US20150066762A1 - Authentication system - Google Patents
Authentication system Download PDFInfo
- Publication number
- US20150066762A1 US20150066762A1 US14/012,753 US201314012753A US2015066762A1 US 20150066762 A1 US20150066762 A1 US 20150066762A1 US 201314012753 A US201314012753 A US 201314012753A US 2015066762 A1 US2015066762 A1 US 2015066762A1
- Authority
- US
- United States
- Prior art keywords
- authentication
- user
- application
- user device
- profile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4012—Verifying personal identification numbers [PIN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3224—Transactions dependent on location of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
Abstract
Systems and methods for providing authentication include receiving an authentication passcode input through an input device of a user device from a first user. The first user is authenticated in response to the authentication passcode input matching at least one user authentication passcode in a database, and an authentication time period is associated with the authentication of the first user and allows the first user access to at least one application on the user device. A plurality of authentication factors are then detected using the user device, and plurality of authentication factors are not an authentication passcode input received through the input device. The plurality of authentication factors are then determined to match the at least one authentication profile in the database and, in response, the authentication time period is extended such that the first user is allowed continued access to the at least one application on the user device.
Description
- 1. Field of the Invention
- The present invention generally relates to online and/or mobile payments and more particularly to authenticating for an authentication time period, followed by continuing to authenticate beyond the authentication time period, a user for a payment application based on authentication factors that indicate that the user is an authorized user.
- 2. Related Art
- More and more consumers are purchasing items and services over electronic networks such as, for example, the Internet. Consumers routinely purchase products and services from merchants and individuals alike. The transactions may take place directly between a conventional or on-line merchant or retailer and the consumer, and payment is typically made by entering credit card or other financial information. Transactions may also take place with the aid of an on-line or mobile payment service provider such as, for example, PayPal, Inc. of San Jose, Calif. Such payment service providers can make transactions easier and safer for the parties involved. Purchasing with the assistance of a payment service provider from the convenience of virtually anywhere using a mobile device is one main reason why on-line and mobile purchases are growing very quickly.
- Online and/or mobile payments may be facilitated using, for example, a payment application on a user device. However, because the payment application allows for funds of the user to be spent and/or otherwise transferred from that user, the proper and accurate authentication of the user with the user device and/or the payment application is critical. Typically, the user must enter a user authentication passcode into the user device and/or payment application in order to authenticate as an authorized user. Some user devices and/or applications that allow access to financial or other sensitive information of a user may employ relatively high security settings that require the user to authenticate each time the user device and/or application has been left idle for a predetermined period of time. When such high security settings are enabled and the predetermined period of idle time is relatively low, the user may be required to regularly and continuously authenticate themselves on the user device and/or application, which is time-consuming and annoying to the user.
- Thus, there is a need for an improved authentication system.
-
FIG. 1 is a flow chart illustrating an embodiment of a method for authenticating one or more users; -
FIG. 2 is a schematic view illustrating an embodiment of an authentication system detecting authentication factors for authenticating a user; -
FIG. 3 a is a front view illustrating an embodiment of a user operating a user device; -
FIG. 3 b is a schematic view illustrating an embodiment of a user providing authentication factors on a user device; -
FIG. 3 c is a schematic view illustrating an embodiment of a user providing authentication factors on a user device; -
FIG. 3 d is a schematic view illustrating an embodiment of a user providing authentication factors on a user device; -
FIG. 4 is a schematic view illustrating an embodiment of an authentication system including authentication profiles for authenticating a user; -
FIG. 5 is a schematic view illustrating an embodiment of a networked system; -
FIG. 6 is a perspective view illustrating an embodiment of a user device; -
FIG. 7 is a perspective view illustrating an embodiment of a user device -
FIG. 8 is a schematic view illustrating an embodiment of a computer system; and -
FIG. 9 is a schematic view illustrating an embodiment of a user device. - Embodiments of the present disclosure and their advantages are best understood by referring to the detailed description that follows. It should be appreciated that like reference numerals are used to identify like elements illustrated in one or more of the figures, wherein showings therein are for purposes of illustrating embodiments of the present disclosure and not for purposes of limiting the same.
- The present disclosure describes systems and methods for authenticating a user to access to one or more applications on a user device for an authentication time period, and then extending that authentication time period for that user or another user based on authentication factors in one or more authentication profiles that are automatically detected by the user device, rather than requiring the user to re-enter an authentication passcode input using an input device on the user device. The systems and methods allow a first user to provide an authentication passcode input through an input device on the user device (e.g., a string of any alphanumeric or other characters, a sequence of touch input gestures on a touch screen, etc.) to first access one or more applications on the user device. The systems and methods then detect authentication factors through the user device that are not an authentication passcode input provided through the input device and that are not purposely provided by any user of the user device for authentication. Just a few examples of authentication factors may include a plurality of wireless environments, a plurality of detected touch inputs, a plurality of application use details, captured images, captured sounds, and determined locations. If those authentication factors match an authentication profile in a database, the authentication time period may be extended such that the user may continue to access the one or more applications. Just a few examples of authentication profiles include a wireless environment authentication profile that describes a plurality of wireless environments indicative of a trusted location for the user device, a touch input authentication profile that describes a plurality of touch inputs that are indicative of a trusted user of the user device, an application use authentication profile that describes a plurality of application use details that are indicative of a trusted user for the user device, image profiles that includes images of trusted users, and voice profiles that include voices of trusted users.
- In some embodiments, the authentication factors may match an authentication profile for the first user, and the authentication time period may be extended such that the first user may continue to access the one or more applications. In other embodiments, the authentication factors may match an authentication profile for a second user that has been authorized to use the one or more applications (e.g., by the first user) with a restricted authentication level, and the authentication time period may be extended such that the second user is provided continued access the one or more applications that is restricted relative to the access provided to the first user. For example, the one or more applications may include a payment application or the ability to use the payment application, and the restricted continued access may restrict the amount the second user may charge using the payment application (e.g., relative to the first user). In another example, at least one of a plurality of applications may be unavailable to the second user that is provided the restricted continued access (e.g., when the user is a child and the at least one of the plurality of applications includes adult content). Thus, systems and methods are provided that reduce the continuous authentication required of users of conventional secure user devices by detecting authentication factors present in the use of the user device that are not purposely provided by any user of the user device for authentication, but rather are produced through normal use of the user device, and using those authentication factors to determine whether continued access should be provided. Such systems and methods greater reduce the frequency at which users of a user device must provide an authentication passcode input via an input device on the user device, while providing desired level of security for the user device.
- Referring now to
FIG. 1 , an embodiment of amethod 100 for authenticating one or more users is illustrated. In the embodiments discussed below, a user device includes one or more applications that may include an operating system, a payment application, an internet browser, and/or a variety of other applications known in the art. In specific examples discussed below, the application includes a payment application such as, for example, the PayPal payment application available from PayPal, Inc. of San Jose, Calif., that allows a user to instruct a payment service provider (e.g., PayPal, Inc.) to transfer funds from a user account of the user to a merchant account of the merchant to make a payment for a purchase. However, one of skill in the art in possession of the present disclosure will recognize that any application access, from access to an operating system application that operates essentially restricts access to the user device by restricting access to any function of the user device, to access to a specific application of a plurality of applications available on the user device or specific functions (e.g., the ability to make payments) within one or more applications, will benefit from the teachings provided herein and will fall within the scope of the present disclosure. - The
method 100 begins at block 102 where an authentication passcode input is received through an input device of the user device from a first user. In an embodiment, the first user is a primary user of a user device that includes the input device. For example, the user device may be a mobile user device of the first user such as a mobile phone, a tablet computer, a desktop computer, and/or a variety of other user devices known in the art. In other embodiments, the first user may be one of several users that use the user device (e.g., the user device may be shared device that does not have a primary user). In some embodiments, any use of the user devices may be restricted to authorized users such that a user authentication passcode must be provided to access the operating system of the user device. In other embodiments, use of the user device (e.g., access to the operating system of the user device) may be allowed without a user authentication passcode, but use of one or more applications on the user device, or use of particular functions (e.g., payment functions) within one or more applications, may be restricted to authorized users such that a user authentication passcode must be provided to access those applications for functions. In some embodiments, both access to the user device (e.g., the operating systems) and one or more other applications available on the user device may be restricted, and may require different user authentication passcodes (e.g., user device access may require a first user authentication passcode, and a payment application for payment function within an application may require a second user authentication passcode that is different from the first user authentication passcode). - Thus, the user device may include a database (or be connected to a database through a network) that includes one or more user authentication passcodes for accessing the one or more applications on the user device. For example, a user may provide a user authentication passcode for accessing the operating system of the user device, which may include any alphanumeric characters (e.g., a string of numbers provided on a number key display on the user device), a sequence of touch inputs provided on a touch grid display on the user device, and/or a variety of other user authentication passcodes known in the art, and that user authentication passcode may be stored in a non-transitory memory in the user device. In another example, a user authentication passcode for accessing a particular application (e.g., an internet browser, a gaming application, a payment application, a financial tracking application, etc.) may be stored in a non-transitory memory in the user device and/or on an application provider device that may connect to the user device over a network (e.g., the Internet). While a few examples have been provided, any manners known in the art for providing and storing user authentication passcodes are envisioned as falling within the scope of the present disclosure.
- At block 102, the user provides an authentication passcode input through an input device of the user device, which may include a keyboard, a mouse, a microphone, a touch screen display, and/or a variety of other input devices known in the art. In an embodiment, the authentication passcode input is provided to access the operating system of the user device, and may include a password, an alphanumeric character string, a string of numbers, a plurality of touch gestures (e.g., a shape, connection of a plurality of dots displayed on a touch input surface, etc.), a spoken command (e.g., received by the user device using voice recognition techniques known in the art), and/or a variety of other authentication passcode inputs known in the art. In another embodiment, the user device may be providing access to the operating system on the user device, and the authentication passcode input is provided to access an application (or function within an application) on the user device available through use of the operating system, and may include a password, an alphanumeric character string, a string of numbers, a plurality of touch gestures (e.g., a shape, connection of a plurality of dots displayed on a touch input surface, etc.), a spoken command (e.g., received by the user device using voice recognition techniques known in the art), and/or a variety of other authentication passcode inputs known in the art. While a few examples of authentication passcode inputs have been provided, any type and manner of providing authentication passcode inputs are envisioned as falling within the scope of the present disclosure.
- The
method 100 then proceeds to block 104 where the first user is authenticated in response to the authentication passcode input matching a user authentication passcode. In an embodiment, at block 104, an authentication engine in the user device compares the authentication passcode input received at block 102 to one or more user authentication passcodes stored in a database (e.g., located in the user device, connected to the user device through a network, etc.) and, in response to that authentication passcode input matching a user authentication passcode, the authentication engine authenticates the first user to access and use the application or applications. For example, the authentication engine may authenticate the first user for access to the operating system on the user device, to an application available through the operating system, and/or to a function available in an application in response to the authentication passcode input received at block 102 matching a user authentication passcode stored in a database accessible by the user device. - In another embodiment, at block 104, the user device may send the authentication passcode input received at block 102 over the network to an application provider or other system provider device, and that application provider device or other system provider device may compare the authentication passcode input to one or more user authentication passcodes stored in a database. In response to that authentication passcode input matching a user authentication passcode, the application provider device or other system provider device may send an authentication confirmation back over the network such that the authentication engine in the user device authenticates the first user to access and use the application, applications, or application functions. For example, the application provider device or other system provider device, along with the user device, may operate to authenticate the first user for access to the operating system on the user device, to an application available through the operating system, and/or to a function in an application in response to the authentication passcode input received at block 102 matching a user authentication passcodes stored in a database accessible by the application provider device or other system provider device. While a few examples have been provided, any systems and methods for authenticating a user to access an application via an authentication passcode input provided through an input device of a user device are envisioned as falling within the scope of the present disclosure.
- Thus, following block 104, the first user has been provided access to the user device (e.g., through the authorization for the user to access the operating system on the user device), access to an application on the user device (e.g., access to an Internet browser application, payment application, gaming application, financial tracking application, or other application known in the art), access to an application function of an application on the user device (e.g., access to a payment function within an application or available through an Internet browser application), access to a network, and/or a variety of other accesses known in the art. As is known in the art, authenticated access to applications as described above may be associated with an authentication time period in which a user is allowed access to the application or applications. The length of the authentication time period may vary depending on the level of security desired for the application, and any time period length is envisioned as falling within the scope of the present disclosure.
- Furthermore, in some embodiments, rather than referring strictly to an amount of time, an authentication time period may also refer to a time period defined by user actions occurring subsequent to the authentication of the first user and authorization to access the application. For example, the authentication time period may be an undefined time period (e.g., at the time the first user is first authenticated) that is defined by the user closing the application, causing the application to be moved to the “background” of the operating system (e.g., by opening another, different application), allowing or causing the user device to enter a sleep mode, powering off the user device, and/or performing a variety of other user actions known in the art that cause an authentication time period to end. As such, the authentication time period may end after a predetermined amount of time, following a user action that is defined to end the authentication time period, and/or in response to a variety of other authentication time period characteristics known in the art.
- The
method 100 then proceeds to block 106 where authentication factors are detected. In an embodiment, the user device includes an non-transitory memory that includes instruction that, when executed by one or more hardware processors in the user device, cause the one or more hardware processors to provide an authentication engine that is configured to detect authentication factors that may be used to extend the authentication time period in which the first user or another user is allowed access to one or more applications on the user device following the initial authentication of the first user at block 104. In some embodiments, the authentication engine is coupled to one or more sensors on the user device to receive sensor signal authentication factors, while in other embodiments, user instructions that are provided to the user device for a non-authentication primary purpose may be received and interpreted as authentication factors. A few examples of detected authentication factors are provided below, but one of skill in the art in possession of the present disclosure will recognize that a wide variety of authentication factors that are not an authentication passcode input provided by a user through an input device on the user device will fall within the scope of the present disclosure. - Referring first to
FIG. 2 , an embodiment of anauthenticating system 200 is illustrated and includes a user device 202 that may be the user device for which the first user was authenticated for at block 104, or that includes an application or application function for which the first user was authenticated for at block 104. Theuser device 200 includes acommunication device 204 such as, for example, one or more wireless controllers (e.g., a Bluetooth® wireless controller, a Wifi wireless controller, and/or a variety of other wireless controllers known in the art), that is coupled to anauthentication engine 206 that is further coupled to anauthentication database 208. Theauthentication database 208 stores a home wirelessenvironment authentication profile 208 a, a work wirelessenvironment authentication profile 208 b, and a coffee shop wirelessenvironment authentication profile 208 c, each of which includes one or more wireless environments as illustrated and discussed in further detail below for the home wirelessenvironment authentication profile 208 a with regard todecision block 108. Thecommunication device 204 in the user device 202 is in communication with a secondary user device(s) 210, anaccess point 212 that is further coupled to a network 214 (a local area network (LAN) in the illustrated embodiment), andaccess points - In the illustrated embodiment, at
block 106, thecommunication device 204 in the user device 202 communicates with each of the secondary user device(s) 210, along with theaccess points authentication engine 206 detects a plurality of authentication factors that include a Bluetooth® wireless environment provided by the secondary user device(s) 210, a first Wifi wireless environment provided by theaccess point 212, a second Wifi wireless environment provided by theaccess point 216, and a third Wifi wireless environment provided by theaccess point 218. While four wireless environments are illustrated inFIG. 2 as being detected as authentication factors atblock 106, one of skill in the art in possession of the present disclosure will recognize that any number of wireless environments provided using any type of wireless technology may be detected by theauthentication engine 206 based on communications by thecommunication device 204. - Referring now to
FIGS. 3 a, 3 b, 3 c, and 3 d, an embodiment of an authenticating system is illustrated that is included in auser device 300 that may be the user device for which the first user was authenticated for at block 104, or that includes an application or application function for which the first user was authenticated for at block 104. Theuser device 300 of the illustrated embodiment is a tablet computer that includes achassis 302 that houses a touch screen display with atouch screen surface 304. Anauthentication engine 306 is coupled to thetouch screen surface 304 and to anauthentication database 308. Theauthentication database 308 stores a first user touch input authentication profile 308 a and a second user touch input authentication profile 308 b, each of which details one or more touch inputs, touch input sequences, and/or other touch input information as illustrated and discussed in further detail below. - In the illustrated embodiment, at
block 106, auser 310 uses theuser device 300 by engaging theirfingers touch screen surface 304, as illustrated inFIG. 3 a, such that theauthentication engine 306 detects a plurality of authentication factors that include a first detectedtouch input 312 and a second detectedtouch input 314, as illustrated inFIG. 3 b, as well as movement of those detected touch inputs (as illustrated inFIG. 3 c for the second detected touch input 314).FIG. 3 d illustrates a first detectedtouch input 316 and a second detectedtouch input 318 detected by theauthentication engine 306 that may be provided by a user that is different from the user that provided the first detectedtouch input 312 and the second detectedtouch input 314 illustrated inFIGS. 3 a, 3 b, and 3 c. For example, the first detectedtouch input 312 and the second detectedtouch input 314 illustrated inFIGS. 3 a, 3 b, and 3 c may be provided by a parent user, while the first detectedtouch input 316 and the second detectedtouch input 318 illustrated inFIG. 3 d may be provided by a child user (as depicted by the smaller area of the touch inputs illustrated inFIG. 3 d relative to those illustrated inFIGS. 3 b and 3 c, and/or other factors discussed in further detail below). While two different users providing touch inputs are illustrated inFIGS. 3 a, 3 b, 3 c, and 3 d that are detected as authentication factors atblock 106, one of skill in the art in possession of the present disclosure will recognize that any number of users may provide touch inputs that may be detected by theauthentication engine 206. - Referring now to
FIG. 4 , an embodiment of an authenticating system is illustrated that is included in a user device 400 that may be the user device for which the first user was authenticated for at block 104, or that includes an application or application function for which the first user was authenticated for at block 104. The user device 400 includes anoperating system 402 that is coupled to anauthentication engine 406 that is further coupled to anauthentication database 408. Theauthentication database 408 stores a first applicationuse authentication profile 408 a and a second applicationuse authentication profile 408 b, each of which includes one or more application use details as illustrated and discussed in further detail below with regard todecision block 108. - In the illustrated embodiment, at
block 106, theoperating system 402 in the user device 400 communicates application use to theauthentication engine 406. For example, theoperating system 402 may provide information to theauthentication engine 406 about one or more applications launched or closed, a time spent using one or more applications, and/or a variety of other application use details known in the art, and theauthentication engine 406 detects those application use details as a plurality of authentication factors that include which applications are being used, how those applications are being used, etc. - While a few examples of detected authentication factors have been provided, other authentication factors may be detected at
block 106 that may be used to extend the authentication time period that a user is allowed to access an application on the user device. For example, any sensors on the on the user device may be used to detect authentication factors, including cameras to capture images or video, accelerometers to detect motion, microphones to detect sound, location determination devices to detect a current location, temperature sensors to detect heat signatures, and/or a variety of other sensors known in the art. In addition, any of those sensor-detected authentication factors, along with any of the authentication factors described above with reference toFIGS. 2 , 3 a-d, and 4, may be detected in combination atblock 106 and combined or used together in further blocks of themethod 100 to provide further security when automatically authenticating the user to extend the authentication time period that a user is allowed to access an application on the user device. - The
method 100 then proceeds to decision block 108 where it is determined whether the detected authentication factors match an authentication profile. In an embodiment, a database of the user device and/or a database coupled to the user device (e.g., through a network) may include one or more authentication profiles that each include a plurality of authentication factors. In some embodiments, the authentication factors included in the authentication profiles may be provided by the user. For example, a user of the user device (e.g., the first user discussed above) may select or provide one or more authentication factors for an authentication profile that may include, for example, one or more wireless environments in one or more locations that the user typically uses the user device, touch inputs, application use profiles, images of authorized users, voice samples of authorized users, location information (e.g., location coordinates, addresses, etc.) that the user typically uses the user device, and/or any other authentication factor discussed herein. - In some embodiments, the authentication factors included in the authentication profiles may be provided by the user device. For example, a user device may automatically determine one or more authentication factors for an authentication profile that may include, for example, one or more wireless environments in one or more locations that the user device is commonly located at, touch inputs that are commonly used on the user device, application use profiles for applications used on the user device, images captured of users that typically use the user device, voice samples of users that typically use the user device, locations that the user device is typically located in, and/or any other authentication factor discussed herein. In other words, the user device may be configured to recognize factors (e.g., wireless environments, touch inputs, application uses, images, voices, locations, etc.) that are often associated with an authenticated user (e.g., that user entering an authentication passcode input that is authenticated with a user authentication passcode) and that indicate that the user device, application, or application function is being used by an authorized user, and save those authentication factors as an authentication profile. In a specific example, a user device in an authorized user's home location may detect the same wireless environments that are typically present at the home location (e.g., a wireless environment provided by an access point of that user, a wireless environment provided by another device of that user, wireless environments provided by neighbors of that user). Thus when those wireless environments are detected, it can be assumed that that authorized user is using the user device rather than an unauthorized user that has stolen the user device (as an unauthorized user that has stolen the user device will not typically try to use it in the authorized users home).
- In some embodiments, authentication factors for an authentication profile may be automatically determined by a user device as discussed above and then provided to the user to confirm those authentication profiles. For example, following the detection of the plurality of wireless environments illustrated in
FIG. 2 a predetermined number of times, the user device may present a wireless environment authentication profile to the user that includes those wireless environments to allow the user to confirm that that wireless environment authentication profile should be associated with authorized use. Similarly, following the detection of the plurality of touch inputs illustrated inFIGS. 3 a-d a predetermined number of times, the user device may present a touch input authentication profile to the user that includes those touch inputs to allow the user to confirm that that touch input authentication profile should be associated with authorized use. Similarly, following the detection of the same type of application use illustrated inFIG. 4 a predetermined number of times, the user device may present an application use authentication profile to the user that includes those application uses to allow the user to confirm that that application use authentication profile should be associated with authorized use. The user device may also present images of users captured a predetermined number of times, voice recordings of users captured a predetermined number of times, locations determined a predetermined number of times, and/or any other authentication factor to the user for confirmation as an authentication profile or part of an authentication profile. - At
decision block 108, the authentication engine compares the authentication factors received atblock 106 to the authentication profile(s) in the user device to determine whether a match exists. In some embodiments,decision block 108 may be performed upon expiration of the authentication time period (provided in response to the authentication of the first user at block 104). In some embodiments,decision block 108 may be performed a predetermined time before the authentication time period expires. In other embodiments,decision block 108 may be performed throughout the authentication time period. - Referring back to
FIG. 2 , atdecision block 108, theauthentication engine 206 compares the authentication factors that include the detected wireless environments discussed with reference to block 106 to the authentication profiles in theauthentication database 208 that include the home wirelessenvironment authentication profile 208 a, the work wirelessenvironment authentication profile 208 b, and the coffee shop wirelessenvironment authentication profile 208 c. If the detected wireless environments discussed with reference to block 106 do not match any of the wireless environments in the home wirelessenvironment authentication profile 208 a, the work wirelessenvironment authentication profile 208 b, or the coffee shop wirelessenvironment authentication profile 208 c, themethod 100 proceeds to block 110 where an authentication passcode input is requested. In an embodiment ofblock 110, theauthentication engine 206 has determined that the current wireless environments detected by thecommunication device 204 in the user device 202 do not match any known wireless environments defined by the authentication profiles in the authentication database, and thus following the end of the authentication time period provided in response to the authentication of the first user at block 104, access to the one or more applications or application functions on the user device 202 is restricted and the user must provide an authentication passcode input that matches a user authentication passcode as described above for blocks 102 and 104 in order to re-access the one or more applications or application functions. If the detected wireless environments discussed with reference to block 106 match the wireless environments in any of the home wirelessenvironment authentication profile 208 a, the work wirelessenvironment authentication profile 208 b, or the coffee shop wirelessenvironment authentication profile 208 c, themethod 100 proceeds to decision block 112, discussed in further detail below. - Referring back to
FIGS. 3 a-d, atdecision block 108, theauthentication engine 306 compares the authentication factors that include the detected touch inputs, sequences of detected touch inputs, and other detected touch input information discussed with reference to block 106 to the authentication profiles in theauthentication database 308 that include the first user touch input authentication profile 308 a and the second user touch input authentication profile 308 b. If the detected touch inputs, sequences of detected touch inputs, and other detected touch input information discussed with reference to block 106 do not match any of the first user touch input authentication profile 308 a and the second user touch input authentication profile 308 b, themethod 100 proceeds to block 110 where an authentication passcode input is requested. In an embodiment ofblock 110, theauthentication engine 306 has determined that the touch inputs being provided on theuser device 300 does not match any known touch input, sequences of touch inputs, and other touch input information defined by the authentication profiles in theauthentication database 308, and thus following the end of the authentication time period provided in response to the authentication of the first user at block 104, access to the one or more applications or application functions on theuser device 300 is restricted and the user must provide an authentication passcode input that matches a user authentication passcode as described above for blocks 102 and 104 in order to re-access the one or more applications or application functions. If the detected touch inputs, sequences of detected touch inputs, and other detected touch input information discussed with reference to block 106 match any of the first user touch input authentication profile 308 a and the second user touch input authentication profile 308 b, themethod 100 proceeds to decision block 112, discussed in further detail below. - Referring back to
FIG. 4 , atdecision block 108, theauthentication engine 406 compares the authentication factors that include the detected application use details discussed with reference to block 106 to the authentication profiles in theauthentication database 308 that include the first applicationuse authentication profile 408 a and the second applicationuse authentication profile 408 b. If the detected application use discussed with reference to block 106 do not match any of the first applicationuse authentication profile 408 a and the second applicationuse authentication profile 408 b, themethod 100 proceeds to block 110 where an authentication passcode input is requested. In an embodiment ofblock 110, theauthentication engine 406 has determined that the application use details being provided on the user device 400 do not match any known application use details defined by the authentication profiles in theauthentication database 408, and thus following the end of the authentication time period provided in response to the authentication of the first user at block 104, access to the one or more applications or application functions on the user device 400 is restricted and the user must provide an authentication passcode input that matches a user authentication passcode as described above for blocks 102 and 104 in order to re-access the one or more applications or application functions. If the detected application use discussed with reference to block 106 matches any of the first applicationuse authentication profile 408 a and the second applicationuse authentication profile 408 b, themethod 100 proceeds to decision block 112, discussed in further detail below. - With regard to the examples of other authentication factors that may be detected at
block 106, atblock 108 the authentication engine may compare a captured image (e.g., of a current user of the user device) to one or more images (e.g., of authorized users) in an authentication profile, a captured voice recording (e.g., of a current user of the user device) to one or more voice samples (e.g., of authorized users) in an authentication profile, a detected location (e.g., of a current location of the user device) to one or more locations (e.g., of authorized locations of the user device) in an authentication profile, etc. If no match is determined atblock 108, an authentication passcode input is requested atblock 110 as discussed above, while if a match is determined, themethod 100 proceeds to decision block 112. As discussed above, any or all of the examples of authentication factors in authentication profiles may be combined in a single authentication profile that must be matched prior to extending the authentication time period discussed below. As such, the authentication engine may need to determine that any or all of a detected wireless environment, detected touch inputs, a detected application use profile, a detected image, a detected voice recording, and a detected location match any or all of a known wireless environment, a known touch input, a known application use profile, a known image, a known voice recording, and a known location in an authentication profile in the authentication database. - At decision block 112, the authentication engine determines whether the authentication profile, which was determined at
decision block 108 to match the authentication factors detected atblock 106, is associated with the first user that was authenticated at block 104 or a second user. In some embodiments of themethod 100, the authentication profiles may only be associated with a single user. In such embodiments, decision block 112 may be skipped and themethod 100 may proceed fromdecision block 108 to block 114 where the authentication time period for the first user is extended, discussed in further detail below. Similarly, in embodiments where authentication profiles are provided for more than one user, if the authentication profile is determined atdecision block 108 to be associated with the first user, themethod 100 proceeds from decision block 112 to block 114 where the authentication time period for the first user is extended. Extension of the authentication time period allows the first user continued access to one or more applications or application functions on the user device. For example, the extended authentication time period may allow the first user to continue to use the user device (e.g., by allowing access to the operating system on the user device) without providing an authentication passcode input on an input device of the user device. In another example, the extended authentication time period may allow the first user to continue to use an application on the user device (e.g., by allowing access to an application provided through the operating system on the user device) without providing an authentication passcode input on an input device of the user device. In another example, the extended authentication time period may allow the first user to continue to use an application function (e.g., the ability to make payments using a payment account) within an application on the user device (e.g., by allowing access to a payment function provided in an application accessible through the operating system on the user device) without providing an authentication passcode input on an input device of the user device. - If the authentication profile, which was determined at
decision block 108, is determined at decision block 112 to be associated with a second user that is different than the first user, themethod 100 may proceed tooptional block 116 where an authentication level is changed according to the authentication profile, and/or to block 118 where the authentication time period for the second user is extended. As discussed above, authentication profiles may be provided for more than one users (e.g., different authentication profiles may be provided for each of a parent user and a child user), and those authentication profiles may also be associated with different access levels. In an embodiment, an authentication profile for a parent user may provide that parent user with full use of the user device, applications on the user device, and/or application functions within an application on the user device, while an application profile for a child user may provide that child user with restricted access to the user device, applications on the user device, and/or application functions within an application on the user device. - For example, restricted access to a user device, applications on the user device, and/or application functions within an application on the user device may include an inability to access particular applications (e.g., a phone application, an email application, a payment application, a financial tracking application, an application with adult content, etc.), the inability to use certain features on applications (e.g., making a payment within an application, accessing particular web sites in an Internet browser application, viewing particular photos in a photo application, etc.), and/or a variety of other user device or application restrictions known in the art. In some embodiments, reduced access to a payment application or payment feature may include a reduction in the amount that may be charged using a payment application. For example, a parent user may have the ability to charge any amount using a payment application, while a child user may be restricted to a lower amount relative to the parent user that they may charge using the payment application. While a few examples have been provided, one of skill in the art in possession of the present disclosure will recognize that any forms of restricted access will fall within the scope of the present disclosure.
- Referring back to
FIG. 2 , an embodiment of authentication profiles associated with only a single user is illustrated. Thus, atblock 108 theauthentication engine 206 may determine that the detected wireless environments provided by the secondary user device(s) 210 and theaccess points environment authentication profile 208 a which, in the illustrated embodiment, details the secondary user device 210 providing a Bluetooth environment, theaccess point 212 providing a Wifi to LAN wireless environment, and each of theaccess points method 100 proceeds to block 114 where the authentication time period for the first user is extended such that the user may continue using the user device 202, one or more applications on the user device 202, and/or functions in the application without providing an authentication passcode input through an input device on the user device 202. While a simplified version of wireless environment details for home wirelessenvironment authentication profile 208 a have been provided, other details such as, for example, wireless network names, MAC addresses, wireless signal strengths, and/or other wireless environment characteristics known in the art may be used to recognize the wireless environments in a wireless environment authentication profile. Similarly, the work wirelessenvironment authentication profile 208 b and the coffee shop wirelessenvironment authentication profile 208 c may allow authentication time periods for the user device and/or applications to be extended substantially as described above when the user is a work or in a coffee shop they visit regularly (or have otherwise authorized for continuous authorization). - While not illustrated, wireless environment authentication profiles similar to those illustrated in
FIG. 2 may be used to change authentication levels similarly as described herein with reference to method blocks 112, 114, 116, and 118. In some embodiments, the different wireless environment authentication profiles may result in different authentication levels. For example, authentication level for the coffee shop wirelessenvironment authentication profile 208 c may be restricted relative to the authentication level of the home wirelessenvironment authentication profile 208 b (e.g., payments may be transacted using applications at home but not at the coffee shop), which may be restricted relative to the authentication level of the work wirelessenvironment authentication profile 208 a (e.g., a work network may be accessible at work but not at home or the coffee shop.) In some embodiments, the user device 202 may be shared by users, and thus a wireless environment associated with a first user (e.g., in a first work location or at the first users home) may be provided a first authentication level, while a wireless environment associated with a second user (in a second work location that is different than the first work location or at the second users home) may be provided a second authentication level that is different from the first authentication level. - Thus, an authentication time period in which a user is allowed access to a user device, application, or application function or feature may be extended based on the detection of a plurality of wireless environments and without any input from the user. It has been found that because users typically use their user device in the same location or locations, the authentication systems and methods described herein may be used to allow for authentication time periods to be extended when a user device is determined to be located in one of those locations based on detected wireless environments that are commonly present at those locations. In the event the user device is stolen, it becomes highly unlikely that the user device will be located on one of those locations such that the same plurality of wireless environments (e.g., providing the same wireless technology, having the same wireless environment names, having the same respective wireless environment strengths, being associated with the same MAC addresses, etc.) are detected, and thus continuous authentication in those locations may provide a much lower risk when those wireless environments are detected.
- Referring back to
FIGS. 3 a-d, an embodiment of authentication profiles associated with multiple users is illustrated. In one embodiment, atblock 108 theauthentication engine 306 may determine that the detected touch inputs provided on thetouch input surface 304 match an authentication profile in theauthentication database 308. In response, themethod 100 proceeds to block 112 where theauthentication engine 306 determines that the authentication profile, which was determined atdecision block 108, is the first user authentication profile 308 a which, in the illustrated embodiment, details the touch inputs, sequence of touch inputs, and/or other touch information associated with the first user illustrated inFIGS. 3 a, 3 b, and 3 c, and themethod 100 proceeds to block 114 where the authentication time period for the first user is extended such that the user may continue using theuser device 300, one or more applications on theuser device 300, and/or application features of the application on theuser device 300 without providing an authentication passcode input through an input device on theuser device 300. - In another embodiment, at block 112 the
authentication engine 306 may determine that the authentication profile, which was determined atdecision block 108, is the second user authentication profile 308 b which, in the illustrated embodiment, details the touch inputs, sequence of touch inputs, and/or other touch information associated with a second user illustrated inFIG. 3 d, and themethod 100 proceeds to block 116 where the authentication level is changed according to the authentication profile, and the authentication time period is extended for the second user such that the second user may continue using the user device 400, one or more applications on the user device 400, and/or application features of the application on the user device 400 without providing an authentication passcode input through an input device on the user device 400. - Thus, an authentication time period in which a user is allowed access to a user device, application, or application feature may be extended based on the detection of a plurality of touch inputs provided during non-authenticating uses (e.g., browsing the Internet, emailing, watching a video, etc.) and without any input from the user. During use of their user device, a user may provide touch inputs, sequences of touch inputs, and other touch input information that is distinguishable from other users (e.g., based on finger size, pressure, and/or other capacitance measurements made by the
touch input surface 304; based on touch inputs that indicate a common manner of holding the user device; and/or based on common touch gestures used by a user; etc.) and the authentication systems and methods described herein allow for authentication time periods to be extended when user touch inputs on a user device area determined to be associated with an authorized user. Furthermore, touch inputs from a first user may result in a first level of access to the user device and/or applications on the user device, while touch inputs from a second user may result in a second level of access to the user device and/or applications on the user device that is different from the first level of access. In the event the user device is stolen, it becomes highly unlikely that the unauthorized user will provide touch inputs with the same finger size, pressure, indications of the same manner of holding the device, and common touch gestures as an authorized user, and thus continuous authentication may provide a much lower risk when those recognized touch inputs are detected. - Referring back to
FIG. 4 d, an embodiment of authentication profiles associated with multiple users is illustrated. In one embodiment, atblock 108 theauthentication engine 406 may determine that the detected application use details provided through theoperating system 402 match an authentication profile in theauthentication database 408. In response, themethod 100 proceeds to block 112 where theauthentication engine 406 determines that the authentication profile, which was determined atdecision block 108, is the first user applicationdetail authentication profile 408 a which may detail the applications most commonly used (as illustrated), the typical sequence of applications used (e.g., an email application first, a financial tracking application second, a gaming application third, and an Internet browsing application fourth, after signing on to the user device 400), features used on the applications, and/or other application use details known in the art that are associated with the first user, and themethod 100 proceeds to block 114 where the authentication time period for the first user is extended such that the user may continue using the user device 400, one or more applications on the user device 400, and/or application features of the application on the user device 400 without providing an authentication passcode input through an input device on the user device 400. - In another embodiment, at block 112 the
authentication engine 406 may determine that the authentication profile, which was determined atdecision block 108, is the seconduser authentication profile 408 b which may detail the applications most commonly used (as illustrated), the typical sequence of applications used, features used on the applications, and/or other application use details known in the art associated with a second user, and themethod 100 proceeds to block 116 where the authentication level is changed according to the authentication profile, and the authentication time period is extended for the second user such that the second user may continue using the user device 400, one or more applications on the user device 400, and/or application features of an application on the user device 400 without providing an authentication passcode input through an input device on the user device 400. - Thus, an authentication time period in which a user is allowed access to a user device or application on the user device may be extended based on the detection of a plurality of application use details provided during non-authenticating uses (e.g., browsing the Internet, emailing, watching a video, etc.) and without any authentication passcode input from the user. During use of their user device, a user may launch applications, close applications, use features in applications, and/or perform a variety of other application actions, and the authentication systems and methods described herein allow for authentication time periods to be extended when application use details are determined to be associated with an authorized user. Furthermore, application use details from a first user may result in a first level of access to the user device, applications, or application features, while application use details from a second user may result in a second level of access to the user device, applications, or application features on the user device that is different from the first level of access. In the event the user device is stolen, it becomes highly unlikely that the unauthorized user will applications in the same manner as an authorized user, and thus continuous authentication may provide a much lower risk when those recognized application use details are detected.
- Similarly, images captured of a user, voice recordings captured from a user, locations detected, etc. may be used at
blocks - Thus, systems and methods for authenticating users have been described that provide for extending authentication time period in which users are provided access to user devices or applications within having to enter authentication passcodes via an input device. The systems and methods create authentication profiles that detail authentication factors that indicate that an authorized user is using the user device or application, and extend the authentication time period in response. Such systems and methods provide for enhanced security while reducing the continuous authentication needed by conventional systems and methods that cannot recognize when the user device or application is being used by an authorized user. Furthermore, the systems and methods provide for changing authentication levels based on particular users that are detected using the authentication factors, allowing security of a user device to be fine-tuned based on which authorized user is using the user device. The systems and methods described herein provide continuous authentication for authorized users when the risk of doing so is low, ending the need for authorized users to continuously authenticate themselves when the risk of the current use of the user device is low.
- Referring now to
FIG. 5 , an embodiment of a network-basedsystem 500 for implementing one or more processes described herein is illustrated. As shown, network-basedsystem 500 may comprise or implement a plurality of servers and/or software components that operate to perform various methodologies in accordance with the described embodiments. Exemplary servers may include, for example, stand-alone and enterprise-class servers operating a server OS such as a MICROSOFT® OS, a UNIX® OS, a LINUX® OS, or other suitable server-based OS. It can be appreciated that the servers illustrated inFIG. 5 may be deployed in other ways and that the operations performed and/or the services provided by such servers may be combined or separated for a given implementation and may be performed by a greater number or fewer number of servers. One or more servers may be operated and/or maintained by the same or different entities. - The embodiment of the
networked system 500 illustrated inFIG. 5 includes a plurality of user devices 502, a plurality ofmerchant devices 504, a paymentservice provider device 506, anaccount provider device 508, and/or asystem provider device 509 in communication over anetwork 510. Any of the user devices 502 may be theuser device 202, 300, and 400, discussed above. Themerchant devices 504 may be the merchant devices discussed above and may be operated by the merchants discussed above to provide payment transactions using a payment application of the user. The paymentservice provider device 506 may be the payment service provider devices discussed above and may be operated by a payment service provider such as, for example, PayPal Inc. of San Jose, Calif. Theaccount provider device 508 may be the account provider devices discussed above and may be operated by the account providers discussed above such as, for example, credit card account providers, bank account providers, savings account providers, and a variety of other account providers known in the art. Thesystem provider device 509 may be the system provider devices discussed above and may be operated by the system provider discussed above. - The user devices 502, a plurality of
merchant devices 504, a paymentservice provider device 506, anaccount provider device 508, and/or asystem provider device 509 may each include one or more processors, memories, and other appropriate components for executing instructions such as program code and/or data stored on one or more computer readable mediums to implement the various applications, data, and steps described herein. For example, such instructions may be stored in one or more computer readable mediums such as memories or data storage devices internal and/or external to various components of thesystem 500, and/or accessible over thenetwork 510. - The
network 510 may be implemented as a single network or a combination of multiple networks. For example, in various embodiments, thenetwork 510 may include the Internet and/or one or more intranets, landline networks, wireless networks, and/or other appropriate types of networks. - The user devices 502 may be implemented using any appropriate combination of hardware and/or software configured for wired and/or wireless communication over
network 510. For example, in one embodiment, the user devices 502 may be implemented as a personal computer of a user in communication with the Internet. In other embodiments, the user devices 502 may be a smart phone, personal digital assistant (PDA), laptop computer, tablet computer, and/or other types of computing devices. - The user devices 502 may include one or more browser applications which may be used, for example, to provide a convenient interface to permit the user to browse information available over the
network 510. For example, in one embodiment, the browser application may be implemented as a web browser configured to view information available over the Internet. - The user devices 502 may also include one or more toolbar applications which may be used, for example, to provide user-side processing for performing desired tasks in response to operations selected by the user. In one embodiment, the toolbar application may display a user interface in connection with the browser application.
- The user devices 502 may further include other applications as may be desired in particular embodiments to provide desired features to the user devices 502. In particular, the other applications may include a payment application for payments assisted by a payment service provider through the payment
service provider device 506. The other applications may also include security applications for implementing user-side security features, programmatic user applications for interfacing with appropriate application programming interfaces (APIs) over thenetwork 510, or other types of applications. Email and/or text applications may also be included, which allow the user to send and receive emails and/or text messages through thenetwork 510. The user devices 502 includes one or more user and/or device identifiers which may be implemented, for example, as operating system registry entries, cookies associated with the browser application, identifiers associated with hardware of the user devices 502, or other appropriate identifiers, such as a phone number. In one embodiment, the user identifier may be used by the paymentservice provider device 506 and/oraccount provider device 508 to associate the user with a particular account as further described herein. - The
merchant devices 504 may be maintained, for example, by a conventional or on-line merchant, conventional or digital goods seller, individual seller, and/or application developer offering various products and/or services in exchange for payment to be received conventionally or over thenetwork 510. In this regard, themerchant devices 504 may include a database identifying available products and/or services (e.g., collectively referred to as items) which may be made available for viewing and purchase by the user. - The
merchant devices 504 also include a checkout application which may be configured to facilitate the purchase by the payer of items. The checkout application may be configured to accept payment information from the user through the user device 502, the account provider through theaccount provider device 508, and/or from the payment service provider through the paymentservice provider device 506 over thenetwork 510. - Referring now to
FIG. 6 , an embodiment of auser device 600 is illustrated. Theuser device 600 may be theuser devices 202, 300, 400, and/or 502, discussed above. Theuser device 600 includes achassis 602 having adisplay 604 and an input device including thedisplay 604 and a plurality ofinput buttons 606. One of skill in the art will recognize that theuser device 600 is a portable or mobile phone including a touch screen input device and a plurality of input buttons that allow the functionality discussed above with reference to themethod 100. However, a variety of other portable/mobile payer devices and/or desktop payer devices may be used in themethod 100 without departing from the scope of the present disclosure. Furthermore, thedevice 600 may include cameras (such as thecamera 608 illustrated on the front side of the chassis 602) on either side of thechassis 602, microphones andspeakers 610, accelerometers (not illustrated), network communication devices (not illustrated), and/or a variety of other sensors known in the art. - Referring now to
FIG. 7 , an embodiment of auser device 700 is illustrated. Theuser device 700 may be theuser devices 202, 300, 400, and/or 502, discussed above. Theuser device 700 includes achassis 702 having adisplay 704 and an input device including thedisplay 704 and aninput button 706. One of skill in the art will recognize that theuser device 700 is a tablet computer including a touch screen input device and a button that allow the functionality discussed above with reference to themethod 100. However, a variety of other tablet Furthermore, theuser device 700 may include cameras (such as thecamera 708 illustrated on the front side of the chassis 702) on either side of thechassis 702, microphones andspeakers 710, accelerometers (not illustrated), network communication devices (not illustrated), and/or a variety of other sensors known in the art. - Referring now to
FIG. 8 , an embodiment of acomputer system 800 suitable for implementing, for example, theuser devices merchant devices 504, the paymentservice provider device 506, theaccount provider device 508, and/or thesystem provider device 509 is illustrated. It should be appreciated that other devices utilized by users, merchants, payment service providers, account providers, and system providers in the payment system discussed above may be implemented as thecomputer system 800 in a manner as follows. - In accordance with various embodiments of the present disclosure,
computer system 800, such as a computer and/or a network server, includes a bus 802 or other communication mechanism for communicating information, which interconnects subsystems and components, such as a processing component 804 (e.g., processor, micro-controller, digital signal processor (DSP), etc.), a system memory component 806 (e.g., RAM), a static storage component 808 (e.g., ROM), a disk drive component 810 (e.g., magnetic or optical), a network interface component 812 (e.g., modem or Ethernet card), a display component 814 (e.g., CRT or LCD), an input component 818 (e.g., keyboard, keypad, or virtual keyboard), a cursor control component 820 (e.g., mouse, pointer, or trackball), a location determination component 822 (e.g., a Global Positioning System (GPS) device as illustrated, a cell tower triangulation device, and/or a variety of other location determination devices known in the art), and/or acamera 823. In addition, sensors including temperature sensors, accelerometers, and/or a variety of other sensors known in the art but not illustrated may be coupled to the bus 802. In one implementation, thedisk drive component 810 may comprise a database having one or more disk drive components. - In accordance with embodiments of the present disclosure, the
computer system 800 performs specific operations by theprocessor 804 executing one or more sequences of instructions contained in thememory component 806, such as described herein with respect to theuser devices merchant devices 504, the paymentservice provider device 506, theaccount provider device 508, and/or thesystem provider device 509. Such instructions may be read into thesystem memory component 806 from another computer readable medium, such as thestatic storage component 808 or thedisk drive component 810. In other embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the present disclosure. - Logic may be encoded in a computer readable medium, which may refer to any medium that participates in providing instructions to the
processor 804 for execution. Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. In one embodiment, the computer readable medium is non-transitory. In various implementations, non-volatile media includes optical or magnetic disks, such as thedisk drive component 810, volatile media includes dynamic memory, such as thesystem memory component 806, and transmission media includes coaxial cables, copper wire, and fiber optics, including wires that comprise the bus 802. In one example, transmission media may take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications. - Some common forms of computer readable media includes, for example, floppy disk, flexible disk, hard disk, magnetic tape, any other magnetic medium, CD-ROM, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, RAM, PROM, EPROM, FLASH-EPROM, any other memory chip or cartridge, carrier wave, or any other medium from which a computer is adapted to read. In one embodiment, the computer readable media is non-transitory.
- In various embodiments of the present disclosure, execution of instruction sequences to practice the present disclosure may be performed by the
computer system 800. In various other embodiments of the present disclosure, a plurality of thecomputer systems 800 coupled by acommunication link 824 to the network 510 (e.g., such as a LAN, WLAN, PTSN, and/or various other wired or wireless networks, including telecommunications, mobile, and cellular phone networks) may perform instruction sequences to practice the present disclosure in coordination with one another. - The
computer system 800 may transmit and receive messages, data, information and instructions, including one or more programs (i.e., application code) through thecommunication link 824 and thenetwork interface component 812. Thenetwork interface component 812 may include an antenna, either separate or integrated, to enable transmission and reception via thecommunication link 824. Received program code may be executed byprocessor 804 as received and/or stored indisk drive component 810 or some other non-volatile storage component for execution. - Referring now to
FIG. 9 , an embodiment of a user device 900 is illustrated. In an embodiment, the device 900 may be theuser devices system provider device 509 in some embodiments. The user device 900 includes acommunication engine 902 that is coupled to thenetwork 510 and to anauthentication engine 904 that is coupled to anauthentication database 906. Thecommunication engine 902 may be software or instructions stored on a computer-readable medium that allows the user device 900 to send and receive information over thenetwork 510. Theauthentication engine 904 may be software or instructions stored on a computer-readable medium that is operable to determine authentication profiles, store authentication profiles in theauthentication database 906, authenticate a user by comparing an authentication passcode input to user authentication passcodes, detect authentication factors, determine whether the authentication factors match authentication profiles in theauthentication database 906, and provide any of the other functionality that is discussed above. While theauthentication database 906 has been illustrated as located in the user device 900, one of skill in the art will recognize that it may be connected to theauthentication engine 904 through thenetwork 510 without departing from the scope of the present disclosure. - Where applicable, various embodiments provided by the present disclosure may be implemented using hardware, software, or combinations of hardware and software. Also, where applicable, the various hardware components and/or software components set forth herein may be combined into composite components comprising software, hardware, and/or both without departing from the scope of the present disclosure. Where applicable, the various hardware components and/or software components set forth herein may be separated into sub-components comprising software, hardware, or both without departing from the scope of the present disclosure. In addition, where applicable, it is contemplated that software components may be implemented as hardware components and vice-versa.
- Software, in accordance with the present disclosure, such as program code and/or data, may be stored on one or more computer readable mediums. It is also contemplated that software identified herein may be implemented using one or more general purpose or specific purpose computers and/or computer systems, networked and/or otherwise. Where applicable, the ordering of various steps described herein may be changed, combined into composite steps, and/or separated into sub-steps to provide features described herein.
- The foregoing disclosure is not intended to limit the present disclosure to the precise forms or particular fields of use disclosed. As such, it is contemplated that various alternate embodiments and/or modifications to the present disclosure, whether explicitly described or implied herein, are possible in light of the disclosure. For example, the above embodiments have focused on users and merchants; however, a payer or consumer can pay, or otherwise interact with any type of recipient, including charities and individuals. The payment does not have to involve a purchase, but may be a loan, a charitable contribution, a gift, etc. Thus, merchant as used herein can also include charities, individuals, and any other entity or person receiving a payment from a user. Having thus described embodiments of the present disclosure, persons of ordinary skill in the art will recognize that changes may be made in form and detail without departing from the scope of the present disclosure. Thus, the present disclosure is limited only by the claims.
Claims (20)
1. A system, comprising:
a non-transitory memory storing user authentication information and at least one authentication profile; and
one or more hardware processors coupled to the memory and configured to read instructions from the memory to perform the steps of:
providing a first authentication input request;
receiving an authentication input from a first user through an authentication input system subsequent to providing the first authentication input request;
authenticating the first user in response to the authentication input matching the user authentication information in the non-transitory memory, wherein an authentication time period is associated with the authentication of the first user and allows the first user access to at least one application;
detecting a plurality of authentication factors that are not an authentication input received through the authentication input system, wherein no authentication input request is made to the first user between receiving the authentication input and detecting the plurality of authentication factors such that the first user does not provide the plurality of authentication factors for authentication in response to any authentication input request; and
determining that the plurality of authentication factors match the at least one authentication profile in the non-transitory memory and, in response, extending the authentication time period such that the first user is allowed continued access to the at least one application.
2. The system of claim 1 , wherein the one or more hardware processors are configured to read instructions from the memory to perform the steps of:
determining that the plurality of authentication factors that match the at least one authentication profile in the non-transitory memory are associated with a second user and, in response, changing an authentication level and extending the authentication time period such that the second user is allowed continued access to the at least one application that is restricted relative to the access provided to the first user.
3. The system of claim 2 , wherein the at least one application includes a payment application, and wherein the continued access provided to the second user is restricted relative to the access provided to the first user by reducing an allowed payment amount that may be made using the payment application.
4. The system of claim 1 , wherein the one or more processors are configured to read instructions from the memory to perform the steps of:
determining that the plurality of authentication factors do not match the at least one authentication profile in the non-transitory memory and, in response, prevent access to the at least one application and providing a second authentication input request.
5. The system of claim 1 , wherein the plurality of authentication factors include a plurality of detected wireless environments, and wherein the at least one authentication profile includes a wireless environment authentication profile that details each of the plurality of detected wireless environments.
6. The system of claim 1 , wherein the plurality of authentication factors include a plurality of detected touch inputs, and wherein the at least one authentication profile includes a touch input authentication profile that details each of the plurality of detected touch inputs.
7. A method for providing authentication, comprising:
providing, by a user device, a first authentication input request;
receiving, through an authentication input system on the user device subsequent to providing the first authentication input request, an authentication input from a first user;
authenticating, by an authentication system in the user device, the first user in response to the authentication input matching user authentication information in a database, wherein an authentication time period is associated with the authentication of the first user and allows the first user access to at least one application on the user device;
detecting, by the authentication system on the user device, a plurality of authentication factors that are not an authentication input received through the authentication input system, wherein no authentication input request is made to the first user between receiving the authentication input and detecting the plurality of authentication factors such that the first user does not provide the plurality of authentication factors for authentication in response to any authentication input request;
determining that the plurality of authentication factors match the at least one authentication profile in the database and, in response, extending the authentication time period such that the first user is allowed continued access to the at least one application on the user device.
8. The method of claim 7 , further comprising:
determining that the plurality of authentication factors that match the at least one authentication profile in the database are associated with a second user and, in response, change an authentication level and extend the authentication time period such that the second user is allowed continued access to the at least one application on the user device that is restricted relative to the access provided to the first user.
9. The method of claim 8 , wherein the at least one application includes a payment application, and wherein the continued access provided to the second user is restricted relative to the access provided to the first user by reducing an allowed payment amount that may be made using the payment application.
10. The method of claim 7 , further comprising:
determining that the plurality of authentication factors do not match the at least one authentication profile in the non-transitory memory and, in response, preventing access to the at least one application on the user device and providing a second authentication input request.
11. The method of claim 7 , wherein the plurality of authentication factors include a plurality of detected wireless environments, and wherein the at least one authentication profile includes a wireless environment authentication profile that details each of the plurality of detected wireless environments.
12. The method of claim 7 , wherein the plurality of authentication factors include a plurality of detected touch inputs, and wherein the at least one authentication profile includes a touch input authentication profile that details each of the plurality of detected touch inputs.
13. The method of claim 7 , wherein the plurality of authentication factors include a plurality of application use details for the at least one application, and wherein the at least one authentication profile includes an application use authentication profile that details each of the plurality of application details.
14. A non-transitory machine-readable medium comprising a plurality of machine-readable instructions which, when executed by one or more processors, are adapted to cause the one or more processors to perform a method comprising:
providing a first authentication input request;
receiving an authentication input from a first user through an authentication input system subsequent to providing the first authentication input request;
authenticating the first user in response to the authentication input matching user authentication information in a database, wherein an authentication time period is associated with the authentication of the first user and allows the first user access to at least one application on the user device;
detecting a plurality of authentication factors that are not an authentication input received through the input system, wherein no authentication input request is made to the first user between receiving the authentication input and detecting the plurality of authentication factors such that the first user does not provide the plurality of authentication factors for authentication in response to any authentication input request;
determining that the plurality of authentication factors match the at least one authentication profile in the database and, in response, extending the authentication time period such that the first user is allowed continued access to the at least one application on the user device.
15. The non-transitory machine-readable medium of claim 14 , wherein the method further comprises:
determining that the plurality of authentication factors that match the at least one authentication profile in the database are associated with a second user and, in response, change an authentication level and extend the authentication time period such that the second user is allowed continued access to the at least one application on the user device that is restricted relative to the access provided to the first user.
16. The non-transitory machine-readable medium of claim 15 , wherein the at least one application includes a payment application, and wherein the continued access provided to the second user is restricted relative to the access provided to the first user by reducing an allowed payment amount that may be made using the payment application.
17. The non-transitory machine-readable medium of claim 14 , wherein the method further comprises:
determining that the plurality of authentication factors do not match the at least one authentication profile in the non-transitory memory and, in response, preventing access to the at least one application on the user device and providing a second authentication input request.
18. The non-transitory machine-readable medium of claim 14 , wherein the plurality of authentication factors include a plurality of detected wireless environments, and wherein the at least one authentication profile includes a wireless environment authentication profile that details each of the plurality of detected wireless environments.
19. The non-transitory machine-readable medium of claim 14 , wherein the plurality of authentication factors include a plurality of detected touch inputs, and wherein the at least one authentication profile includes a touch input authentication profile that details each of the plurality of detected touch inputs.
20. The non-transitory machine-readable medium of claim 14 , wherein the plurality of authentication factors include a plurality of application use details for the at least one application, and wherein the at least one authentication profile includes an application use authentication profile that details each of the plurality of application details.
Priority Applications (9)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/012,753 US20150066762A1 (en) | 2013-08-28 | 2013-08-28 | Authentication system |
PCT/US2014/052933 WO2015031489A1 (en) | 2013-08-28 | 2014-08-27 | Authentication system |
CN201480035738.XA CN105556528A (en) | 2013-08-28 | 2014-08-27 | Authentication system |
CA2915668A CA2915668A1 (en) | 2013-08-28 | 2014-08-27 | Authentication system |
EP14840176.3A EP3039601A4 (en) | 2013-08-28 | 2014-08-27 | Authentication system |
JP2016534887A JP2016540308A (en) | 2013-08-28 | 2014-08-27 | Authentication system |
AU2014312445A AU2014312445A1 (en) | 2013-08-28 | 2014-08-27 | Authentication system |
KR1020157035978A KR20160045633A (en) | 2013-08-28 | 2014-08-27 | Authentication system |
US15/431,718 US10776479B2 (en) | 2013-08-28 | 2017-02-13 | Authentication system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/012,753 US20150066762A1 (en) | 2013-08-28 | 2013-08-28 | Authentication system |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/431,718 Continuation US10776479B2 (en) | 2013-08-28 | 2017-02-13 | Authentication system |
Publications (1)
Publication Number | Publication Date |
---|---|
US20150066762A1 true US20150066762A1 (en) | 2015-03-05 |
Family
ID=52584616
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/012,753 Abandoned US20150066762A1 (en) | 2013-08-28 | 2013-08-28 | Authentication system |
US15/431,718 Active 2034-10-07 US10776479B2 (en) | 2013-08-28 | 2017-02-13 | Authentication system |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/431,718 Active 2034-10-07 US10776479B2 (en) | 2013-08-28 | 2017-02-13 | Authentication system |
Country Status (8)
Country | Link |
---|---|
US (2) | US20150066762A1 (en) |
EP (1) | EP3039601A4 (en) |
JP (1) | JP2016540308A (en) |
KR (1) | KR20160045633A (en) |
CN (1) | CN105556528A (en) |
AU (1) | AU2014312445A1 (en) |
CA (1) | CA2915668A1 (en) |
WO (1) | WO2015031489A1 (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150121546A1 (en) * | 2013-10-25 | 2015-04-30 | Tracfone Wireless, Inc. | Device and Process for Restricting Access to Features on Electronic Devices Based on the Size of the Surface Area of the Finger and Other Factors |
US9386610B2 (en) | 2014-10-31 | 2016-07-05 | Aruba Networks, Inc. | Periodic high power beacon broadcasts |
US9510136B2 (en) * | 2014-10-31 | 2016-11-29 | Aruba Networks, Inc. | Access control in bluetooth® low energy devices |
WO2016196849A1 (en) * | 2015-06-03 | 2016-12-08 | Paypal, Inc. | Authentication through multiple pathways based on device capabilities and user requests |
US20170142126A1 (en) * | 2015-11-17 | 2017-05-18 | Yahoo! Inc. | Method and system for user authentication based on a visual representation of user location |
US20190220290A1 (en) * | 2016-09-24 | 2019-07-18 | Huawei Technologies Co., Ltd. | Method for Managing Application Program Use Time Offline, And Terminal Device |
US10366217B2 (en) * | 2015-03-29 | 2019-07-30 | Securedtouch Ltd. | Continuous user authentication |
US10402556B2 (en) * | 2017-04-04 | 2019-09-03 | Dell Products L.P. | Information handling system display security access through totem interactions |
JP2020184367A (en) * | 2020-07-15 | 2020-11-12 | ホアウェイ・テクノロジーズ・カンパニー・リミテッド | Method for managing time for using application program off-line and terminal device |
US10853763B1 (en) | 2017-03-29 | 2020-12-01 | Square, Inc. | Onboarding new service providers utilizing portable service provider attributes |
US10963846B1 (en) * | 2017-10-31 | 2021-03-30 | Square, Inc. | Automated service determination |
US11115217B2 (en) * | 2018-11-21 | 2021-09-07 | Avaya Inc. | Systems and methods for detecting device location and usage |
US20220051256A1 (en) * | 2018-09-28 | 2022-02-17 | Nec Corporation | Server, processing apparatus, and processing method |
US11526235B1 (en) * | 2021-05-18 | 2022-12-13 | Microsoft Technology Licensing, Llc | Artificial intelligence model for enhancing a touch driver operation |
US20220398305A1 (en) * | 2016-11-08 | 2022-12-15 | Huawei Technologies Co., Ltd. | Authentication Method and Electronic Device |
US11962596B2 (en) | 2021-08-04 | 2024-04-16 | Bank Of America Corporation | Integrated multifactor authentication for network access control |
Families Citing this family (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2203865A2 (en) | 2007-09-24 | 2010-07-07 | Apple Inc. | Embedded authentication systems in an electronic device |
US8600120B2 (en) | 2008-01-03 | 2013-12-03 | Apple Inc. | Personal computing device control using face detection and recognition |
US9002322B2 (en) | 2011-09-29 | 2015-04-07 | Apple Inc. | Authentication with secondary approver |
WO2014143776A2 (en) | 2013-03-15 | 2014-09-18 | Bodhi Technology Ventures Llc | Providing remote interactions with host device using a wireless device |
US9898642B2 (en) | 2013-09-09 | 2018-02-20 | Apple Inc. | Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs |
US9483763B2 (en) | 2014-05-29 | 2016-11-01 | Apple Inc. | User interface for payments |
KR102201095B1 (en) | 2014-05-30 | 2021-01-08 | 애플 인크. | Transition from use of one device to another |
US9967401B2 (en) | 2014-05-30 | 2018-05-08 | Apple Inc. | User interface for phone call routing among devices |
US10339293B2 (en) | 2014-08-15 | 2019-07-02 | Apple Inc. | Authenticated device used to unlock another device |
DK179186B1 (en) * | 2016-05-19 | 2018-01-15 | Apple Inc | REMOTE AUTHORIZATION TO CONTINUE WITH AN ACTION |
US10621581B2 (en) | 2016-06-11 | 2020-04-14 | Apple Inc. | User interface for transactions |
DK201670622A1 (en) | 2016-06-12 | 2018-02-12 | Apple Inc | User interfaces for transactions |
US20180068313A1 (en) | 2016-09-06 | 2018-03-08 | Apple Inc. | User interfaces for stored-value accounts |
US10496808B2 (en) | 2016-10-25 | 2019-12-03 | Apple Inc. | User interface for managing access to credentials for use in an operation |
US10389731B2 (en) * | 2016-11-22 | 2019-08-20 | Microsoft Technology Licensing, Llc | Multi-factor authentication using positioning data |
US10992795B2 (en) | 2017-05-16 | 2021-04-27 | Apple Inc. | Methods and interfaces for home media control |
US11431836B2 (en) | 2017-05-02 | 2022-08-30 | Apple Inc. | Methods and interfaces for initiating media playback |
CN111343060B (en) | 2017-05-16 | 2022-02-11 | 苹果公司 | Method and interface for home media control |
US20220279063A1 (en) | 2017-05-16 | 2022-09-01 | Apple Inc. | Methods and interfaces for home media control |
JP6736686B1 (en) | 2017-09-09 | 2020-08-05 | アップル インコーポレイテッドApple Inc. | Implementation of biometrics |
KR102185854B1 (en) | 2017-09-09 | 2020-12-02 | 애플 인크. | Implementation of biometric authentication |
US11425109B2 (en) * | 2017-09-12 | 2022-08-23 | Visa International Service Association | Secure and accurate provisioning system and method |
DE102017218296A1 (en) * | 2017-10-12 | 2019-04-18 | Rohde & Schwarz Gmbh & Co. Kg | Multi-user test system and method for configuring a multi-user test system |
US11170085B2 (en) | 2018-06-03 | 2021-11-09 | Apple Inc. | Implementation of biometric authentication |
CN109214162A (en) * | 2018-08-15 | 2019-01-15 | 深圳点猫科技有限公司 | A kind of verification method and system based on education resource platform |
US10860096B2 (en) | 2018-09-28 | 2020-12-08 | Apple Inc. | Device control using gaze information |
US11100349B2 (en) | 2018-09-28 | 2021-08-24 | Apple Inc. | Audio assisted enrollment |
US11126732B2 (en) * | 2018-11-14 | 2021-09-21 | Paypal, Inc. | Security of authentication data on mobile devices |
US10339530B1 (en) * | 2019-02-21 | 2019-07-02 | Capital One Services, Llc | Touch authentication of multiple users or operating modes for a transaction card |
US11010121B2 (en) | 2019-05-31 | 2021-05-18 | Apple Inc. | User interfaces for audio media control |
WO2020243691A1 (en) | 2019-05-31 | 2020-12-03 | Apple Inc. | User interfaces for audio media control |
US11816194B2 (en) | 2020-06-21 | 2023-11-14 | Apple Inc. | User interfaces for managing secure operations |
US11392291B2 (en) | 2020-09-25 | 2022-07-19 | Apple Inc. | Methods and interfaces for media control with dynamic feedback |
US11847378B2 (en) | 2021-06-06 | 2023-12-19 | Apple Inc. | User interfaces for audio routing |
US11784956B2 (en) | 2021-09-20 | 2023-10-10 | Apple Inc. | Requests to add assets to an asset account |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020095586A1 (en) * | 2001-01-17 | 2002-07-18 | International Business Machines Corporation | Technique for continuous user authentication |
US20060026535A1 (en) * | 2004-07-30 | 2006-02-02 | Apple Computer Inc. | Mode-based graphical user interfaces for touch sensitive input devices |
US20080278455A1 (en) * | 2007-05-11 | 2008-11-13 | Rpo Pty Limited | User-Defined Enablement Protocol |
US20090049544A1 (en) * | 2007-08-16 | 2009-02-19 | Avaya Technology Llc | Habit-Based Authentication |
US20120054057A1 (en) * | 2006-04-10 | 2012-03-01 | International Business Machines Corporation | User-touchscreen interaction analysis authentication system |
US8255539B2 (en) * | 2006-12-29 | 2012-08-28 | Amadeus Sas | System and method for extending sessions |
US8590021B2 (en) * | 2009-01-23 | 2013-11-19 | Microsoft Corporation | Passive security enforcement |
US8590018B2 (en) * | 2011-09-08 | 2013-11-19 | International Business Machines Corporation | Transaction authentication management system with multiple authentication levels |
US20140157381A1 (en) * | 2012-12-05 | 2014-06-05 | Telesign Corporation | Frictionless multi-factor authentication system and method |
US8812395B2 (en) * | 2009-09-03 | 2014-08-19 | Virtual Piggy, Inc. | System and method for virtual piggybank |
US20140283014A1 (en) * | 2013-03-15 | 2014-09-18 | Xerox Corporation | User identity detection and authentication using usage patterns and facial recognition factors |
US8918479B2 (en) * | 2006-04-10 | 2014-12-23 | International Business Machines Corporation | User-browser interaction analysis authentication system |
Family Cites Families (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6609113B1 (en) * | 1999-05-03 | 2003-08-19 | The Chase Manhattan Bank | Method and system for processing internet payments using the electronic funds transfer network |
WO2001063567A2 (en) * | 2000-02-25 | 2001-08-30 | Identix Incorporated | Secure transaction system |
US7290129B2 (en) * | 2003-09-16 | 2007-10-30 | At&T Bls Intellectual Property, Inc. | Remote administration of computer access settings |
CN100483381C (en) * | 2003-09-29 | 2009-04-29 | 索尼株式会社 | Service use device |
US8370639B2 (en) * | 2005-06-16 | 2013-02-05 | Sensible Vision, Inc. | System and method for providing secure access to an electronic device using continuous facial biometrics |
JP4361041B2 (en) * | 2005-09-01 | 2009-11-11 | 株式会社エヌ・ティ・ティ・ドコモ | Mobile terminal device and security management method thereof |
US20070136573A1 (en) * | 2005-12-05 | 2007-06-14 | Joseph Steinberg | System and method of using two or more multi-factor authentication mechanisms to authenticate online parties |
US7886343B2 (en) * | 2006-04-07 | 2011-02-08 | Dell Products L.P. | Authentication service for facilitating access to services |
JP2009146193A (en) * | 2007-12-14 | 2009-07-02 | Funai Electric Co Ltd | Wireless communication terminal, method for protecting data of wireless communication terminal, program for having wireless communication terminal protect data, and recording medium storing the program |
US8220034B2 (en) * | 2007-12-17 | 2012-07-10 | International Business Machines Corporation | User authentication based on authentication credentials and location information |
US8380177B2 (en) * | 2010-04-09 | 2013-02-19 | Paydiant, Inc. | Mobile phone payment processing methods and systems |
WO2011132230A1 (en) * | 2010-04-22 | 2011-10-27 | 株式会社日立製作所 | Data processing method of computer system and management system |
US8412158B2 (en) * | 2010-08-17 | 2013-04-02 | Qualcomm Incorporated | Mobile device having increased security that is less obtrusive |
US8489150B2 (en) | 2010-09-13 | 2013-07-16 | Lg Electronics Inc. | Mobile terminal and operation control method thereof |
US9092605B2 (en) * | 2011-04-11 | 2015-07-28 | NSS Lab Works LLC | Ongoing authentication and access control with network access device |
US8750852B2 (en) * | 2011-10-27 | 2014-06-10 | Qualcomm Incorporated | Controlling access to a mobile device |
US20130160111A1 (en) * | 2011-12-19 | 2013-06-20 | Ati Technologies, Ulc | Device and Method for Use of Real-Time Biometric Data To Control Content and Device Access |
JP6002398B2 (en) * | 2012-02-10 | 2016-10-05 | 株式会社富士通ビー・エス・シー | Authentication program, authentication method, and information processing apparatus |
US9298361B2 (en) * | 2013-03-15 | 2016-03-29 | Apple Inc. | Analyzing applications for different access modes |
-
2013
- 2013-08-28 US US14/012,753 patent/US20150066762A1/en not_active Abandoned
-
2014
- 2014-08-27 CN CN201480035738.XA patent/CN105556528A/en active Pending
- 2014-08-27 KR KR1020157035978A patent/KR20160045633A/en not_active Application Discontinuation
- 2014-08-27 EP EP14840176.3A patent/EP3039601A4/en not_active Withdrawn
- 2014-08-27 JP JP2016534887A patent/JP2016540308A/en active Pending
- 2014-08-27 CA CA2915668A patent/CA2915668A1/en not_active Abandoned
- 2014-08-27 WO PCT/US2014/052933 patent/WO2015031489A1/en active Application Filing
- 2014-08-27 AU AU2014312445A patent/AU2014312445A1/en not_active Abandoned
-
2017
- 2017-02-13 US US15/431,718 patent/US10776479B2/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020095586A1 (en) * | 2001-01-17 | 2002-07-18 | International Business Machines Corporation | Technique for continuous user authentication |
US20060026535A1 (en) * | 2004-07-30 | 2006-02-02 | Apple Computer Inc. | Mode-based graphical user interfaces for touch sensitive input devices |
US20120054057A1 (en) * | 2006-04-10 | 2012-03-01 | International Business Machines Corporation | User-touchscreen interaction analysis authentication system |
US8918479B2 (en) * | 2006-04-10 | 2014-12-23 | International Business Machines Corporation | User-browser interaction analysis authentication system |
US8255539B2 (en) * | 2006-12-29 | 2012-08-28 | Amadeus Sas | System and method for extending sessions |
US20080278455A1 (en) * | 2007-05-11 | 2008-11-13 | Rpo Pty Limited | User-Defined Enablement Protocol |
US20090049544A1 (en) * | 2007-08-16 | 2009-02-19 | Avaya Technology Llc | Habit-Based Authentication |
US8590021B2 (en) * | 2009-01-23 | 2013-11-19 | Microsoft Corporation | Passive security enforcement |
US8812395B2 (en) * | 2009-09-03 | 2014-08-19 | Virtual Piggy, Inc. | System and method for virtual piggybank |
US8590018B2 (en) * | 2011-09-08 | 2013-11-19 | International Business Machines Corporation | Transaction authentication management system with multiple authentication levels |
US20140157381A1 (en) * | 2012-12-05 | 2014-06-05 | Telesign Corporation | Frictionless multi-factor authentication system and method |
US20140283014A1 (en) * | 2013-03-15 | 2014-09-18 | Xerox Corporation | User identity detection and authentication using usage patterns and facial recognition factors |
Non-Patent Citations (2)
Title |
---|
Feng, Liu, Kwon, Shi, Carbunary, Jiangz and Nguyen, Continuous Mobile Authentication using Touchscreen Gestures, 2012, Computer Science Department, University of Houston, School of Computing and Information Sciences, Florida International University and Computer Science Department, University of Colorado, entire document * |
Frank, Biedert, Ma, Martinovic and Song, Touchalytics: On the Applicability of Touchscreen Inputas a Behavioral Biometric for Continuous Authentication, October 10, 2012, UC Berkeley, German Research Center for Arti cial Intelligence (DFKI) GmbH, University of Oxford, entire document * |
Cited By (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150121546A1 (en) * | 2013-10-25 | 2015-04-30 | Tracfone Wireless, Inc. | Device and Process for Restricting Access to Features on Electronic Devices Based on the Size of the Surface Area of the Finger and Other Factors |
US10237811B2 (en) | 2014-10-31 | 2019-03-19 | Hewlett Packard Enterprise Development Lp | Architecture of managing beacons using access points |
US9386610B2 (en) | 2014-10-31 | 2016-07-05 | Aruba Networks, Inc. | Periodic high power beacon broadcasts |
US9510136B2 (en) * | 2014-10-31 | 2016-11-29 | Aruba Networks, Inc. | Access control in bluetooth® low energy devices |
US10366217B2 (en) * | 2015-03-29 | 2019-07-30 | Securedtouch Ltd. | Continuous user authentication |
WO2016196849A1 (en) * | 2015-06-03 | 2016-12-08 | Paypal, Inc. | Authentication through multiple pathways based on device capabilities and user requests |
EP3304389A4 (en) * | 2015-06-03 | 2018-10-24 | PayPal, Inc. | Authentication through multiple pathways based on device capabilities and user requests |
CN107735999A (en) * | 2015-06-03 | 2018-02-23 | 贝宝公司 | The certification for passing through multiple approach based on functions of the equipments and user's request |
US11943212B2 (en) | 2015-06-03 | 2024-03-26 | Paypal, Inc. | Authentication through multiple pathways based on device capabilities and user requests |
US11134070B2 (en) * | 2015-06-03 | 2021-09-28 | Paypal, Inc. | Authentication through multiple pathways based on device capabilities and user requests |
CN112580019A (en) * | 2015-06-03 | 2021-03-30 | 贝宝公司 | Authentication through multiple pathways based on device functionality and user requests |
US20170142126A1 (en) * | 2015-11-17 | 2017-05-18 | Yahoo! Inc. | Method and system for user authentication based on a visual representation of user location |
US10764301B2 (en) * | 2015-11-17 | 2020-09-01 | Oath Inc. | Method and system for user authentication based on a visual representation of user location |
US20200401419A1 (en) * | 2016-09-24 | 2020-12-24 | Huawei Technologies Co., Ltd. | Method for Managing Application Program Use Time Offline, and Terminal Device |
US10824439B2 (en) | 2016-09-24 | 2020-11-03 | Huawei Technologies Co., Ltd. | Method for managing application program use time offline, and terminal device |
JP2019535074A (en) * | 2016-09-24 | 2019-12-05 | ホアウェイ・テクノロジーズ・カンパニー・リミテッド | Method for managing application program usage time offline and terminal device |
US20190220290A1 (en) * | 2016-09-24 | 2019-07-18 | Huawei Technologies Co., Ltd. | Method for Managing Application Program Use Time Offline, And Terminal Device |
US11537408B2 (en) * | 2016-09-24 | 2022-12-27 | Huawei Technologies Co., Ltd. | Method for managing application program use time offline, and terminal device |
US20220398305A1 (en) * | 2016-11-08 | 2022-12-15 | Huawei Technologies Co., Ltd. | Authentication Method and Electronic Device |
US11860986B2 (en) * | 2016-11-08 | 2024-01-02 | Huawei Technologies Co., Ltd. | Authentication method and electronic device |
US10853763B1 (en) | 2017-03-29 | 2020-12-01 | Square, Inc. | Onboarding new service providers utilizing portable service provider attributes |
US10402556B2 (en) * | 2017-04-04 | 2019-09-03 | Dell Products L.P. | Information handling system display security access through totem interactions |
US10963846B1 (en) * | 2017-10-31 | 2021-03-30 | Square, Inc. | Automated service determination |
US20210319407A1 (en) * | 2017-10-31 | 2021-10-14 | Square, Inc. | User interface component generation using service and/or duration information |
US20220051256A1 (en) * | 2018-09-28 | 2022-02-17 | Nec Corporation | Server, processing apparatus, and processing method |
US11775972B2 (en) * | 2018-09-28 | 2023-10-03 | Nec Corporation | Server, processing apparatus, and processing method |
US11646893B2 (en) | 2018-11-21 | 2023-05-09 | Avaya, Inc. | Systems and methods for detecting device location and usage |
US11115217B2 (en) * | 2018-11-21 | 2021-09-07 | Avaya Inc. | Systems and methods for detecting device location and usage |
JP7125066B2 (en) | 2020-07-15 | 2022-08-24 | ホアウェイ・テクノロジーズ・カンパニー・リミテッド | Method and terminal device for managing application program usage time offline |
JP2020184367A (en) * | 2020-07-15 | 2020-11-12 | ホアウェイ・テクノロジーズ・カンパニー・リミテッド | Method for managing time for using application program off-line and terminal device |
US11526235B1 (en) * | 2021-05-18 | 2022-12-13 | Microsoft Technology Licensing, Llc | Artificial intelligence model for enhancing a touch driver operation |
US11966540B2 (en) * | 2021-05-18 | 2024-04-23 | Microsoft Technology Licensing, Llc | Artificial intelligence model for enhancing a touch driver operation |
US11962596B2 (en) | 2021-08-04 | 2024-04-16 | Bank Of America Corporation | Integrated multifactor authentication for network access control |
Also Published As
Publication number | Publication date |
---|---|
US20170154180A1 (en) | 2017-06-01 |
EP3039601A4 (en) | 2017-04-12 |
EP3039601A1 (en) | 2016-07-06 |
WO2015031489A1 (en) | 2015-03-05 |
US10776479B2 (en) | 2020-09-15 |
JP2016540308A (en) | 2016-12-22 |
KR20160045633A (en) | 2016-04-27 |
AU2014312445A1 (en) | 2016-01-21 |
CN105556528A (en) | 2016-05-04 |
CA2915668A1 (en) | 2015-03-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10776479B2 (en) | Authentication system | |
US9251333B2 (en) | Wearable user device authentication system | |
US10037082B2 (en) | Physical interaction dependent transactions | |
US9589263B2 (en) | Automatic payment code display system | |
US8893229B2 (en) | Focus-based challenge-response authentication | |
US20190244185A1 (en) | Payment authorization system | |
US11171951B2 (en) | Device interface output based on biometric input orientation and captured proximate data | |
US9275389B1 (en) | Modular device payment system | |
US20130067551A1 (en) | Multilevel Authentication | |
US9906957B1 (en) | Authentication and security features for a mobile application | |
CA2772349A1 (en) | Authentication using application authentication element | |
US20180349889A1 (en) | Accessing digital wallet information using a point-of-sale device | |
US11601507B2 (en) | Mobile device transaction authentication application redirection system | |
AU2019378043B2 (en) | Security of authentication data on mobile devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: EBAY INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHATTERTON, GEOFFREY W.;KHANNA, RAMANEEK;NICHOLS, TIMOTHY C.;REEL/FRAME:031104/0097 Effective date: 20130823 |
|
AS | Assignment |
Owner name: PAYPAL, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:EBAY INC.;REEL/FRAME:036170/0289 Effective date: 20150717 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |