[go: up one dir, main page]

AU2017101474A4 - Frameworks, systems and methodologies configured for Gold, Alex enabling adaptable and configurable multiple factor authentication/verification, including gamified methods for secure transaction authentication/verification - Google Patents

Frameworks, systems and methodologies configured for Gold, Alex enabling adaptable and configurable multiple factor authentication/verification, including gamified methods for secure transaction authentication/verification Download PDF

Info

Publication number
AU2017101474A4
AU2017101474A4 AU2017101474A AU2017101474A AU2017101474A4 AU 2017101474 A4 AU2017101474 A4 AU 2017101474A4 AU 2017101474 A AU2017101474 A AU 2017101474A AU 2017101474 A AU2017101474 A AU 2017101474A AU 2017101474 A4 AU2017101474 A4 AU 2017101474A4
Authority
AU
Australia
Prior art keywords
user
authentication
data
factor authentication
access request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
AU2017101474A
Inventor
Alexander Gold
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2016903772A external-priority patent/AU2016903772A0/en
Application filed by Individual filed Critical Individual
Application granted granted Critical
Publication of AU2017101474A4 publication Critical patent/AU2017101474A4/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Abstract The present invention relates to frameworks and methodologies configured for enabling adaptable and configurable multiple factor authentication/verification, including gamified methods for secure transaction authentication/verification. The invention enables a user to access the services of a terminal, such as an automatic teller machine, without the need of a bank card. The invention verifies the identity of a user wishing to access services provided by a computing device, for example a terminal such as an automatic teller machine (ATM), hotel check-in machine, or other (for instance, the accessing may be for the purposes of withdrawing money or checking in to a hotel). The user verification/authentication is achieved in a multifactor manner without need for a physical ATM card or the like.

Description

The present invention relates to frameworks and methodologies configured for enabling adaptable and configurable multiple factor authentication/verification, including gamified methods for secure transaction authentication/verification. The invention enables a user to access the services of a terminal, such as an automatic teller machine, without the need of a bank card. The invention verifies the identity of a user wishing to access services provided by a computing device, for example a terminal such as an automatic teller machine (ATM), hotel check-in machine, or other (for instance, the accessing may be for the purposes of withdrawing money or checking in to a hotel). The user verification/authentication is achieved in a multifactor manner without need for a physical ATM card or the like.
2017101474 30 Oct 2017
FRAMEWORKS, SYSTEMS AND METHODOLOGIES CONFIGURED FOR ENABLING ADAPTABLE AND CONFIGURABLE MULTIPLE FACTOR AUTHENTICATION/VERIFICATION, INCLUDING GAMIFIED METHODS FOR SECURE TRANSACTION AUTHENTICATION/VERIFICATION
FIELD OF THE INVENTION [0001] The present invention relates to frameworks, systems and methodologies configured for enabling adaptable and configurable multiple factor authentication/verification, including gamified methods for secure transaction authentication/verification. Embodiments of the invention have been particularly developed to enable a user to access the services of a terminal, such as an automatic teller machine, without the need of a bank card. While some embodiments will be described herein with particular reference to that application, it will be appreciated that the invention is not limited to such a field of use, and is applicable in broader contexts.
BACKGROUND [0002] Any discussion of the background art throughout the specification should in no way be considered as an admission that such art is widely known or forms part of common general knowledge in the field.
[0003] For electronic transactions, there is often a need to implement two-factor authentication, whereby a user provides data for identify authentication via two distinct means. There are inherent technological challenges in implementing such an arrangement, given that certain associated workflows are time-critical. These challenges increase in the context of “cardless” transactions.
[0004] Existing cardless transaction systems include ‘selfie’ purchasing systems by MasterCard and Amazon. Such systems are however limited to customers of the service provider and are not available to non-customers. More general cardless payment technologies include Apple Pay RFID technology,or various NFC technologies, which can be used on multiple services but is limited to own operating system users. These technologies provided relatively limited authentication capabilities, and in some cases are limited in terms of being limited to users who are registered with particular service providers (for example some ATMs offer cardless transactions to customers of the providing bank only).
SUMMARY OF THE INVENTION [0005] It is an object of the present invention to overcome or ameliorate at least one of the disadvantages of the prior art, or to provide a useful alternative.
[0006] One embodiment provides a computer system configured to enable multiple-factor verification of a user, the system including:
2017101474 30 Oct 2017 [0007] a user data repository maintaining data representative of a plurality of registered user accounts, wherein each registered user account is configured to maintain data including: identifying details for a user with which the user account is associated; first factor authentication data for the user;
and a secondary secure platform contact details for the user;
[0008] a primary authentication subsystem configured that is configured to:
[0009] (i) receive access requests from a plurality of users, wherein each access request includes (a) data representative of a user account; and (b) first factor authentication data; and (c) geolocation data;
[0010] (ii) for each received access request, processing the first factor authentication data based on user data maintained in the user data repository, thereby to determine whether first factor authentication is successful; and [0011] (iii) in response to a determination that first factor authentication is successful, generating a first factor authentication signal representative of the user account;
[0012] a secondary authentication trigger module that is configured to:
[0013] (i) identify a first factor authentication signal representative of a given user account generated by the primary authentication subsystem;
[0014] (ii) in response to the identification of the first factor authentication signal representative of the given user account, trigger a further factor authentication process;
[0015] a secondary authentication subsystem that configured to perform a second factor authentication process in response to the trigger, wherein the second factor authentication process includes:
[0016] (i) identify a first factor authentication signal representative of a given user account generated by the primary authentication subsystem;
[0017] (ii) cause delivery of a message to via the secondary secure platform contact details for the user associated with the given user account;
[0018] (iii) identify receipt of a return message from the secondary secure platform contact details for the user associated with the given user account, wherein the return message includes geolocation data;
2017101474 30 Oct 2017 [0019] (iv) perform a comparison process thereby to compare the geolocation data of the access request causing the first factor authentication signal with the geolocation data of the return message; and [0020] (v) in the case that the comparison determines threshold proximity between the geolocation data of the access request causing the first factor authentication signal and the geolocation data of the return message, generating a second factor authentication signal representative of the user account.
[0021] One embodiment provides an authentication system including:
[0022] a user data repository maintaining data representative of a plurality of registered user accounts, wherein each registered user account is configured to maintain data including: identifying details for a user with which the user account is associated; first factor authentication data for the user; and a secondary secure platform contact details for the user;
[0023] a geolocation-based authentication subsystem configured that is configured to, for a given access request relating to: (a) a user account; and (b) a controlled functionality:
[0024] (i) determine geolocation data associated with the controlled functionality;
[0025] (ii) receive geolocation data representative of an interaction with the secondary secure platform of the user account; and [0026] (iii) identify a threshold match between the geolocation data associated with the controlled functionality with the geolocation data representative of the interaction, thereby to provide a geolocationbased authentication signal;
[0027] a biometric-based authentication system that is configured to perform biometric matching between:
[0028] (i) biometric data extracted from video captured a location with threshold match characteristics to the geolocation data associated with the controlled functionality and/or the geolocation data representative of the interaction; and either or both of:
[0029] (ii) biometric data available via the secondary secure platform of the user account; and [0030] (iii) biometric data that is maintained by the authentication system.
[0031] In some embodiments the predefined data requirements include similar geo-location data to that provided by the first mobile app.
2017101474 30 Oct 2017 [0032] One embodiment provides a computer program product for performing a method as described herein.
[0033] One embodiment provides a non-transitive carrier medium for carrying computer executable code that, when executed on a processor, causes the processor to perform a method as described herein.
[0034] One embodiment provides a system configured for performing a method as described herein.
[0035] Reference throughout this specification to “one embodiment”, “some embodiments or “an embodiment” means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases “in one embodiment”, “in some embodiments” or “in an embodiment” in various places throughout this specification are not necessarily all referring to the same embodiment, but may. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner, as would be apparent to one of ordinary skill in the art from this disclosure, in one or more embodiments.
[0036] As used herein, unless otherwise specified the use of the ordinal adjectives first, second, third, etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
[0037] In the claims below and the description herein, any one of the terms comprising, comprised of or which comprises is an open term that means including at least the elements/features that follow, but not excluding others. Thus, the term comprising, when used in the claims, should not be interpreted as being limitative to the means or elements or steps listed thereafter. For example, the scope of the expression a device comprising A and B should not be limited to devices consisting only of elements A and B. Any one of the terms including or which includes or that includes as used herein is also an open term that also means including at least the elements/features that follow the term, but not excluding others. Thus, including is synonymous with and means comprising.
[0038] As used herein, the term “exemplary” is used in the sense of providing examples, as opposed to indicating quality. That is, an “exemplary embodiment” is an embodiment provided as an example, as opposed to necessarily being an embodiment of exemplary quality.
BRIEF DESCRIPTION OF THE DRAWINGS
2017101474 30 Oct 2017 [0039] Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings in which:
[0040] FIG. 1 illustrates a method according to one embodiment.
[0041 ] FIG. 2 illustrates a method according to another embodiment.
[0042] FIG. 3 illustrates a method according to another embodiment.
[0043] FIG. 4A and FIG. 4B illustrate example frameworks.
[0044] FIG. 5 illustrates a method according to another embodiment.
[0045] FIG. 6 illustrates a method according to another embodiment.
[0046] FIG. 7 illustrates a method according to another embodiment.
DETAILED DESCRIPTION [0047] The present invention relates to frameworks and methodologies configured for enabling adaptable and configurable multiple factor authentication/verification, including gamified methods for secure transaction authentication/verification. Embodiments of the invention have been particularly developed to enable a user to access the services of a terminal, such as an automatic teller machine, without the need of a bank card. While some embodiments will be described herein with particular reference to that application, it will be appreciated that the invention is not limited to such a field of use, and is applicable in broader contexts.
[0048] Embodiments of the invention have been particularly developed primarily to verify the identity of a user wishing to access services provided by a computing device, for example a terminal such as an automatic teller machine (ATM), hotel check-in machine, or other (for instance, the accessing may be for the purposes of withdrawing money or checking in to a hotel). While some embodiments will be described herein with particular reference to that application, it will be appreciated that the invention is not limited to such a field of use, and is applicable in broader contexts.
[0049] It will also be appreciated that technology discussed below is optionally applied thereby to allow third party customer cardless transactions (such as ATM transactions) as an an independent, payment system agnostic technological framework. That is, user verification/authentication is achieved in a multifactor manner without need for a physical ATM card or the like.
2017101474 30 Oct 2017
Overview [0050] Various embodiments relate to a platform (and associated technologies) configured to provide two-factor authentication (or further factor authentication). For example, this optionally includes providing a cost- effective two-factor authentication process system using a combination of dependent variables for instant real-time verification of users, leveraging third party social networks and the like. This is optionally adapted to provide security in the context of banking transactions, but can be optimized to a number of industries, and optimised based on a given implementation environment.
[0051] Below, there is particular attention paid of the use of a mobile phone and ATM together, and the use of an ATM without mobile phone presence, for real time verification. However, it should be appreciated that the underlying concepts are alternately implemented via a range of Internet and camera enabled devices.
[0052] Some embodiments make use of n authentication proceeds based on video “selfie” (i.e. image capture of one’s own face via a machine they operate) authentication cross referenced against social media ID and geolocation matching. This is far superior to traditional OTP (one time password or pin codes), and also superior to traditional methods of biometric authentication. For example, fingerprint ID can be easily counterfeited, photo ID can be spoofed, and voice authentication suffers reliability issues. The use of a facial video on its own is a suitable method for certain high-security applications (such as immigration/border control etc), however the time and processing required to derive optimal results is problematic for most banking applications and the like.
[0053] In some examples, the technology provides a method of two-step authentication and security token replacement. This achieves real-time or substantially real-time) multifactor authentication as effectively one step. The factors include:
(A) A Geolocation matching factor. This includes matching geolocation of an access request (for example a transaction with an ATM) with geolocation of the individual relative to either:
(i) A first geolocation value derived from a location aware mobile device, and a second geolocation value provided via a location aware social media or social messaging account of a secondary secure platform, such as a third party networking and/or messaging platform (such as Facebook, Twitter, Facebook Messenger, WeChat, Whatsapp, and so on).
(ii) A first geolocation value derived from a location aware mobile device, and a second geolocation value derived from a location aware third party device such as an ATM for cash withdrawal
2017101474 30 Oct 2017 (iii) A first geolocation value derived from a location aware third party device (e.g. an ATM), and a second geolocation value provided via a location aware social media or social messaging account of a secondary secure platform, such as a third party networking and/or messaging platform (such as Facebook, Twitter, Facebook Messenger, WeChat,
Whatsapp, and so on).
(B) Biometric ID matching: Matching still images of live video selfie taken at a known location (for example based on capturing device’s GPS) with either:
(i) One or more images (or facial biometric data) stored by the authentication system, or by a third party social media network (for example facial comparisons of a video selfie frame against a one or more Facebook images with automatic face detected/recognized tags).
(ii) A series of personal still images stored and machine learned (tagged, detected) by the authentication platform (e.g. images stored and face recognized throughout a given individual’s lifecycle of interaction with the authentication platform, for instance images collected since enrolment and/or previously authenticated with/against a formal ID card).
[0054] Both factors of verification are conducted simultaneously substantially in real-time. Furthermore, given that geolocation matching is one defining factor, criteria for authentication of one or more frames/attributes of a selfie video photo can be relaxed (thereby reducing time and processing overheads). For example, in one embodiment one or more subsets of facial verification factors are defined for streamlined authentication purposes.
[0055] In some embodiments a selfie video captured for authentication purposes is shared (or made available for sharing) via a social media platform, with tagged merchant details. This provides additional promotional value organically from user authentication, whilst adding to security (for example a the user and/or other persons can identify a fraudulent video selfie shared publically via social media). Therefore, a part of innovation is that security of transaction becomes gamified. This provides, in some embodiments, a social ATM machine, which can be used not only for currency withdrawal but also for social networking organically.
Example Frameworks [0056] FIG. 4A and FIG. 4B illustrate example frameworks, which are used across various embodiments. These, and example utilisation/configuration scenarios, are described below.
[0057] FIG. 4A illustrates an authentication system 400 that is configured to manage user authentication in an technology framework that includes:
2017101474 30 Oct 2017 • A terminal 420 that provides access to a controlled functionality 422. For example, this may be an ATM, in which case the controlled functionality is dispensing of funds. Various other examples including access control devices and the like may be used in further embodiments. As illustrated, terminal 420 includes a display screen 421 on which a user interface is rendered. This user interface is rendered based on software instrc6tions executed on one or more microprocessors of terminal 420.
• A client device 430, which is illustrated in the form of a smartphone device. Substantially any device having a display screen for rendering a user interface, microprocessor, and communications module configured to enable communication (for example via the Internet) with system 400 and platform 440 may be used. In some embodiments terminal 420 provides a WiFi network that allows device 430 to access the Internet.
• A social networking platform 440. Platform 440 may include, for example, Facebook. In some embodiments system 400 is configured to operate with a plurality of secondary secure platforms such as social networking platforms, messaging platforms, and the like.
[0058] In the example of FIG. 4B, client device 430 is omitted, and a user is enabled to log onto and interact with their account at platform 440 via terminal 420. In that regard, functionalities described below in relation to FIG. 4A as being performed by way of device 430 are alternately able to be performed via terminal 420 as an alternative, thereby to avoid a need to use a device 430.
[0059] System 400 is illustrated functionally, and from a hardware perspective may be defined by one or a plurality of networked computing devices.
[0060] System 400 includes user data repository 404, which maintains data representative of a plurality of registered user accounts. The user accounts are created via an enrolment process, which preferably includes a Know Your Customer (KYC) verification process. Each registered user account is configured to maintain data including: identifying details for a user with which the user account is associated (for example name, address, a unique ID, biometric data, and so on); first factor authentication data for the user (thereby to enable authentication via a first factor authentication process); and a secondary secure platform contact details for the user (for example details for an account on a social media platform such as platform 440). It will be appreciated that there may be additional data for each use in repository 404; this selection is included due to particular importance for functionalities described below.
[0061] System 400 includes primary authentication modules 401, secondary authentication modules 402, and further authentication modules 403 (which are not present in all embodiments). These authentication module sets enable system 400 to provide multiple authentication subsystems, thereby to
2017101474 30 Oct 2017 allow multifactor authentications. The individual subsystems may perform authentication in parallel thereby to provide processing efficiencies.
[0062] In the present example embodiment, primary authentications 401 provide a geolocation-based authentication subsystem configured that is configured to perform first factor authentication for a given access request (received via a request processing module 408) relating to: (a) a user account (defined in data 404); and (b) a controlled functionality (in this example being controlled functionality 422). This includes:
(i) Determining geolocation data associated with the controlled functionality (for example the location of an ATM).
(ii) Receiving geolocation data representative of an interaction with the secondary secure platform of the user account. For example, as discussed in more detail in examples further below, social network integration modules 405 are configured to cause sending of a message is sent to the user via a messaging interface 443 of platform 441, instructing the user to respond via messaging interface 443 with a message that includes geolocation data.
(iii) Identifying a threshold match between the geolocation data associated with the controlled functionality with the geolocation data representative of the interaction (for example within 5 metres). In the case of a match, a geolocation-based authentication signal is provided thereby to indicate successful authentication.
[0063] In the present example embodiment, secondary authentications 402 provide a biometricbased authentication system that is configured to perform biometric matching between:
(i) biometric data extracted from video, being a video selfie captured using either device 430 or terminal 421 (preferably a check is performed to verify that the a video is captured a location with threshold match characteristics to the geolocation data associated with the controlled functionality and/or the geolocation data representative of the interaction); and either or both of:
(ii) biometric data available via the secondary secure platform of the user account (for example via defined facial and/or voice biometrics, and/or image comparison with one or more tagged/recognised photos of the relevant user stored in user data 442 by platform 441); and (iii) biometric data that is maintained by the authentication system (stored within data 404), which may include data defined via a process of collecting and updating biometric data for a given user based on a series of interactions between the user and the system 400 (optionally including upload of a photo ID document, and/or capturing of videos in association with access requests).
2017101474 30 Oct 2017 [0064] In some embodiments modules 405 are configured to enable sharing of the video captured via one or more social media platforms, such as via content sharing modules 441 of platform 440. This sharing is preferably tagged to the relevant user (thereby to assist in identification of fraud by social media observers) and a vendor/service provider associated with terminal 420 (for example to implement a marketing strategy that leverages video selfies collected during authentication, which adds a degree of gamification to the authentication process).
[0065] In some embodiments multiple levels of second/further factor authentication are available and defined in authentication rules data 407, and these are able to be selectively associated with particular controlled functionalities defined in controlled functionality data 406. This allows for selective configuration over a particular multifactor authentication process required for a given controlled functionality. As an example, this may include selecting between a plurality of security levels for video selfie authentication, ranging from:
• Verification that the video is captured within a defined period of time (i.e. following the request for a video selfie, not prior, for example by way of a video stored in device memory).
• Verification that the video shows a human face (taken at the time of request for authentication).
• Verification that the human face has high level similarities to known facial data for a user (for example hair/eye colour).
• Verification that the human face has a threshold match to known facial data for a user (for example via one of a plurality of defined levels of facial verification, which preferably span a range of complexity levels which are each associated with respective balances between time/processing overheads and reliability).
• High-accuracy facial recognition over one or multiple frames extracted from the video selfie.
[0066] In this manner, there is ability to, in an adaptable, manner, configure multifactor authentication to a desired level based on a given controlled functionality, whilst actively managing a balance between speed/simplicity and reliability.
Further Example Embodiments [0067] Various embodiments of the invention provide computer implemented methods for authenticating the identity of a user of an ATM terminal. The methods have in common the use of a purpose specific computer application (app) capable of geo-locating the user and recording a digital representation of the user, e.g. a photograph or video, at the time and place of the ATM terminal
2017101474 30 Oct 2017 interaction. The computer application then transmits the digital representation of the user to a preselected social media platform (via which the user has an addressable social media account) in the form of a message. The user then accesses his/her social media account with the pre-selected social media platform and responds to the message, including in the response geo-location data of the social media account access point (which may, for example, be a PC or mobile device). The response message is received by the purpose specific app, which compares the location of the purpose specific app to the location of the social media account. In the case that the locations match, the user is verified and access to the services of the terminal will be granted.
[0068] In some embodiments described below, access to the purpose specific app is protected (for example using a personal identification number (PIN), finger print, pattern swipe etc.), and hence in combination with the access to the social media account, the technology provides a 2 point authentication method. In other embodiments, where video selfie based authentication is used in combination with social media authentication, there is no need for such forms of additional app protection.
[0069] One embodiment of the invention provides an additional security feature of a sharing of the digital representation of the user, as well as their location, to a selected group of people via social media. Unauthorised use of the app is hence able to be quickly identified by members of the group, allowing security measures to be rapidly implemented.
[0070] Although embodiments are described by reference to accessing of functionality provided by an ATM, it will be appreciated that the technology is agnostic, in that it is able to be applied thereby to provide multipoint authentication in respect of substantially any functionality that is controlled by way of a networked computer system.
First Exemplary Method [0071] FIG. 1 illustrates an exemplary embodiment whereby the purpose specific app is executed on a smart mobile device, for e.g. a smartphone. The user, after installing the purpose specific app on their smart device, registers their account with a central server. Included in the registration process is the selection of a preferred social media account (and inputting of addressing details for that account) as well as the users preferred payment details such as banking details, credit card details, PayPal (or other payment platform) details, etc.
[0072] When the user wants to make use of a supporting ATM terminal, the user launches the app and logs in using their PIN or other verification means. The app then uses the smart device to geo-locate the user and optionally display nearby suitable ATM terminals. The user then selects the desired ATM terminal and inputs the desired use details such as the amount of money they wish to withdraw. The app then prompts the user to record a digital representation of themself, such as a photograph-or video which
2017101474 30 Oct 2017 is then sent as a message to the social media account nominated by the user during registration. The user then accesses their nominated social media account and responds to the message with location data generated by the social media account. The return message is received by the app which compares the two sets of location data. In the case that the two sets of location data are consistent (i.e. within a threshold range of coordinates), the user authentication is passed and access to the requested terminal service is granted, which in this example means that cash is dispensed.
[0073] In one embodiment, after the app authentication process is passed access is granted to the user when the bank gateway is called and a secure token is passed from the bank to the app allowing the transaction to proceed. An exemplary token may be a code or number which the user can use to complete the transaction. Such a method would not require the user to be in possession of a bank card or even be a member of the bank that owns the ATM terminal but only have access to a smart device capable of running the app including a camera and a social media account.
Second Exemplary Method [0074] FIG. 2 illustrates another embodiment of the invention which does not require the user to be in possession of a portable smart device. In this embodiment, the terminal is adapted to perform the above described authentication process including running the app, means to collect the digital representation of the user (a camera), means to send a message to the nominated social media account and a user interface for allowing the user to access their social media account to respond to the message. In this embodiment, the registration process is carried out as before.
[0075] When the user wants to access services offered by the terminal, the user first launches the app on the terminal and signs into it using a PIN or other verification means. The user identifies the services and details (for example the amount of cash to be withdrawn) desired from the terminal. The terminal then records a digital representation of the user with dedicated hardware (e.g. a camera) and sends it to the nominated social media account. The user then signs into the nominated social media account via the user interface on the terminal and responds to the message. In preferred embodiments, the messaging is handled within the authentication system via an automated platform (e.g. a “bot”), which is configured to define and transmit messages, identify responses, and automatically extract particular content/parameters from responses (for example via a messaging referral approach. This allows a single platform to autonomously manage multiple messaging threads with individual users.
[0076] . The authentication is then performed by the terminal in the same way as in the first exemplary framework, by comparing the two geo-location data sets and separate still digital assets extracted from user’s video real-time. In the case that the user is verified, access to the requested services will be granted.
2017101474 30 Oct 2017
Third Exemplary Method [0077] FIG. 3 illustrates another embodiment of the invention compatible with all of the embodiments described above but incorporating an additional security feature. In this embodiment, the digital representation of the user recorded by the app and transmitted to the social media account is ‘shared’ on the social media account allowing selected people on the user’s social media to view the representation (e.g. a photograph of the person) and location. Since the selected people are familiar with the user’s appearance and location they would be capable of rapidly identifying unauthorised use of the app/account. In essence, this additional security feature amounts to a form of social verification and increases the security of the above mentioned embodiments.
[0078] It will be appreciated that the illustrated method can authenticate a user for transactions on a terminal such as an ATM without the need of a card, and in some embodiments the user is able to gain authentication using only their face and their social media account.
[0079] Although the invention has been described with reference to specific examples, it will be appreciated by those skilled in the art that the invention may be embodied in many other forms.
Fourth Exemplary Method [0080] A further embodiment is illustrated in FIG. 5. This shows an access request process triggering the generation and delivery of an automated message to a user via social media. The user responds to that message with a reply message that includes a “video selfie” and geolocation data (which may optionally be embedded in the video selfie data itself). Then geolocation-based authentication and video-selfie based authentication are performed (for example as described further above or below) substantially in parallel thereby to selectively grant or deny access.
Further Exemplary Methods - Social Media Leveraged Facial Verification [0081] FIG. 6 and FIG. 7 illustrate methods according to further embodiments, being methods that enable video-selfie based authentication (for example in the context of FIG. 5).
[0082] In the example of FIG. 6, a frame is extracted from a video selfie provided by a user requiring authentication. The frame is provided to a social media platform (for example via an API interface), being a social media platform that has existing functionality to automatically identify and tag recognised users based on facial recognition. This is used to confirm/reject facial presence for the relevant user, and authentication is successful if the correct face is identified.
[0083] In the example of FIG. 7, there are additional verification steps, including verifying that a video is indeed a real-time recording corresponding to the time at which the video selfie was requested via the authentication system (i.e. not a pre-recorded video file), and verifying/recording geolocation data for
2017101474 30 Oct 2017 framed extracted from the video data. The frames are provided to a facial identification platform (for example a platform provided by the system or by a social media platform) with a requested authentication callback for facial detection. This is combined with geolocation matching (see FIG. 5, for example) to determine whether authentication is successful or failed.
Conclusions and Interpretation [0084] It will be appreciated that the disclosure above provides various significant systems and methods user authentication.
[0085] Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated that throughout the specification discussions utilizing terms such as processing, computing, calculating, “determining”, analyzing” or the like, refer to the action and/or processes of a computer or computing system, or similar electronic computing device, that manipulate and/or transform data represented as physical, such as electronic, quantities into other data similarly represented as physical quantities.
[0086] In a similar manner, the term processor may refer to any device or portion of a device that processes electronic data, e.g., from registers and/or memory to transform that electronic data into other electronic data that, e.g., may be stored in registers and/or memory. A “computer” or a “computing machine” or a computing platform may include one or more processors.
[0087] The methodologies described herein are, in one embodiment, performable by one or more processors that accept computer-readable (also called machine-readable) code containing a set of instructions that when executed by one or more of the processors carry out at least one of the methods described herein. Any processor capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken are included. Thus, one example is a typical processing system that includes one or more processors. Each processor may include one or more of a CPU, a graphics processing unit, and a programmable DSP unit. The processing system further may include a memory subsystem including main RAM and/or a static RAM, and/or ROM. A bus subsystem may be included for communicating between the components. The processing system further may be a distributed processing system with processors coupled by a network. If the processing system requires a display, such a display may be included, e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT) display. If manual data entry is required, the processing system also includes an input device such as one or more of an alphanumeric input unit such as a keyboard, a pointing control device such as a mouse, and so forth. The term memory unit as used herein, if clear from the context and unless explicitly stated otherwise, also encompasses a storage system such as a disk drive unit. The processing system in some configurations may include a sound output device, and a network interface device. The memory subsystem thus includes a computer-readable carrier medium that carries computer-readable code (e.g.,
2017101474 30 Oct 2017 software) including a set of instructions to cause performing, when executed by one or more processors, one of more of the methods described herein. Note that when the method includes several elements, e.g., several steps, no ordering of such elements is implied, unless specifically stated. The software may reside in the hard disk, or may also reside, completely or at least partially, within the RAM and/or within the processor during execution thereof by the computer system. Thus, the memory and the processor also constitute computer-readable carrier medium carrying computer-readable code.
[0088] Furthermore, a computer-readable carrier medium may form, or be included in a computer program product.
[0089] In alternative embodiments, the one or more processors operate as a standalone device or may be connected, e.g., networked to other processor(s), in a networked deployment, the one or more processors may operate in the capacity of a server or a user machine in server-user network environment, or as a peer machine in a peer-to-peer or distributed network environment. The one or more processors may form a personal computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine.
[0090] Note that while diagrams only show a single processor and a single memory that carries the computer-readable code, those in the art will understand that many of the components described above are included, but not explicitly shown or described in order not to obscure the inventive aspect. For example, while only a single machine is illustrated, the term machine shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
[0091] Thus, one embodiment of each of the methods described herein is in the form of a computerreadable carrier medium carrying a set of instructions, e.g., a computer program that is for execution on one or more processors, e.g., one or more processors that are part of web server arrangement. Thus, as will be appreciated by those skilled in the art, embodiments of the present invention may be embodied as a method, an apparatus such as a special purpose apparatus, an apparatus such as a data processing system, or a computer-readable carrier medium, e.g., a computer program product. The computerreadable carrier medium carries computer readable code including a set of instructions that when executed on one or more processors cause the processor or processors to implement a method. Accordingly, aspects of the present invention may take the form of a method, an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of carrier medium (e.g., a computer program product on a computer-readable storage medium) carrying computer-readable program code embodied in the medium.
2017101474 30 Oct 2017 [0092] The software may further be transmitted or received over a network via a network interface device. While the carrier medium is shown in an exemplary embodiment to be a single medium, the term carrier medium should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions. The term carrier medium shall also be taken to include any medium that is capable of storing, encoding or carrying a set of instructions for execution by one or more of the processors and that cause the one or more processors to perform any one or more of the methodologies of the present invention. A carrier medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical, magnetic disks, and magneto-optical disks. Volatile media includes dynamic memory, such as main memory. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise a bus subsystem. Transmission media also may also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications. For example, the term carrier medium shall accordingly be taken to included, but not be limited to, solid-state memories, a computer product embodied in optical and magnetic media; a medium bearing a propagated signal detectable by at least one processor of one or more processors and representing a set of instructions that, when executed, implement a method; and a transmission medium in a network bearing a propagated signal detectable by at least one processor of the one or more processors and representing the set of instructions.
[0093] It will be understood that the steps of methods discussed are performed in one embodiment by an appropriate processor (or processors) of a processing (i.e., computer) system executing instructions (computer-readable code) stored in storage. It will also be understood that the invention is not limited to any particular implementation or programming technique and that the invention may be implemented using any appropriate techniques for implementing the functionality described herein. The invention is not limited to any particular programming language or operating system.
[0094] It should be appreciated that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, FIG., or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.
[0095] Furthermore, while some embodiments described herein include some but not other features included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention, and form different embodiments, as would be understood by those skilled in
2017101474 30 Oct 2017 the art. For example, in the following claims, any of the claimed embodiments can be used in any combination.
[0096] Furthermore, some of the embodiments are described herein as a method or combination of elements of a method that can be implemented by a processor of a computer system or by other means of carrying out the function. Thus, a processor with the necessary instructions for carrying out such a method or element of a method forms a means for carrying out the method or element of a method. Furthermore, an element described herein of an apparatus embodiment is an example of a means for carrying out the function performed by the element for the purpose of carrying out the invention.
[0097] In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In other instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
[0098] Similarly, it is to be noticed that the term coupled, when used in the claims, should not be interpreted as being limited to direct connections only. The terms coupled and connected, along with their derivatives, may be used. It should be understood that these terms are not intended as synonyms for each other. Thus, the scope of the expression a device A coupled to a device B should not be limited to devices or systems wherein an output of device A is directly connected to an input of device B. It means that there exists a path between an output of A and an input of B which may be a path including other devices or means. Coupled may mean that two or more elements are either in direct physical or electrical contact, or that two or more elements are not in direct contact with each other but yet still cooperate or interact with each other.
[0099] Thus, while there has been described what are believed to be the preferred embodiments of the invention, those skilled in the art will recognize that other and further modifications may be made thereto without departing from the spirit of the invention, and it is intended to claim all such changes and modifications as falling within the scope of the invention. For example, any formulas given above are merely representative of procedures that may be used. Functionality may be added or deleted from the block diagrams and operations may be interchanged among functional blocks. Steps may be added or deleted to methods described within the scope of the present invention.
2017101474 30 Oct 2017

Claims (21)

  1. CLAIMS:
    1. A computer system configured to enable multiple-factor verification of a user, the system including:
    a user data repository maintaining data representative of a plurality of registered user accounts, wherein each registered user account is configured to maintain data including: identifying details for a user with which the user account is associated; first factor authentication data for the user; and a secondary secure platform contact details for the user;
    a primary authentication subsystem configured that is configured to:
    (i) receive access requests from a plurality of users, wherein each access request includes (a) data representative of a user account; and (b) first factor authentication data; and (c) geolocation data;
    (ii) for each received access request, processing the first factor authentication data based on user data maintained in the user data repository, thereby to determine whether first factor authentication is successful; and (iii) in response to a determination that first factor authentication is successful, generating a first factor authentication signal representative of the user account;
    a secondary authentication trigger module that is configured to:
    (i) identify a first factor authentication signal representative of a given user account generated by the primary authentication subsystem;
    (ii) in response to the identification of the first factor authentication signal representative of the given user account, trigger a further factor authentication process;
    a secondary authentication subsystem that configured to perform a second factor authentication process in response to the trigger, wherein the second factor authentication process includes:
    (i) identify a first factor authentication signal representative of a given user account generated by the primary authentication subsystem;
    (ii) cause delivery of a message to via the secondary secure platform contact details for the user associated with the given user account;
    (iii) identify receipt of a return message from the secondary secure platform contact details for the user associated with the given user account, wherein the return message includes geolocation data;
    2017101474 30 Oct 2017 (iv) perform a comparison process thereby to compare the geolocation data of the access request causing the first factor authentication signal with the geolocation data of the return message; and (v) in the case that the comparison determines threshold proximity between the geolocation data of the access request causing the first factor authentication signal and the geolocation data of the return message, generating a second factor authentication signal representative of the user account.
  2. 2. A system according to claim 1 including an access request granting module, wherein the access request granting module is configured to grant a given access request in response to identification both a first factor and second factor authentication signal and second factor authentication signal associated with the given access request.
  3. 3. A system according to claim 1 including an access request granting module, wherein the access request granting module is to determine, for a given request, a set of two or more required authentication signals including the first factor authentication signal and the second factor authentication signal, and configured to grant access in response to a given access request in response to identification of the set of two or more required authentication factors signals.
  4. 4. A system according to claim 3 including a further factor verification subsystem that is configured to perform further factor authentication based on a video captured in conjunction with a given access request.
  5. 5. A system according to claim 4 wherein the further factor authentication includes biometric matching of facial data extracted from the video against facial data available for the user.
  6. 6. A system according to claim 5 wherein the matching of facial data extracted from the video against facial data available for the user is performed based on data available via the secondary secure platform.
  7. 7. A system according to claim 6 wherein the secondary secure platform is a social networking platform that maintains photos tagged as representing particular users.
  8. 8. A system according to claim 4 or claim 5 wherein the further factor authentication includes biometric matching of voice data extracted from the video against voice data available for the user.
    2017101474 30 Oct 2017
  9. 9. A system according to any one of claims 4 to 8 wherein the further factor verification subsystem is configured to perform multiple levels of verification.
  10. 10. A system according to any preceding claim including a configuration module that enables a administrator user to define, for a given defined form of access request, parameters for multiple factor authentication including authentication by at least the first factor authentication subsystem and the second factor authentication subsystem.
  11. 11. An authentication system including:
    a user data repository maintaining data representative of a plurality of registered user accounts, wherein each registered user account is configured to maintain data including: identifying details for a user with which the user account is associated; first factor authentication data for the user; and a secondary secure platform contact details for the user;
    a geolocation-based authentication subsystem configured that is configured to, for a given access request relating to: (a) a user account; and (b) a controlled functionality:
    (i) determine geolocation data associated with the controlled functionality;
    (ii) receive geolocation data representative of an interaction with the secondary secure platform of the user account; and (iii) identify a threshold match between the geolocation data associated with the controlled functionality with the geolocation data representative of the interaction, thereby to provide a geolocation-based authentication signal;
    a biometric-based authentication system that is configured to perform biometric matching between:
    (i) biometric data extracted from video captured a location with threshold match characteristics to the geolocation data associated with the controlled functionality and/or the geolocation data representative of the interaction; and either or both of:
    (ii) biometric data available via the secondary secure platform of the user account; and (iii) biometric data that is maintained by the authentication system.
  12. 12. A system according to claim 11 wherein the biometric matching is based on biometric data available via the secondary secure platform of the user account, wherein the secondary secure platform is a social media platform, and wherein the biometric data available via the secondary secure platform includes one or more images tagged as being representative of the user.
    2017101474 30 Oct 2017
  13. 13. A system according to claim 11 wherein the biometric matching is based on biometric data available via the secondary secure platform of the user account, wherein the secondary secure platform is a social media platform, and wherein the biometric data available via the secondary secure platform includes facial biometric information predefined by the social media platform.
  14. 14. A system according to claim 11 wherein the biometric matching is based on biometric data that is maintained by the authentication system, wherein the authentications system is configured to collect and update biometric data for a given user based on a series of interactions between the user and the authentication system.
  15. 15. A system according to claim 14 wherein the series of interactions between the user and the authentication system include upload of a photo ID document.
  16. 16. A system according to claim 14 or claim 15 wherein the series of interactions between the user and the authentication system include capturing of videos in association with access requests.
  17. 17. A system according to claim 11 including a video share module configured to enable sharing of the video captured via one or more social media platforms.
  18. 18. A system according to claim 17 wherein the video is shared in conjunction with data representative of a business associated with the controlled functionality.
  19. 19. A system according to any one of claims 11 to 18 wherein the controlled functionality includes withdrawal of funds from a funds dispensing terminal.
  20. 20. A system according to any one of claims 11 to 19 wherein the access request is defined by either or a combination of: a terminal associated with the controlled functionality; and a mobile device associated with a user.
  21. 21. Subject matter substantially as described herein.
    1/8
    2017101474 30 Oct 2017
    FIG. 1
    2/8
    2017101474 30 Oct 2017
    FIG. 2
    3/8
    2017101474 30 Oct 2017
    FIG. 3
    4/8
    2017101474 30 Oct 2017
    FIG. 4A
    5/8
    2017101474 30 Oct 2017
    FIG. 4B
    6/8
    2017101474 30 Oct 2017
    FIG. 5
    7/8
    2017101474 30 Oct 2017
    FIG. 6
    8/8
    2017101474 30 Oct 2017
    FIG. 7
AU2017101474A 2016-09-19 2017-10-30 Frameworks, systems and methodologies configured for Gold, Alex enabling adaptable and configurable multiple factor authentication/verification, including gamified methods for secure transaction authentication/verification Ceased AU2017101474A4 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AU2016903772A AU2016903772A0 (en) 2016-09-19 Frameworks and methodologies configured for enabling 2 point authentication/verification, including gamified methods for secure transaction authentication/verification
AU2016903772 2016-09-19
AU2016904968 2016-12-02
AU2016904968A AU2016904968A0 (en) 2016-12-02 Frameworks, systems and methodologies configured for enabling adaptable and configurable multiple factor authentication/verification, including gamified methods for secure transaction authentication/verification

Publications (1)

Publication Number Publication Date
AU2017101474A4 true AU2017101474A4 (en) 2018-02-15

Family

ID=61167717

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2017101474A Ceased AU2017101474A4 (en) 2016-09-19 2017-10-30 Frameworks, systems and methodologies configured for Gold, Alex enabling adaptable and configurable multiple factor authentication/verification, including gamified methods for secure transaction authentication/verification

Country Status (1)

Country Link
AU (1) AU2017101474A4 (en)

Similar Documents

Publication Publication Date Title
US12356184B2 (en) Systems and methods for detected-capability-based authentication of a mobile device for performing an access operation with a local device
US11539526B2 (en) Method and apparatus for managing user authentication in a blockchain network
US8510797B2 (en) Online user authentication
US20180075438A1 (en) Systems and Methods for Transacting at an ATM Using a Mobile Device
US20250252432A1 (en) Tokenized contactless transaction enabled by cloud biometric identification and authentication
US9536107B2 (en) System and method enabling multiparty and multi level authorizations for accessing confidential information
US20140279489A1 (en) Systems and methods for providing alternative logins for mobile banking
US11715105B2 (en) Payment authentication using OS-based and issuer-based authenticator applications
US12184641B1 (en) Secure computer-implemented authentication
US11961071B2 (en) Secure transactions over communications sessions
US12052236B2 (en) Method and system for detecting two-factor authentication
US11044250B2 (en) Biometric one touch system
US20240289718A1 (en) Service workflow integration platform
US10825003B2 (en) Method and system for large transfer authentication
Prasad et al. A Study on Enhancing Mobile Banking Services using Location based Authentication
CA2886548A1 (en) Methods and systems relating to real world and virtual world identities
AU2017101474A4 (en) Frameworks, systems and methodologies configured for Gold, Alex enabling adaptable and configurable multiple factor authentication/verification, including gamified methods for secure transaction authentication/verification
US20230130024A1 (en) System and method for storing encryption keys for processing a secured transaction on a blockchain
US20250307798A1 (en) Systems and methods for detected-capability-based authentication of a mobile device for performing an access operation with a local device
Aithal A Study on Enhancing Mobile Banking Services Using Location Based Authentication

Legal Events

Date Code Title Description
NB Applications allowed - extensions of time section 223(2)

Free format text: THE TIME IN WHICH TO ASSOCIATE WITH A COMPLETE APPLICATION HAS BEEN EXTENDED TO 19 NOV 2017

FGI Letters patent sealed or granted (innovation patent)
DA3 Amendments made section 104

Free format text: THE NATURE OF THE AMENDMENT IS: AMEND THE INVENTION TITLE TO READ FRAMEWORKS, SYSTEMS AND METHODOLOGIES CONFIGURED FOR ENABLING ADAPTABLE AND CONFIGURABLE MULTIPLE FACTOR AUTHENTICATION/VERIFICATION, INCLUDING GAMIFIED METHODS FOR SECURE TRANSACTION AUTHENTICATION/VERIFICATION

MK22 Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry