014, hard disk drive 1012, or communication interface 1024, to provide some examples.
  • Embodiments of the invention are not limited to banking or financial applications, but relate in general to the technical field of electronic communication between computer entities, with an authentication function.
  • the mobile gateway 4 acts as an authentication server or service separate from the remote or local service 8, 9. Alternatively, some or all of the functions of the mobile gateway 4 may be integrated with the remote or local service 8, 9.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Finance (AREA)
  • Software Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)
PCT/GB2012/052368 2011-10-03 2012-09-25 User authentication Ceased WO2013050738A2 (en)

Priority Applications (9)

Application Number Priority Date Filing Date Title
EP12788233.0A EP2774344B1 (en) 2011-10-03 2012-09-25 User authentication via mobile phone
US14/349,454 US11063933B2 (en) 2011-10-03 2012-09-25 User authentication
CA2850942A CA2850942C (en) 2011-10-03 2012-09-25 User authentication via mobile phone
AU2012320281A AU2012320281A1 (en) 2011-10-03 2012-09-25 User authentication via mobile phone
AP2014007607A AP2014007607A0 (en) 2011-10-03 2012-09-25 User authentication via mobile phone
JP2014533977A JP5992528B2 (ja) 2011-10-03 2012-09-25 ユーザ認証
ZA2014/03201A ZA201403201B (en) 2011-10-03 2014-05-02 User authentication via mobile phone
AU2017232215A AU2017232215A1 (en) 2011-10-03 2017-09-22 User authentication via mobile phone
AU2019236638A AU2019236638B2 (en) 2011-10-03 2019-09-24 User authentication via mobile phone

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
GB1116976.0A GB2495474B (en) 2011-10-03 2011-10-03 User authentication
GB1116976.0 2011-10-03
GB1210933.6 2012-06-20
GB1210933.6A GB2495571B (en) 2011-10-03 2012-06-20 User Authentication

Publications (3)

Publication Number Publication Date
WO2013050738A2 true WO2013050738A2 (en) 2013-04-11
WO2013050738A3 WO2013050738A3 (en) 2013-06-20
WO2013050738A4 WO2013050738A4 (en) 2013-08-22

Family

ID=45035022

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2012/052368 Ceased WO2013050738A2 (en) 2011-10-03 2012-09-25 User authentication

Country Status (9)

Country Link
US (1) US11063933B2 (enExample)
EP (1) EP2774344B1 (enExample)
JP (1) JP5992528B2 (enExample)
AP (1) AP2014007607A0 (enExample)
AU (3) AU2012320281A1 (enExample)
CA (1) CA2850942C (enExample)
GB (3) GB201106976D0 (enExample)
WO (1) WO2013050738A2 (enExample)
ZA (1) ZA201403201B (enExample)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015026300A (ja) * 2013-07-29 2015-02-05 株式会社日立ソリューションズ 取引に対する認証情報の管理方法
WO2015028339A1 (en) * 2013-08-29 2015-03-05 Koninklijke Philips N.V. Mobile transaction data verification device and method of data verification
WO2015061869A1 (en) * 2013-11-01 2015-05-07 Infopreços S.A. Method of collecting products information and apparatus for collecting information
WO2015073352A1 (en) * 2013-11-13 2015-05-21 Alibaba Group Holding Limited Method and system for location based data communication over network
WO2015132386A1 (en) * 2014-03-06 2015-09-11 Francesco Tufano System, device and method for the certification of transactions, access control, and the like
EP2928154A3 (en) * 2014-04-03 2015-10-14 Barclays Bank PLC Mobile user authentication applying a call identifier
WO2017016415A1 (zh) * 2015-07-30 2017-02-02 华为技术有限公司 一种无线局域网络的接入认证方法、服务器和认证系统
JP2017518559A (ja) * 2014-04-15 2017-07-06 アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited 補助デバイスを使用したサービス認可
WO2018065820A1 (en) * 2016-10-04 2018-04-12 Assa Abloy Ab Multi factor authentication using different devices
US10496988B2 (en) 2014-06-23 2019-12-03 The Toronto-Dominion Bank Systems and methods for authenticating user identities in networked computer systems
EP3690564A1 (en) * 2019-02-01 2020-08-05 ABB Schweiz AG Locality check for access control to an industrial device
US11162249B2 (en) 2018-09-25 2021-11-02 Consomix Method for activating a service, method for activating a fire hydrant, associated device and system
US20220027914A1 (en) * 2016-04-29 2022-01-27 International Business Machines Corporation System, method, and recording medium for identity fraud prevention in secure transactions using multi-factor verification
EP3008935B1 (en) * 2013-06-12 2022-04-20 Telecom Italia S.p.A. Mobile device authentication in heterogeneous communication networks scenario

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101960062B1 (ko) * 2012-08-24 2019-03-19 삼성전자주식회사 콘텐트 공유 방법 및 장치
US20140136419A1 (en) * 2012-11-09 2014-05-15 Keith Shoji Kiyohara Limited use tokens granting permission for biometric identity verification
US9479491B1 (en) 2013-09-06 2016-10-25 United Services Automobile Association (Usaa) Methods and systems for multiple channel authentication
US9887980B1 (en) * 2014-07-30 2018-02-06 Sprint Communications Company L.P. Global time based authentication of client devices
US9407762B2 (en) 2014-10-10 2016-08-02 Bank Of America Corporation Providing enhanced user authentication functionalities
JP6302399B2 (ja) * 2014-11-17 2018-03-28 キヤノン株式会社 近距離無線通信部を備える画像形成装置、その制御方法、及びプログラム
US9491170B2 (en) 2015-01-15 2016-11-08 Bank Of America Corporation Authenticating customers and managing authenticated sessions
US9525694B2 (en) 2015-01-15 2016-12-20 Bank Of America Corporation Authenticating customers and managing authenticated sessions
US9424412B1 (en) 2015-02-02 2016-08-23 Bank Of America Corporation Authenticating customers using biometrics
CN104660416B (zh) * 2015-02-13 2018-08-28 飞天诚信科技股份有限公司 一种语音认证系统和设备的工作方法
US20160350751A1 (en) * 2015-05-27 2016-12-01 Bank Of America Corporation Provisioning a Mobile Device with a Code Generation Key to Enable Generation of One-Time Passcodes
JP2017027207A (ja) * 2015-07-17 2017-02-02 ソフトバンク株式会社 認証システム
US10095608B2 (en) 2015-09-15 2018-10-09 International Business Machines Corporation Application test automation transmitting data via phone/voice calls
US10778435B1 (en) * 2015-12-30 2020-09-15 Jpmorgan Chase Bank, N.A. Systems and methods for enhanced mobile device authentication
US10050963B2 (en) 2016-03-29 2018-08-14 Microsoft Technology Licensing, Llc Securing remote authentication
US10325601B2 (en) 2016-09-19 2019-06-18 Pindrop Security, Inc. Speaker recognition in the call center
CA3036561C (en) 2016-09-19 2021-06-29 Pindrop Security, Inc. Channel-compensated low-level features for speaker recognition
US10397398B2 (en) 2017-01-17 2019-08-27 Pindrop Security, Inc. Authentication using DTMF tones
CN108696487A (zh) * 2017-04-10 2018-10-23 北京京东尚科信息技术有限公司 用于基于dtmf信号自动进行客户端验证的方法和系统
US10360733B2 (en) 2017-06-20 2019-07-23 Bank Of America Corporation System controlled augmented resource facility
US10574662B2 (en) 2017-06-20 2020-02-25 Bank Of America Corporation System for authentication of a user based on multi-factor passively acquired data
US11019203B2 (en) 2018-03-09 2021-05-25 Pindrop Security, Inc. Silent caller ID verification using callback request
US12212709B2 (en) 2018-03-09 2025-01-28 Pindrop Security, Inc. Call authentication at the call center using a mobile device
US10341485B1 (en) 2018-05-16 2019-07-02 Fmr Llc Caller identity and authentication service
US11019201B2 (en) 2019-02-06 2021-05-25 Pindrop Security, Inc. Systems and methods of gateway detection in a telephone network
US12483555B1 (en) * 2019-04-04 2025-11-25 United States Automobile Association (USAA) Mutual authentication system
US12015637B2 (en) 2019-04-08 2024-06-18 Pindrop Security, Inc. Systems and methods for end-to-end architectures for voice spoofing detection
US12255881B2 (en) 2022-03-28 2025-03-18 Bank Of America Corporation System and method for bypassing user authentication through data encapsulation of interaction session information
US20240330309A1 (en) * 2023-03-28 2024-10-03 Carry Sound Llc Firearm notification system and associated methods

Family Cites Families (60)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5343529A (en) * 1993-09-28 1994-08-30 Milton Goldfine Transaction authentication using a centrally generated transaction identifier
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
US5884312A (en) * 1997-02-28 1999-03-16 Electronic Data Systems Corporation System and method for securely accessing information from disparate data sources through a network
US6697783B1 (en) * 1997-09-30 2004-02-24 Medco Health Solutions, Inc. Computer implemented medical integrated decision support system
US7946477B1 (en) 2004-03-31 2011-05-24 Diebold Self-Service Systems Division Of Diebold, Incorporated Automated banking machine with noncontact reading of card data
US7264932B2 (en) * 1999-09-24 2007-09-04 Applera Corporation Nuclease inhibitor cocktail
US20010037463A1 (en) * 2000-03-09 2001-11-01 Salta Robert J. Method of and system for developing a personal folder via the internet of parties to whom notifications are to be sent of changes in name, address and/or e-mail information
JP4009420B2 (ja) * 2000-06-14 2007-11-14 富士通株式会社 情報端末を利用したサービスの提供装置及び実施方法並びに情報端末を利用した商品購入方法並びに情報端末
FI115355B (fi) * 2000-06-22 2005-04-15 Icl Invia Oyj Järjestely suojatun järjestelmän käyttäjän tunnistamiseen ja todentamiseen
AU2001265284A1 (en) * 2000-06-26 2002-01-08 Intel Corporation Method and apparatus for using a cellular telephone as an authentification device
FR2817102B1 (fr) * 2000-11-22 2003-01-24 France Telecom Appel depuis un terminal radiotelephonique avec authentification biometrique
US7110393B1 (en) * 2001-02-28 2006-09-19 3Com Corporation System and method for providing user mobility handling in a network telephony system
US6879685B1 (en) * 2001-03-05 2005-04-12 Verizon Corporate Services Group Inc. Apparatus and method for analyzing routing of calls in an automated response system
GB0110900D0 (en) * 2001-05-03 2001-06-27 Nokia Corp Registrations in a communication system
DE10138381B4 (de) 2001-08-13 2005-04-07 Orga Systems Enabling Services Gmbh Computersystem und Verfahren zur Datenzugriffskontrolle
US20030043787A1 (en) * 2001-09-04 2003-03-06 Emerson Harry E. Interactive device control system for integrating the internet with the public switched telephone network
US7103172B2 (en) * 2001-12-12 2006-09-05 International Business Machines Corporation Managing caller profiles across multiple hold queues according to authenticated caller identifiers
US7644434B2 (en) * 2002-04-25 2010-01-05 Applied Identity, Inc. Computer security system
US20030236746A1 (en) * 2002-06-19 2003-12-25 Turner Michael B. Check and cash dispensing machine and method
FR2852471A1 (fr) * 2003-03-13 2004-09-17 France Telecom Dispositif d'authentification du type utilisant un mot de passe a usage unique et dispositif generateur de mot de passe associe
US20050039010A1 (en) * 2003-06-30 2005-02-17 Grove Brian D. Method and apparatus for authenticating to a remote server
US20110225064A1 (en) * 2003-09-02 2011-09-15 Augustine Fou Methods and systems for using universally unique item identifiers
US20050141694A1 (en) * 2003-12-26 2005-06-30 Alcatel Real-time communications call center server
JP2005227874A (ja) * 2004-02-10 2005-08-25 Sony Corp 情報処理システム、情報処理装置および情報処理方法、プログラム、並びに記録媒体
US20060079203A1 (en) * 2004-10-08 2006-04-13 General Motors Corporation. Method and system for enabling two way communication during a failed transmission condition
US7379921B1 (en) * 2004-11-08 2008-05-27 Pisafe, Inc. Method and apparatus for providing authentication
US7636432B2 (en) * 2005-05-13 2009-12-22 At&T Intellectual Property I, L.P. System and method of determining call treatment of repeat calls
US7657020B2 (en) * 2005-06-03 2010-02-02 At&T Intellectual Property I, Lp Call routing system and method of using the same
AU2006278422B2 (en) * 2005-08-03 2011-10-06 Intercomputer Corporation System and method for user identification and authentication
US8116446B1 (en) * 2005-10-03 2012-02-14 Avaya Inc. Agent driven work item awareness for tuning routing engine work-assignment algorithms
JP2007102778A (ja) * 2005-10-04 2007-04-19 Forval Technology Inc ユーザ認証システムおよびその方法
US7826597B2 (en) * 2005-12-09 2010-11-02 At&T Intellectual Property I, L.P. Methods and apparatus to handle customer support requests
US9002750B1 (en) * 2005-12-09 2015-04-07 Citicorp Credit Services, Inc. (Usa) Methods and systems for secure user authentication
US9768963B2 (en) * 2005-12-09 2017-09-19 Citicorp Credit Services, Inc. (Usa) Methods and systems for secure user authentication
US20070156836A1 (en) * 2006-01-05 2007-07-05 Lenovo(Singapore) Pte. Ltd. System and method for electronic chat identity validation
WO2007092310A2 (en) * 2006-02-03 2007-08-16 Cibernet Corporation System and method for electronically facilitating, recording, and tracking transactions
KR101300414B1 (ko) * 2006-02-03 2013-08-26 미드아이 에이비 최종 사용자 인증을 위한 시스템, 장치 및 방법
JP4693171B2 (ja) * 2006-03-17 2011-06-01 株式会社日立ソリューションズ 認証システム
US20070283142A1 (en) * 2006-06-05 2007-12-06 Microsoft Corporation Multimode authentication using VOIP
US20070294354A1 (en) * 2006-06-14 2007-12-20 Nortel Networks Limited Providing context information to a called party for a call initiated in response to selecting tags in electronic documents and applications
KR101290989B1 (ko) * 2006-08-09 2013-07-30 삼성전자주식회사 패킷 데이터 시스템에서 이동 단말을 이용한 금융 서비스제공 방법과 장치 및 그 시스템
US8081958B2 (en) * 2006-12-01 2011-12-20 Yahoo! Inc. User initiated invite for automatic conference participation by invitee
US8068469B2 (en) * 2007-02-14 2011-11-29 Alcatel Lucent Surrogate registration in internet protocol multimedia subsystem for users indirectly coupled via an end point
US8108528B2 (en) * 2007-07-11 2012-01-31 International Business Machines Corporation System and method for verifying the identity of a chat partner during an instant messaging session
DE102007033812B4 (de) * 2007-07-19 2009-07-30 Voice.Trust Mobile Commerce IP S.á.r.l. Verfahren und Anordnung zur Authentifizierung eines Nutzers von Einrichtungen, eines Dienstes, einer Datenbasis oder eines Datennetzes
JP4931734B2 (ja) * 2007-08-22 2012-05-16 富士通株式会社 通信制御システム、情報処理装置及び通信制御方法
EP2220840B1 (en) * 2007-10-30 2014-01-08 Telecom Italia S.p.A. Method of authentication of users in data processing systems
EP2073160A1 (de) * 2007-12-18 2009-06-24 Kienzle Argo Taxi International GmbH Übermittlung kodierter Daten von einem Terminal zu einem zentralen Server über ein mobiles Endgerät mittels eines mehrdimensionalen Barcodes
US20090327138A1 (en) * 2008-01-28 2009-12-31 AuthWave Technologies Pvt. Ltd. Securing Online Transactions
EP2088549A1 (en) 2008-02-11 2009-08-12 Accenture Global Services GmbH Customer initiated payment method
EP2128809A1 (en) 2008-05-30 2009-12-02 Luc Stals Server device for controlling a transaction, first entity and second entity
US8402519B2 (en) * 2008-10-16 2013-03-19 Verisign, Inc. Transparent client authentication
US7970677B1 (en) * 2008-10-24 2011-06-28 United Services Automobile Association (Usaa) Systems and methods for financial deposits by electronic message
CN101631113B (zh) * 2009-08-19 2011-04-06 西安西电捷通无线网络通信股份有限公司 一种有线局域网的安全访问控制方法及其系统
EP2334111B1 (en) * 2009-12-14 2012-08-01 Research In Motion Limited Authentication of mobile devices over voice channels
US9501773B2 (en) * 2010-02-02 2016-11-22 Xia Dai Secured transaction system
FR2959896B1 (fr) * 2010-05-06 2014-03-21 4G Secure Procede d'authentification d'un utilisateur requerant une transaction avec un fournisseur de service
US8397274B2 (en) * 2010-07-13 2013-03-12 Research In Motion Limited Method for authenticating device capabilities to a verified third party
US8594310B2 (en) * 2010-12-09 2013-11-26 Verizon Patent And Licensing Inc. Intelligent call transfer between call centers
WO2013013263A1 (en) * 2011-07-25 2013-01-31 Emue Holdings Pty Ltd Call authentication methods and systems

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3008935B1 (en) * 2013-06-12 2022-04-20 Telecom Italia S.p.A. Mobile device authentication in heterogeneous communication networks scenario
JP2015026300A (ja) * 2013-07-29 2015-02-05 株式会社日立ソリューションズ 取引に対する認証情報の管理方法
WO2015028339A1 (en) * 2013-08-29 2015-03-05 Koninklijke Philips N.V. Mobile transaction data verification device and method of data verification
WO2015061869A1 (en) * 2013-11-01 2015-05-07 Infopreços S.A. Method of collecting products information and apparatus for collecting information
US9692769B2 (en) 2013-11-13 2017-06-27 Alibaba Group Holding Limited Method and system for data communication over network
WO2015073352A1 (en) * 2013-11-13 2015-05-21 Alibaba Group Holding Limited Method and system for location based data communication over network
US9386005B2 (en) 2013-11-13 2016-07-05 Alibaba Group Holding Limited Method and system for data communication over network
WO2015132386A1 (en) * 2014-03-06 2015-09-11 Francesco Tufano System, device and method for the certification of transactions, access control, and the like
US10438075B2 (en) 2014-03-06 2019-10-08 Francesco TUFANO System, device and method for certifying electronic transactions
US9756503B2 (en) 2014-04-03 2017-09-05 Barclays Bank Plc User authentication
EP3637727A1 (en) * 2014-04-03 2020-04-15 Barclays Services Limited Mobile user authentication applying a call identifier
EP2928154A3 (en) * 2014-04-03 2015-10-14 Barclays Bank PLC Mobile user authentication applying a call identifier
AU2015201690C1 (en) * 2014-04-03 2020-03-05 Barclays Execution Services Limited User authentication
AU2015201690B2 (en) * 2014-04-03 2019-11-21 Barclays Execution Services Limited User authentication
JP2015201844A (ja) * 2014-04-03 2015-11-12 バークレイズ バンク ピーエルシー ユーザ認証
US10659454B2 (en) 2014-04-15 2020-05-19 Alibaba Group Holding Limited Service authorization using auxiliary device
JP2017518559A (ja) * 2014-04-15 2017-07-06 アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited 補助デバイスを使用したサービス認可
US10496988B2 (en) 2014-06-23 2019-12-03 The Toronto-Dominion Bank Systems and methods for authenticating user identities in networked computer systems
WO2017016415A1 (zh) * 2015-07-30 2017-02-02 华为技术有限公司 一种无线局域网络的接入认证方法、服务器和认证系统
CN106713222A (zh) * 2015-07-30 2017-05-24 华为技术有限公司 一种无线局域网络的接入认证方法、服务器和认证系统
CN106713222B (zh) * 2015-07-30 2020-10-09 华为技术有限公司 一种无线局域网络的接入认证方法、服务器和认证系统
US20220027914A1 (en) * 2016-04-29 2022-01-27 International Business Machines Corporation System, method, and recording medium for identity fraud prevention in secure transactions using multi-factor verification
WO2018065820A1 (en) * 2016-10-04 2018-04-12 Assa Abloy Ab Multi factor authentication using different devices
US11775628B2 (en) 2016-10-04 2023-10-03 Assa Abloy Ab Multi factor authentication using different devices
US11162249B2 (en) 2018-09-25 2021-11-02 Consomix Method for activating a service, method for activating a fire hydrant, associated device and system
EP3690564A1 (en) * 2019-02-01 2020-08-05 ABB Schweiz AG Locality check for access control to an industrial device

Also Published As

Publication number Publication date
AU2019236638B2 (en) 2021-05-20
CA2850942A1 (en) 2013-04-11
GB201210933D0 (en) 2012-08-01
GB201116976D0 (en) 2011-11-16
WO2013050738A3 (en) 2013-06-20
US11063933B2 (en) 2021-07-13
AU2017232215A1 (en) 2017-10-12
CA2850942C (en) 2021-06-15
JP5992528B2 (ja) 2016-09-14
EP2774344A2 (en) 2014-09-10
WO2013050738A4 (en) 2013-08-22
GB2495571A8 (en) 2013-05-08
GB2495474A (en) 2013-04-17
ZA201403201B (en) 2015-07-29
EP2774344B1 (en) 2021-05-12
AU2012320281A1 (en) 2014-05-22
GB2495474B (en) 2015-07-08
AU2019236638A1 (en) 2019-10-17
JP2014531694A (ja) 2014-11-27
GB2495571B (en) 2013-12-04
GB2495571A (en) 2013-04-17
US20140250512A1 (en) 2014-09-04
GB201106976D0 (en) 2011-10-03
AP2014007607A0 (en) 2014-05-31

Similar Documents

Publication Publication Date Title
AU2019236638B2 (en) User authentication via mobile phone
US20250037128A1 (en) Signal detection and blocking for voice processing equipment
AU2015201690C1 (en) User authentication
US7653183B2 (en) Method and apparatus to provide data to an interactive voice response (IVR) system
CN113065622B (zh) 一种业务办理方法、终端及服务器
KR101474144B1 (ko) 일회용착신번호를 이용한 전화 인증 방법
GB2547885A (en) Establishing a communication session
US12323431B2 (en) Multi-channel communication authentication and validation
HK1196905A (en) User authentication via mobile phone
HK1196905B (en) User authentication via mobile phone
US10701058B1 (en) System and method for user identification and authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12788233

Country of ref document: EP

Kind code of ref document: A2

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
ENP Entry into the national phase

Ref document number: 2850942

Country of ref document: CA

ENP Entry into the national phase

Ref document number: 2014533977

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 14349454

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 2012788233

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2012320281

Country of ref document: AU

Date of ref document: 20120925

Kind code of ref document: A