Patent Grant
10540861
There are many business environments in which access to certain areas or certain information is restricted to people who have authorization for such access. The financial services industry, particularly in banking, is one area where such limited access is crucial. Access to financial records is typically restricted to the individuals or businesses to whom the records relate and to the authorized personnel of the institutions who maintain those records. Any person wishing to access a financial record must typically undergo an authentication procedure to prove that that person does, in fact, have authority to review the record.
In the banking industry, for example, a person wishing to access an account held at a banking institution through any one of multiple channels (e.g., at a physical branch, by telephone, or through the Internet) must successfully complete an authorization process before access will be granted. One common authorization technique in the banking industry is a card-and-PIN combination, in which a person wishing to conduct a transaction through a banking machine (e.g., an automated teller machine, or ATM) or with a human teller presents a bank card and enters a PIN (personal identification number) code. If the PIN code entered by the user matches the PIN code encrypted on the card, the authentication process is successful and the user is allowed to access the corresponding accounts and to conduct secure transactions involving those accounts.
Another common, and very simple, authentication technique used for transactions conducted in person at a physical branch is a visual inspection of a government-issued photo-identification document, such as a driver's license or passport. If the person presenting the document appears clearly to be the person depicted on the document, the person is granted access to secure information that is linked to that person or that document.
Certain business establishments allow users to engage in transactions at multiple locations, or touchpoints, within a facility. A banking establishment, for example, typically allows users to engage in business through self-service terminals, such as ATMs, and at full-service teller stations, where the users conduct transactions with the assistance of human tellers. In these establishments, the user must undergo authentication at each of the touchpoints, even when all of the touchpoints are contained within single physical establishment (e.g., a bank building) that is fully controlled by the business establishment. In a banking facility, for example, it is very common for a user to conduct a cash withdrawal through an ATM and then conduct some other transaction (e.g., a check deposit) with the help of a teller. In these situations, the user is typically required to undergo authentication once at the ATM (usually by card-and-PIN) and again at the teller station (usually by card-and-PIN or by photo-identification).
A system for use in allowing a user to conduct one or more transactions at one or more touchpoints in a business facility includes an authentication component, a tracking component, and a control component. The authentication component is configured to authenticate the user as a person allowed to conduct the one or more transactions. The tracking component is configured to track the user's location within the facility as the user moves through the facility. The control component is configured (a) to receive authentication information from the authentication component, (b) to receive location information from the tracking component, (c) to use the location information to recognize that the user has moved into position to engage one of the touchpoints, and (d) to deliver a message to the touchpoint authorizing the touchpoint to engage in one or more transactions with the user.
In some systems, the control component is also configured to use the location information to recognize that the user has moved away from the touchpoint and to deliver a second message to the touchpoint indicating that the user has moved away. The control component is also configured in some systems to use the location information to recognize that the user has moved into position to engage a second one of the touchpoints and to deliver a message to the second touchpoint authorizing the second touchpoint to engage in one or more transactions with the user.
In some systems, the authentication component includes a terminal configured to authenticate the user when a code provided to the terminal by the user matches a code stored on a token carried by the user, such as a card that the user inserts into the terminal.
In some systems, the tracking component includes a visual-tracking system that includes one or more video cameras positioned within the facility. The tracking component is often configured to assess the user's location within a grid imposed on the facility, and the control component is configured to compare the user's location within the grid to one or more fixed grid locations associated with one or more of the touchpoints.
In some systems, the control component is configured to include information identifying the user or an image depicting the user in the message delivered to the touchpoint.
Other features and advantages will become apparent from the description and claims that follow.
Described below is a technique that allows the user of a physical business establishment, or facility, to conduct secure transactions at multiple touchpoints within the facility without undergoing a separate authentication process at each of the touchpoints. The technique allows the business entity that operates the facility to transfer the user's authentication from one touchpoint to another within the facility. One result is a business environment that is much more efficient and much less frustrating for both the business entity and the user. Tangible results include reduced wait times for users and greater transaction throughput within the business establishment.
The facility 100 described here is equipped with a complex authentication-and-tracking system that allows each user to undergo authentication once and then passes the user's authentication from touchpoint to touchpoint as the user moves throughout the facility 100 and engages the various touchpoints. As a user 1101 enters the facility 100, the user engages an authentication terminal 150, at which the user undergoes the authentication process (e.g., by inserting a bankcard to the authentication terminal 150 and entering a PIN code that matches the code encrypted on the card). At the same time, cameras 1601-P mounted throughout the facility 100 acquire images of the user that are used by a visual-tracking system to follow the user's movement through the facility at all times. Visual-tracking systems with these capabilities are known in the art and are not described in any detail here. One such system is developed by Accenture Technology Labs and is described at www.accenture.com/Global/Services/Accenture_Technology_Labs/R_and_I/VisualTracking. htm. Other components of the authentication-and-tracking system are described in detail below.
The A&T system 300 also includes an authentication system 320, which typically includes or works in conjunction with the authentication terminal described above. The authentication system 320 receives at least two pieces of information for each user—one identifying the user and one authenticating the user. With a card-and-PIN authentication technique, for example, the identification information might include data taken from the card identifying the person or accounts associated with the card and the PIN code encrypted on the card, and the authentication information might include the PIN code entered by the user into the authentication terminal.
A control system 330 receives data from both the visual-tracking system 310 and the authentication system 320 and uses this data to “attach” each user's authentication to that user's position in the facility as the user moves throughout the facility. The data that the control system 330 receives from the visual-tracking system 310 includes real-time positional data indicating the grid location of each object (or user) being tracked by the visual-tracking system. The data that the control system 330 receives from the authentication system 320 includes data identifying each user or identifying other important items, such as the accounts that an authenticated user is allowed to access. The control system 330 uses this information to create a series of real-time authentication packets 340 for users that it delivers to the various touchpoints within the facility as the users move through the facility and into positions to engage the touchpoints. The authentication packets 340 and their contents are described in more detail below.
In general, as shown in
When the authentication process succeeds in authenticating the user, the control system receives real-time positional data from the visual-tracking system indicating the position of the user in the facility (step 460). As it receives this data, the control system compares the user's position to fixed grid locations associated with each of the touchpoints in the facility to assess whether the user is in position to engage with any of the touchpoints (step 470). The control system continues this cycle until the user reaches a location that puts the user in position to engage one of the touchpoints. When that occurs, the control system creates an authentication packet and delivers the packet to the touchpoint nearest the user (step 480). The authentication packet, which is described in more detail below, notifies the touchpoint that an authenticated user is standing before it, identifies the user (or the accounts authorized for access by that user), and instructs the touchpoint to establish a session through which the authenticated user (and only that user) can conduct one or more secure transactions with the touchpoint.
In the meantime, the control system continues to monitor the user's position with respect to the fixed grid position associated with the touchpoint and to assess whether the user has moved away from that position (step 490). When the user moves away from the fixed grid position, the control system instructs the touchpoint to halt the session that it has established for the user (step 495). The behavior of both the touchpoint and the control system from this point depend on the business requirements of the establishment that operates them. Some establishments might create a short delay period during which the user can return to the fixed grid position and resume the session at the touchpoint. Other establishments might abort the user's session altogether and require establishment of a new session when the user returns to the touchpoint. Either way, the control system continues to monitor the user's position with respect to the various touchpoints in the facility and notifies a touchpoint when the user is in position to engage that touchpoint. The control system continues monitoring the movement of each user and notifying touchpoints in this manner until the user has exited the facility or the visual-tracking system has lost track of the user.
The control system updates the “grid location” entry in each user record 5101-X in real-time as it receives positional data for the corresponding user from the visual-tracking system. When the control system receives an indication that the user has left the facility or that the visual-tracking system has lost track of the user, the control system deletes the corresponding user record 5101-X from the table 500.
The control system uses the information stored in the table to create the authentication packets that it delivers to the various touchpoints in the facility. An authentication packet is typically created by taking a snapshot of the information contained in the user record that corresponds to the user who is in position to engage the touchpoint to which the packet is being sent.
Computer-Based and Other Implementations
The various implementations of the invention claimed below are realized in electronic hardware, computer software, or combinations of these technologies. Most implementations include one or more computer programs executed by a programmable computer. In general, the computer includes one or more processors, one or more data-storage components (e.g., volatile and nonvolatile memory modules and persistent optical and magnetic storage devices, such as hard and floppy disk drives, CD-ROM drives, and magnetic tape drives), one or more input devices (e.g., mice and keyboards), and one or more output devices (e.g., display consoles and printers).
The computer programs include executable code that is usually stored in a persistent storage medium and then copied into memory at run-time. The processor executes the code by retrieving program instructions from memory in a prescribed order. When executing the program code, the computer receives data from the input and/or storage devices, performs operations on the data, and then delivers the resulting data to the output and/or storage devices.
The text above describes one or more specific embodiments of a broader invention. The invention also is carried out in a variety of alternative embodiments and thus is not limited to those described here. For example, while the description above relies on examples taken from the banking industry, the invention is applicable in a wide range of other types of facilities, such as post offices, hospitals and medical offices. Many other embodiments are also within the scope of the following claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4420751 | Paganini et al. | Dec 1983 | A |
| 4991008 | Nama | Feb 1991 | A |
| 5216502 | Katz | Jun 1993 | A |
| 5544321 | Theimer et al. | Aug 1996 | A |
| 5892824 | Beatson et al. | Apr 1999 | A |
| 6123259 | Ogasawara | Sep 2000 | A |
| 6230928 | Hanna et al. | May 2001 | B1 |
| 6236736 | Crabtree et al. | May 2001 | B1 |
| 6334110 | Walter et al. | Dec 2001 | B1 |
| 6343739 | Lippert | Feb 2002 | B1 |
| 6484936 | Nicoll et al. | Nov 2002 | B1 |
| 6583813 | Enright et al. | Jun 2003 | B1 |
| 6598025 | Hamilton et al. | Jul 2003 | B1 |
| 6704716 | Force | Mar 2004 | B1 |
| 6726094 | Rantze et al. | Apr 2004 | B1 |
| 6761308 | Hanna et al. | Jul 2004 | B1 |
| 6783459 | Cumbers | Aug 2004 | B2 |
| 6920435 | Hoffman et al. | Jul 2005 | B2 |
| 6925565 | Black | Aug 2005 | B2 |
| 6931254 | Egner et al. | Aug 2005 | B1 |
| 6937998 | Swartz et al. | Aug 2005 | B1 |
| 7003497 | Maes | Feb 2006 | B2 |
| 7015945 | Sullivan | Mar 2006 | B1 |
| 7084765 | Clapper | Aug 2006 | B2 |
| 7108177 | Brookner | Sep 2006 | B2 |
| 7187998 | Okamoto et al. | Mar 2007 | B2 |
| 7187999 | Okamoto et al. | Mar 2007 | B2 |
| 7191035 | Okamoto et al. | Mar 2007 | B2 |
| 7200394 | Aoki et al. | Apr 2007 | B2 |
| 7206668 | Okamoto et al. | Apr 2007 | B2 |
| 7209803 | Okamoto et al. | Apr 2007 | B2 |
| 7287693 | Brookner | Oct 2007 | B2 |
| 7293711 | Brock | Nov 2007 | B2 |
| 7304662 | Sullivan et al. | Dec 2007 | B1 |
| 7319479 | Crabtree et al. | Jan 2008 | B1 |
| 7357717 | Cumbers | Apr 2008 | B1 |
| 7418474 | Schwab | Aug 2008 | B2 |
| 7516888 | Kundu et al. | Apr 2009 | B1 |
| 7584885 | Douglass | Sep 2009 | B1 |
| 7602382 | Hinckley et al. | Oct 2009 | B2 |
| 7628325 | McIntosh | Dec 2009 | B2 |
| 7658327 | Tuchman et al. | Feb 2010 | B2 |
| 7726557 | Bosch et al. | Jun 2010 | B2 |
| 7734513 | Bonner et al. | Jun 2010 | B2 |
| 7751971 | Chang et al. | Jul 2010 | B2 |
| 7806316 | Torres et al. | Oct 2010 | B1 |
| 7941534 | de la Huerga | May 2011 | B2 |
| 7942315 | He et al. | May 2011 | B2 |
| 8036152 | Brown et al. | Oct 2011 | B2 |
| 8219129 | Brown et al. | Jul 2012 | B2 |
| 8340672 | Brown et al. | Dec 2012 | B2 |
| 8380558 | Sharma et al. | Feb 2013 | B1 |
| 8494934 | Atkinson et al. | Jul 2013 | B2 |
| 8558663 | Newman et al. | Oct 2013 | B2 |
| 8600804 | Ramchandani | Dec 2013 | B2 |
| 20010011680 | Soltesz et al. | Aug 2001 | A1 |
| 20020122572 | Seal et al. | Sep 2002 | A1 |
| 20020132664 | Miller et al. | Sep 2002 | A1 |
| 20020178369 | Black | Nov 2002 | A1 |
| 20030018897 | Bellis et al. | Jan 2003 | A1 |
| 20030120957 | Pathiyal | Jun 2003 | A1 |
| 20030158937 | Johal et al. | Aug 2003 | A1 |
| 20030216969 | Bauer et al. | Nov 2003 | A1 |
| 20040015450 | Zingher et al. | Jan 2004 | A1 |
| 20040024709 | Yu et al. | Feb 2004 | A1 |
| 20040056100 | He | Mar 2004 | A1 |
| 20040093281 | Silverstein et al. | May 2004 | A1 |
| 20050071671 | Karaoguz | Mar 2005 | A1 |
| 20050091338 | de la Huerga | Apr 2005 | A1 |
| 20050177522 | Williams | Aug 2005 | A1 |
| 20050177859 | Valentino et al. | Aug 2005 | A1 |
| 20050259797 | Swartz et al. | Nov 2005 | A1 |
| 20050269405 | Throckmorton et al. | Dec 2005 | A1 |
| 20060040679 | Shikano et al. | Feb 2006 | A1 |
| 20060097045 | Tsutsui et al. | May 2006 | A1 |
| 20060111811 | Okamoto et al. | May 2006 | A1 |
| 20060111812 | Okamoto et al. | May 2006 | A1 |
| 20060112034 | Okamoto et al. | May 2006 | A1 |
| 20060116973 | Okamoto et al. | Jun 2006 | A1 |
| 20060169771 | Brookner | Aug 2006 | A1 |
| 20060184279 | Okamoto et al. | Aug 2006 | A1 |
| 20060251255 | Batta | Nov 2006 | A1 |
| 20070023508 | Brookner | Feb 2007 | A1 |
| 20070055785 | Stevens | Mar 2007 | A1 |
| 20070084913 | Weston | Apr 2007 | A1 |
| 20070138268 | Tuchman | Jun 2007 | A1 |
| 20070145121 | Dallal et al. | Jun 2007 | A1 |
| 20070174809 | Brown et al. | Jul 2007 | A1 |
| 20070200928 | O'Doherty et al. | Aug 2007 | A1 |
| 20070207750 | Brown et al. | Sep 2007 | A1 |
| 20080065897 | Jayaram et al. | Mar 2008 | A1 |
| 20080073431 | Davis | Mar 2008 | A1 |
| 20080074264 | Sharpe et al. | Mar 2008 | A1 |
| 20080074496 | Venetianer et al. | Mar 2008 | A1 |
| 20080076431 | Fletcher et al. | Mar 2008 | A1 |
| 20090057395 | He et al. | Mar 2009 | A1 |
| 20090105950 | Arteaga et al. | Apr 2009 | A1 |
| 20090294523 | Marano et al. | Dec 2009 | A1 |
| Entry |
|---|
| “Facility.” Webster's Third New International Dictionary, Unabridged, 1993. [online][retrieved on Feb. 10, 2011]. Retrieved from: <http://lionreference.chadwyck.com/searchFulltext.do?id=12170129&idType=offset&divLevel=2&queryId=../session/1297386863_1416&area=mwd&forward=refshelf&trail=refshelf>. |
| Petrushin, V.A., Wei, G. & Gershman, A.V. Multiple-camera people localization in an indoor environement. Knowl Inf Syst (2006) 10: 229.[online] [Retrieved on Aug. 22, 2019], Retrieved from the Internet: <URL:https://doi.org/10.1007/s10115-006-0025-7> (Year: 2006). |
| Number | Date | Country | |
|---|---|---|---|
| 20090165092 A1 | Jun 2009 | US |
