NZ795743A - Confirming authenticity of a user to a third-party system - Google Patents
Confirming authenticity of a user to a third-party systemInfo
- Publication number
- NZ795743A NZ795743A NZ795743A NZ79574318A NZ795743A NZ 795743 A NZ795743 A NZ 795743A NZ 795743 A NZ795743 A NZ 795743A NZ 79574318 A NZ79574318 A NZ 79574318A NZ 795743 A NZ795743 A NZ 795743A
- Authority
- NZ
- New Zealand
- Prior art keywords
- user
- party
- network server
- code
- user device
- Prior art date
Links
Abstract
consumer associated with a user device, such as a personal computer or mobile device, may use the device to interact with another party, such as an online service. For example, a consumer can use his or her user device to begin a transaction to open an account within an online service. To verify the identity of the consumer, the online service may request authenticating information, such as personally identifiable information. But, the consumer may enter the information incorrectly on the user device, or may not have access to all of the requested information at the user device (e.g., if the user is using a mobile device away from home). Consequently, the user may become frustrated with the authentication process, and disengage from the transaction. Additionally or alternatively, an online service may receive a fraudulent transaction request from an impersonator who relies on the relative anonymity provided by the Internet to engage in fraudulent online transactions. For example, the impersonator may enter the user’s personal information from a different device that is not associated with the user. But, the online service may not be able to determine that the impersonator’s device is not associated with the user. In accordance with the current disclosure, a telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user. he identity of the consumer, the online service may request authenticating information, such as personally identifiable information. But, the consumer may enter the information incorrectly on the user device, or may not have access to all of the requested information at the user device (e.g., if the user is using a mobile device away from home). Consequently, the user may become frustrated with the authentication process, and disengage from the transaction. Additionally or alternatively, an online service may receive a fraudulent transaction request from an impersonator who relies on the relative anonymity provided by the Internet to engage in fraudulent online transactions. For example, the impersonator may enter the user’s personal information from a different device that is not associated with the user. But, the online service may not be able to determine that the impersonator’s device is not associated with the user. In accordance with the current disclosure, a telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user.
Description
A consumer ated with a user , such as a personal computer or mobile device, may use
the device to interact with another party, such as an online service. For example, a er can
use his or her user device to begin a transaction to open an account within an online service. To
verify the identity of the consumer, the online service may request ticating information,
such as personally identifiable information. But, the consumer may enter the information
incorrectly on the user device, or may not have access to all of the requested information at
the user device (e.g., if the user is using a mobile device away from home). Consequently,
the user may become frustrated with the authentication process, and disengage from the
transaction. Additionally or alternatively, an online service may receive a fraudulent transaction
request from an impersonator who relies on the ve anonymity provided by the Internet to
engage in fraudulent online transactions. For example, the impersonator may enter the user’s
personal information from a ent device that is not associated with the user. But, the online
service may not be able to determine that the impersonator’s device is not ated with the
user. In accordance with the current disclosure, a telecommunications network server system
provides a digital identifier to a user device. The digital identifier may include identification
data corresponding to a user of the user device. In addition, the telecommunications network
server system receives, from one or more third-party systems, requests to ticate the user
for an electronic transaction with the respective third-party system. The telecommunications
network server system provides a unique electronic transaction code to each third-party system.
Responsive to receiving from the user device one of the unique onic transaction codes,
the telecommunications network server system provides, to the respective third-party system,
authentication of the user.
795743 A1
CONFIRMING AUTHENTICITY OF A USER TO A THIRD-PARTY SYSTEM
Related Applications
The present application is a divisional of New Zealand patent ation 755192,
and claims priority to U.S. ional application serial no. 62/443,236 for “Confirming
Authenticity of a User to a Third-Party System,” filed y 6, 2017, which is incorporated by
nce herein in its entirety.
Technical Field
This disclosure relates generally to the field of secure authentication, and more
specifically relates to authentication of requests for online interactions.
Background
A consumer associated with a user device, such as a personal computer or mobile
device, may use the device to ct with another party, such as an online service. For e,
a consumer can use his or her user device to begin a ction to open an account within an
online service. To verify the identity of the consumer, the online service may request
authenticating information, such as personally identifiable information. But, the consumer may
enter the information incorrectly on the user device, or may not have access to all of the requested
information at the user device (e.g., if the user is using a mobile device away from home).
Consequently, the user may become frustrated with the authentication process, and disengage from
the transaction.
Additionally or alternatively, an online service may receive a fraudulent transaction
request from an impersonator who relies on the relative anonymity provided by the Internet to
engage in fraudulent online transactions. For example, the impersonator may enter the user’s
personal information from a different device that is not associated with the user. But, the online
e may not be able to determine that the impersonator’s device is not associated with the user.
According to certain implementations, a telecommunications network server device
authenticates a user to a third-party computing system. For e, the telecommunications
network server provides a digital identifier to a user device associated with the user. Additionally
or alternatively, the telecommunications network server es an authentication request from
the third-party ing system. The authentication request may be for an electronic transaction
between the third-party computing system and the user device. In response to ing the
authentication request, the telecommunications network server may transmit to the third-party
computing system an electronic transaction code. In some cases, the third-party ing system
provides the electronic transaction code to the user device. In some implementations, the
telecommunications network server es the electronic ction code and the digital
identifier from the user device. In addition, the telecommunications network server may confirm
the electronic transaction code and the digital identifier, such as by confirming that the digital
identifier is associated with the user device, or by confirming that the onic transaction code
was provided to the third-party system. In response to confirming the electronic transaction code
and the digital identifier, the telecommunications network server may transmit to the third-party
system a confirmation of authenticity of the user device and associated user.
These illustrative aspects are mentioned not to limit or define the disclosure, but to
provide examples to aid understanding thereof. Additional aspects are discussed in the Detailed
Description, and r description is provided there.
Description of the Drawings
Features, s, and advantages of the present disclosure are better understood
when the ing Detailed Description is read with reference to the accompanying drawings,
where:
is a block diagram depicting an example of a computing system for
ming the authenticity of a user seeking to use a user device for conducting electronic
transactions, according to certain aspects;
is a flow chart depicting an example of a method for confirming the
authenticity of a user seeking to conduct electronic transactions with third parties, according to
n aspects;
is a flow chart depicting an example of a data flow in which an electronic
ction code is provided from a mmunications network server to a third-party system,
according to certain aspects;
is a diagram depicting an example of a data flow in which a
telecommunications network server either provides or denies a confirmation of a user’s
authenticity, according to certain aspects; and
is a block diagram depicting an example of a telecommunications network
server to perform authentication ions, according to certain aspects.
Detailed Description
Certain aspects and features of the present disclosure relate to a system that can
confirm the authenticity of a user seeking to conduct electronic transactions with third parties. The
system can authenticate the user to third parties while providing control for authentication to the
user. After registering a user, a digital identifier can be provided to, and stored on, a user device
associated with the user. The system can e a request from a third party that the user is seeking
to conduct an onic transaction with the third party and that the user needs to be authenticated
before the electronic transaction can be conducted. The system can e a transaction code
electronically to the third party and the third party can provide the transaction code to the user.
The system can receive, from the user device, both the digital identifier and the transaction code.
After confirming both, the system can provide confirmation of ticity of the user to the third
party. Techniques to authenticate a user associated with a user device that is ting a
transaction may reduce fraudulent transactions that are requested using stolen or false personal
information. In addition, t echniques to provide identifying information to the third party may
reduce entry errors by users, and may improve the completion rate of the ted transactions.
The user can transact with multiple third parties seamlessly and more securely without requiring
the user to remember or have authentication credentials for each of the multiple parties tely.
Furthermore, the user can be authenticated without necessarily ing personal identification
information to the third parties and can optionally control how much personal fication
information is provided by the system to the third party. Techniques can ticate a user
requesting a transaction with a third party, and allow the third party to receive personal information
about the authenticated user.
A system according to some aspects can act as a proxy agent that is vouching for
the user to the third party. During the registration process, the user can be sufficiently authenticated
(e.g., by using multiple levels of authentication or by using an authentication process that is of
high confidence). After successful registration, the user can have the power to choose from which
third party to allow themselves to be authenticated and, in some examples, whether to allow the
system to provide personal identification information about the user to the third party. For
example, the user can instruct the system as to the type and amount of personal identification
information or “PII” to share with the third party, potentially making completion of forms and
other issues with the transaction more ent. Examples of PII include name, address, sex, age,
social security number, place of birth, mother’s maiden name, etc.
In some examples, the user can experience an easier authentication process while
also reducing the number of false ves or lent transactions that may be otherwise
possible. The need for the user to supply or input the user’s PII to the third party to complete the
authentication process with the third party can be eliminated. The user can enjoy convenience,
increased security through factors of authentication introduced before fulfillment, risk-based
scoring, reduced opportunity for e and data input racy, and a reduction in abandonment
related to input fatigue. For example, if each third party conducts its own authentication process,
the user often is asked to input, repeatedly, his or her PII and is authenticated at each third party
using that PII. The user may tire or input inaccurately his or her PII and refuse to d with the
transaction (such as opening an account or accessing protected information from the third party).
Using some examples of a system according to the present disclosure can help a user avoid such
repetitive and error-prone tication ses.
The digital fier may be tethered or bounded to the user device such that the
user is ed to use that user device to communicate with the system. For example, the digital
identifier may be associated within the system with the user device’s media access control
(“MAC”) address or some other device identifier and is prevented from being transferred from the
user device to another user device. The digital identifier, however, can be “federated” in the sense
that it can be used by the user to authenticate the user with respect to multiple third parties t
requiring the user to provide PII to any of the third parties.
The transaction code may be any suitable information that indicates a requested
transaction. In some aspects, the transaction code may be a Quick Response (“QR”) code that can
be yed by the third party and scanned by the user device, saving even more time and effort
for the user. Additionally or alternatively, the transaction code may be another type of digital
identifier that is provided to the user device via any suitable process. The system can track the
amount of time after it provides the ction code to the third party for access by the user before
the user provides the code and the digital identifier to the system, and refuse to confirm authenticity
of the user after a certain amount of time to prevent fraud.
The system can include a telecommunications network server that can
communicate through a network port to a telecommunications network that can include the
Internet, cellular network, WiFi networks, near-field communication networks, other networks, or
any ation of these. The telecommunications network server can execute an tication
engine to manage communications with the user device and party electronic devices that are
te from the server and from each other, access a database in which is stored user PII and
other information about the user, and otherwise manage the process of confirming the authenticity
of the user to the third s. Optionally, the telecommunications network server may generate
and provide the digital identifier to the user device. In other examples, a separate system generates
the digital identifier and es it to the user device.
These illustrative examples are given to uce the reader to the general subject
matter discussed here and are not intended to limit the scope of the disclosed ts. The
ing sections describe various additional features and examples with reference to the
drawings in which like numerals indicate like elements, but should not be used to limit the present
disclosure.
Example of an Operating Environment
Referring now to the drawings, depicts an example of a computing system
100 that is usable for confirming the authenticity of a user seeking to use a user device 102 for
conducting electronic transactions with third-party systems 104 that are operated by or otherwise
associated with third parties. depicts examples of hardware ents of a computing
system 100 according to some aspects. The computing system 100 is a lized computing
system that may be used for performing large amounts of authentication operations using a large
number of computer processing .
The numbers of devices depicted in are provided for illustrative purposes.
Different numbers of s may be used. For example, while certain devices or systems (e.g., a
telecommunications network server 108, a network-attached storage 112, etc.) are shown as single
devices in multiple devices may instead be used to implement these s or systems
(e.g., a cloud or grid-based telecommunications network server system, a group of networkattached
storage devices, etc.).
The computing system 100 can include one or more user s 102. The user
devices 102 may include client devices that can communicate with the telecommunications
network server 108. For example, the user devices 102 may send data to the telecommunications
network server 108 to be processed, may send signals to the telecommunications network server
108 to control different aspects of the computing nment or the data it is processing. The user
devices 102 may interact with the telecommunications network server 108 via one or more data
networks 106.
The computing system 100 can include one or more third-party systems 104. Each
the third-party system 104 may include one or more third-party electronic devices (e.g., computing
devices or groups of computing devices), such as individual servers or groups of servers operating
a buted manner. A third-party system 104 can communicate with the telecommunications
network server 108. For example, third-party s 104 may send data to the
mmunications network server 108 to be sed, may send signals to the
telecommunications network server 108 to control different aspects of the computing environment
or the data it is processing. The third-party systems 104 may interact with the telecommunications
k server 108 via one or more data networks 106. The third-party systems 104 may also
interact with the user devices 102 via one or more data ks 106 to facilitate electronic
transactions between users of the user devices 102 and third-parties that use, operate, or are
otherwise associated with the third-party systems 104.
Each communication within the computing system 100 (e.g., between user devices
102 and the telecommunications network server 108, between party systems 104 and the
telecommunications network server 108, etc.) may occur over one or more data networks 106. A
data network 106 may include one or more of a variety of different types of networks, including a
wireless k, a wired network, or a combination of a wired and wireless k. Examples
of suitable networks include the Internet, a personal area network, a local area network (“LAN”),
a wide area network (“WAN”), or a ss local area network (“WLAN”). A wireless network
may include a wireless interface or combination of wireless interfaces. A wired network may
include a wired interface. The wired or wireless networks may be implemented using routers,
access points, bridges, gateways, or the like, to connect devices in the data network 106.
A data network 106 may include network computers, s, databases, or other
devices that may transmit or otherwise provide data to telecommunications network server 108.
For example, a data network 106 may include local area k devices, such as routers, hubs,
switches, or other computer networking s. The data networks 106 can be incorporated
ly within (or can include) an intranet, an extranet, or a combination thereof. In one example,
communications between two or more systems or devices can be achieved by a secure
communications protocol, such as secure sockets layer (“SSL”) or transport layer security
(“TLS”). In addition, data or transactional details may be ted.
The computing system 100 can also include a telecommunications network server
108. The telecommunications network server 108 may be a specialized computer or other machine
that ses the data received within the computing system 100. The mmunications
network server 108 can include one or more processing devices that execute program code, such
as an authentication engine 110. The program code is stored on a non-transitory er-readable
medium.
The authentication engine 110 can execute a set of operations for authenticating a
user of a user device 102. The authentication engine 110 can configure the telecommunications
network server 108 to communicate data with one or more third-party systems 104 regarding the
authentication of the user, as described in further detail herein.
The telecommunications k server 108 may include one or more other
systems. For example, the telecommunications network server 108 may e a database system
for accessing the network-attached storage 112, a communications grid, or both. A
communications grid may be a grid-based computing system for processing large amounts of data.
The computing system 100 may also include one or more k-attached storage
112. The network-attached storage 112 may store a variety of different types of data organized in
a y of different ways and from a variety of different sources. For example, the networkattached
storage 112 may include storage other than primary storage located within
telecommunications network server 108 that is directly accessible by processors located therein.
In some aspects, the network-attached storage 112 may include secondary, tertiary, or auxiliary
storage, such as large hard drives, servers, virtual memory, among other types. Storage devices
may include le or non-portable storage devices, optical storage devices, and various other
mediums capable of storing and containing data. A machine-readable storage medium or
computer-readable storage medium may include a ansitory medium in which data can be
stored and that does not include carrier waves or transitory electronic signals. Examples of a nontransitory
medium may include, for example, a magnetic disk or tape, optical storage media such
as t disk or digital versatile disk, flash memory, memory or memory devices.
The network-attached storage 112 can include memory devices for storing l
fiers 114, electronic transaction codes 116, and obfuscated digital identifiers 118. One or
more of the digital identifiers 114, onic transaction codes 116, and ated digital
identifiers 118 can be received by a telecommunications network server 108 via a data network
106, generated by the telecommunications k server 108 based on ications with user
devices 102, generated by the telecommunications network server 108 based on communications
with third-party systems 104, or some combination f.
The digital identifiers 114 can include identification data (e.g., numerical data,
alphanumeric data, or some other suitable set of data) that corresponds to a particular user of a user
device 102. The telecommunications network server 108 can generate or otherwise obtain a digital
identifier 114 for a particular user and transmit the digital identifier 114 to a user device 102 for
storage on the user device 102. In authentication operations, the authentication engine 110 can
match copies of digital identifiers 114, which are ed via one or more data networks 106, to
stored digital identifiers 114 and thereby verify the identities of certain users of user devices 102.
For e, in an online session n a third-party system 104 and a user
device 102 having a copy of a digital identifier 114, the user device 102 can provide the l
fier 114 and an electronic transaction code 116 to the telecommunications network server
108. The authentication engine 110 executed by the telecommunications network server 108 can
use the digital identifier 114 and the electronic transaction code 116 to authenticate a user of the
user device 102. The authentication engine 110 can cause the telecommunications network server
108 to send a confirmation of this authentication to the third-party system 104.
The electronic transaction codes 116 can include identification data (e.g., numerical
data, alphanumeric data, or some other suitable set of data) that corresponds to transactions
between user devices 102 and third-party systems 104. Each electronic transaction code 116 can
uniquely identify or ise correspond to a particular transaction between a user of a user
device 102 and a third party associated with a third-party system 104.
The obfuscated l identifiers 118 can include transformed versions of the
digital identifiers 114 that are usable by third-party systems 104 for authenticating users. The
authentication engine 110 (or other program code executed by the mmunications network
server 108) can generate a transformed version of a digital identifier 114 by copying the digital
identifier 114 and altering data in the copy of the digital fier 114 to create an obfuscated
digital identifier 118. In some aspects, a particular obfuscated digital identifier 118 is specific to a
given third-party system 104 ated with a particular third party. For example, the
telecommunications network server 108 may use the same digital identifier 114 to generate two
different obfuscated digital identifiers 118 for different third parties that may enter into
transactions with the user corresponding to the digital fier 114.
The features discussed herein are not limited to any ular hardware architecture
or uration. A computing device can include any le arrangement of components that
provide a result conditioned on one or more inputs. Suitable computing devices include
multipurpose, microprocessor-based computing systems accessing stored software that programs
or configures the computing system from a general-purpose computing apparatus to a specialized
computing apparatus implementing one or more s of the present subject matter. Any suitable
programming, scripting, or other type of language or combinations of languages may be used to
implement the teachings contained herein in software to be used in mming or configuring a
computing device.
Examples of Authentication Operations
The following examples of authentication operations are provided for illustrative
purposes. These illustrative examples involve, for example, secure authentications of users who
are entering into transactions with third parties (e.g., consumers who are opening new accounts
with commercial entities). In some aspects, the authentication operations described in this
disclosure can provide a fied authentication process for the user. For instance, the
authentication ions described in this disclosure can reduce the need for a user to provide PII
or other sensitive data to enter into a transaction with a third party. The tication engine 110
can authenticate a user through a trusted device (e.g., a user device 102) and provide PII for the
authenticated user to a third party (e.g., a commercial ) as part of a transaction between the
user and the third party.
is a flow chart depicting an example of a method 200 for ming the
authenticity of a user seeking to conduct electronic transactions with third parties. For illustrative
purposes, the method 200 is described with nce to the implementation depicted in and
s other examples described herein. But other implementations are possible.
The method 200 can e ing, from a third-party electronic device, a
request indicating that a user is requesting to be authenticated for a transaction with the third-party
electronic device, as depicted in block 202. The authentication engine 110 can be executed by one
or more suitable processing devices to ent block 202. The telecommunications network
server 108 can execute the authentication engine 110 to receive the request via a network
ications port or other suitable network interface device.
For example, an online session can be established between a user device 102 and
one or more third-party systems 104 via the Internet or another data network 106. The session can
allow a user device 102 to communicate with the third-party system 104 and thereby conduct one
or more electronic transactions involving the user device 102 and an online service that is hosted
by (or otherwise associated with) the third-party system 104. If the user must be authenticated for
one or more transactions with the third-party system 104, the user device 102 can indicate to a
third-party system 104 that a user of the user device 102 has a digital identifier 114 that is
maintained by the telecommunications network server 108. The third-party system 104 can
transmit, based on this indication, a request to the telecommunications network server 108 to
perform one or more ions for authenticating the user.
The method 200 can also include transmitting an electronic transaction code to the
third-party electronic device, as depicted in block 204. The authentication engine 110 can be
ed by one or more suitable processing s of the telecommunications network server
108 to implement block 204. For example, the authentication engine 110 can generate or otherwise
obtain an electronic transaction code 116 in response to receiving the request at block 202. The
authentication engine 110 can associate the electronic transaction code 116 with the request such
that the electronic transaction code 116 is specific to a particular third party. The authentication
engine 110 can configure the telecommunications network server 108 to transmit the electronic
transaction code 116 to the third-party electronic device.
The method 200 can also e receiving the electronic transaction code and a
digital identifier from a user device, as depicted in block 206. The authentication engine 110 can
be executed by one or more le processing devices of the mmunications network server
108 to implement block 206.
The method 200 can also include attempting to m the electronic transaction
code and the digital identifier, as depicted in block 208. The authentication engine 110 can be
executed by one or more suitable processing devices of the telecommunications network server
108 to implement block 208. For example, the authentication engine 110 can confirm a copy of an
electronic transaction code 116 that has been ed from a user device 102 and a copy of a
digital fier 114 that has been received from the user device 102.
Confirming the electronic transaction code can include verifying that the
transaction code has not expired. In some aspects, an electronic transaction code 116 can expire if
it is received from a user device 102 at block 206 after a threshold amount of time passes since the
electronic ction code 116 has been transmitted to a third-party system 104 device at block
ming the digital identifier can include verifying the authenticity of a user
associated with the digital identifier. In some aspects, the telecommunications network server 108
can transmit a digital identifier 114 to a user device 102 prior to the method 200 being performed.
The digital identifier 114 can be transmitted to the user device 102 based on the
telecommunications network server 108 authenticating a user of the user device 102 (e.g., using
PII or other data about the user that may be stored in the k-attached storage 112 or another
non-transitory computer-readable medium). The digital identifier can be electronically tethered or
bound to the user device 102.
At block 208, the mmunications network server 108 can respond to receiving
the electronic transaction code and the digital identifier by transmitting a demand to the user device
102 for the user to provide confirmatory input to the user device. The confirmatory input can
include, for example, a personal identification number, a password, an answer to a challenge
question provided by the authentication engine 110, scanned print or other biometric, etc.
Confirming the digital fier can include the authentication engine 110 receiving this
confirmatory input and matching the matory input to data about the user (e.g., a credential
or other authentication information, biometric information, etc.) that is stored in the networkattached
storage 112 or another non-transitory er-readable medium accessible to the
telecommunications network server 108. If the telecommunications k server 108 does not
receive the confirmatory input from the user device, the telecommunications network server 108
can refuse to e confirmation that the user has been authenticated.
If the onic transaction code and the digital identifier are confirmed, the
method 200 can include transmitting a confirmation of authenticity of the user to the third-party
electronic device, as depicted in block 210. The authentication engine 110 can be executed by one
or more suitable processing devices of the telecommunications network server 108 to implement
block 210. In one example, the telecommunications network server 108 can it a
confirmation of authenticity subsequent to ing that the electronic transaction code has not
expired and receiving confirmatory input from the user .
In some aspects, the telecommunications network server 108 can transmit
additional data about the user to the party electronic device subsequent to transmitting the
confirmation of authenticity of the user. For example, the telecommunications network server 108
may e, from a user device 102, a command to share PII about the user with the third-party
system 104. The command may include or be accompanied by a specification of one or more types
of PII to be shared with the third-party system 104. The telecommunications network server 108
can respond to the command by transmitting, to the third-party system 104, the ied PII.
If the electronic transaction code and the digital identifier are not med, the
method 200 can include transmitting, to the third-party electronic device, a refusal to confirm
authenticity of the user, as depicted in block 212. The authentication engine 110 can be executed
by one or more suitable processing devices of the telecommunications network server 108 to
implement block 212.
Although describes the method 200 with respect to a single third party, the
telecommunications network server 108 can perform the method 200 with respect to a given user
and le third parties associated with te third-party systems 104. For example, the
telecommunications network server 108 can receive requests from multiple third-party s
104 that are separate from one another. The telecommunications network server 108 can respond
to the requests by performing one or more operations described above with respect to blocks 204-
208. The telecommunications network server 108 can transmit multiple electronic transaction
codes to the third-party electronic devices, where each onic transaction code is a unique code
that corresponds to one transaction. The telecommunications k server 108 can receive these
electronic transaction codes and the digital identifier from a user device 102. The
telecommunications network server 108 can m the electronic transaction codes and the
digital identifier and, if the electronic transaction codes and the digital identifier are confirmed,
transmit confirmations of authenticity of the user to the party systems 104.
depicts an example of a data flow between a third-party system 104 and a
telecommunications network server 108 in which an electronic transaction code 116 is provided
from the telecommunications network server 108 to the third-party system 104. In some aspects,
the data flow depicted in can be used to implement blocks 202 and 204 of the method 200.
For illustrative purposes, depicts an example in which the electronic transaction code 116
is a QR code and the transaction associated with the electronic transaction code 116 es a PII
request by the third-party system 104. But other implementations are possible. For example, the
electronic transaction code 116 may be an identifier that is provided to the user device via another
technique.
In this example, the telecommunications network server 108 can receive, via a data
network and from a party system 104, a communication 302 that includes a PII request and
a transaction identifier. The user device 102 can transmit the communication 302 via any suitable
client application, such as a web browser application that can access the telecommunications
network server 108 via the Internet or other data network 106. The transaction fier can
identify a transaction involving the user device 102 and a third-party system 104. For example, the
ction identifier may be a session key that identifies a communication session in which a user
accesses a third party’s service via the Internet (e.g., by accessing an online financial service and
initiating a claim or other financial transaction).
In some aspects, the communication 302 received from the user device 102 can also
include additional data. One e of this additional data is a channel signature. The channel
signature can include information about a browser ation being used by the user device 102
to access the third party’s online service, a geographical on of the user device, etc. Another
e of this additional information is an identifier for the third party. The telecommunications
network server 108 can d to ing the ication 302 by performing operations
304, 306, and 308 and transmitting a responsive communication 310 to the third-party system 104.
In operation 304, the telecommunications network server 108 can persist service
inputs based on the transaction identifier included in the communication 302. For e, the
telecommunications network server 108 can generate a record in a suitable data structure (e.g., a
database stored in the network-attached storage 112). The telecommunications network server 108
can store the PII request, along with any other additional data (e.g., the channel signature) included
with the request, in the generated record. The record can include the transaction identifier as a
unique identifier for these stored service inputs.
In operation 306, the telecommunications network server 108 can generate a QR
code (or other electronic transaction code). The telecommunications network server 108 can also
generate a QR image that is scannable by a scanning device that is included in or communicatively
coupled to the user device 102. The QR image can encode the QR code.
In operation 308, the telecommunications network server 108 can ate the PII
request with one or more of the ted QR code and the generated QR image. In one example,
the telecommunications network server 108 can store one or more of the generated QR code and
the generated QR image in the record generated at operation 304. In another example, the
telecommunications network server 108 can generate a record in a suitable data ure (e.g., a
database stored in the network-attached storage 112) and store one or more of the generated QR
code and the ted QR image in the record.
The telecommunications network server 108 can transmit a responsive
communication 310 to the third-party system 104. The responsive communication 310 can include
one or more of the generated QR code and the generated QR image. The third-party system 104
can cause one or more the QR code and the QR image to be yed in (or otherwise accessible
via) the same communication channel through which a user device 102 has ed a third-party
system 104.
The QR code provided to the third-party system 104 can subsequently be used by
a user device 102 to request that the telecommunications network server 108 confirm the
authenticity of a user of the user device 102. For example, depicts an example of a data
flow involving a user device 102, a third-party system 104, and a mmunications network
server 108 in which the telecommunications network server 108 either provides a confirmation of
a user’s authenticity or denies the confirmation. In some aspects, the data flow depicted in
can be used to implement blocks 206-212 of method 200. For illustrative purposes, depicts
an example in which the electronic transaction code is a QR code and the transaction n the
user device 102 and the third-party system 104 involves transmission of PII to the third-party
system 104. But other entations are possible.
In this example, the telecommunications network server 108 can receive, via a data
network and from a user device 102, a communication 402 that includes a confirmation request.
The confirmation request can include a QR code (or other electronic transaction code) and a l
identifier for the user of the user device 102. For example, the user device 102 can be used to input
a QR code, which has been displayed using the third-party system 104 after the transmission of
communication 310, or to e a QR image, which has been displayed using the party
system 104 after the transmission of communication 310. If the QR image is captured, the QR
image can be decoded into the QR code. The inputted or decoded QR code can be provided to a
client ation executed on the user device 102. The client ation can generate the
communication 402 having the QR code and the digital identifier. In some aspects, the
communication 402 can also include signature data for the user device 102, such as data indicating
a geographic on of the user device 102.
In some aspects, the user device 102 transmits the communication 402 via a secure,
out-of-band communication channel to the telecommunications network server 108. The secure,
out-of-band communication channel used to communicate with the telecommunications network
server 108 is different from a communication l with which the user device 102
communicates with the third-party system 104.
Providing the digital fier in the communication 402 can allow implicit
identification of a user of the user device 102 by the telecommunications network server 108. In
some aspects, providing the digital identifier in the communication 402 can allow non-repudiation,
by the user, of a transaction that involves the user and the third party and that is facilitated using
the data flow depicted in
The telecommunications network server 108 can respond to receiving the
communication 402 by performing various operations that involve confirming the user’s identity
or being unable to adequately confirm the user’s identity.For example, in operation 404, the
telecommunications network server 108 can validate the QR code received in the communication
402 by matching the received QR code to a stored QR code (i.e., one of the electronic transaction
codes 116 stored in the network-attached storage 112).
In operation 404, the telecommunications network server 108 can also associate the
QR code with the received digital fier. For example, the mmunications network server
108 can retrieve, based on the received QR code, information about a particular third-party system
104 that is associated with a session key or other transaction identifier that is received in the data
flow ed in The retrieved data allows the telecommunications network server 108 to
identify a particular user, who is involved in a transaction with the third-party system 104, based
on an interaction with the user device 102 by the telecommunications network server 108 (e.g., the
communication 402).
The telecommunications k server 108 can generate or update a record
involving the communication 402, where the record identifies the confirmation request included
in the communication 402, the QR code included with the confirmation request, and the digital
identifier received with the confirmation request. In some aspects, the record can also identify
signature data (e.g. data indicating a phic location of the user device 102) that is received
in the communication 402.
In some aspects, the telecommunications network server 108 can also perform an
operation 406, which involves determining whether the ed QR code has d. For
instance, the authentication engine 110 can track the amount of time between providing the QR
code to a third-party electronic device (e.g., via communication 310 depicted in and
receiving the QR code and the digital identifier from a user device 102 (e.g., via the communication
402 depicted in . At operation 406, the authentication engine 110 can compare the tracked
amount of time to a old amount of time. The operation 406 can prevent fraud by increasing
the likelihood that a user who provides the QR code to the telecommunications network server 108
is actually the intended recipient of the QR code in the data flow of
If the tracked amount of time s the threshold amount of time, the
authentication engine 110 can configure the telecommunications network server 108 to transmit a
communication 408 to the third-party system 104. The communication 408 includes a e
ting that the telecommunications network server 108 has denied the request to confirm the
authenticity of the user of the user device 102. This refusal to confirm authenticity of the user can
include a “QR t message” or other suitable message ting that too much time has
passed since the QR code (or r suitable electronic transaction code) has been provided to
the third-party system 104.
If the tracked amount of time does not exceed the threshold amount of time, the
authentication engine 110 can configure the telecommunications network server 108 to perform
one or more additional operations for confirming the authenticity of the user. For example, the
authentication engine 110 can perform operations 410, 412, 414.
In ion 410, the authentication engine 110 can perform one or more
authentication operations with respect to the user. Examples of these tication operations
include (but are not limited to) requesting and confirming a personal identification number from
the user via the user device 102, requesting and confirming certain biometric data from the user
via the user device 102, etc. For instance, the user of the user device 102 is authenticated in
accordance with one or more policies used by the authentication engine 110, the third party
associated with the third-party system 104, or both. The authentication can be performed in an outof-band
manner, such that the telecommunications network server 108 communicates with the user
device 102 via a different communication channel than the ication channel used by the
user device 102 and the third-party system 104. The authentication operation allows the
authentication engine 110 to verify that the user device 102 is in the possession of a user associated
with the digital identity.
In operation 412, the authentication engine 110 can configure the
mmunications network server 108 to persist a status for the digital identifier (e.g., by storing
the status in the network-attached storage 112 or another suitable non-transitory computer-readable
In operation 414, the authentication engine 110 can perform a risk assessment for
the user. The risk ment operation can output a risk score for the user. The risk assessment
operation can include one or more inputs regarding the user, the transaction (e.g., the channel
signature), or some combination thereof.
Any le operation or set of operations can be used for the risk ment. In
one example, the telecommunications network server 108 can determine a PII velocity associated
with the digital identifier and output a risk score based on the PII velocity. PII velocity can include
a number of times, within a certain period, that identification information or parts of the
identification information (e.g., a name, a social security number, the last four digits of a social
security number, etc.) have been provided to or otherwise used by the telecommunications network
server 108 or an analytical system in communication with the telecommunications network server
108. For instance, the PII velocity for a particular identity may increase if a large number of credit
checks have been performed for that identity. In another example, the telecommunications network
server 108 can determine a transactional ty associated with the digital identifier and output
a risk score based on the transactional velocity. Transactional velocity can include the number of
transactions, within a certain , that transactions involving an identity have been provided to
or otherwise used by the telecommunications k server 108 or an analytical system in
ication with the telecommunications network server 108. For instance, the transaction
velocity for a particular identity may increase if a large number of accounts have been opened for
that identity within a certain time period. In another example, the telecommunications k
server 108 can determine if any known fraud indicators are associated with the digital identifier.
In ion 416, the tication engine 110 can determine whether the risk
score for the user exceeds a threshold risk score. If the risk score for the user exceeds a threshold
risk score, the authentication engine 110 can configure the telecommunications network server
108 to transmit a communication 418 to the third-party system 104.
The communication 418 includes a message indicating that the telecommunications
network server 108 has denied the request to confirm the authenticity of the user of the user device
102. This refusal to confirm authenticity of the user can include a transaction identifier and the
risk score. The transaction identifier and the risk score allow the third-party system 104 to
determine that an unacceptable level of risk is ed with continuing a transaction, which is
identified by the transaction identifier, with a particular user who is associated with the identified
transaction.
In some aspects, the telecommunications k server 108 can identify a status
of the user device 102. In one example, the telecommunications network server 108 can
communicate with user device 102 to verify that the user device 102 complies with certain security
baseline standards (e.g. device is not jail-broken or otherwise compromised). In another example,
the telecommunications network server 108 can icate with one or more other computing
devices (e.g., devices ated another online service accessed by the user device 102) to request
a status of the user device 102. The telecommunications network server 108 can fy the status
of the user device 102 based on a response received from the other computing device. If the user
device does not comply with the ty standards, the telecommunications network server 108
can transmit the denial of confirmation in communication 418.
If the risk score for the user does not exceeds a threshold risk score, the
authentication engine 110 can configure the telecommunications network server 108 to perform
ions 420 and 422 and to transmit a communication 424. In operation 420, the
telecommunications network server 108 can retrieve PII or other data involving the user that is
usable for ting a transaction between the user and the third party. The telecommunications
network server 108 can retrieve the PII or other data using the digital identifier received in
communication 402, e.g., by matching the l fier to a particular name, social security
number, or other identification information that may be stored in the network-attached storage 112
or another non-transitory computer-readable medium. For ce, if the third-party system 104
provides an online form to the user device 102 (e.g., via a web browser) soliciting entry of PII, the
solicited PII can be retrieved by the telecommunications network server 108.
In operation 422, the telecommunications network server 108 can generate or
ise obtain a party identifier for a third party associated with the third-party system 104
(e.g., an identifier for a commercial entity). An example of a third-party identifier is an obfuscated
digital identifier 118 that is generated specifically for a given third party. For instance, the
telecommunications network server 108 can generate the obfuscated digital identifier 118 or other
third-party identifier and associate it with both the third party the user of the user device 102. In
this manner, the third-party identifier can be used by one or more third-party systems 104
associated with a given third party to authenticate the user for subsequent transactions between the
user and the third party.
The communication 424 can include a confirmation of authentication for a user of
the user device 102. The communication 424 can also include additional data. One example of the
additional data is PII or other data involving the user that is usable for completing a transaction
between the user and the third party, which was retrieved in operation 420. Another example of
the onal data is the third-party identifier that is generated or otherwise ed in operation
422. Another example of the additional data is the score generated by the risk assessment
performed in operation 414.
In the example ed in an increased risk score indicates an increased
risk of entering into a transaction with an entity purporting to be the user associated with the digital
fier. But other implementations are possible. For example, a higher score generated by a risk
assessment can indicate a lower risk. In such an example, the authentication engine 110 can deny
confirmation of authenticity (e.g., via communication 418) if a score generated by a risk
assessment is below a threshold score, and can provide confirmation of authenticity (e.g., via
communication 424) if a score generated by a risk assessment is above a threshold score.
In some aspects, the third-party system 104 can request, via a communication 426,
that the user of the user device 102 enter limited confirmatory inputs as a risk-reduction measure
(e.g., last four digits of the social security , name, street , etc.). The third-party
system 104 can receive, via a communication 428, the limited confirmatory inputs from the user
device 102. The third-party system 104 can match the limited matory inputs to, for example,
portions of the PII (or other data) that was provided to the party system 104 via the
communication 424. The third-party system 104 can ate the third-party identifier received
from the telecommunications network server 108 with a digital profile of the user maintained by
the third party (e.g., a user account of an online service accessible via a third-party system 104).
The third-party system 104 can transmit a communication 430 to the
telecommunications network server 108 indicating that the third-party identifier has been accepted
by the third party and will be used for subsequent tication of the user. The
telecommunications k server 108 can respond to this notification by activating the thirdparty
identifier in operation 432. Operation 432 can include setting a status of the third-party
fier to “active.”
The activated third-party identifier can be used for subsequent authentications. For
example, if the user subsequently requests to be ticated using a “digital identifier” option
involving ication with the authentication engine 110, a third-party system 104 can send a
request to the telecommunications network server 108 asking that the user associated with the
third-party identifier be authenticated. The authentication engine 110 can perform one or more
operations (e.g., geolocation of the user device 102, biometrics, etc.) to authenticate the user
associated with the third-party identifier.
Example Computing Environment for Authentication Operations
Any suitable computing system or group of computing systems can be used to
perform the authentication ions described herein. For e, is a block diagram
depicting an example of a telecommunications network server 108. The example of the
telecommunications network server 108 can include various devices for communicating with other
devices in the computing system 100, as described with respect to The telecommunications
k server 108 can include various devices for performing one or more authentication
ions described above with respect to FIGS. 1-4.
The telecommunications network server 108 can include a processor 502 that is
communicatively coupled to a memory 504. The processor 502 es computer-executable
program code stored in the memory 504, accesses information stored in the memory 504, or both.
Program code may include machine-executable instructions that may ent a ure, a
function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class,
or any combination of ctions, data ures, or program statements. A code segment may
be coupled to another code segment or a hardware circuit by passing or receiving information,
data, arguments, parameters, or memory contents. Information, arguments, parameters, data, etc.
may be passed, forwarded, or transmitted via any suitable means including memory sharing,
message passing, token passing, network transmission, among others.
Examples of a processor 502 include a microprocessor, an application-specific
integrated circuit, a field-programmable gate array, or any other suitable processing device. The
processor 502 can include any number of processing devices, including one. The processor 502
can include or communicate with a memory 504. The memory 504 stores program code that, when
executed by the processor 502, causes the processor to perform the operations described in this
disclosure.
The memory 504 can include any suitable non-transitory er-readable
medium. The computer-readable medium can include any electronic, l, magnetic, or other
storage device capable of providing a processor with computer-readable program code or other
program code. Non-limiting examples of a computer-readable medium include a magnetic disk,
memory chip, optical storage, flash , e class memory, a CD-ROM, DVD, ROM,
RAM, an ASIC, magnetic tape or other magnetic storage, or any other medium from which a
computer processor can read and execute program code. The program code may e processorspecific
program code generated by a compiler or an interpreter from code written in any suitable
computer-programming language. es of suitable programming ge include C, C++,
C#, Visual Basic, Java, Python, Perl, JavaScript, ActionScript, etc.
The mmunications network server 108 may also include a number of external
or internal devices such as input or output devices. For e, the telecommunications network
server 108 is shown with an output interface 508 that can receive input from input devices
or provide output to output devices. A bus 506 can also be included in the telecommunications
network server 108. The bus 506 can communicatively couple one or more components of the
telecommunications network server 108.
The mmunications network server 108 can execute program code that
es the authentication engine 110. The program code for the authentication engine 110 may
be resident in any suitable computer-readable medium and may be executed on any suitable
sing device. For example, as ed in the program code for the authentication
engine 110 can reside in the memory 504 at the telecommunications network server 108. Executing
the authentication engine 110 can configure the processor 502 to perform the operations described
herein with respect to FIGs. 2-4. In some s, one or more of the electronic transaction codes
116, the digital identifiers 114, and the digital identifiers 118 can also be stored in the memory
In some aspects, the telecommunications network server 108 can include a network
interface device 510. A network interface device 510 can include any device or group of devices
suitable for establishing a wired or wireless data connection to one or more data networks 106.
Non-limiting examples of the network interface device 510 include an Ethernet network adapter,
a modem, etc. A network interface device 510 can include one or more network communications
ports 512, where an address or other identifier of the communication port is used for
communications with various client devices (e.g., a user device 102, a third-party system 104,
etc.).
General Considerations
Numerous specific details are set forth herein to provide a thorough tanding
of the claimed t matter. However, those skilled in the art will understand that the d
t matter may be practiced without these specific details. In other instances, methods,
apparatuses, or systems that would be known by one of ordinary skill have not been described in
detail so as not to obscure claimed subject matter.
Unless specifically stated otherwise, it is appreciated that throughout this
specification that terms such as “processing,” “computing,” “calculating,” “determining,” and
“identifying” or the like refer to actions or processes of a computing device, such as one or more
computers or a similar electronic computing device or devices, that manipulate or orm data
ented as physical onic or magnetic ties within memories, registers, or other
information storage devices, transmission s, or display devices of the computing platform.
The system or systems discussed herein are not d to any particular hardware
architecture or configuration. A computing device can include any suitable arrangement of
components that provides a result conditioned on one or more inputs. Suitable computing devices
include multipurpose microprocessor-based computing systems accessing stored re that
programs or configures the computing system from a general purpose computing apparatus to a
specialized computing apparatus implementing one or more aspects of the present subject .
Any suitable programming, scripting, or other type of language or combinations of languages may
be used to implement the teachings contained herein in software to be used in programming or
configuring a computing device.
s of the methods disclosed herein may be performed in the operation of such
computing devices. The order of the blocks presented in the examples above can be varied—for
example, blocks can be re-ordered, ed, or broken into sub-blocks. Certain blocks or
processes can be performed in el.
The use of ed to” or “configured to” herein is meant as open and inclusive
language that does not foreclose s d to or configured to perform additional tasks or
steps. Additionally, the use of “based on” is meant to be open and inclusive, in that a process, step,
calculation, or other action “based on” one or more recited conditions or values may, in practice,
be based on additional conditions or values beyond those d. Headings, lists, and numbering
included herein are for ease of explanation only and are not meant to be limiting.
Further, unless the context requires otherwise, the word "comprise", as well as
variations such as "comprises" and "comprising", used throughout this specification, including the
claims that follow, will imply the inclusion of an fied integer or step or group of integers or
steps but not the ion of any other integer or step or group of integers or steps.
While the present subject matter has been described in detail with respect to specific
aspects thereof, it will be appreciated that those skilled in the art, upon attaining an understanding
of the foregoing, may readily produce alterations to, variations of, and equivalents to such aspects.
Any aspects or examples may be combined with any other aspects or examples. Accordingly, it
should be understood that the present disclosure has been presented for purposes of example rather
than limitation, and does not preclude inclusion of such modifications, variations, or additions to
the present t matter as would be readily apparent to one of ordinary skill in the art.
Any reference to prior art ation in this specification does not acknowledge
or suggest that the referenced prior art forms any part of the common general knowledge.
Claims
Claims (15)
1. A telecommunications network server device comprising: a processor; a network communications port configured for being controlled by the sor: and a non-transitory computer-readable storage device comprising instructions that are executable by the processor to: receive via the network communications port a request from a third-party electronic device that a user is requesting to be authenticated for a transaction between the user and the third-party electronic device; in response to the request, transmit via the network communications port an electronic transaction code of the transaction to the third-party onic ; receive the electronic transaction code and a digital identifier from the user device associated with the user, the digital identifier being storable in encrypted form in the user device and usable to authenticate the user for transactions with third-party electronic devices that are communicatively separate from each other; and determine whether to confirm or refuse authenticity of the user to the third party electronic device based on determining whether to confirm the received electronic transaction code and the digital identifier, wherein confirming comprises validating the received electronic transaction code by matching the received onic ction code with a stored electronic ction code from a plurality of electronic transaction codes stored in a network attached storage of the telecommunication network server device.
2. The telecommunications network server device of claim 1, wherein the nontransitory er-readable storage device includes instructions that are executable by the processor to: transmit via the k communications port the digital identifier to the user device associated with the user authenticated by the mmunications network server device, the l identifier being electronically tethered or bound to the user device; in response to receiving the electronic transaction code and the digital identifier, transmit a demand to the user device for the user to provide matory input to the user device for receipt by the telecommunications network server device; and transmit via the network ications port the confirmation of authenticity of the user to the third-party electronic device only subsequent to receiving the confirmatory input.
3. The telecommunications network server device of claim 1, wherein the electronic transaction code is a Quick Response code that is scannable by the user device.
4. The telecommunications network server device of claim 1, wherein the nsitory computer-readable storage device includes instructions that are executable by the processor to: monitor an amount of time between transmitting the electronic transaction code to the party electronic device and receiving the electronic transaction code and the digital identifier from the user device; and in response to determining the amount of time is greater than a pre-selected threshold amount of time, transmit via the network communications port an indication of unsuccessful confirmation of authenticity of the user to the third-party electronic device.
5. The mmunications network server device of claim 1, wherein the nontransitory computer-readable storage device includes instructions that are executable by the processor to: transmit via the network communications port an obfuscated version of the digital fier to the third-party electronic device, the ated version of the digital identifier being usable by the third-party onic device to authenticate the user based on the digital identifier stored in the user device and being not usable to confirm authenticity of the user with the onic transaction code.
6. The telecommunications network server device of claim 1, wherein the nontransitory computer-readable storage device includes instructions that are executable by the processor to: receive from the user device a command to share personal identification ation about the user with the third-party electronic device and one or more types of personal identification information to share to the third-party electronic device, wherein the transaction involves transmission of personal identifiable information of the user to the third party electronic device for completing the transaction; and transmit via the network communications port the personal identification information about the user as selected from the user device to the third-party electronic device.
7. The telecommunications network server device of claim 1, wherein the nontransitory computer-readable storage device includes instructions that are executable by the processor to: receive requests from the third-party electronic devices that are separate from each other, the requests indicating that the user is requesting to be authenticated for transactions with the third-party electronic devices; transmit a plurality of electronic ction codes to the third-party onic devices, the plurality of electronic transaction codes including unique codes such that each unique code corresponds to one ction; receive the plurality of electronic ction codes and the digital identifier from the user device; and in se to confirming the plurality of onic transaction codes and the digital identifier, it confirmations of authenticity of the user to the third-party electronic devices.
8. A method of authenticating a user to a third-party electronic device, the method comprising operations executable by one or more processors, the operations including: receiving, by a telecommunication network server device via a network communications port a request from a third-party electronic device that a user is ting to be authenticated for a transaction between the user and the third-party electronic ; in response to the request, transmitting via the network communications port an electronic transaction code to the third-party onic device, wherein the electronic transaction code is a unique code that indicates the requested transaction, wherein the electronic ction code is usable by a user device of the user to t that the telecommunication network server device ms authenticity of the user of the user device; receiving, by the telecommunication network server device, the electronic transaction code and a digital identifier from the user device ated with the user, the digital identifier being storable in ted form in the user device and usable to authenticate the user for transactions with third-party electronic devices that are communicatively separate from each other; confirming, by the telecommunication network server device, the received electronic transaction code and the digital identifier, wherein confirming the digital identifier comprises: validating the received onic transaction code by matching the received electronic ction code with a stored onic transaction code from a plurality of electronic transaction codes stored in a network attached storage of the mmunication network server device; and verifying authenticity of the user associated with the digital identifier; and in response to confirming the electronic transaction code and the digital identifier, transmitting, by the telecommunication network server device via the network communications port a confirmation of ticity of the user to the third-party electronic device.
9. The method of claim 8, the operations further including: transmitting via the network ications port the digital identifier to the user device ated with the user, the digital identifier being electronically tethered or bound to the user device; in response to receiving the electronic transaction code and the digital identifier, transmitting a demand to the user device for the user to provide confirmatory input to the user device; and transmitting via the network communications port the confirmation of authenticity of the user to the third-party electronic device only subsequent to receiving the confirmatory input.
10. The method of claim 8, the operations further including: monitoring an amount of time between itting the electronic transaction code to the third-party electronic device and receiving the electronic transaction code and the digital identifier from the user device; and in se to determining the amount of time is greater than a pre-selected threshold amount of time, transmitting via the k communications port an indication of unsuccessful confirmation of authenticity of the user to the third-party electronic device.
11. The method of claim 8, the operations further ing: transmitting via the k communications port an obfuscated version of the digital identifier to the third-party electronic device, the obfuscated n of the digital identifier being usable by the third-party electronic device to authenticate the user based on the digital identifier stored in the user device and being not usable to confirm authenticity of the user with the onic transaction code.
12. The method of claim 8, the operations further including: receiving from the user device a command to share personal identification information about the user with the third-party electronic device and one or more types of personal identification information to share to the third-party electronic device; and transmitting via the network communications port the personal identification information about the user as selected from the user device to the party electronic device.
13. The method of claim 8, the operations further including: receiving requests from the third-party electronic devices that are separate from each other, the ts indicating that the user is requesting to be ticated for transactions with the third-party electronic devices; transmitting a plurality of electronic transaction codes to the third-party electronic devices, the plurality of electronic transaction codes including unique codes such that each unique code corresponds to one transaction; receiving the plurality of electronic transaction codes and the digital identifier from the user device; and in response to confirming the plurality of electronic transaction codes and the digital identifier, transmitting confirmations of authenticity of the user to the third-party electronic devices.
14. A non-transitory computer-readable medium embodying program code for authenticating a user to a third-party electronic device, the program code comprising instructions which, when executed by a processor, cause the processor to perform operations including the method of any one of claims 8 to 13.
15. The non-transitory computer-readable medium of claim 14, wherein the onic ction code is a Quick Response code scannable by the user device.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US62/443,236 | 2017-01-06 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| NZ795743A true NZ795743A (en) | 2022-12-23 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2022203766B2 (en) | Confirming authenticity of a user to a third-party system | |
| US11178128B2 (en) | Integrating sensitive data from a data provider into instances of third-party applications executed on user devices | |
| US20220255931A1 (en) | Domain unrestricted mobile initiated login | |
| US11172361B2 (en) | System and method of notifying mobile devices to complete transactions | |
| AU2020419017B2 (en) | Secure online access control to prevent identification information misuse | |
| RU2718237C2 (en) | Systems and methods for authenticating online user using secure authorization server | |
| US20220122088A1 (en) | Unified login biometric authentication support | |
| US20160180343A1 (en) | System and method for secured communications between a mobile device and a server | |
| US20140156531A1 (en) | System and Method for Authenticating Transactions Through a Mobile Device | |
| KR101451359B1 (en) | User account recovery | |
| US11706219B1 (en) | Secure session sharing between computing devices | |
| WO2015150917A2 (en) | System and method for authenticating transactions through a mobile device | |
| WO2022140469A1 (en) | Domain unrestricted mobile initiated login | |
| NZ795743A (en) | Confirming authenticity of a user to a third-party system | |
| CN116956262A (en) | Unified authentication and authorization method, device and medium |