Aspects of the disclosure relate to interactions between computing devices of a multicomputer system. Based on detected events and event data, a client computing device may be directed by a computing platform to perform an appropriate action.
A need has been recognized to improve and enhance capabilities of computer systems incorporating transaction action points, such as Automated Teller Machines (ATM's) to address deficiencies of traditional approaches to better satisfy user needs and/or to enhance security capabilities.
The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosure. The summary is not an extensive overview of the disclosure and is intended neither to identify key or critical elements of the disclosure nor to delineate the scope of the disclosure. The following summary merely presents some concepts of the disclosure in a simplified form as a prelude to the description below.
Aspects of the disclosure relate to systems, methods, and apparatuses for providing improved user interaction with a transaction access point, such as an ATM device. In an illustrative example, a frictionless automated teller machine (ATM) computing system may include an ATM and an authentication server, a beacon device and, in some cases, a mobile device running a mobile application. The devices of the frictionless ATM computing system facilitates simplified user interaction with the ATM. As a user approaches the ATM, the mobile device may receive the beacon signal including a command to awaken the mobile application. After receipt, the mobile application may communicate an identifier to the authentication server, and the ATM may capture an image of the user. At the application server, the user image may be authenticated and confirmation returned to the ATM with a unified user identifier. After receipt of the authentication signal from the authentication server, the ATM may dispense a specified amount of currency.
A more complete understanding of the present invention and the advantages thereof may be acquired by referring to the following description in consideration of the accompanying drawings, in which like reference numbers indicate like features, and wherein:
In the following description of the various embodiments, reference is made to the accompanying drawings, which form a part hereof, and in which is shown by way of illustration, various embodiments of the disclosure that may be practiced. It is to be understood that other embodiments may be utilized.
As will be appreciated by one of skill in the art upon reading the following disclosure, various aspects described herein may be embodied as a method, a computer system, or a computer program product. Accordingly, those aspects may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, such aspects may take the form of a computer program product stored by one or more computer-readable storage media having computer-readable program code, or instructions, embodied in or on the storage media. Any suitable computer-readable storage media may be utilized, including hard disks, CD-ROMs, optical storage devices, magnetic storage devices, and/or any combination thereof. In addition, various signals representing data or events as described herein may be transferred between a source and a destination in the form of electromagnetic waves traveling through signal-conducting media such as metal wires, optical fibers, and/or wireless transmission media (e.g., air and/or space).
In many cases, automated teller machines may still utilize conventional user authentication methods, such as by requiring a user to swipe or insert a card upon which user identification information is encoded. After reading the card-stored information, the ATM may prompt the user to enter a user identifier, such as a personal identification number (PIN). Upon proper validation, the user may be granted access to one or more user accounts via a secure network connection. However, certain individuals may attempt to circumvent these security measures by capturing card information, PIN numbers and the like. While an ATM or a facility in which an ATM has been installed may include other security measures, such as cameras, financial institutions may desire to improve security measures and/or user authentication procedures to provide more security to their customers. Additionally, because current ATM access methods primarily require use of a card to access the user accounts, customer access to their own accounts may be difficult or impossible if their card has been lost or is unavailable to them. As such, a need has been recognized for improved more advanced user authentication methods and/or technology to provide greater security and convenience to the user.
In many cases, a currently existing ATM may be limited by one or more existing standards in use when installed and/or upgraded. For example, most ATMs may conform to a BASE24 standard and may be limited to the authentication parameters set by that standard. As such, the ATM may not utilize newer and/or stronger authentication options available from a financial institution's authentication server. Recent developments have increased a number of authentication options available, such as facial biometric capture at an ATM, facial biometric compare at an authentication server that may be remote or local to the ATM, geo-location capture at a mobile application (e.g., a mobile phone application) along with communication to an authentication server, a “unified” identifier including captured behavioral profile data via the mobile phone application, and the like. In some cases, one or more authentication methods may be used together to allow for increased security, accuracy of identification, and confidence that the correct user is accessing their own accounts.
In some cases, a successful integration ATM authentication and security measures with the capabilities offered by a remote authentication server may allow for a more unified authentication process across different applications and access points offered by an enterprise. Additionally, by leveraging a central authentication server, an enterprise may be able to leverage newer authentication processes faster and more easily than in the past to open the door to future opportunities and allow for stronger authentication as a need arises. Additionally, by leveraging a central authentication server, customer experience and satisfaction may be improved due to improved perceived continuity and parity between different access points, such as a mobile application interface, a website interface, an ATM interface, and the like. Advantages of the systems and methods discussed in this disclosure include increased customer experience and continuity between different applications and devices, greater usability of developed modular user authentication components allowing for rapid integration and/or sequencing during introduction to product offerings, an extensible design approach to leverage technological capabilities of different application development groups to save development costs in both time and money and allows technology to be tested and developed across different applications for added efficiencies. In some cases, different communication technologies (e.g., local networks, beacons, and the like) may be developed across product and industry sectors to standardize capabilities to link different devices (e.g., mobile applications, ATM, and banking facility networks), such as wireless coverage areas, ranges, hardware integration, device management strategies and methods, and the like.
In some cases, the illustrative examples discussed below may be used as described and/or in combination to provide improved authentication and security for users and providers of ATMs. In some cases, the illustrated examples provide streamlined authentication methodologies to lessen dependencies on current and/or legacy authentication technologies, such as those outlined by Base24. A centralized authentication server or hum may allow for one or more factors of authentication to be used and/or combined. Localized communication devices and/or networks (e.g., a beacon) may be used to provide zonal areas in which devices may communicate automatically or with user interaction. Geolocation technologies may be used in determining a unified identifier for a user and/or for devices to identify local counterparts for which interaction may be possible. Facial biometrics may be captured at a mobile device and/or at an ATM to provide increased user security and more precise authentication abilities. The facial biometrics may include a full or partial facial scan of a user that may be compared to a previously captured image (e.g., stored in a secure data store on a mobile device and/or a centralized data store at an authentication server) or with certain stored characteristics that may be derived from a full image (e.g., facial dimension characteristics, and the like). In some cases, behavioral profiles may be developed to identify certain user characteristics corresponding to use of a mobile device and/or movements, such as user swiping characteristics, login process characteristics, user gait characteristics, and the like.
The ATM 110 may include a processor 112, one or more memory devices 114, 122, a card reader 116, an imaging device 117 (e.g., a camera), a user interface 118, a communication interface 119, a currency acceptor 121, a currency dispenser 123, a scanner 115, and the like. In some cases, the processor of the ATM 110 may process instructions stored in the memory 114 to process an ATM authentication Engine 120 to control an ATM management service 124 to, at least in part, authenticate the user 105 before allowing the user 105 to perform one or more actions on the ATM 110, such as providing access to an account held at an associated financial institution, allowing a funds deposit into the account, withdrawal of funds from the account, and/or the like.
The authentication server 130 may include a processor 132, one or more memory devices 135, and a communication interface 139. The processor 132 of the authentication server 130 may process instructions stored in one or more of the memory devices 135 to manage and/or access a data store (e.g., an authentication database 138) and/or to process one or more computing services (e.g., an authentication service) and the like.
In some cases, the processor 112 may control all or a portion of the overall operation of the ATM 110 and the associated components including the one or more memory devices 114, 122, the card reader 116, the imaging device 117, the user interface 118, the communication interface 119, the currency acceptor 121, the currency dispenser 123, the scanner 115, and the like. The ATM 110 may also include a variety of computer readable media. The computer readable media may be any available media that may be accessed by the ATM 110 and include both volatile and nonvolatile media, removable and non-removable media. By way of example, and not limitation, computer readable media may comprise a combination of computer storage media and communication media.
Computer storage media, such as one or more of the memory devices 114 and 122 may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. The computer storage media may include, but is not limited to, random access memory (RAM), read only memory (ROM), electronically erasable programmable read only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to store the desired information and that can be accessed by the ATM 110.
In some cases, the memory device 114 may store instructions for running one or more are applications and/or storing other information representing application data for use while the ATM 110 is operational. Additional the memory device 114 may include corresponding software applications and/or services (for example, software tasks), that may run and/or may be running on the ATM 110, such as the ATM authentication engine 120 and/or the ATM management service 124. In some cases, one or more data structures may be used to store authentication information, image data and/or associated metadata and the like. For example, the memory device 122 may be used to store data captured locally at the ATM 110, such as a user image 128 captured by the imaging device 117. In some cases, the image may be stored in a raw state or a processed state. Additionally, metadata associated with the image may be stored in the memory 122, such as date information, time information, location information, and/or user data and the like.
Computer-executable instructions may be stored within the one or more memory devices 114 and/or 122 to provide instructions to a processor for enabling computing device 101 to perform various functions, such as user authentication functions, electronic transaction functions and the like. For example, the memory device 114 may store computer-executable instructions used by the ATM 110, such as an operating system, one or more application programs, one or more services, and an associated database. Alternatively, some or all of the computer executable instructions for the ATM 110 may be embodied in hardware or firmware (not shown).
In some cases, illustrative ATM computing systems may include processing of instructions stored on forms of computer-readable media. Computer-readable media include any available media that can be accessed by a computing device, such as the ATM 110. Computer-readable media may comprise storage media and communication media. Storage media include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, object code, data structures, program modules, or other data. Communication media include any information delivery media and typically embody data in a modulated data signal such as a carrier wave or other transport mechanism.
The memory device 114 may include one or more program modules having instructions that when executed by the ATM 110 may cause the ATM 110 to perform one or more functions described herein.
Although not required, various aspects described herein may be embodied as a method, a data processing system, or as a computer-readable medium storing computer-executable instructions. For example, a computer-readable medium storing instructions to cause a the processor 112 to perform steps (blocks) of a method in accordance with aspects of the invention is contemplated. For example, aspects of the method steps disclosed herein may be executed on by the processor 112 of the ATM 110. Such a processor may execute computer-executable instructions stored on a computer-readable medium.
The ATM 110 includes the user interface 118 that enables the user 105 to input information into the ATM 110 and displays information to the user 105 while the user is making an ATM transaction. In addition, the ATM 100 may display non-transaction information (for example, non-targeted and targeted ads) to the user before and during an ATM transaction. The user interface may assume different forms such as a touchscreen. For example, with some embodiments, the user interface 118 may support a 32 or 40 inch display. In some cases, the user interface may include a static display device and a numeric or alphanumeric keypad, or the like. The user interface may be used by the user 105 to enter security information (for example, a personal identification number (PIN)) that is not typically visible to others to provide privacy for the user.
The ATM 110 typically includes one or more transaction handling apparatus such as the currency acceptor 121 and the currency dispenser 123 that accepts currency and the like and dispenses cash during a transaction. The scanner 115 may be used to scan items inserted into the ATM 110, such as currency and/or a written instrument representative of funds to be deposited into a user account. In some cases, the card reader 116 may be configured to receive an ATM card, a credit card, a driver's license, or the like as part of a user verification process. The card reader 116 may include a magnetic strip or chip reader to obtain the user information. In some cases, such as when a driver's license or other user identification is entered, the card reader 118 may operate in conjunction with the scanner 118 to obtain user identification information. The imaging device 117 may include a still picture camera, a video camera, and/or another imaging device (e.g., an infrared camera and the like) to capture an image of the user, the user's face and/or portions thereof. In some cases, the user interface may include one or more other devices that may be used to capture identifying information associated with the user 105 that may be used, for example, for authentication purposes. Such devices may include an eye scan device, a fingerprint sensor, and the like.
As discussed above, a financial institution associated with the ATM and/or with an account associated with the user may utilize the authentication server 130 to store user authentication information and/or process authentication requests from ATMs, mobile applications, online login requests and/or the like. The authentication server 130 may be communicatively coupled to one or more communication networks to securely communicate authentication information to and from a requesting device, such as via encrypted communications, secure communication channels or the like. In some cases, the memory 135 of the authentication server 130 may store computer-readable instructions that, when processed by the processor 132, may cause an authentication service 134 to process authentication requests from one or more connected devices. The memory 135 may also store authentication information associated with one or more users in the authentication data store 138, where the information may include user information such as the user name, contact information (e.g., a home address, a work address, a phone number, an email address, a social media account name, and the like), account information, employment information, a photo of the user, facial scan information, eye scan information, fingerprint information, behavioral information (e.g., location information, phone use information, and the like) and/or other information useful in determining proper identification of a user for authentication purposes. In some cases, the authentication information may include a data structure associated with combinations of user identifying information to form a “unified” identifier that may be used as at least a portion of a user authentication process.
In a first example, as shown in
At 240, the ATM 110 may invoke the authentication server (e.g., an authentication hub) to authenticate the user, such as by invoking a new or existing authentication service, such as the ATM management service 124. The ATM management service may coordinate secure and/or encrypted communication between the ATM 110 and the authentication server 130 to communicate user identification information obtained from the card data and the user image 128 to the authentication server 130 to authenticate the user 105. Communication between the ATM and the authentication server 130 may be performed over one or more communication networks, such as a WAN, a LAN, the Internet, a cellular communication network, a private network, and the like. At 250, the authentication server 130 may invoke a process instance to authenticate the user, such as the authentication service 134. The authentication service may be a unique instance associated with a particular request (e.g., a particular user transaction request) or with the ATM. In some cases, the authentication service 134 may be configured to provide authentication services to multiple ATMs at a particular location or ATMs at different geographic locations. The authentication service 134 may authenticate the user via facial biometric information and associate the user request to a particular matched user identifier (e.g., a party ID) and/or a global unique identifier (GUID) corresponding to a user matching the authenticated facial biometrics. The authentication may receive the user data and the user image 128 from the ATM and compare one or more portions of that data (e.g., a user name, a user account, a card identifier, facial biometrics identifiable from the user image 128, and the like) to user identifiers associated with the user 105 stored in the authentication data store 138.
After completion of the user authentication process, the authentication service 134 may cause the authentication server to return a matched personal identifier (PID) and GUID corresponding to the user 105 to the ATM 110. At 270, the ATM may use the returned PID and GUID to authorize a requested user transaction that may be triggered by the user via the user interface 118, such as by initiating a funds dispensing event from a user account to the user 105 via the currency dispenser 123, such as via a “fast cash flow” event process.
Advantages of the process described in
The beacon 315 may be associated with one or more ATMs including the ATM 110 such that the beacon 315 may be located at, within, or in close proximity to the ATM 110. The beacon 315 may transmit messages comprising beacon information over a wireless communication channel that may be received by the mobile device 340 via the mobile application 345 when the mobile device is within range of the beacon 315 and/or as the user 105 approaches the ATM 110 and is within range of the beacon 315. In an illustrative example, the beacon 315 may support a communication protocol such as BLUETOOTH® having a class with a desired range. (BLUETOOTH supports different classes including 1, 2, 3, 4 with typical ranges of 100 meters, 10 meters, 1 meter, and 0.5 meters, respectively.) Other communication protocols may also be used in addition to, or in place of another. Such communication protocols may include iBeacon, Bluetooth low energy (BLE), Eddystone, AltBeacon, GeoBeacon, and the like. In some cases, the beacon 315 may include another wireless network or communication technology to perform similar functions, such as WiFi aware, ultrasound, and the like. The beacon 315 may also comprise a so-called “nearable” device configured to communicate with other devices via the “Internet of Things.” In some cases, the beacon information may include information that may be extracted by the mobile application 345. Such beacon information may include a universally unique identifier (UUID), e.g., a 16-byte UUID that may provide unique information across all beacons from any other deployers. Additionally, the information may include a location identifier (e.g., a 2-byte Major value) that can be utilized to identify the location of the ATM 110, and an ATM identifier (e.g., a 2-byte Minor value) that can be used to identify the actual ATM 110 itself.
After the mobile device 340 extracts the beacon information from the wireless communication channel, the mobile device 340 may communicate with the beacon 315 over the wireless communication channel via the mobile application 345. In some cases, the wireless communication channel may be established to the ATM 110 or a remote server, such as via a wireless communication network provided by a wireless service provider. In some cases, the mobile application 345 may coordinate communication between the mobile device 340 and the beacon 315 automatically, such that the mobile device does not need to be presently operated by the user 105 (e.g., the mobile device may be located in a pocket or bag associated with the user 105).
In response to communication between the mobile device 340 and the beacon 315, the ATM 110 may transition a user interface screen to display an appropriate display window as the user 105 nears the ATM 110. As discussed below, communication between the mobile device 340 and the authentication server 130 may also be triggered in response to the mobile application 345 identifying the beacon 315. Such communication may also cause the user interface screen displayed to the user 105 by the ATM 110 to be modified and/or selected, such as on a positive or negative result of an authentication process. In an illustrative example, if the ATM 110 were displaying first display screen (e.g., a home screen, an advertisement, and the like), the beacon 315 may instruct the ATM 110, via a communication channel to transition from the first display screen to a second display screen (e.g. a welcome screen, an electronic transaction screen, a receipt screen, a secondary authentication request screen and the like). However, in some cases, if a different user nears the same ATM 110 while the first user 105 is approaching, the ATM system 110 may give priority to the user who is closer and/or who first has a picture authenticated by standing in front of the ATM 110.
The method 400 illustrated in
At 430, the beacon 315 may send a broadcast message to “wake up” the mobile application 345. For example, the beacon 315 may periodically send a broadcast message, one of which may be received by the mobile device 340 and be processed by the mobile application 345. The mobile device 340 may or may not be in active use by the user 105, for example, the mobile device 340 may remain in the user's pocket or bag when the beacon's message is received and/or processed. At 440, the mobile application 345 may assemble an authentication message to be sent to the authentication server 130. For example, the mobile application 345 may assemble or receive a message including device and/or gating data (e.g., a unified identifier) which may be then communicated to the authentication server 130. When the user 105 is near the ATM 110, at 450, the ATM 110 may capture an image of the user's face (e.g., the user image 128) and store the image 128 in user memory. The ATM 110 may then send a signal to the authentication server 130 to authenticate the user 105, such as by validating the user image 128 and/or the unified identifier at 460. At 470, the authentication service 134 may compare the image to facial biometric information stored in the data repository 138 and determine a match between the facial biometric information and the unified identifier. If a match is not found with the unified identifier, see
The Input/Output (I/O) 1109 may include a microphone, keypad, touch screen, camera, and/or stylus through which a user of the computer server 1101 may provide input, and may also include one or more of a speaker for providing audio output and a video display device for providing textual, audiovisual and/or graphical output. Other I/O devices through which a user and/or other device may provide input to the computer server 1101 also may be included. Software may be stored within the memory 1115 and/or storage to provide computer readable instructions to the processor 1103 for enabling the computer server 1101 to perform various technologic functions. For example, the memory 1115 may store software used by the computer server 1101, such as an operating system 1117, an application programs 1119, and/or an associated database 1121. Alternatively, the computer server 1101 may process some, or all, of the computer executable instructions that may be embodied in hardware and/or firmware (not shown). As described in detail above, the database 1121 may provide centralized storage of characteristics associated with vendors and patrons, allowing functional interoperability between different elements located at multiple physical locations.
The computer server 1101 may operate in a networked environment supporting connections to one or more remote computers, such as terminals 1141 and 1151. The terminals 1141 and 1151 may be personal computers or servers that include many or all of the elements described above relative to the computer server 1101. The network connections depicted in
The computer server 1101 and/or the terminals 1141 or 1151 may also be mobile terminals including various other components, such as a battery, speaker, and antennas (not shown).
The disclosure is operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of computing systems, environments, and/or configurations that may be suitable for use with the disclosure include, but are not limited to, personal computers, server computers, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, mobile computing devices, e.g., smart phones, wearable computing devices, tablets, distributed computing environments that include any of the above systems or devices, and the like.
The disclosure may be described in the context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular computer data types. The disclosure may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
Referring to
Aspects of the disclosure have been described in terms of illustrative embodiments thereof. Numerous other embodiments, modifications, and variations within the scope and spirit of the appended claims will occur to persons of ordinary skill in the art from a review of this disclosure. For example, one or more of the steps depicted in the illustrative figures may be performed in other than the recited order, and one or more depicted steps may be optional in accordance with aspects of the disclosure.