Patent Issued for Mutual authentication system (USPTO 11316849): United Services Automobile Association

2022 MAY 18 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Alexandria, Virginia, by NewsRx journalists, a patent by the inventors Anzaldua, Steven (San Antonio, TX, US), filed on April 1, 2020, was published online on April 26, 2022.

The assignee for this patent, patent number 11316849, is United Services Automobile Association (San Antonio, Texas, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “When a customer calls an organization’s customer service phone number, he or she is asked to provide certain personal information about him or her so that a customer service representative can determine that the customer is who he or she says. In this way, a customer service representative can authenticate the identity of the customer calling. In some cases, customer service representatives call customers for marketing purposes (e.g., to sell additional products or finalize transaction), for notification purposes (e.g., to notify a customer of a suspected credit card fraud) or to collect information for a service or product they are providing. Customers who receive such calls may implicitly trust the customer service representative at least because the customer service representative’s claim that he or she belongs to a trustworthy organization (e.g., the customer’s bank) or because of the reason for the customer service perspective’s call (e.g., to notify of a credit card fraud). Fraudsters know about this phenomenon and call the customers pretending to be affiliated with the organization that the customer trusts. Thus, customers who receive such calls are susceptible to having their personal sensitive information stolen by the fraudsters.

“The techniques introduced here may be better understood by referring to the following Detailed Description in conjunction with the accompanying drawings, in which like reference numerals indicate identical or functionally similar elements. Moreover, while the technology is amenable to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and are described in detail below. The intention, however, is not to limit the technology to the particular embodiments described. On the contrary, the technology is intended to cover all modifications, equivalents, and alternatives falling within the scope of the technology as defined by the appended claims.”

In addition to obtaining background information on this patent, NewsRx editors also obtained the inventors’ summary information for this patent: “When a customer receives a call from a customer service representative (CSR) of a trustworthy organization (e.g., the customer’s bank) the customer is unable to verify that the CSR is who he or she says. In some cases, fraudsters have been known to steal personal information and use it for nefarious purposes (e.g., taking out loans, filing fake tax returns, having a credit card sent to the fraudster’s address). In a specific example, a fraudster can steal account login and password information that belongs to a customer, log into the customer’s account, initiate a transaction that triggers a one-time code (OTC) being sent to the customer’s mobile device, and then call the customer pretending to the be the CSR to obtain the OTC. The fraudster can then use the OTC for authentication and proceed with a transaction.

“To address at least this problem, this patent document describes technology that can allow two persons to perform mutual authentication when a first person (e.g., a CSR) calls a second person (e.g., a customer). For example, after a second person receives the call, the second person is asked to authenticate himself or herself using a user device (e.g., via a mobile device application or via a web browser). After the second person logs into his or her account, the second person can input on the user device a one-time passcode to authenticate the first person. The user device sends the passcode to a server that allows the first person to read back the inputted one-time passcode to the second person. Upon receiving the inputted one-time passcode, the second person can use his or her user device to indicate that the one-time passcode is correct so that the second person can be authenticated to access the first person’s account. In this way, the second person is authenticated as well because the first person verifies that the second person accessed (e.g., in some cases provided authentication information to obtain access) to the mobile application or web portal to input the one-time passcode.

“In this patent document, the terms “customer service representative” and “customer” are used to simplify the description of the example mutual authentication techniques. However, the mutual authentication techniques described in this patent document can be applied in context other than where a customer service representative belonging to an organization (e.g., company) calls a customer of that organization. For example, a person can verify that it is indeed a governmental agency calling to verify benefits or obtain information when a governmental agency calls the person.”

The claims supplied by the inventors are:

“1. A system for performing authentication, comprising: a first device associated with a first person and configured to: receive a call initiated by a second device associated with a second person, authenticate the first person to access an account associated with the first person during the call from the second person, wherein the first person is authenticated based on user information received via the first device, receive, after the first person is authenticated, a first passcode entered into the first device, send a message to a server to perform additional authentication operations, wherein the message includes an identifier associated with the account of the first person and the first passcode, and the server configured to: receive the message from the first device, send the first passcode and the identifier to the second device associated with the second person, wherein a second passcode is sent by the second device via the call to the first device, receive from the first device a match condition message that indicates that the second passcode sent by the second device is same as the first passcode entered into the first device, in response to receiving the match condition message, authenticate the second person to access the account associated with the first person.

“2. The system of claim 1, wherein the server is further configured to: receive from the first device a non-match condition message that indicates that the second passcode sent by the second device is different from the first passcode entered into the first device; and in response to receiving the non-match condition message, deny the second person access to the account associated with the first person.

“3. The system of claim 2, wherein the message includes a second identifier randomly generated by the first device, wherein the second identifier uniquely identifies the call when the first person is authenticated, and wherein the server is configured to: store the second identifier and either a grant designation in response to authenticating the second person to access the account or a deny designation in response to denying the second person access to the account, wherein the grant designation or the deny designation is stored next to the second identifier.

“4. The system of claim 2, wherein the first device is configured to encrypt the match condition message or the non-match condition message prior to sending the match condition message or the non-match condition message to the server.

“5. The system of claim 1, wherein the message is stored on the server or on a database associated with a server for a pre-determined duration of time, and wherein the second person is authenticated in response to receiving the match condition message within the pre-determined duration of time.

“6. The system of claim 1, wherein the first person is authenticated via an application operating on the first device or via an Internet browser operating on the first device.

“7. The system of claim 1, wherein: the first passcode and the second passcode include letters, numbers, or symbols, the message is encrypted by the first device prior to sending the message to the server, and the user information includes a personal identification number of the first person, or biometric information of the first person, or a user name and a password of the first person.

“8. A method of performing authentication, comprising: receiving, by a server, a message from a first device associated with a first person, wherein the message includes an identifier associated with an account of the first person and a first passcode entered into the first device, wherein the message is received during a call in between the first device and a second device associated with a second person, wherein the message is sent by the first device after the first device authenticates the first person to access the account; sending the first passcode and the identifier to the second device associated with the second person, wherein a second passcode is sent by the second device via the call to the first device, receiving from the first device a match condition message that indicates that the second passcode sent by the second device is same as the first passcode; and in response to receiving the match condition message, authenticating the second person to access the account associated with the first person.

“9. The method of claim 8, further comprising: receiving from the first device a non-match condition message that indicates that the second passcode sent by the second device is different from the first passcode entered into the first device; and in response to receiving the non-match condition message, denying the second person access to the account associated with the first person.

“10. The method of claim 9, wherein the message includes a second identifier randomly generated by the first device, wherein the second identifier uniquely identifies the call when the first person is authenticated, and wherein the second identifier is stored and either a grant designation is stored in response to authenticating the second person to access the account or a deny designation is stored in response to denying the second person access to the account, wherein the grant designation or the deny designation is stored next to the second identifier.

“11. The method of claim 8, wherein the message, the match condition message, and the non-match condition message are encrypted.

“12. The method of claim 8, wherein the message is stored on the server or on a database associated with a server for a pre-determined duration of time, and wherein the second person is authenticated in response to receiving the match condition message within the pre-determined duration of time.

“13. The method of claim 8, wherein the first passcode and the second passcode include letters, numbers, or symbols.

“14. A method of performing authentication, comprising: receiving, by a first device associated with a first person, a call initiated by a second device associated with a second person; authenticating the first person to access an account associated with the first person during the call from the second person, wherein the first person is authenticated based on user information received via the first device; receiving, after the first person is authenticated, a first passcode entered into the first device; and sending, to a server, a message that includes an identifier associated with the account of the first person and the first passcode; receiving a second passcode sent by the second device via the call; sending, to the server, a match condition message in response to receiving an indication that the second passcode sent by the second device is same as the first passcode entered into the first device, wherein the match condition message is used by the server to authenticate the second person to access the account associated with the first person.

“15. The method of claim 14, further comprising: sending, to the server, a non-match condition message in response to receiving another indication that the second passcode sent by the second device is different from the first passcode entered into the first device, wherein the non-match condition message is used by the server to deny the second person access to the account associated with the first person.

“16. The method of claim 15, wherein the message, the match condition message and the non-match condition message are encrypted.

“17. The method of claim 14, wherein the first person is authenticated via an application operating on the first device or via an Internet browser operating on the first device.

“18. The method of claim 14, wherein the first passcode and the second passcode include letters, numbers, or symbols.

“19. The method of claim 14, wherein the user information includes a personal identification number of the first person, or biometric information of the first person, or a user name and a password of the first person.”

For more information, see this patent: Anzaldua, Steven. Mutual authentication system. U.S. Patent Number 11316849, filed April 1, 2020, and published online on April 26, 2022. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=11316849.PN.&OS=PN/11316849RS=PN/11316849

(Our reports deliver fact-based news of research and discoveries from around the world.)