Patent Issued for Authentication of a remote customer using probabilistic locations of WiFi signals (USPTO 11983695): United Services Automobile Association

2024 JUN 03 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent by the inventors Bernstein, Steven Michael (San Antonio, TX, US), Luberus, Patrick Michael (San Antonio, TX, US), Meyer, Gregory Brian (San Antonio, TX, US), Russell, Ryan Thomas (The Colony, TX, US), Waters, Jr., David Ira (San Antonio, TX, US), filed on May 28, 2021, was published online on May 14, 2024, according to news reporting originating from Alexandria, Virginia, by NewsRx correspondents.

Patent number 11983695 is assigned to United Services Automobile Association (San Antonio, Texas, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “Many customers of financial institutions such as banks, savings and loans, credit unions and other financial institutions prefer to conduct a substantial proportion of their transfers from their accounts at the financial institutions from a remote location, using an electronic device such as a computer, a desktop computer, a laptop computer, a tablet and a smart phone. The customers may initiate many of such transfers from locations such as the customers’ homes or the customers’ workplaces. In many typical cases, the financial institution may require the customer to enter a password as well as also entering his or her customer name for the account as a means for verifying the customer’s identity. Unfortunately, in some cases fraudulent actors have succeeded in overcoming these precautionary measures by using any one of several illegal or unethical means. For example, a fraudulent actor may look over a customer’s shoulder while the customer is accessing his or her account online.

“For these reasons, there is a need for robust methods of making sure that the person requesting a transfer of funds is indeed a person authorized to make such requests before allowing the funds to be transferred.”

In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “In one aspect, embodiments include a system for authenticating a customer of a bank attempting to access one of the customer’s accounts at the bank. The system has a server at the bank that is configured to be in communication with a router located at premises associated with the customer. The server is configured to receive communications from the router. An app housed in the server is configured to retrieve a stored list of wireless networks that were previously detected by the router. When the server receives a request from the customer for the transfer of funds from one of the customer’s accounts to a third party, the server also receives a current list of wireless networks currently detected by the router. The app is configured to compare the current list of wireless networks to the stored list of wireless networks, and to determine whether the current list matches the stored list at least in part. If the app determines that the current list fully matches the stored list, the app authorizes the customer’s request for the transfer of funds.

“In another aspect, embodiments include a system for providing a customer with access to the customer’s accounts at a bank that includes a customer’s computing device configured to detect wireless networks broadcast by neighboring routers. In that case, the computing device has previously transmitted a list of the wireless networks broadcast by routers in neighboring premises to a server at the bank. Whenever the customer accesses the customer’s accounts at the bank to submit a request for a transfer of funds, the computing device transmits a current list of the wireless networks broadcast by routers in neighboring premises to the server at the bank, and the server also receives a current synthetic password. Whenever the current list of wireless networks broadcast by routers in neighboring premises fully matches the previously transmitted list of wireless networks broadcast by routers in neighboring premises and the currently received synthetic password matches a previously stored synthetic password within pre-established tolerances, the customer receives confirmation that the request for the transfer of funds has been authorized.

“In yet another aspect, embodiments include a method for protecting a customer’s accounts at a bank from being accessed by fraudsters that includes obtaining a list of wireless networks detected by a customer’s computing device, and storing that list of wireless networks as a stored list of wireless networks on a server at the bank. The server then obtains a current list of wireless networks detected by the customer’s computing device whenever an app at the bank’s server determines that an attempt is being made to transfer funds from the customer’s account. The server then compares the current list of wireless networks detected by a customer’s computing device to the stored list of wireless networks detected by a customer’s computing device. It then determines if there is a full match, no match or a partial match between the current list of wireless networks detected by a customer’s computing device and the stored list of wireless networks detected by a customer’s computing device. The server then authorizes full access to the customer’s account whenever there is a full match.”

The claims supplied by the inventors are:

“1. A system for authenticating a customer of a bank attempting to access one of the customer’s accounts at the bank comprising: a server at the bank to receive communications from a router located at premises associated with the customer, to call a driver controlling a network adaptor of a computing device connected to the router and associated with the customer to receive a complete list of wireless networks detected by the network adaptor, to generate a stored list of wireless networks from the complete list of wireless networks based on a signal strength associated with each wireless network, to generate a stored synthetic password using a concatenation of parts of a network name and a signal strength for each wireless network in the stored list of wireless networks, and to use the stored list of wireless networks to link the computing device to a geographical location; an identity verification and authentication application running on the server; a database in communication with the identity verification and authentication application, the database comprising the stored list of wireless networks and the stored synthetic password; and an account transaction application running on the server and in communication with the identity verification and authentication application; wherein when the server receives a request from the customer for the transfer of funds from one of the customer’s accounts to a third party, the server performs two-factor authentication by first identifying the customer using a customer name and password submitted by the customer and second separately without input from the customer acquiring from the router a current list of wireless networks currently detected by the computing device and the server generates a current synthetic password using a concatenation of parts of a network name and a signal strength for each wireless network in the current list of wireless networks; wherein the identity verification and authentication application compares the current synthetic password to the stored synthetic password; wherein if the identify verification and authentication application determines that the current synthetic password fully matches the stored synthetic password, the server authenticates the customer and that the request from the customer for transfer of funds is from the computing device at the linked geographical location, and the identity verification and authentication application communicates a fully match score to the account transaction application that authorizes the customer’s request for the transfer of funds.

“2. The system of claim 1, wherein if the identity verification and authentication application determines that there is only a partial match between the current synthetic password and the stored synthetic password, the identity verification and authentication application calculates a partial match score.

“3. The system of claim 2, wherein if the partial match score meets a pre-determined threshold, the identity verification and authentication application only authorizes certain pre-defined activities.

“4. The system of claim 2, wherein if the partial match score only meets another threshold that is lower than the pre-determined threshold, the identity verification and authentication application only authorizes certain limited activities.

“5. The system of claim 2, wherein the partial match score is calculated based in part on rules associated with the account.

“6. A system for providing a customer with access to the customer’s accounts at a bank comprising: a customer’s computing device comprising a WiFi adaptor to detect wireless networks broadcast by routers in neighboring premises; a server at the bank in communication with a driver controlling the WiFi adaptor of the customer’s computing device, the server used to receive a previously transmitted list of the wireless networks broadcast by routers in neighboring premises and network names and relative signal strengths of the wireless networks in the previously transmitted list of the wireless networks, to generate a stored synthetic password using a concatenation of parts of the network names and relative signal strengths for each wireless network in the previously transmitted list of the wireless networks, and to store the stored synthetic password; and a database in communication with the server and comprising the previously transmitted list of wireless networks and the stored synthetic password; wherein whenever the customer accesses the customer’s accounts at the bank to submit a request fora transfer of funds, the server performs two-factor authentication by first identifying the customer using a customer name and password submitted by the customer and second separately without input from the customer making a call to the driver to obtain a current list of the wireless networks broadcast by routers in neighboring premises, the network names, and the relative signal strengths of the wireless networks in the current list of wireless networks and the server generates generating a current synthetic password using a concatenation of parts of the network names and relative signal strengths for each wireless network in the current list of the wireless networks; and wherein whenever the current list of wireless networks broadcast by routers in neighboring premises fully matches the previously transmitted list of wireless networks broadcast by routers in neighboring premises and the current synthetic password matches the stored synthetic password within specified tolerances, the customer receives confirmation on the customer’s computing device that the request for the transfer of funds has been authorized.

“7. The system of claim 6, wherein whenever the current list of wireless networks broadcast by routers in neighboring premises only partially matches the previously transmitted list of wireless networks broadcast by neighboring routers, the customer receives confirmation that the request for the transfer of funds has only been authorized to one of pre-defined activities and limited activities.

“8. The system of claim 7, wherein the pre-defined activities comprise paying the customer’s payees, with maximum limits defined for each payee.

“9. The system of claim 7, wherein the limited activities include limiting payments by debit cards according to a category of the payee.

“10. The system of claim 6, wherein when the customer is calling from the customer’s office at work, the server at the bank requires additional personal information before approving the request.

“11. A method for protecting a customer’s accounts at a bank from being accessed by fraudsters comprising: obtaining a complete list of wireless networks detected by a WiFi adaptor of a customer’s computing device; using a signal strength associated with each wireless network in an identity verification and authentication application running on a server at the bank to create a stored list of wireless networks from the complete list of wireless networks; generating a stored synthetic password using a concatenation of parts of a network name and the signal strength for each wireless network in the stored list of wireless networks; using the stored list of wireless networks in the identity verification and authentication application to link the customer’s computing device to a geographical location; storing the stored list of wireless networks, the stored synthetic password, and linked geographical location on a database on the server; performing two-factor authentication by identifying the customer using a customer name and password submitted by the customer and separately without input from the customer obtaining a current list of wireless networks detected by a current computing device using the identity verification and authentication application whenever the identity verification and authentication application determines that an attempt is being made to transfer funds from the customer’s account and generating a current synthetic password using a concatenation of parts of a network name and a signal strength for each wireless network in the current list of wireless networks; comparing the current list of wireless networks to the stored list of wireless networks and the current synthetic password to the stored synthetic password with the identity verification and authentication application; determining with the identity verification and authentication application if the attempt to transfer funds from the customer’s account is from the customer’s computing device at the linked geographical location by verifying whether there is one of a full match, no match and a partial match between the current list of wireless networks and the stored list of wireless networks and the current synthetic password to the stored synthetic password; and authorizing with the identity verification and authentication application full access to the customer’s account whenever there is a full match, and denying access to the customer’s account whenever there is no match.

“12. The method of claim 11, further comprising calculating a verification score whenever there is a partial match.

“13. The method of claim 12, further comprising authorizing pre-defined activities whenever the verification score meets a pre-determined threshold.

“14. The method of claim 12, further comprising authorizing only limited activities whenever the verification score only meets another threshold that is lower than the pre-determined threshold.

“15. The method of claim 11, further comprising requiring additional verification of an identity of a person seeking to access the customer’s account at the bank.

“16. The method of claim 15, wherein the additional verification comprises recitation of personal knowledge for comparison to previously stored personal knowledge.”

There are additional claims. Please visit full patent to read further.

URL and more information on this patent, see: Bernstein, Steven Michael. Authentication of a remote customer using probabilistic locations of WiFi signals. U.S. Patent Number 11983695, filed May 28, 2021, and published online on May 14, 2024. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11983695)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)