telecommunications network server device, method of authenticating a user to a third party electroni
专利摘要:
a telecommunications network server system provides a digital identifier to a user's device. the digital identifier can include identification data corresponding to a user of the user's device. in addition, the telecommunications network server system receives, from one or more third party systems, requests to authenticate the user for an electronic transaction with the respective third party system. the telecommunications network server system provides a unique electronic transaction code for each third party system. in response to receiving, from the user's device, one of the unique electronic transaction codes, the telecommunications network server system provides the respective third party system with user authentication. 公开号:BR112019013980A2 申请号:R112019013980 申请日:2018-01-05 公开日:2020-04-28 发明作者:Pigg Esther;Cano Helcio;Romain Marty;Bijlani Ravindra;Huffman Rich;Michaelson Richard;Harris Rob;Van Zyl Vivian 申请人:Equifax Inc;Fidelity Information Services Llc; IPC主号:
专利说明:
“TELECOMMUNICATIONS NETWORK SERVER DEVICE, METHOD OF AUTHENTICATING A USER FOR AN ELECTRONIC THIRD PARTY DEVICE AND A LEGIBLE MEDIA BY NON-TRANSITIONAL COMPUTER” Related Orders [001] The present invention claims priority for provisional order US 62 / 443,236, “Confirming Authenticity of a User to a Third-Party Systeni ', filed on January 6, 2017, which is hereby incorporated by reference in its entirety . Technical Field [002] This invention generally refers to the field of secure authentication and, more specifically, it refers to the authentication of requests for online interactions. Background of the Invention [003] A consumer associated with a user's device, such as a personal computer or mobile device, can use the device to interact with another party, such as an online service. For example, a consumer can use his user device to initiate a transaction to open an account within an online service. To verify the consumer's identity, the online service may request authentication information, such as personally identifiable information. But, the consumer may enter the information incorrectly on the user's device or may not have access to all the information requested on the user's device (for example, if the user is using a mobile device outside the home). Consequently, the user may be frustrated with the authentication process and disconnect from the transaction. [004] In addition, or alternatively, an online service may receive a fraudulent transaction request from a copycat who trusts the Petition 870190062903, of 07/05/2019, p. 70/120 2/35 relative anonymity provided by the Internet to participate in fraudulent online transactions. For example, the impersonator can enter the user's personal information on a different device that is not associated with the user. However, the online service may be unable to determine that the impersonator's device is not associated with the user. Short Description [005] According to certain embodiments, a telecommunications network server device authenticates a user to a third-party computing system. For example, the telecommunications network server provides a digital identifier for a user device associated with the user. Additionally or alternatively, the telecommunications network server receives an authentication request from the third party computing system. The authentication request can be for an electronic transaction between the third-party computer system and the user's device. In response to receiving the authentication request, the telecommunications network server may transmit an electronic transaction code to the third party computer system. In some cases, the third-party computer system provides the electronic transaction code for the user's device. In some embodiments, the telecommunications network server receives the electronic transaction code and the digital identifier of the user's device. In addition, the telecommunications network server can confirm the electronic transaction code and digital identifier, for example, by confirming that the digital identifier is associated with the user's device or confirming that the electronic transaction code has been provided to the third party system. In response to confirmation of the electronic transaction code and digital identifier, the telecommunications network server may transmit to the third party system a confirmation of the authenticity of the user's device and the associated user. Petition 870190062903, of 07/05/2019, p. 71/120 3/35 [006] These illustrative aspects are mentioned not to limit or define the invention, but to provide examples to aid their understanding. Additional aspects are discussed in the Detailed Description, and additional description is provided there. Description of the Figures [007] Features, aspects and advantages of the present invention are better understood when the following Detailed Description is read with reference to the attached drawings, where: Figure 1 is a block diagram that represents an example of a computer system to confirm the authenticity of a user who seeks to use a user's device to perform electronic transactions, according to certain aspects; Figure 2 is a flowchart representing an example of a method to confirm the authenticity of a user who seeks to carry out electronic transactions with third parties, according to certain aspects; Figure 3 is a flowchart representing an example of a data flow in which an electronic transaction code is provided from a telecommunications network server to a third party system, according to certain aspects; Figure 4 is a diagram that represents an example of a data flow in which a telecommunications network server provides or denies a confirmation of a user's authenticity, according to certain aspects; and Figure 5 is a block diagram representing an example of a telecommunications network server to perform authentication operations, according to certain aspects. Detailed Description [008] Certain aspects and characteristics of the present invention Petition 870190062903, of 07/05/2019, p. 72/120 4/35 concern a system that can confirm the authenticity of a user who seeks to conduct electronic transactions with third parties. The system can authenticate the user to third parties while providing control for authentication to the user. After registering a user, a digital identifier can be provided and stored on a user's device associated with the user. The system may receive a request from a third party that the user is attempting to perform an electronic transaction with the third party and that the user must be authenticated before the electronic transaction can be carried out. The system can provide the transaction code electronically to the third party and the third party can provide the transaction code to the user. The system can receive, from the user's device, the digital identifier and the transaction code. After confirming both, the system can provide confirmation of the user's authenticity to the third party. Techniques for authenticating a user associated with a user device requesting a transaction can reduce fraudulent transactions that are requested using false or stolen personal information. In addition, techniques for providing identifying information to third parties can reduce user input errors and improve the rate of completion of requested transactions. The user can carry out transactions with several third parties in a simple and more secure way, without requiring the user to remember or have authentication credentials for each of the various parties separately. In addition, the user can be authenticated without necessarily providing personally identifiable information to third parties and can optionally control the amount of personally identifiable information provided by the system to third parties. Techniques can authenticate a user by requesting a transaction with a third party and allow the third party to receive personal information about the authenticated user. [009] A system according to some aspects can act Petition 870190062903, of 07/05/2019, p. 73/120 5/35 as a proxy agent that proves the user to the third party. During the registration process, the user can be sufficiently authenticated (for example, using various levels of authentication or using a highly trusted authentication process). After successful registration, the user may have the power to choose which third party to allow to be authenticated and, in some instances, to allow the system to provide personally identifiable information about the user to third parties. For example, the user can instruct the system as to the type and amount of personally identifiable information or "PH" to share with the third party, potentially making completing forms and other problems with the transaction more efficient. Examples of PH include name, address, sex, age, social security number, place of birth, mother's maiden name, etc. [010] In some instances, the user may experience an easier authentication process and, at the same time, reduce the number of false positives or fraudulent transactions that would otherwise be possible. The need for the user to provide or enter the user's personally identifiable information to the third party to complete the authentication process with the third party can be eliminated. The user can take advantage of the convenience, increased security through authentication factors introduced before filling in, risk-based scoring, reduced opportunity for failure and inaccuracy in data entry and reduced abandonment related to entry fatigue. For example, if each third party performs its own authentication process, the user is often asked to repeatedly enter their PH and is authenticated with each third party using those PH. The user may tire or incorrectly enter their PH and refuse to proceed with the transaction (such as opening an account or accessing protected information from third parties). The use of some examples of a system according to the present invention can help a user to Petition 870190062903, of 07/05/2019, p. 74/120 6/35 avoid such repetitive and error-prone authentication processes. [011] The digital identifier may be attached or attached to the user's device, so the user is required to use that user's device to communicate with the system. For example, the digital identifier can be associated with the system with the media access control (“MAC”) address of the user's device or some other device identifier and is prevented from being transferred from the user's device to another user's device . The digital identifier, however, can be “federated” in the sense that it can be used by the user to authenticate the user against multiple third parties without requiring the user to provide PH to any of the third parties. [012] The transaction code can be any appropriate information that indicates a requested transaction. In some ways, the transaction code can be a quick response code (“QR”) that can be displayed by the third party and scanned by the user's device, saving even more time and effort for the user. In addition, or alternatively, the transaction code can be another type of digital identifier that is provided to the user's device through any suitable process. The system can track the time period after providing the transaction code to the third party for access by the user before the user provides the code and digital identifier to the system, and refuses to confirm the user's authenticity after a certain period of time to prevent fraud . [013] The system can include a telecommunications network server that can communicate through a network port to a telecommunications network that can include the Internet, cellular network, WiFi networks, near field communication networks, other networks or any combination of these. The telecommunications network server can perform an authentication mechanism to manage communications with the device Petition 870190062903, of 07/05/2019, p. 75/120 7/35 user and third party electronic devices that are separate from the server and from each other, access a database in which the user's Pll and other user information is stored and otherwise manage the confirmation process the user's authenticity to third parties. Optionally, the telecommunications network server can generate and provide the digital identifier to the user's device. In other examples, a separate system generates the digital identifier and provides it to the user's device. [014] These illustrative examples are given to introduce the reader to the subject matter discussed here and are not intended to limit the scope of the revealed concepts. The following sections describe several additional features and examples with reference to the drawings in which similar numbers indicate similar elements, but should not be used to limit the present invention. Example of an Operating Environment [015] Referring now to the drawings, Figure 1 represents an example of a computing system (100) that is usable to confirm the authenticity of a user looking to use a user device (102) to perform electronic transactions with third party systems (104) that are operated by, or otherwise associated with, third parties. Figure 1 illustrates examples of hardware components of a computing system (100) according to some aspects. The computing system (100) is a specialized computing system that can be used to perform large amounts of authentication operations using a large number of computer processing cycles. [016] The number of devices represented in Figure 1 are provided for illustrative purposes. Different numbers of devices can be used. For example, while certain devices or systems (for example, Petition 870190062903, of 07/05/2019, p. 76/120 8/35 a telecommunications network server (108), network-connected storage (112), etc.) are shown as unique devices in Figure 1, several devices can instead be used to implement these devices or systems (for example, a cloud-based or network-based telecommunications network server system, a group of storage devices connected to the network, etc.). [017] The computing system (100) can include one or more user devices (102). User devices (102) can include client devices that can communicate with the telecommunications network server (108). For example, user devices (102) can send data to the telecommunications network server (108) to be processed, they can send signals to the telecommunications network server (108) to control different aspects of the computing environment or the data you are processing. User devices (102) can interact with the telecommunications network server (108) through one or more data networks (106). [018] The computing system (100) may include one or more third party systems (104). Each third party system (104) can include one or more third party electronic devices (for example, computing devices or groups of computing devices), such as individual servers or groups of servers operating in a distributed manner. A third party system (104) can communicate with the telecommunications network server (108). For example, third party systems (104) can send data to the telecommunications network server (108) to be processed, they can send signals to the telecommunications network server (108) to control different aspects of the computing environment or the data that is processing. Third party systems (104) can interact with the telecommunications network server (108) via one or more Petition 870190062903, of 07/05/2019, p. 77/120 9/35 data networks (106). Third party systems (104) can also interact with user devices (102) through one or more data networks (106) to facilitate electronic transactions between users of user devices (102) and third parties who use, operate or are otherwise associated with third party systems (104). [019] Each communication within the computing system (100) (for example, between user devices (102) and the telecommunications network server (108), between third-party systems (104) and the telecommunications network server ( 108) etc.) can occur over one or more data networks (106). A data network (106) can include one or more of a variety of different types of networks, including a wireless network, a wired network, or a combination of a wired and wireless network. Examples of suitable networks include the Internet, a personal network, a local area network (“LAN”), a wide area network (“WAN”) or a wireless local area network (“WLAN”). A wireless network can include a wireless interface or a combination of wireless interfaces. A wired network can include a wired interface. Wired or wireless networks can be implemented using routers, access points, bridges, ports (gateways) or similar, to connect devices on the data network (106). [020] A data network (106) can include network computers, sensors, databases or other devices that can transmit or otherwise provide data to the telecommunications network server (108). For example, a data network (106) can include local area network devices, such as routers, hubs, switches, or other computer network devices. The data networks (106) may be incorporated entirely within (or may include) an intranet, an extranet or a combination thereof. In one example, communications between two or more systems or devices can be achieved by a communication protocol. Petition 870190062903, of 07/05/2019, p. 78/120 10/35 secure communications, such as the secure sockets layer (“SSL”) or the transport layer security (“TLS”). In addition, transactional data or details can be encrypted. [021] The computing system (100) may also include a telecommunications network server (108). The telecommunications network server (108) can be a specialized computer or other machine that processes the data received within the computing system (100). The telecommunications network server (108) can include one or more processing devices that execute program code, such as an authentication mechanism (110). The program code is stored in a non-transitory, computer-readable medium. [022] The authentication mechanism (110) can perform a set of operations to authenticate a user from a user device (102). The authentication mechanism (110) can configure the telecommunications network server (108) to communicate data with one or more third party systems (104) relating to user authentication, as described in more detail here. [023] The telecommunications network server (108) can include one or more other systems. For example, the telecommunications network server (108) may include a database system for accessing network-connected storage (112), a communications grid, or both. A communications grid can be a grid-based computing system for processing large amounts of data. [024] The computing system (100) can also include one or more storage connected to the network (112). Network-linked storage (112) can store a variety of different types of data organized in several different ways and from a variety of different sources. For example, network-attached storage (112) can include storage Petition 870190062903, of 07/05/2019, p. 79/120 11/35 different from the primary storage located within the telecommunications network server (108) which is directly accessible by the processors located therein. In some respects, network-connected storage (112) may include secondary, tertiary or auxiliary storage, such as large hard drives, servers, virtual memory, among other types. Storage devices can include portable or non-portable storage devices, optical storage devices and various other media capable of storing and containing data. A machine-readable storage medium or a computer-readable storage medium may include a non-transitory medium in which data can be stored and which does not include carrier waves or transient electronic signals. Examples of a non-transitory medium may include, for example, a disk or magnetic tape, optical storage media, such as compact disk or versatile digital disk, flash memory, memory or memory devices. [025] Network-connected storage (112) can include memory devices for storing digital identifiers (114), electronic transaction codes (116) and obfuscated digital identifiers (118). One or more of the digital identifiers (114), electronic transaction codes (116) and obfuscated digital identifiers (118) can be received by a telecommunications network server (108) through a data network (106), generated by the server telecommunications network (108) based on communications with user devices (102), generated by the telecommunications network server (108) based on communications with third party systems (104), or some combination thereof. [026] Digital identifiers (114) can include identification data (for example, numeric data, alphanumeric data or some other suitable data set) that correspond to a particular user Petition 870190062903, of 07/05/2019, p. 80/120 12/35 of a user device (102). The telecommunications network server (108) can generate or otherwise obtain a digital identifier (114) for a particular user and transmit the digital identifier (114) to a user device (102) for storage on the user device (102). In authentication operations, the authentication mechanism (110) can correspond to copies of digital identifiers (114), which are received through one or more data networks (106), to store digital identifiers (114) and thus verify the identities of certain users of user devices (102). [027] For example, in an online session between a third party system (104) and a user device (102) having a copy of a digital identifier (114), the user device (102) can provide the digital identifier ( 114) and an electronic transaction code (116) to the telecommunications network server (108) The authentication mechanism (110) performed by the telecommunications network server (108) can use the digital identifier (114) and the transaction code (116) to authenticate a user of the user's device (102). The authentication mechanism (110) can cause the telecommunications network server (108) to send a confirmation of this authentication to the third party system (104). [028] Electronic transaction codes (116) may include identification data (for example, numeric data, alphanumeric data or some other suitable data set) that correspond to transactions between user devices (102) and third party systems (104 ). Each electronic transaction code (116) can uniquely identify or otherwise correspond to a particular transaction between a user of a user's device (102) and a third party associated with a third party system (104). [029] Obfuscated digital identifiers (118) may include Petition 870190062903, of 07/05/2019, p. 81/120 13/35 transformed versions of digital identifiers (114) that are usable by third party systems (104) to authenticate users. The authentication mechanism (110) (or other program code executed by the telecommunications network server (108)) can generate a transformed version of a digital identifier (114) by copying the digital identifier (114) and changing data in the copy of the identifier digital (114) to create an obfuscated digital identifier (118). In some respects, a particular obfuscated digital identifier (118) is specific to a particular third party system (104) associated with a particular third party. For example, the telecommunications network server (108) can use the same digital identifier (114) to generate two different obfuscated digital identifiers (118) for different third parties who can enter into transactions with the user corresponding to the digital identifier (114). [030] The features discussed here are not limited to any specific architecture or hardware configuration. A computing device can include any suitable arrangement of components that provide a result conditioned to one or more inputs. Suitable computing devices include multi-purpose, microprocessor-based computing systems that access stored software that programs or configures the computing system of a general-purpose computing device to a specialized computing device implementing one or more aspects of the subject matter in question. Any programming, script or other suitable type of language, or combinations of languages, can be used to implement the teachings contained here in the software to be used in programming or configuring a computing device. Examples of Authentication Operations [031] The following examples of authentication operations are provided for illustrative purposes. These illustrative examples involve, for Petition 870190062903, of 07/05/2019, p. 82/120 14/35 example, secure authentications of users who are conducting transactions with third parties (for example, consumers who are opening new accounts with commercial entities). In some aspects, the authentication operations described in this invention can provide a simplified authentication process for the user. For example, the authentication operations described in this invention can reduce the need for a user to provide Pll or other sensitive data to enter into a transaction with a third party. The authentication mechanism (110) can authenticate a user through a trusted device (for example, a user device (102)) and provide Pll for the authenticated user to a third party (for example, a business entity) as part of a transaction between the user and the third party. [032] Figure 2 is a flowchart representing an example of a method (200) to confirm the authenticity of a user who seeks to conduct electronic transactions with third parties. For illustrative purposes, method (200) is described with reference to the embodiment shown in Figure 1 and several other examples described herein. But other embodiments are possible. [033] Method (200) may include receiving, from a third party electronic device, a request indicating that a user is requesting to be authenticated for a transaction with the third party electronic device, as represented in block (202) . The authentication mechanism (110) can be performed by one or more processing devices suitable for implementing the block (202). The telecommunications network server (108) can execute the authentication mechanism (110) to receive the request through a network communication port or other suitable network interface device. [034] For example, an online session can be established Petition 870190062903, of 07/05/2019, p. 83/120 15/35 between a user device (102) and one or more third party systems (104) via the Internet or another data network (106). The session may allow a user's device (102) to communicate with the third party system (104) and thus perform one or more electronic transactions involving the user's device (102) and an online service hosted by (or in some way) associated) third party system (104). If the user has to be authenticated for one or more transactions with the third party system (104), the user device (102) can indicate to a third party system (104) that a user of the user device (102) has a digital identifier (114) which is maintained by the telecommunications network server (108). The third party system (104) can transmit, based on this indication, a request to the telecommunications network server (108) to perform one or more operations to authenticate the user. [035] The method (200) can also include the transmission of an electronic transaction code to the third party electronic device, as represented in the block (204). The authentication mechanism (110) can be performed by one or more suitable processing devices from the telecommunications network server (108) to implement the block (204). For example, the authentication mechanism (110) may generate or otherwise obtain an electronic transaction code (116) in response to receipt of the request in the block (202). The authentication mechanism (110) can associate the electronic transaction code (116) with the request so that the electronic transaction code (116) is specific to a particular third party. The authentication mechanism (110) can configure the telecommunications network server (108) to transmit the electronic transaction code (116) to the third party electronic device. [036] The method (200) may also include receiving the electronic transaction code and a digital identifier from a user's device, Petition 870190062903, of 07/05/2019, p. 84/120 16/35 as shown in block (206). The authentication mechanism (110) can be performed by one or more suitable processing devices from the telecommunications network server (108) to implement the block (206). [037] The method (200) can also include the attempt to confirm the electronic transaction code and the digital identifier, as represented in the block (208). The authentication mechanism (110) can be performed by one or more suitable processing devices from the telecommunications network server (108) to implement the block (208). For example, the authentication mechanism (110) can confirm a copy of an electronic transaction code (116) that was received from a user's device (102) and a copy of a digital identifier (114) that was received at from the user's device (102). [038] Confirmation of the electronic transaction code may include verification that the transaction code has not expired. In some respects, an electronic transaction code (116) may expire if it is received from a user device (102) in the block (206) after a threshold period of time, provided that the electronic transaction code (116) has been transmitted to a third party system device (104) in the block (204). [039] Confirmation of the digital identifier may include verification of the authenticity of a user associated with the digital identifier. In some aspects, the telecommunications network server (108) can transmit a digital identifier (114) to a user's device (102) before the method (200) is executed. The digital identifier (114) can be transmitted to the user device (102) based on the telecommunications network server (108) authenticating a user of the user device (102) (for example, using Pll or other data about the user which can be stored in network-connected storage (112) or other non-transitory computer-readable medium). The digital identifier can be attached or connected Petition 870190062903, of 07/05/2019, p. 85/120 17/35 electronically to the user's device (102). [040] In block (208), the telecommunications network server (108) can respond to the receipt of the electronic transaction code and digital identifier, transmitting a demand to the user's device (102) for the user to provide confirmatory input to the user's device. The confirmatory entry can include, for example, a personal identification number, a password, an answer to a challenge question provided by the authentication mechanism (110), scanned fingerprint or other biometric data, etc. Confirmation of the digital identifier can include the authentication mechanism (110) receiving this confirmatory entry and matching the confirmatory entry with data about the user (for example, a credential or other authentication information, biometric information, etc.) stored in the network-connected storage (112) or other non-transitory computer-readable medium accessible to the telecommunications network server (108). If the telecommunications network server (108) does not receive confirmatory input from the user's device, the telecommunications network server (108) may refuse to provide confirmation that the user has been authenticated. [041] If the electronic transaction code and digital identifier are confirmed, the method (200) may include the transmission of a confirmation of authenticity from the user to the third party electronic device, as represented in the block (210). The authentication mechanism (110) can be performed by one or more suitable processing devices from the telecommunications network server (108) to implement the block (210). In one example, the telecommunications network server (108) may transmit a confirmation of authenticity subsequent to the verification that the electronic transaction code has not expired and receipt of the confirmatory entry from the user's device. Petition 870190062903, of 07/05/2019, p. 86/120 18/35 [042] In some respects, the telecommunications network server (108) can transmit additional data about the user to the third party electronic device, after transmitting the user's authenticity confirmation. For example, the telecommunications network server (108) can receive, from a user device (102), a command to share Pll about the user with the third party system (104). The command can include or be accompanied by a specification of one or more types of Pll to be shared with the third party system (104). The telecommunications network server (108) can respond to the command by transmitting, to the third party system (104), the specified Pll. [043] If the electronic transaction code and digital identifier are not confirmed, the method (200) may include the transmission, to the third party electronic device, of a refusal to confirm the authenticity of the user, as represented in the block (212 ). The authentication mechanism (110) can be performed by one or more suitable processing devices from the telecommunications network server (108) to implement the block (212). [044] Although Figure 2 describes the method (200) in relation to a single third party, the telecommunications network server (108) can execute the method (200) in relation to a particular user and several third parties associated with third party systems separated (104). For example, the telecommunications network server (108) can receive requests from multiple third party systems (104) that are separate from each other. The telecommunications network server (108) can respond to requests by performing one or more operations described above in relation to blocks (204) - (208). The telecommunications network server (108) can transmit multiple electronic transaction codes to third-party electronic devices, where each electronic transaction code is a unique code that corresponds to a Petition 870190062903, of 07/05/2019, p. 87/120 19/35 transaction. The telecommunications network server (108) can receive these electronic transaction codes and the digital identifier from a user device (102). The telecommunications network server (108) can confirm the electronic transaction codes and the digital identifier and, if the electronic transaction codes and the digital identifier are confirmed, transmit confirmations of the user's authenticity to third party systems (104). [045] Figure 3 represents an example of a data flow between a third party system (104) and a telecommunications network server (108) in which an electronic transaction code (116) is provided from the telecommunications network server (108) for the third party system (104). In some aspects, the flow data represented in Figure 3 can be used to implement the blocks (202) and (204) of the method (200). For illustrative purposes, Figure 3 represents an example where the electronic transaction code (116) is a QR code and the transaction associated with the electronic transaction code (116) involves a request for Pll by the third party system (104). But other embodiments are possible. For example, the electronic transaction code (116) can be an identifier that is provided to the user's device through another technique. [046] In this example, the telecommunications network server (108) can receive, via a data network and a third party system (104), a communication (302) that includes a Pll request and a transaction identifier . The user device (102) can transmit the communication (302) via any suitable client application, such as a web browser application that can access the telecommunications network server (108) via the Internet or another data network (106). The transaction identifier can identify a transaction involving the user device (102) and a third party system (104). For example, the Petition 870190062903, of 07/05/2019, p. 88/120 20/35 transaction identifier can be a session key that identifies a communication session in which a user accesses the third party service over the Internet (for example, accessing an online financial service and initiating a claim or other financial transaction). [047] In some respects, the communication (302) received from the user's device (102) may also include additional data. An example of this additional data is a channel subscription. The channel subscription may include information about a browser application being used by the user's device (102) to access the third party's online service, a geographic location of the user's device, etc. Another example of this additional information is an identifier for the third party. The telecommunications network server (108) can respond to receiving the communication (302) by executing operations (304), (306) and (308) and transmitting a responsive communication (310) to the third party system (104). [048] In operation (304), the telecommunications network server (108) can maintain service entries based on the transaction identifier included in the communication (302). For example, the telecommunications network server (108) can generate a record in an appropriate data structure (for example, a database stored in network-connected storage (112)). The telecommunications network server (108) can store the Pll request, along with any other additional data (for example, the channel subscription) included in the request, in the generated record. The record can include the transaction identifier as a unique identifier for these stored service entries. [049] In operation (306), the telecommunications network server (108) can generate a QR code (or another electronic transaction code). The telecommunications network server (108) also Petition 870190062903, of 07/05/2019, p. 89/120 21/35 can generate a QR image that is scanned by a scanning device that is included or communicatively coupled to the user's device (102). The QR image can encode the QR code. [050] In operation (308), the telecommunications network server (108) can correlate the PH request with one or more of the generated QR code and the generated QR image. In one example, the telecommunications network server (108) can store one or more of the generated QR code and the generated QR image in the record generated in the operation (304). In another example, the telecommunications network server (108) can generate a record in an appropriate data structure (for example, a database stored in network-connected storage (112)) and store one or more of the QR code generated and the QR image generated in the record. [051] The telecommunications network server (108) can transmit a responsive communication (310) to the third party system (104). Responsive communication (310) can include one or more of the generated QR code and the generated QR image. The third party system (104) may cause one or more QR codes and the QR image to be displayed on (or otherwise accessible through) the same communication channel through which a user's device (102) has accessed a third party system (104). [052] The QR code provided to the third party system (104) can subsequently be used by a user device (102) to request the telecommunications network server (108) to confirm the authenticity of a user of the user device ( 102). For example, Figure 4 illustrates an example of a data flow involving a user device (102), a third party system (104) and a telecommunications network server (108) on which the telecommunications network server (108 ) Petition 870190062903, of 07/05/2019, p. 90/120 22/35 provides confirmation of a user's authenticity or denies confirmation. In some respects, the data flow represented in Figure 4 can be used to implement the blocks (206) - (212) of the method (200). For illustrative purposes, Figure 4 represents an example where the electronic transaction code is a QR code and the transaction between the user's device (102) and the third party system (104) involves the transmission of Pll to the third party system (104). But other embodiments are possible. [053] In this example, the telecommunications network server (108) can receive, via a data network and from a user device (102), a communication (402) that includes a confirmation request. The confirmation request can include a QR code (or other electronic transaction code) and a digital identifier for the user of the user's device (102). For example, the user's device (102) can be used to enter a QR code, which was displayed using the third party system (104) after the communication transmission (310), or to capture a QR image, which was displayed using the third party system (104) after the communication transmission (310). If the QR image is captured, the QR image can be decoded into the QR code. The entered or decoded QR code can be supplied to a client application executed on the user's device (102). The client application can generate the communication (402) having the QR code and the digital identifier. In some aspects, the communication (402) may also include subscription data for the user's device (102), such as data indicating a geographic location of the user's device (102). [054] In some respects, the user device (102) transmits the communication (402) via a secure, out-of-band communication channel to the telecommunications network server (108). The secure, out-of-band communication channel used to communicate with the Petition 870190062903, of 07/05/2019, p. 91/120 23/35 telecommunications network (108) is different from a communication channel with which the user's device (102) communicates with the third party system (104). [055] The provision of the digital identifier in the communication (402) may allow the implicit identification of a user of the user's device (102) by the telecommunications network server (108). In some aspects, the provision of the digital identifier in the communication (402) may allow the non-rejection, by the user, of a transaction involving the user and the third party and which is facilitated using the data flow represented in the Figure 4. [056] The telecommunications network server (108) can respond to the receipt of the communication (402) by performing various operations that involve confirming the user's identity or being unable to properly confirm the user's identity. For example, in operation (404), the telecommunications network server (108) can validate the QR code received in the communication (402), combining the received QR code with a stored QR code (that is, one of the electronic transaction codes (116) stored in network-connected storage (112)). [057] In operation (404), the telecommunications network server (108) can also associate the QR code with the received digital identifier. For example, the telecommunications network server (108) can retrieve, based on the received QR code, information about a certain third party system (104) that is associated with a session key or other transaction identifier that is received in the stream of data represented in Figure 3. The retrieved data allows the telecommunications network server (108) to identify a particular user, who is involved in a transaction with the third party system (104), based on an interaction with the device of the user (102) through the network server Petition 870190062903, of 07/05/2019, p. 92/120 24/35 telecommunications (108) (for example, communication (402)). [058] The telecommunications network server (108) can generate or update a record involving the communication (402), where the record identifies the confirmation request included in the communication (402), the QR code included with the confirmation request and the digital identifier received with the confirmation request. In some respects, the registry may also identify subscription data (for example, data indicating a geographic location of the user's device (102)) that is received in the communication (402). [059] In some ways, the telecommunications network server (108) can also perform an operation (406), which involves determining whether the received QR code has expired. For example, the authentication mechanism (110) can track the time between providing the QR code to a third-party electronic device (for example, through the communication (310) represented in Figure 3) and receiving the QR code and the digital identifier of a user device (102) (for example, through communication (402) represented in Figure 4). In operation (406), the authentication mechanism (110) can compare the scanned time period with a threshold time period. Operation (406) can prevent fraud by increasing the likelihood that a user who provides the QR code to the telecommunications network server (108) is truly the intended recipient of the QR code in the data stream of Figure 3. [060] If the tracked time period exceeds the threshold time period, the authentication mechanism (110) can configure the telecommunications network server (108) to transmit a communication (408) to the third party system (104). The communication (408) includes a message indicating that the telecommunications network server (108) has denied the request to confirm the authenticity of the user of the user device Petition 870190062903, of 07/05/2019, p. 93/120 25/35 (102). This refusal to confirm the user's authenticity may include a “QR timeout message” or other appropriate message indicating that a long time has passed since the QR code (or other suitable electronic transaction code) was provided to the third party system (104) . [061] If the scanned time period does not exceed the threshold time period, the authentication mechanism (110) can configure the telecommunications network server (108) to perform one or more additional operations to confirm the user's authenticity. For example, the authentication mechanism (110) can perform operations (410), (412), (414). [062] In operation (410), the authentication mechanism (110) can perform one or more authentication operations in relation to the user. Examples of these authentication operations include (but are not limited to) requesting and confirming a user's personal identification number via the user's device (102), requesting and confirming certain biometric data from the user via the user's device (102) etc. For example, the user of the user device (102) is authenticated according to one or more policies used by the authentication mechanism (110), the third party associated with the third party system (104), or both. Authentication can be performed in an out-of-band manner, such that the telecommunications network server (108) communicates with the user device (102) through a communication channel other than the communication channel used by the user device (102) and the third party system (104). The authentication operation allows the authentication mechanism (110) to verify that the user device (102) is in the possession of a user associated with the digital identity. [063] In operation (412), the authentication mechanism (110) can configure the telecommunications network server (108) to maintain a state for the digital identifier (for example, storing the state in the Petition 870190062903, of 07/05/2019, p. 94/120 26/35 network-connected storage (112) or other suitable non-transitory computer-readable medium). [064] In operation (414), the authentication mechanism (110) can perform a risk assessment for the user. The risk assessment operation can generate a risk score for the user. The risk assessment operation can include one or more entries related to the user, the transaction (for example, the channel subscription) or some combination of them. [065] Any suitable operation or set of operations can be used for risk assessment. In one example, the telecommunications network server (108) can determine a Pll speed associated with the digital identifier and generate a risk score based on the Pll speed. Pll speed can include a number of times, within a given period, that identification information or parts of identification information (for example, a name, a social security number, the last four digits of a security number social, etc.) were provided or otherwise used by the telecommunications network server (108) or an analytical system in communication with the telecommunications network server (108). For example, the speed of Pll for a particular identity can increase if a large number of credit checks have been carried out for that identity. In another example, the telecommunications network server (108) can determine a transactional speed associated with the digital identifier and produce a risk score based on the transactional speed. Transactional speed can include the number of transactions, within a certain period, whose transactions involving an identity have been provided or otherwise used by the telecommunications network server (108) or an analytical system in communication with the network server telecommunications (108). Petition 870190062903, of 07/05/2019, p. 95/120 27/35 For example, the transaction speed of a specific identity can increase if a large number of accounts are opened for that identity within a certain period of time. In another example, the telecommunications network server (108) can determine whether any known fraud indicators are associated with the digital identifier. [066] In operation (416), the authentication mechanism (110) can determine whether the risk score for the user exceeds a threshold risk score. If the risk score for the user exceeds a threshold risk score, the authentication mechanism (110) can configure the telecommunications network server (108) to transmit a communication (418) to the third party system (104). [067] Communication (418) includes a message indicating that the telecommunications network server (108) has denied the request to confirm the authenticity of the user's user device (102). This refusal to confirm the user's authenticity may include a transaction identifier and risk score. The transaction identifier and risk score allows the third party system (104) to determine that an unacceptable level of risk is involved in the continuity of a transaction, which is identified by the transaction identifier, with a specific user associated with the identified transaction. [068] In some respects, the telecommunications network server (108) can identify a state of the user's device (102). In one example, the telecommunications network server (108) can communicate with the user's device (102) to verify that the user's device (102) complies with certain security baseline standards (for example, device is not unlocked or otherwise compromised). In another example, the telecommunications network server (108) can communicate with one or more other computing devices Petition 870190062903, of 07/05/2019, p. 96/120 28/35 (for example, devices associated with another online service accessed by the user's device (102)) to request a state from the user's device (102). The telecommunications network server (108) can identify the state of the user device (102) based on a response received from the other computing device. If the user's device does not comply with security standards, the telecommunications network server (108) can transmit the acknowledgment denial in the communication (418). [069] If the risk score for the user does not exceed a threshold risk score, the authentication mechanism (110) can configure the telecommunications network server (108) to perform operations (420) and (422) and to transmit a communication (424). In operation (420), the telecommunications network server (108) can retrieve Pll or other data involving the user that can be used to complete a transaction between the user and the third party. The telecommunications network server (108) can retrieve Pll or other data using the digital identifier received in the communication (402), for example, by combining the digital identifier with a private name, social security number or other identifying information that can be stored in network-connected storage (112) or other non-transitory computer-readable medium. For example, if the third party system (104) provides an online form to the user's device (102) (for example, via a web browser) requesting Pll input, the requested Pll can be retrieved by the network server telecommunications (108). [070] In operation (422), the telecommunications network server (108) can generate or otherwise obtain a third party identifier for a third party associated with the third party system (104) (for example, an identifier for a commercial entity). An example of a Petition 870190062903, of 07/05/2019, p. 97/120 29/35 third party identifier is an obfuscated digital identifier (118) that is generated specifically for a particular third party. For example, the telecommunications network server (108) can generate the obfuscated digital identifier (118) or another third party identifier and associate it with both the third party and the user of the user's device (102). In this way, the third party identifier can be used by one or more third party systems (104) associated with a particular third party to authenticate the user for subsequent transactions between the user and the third party. [071] The communication (424) can include an authentication confirmation for a user of the user's device (102). Communication (424) may also include additional data. An example of the additional data is the PLL or other data involving the user that can be used to complete a transaction between the user and the third party, which were retrieved in the operation (420). Another example of the additional data is the third party identifier that is generated or otherwise obtained in the operation (422). Another example of the additional data is the score generated by the risk assessment carried out in the operation (414). [072] In the example shown in Figure 4, an increased risk score indicates an increased risk of entering into a transaction with an entity that claims to be the user associated with the digital identifier. But other embodiments are possible. For example, a higher score generated by a risk assessment may indicate a lower risk. In this example, the authentication mechanism (110) can deny confirmation of authenticity (for example, through communication (418)) if a score generated by a risk assessment is below a threshold score and can provide confirmation of authenticity ( for example, through communication (424)) if the score generated by a risk assessment is above a threshold score. Petition 870190062903, of 07/05/2019, p. 98/120 30/35 [073] In some respects, the third party system (104) may request, through a communication (426), that the user of the user's device (102) insert limited confirmatory entries as a risk mitigation measure ( for example, last four digits of social security number, name, street number, etc.). The third party system (104) can receive, via a communication (428), the limited confirmatory inputs from the user device (102). The third party system (104) can compare confirmatory entries limited to, for example, parts of the PLL (or other data) that were provided to the third party system (104) via communication (424). The third party system (104) can associate the third party identifier received from the telecommunications network server (108) with a digital user profile maintained by the third party (for example, a user account for an online service accessible via a third party system (104)). [074] The third party system (104) can transmit a communication (430) to the telecommunications network server (108), indicating that the third party identifier has been accepted by the third party and will be used for subsequent user authentication. The telecommunications network server (108) can respond to this notification by activating the third party identifier in the operation (432). Operation (432) may include defining a third party identifier state as "active". [075] The activated third-party identifier can be used for subsequent authentications. For example, if the user subsequently requests to be authenticated using a “digital identifier” option involving communication with the authentication mechanism (110), a third party system (104) can send a request to the telecommunications network server (108) requesting that the user associated with the third party identifier be authenticated. The authentication mechanism (110) can perform Petition 870190062903, of 07/05/2019, p. 99/120 31/35 one or more operations (for example, geolocation of the user's device (102), biometrics, etc.) to authenticate the user associated with the third party identifier. Computing Environment Example for Authentication Operations [076] Any suitable computing system or group of computing systems can be used to perform the authentication operations described here. For example, Figure 5 is a block diagram that represents an example of a telecommunications network server (108). The telecommunications network server example (108) can include multiple devices for communicating with other devices in the computing system (100), as described in relation to Figure 1. The telecommunications network server (108) can include multiple devices for perform one or more authentication operations described above in relation to Figures 1 to 4. [077] The telecommunications network server (108) may include a processor (502) that is communicatively coupled to a memory (504). The processor (502) executes computer executable program code stored in memory (504), accesses information stored in memory (504), or both. The program code can include instructions executable by machine that can represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class or any combination of instructions, structures data or program instructions. A code segment can be coupled to another code segment or to a hardware circuit passing or receiving information, data, arguments, parameters or memory content. Information, arguments, parameters, data, etc. they can be passed, forwarded or transmitted by any suitable means, including memory sharing, message passing, symbol passing, network transmission, among others. Petition 870190062903, of 07/05/2019, p. 100/120 32/35 [078] Examples of a processor (502) include a microprocessor, an application specific integrated circuit, a network of programmable ports in the field or any other suitable processing device. The processor (502) can include any number of processing devices, including one. The processor (502) can include or communicate with a memory (504). The memory (504) stores the program code which, when executed by the processor (502), causes the processor to perform the operations described in this disclosure. [079] The memory (504) may include any suitable non-transitory computer-readable medium. The computer-readable medium may include any electronic, optical, magnetic or other storage device capable of providing the processor with a computer-readable program code or other program code. Non-limiting examples of a computer-readable medium include a magnetic disk, memory chip, optical storage, flash memory, storage class memory, a CD-ROM, DVD, ROM, RAM, an ASIC, magnetic tape or other magnetic storage , or any other means from which a computer processor can read and execute program code. The program code may include processor-specific program code generated by a compiler or code interpreter written in any suitable computer programming language. Examples of a suitable programming language include C, C ++, C #, Visual Basic, Java, Python, Perl, JavaScript, ActionScript, etc. [080] The telecommunications network server (108) can also include several external or internal devices, such as input or output devices. For example, the telecommunications network server (108) is shown with an input / output interface (508) that can receive input from input devices or provide output to output devices. a Petition 870190062903, of 07/05/2019, p. 101/120 33/35 bus (506) can also be included in the telecommunications network server (108). The bus (506) can connect one or more components of the telecommunications network server (108) communicatively. [081] The telecommunications network server (108) can execute program code that includes the authentication mechanism (110). The program code for the authentication mechanism (110) can be resident in any suitable computer-readable medium and can be executed on any suitable processing device. For example, as shown in Figure 5, the program code for the authentication mechanism (110) can reside in memory (504) on the telecommunications network server (108). The execution of the authentication mechanism (110) can configure the processor (502) to perform the operations described here in relation to Figures 2 to 4. In some aspects, one or more of the electronic transaction codes (116), the digital identifiers (114) and digital identifiers (118) can also be stored in memory (504). [082] In some respects, the telecommunications network server (108) may include a network interface device (510). A network interface device (510) can include any device or group of devices suitable for establishing a wired or wireless data connection to one or more data networks (106). Non-limiting examples of the network interface device (510) include an Ethernet network adapter, a modulator, etc. A network interface device (510) can include one or more network communication ports (512), where an address or other communication port identifier is used for communications with multiple client devices (e.g., a user device ( 102), a third party system (104) etc.). General Considerations [083] Numerous specific details are set out here to provide a complete understanding of the claimed subject matter. At the Petition 870190062903, of 07/05/2019, p. 102/120 However, those skilled in the art will understand that the subject matter claimed can be realized without these specific details. In other examples, the methods, apparatus or systems that would be known to a person skilled in the art have not been described in detail so as not to obscure the claimed subject matter. [084] Unless specifically stated otherwise, it is appreciated that throughout this specification, terms such as "processing", "computation", "calculation", "determination" and "identification" or similar refer to actions or processes of a computing device, such as one or more computers or a similar electronic computing device or devices, that manipulate or transform data represented as electronic or magnetic physical quantities into memories, records or other information storage devices, devices transmission or display devices of the computing platform. [085] The system or systems discussed here are not limited to any specific architecture or hardware configuration. A computing device can include any suitable arrangement of components that provides a result conditioned to one or more inputs. Suitable computing devices include computing systems based on multi-purpose microprocessors that access stored software that programs or configures the computing system of a general-purpose computing device to a specialized computing device implementing one or more aspects of the subject matter. Any suitable programming, script or other type of language, or language combinations, can be used to implement the teachings contained herein in the software to be used in programming or configuring a computing device. Petition 870190062903, of 07/05/2019, p. 103/120 35/35 [086] Aspects of the methods disclosed herein can be realized in the operation of such computing devices. The order of the blocks shown in the examples above can be varied - for example, the blocks can be reordered, combined or divided into sub-blocks. Certain blocks or processes can be executed in parallel. [087] The use of "adapted for" or "configured for" here should be understood as an open and inclusive language that does not exclude devices adapted or configured to perform additional tasks or steps. In addition, the use of “based on” must be open and inclusive, insofar as a process, step, calculation or other action “based on” one or more of the aforementioned conditions or values can, in practice, be based additional amounts or amounts in addition to those mentioned. Topics, lists and numbering included here are for explanation purposes only and should not be construed as limiting. [088] Although the present subject matter has been described in detail in relation to specific aspects of it, it will be appreciated that the technicians in the subject, when obtaining an understanding of the above, can easily produce changes, variations and equivalents to these aspects. Any aspects or examples can be combined with any other aspects or examples. Consequently, it should be understood that the present disclosure was presented for purposes of example, instead of limitation, and does not preclude the inclusion of such modifications, variations or additions to the present subject matter, as would be readily apparent to a person skilled in the art.
权利要求:
Claims (20) [1] Claims 1. TELECOMMUNICATIONS NETWORK SERVER DEVICE, characterized by the fact that it comprises: a processor; a network communication port configured to be controlled by the processor; and a non-transitory computer-readable storage device comprising instructions that are executable by the processor to: receive, via the network communication port, a request from a third party electronic device that a user is requesting to be authenticated for a transaction with the third party electronic device; in response to the request, transmit an electronic transaction code through the network communication port to the third party electronic device; receive the electronic transaction code and a digital identifier from a user's device associated with the user, the digital identifier being storable in encrypted form on the user's device and usable to authenticate the user for transactions with third-party electronic devices that are communicatively separated from one another. other; confirm the electronic transaction code and digital identifier; and in response to the confirmation of the electronic transaction code and digital identifier, transmit through the network communication port a confirmation of authenticity of the user to the electronic device of third parties. [2] 2. NETWORK SERVER DEVICE Petition 870190062903, of 07/05/2019, p. 105/120 2/10 TELECOMMUNICATIONS, according to claim 1, characterized by the fact that the non-transitory computer-readable storage device includes instructions that are executable by the processor to: transmit, through the network communication port, the digital identifier to the user's device associated with the user authenticated by the telecommunications network server device, the digital identifier being attached or electronically connected to the user's device; in response to receiving the electronic transaction code and digital identifier, transmit a demand to the user's device for the user to provide confirmatory input to the user's device for receipt by the telecommunications network server device; and transmit, through the network communication port, the confirmation of the authenticity of the user to the electronic device of third parties only after receiving the confirmatory entry. [3] 3. TELECOMMUNICATIONS NETWORK SERVER DEVICE, according to claim 1, characterized by the fact that the electronic transaction code is a rapid response code (QR) that is scanned by the user's device. [4] 4. TELECOMMUNICATIONS NETWORK SERVER DEVICE, according to claim 1, characterized by the fact that the non-transitory computer-readable storage device includes instructions that are executable by the processor to: monitor a period of time between the transmission of the electronic transaction code to the electronic device of third parties and the receipt of the electronic transaction code and digital identifier from the user's device; and in response to the determination that the time period is longer than a pre-selected threshold time period, transmit through the port Petition 870190062903, of 07/05/2019, p. 106/120 3/10 network communication an indication of unsuccessful confirmation of user authenticity to the third party electronic device. [5] 5. TELECOMMUNICATIONS NETWORK SERVER DEVICE, according to claim 1, characterized by the fact that the non-transitory computer-readable storage device includes instructions that are executable by the processor to: transmit, via the network communication port, a dimmed version of the digital identifier to the third party electronic device, the dimmed version of the digital identifier being usable by the third party electronic device to authenticate the user based on the digital identifier stored on the user's device and not being usable to confirm the authenticity of the user with the electronic transaction code. [6] 6. TELECOMMUNICATIONS NETWORK SERVER DEVICE, according to claim 1, characterized by the fact that the non-transitory computer-readable storage device includes instructions that are executable by the processor to: receive, from the user's device, a command to share personally identifiable information about the user with the third party's electronic device and one or more types of personally identifiable information to share with the third party's electronic device; and transmit, through the network communication port, the personally identifiable information about the user, as selected from the user's device to the third party electronic device. [7] 7. TELECOMMUNICATIONS NETWORK SERVER DEVICE, according to claim 1, characterized by the fact that the non-transitory computer-readable storage device includes instructions that are executable by the processor to: Petition 870190062903, of 07/05/2019, p. 107/120 4/10 receive requests from third party electronic devices that are separate from each other, requests indicating that the user is requesting to be authenticated for transactions with third party electronic devices; transmitting a plurality of electronic transaction codes to third party electronic devices, the plurality of electronic transaction codes including unique codes, so that each unique code corresponds to a transaction; receive the plurality of electronic transaction codes and the digital identifier of the user's device; and in response to confirmation of the plurality of electronic transaction codes and the digital identifier, transmit confirmations of user authenticity to third party electronic devices. [8] 8. METHOD OF AUTHENTICATING A USER FOR AN ELECTRONIC THIRD PARTY DEVICE, characterized by the fact that the method comprises operations executable by one or more processors, in which the operations include: receive, via a network communication port, a request from a third party electronic device that a user is requesting to be authenticated for a transaction with the third party electronic device; in response to the request, transmit an electronic transaction code through the network communication port to the third party electronic device; receive the electronic transaction code and a digital identifier from a user's device associated with the user, the digital identifier being storable in encrypted format on the user's device and usable to authenticate the user for transactions with electronic devices of Petition 870190062903, of 07/05/2019, p. 108/120 5/10 third parties who are communicatively separated from each other; confirm the electronic transaction code and digital identifier; and in response to the confirmation of the electronic transaction code and digital identifier, transmit through the network communication port a confirmation of the user's authenticity to the third party electronic device. [9] 9. METHOD, according to claim 8, characterized by the fact that the operations also include: transmit, through the network communication port, the digital identifier to the user's device associated with the user, with the digital identifier being attached or electronically connected to the user's device; in response to receiving the electronic transaction code and digital identifier, transmit a demand to the user's device for the user to provide confirmatory input to the user's device; and transmit, through the network communication port, the confirmation of the authenticity of the user to the electronic device of third parties only after receiving the confirmatory entry. [10] 10. METHOD, according to claim 8, characterized by the fact that the operations also include: monitor a period of time between the transmission of the electronic transaction code to the electronic device of third parties and the receipt of the electronic transaction code and digital identifier from the user's device; and in response to the determination that the time period is longer than a pre-selected threshold time period, transmitting through the network communication port an indication of unsuccessful confirmation of user authenticity to the third party electronic device. Petition 870190062903, of 07/05/2019, p. 109/120 6/10 [11] 11. METHOD, according to claim 8, characterized by the fact that the operations also include: transmit, via the network communication port, a dimmed version of the digital identifier to the third party electronic device, the dimmed version of the digital identifier being usable by the third party electronic device to authenticate the user based on the digital identifier stored on the user's device and not being usable to confirm the authenticity of the user with the electronic transaction code. [12] 12. METHOD, according to claim 8, characterized by the fact that the operations also include: receive, from the user's device, a command to share personally identifiable information about the user with the third party's electronic device and one or more types of personally identifiable information to share with the third party's electronic device; and transmit, through the network communication port, the personally identifiable information about the user, as selected from the user's device to the third party electronic device. [13] 13. METHOD, according to claim 8, characterized by the fact that the operations also include: receive requests from third party electronic devices that are separate from each other, requests indicating that the user is requesting to be authenticated for transactions with third party electronic devices; transmitting a plurality of electronic transaction codes to third party electronic devices, the plurality of electronic transaction codes including unique codes, such that each unique code corresponds to a transaction; Petition 870190062903, of 07/05/2019, p. 110/120 7/10 receive the plurality of electronic transaction codes and the digital identifier of the user's device; and in response to confirmation of the plurality of electronic transaction codes and the digital identifier, transmit confirmations of user authenticity to third party electronic devices. [14] 14. LEGIBLE MEDIA BY NON-TRANSITIONAL COMPUTER, characterized by the fact that it incorporates the program code to authenticate a user on a third party electronic device, the program code comprising instructions that, when executed by a processor, cause the processor to perform operations including: receive, via a network communication port, a request from a third party electronic device that a user is requesting to be authenticated for a transaction with the third party electronic device; in response to the request, transmit an electronic transaction code through the network communication port to the third party electronic device; receive the electronic transaction code and a digital identifier from a user's device associated with the user, the digital identifier being storable in encrypted form on the user's device and usable to authenticate the user for transactions with third-party electronic devices that are communicatively separated from one another. other; confirm the electronic transaction code and digital identifier; and in response to the confirmation of the electronic transaction code and digital identifier, transmit through the network communication port a confirmation of the user's authenticity to the third party electronic device. Petition 870190062903, of 07/05/2019, p. 111/120 8/10 [15] 15. LEGIBLE MEANS BY NON-TRANSITIONAL COMPUTER, according to claim 14, characterized by the fact that the operations also include: transmit, through the network communication port, the digital identifier to the user's device associated with the user, with the digital identifier being attached or electronically connected to the user's device; in response to receiving the electronic transaction code and digital identifier, transmit a demand to the user's device for the user to provide confirmatory input to the user's device; and transmit, through the network communication port, the confirmation of the authenticity of the user to the electronic device of third parties only after receiving the confirmatory entry. [16] 16. LEGIBLE MEDIA BY NON-TRANSITIONAL COMPUTER, according to claim 14, characterized by the fact that the electronic transaction code is a rapid response code (QR) that can be scanned by the user's device. [17] 17. LEGIBLE MEANS BY NON-TRANSITIONAL COMPUTER, according to claim 14, characterized by the fact that the operations also include: monitor a period of time between the transmission of the electronic transaction code to the third party electronic device and the receipt of the electronic transaction code and the digital identifier of the user's device; and in response to the determination that the time period is longer than a pre-selected threshold time period, transmitting through the network communication port an indication of unsuccessful confirmation of user authenticity to the third party electronic device. [18] 18. LEGIBLE MEDIA BY NON-COMPUTER Petition 870190062903, of 07/05/2019, p. 112/120 9/10 TRANSITORY, according to claim 14, characterized by the fact that the operations also include: transmit, via the network communication port, a dimmed version of the digital identifier to the third party electronic device, the dimmed version of the digital identifier being usable by the third party electronic device to authenticate the user based on the digital identifier stored on the user's device and not being usable to confirm the authenticity of the user with the electronic transaction code. [19] 19. LEGIBLE MEANS BY NON-TRANSITIONAL COMPUTER, according to claim 14, characterized by the fact that the operations also include: receive, from the user's device, a command to share personally identifiable information about the user with the third party's electronic device and one or more types of personally identifiable information to share with the third party's electronic device; and transmit, through the network communication port, the personally identifiable information about the user, as selected from the user's device to the third party electronic device. [20] 20. LEGIBLE MEDIA BY NON-TRANSITIONAL COMPUTER, according to claim 14, characterized by the fact that the operations also include: receive requests from third party electronic devices that are separate from each other, requests indicating that the user is requesting to be authenticated for transactions with third party electronic devices; transmit a plurality of electronic transaction codes to third party electronic devices, the plurality of electronic transaction codes Petition 870190062903, of 07/05/2019, p. 113/120 10/10 electronic transaction including unique codes, such that each unique code corresponds to a transaction; receive the plurality of electronic transaction codes and the digital identifier of the user's device; and in response to confirmation of the plurality of electronic transaction codes and the digital identifier, transmit confirmations of user authenticity to third party electronic devices.
类似技术:
公开号 | 公开日 | 专利标题 BR112019013980A2|2020-04-28|telecommunications network server device, method of authenticating a user to a third party electronic device and non-transitory computer readable medium US10637646B2|2020-04-28|Verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity US11178128B2|2021-11-16|Integrating sensitive data from a data provider into instances of third-party applications executed on user devices US20200036707A1|2020-01-30|System and method for biometric protocol standards EP3536002B1|2020-11-18|Decentralized biometric identity authentication US20200028699A1|2020-01-23|Digital certificate management US10715311B2|2020-07-14|System and method for blockchain-based user authentication based on a cryptographic challenge US8452954B2|2013-05-28|Methods and systems to bind a device to a computer system US20180343246A1|2018-11-29|Authentication system and method US9888037B1|2018-02-06|Cipher suite negotiation US20180026797A1|2018-01-25|Binding digitally signed requests to sessions US9906518B2|2018-02-27|Managing exchanges of sensitive data CN109150547A|2019-01-04|A kind of system and method for the digital asset real name registration based on block chain JP2019536157A|2019-12-12|System and method for transparent multi-factor authentication and security approach posture check KR101941227B1|2019-01-22|A FIDO authentication device capable of identity confirmation or non-repudiation and the method thereof WO2021219086A1|2021-11-04|Data transmission method and system based on blockchain US20190182242A1|2019-06-13|Authentication in integrated system environment US10764294B1|2020-09-01|Data exfiltration control CN110869928A|2020-03-06|Authentication system and method US20200252389A1|2020-08-06|Secure sign-on using personal authentication tag Angelogianni et al.2021|How many FIDO protocols are needed? Surveying the design, security and market perspectives US11177958B2|2021-11-16|Protection of authentication tokens Kim et al.2021|PUF-based IoT Device Authentication Scheme on IoT Open Platform AU2020316421A1|2022-02-24|System and method for biometric protocol standards WO2021016311A1|2021-01-28|System and method for biometric protocol standards
同族专利:
公开号 | 公开日 AU2018206414A1|2019-07-25| EP3566417A1|2019-11-13| CA3048636A1|2018-07-12| WO2018129373A1|2018-07-12| US20220070169A1|2022-03-03| US20200092287A1|2020-03-19| EP3566417A4|2020-01-22| US11223621B2|2022-01-11|
引用文献:
公开号 | 申请日 | 公开日 | 申请人 | 专利标题 US8612757B2|2003-12-30|2013-12-17|Entrust, Inc.|Method and apparatus for securely providing identification information using translucent identification member| US9065643B2|2006-04-05|2015-06-23|Visa U.S.A. Inc.|System and method for account identifier obfuscation| US8931058B2|2010-07-01|2015-01-06|Experian Information Solutions, Inc.|Systems and methods for permission arbitrated transaction services| US9846863B2|2011-11-18|2017-12-19|Ncr Corporation|Techniques for automating a retail transaction| US8935777B2|2012-02-17|2015-01-13|Ebay Inc.|Login using QR code| CA2866500C|2012-04-01|2016-08-30|Authentify, Inc.|Secure authentication in a multi-party system| US9471919B2|2012-04-10|2016-10-18|Hoyos Labs Ip Ltd.|Systems and methods for biometric authentication of transactions| GB2558789B|2014-05-09|2019-01-09|Smartglyph Ltd|Method of authentication| US9529985B2|2014-05-15|2016-12-27|Verizon Patent And Licensing Inc.|Global authentication service using a global user identifier| AU2018206414A1|2017-01-06|2019-07-25|Equifax, Inc.|Confirming authenticity of a user to a third-party system|US9412123B2|2003-07-01|2016-08-09|The 41St Parameter, Inc.|Keystroke analysis| US10999298B2|2004-03-02|2021-05-04|The 41St Parameter, Inc.|Method and system for identifying users and detecting fraud by use of the internet| US8151327B2|2006-03-31|2012-04-03|The 41St Parameter, Inc.|Systems and methods for detection of session tampering and fraud prevention| US8312033B1|2008-06-26|2012-11-13|Experian Marketing Solutions, Inc.|Systems and methods for providing an integrated identifier| US9607336B1|2011-06-16|2017-03-28|Consumerinfo.Com, Inc.|Providing credit inquiry alerts| US9633201B1|2012-03-01|2017-04-25|The 41St Parameter, Inc.|Methods and systems for fraud containment| US9521551B2|2012-03-22|2016-12-13|The 41St Parameter, Inc.|Methods and systems for persistent cross-application mobile device identification| WO2014078569A1|2012-11-14|2014-05-22|The 41St Parameter, Inc.|Systems and methods of global identification| US10664936B2|2013-03-15|2020-05-26|Csidentity Corporation|Authentication systems and methods for on-demand products| US9721147B1|2013-05-23|2017-08-01|Consumerinfo.Com, Inc.|Digital identity| US10902327B1|2013-08-30|2021-01-26|The 41St Parameter, Inc.|System and method for device identification and uniqueness| US10373240B1|2014-04-25|2019-08-06|Csidentity Corporation|Systems, methods and computer-program products for eligibility verification| US10091312B1|2014-10-14|2018-10-02|The 41St Parameter, Inc.|Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups| AU2018206414A1|2017-01-06|2019-07-25|Equifax, Inc.|Confirming authenticity of a user to a third-party system| US10105601B1|2017-10-27|2018-10-23|Nicholas T. Hariton|Systems and methods for rendering a virtual content object in an augmented reality environment| US20190164154A1|2017-11-27|2019-05-30|Fortune Cookie Consulting, Ltd.|System and method for facilitating secure transactions| US10636188B2|2018-02-09|2020-04-28|Nicholas T. Hariton|Systems and methods for utilizing a living entity as a marker for augmented reality content| US10911234B2|2018-06-22|2021-02-02|Experian Information Solutions, Inc.|System and method for a token gateway environment| US10586396B1|2019-04-30|2020-03-10|Nicholas T. Hariton|Systems, methods, and storage media for conveying virtual content in an augmented reality environment|
法律状态:
2021-04-20| B11A| Dismissal acc. art.33 of ipl - examination not requested within 36 months of filing| 2021-06-29| B04C| Request for examination: application reinstated [chapter 4.3 patent gazette]| 2021-10-19| B350| Update of information on the portal [chapter 15.35 patent gazette]| 2021-10-26| B08F| Application dismissed because of non-payment of annual fees [chapter 8.6 patent gazette]|Free format text: REFERENTE A 4A ANUIDADE. | 2021-12-07| B08G| Application fees: restoration [chapter 8.7 patent gazette]|
优先权:
[返回顶部]
申请号 | 申请日 | 专利标题 US201762443236P| true| 2017-01-06|2017-01-06| PCT/US2018/012658|WO2018129373A1|2017-01-06|2018-01-05|Confirming authenticity of a user to a third-party system| 相关专利
Sulfonates, polymers, resist compositions and patterning process
Washing machine
Washing machine
Device for fixture finishing and tension adjusting of membrane
Structure for Equipping Band in a Plane Cathode Ray Tube
Process for preparation of 7 alpha-carboxyl 9, 11-epoxy steroids and intermediates useful therein an
|
