Patent Issued for Mutual authentication system (USPTO 11818125): United Services Automobile Association
2023 DEC 06 (NewsRx) -- By a
Patent number 11818125 is assigned to
The following quote was obtained by the news editors from the background information supplied by the inventors: “When a customer calls an organization’s customer service phone number, he or she is asked to provide certain personal information about him or her so that a customer service representative can determine that the customer is who he or she says. In this way, a customer service representative can authenticate the identity of the customer calling. In some cases, customer service representatives call customers for marketing purposes (e.g., to sell additional products or finalize transaction), for notification purposes (e.g., to notify a customer of a suspected credit card fraud) or to collect information for a service or product they are providing. Customers who receive such calls may implicitly trust the customer service representative at least because the customer service representative’s claim that he or she belongs to a trustworthy organization (e.g., the customer’s bank) or because of the reason for the customer service perspective’s call (e.g., to notify of a credit card fraud). Fraudsters know about this phenomenon and call the customers pretending to be affiliated with the organization that the customer trusts. Thus, customers who receive such calls are susceptible to having their personal sensitive information stolen by the fraudsters.
“The techniques introduced here may be better understood by referring to the following Detailed Description in conjunction with the accompanying drawings, in which like reference numerals indicate identical or functionally similar elements. Moreover, while the technology is amenable to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and are described in detail below. The intention, however, is not to limit the technology to the particular embodiments described. On the contrary, the technology is intended to cover all modifications, equivalents, and alternatives falling within the scope of the technology as defined by the appended claims.”
In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “When a customer receives a call from a customer service representative (CSR) of a trustworthy organization (e.g., the customer’s bank) the customer is unable to verify that the CSR is who he or she says. In some cases, fraudsters have been known to steal personal information and use it for nefarious purposes (e.g., taking out loans, filing fake tax returns, having a credit card sent to the fraudster’s address). In a specific example, a fraudster can steal account login and password information that belongs to a customer, log into the customer’s account, initiate a transaction that triggers a one-time code (OTC) being sent to the customer’s mobile device, and then call the customer pretending to the be the CSR to obtain the OTC. The fraudster can then use the OTC for authentication and proceed with a transaction.
“To address at least this problem, this patent document describes technology that can allow two persons to perform mutual authentication when a first person (e.g., a CSR) calls a second person (e.g., a customer). For example, after a second person receives the call, the second person is asked to authenticate himself or herself using a user device (e.g., via a mobile device application or via a web browser). After the second person logs into his or her account, the second person can input on the user device a one-time passcode to authenticate the first person. The user device sends the passcode to a server that allows the first person to read back the inputted one-time passcode to the second person. Upon receiving the inputted one-time passcode, the second person can use his or her user device to indicate that the one-time passcode is correct so that the second person can be authenticated to access the first person’s account. In this way, the second person is authenticated as well because the first person verifies that the second person accessed (e.g., in some cases provided authentication information to obtain access) to the mobile application or web portal to input the one-time passcode.
“In this patent document, the terms “customer service representative” and “customer” are used to simplify the description of the example mutual authentication techniques. However, the mutual authentication techniques described in this patent document can be applied in context other than where a customer service representative belonging to an organization (e.g., company) calls a customer of that organization. For example, a person can verify that it is indeed a governmental agency calling to verify benefits or obtain information when a governmental agency calls the person.”
The claims supplied by the inventors are:
“1. A system for performing authentication, the system comprising: one or more processors; and one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to perform a process comprising: receiving, by a first device associated with a first person, a call initiated by a second device associated with a second person; performing an authentication procedure for the first person, wherein the first person is authenticated based on user information received via the first device; receiving, after the first person is authenticated, a first passcode; sending a message that includes an identifier associated with an account of the first person and the first passcode; receiving a second passcode sent by the second device during the call; determining that the second passcode sent by the second device matches the first passcode; and verifying the call by sending a match condition message in response to the determination that the second passcode sent by the second device matches the first passcode.
“2. The system of claim 1, wherein the match condition is sent to a server that is configured to, when the server receives a non-match condition message that indicates that there was not a match between passcodes, deny access, to a caller, to an account associated with the non-match condition message.
“3. The system of claim 1, wherein the first passcode is randomly generated.
“4. The system of claim 1, wherein the match condition is sent to a server that, in response to receiving the match condition, grants the second person to access the account of the first person.
“5. The system of claim 1, wherein the sending the message that includes the identifier includes sending an encrypted version of the first passcode.
“6. The system of claim 1, wherein the message that includes the identifier and the match condition are sent to a server that is configured to: store an indication of the message that includes the identifier for a pre-determined duration of time; and authenticate the second person in response to receiving the match condition message within the pre-determined duration of time.
“7. The system of claim 1, wherein the first passcode and the second passcode include letters and numbers.
“8. The system of claim 1, wherein the server is configured to, when the server receives a non-match condition message that indicates that there was not a match between passcodes, deny access, to a caller, to an account associated with the non-match condition message.
“9. The system of claim 1, wherein the first passcode is randomly generated.
“10. The system of claim 1, wherein the server, in response to receiving the match condition, grants the second person to access the account of the first person.
“11. The system of claim 1, the message that includes the identifier includes an encrypted version of the first passcode.
“12. The system of claim 1, wherein the server is configured to: store an indication of the message that includes the identifier for a pre-determined duration of time; and authenticate the second person in response to receiving the match condition message within the pre-determined duration of time.
“13. The system of claim 1, wherein the first passcode and the second passcode include letters and numbers.
“14. A method of performing authentication by a server, the method comprising: receiving, by the server, a message that includes an identifier associated with an account of the first person and a first passcode, wherein a first device associated with a first person: received a call initiated by a second device associated with a second person; performed an authentication procedure for the first person, wherein the first person was authenticated based on user information received via the first device; and received, after the first person was authenticated, the first passcode; providing the first passcode to the second device, wherein the second device sends, to the first device, a second passcode during the call, and wherein the first device determines that the second passcode, sent by the second device, matches the first passcode; and receiving a match condition that is in response to the determination that the second passcode sent by the second device matched the first passcode.
“15. A computer-readable storage medium storing instructions that, when executed by a computing system, cause the computing system to perform a process for performing authentication, the process comprising: receiving, by a first device associated with a first person, a call initiated by a second device associated with a second person; performing an authentication procedure for the first person, wherein the first person is authenticated based on user information received via the first device; receiving, after the first person is authenticated, a first passcode; sending a message that includes an identifier associated with an account of the first person and the first passcode; receiving a second passcode sent by the second device during the call; determining that the second passcode sent by the second device matches the first passcode; and verifying the call by sending a match condition message in response to the determination that the second passcode sent by the second device matches the first passcode.
“16. The computer-readable storage medium of claim 15, wherein the match condition is sent to a server that is configured to, when the server receives a non-match condition message that indicates that there was not a match between passcodes, deny access, to a caller, to an account associated with the non-match condition message.
“17. The computer-readable storage medium of claim 15, wherein the first passcode is randomly generated.
“18. The computer-readable storage medium of claim 15, wherein the match condition is sent to a server that, in response to receiving the match condition, grants the second person to access the account of the first person.
“19. The computer-readable storage medium of claim 15, wherein the sending the message that includes the identifier includes sending an encrypted version of the first passcode.
“20. The computer-readable storage medium of claim 15, wherein the message that includes the identifier and the match condition are sent to a server that is configured to: store an indication of the message that includes the identifier for a pre-determined duration of time; and authenticate the second person in response to receiving the match condition message within the pre-determined duration of time.”
URL and more information on this patent, see: Anzaldua, Steven. Mutual authentication system.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Curtin University Reports Findings in Computers (Public preference on sharing health data to inform research, health policy and clinical practice in Australia: A stated preference experiment): Computers
University of Geneva Reports Findings in Science (Mortality risk from United States coal electricity generation): Science
Advisor News
- Ex-employees sue Verizon over pension transfer deal with Prudential, RGA
- Gary Brecka, Cardones file dueling lawsuits in battle of social media stars
- Confidence is key to cold calling success
- Overcoming the indecision of prospects
- What issues top consumers’ list of financial goals for 2025?
More Advisor NewsAnnuity News
- Sapiens wins XCelent award for Customer Base and Support for UnderwritingPro for Life & Annuities
- SB 263 expected to bring chaos to Calif. insurance, annuity sales come Jan. 1
- Lincoln Financial hires industry veteran Tom Morelli as Vice President, Investment Distribution
- Structured settlements protect young injury victims | H. Dennis Beaver
- MetLife Inc. (NYSE: MET) Highlighted for Surprising Price Action
More Annuity NewsHealth/Employee Benefits News
- New California law prohibits using AI as basis to deny health insurance claims
- New California law prohibits using AI as basis to deny health insurance claims
- Her Mental Health Treatment Was Helping. That’s Why Insurance Cut Off Her Coverage.
- Mental health No. 1 priority in Tulsa health plan
- Social Security: Faster processing for Alzheimer disease claims
More Health/Employee Benefits NewsLife Insurance News
- A-Cap suspends Sentinel Security Life business; gets reprieve for Atlantic Coast Life
- Hidden risk: The impact of financial markets on life insurance
- Registration Statement by Foreign Issuer (Form F-1)
- Confidence is key to cold calling success
- Exemption Application under Investment Company Act (Form 40-APP/A)
More Life Insurance News