TWO-WAY AUTHENTICATION SYSTEM AND METHOD

Description

BACKGROUND

Increasingly businesses, financial institutions, and other entities are contacting their users (e.g., customers, account holders, subscribers, etc.) regarding products and services that the entities offer. Furthermore, entities are taking advantage of the many digital channels (e.g., mobile network, telephone lines, digital subscriber lines (DSL), WiFi network, local area network, wireless network, wide area network, etc.) that can be used to contact users. For example, an agent of a financial institution may telephone a user to determine if the user has recently made a large financial transaction using a specific account. Users may prefer to conduct business remotely using a digital channel rather than having to travel to a physical location of the entity, even if conducting business at a physical location of the entity is more secure. Accordingly, users are becoming increasingly complacent about answering questions regarding their business relationship with an entity over digital channels even if the user is unfamiliar with the individual calling on the entity's behalf.

The increasing use of digital channels gives fraudsters an opportunity to take advantage of users. For example, as users become accustomed to answering questions that may involve personal data, fraudsters are increasingly reaching out to users purporting to be an agent of an entity that the user conducts business with. While savvy users may be wary of revealing personal data, fraudsters prey on the helplessness of a user to verify that the individual is in fact an agent of the entity.

BRIEF SUMMARY OF THE DESCRIPTION

The following presents a simplified summary of the innovation in order to provide a basic understanding of some aspects of the innovation. This summary is not an extensive overview of the innovation. It is not intended to identify key/critical elements of the innovation or to delineate the scope of the innovation. Its sole purpose is to present some concepts of the innovation in a simplified form as a prelude to the more detailed description that is presented later.

The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of two way authentication of customers and service agents. A method can include receiving a connection request to connect a customer and a service agent. The customer is authenticated for the service agent according to biometric data from the customer. The service agent is authenticated for the customer according by matching unique identifiers. A confirmation notification of the customer authentication is sent to the service agent. A confirmation notification of the service agent authentication is sent to the customer. A connection is established between the customer and the service agent according to the authentications and the connection request.

A system of the innovation can include a network component that receives a connection request to connect a customer and a service agent. A customer authentication component authenticates the customer for the service agent according to biometric authentication. A service agent component authenticates the service agent for the customer according to a unique identifier. A connection component establishes a connection between the customer and the service agent according to the authentications and the connection request.

In aspects, the subject innovation provides substantial benefits in terms of authentication and transactional security. One advantage resides in a more secure knowledge of the identity of a service agent that has contacted a customer. Another advantage resides in better relationship knowledge between the customer and a service agent.

To the accomplishment of the foregoing and related ends, certain illustrative aspects of the innovation are described herein in connection with the following description and the annexed drawings. These aspects are indicative, however, of but a few of the various ways in which the principles of the innovation can be employed and the subject innovation is intended to include all such aspects and their equivalents. Other advantages and novel features of the innovation will become apparent from the following detailed description of the innovation when considered in conjunction with the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

Aspects of the disclosure are understood from the following detailed description when read with the accompanying drawings. It will be appreciated that elements, structures, etc. of the drawings are not necessarily drawn to scale. Accordingly, the dimensions of the same may be arbitrarily increased or reduced for clarity of discussion, for example.

FIG. 1 illustrates an example component diagram of an authentication system of the present innovation.

FIG. 2 illustrates an example component diagram of a customer authentication component.

FIG. 3 illustrates an example component diagram of a biometric component.

FIG. 4 illustrates a method for authenticating customers and service agents.

FIG. 5 illustrates a computer-readable medium or computer-readable device comprising processor-executable instructions configured to embody one or more of the provisions set forth herein, according to some embodiments.

FIG. 6 illustrates a computing environment where one or more of the provisions set forth herein can be implemented, according to some embodiments.

DETAILED DESCRIPTION

The innovation is now described with reference to the drawings, wherein like reference numerals are used to refer to like elements throughout. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the subject innovation. It may be evident, however, that the innovation can be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to facilitate describing the innovation.

As used in this application, the terms “component”, “module,” “system”, “interface”, and the like are generally intended to refer to a computer-related entity, either hardware, a combination of hardware and software, software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, or a computer. By way of illustration, both an application running on a controller and the controller can be a component. One or more components residing within a process or thread of execution and a component may be localized on one computer or distributed between two or more computers.

Furthermore, the claimed subject matter can be implemented as a method, apparatus, or article of manufacture using standard programming or engineering techniques to produce software, firmware, hardware, or any combination thereof to control a computer to implement the disclosed subject matter. The term “article of manufacture” as used herein is intended to encompass a computer program accessible from any computer-readable device, carrier, or media. Of course, many modifications may be made to this configuration without departing from the scope or spirit of the claimed subject matter.

FIG. 1 illustrates an authentication system 100 for authenticating a user and a service agent to each other to establish a connection. The authentication system 100 includes a network component 110. The network component 110 receives a connection request to connect a customer and a service agent. In some embodiments, the connection request is originated by the service agent. The service agent can be a person, machine (e.g. “bot), automated system, and/or the like empowered to conduct transactions or provide information for an entity. In other embodiments, the connection request is originated by the customer. The customer may be a user or person that has registered with the entity to be provided services and/or be contacted by the entity. In some embodiments, the customer may be an automated agent of the customer such as a digital assistant, bot, device, and/or the like. The network component 110 receives the connection request over the internet, mobile network, application, API call, telephone, chat. SMS/MMS, other digital channels, and/or the like. In some embodiments, the connection between the customer and the service agent is to complete a financial transaction.

The authentication system 100 includes a customer authentication component 120. The customer authentication component 120 authenticates the customer's identity for the service agent according to a first authentication protocol. In some embodiments, the customer authentication component 120 can perform two factor authentication, and/or multi-factor authentication. The customer authentication component 120 can receive customer credentials from the customer upon receiving the connection request by the network component 110. In some embodiments, the connection request is forwarded to a customer device of the customer as well as a request for the customer to provide customer credentials using the customer device. The customer authentication component 120 can match the customer credentials to stored customer credentials associated with the customer. The stored customer credentials can be provided by a records repository 130 to the customer authentication component 120.

In some embodiments, the customer may be authenticated by the customer authentication component 120 when the received customer credentials match the stored customer credentials. In other embodiments, the customer authentication component 120 may use other authenticating data of the customer to authenticate the customer. The customer authentication component 120 can perform biometric authentication using biometric data of the customer. The customer authentication component 120 can request the customer provide biometric data via the customer device. In some embodiments, the biometric data can be a facial picture (e.g., a “selfie”) captured in response to a prompt, fingerprint, and/or the like. In other embodiments, the biometric data is a fingerprint or a voice modulation. The customer authentication component 120 receives the biometric data of the customer from the customer device. The customer authentication component 120 verifies the biometric data of the customer with previously stored biometric data of the customer associated with the customer. The verification can be completed using a biometric recognition algorithm.

The customer authentication component 120 can receive the previously stored biometric data from the records repository 130. The previously stored biometric data can be submitted by the customer during a registration process. In some embodiments, a biometric mapping algorithm can be performed on the biometric data provided during the registration process. The biometric mapping algorithm facilitates matching (or not matching) the stored biometric data to future biometric data for authentication. The customer authentication component 120 can analyze the biometric data to determine whether it matches the previously stored biometric data. For example, the customer authentication component 120 receives an image of the customer's face from the customer device. The customer authentication component 120 can perform a facial recognition analysis to match the image to previously stored facial recognition data of the customer in the records repository to confirm the customer's identity.

In some embodiments, the customer authentication component 120 temporarily stores the image of the customer's face. After authentication, the customer authentication component 120 overwrites, flushes, deletes, and/or the like the image of the customer's face. The overwriting provides increased security for the customer such that the images sent to the customer authentication component 120 are not misused.

The authentication system 100 includes a service agent authentication component 140. The service agent authentication component 140 authenticates the service agent for the customer according to a second authentication protocol. The service agent authentication component 140 can receive a unique identifier from the service agent. In some embodiments, the unique identifier is a MAC address, IP address, session identification, and/or the like.

The service agent authentication component 140 can receive a known unique identifier associated with the service agent from the records repository 130. The service agent authentication component 140 verifies the unique identifier by matching it to the stored unique identifier associated with the service agent. In some embodiments, a notification of the verification can be sent to the customer and a notification of the customer authentication can be sent to the service agent such that each party can confirm the other has been authenticated by the authentication system 100.

The authentication system 100 includes a connection component 150. The connection component 150 determines whether a relationship between the customer and the service agent exists based on relevant needs of the customer and the service agent. In some embodiments, a relationship can be determined by analyzing third party system and/or business systems. For example, a business system may be a human resources database to determine whether a human service agent works for the entity or a device register registered with the entity. In some embodiments, the relationship can be determined based on previous historical interactions, success rate, and frequency of historical interactions recorded between a bot service agent and a bot customer. The relationship data (or status) can be stored in the records repository 130. If a relationship exists, the connection component 150 sends unique information of the service agent that indicates the relationship to the customer. The customer can confirm the relationship to the service agent as an extra security step.

If the connection component 150 determines a relationship does not exist between the customer and the service agent, the connection component 150 creates a new relationship between the customer and the service agent to be stored in the record repository 130. The connection component 150 sends unique information of the new relationship to the customer for the customer to confirm creating the new relationship. The customer can confirm or deny the relationship to the service agent as an extra security step.

The connection component 150 establishes a connection between the customer and the service agent according to the authentications and the connection request. In some embodiments, the connection component 150 establishes a connection over which transactions such as a financial transaction may be completed. The connection component 150 establishes the connection upon confirming or creating a relationship between the customer and the service agent.

FIG. 2 illustrates a detailed component diagram of the customer authentication component 120. The customer authentication component 120 authenticates the customer's identity for the service agent according to a first authentication protocol. In some embodiments, the customer authentication component 120 can complete two factor authentication, and/or multi-factor authentication.

The customer authentication component 120 includes a credential component 210. The credential component 210 receives customer credentials from the customer upon receiving the connection request by the network component 110. In some embodiments, the connection request is forwarded to a customer device of the customer as well as a request for the customer to provide customer credentials using the customer device. In other embodiments, the credential component 210 can request stored customer credentials from the records repository 130. The credential component 210 matches the customer credentials received from the customer device to the stored customer credentials associated with the customer.

For example, a connection request is received by the network component 110. The credential component 210, in response to the connection request, sends a credential request to the customer device and the records repository. The customer device responds with customer credentials input by the customer or stored on the customer device. The records repository response with stored customer credentials associated with the customer. In some embodiments, the credentials are a password, key, passcode, and/or the like. In other embodiments, the credentials can be a unique token stored on the customer device.

In some embodiments, the customer may be authenticated by the customer authentication component 120 and/or the credential component 210 when the received customer credentials match the stored customer credentials. In other embodiments, the customer authentication component 120 may use further authenticating data of the customer to authenticate the customer. The customer authentication component 120 includes a biometric component 220 that performs biometric authentication using biometric data of the customer. The biometric component 220 can request the customer provide biometric data via the customer device. In some embodiments, the biometric data can be a facial picture (e.g. selfie) captured in the instant, a fingerprint, and/or the like. The biometric component 220 receives the biometric data of the customer from the customer device. The biometric component 220 can request stored biometric data associated with the customer from the records repository 150. The biometric component 220 verifies the biometric data of the customer with the stored biometric data of the customer associated with the customer.

The biometric component 220 can receive the previously stored biometric data from the records repository 130. The previously stored biometric data can be submitted by the customer during a registration process at an earlier time. The biometric component 220 can analyze the biometric data to determine whether it matches the previously stored biometric data. For example, the biometric component 220 receives an image of the customer's face from the customer device. The biometric component 220 can perform a facial recognition analysis to match the image to previously stored facial recognition data of the customer in the records repository 150.

In some embodiments, the biometric component 220 temporarily stores the image of the customer's face. After an authentication decision, the biometric component 220 overwrites, flushes, deletes, and/or the like the image of the customer's face. The overwriting provides increased security for the customer such that the images sent to the biometric component 220 are not misused.

FIG. 3 illustrates a component diagram of a biometric component 220. The biometric component 220 performs biometric authentication using biometric data of the customer. The biometric component 220 includes a temporary memory component 310. The temporary memory component 310 stores images of the customer's face during authentication. In some embodiments, the temporary memory component 310 is a hard disk drive, solid state drive, networked storage, cloud storage, database, and/or the like. After an authentication decision, the temporary memory component 310 overwrites, flushes, deletes, and/or the like the image of the customer's face. The overwriting provides increased security for the customer such that the images sent to the biometric component 220 are not misused or stolen.

The biometric component 220 includes an analysis component 320. The analysis component 320 can request the customer provide biometric data via a customer device 330. In some embodiments, the customer device 330 includes an image sensor 340. The image sensor can be a still camera, video camera, and/or other means for capturing images of the customer. In some embodiments, the biometric data can be a facial picture (e.g. selfie) captured in the instant, a fingerprint and/or the like. The analysis component 320 receives the biometric data of the customer from the customer device 330. The analysis component 320 can request stored biometric data associated with the customer from the records repository 130. The analysis component 320 verifies the biometric data of the customer with the stored biometric data of the customer associated with the customer.

The temporary memory component 310 can receive the previously stored biometric data from the records repository 130. The previously stored biometric data can be submitted by the customer during a registration process at an earlier time. The analysis component 320 analyzes the biometric data to determine whether it matches the previously stored biometric data. For example, the analysis component 320 receives an image of the customer's face from the temporary memory component 310 via the image sensor 340 of the customer device 330. The analysis component 320 performs a facial recognition analysis to match the image to previously stored facial recognition data of the customer 150. If the analysis confirms the faces in the images are the customer's, the customer is authenticated by the biometric component 220. If the images do not match, the customer is not authenticated. Authentication confirmation can be provided to the service agent as described above.

In some embodiments, the analysis component 320 can process the received image for tampering detection using tamper detection algorithms. The analysis component 320 can utilize tamper detection algorithms to verify that the received image is genuine and has not been edited to overcome the authentication techniques described above. In some embodiments, the image tampering algorithm is a passive algorithm that looks only at the received image for inconsistencies such as lighting or manipulation of the raw data of the image.

With reference to FIG. 4, example method 400 is depicted for authenticating a customer and service agent. While, for purposes of simplicity of explanation, the one or more methodologies shown herein. e.g., in the form of a flow chart, are shown and described as a series of acts, it is to be understood and appreciated that the subject innovation is not limited by the order of acts, as some acts may, in accordance with the innovation, occur in a different order and/or concurrently with other acts from that shown and described herein. For example, those skilled in the art will understand and appreciate that a methodology could alternatively be represented as a series of interrelated states or events, such as in a state diagram. Moreover, not all illustrated acts may be required to implement a methodology in accordance with the innovation. It is also appreciated that the method 400 is described in conjunction with a specific example is for explanation purposes.

FIG. 4 illustrates a method 400 for authenticating a user and a service agent to each other to establish a connection. At 405, a connection request is received to connect a customer and a service agent. In some embodiments, the connection request can be to complete financial transactions, exchange confidential information, and/or the like. The customer can be a registered user with an entity such as a financial institution. The service agent can be an automated digital agent (bot) that can complete financial transactions, provide information, complete customer requests, and/or the like residing on systems or networks of the financial institution.

At 410, customer credentials are received to identify a customer account. The customer credentials can be a password, passcode, one-time code, username, and/or the like to identify the customer. At 415, biometric data is received of the customer. The biometric data can be a facial picture of the customer that the customer takes after the connection request is received. In some embodiments, the biometric data can be a video, a fingerprint, a palm print, and/or other biometric data. In some embodiments, the biometric data is stored in a temporary memory. At 420, the customer is authenticated for the service agent according to the customer credentials and/or the biometric data. The customer credentials are verified to determine a match to previously stored customer credentials. The biometric data of the customer is analyzed against previously stored biometric data of the customer that is associated with the customer account. If both match, the customer is authenticated. At 425, the temporary memory is overwritten, deleted, or otherwise removed after the customer is authenticated.

At 430, a unique identifier is received for the service agent. The unique identifier can be a mac address. IP address, token, serial number, and/or the like to distinguish the service agent. At 435, the unique identifier is authenticated to match a stored unique identifier associated with the service agent. At 440, verification confirmations are provided to the service agent and the customer. The confirmations indicate to the customer that the service agent has been authenticated and to the service agent that the customer has been authenticated. This provides security for both parties to be ensured that fraud is not happening on either side of the connection.

At 445, a relationship status is determined between the customer and service agent. If a relationship exists, unique information of the service agent that indicates the relationship is sent to the customer. The customer can confirm the relationship to the service agent as an extra security step. If a relationship does not exist between the customer and the service agent, a new relationship is created between the customer and the service agent to be stored in the record repository 130. Unique information of the new relationship is sent to the customer for the customer to confirm creating the new relationship.

At 450, establishing a connection between the customer and the service agent according to the authentications and the connection request. The connection is established over which transactions such as a financial transaction may be completed. In some embodiments, the connection can be established upon confirming or creating a relationship between the customer and the service agent.

Still another embodiment can involve a computer-readable medium comprising processor-executable instructions configured to implement one or more embodiments of the techniques presented herein. An embodiment of a computer-readable medium or a computer-readable device that is devised in these ways is illustrated in FIG. 5, wherein an implementation 500 comprises a computer-readable medium 508, such as a CD-R, DVD-R, flash drive, a platter of a hard disk drive, etc., on which is encoded computer-readable data 506. This computer-readable data 506, such as binary data comprising a plurality of zero's and one's as shown in 506, in turn comprises a set of computer instructions 504 configured to operate according to one or more of the principles set forth herein. In one such embodiment 500, the processor-executable computer instructions 504 is configured to perform a method 502, such as at least a portion of one or more of the methods described in connection with embodiments disclosed herein. In another embodiment, the processor-executable instructions 504 are configured to implement a system, such as at least a portion of one or more of the systems described in connection with embodiments disclosed herein. Many such computer-readable media can be devised by those of ordinary skill in the art that are configured to operate in accordance with the techniques presented herein.

With reference to FIG. 6 and the following discussion provide a description of a suitable computing environment in which embodiments of one or more of the provisions set forth herein can be implemented. The operating environment of FIG. 6 is only one example of a suitable operating environment and is not intended to suggest any limitation as to the scope of use or functionality of the operating environment. Example computing devices include, but are not limited to, personal computers, server computers, hand-held or laptop devices, mobile devices, such as mobile phones, Personal Digital Assistants (PDAs), media players, tablets, and the like, multiprocessor systems, consumer electronics, mini computers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.

Generally, embodiments are described in the general context of “computer readable instructions” being executed by one or more computing devices. Computer readable instructions are distributed via computer readable media as will be discussed below. Computer readable instructions can be implemented as program modules, such as functions, objects, Application Programming Interfaces (APIs), data structures, and the like, that perform particular tasks or implement particular abstract data types. Typically, the functionality of the computer readable instructions can be combined or distributed as desired in various environments.

FIG. 6 illustrates a system 600 comprising a computing device 602 configured to implement one or more embodiments provided herein. In one configuration, computing device 602 can include at least one processing unit 606 and memory 608. Depending on the exact configuration and type of computing device, memory 608 may be volatile, such as RAM, non-volatile, such as ROM, flash memory, etc., or some combination of the two. This configuration is illustrated in FIG. 6 by dashed line 604.

In these or other embodiments, device 602 can include additional features or functionality. For example, device 602 can also include additional storage such as removable storage or non-removable storage, including, bit not limited to, magnetic storage, optical storage, and the like. Such additional storage is illustrated in FIG. 6 by storage 610. In some embodiments, computer readable instructions to implement one or more embodiments provided herein are in storage 610. Storage 610 can also store other computer readable instructions to implement an operating system, an application program, and the like. Computer readable instructions can be accessed in memory 608 for execution by processing unit 606, for example.

The term “computer readable media” as used herein includes computer storage media. Computer storage media includes volatile and nonvolatile, non-transitory, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions or other data. Memory 608 and storage 610 are examples of computer storage media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology. CD-ROM. Digital Versatile Disks (DVDs) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by device 602. Any such computer storage media can be part of device 602.

The term “computer readable media” includes communication media. Communication media typically embodies computer readable instructions or other data in a “modulated data signal” such as a carrier wave or other transport mechanism and includes any information delivery media. The term “modulated data signal” includes a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.

Device 602 can include one or more input devices 614 such as keyboard, mouse, pen, voice input device, touch input device, infrared cameras, video input devices, or any other input device. One or more output devices 612 such as one or more displays, speakers, printers, or any other output device can also be included in device 602. The one or more input devices 614 and/or one or more output devices 612 can be connected to device 602 via a wired connection, wireless connection, or any combination thereof in some embodiments, one or more input devices or output devices from another computing device can be used as input device(s) 614 or output device(s) 612 for computing device 602. Device 602 can also include one or more communication connections 616 that can facilitate communications with one or more other devices 620 by means of a communications network 618, which can be wired, wireless, or any combination thereof, and can include ad hoc networks, intranets, the Internet, or substantially any other communications network that can allow device 602 to communicate with at least one other computing device 620.

What has been described above includes examples of the innovation. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the subject innovation, but one of ordinary skill in the art may recognize that many further combinations and permutations of the innovation are possible. Accordingly, the innovation is intended to embrace all such alterations, modifications and variations that fall within the spirit and scope of the appended claims. Furthermore, to the extent that the term “includes” is used in either the detailed description or the claims, such term is intended to be incisive in a manner similar to the term “comprising” as “comprising” is interpreted when employed as a transitional word in a claim.

Claims

1. A method comprising: receiving a request to initiate a communication session between a user device and an agent device;authenticating a user associated with the user device according to a first authentication protocol;authenticating an agent associated with the agent device according to a second authentication protocol different from the first authentication protocol;providing a first notification of a successful authentication of the user to the agent device;providing a second notification of a successful authentication of the agent to the user device; andin response the first notification being provided to the agent device and the second notification being provided to the user device, facilitating an interaction between the user device and the agent device in the communication session.
2. The method of claim 1, further comprising: determining a previously established relationship between a user associated with the user device and an agent associated with the agent device based on one or more of: one or more historical interactions between the user and the agent,a success rate of the historical interactions between the user and the agent, ora frequency of the historical interactions between the between the user and the agent;causing transmission of unique information associated with the agent to the user device, wherein the unique information indicates the previously established relationship between the user and the agent; andreceiving, in response to the transmission of the unique information, a confirmation of the previously established relationship from the user device,wherein the interaction between the user device and the agent device in the communication session is facilitated in further response to receiving the confirmation.
3. The method of claim 1, wherein the first authentication protocol comprises: causing transmission of a credential request to the first user device;receiving, in response to the credential request, a credential from the user device; andauthenticating the credential using a stored credential associated with the user device.
4. The method of claim 3, wherein the credential comprises a unique token stored on the user device.
5. The method of claim 3, wherein the credential comprises a one-time code.
6. The method of claim 3, wherein the credential comprises a key that identifies a user account associated with the user device.
7. The method of claim 1, wherein the agent device is associated with a customer service agent of a financial institution, and wherein the interaction comprises a financial transaction.
8. A system comprising: a processor;a network component configured to receive a request to initiate a communication session between a user device and an agent device;a customer authentication component configured to: authenticate a user associated with the user device according to a first authentication protocol, andprovide a first notification of a successful authentication of the user to the agent device;a service agent component configured to: authenticate an agent associated with the agent device according to a second authentication protocol different from the first authentication protocol, andprovide a second notification of a successful authentication of the agent to the user device;a connection component configured to facilitate, in response the first notification being provided to the agent device and the second notification being provided to the user device, an interaction between the user device and the agent device in the communication session.
9. The system of claim 8, wherein the connection component is further configured to: determine a previously established relationship between a user associated with the user device and an agent associated with the agent device based on one or more of: one or more historical interactions between the user and the agent,a success rate of the historical interactions between the user and the agent, ora frequency of the historical interactions between the between the user and the agent;cause transmission of unique information associated with the agent to the user device, wherein the unique information indicates the previously established relationship between the user and the agent; andreceive, in response to the transmission of the unique information, a confirmation of the previously established relationship from the user device,wherein the interaction between the user device and the agent device in the communication session is facilitated in further response to receiving the confirmation.
10. The system of claim 8, wherein the customer authentication component authenticates the user associated with the user device according to the first authentication protocol by: causing transmission of a credential request to the first user device;receiving, in response to the credential request, a credential from the user device; andauthenticating the credential using a stored credential associated with the user device.
11. The system of claim 10, wherein the credential comprises a unique token stored on the user device.
12. The system of claim 10, wherein the credential comprises a one-time code.
13. The system of claim 10, wherein the credential comprises a key that identifies a user account associated with the user device.
14. The system of claim 8, wherein the agent device is associated with a customer service agent of a financial institution, and wherein the interaction comprises a financial transaction.
15. A computer program product comprising at least one non-transitory computer-readable storage medium storing software instructions that, when executed, cause an apparatus to: receive a request to initiate a communication session between a user device and an agent device;authenticate a user associated with the user device according to a first authentication protocol;authenticate an agent associated with the agent device according to a second authentication protocol different from the first authentication protocol;provide a first notification of a successful authentication of the user to the agent device;provide a second notification of a successful authentication of the agent to the user device; andin response the first notification being provided to the agent device and the second notification being provided to the user device, facilitate an interaction between the user device and the agent device in the communication session.
16. The computer program product of claim 15, further comprising software instructions that, when executed, cause the apparatus to: determining a previously established relationship between a user associated with the user device and an agent associated with the agent device based on one or more of: one or more historical interactions between the user and the agent,a success rate of the historical interactions between the user and the agent, ora frequency of the historical interactions between the between the user and the agent;causing transmission of unique information associated with the agent to the user device, wherein the unique information indicates the previously established relationship between the user and the agent; andreceiving, in response to the transmission of the unique information, a confirmation of the previously established relationship from the user device,wherein the interaction between the user device and the agent device in the communication session is facilitated in further response to receiving the confirmation.
17. The computer program product of claim 15, wherein the first authentication protocol comprises: causing transmission of a credential request to the first user device;receiving, in response to the credential request, a credential from the user device; andauthenticating the credential using a stored credential associated with the user device.
18. The computer program product of claim 17, wherein the credential comprises a unique token stored on the user device.
19. The computer program product of claim 17, wherein the credential comprises a one-time code.
20. The computer program product of claim 17, wherein the credential comprises a key that identifies a user account associated with the user device.

Continuations (2)

	Number	Date	Country
Parent	17645717	Dec 2021	US
Child	18403469		US
Parent	16003805	Jun 2018	US
Child	17645717		US

TWO-WAY AUTHENTICATION SYSTEM AND METHOD

Information

Publication Number

Date Filed

Date Published

Inventors

Original Assignees

CPC

International Classifications

Abstract

Description

Claims

Continuations (2)