What technology area does this patent fall under?

Primary CPC classification G06Q20/1085. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Dec 03 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 11 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Authenticating a customer to a risk level using an authorization token

US12159269B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12159269-B2
Application number	US-202318114938-A
Country	US
Kind code	B2
Filing date	Feb 27, 2023
Priority date	Nov 26, 2019
Publication date	Dec 3, 2024
Grant date	Dec 3, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Disclosed herein are system, method, and computer program product embodiments for authenticating a mobile user via an authentication method determined based on a token level associated with the action being completed. An authentication token is created corresponding to the token level and the authentication token is sent to the mobile device. This authentication token may be used to authenticate subsequent actions and engage various services to complete the actions using application programming interfaces. The authentication token stored on the mobile device obviates the need for a user to authenticate multiple times to complete actions requiring a similar token level. The system may authenticate the identity of the mobile user using various authentication methods.

First claim

Opening claim text (preview).

What is claimed is: 1. A method, comprising: causing, by one or more processors, a mobile application executing on a mobile device to display a withdrawal screen that allows a user to queue a withdrawal transaction at an automated teller machine (ATM); receiving a request from the mobile application to perform the withdrawal transaction that invokes a service, wherein the request comprises an authorization token and an identifier associated with the ATM, wherein the identifier is encoded in a matrixed identifier displayed on the ATM that the mobile device scans using a view-finder screen activated by the user in the mobile application, and wherein the authorization token associates the mobile device with a token level; verifying that the user can perform the withdrawal transaction using the authorization token based on the token level, a risk tier for the withdrawal transaction, and past behaviors of the user; and in response to the verifying, causing the service to issue instructions to the ATM to cause the ATM to dispense an amount of currency specified in the withdrawal transaction and the mobile application to display a confirmation screen on the mobile device indicating that the ATM completed the withdrawal transaction. 2. The method of claim 1 , further comprising: authenticating the user with an authentication method determined based on a level of risk associated with an action performed by the user; associating the authorization token with the token level based on the authentication method; and sending the authorization token to the mobile device. 3. The method of claim 2 , wherein the action performed by the user is a login and the authentication method uses a login and a password received from the mobile device. 4. The method of claim 2 , wherein the authentication method uses biometric data received from the mobile device. 5. The method of claim 2 , further comprising: when the token level is insufficient to perform the withdrawal transaction, authenticating the user with a second authentication method based on a second token level required by the withdrawal transaction; and sending an elevated authorization token to the mobile device, wherein the elevated authorization token remains in effect for a certain amount of time. 6. The method of claim 1 , wherein the authorization token comprises a timestamp that indicates an expiration of the authorization token, and wherein the authorization token remains in effect for a certain amount of time that varies based on the token level. 7. The method of claim 1 , the verifying further comprising: determining that the token level in the authorization token is sufficient to perform the withdrawal transaction. 8. A system, comprising: a memory; and a processor coupled to the memory and configured to: cause a mobile application executing on a mobile device to display a withdrawal screen that allows a user to queue a withdrawal transaction at an automated teller machine (ATM); receive a request from the mobile application to perform the withdrawal transaction that invokes a service, wherein the request comprises an authorization token and an identifier associated with the ATM, wherein the identifier is encoded in a matrixed identifier displayed on the ATM that the mobile device scans using a view-finder screen activated by the user in the mobile application, and wherein the authorization token associates the mobile device with a token level; verify that the user can perform the withdrawal transaction using the authorization token based on the token level, a risk tier for the withdrawal transaction, and past behaviors of the user; and in response to the verifying, cause the service to issue instructions to the ATM to cause the ATM to dispense an amount of currency specified in the withdrawal transaction and the mobile application to display a confirmation screen on the mobile device indicating that the ATM completed the withdrawal transaction. 9. The system of claim 8 , the processor further configured to: authenticate the user with an authentication method determined based on a level of risk associated with an action performed by the user; associate the authorization token with the token level based on the authentication method; and send the authorization token to the mobile device. 10. The system of claim 9 , wherein the action performed by the user is a login and the authentication method uses a login and a password received from the mobile device. 11. The system of claim 9 , wherein the authentication method uses biometric data received from the mobile device. 12. The system of claim 9 , the processor further configured to: when the token level is insufficient to perform the withdrawal transaction, authenticate the user with a second authentication method based on a second token level required by the withdrawal transaction; and send an elevated authorization token to the mobile device, wherein the elevated authorization token remains in effect for a certain amount of time. 13. The system of claim 8 , wherein the authorization token comprises a timestamp that indicates an expiration of the authorization token, and wherein the authorization token remains in effect for a certain amount of time that varies based on the token level. 14. The system of claim 8 , wherein to verify the processor is further configured to: determine that the token level in the authorization token is sufficient to perform the withdrawal transaction. 15. A non-transitory computer-readable device having instructions stored thereon that, when executed by at least one computing device, cause the at least one computing device to perform operations comprising: causing a mobile application executing on a mobile device to display a withdrawal screen that allows a user to queue a withdrawal transaction at an automated teller machine (ATM); receiving a request from the mobile application to perform the withdrawal transaction that invokes a service, wherein the request comprises an authorization token and an identifier associated with the ATM, wherein the identifier is encoded in a matrixed identifier displayed on the ATM that the mobile device scans using a view-finder screen activated by the user in the mobile application, and wherein the authorization token associates the mobile device with a token level; verifying that the user can perform the withdrawal transaction using the authorization token based on the token level, a risk tier for the withdrawal transaction, and past behaviors of the user; and in response to the verifying, causing the service to issue instructions to the ATM to cause the ATM to dispense an amount of currency specified in the withdrawal transaction and the mobile application to display a confirmation screen on the mobile device indicating that the ATM completed the withdrawal transaction. 16. The non-transitory computer-readable device of claim 15 , the operations further comprising: authenticating the user with an authentication method determined based on a level of risk associated with an action performed by the user; associating the authorization token with the token level based on the authentication method; and sending the authorization token to the mobile device. 17. The non-transitory computer-readable device of claim 16 , wherein the action performed by the user is a login and the authentication method uses a login and a password received from the mobile device. 18. The non-transitory computer-readable device of claim 16 , wherein the authentication method uses biometric data

Assignees

Capital One Services Llc

Inventors

Classifications

G06Q20/4016
involving fraud or risk level assessment in transaction processing · CPC title
G06Q20/40145
Biometric identity checks · CPC title
H04W12/068
using credential vaults, e.g. password manager applications or one time password [OTP] applications · CPC title
H04L63/0884
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
G06Q20/3226
Use of secure elements separate from M-devices · CPC title

Patent family

Related publications grouped by family.

View patent family 75974451

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12159269B2 cover?: Disclosed herein are system, method, and computer program product embodiments for authenticating a mobile user via an authentication method determined based on a token level associated with the action being completed. An authentication token is created corresponding to the token level and the authentication token is sent to the mobile device. This authentication token may be used to authenticat…
Who is the assignee on this patent?: Capital One Services Llc
What technology area does this patent fall under?: Primary CPC classification G06Q20/1085. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Dec 03 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 11 related publications on this page (citations in our corpus or others sharing the same primary CPC).