DEVICE

Field of the Invention

This invention relates to banking transactions using a remote bank device such as an Automated Teller Machine (ATM). More particularly, this invention relates to the authentication of a user by a remote bank device. Still more particularly, this invention relates to the use of a mobile user device interacting with the remote bank device to authenticate the user.

Prior Art

Remote bank devices, such as ATMs, computer kiosks, and the like, are commonly used by a customer to interact with a bank to perform any number of transactions including, but not limited to, withdrawals, deposits, balance inquiries, account transfers. The most common way of authenticating a user in these types of devices is the use of a card and a password input by the user. The user inserts the card into a card reading device which reads user information from the card. The user also inputs the password. The remote bank device transmits the password and the user information to a bank system that uses the received user information to retrieve the account information of the user. The account information is then used to determine whether the password is correct. If the password is correct, the bank system transmits an approval signal to the remote bank device which then allows the user to conduct the desired banking transactions. It is a problem that this method requires the user to perform a series of separate sequential steps to be authenticated by the remote bank device.

Furthermore, this current method is not very secure as it is common for hackers to make copies of the information on a user's card; and to steal and/or hack the user's password. To counter hackers making fraudulent card copies, measures including, but not limited to, card jitter devices, anti-skimming card inserts, pin pad shields and other devices are employed. It is a problem that mechanisms such as card jitter devices add to the transaction time of a user of the remote bank device resulting in longer queue times. As such, user would like an easier authentication system that also provides more security than the current password process.

Summary of the Invention The above and other problems are solved and an advance in the art is made by a system and method for providing bank transactions using a remote bank device in accordance with embodiments of this invention. A first advantage of systems and methods in accordance with embodiments of this invention is that a quicker and easier authentication process is provided for users of remote bank devices. In accordance with embodiments of this invention, a user only needs to perform a singular action at a remote bank device to perform an authentication process. A second advantage of systems and methods in accordance with embodiments of this invention is that two separate authentication processes are used. This increases security of the authentication process. Furthermore, the two separate authentications allow systems and methods in accordance with embodiments of this invention to fulfill the regulatory requirements of a multi-factor authentication of the customer.

In accordance with embodiments of this invention, a remote bank device, such as a kiosk or ATM, having a processor, memory, a first image capture device, a second image capture device, and a wireless communication node is provided. The remote bank device performs the following process to authenticate a user to allow the user to perform a banking transaction in accordance with embodiments of the invention. The process begins with the remote bank device establishing a wireless communicative connection with a mobile user device in response to a wireless device associated with a mobile user device being placed proximate the wireless communication node of the remote bank device. The wireless communicative connection is then used by the remote bank device to receive user credentials from the wireless device associated with the mobile user device. The remote bank system also captures an image of a display of the mobile user device which has a bar code or some other type of identifier used for authentication. Further, the remote bank device captures a biometric image of a portion of the user to be used in performing a biometric authentication of the user. The biometric image may be a facial picture, a fingerprint, a retinal scan or any other biometric image. The user credentials, the display image, and the biometric image are then transmitted to a bank system for authentication. The remote bank device then receives an approval or denial of the authentication from the bank system. If the user is authenticated, the user may perform a desired banking transaction. If not, the remote device may inform the user of the rejection and ask the user to try again.

In accordance with some embodiments of this invention, the remote bank device includes an enclosure defined within a surface of the remote bank device that is configured to receive a mobile user device. In accordance with some of these embodiments, the wireless communication node is a Near Field Communication (NFC) reader and is positioned near and/or within the bottom surface of the enclosure such that the NFC reader will contact a NFC device associated with the mobile user device when the mobile user device is inserted into the enclosure. Furthermore, the first image capture device is positioned near and/or within the top surface of the enclosure such that the first image capture device can capture an image of the display of the mobile user device when the NFC device associated with the mobile device is in contact with the NFC reader of the remote bank device.

In accordance with some of these embodiments of this invention, the wireless communicative connection is a NFC communicative connection and is established in the following manner. The NFC reader of the remote bank device detects a presence of the NFC device associated with the mobile user device. The remote bank device then uses the NFC reader to interrogate the mobile user device in order to establish the NFC communicative connection.

In accordance with some embodiments of this invention, the user credentials are received via the NFC communicative connection in the following manner. The remote bank system requests the user credentials from the mobile user device using the NFC communicative connection. In response to the request, the remote bank device receives the user credentials from the mobile user device using the NFC communicative connection.

In accordance with some embodiments of this invention, the display image is captured by the remote bank in the following manner. The remote bank device detects the presence of the mobile user device. The remote bank device then prepares the first image capture device to capture the image. The remote bank device then determines whether the display of the mobile user device is aligned properly for the first image capture device to capture the display image. If the mobile user device is properly aligned, the first image capture device captures an image of the display of the mobile user device for use as the display image. In accordance with some of these embodiments, the remote bank device then determines whether the display image captured is acceptable. If the image is not acceptable, the first image capture device captures a second display image.

In accordance with some embodiments of this invention, the biometric image is captured by the remote bank in the following manner. The remote bank device detects the presence of the user in front of the second image capture device. The remote bank device then prepares the second image capture device to capture the biometric image. The remote bank device then determines whether a particular portion of the user needed for the biometric analysis is properly aligned with the second image capture device to capture the biometric image. If the portion of the user is properly aligned, the second image capture device captures an image of the particular portion of the user for use as the biometric image. In accordance with some of these embodiments, the remote bank device then determines whether the biometric image captured is acceptable. If the image is not acceptable, the second image capture device captures a second biometric image.

In accordance with some embodiments of this invention, the bank system performs the following process to authenticate a user. The bank system receives the user credentials, display image and biometric image from the remote bank device. The bank system then retrieves user information based on the received user credentials. The bank system then performs analysis on the display image to authenticate the display image based upon the user information retrieved by the bank system. The bank system also performs biometric analysis on the biometric image using the user information to authenticate the user. The bank system authenticates the user if the biometric image and display image are determined to meet the authentication criteria in the user information. If the user is authenticated, the bank system transmits an approval code to the remote bank device. In accordance with some of these embodiments, the analysis of the display image and the biometric analysis are performed substantially concurrently.

In accordance with some embodiments of this invention, a remote user device performs a process of generating and displaying an authentication display in response to the user requesting a bank transaction with a remote bank device.

Brief Description of the Drawings

The above and other features and advantages in accordance with embodiments of this invention are described in the following Detailed Description and are shown in the following drawings: Figure 1 illustrating a diagram of a network including an ATM and a bank system connected via a network in accordance with embodiments of this invention;

Figure 2 illustrating a front view of an ATM in accordance with some embodiments of this invention; Figure 3 illustrating a block diagram of components of exemplary processing system such as the processing system in an ATM, bank system, and/or mobile user device in accordance with embodiments of this invention;

Figure 4 illustrating a diagram of components within an enclosure in a surface of the ATM in accordance with embodiments of this invention; Figure 5 illustrating a flow diagram of process for providing a bank transaction to a user from a remote bank device in accordance with embodiments of this invention;

Figure 6 illustrating a flow diagram of a process for receiving user credentials via a NFC communicative connection in accordance with an embodiment of this invention;

Figure 7 illustrating a flow diagram of a process for capturing a display image in accordance with embodiments of this invention;

Figure 8 illustrating a flow diagram of a process for capturing a biometric image in accordance with embodiments of this invention;

Figure 9 illustrating a flow diagram of a process for authenticating a user using the display image and biometric image in accordance with embodiments of this invention; and Figure 10 illustrating a flow diagram of a process for providing an authentication display on a display of a mobile user device in accordance with embodiments of this invention. Detailed Description of the Invention

This invention relates to banking transactions using a remote bank device such as an Automated Teller Machine (ATM). More particularly, this invention relates to the authentication of a user by a remote bank device. Still more particularly, this invention relates to the use of a mobile user device interacting with the remote bank device to authenticate the user.

In accordance with embodiments of this invention, systems and methods are provided to authenticate a user using two independent methods. Preferably, a first method is via a display on mobile user device and a second method is a biometric method. More particularly, user credentials are provided via a wireless connection between the remote bank device and the mobile user device. In particular embodiments, the wireless connection is a Near Field Communication (NFC) connection between the mobile user device and the remote bank device. Images of the display of the device and the portion of the user needed for biometric analysis are then captured in response to an NFC connection being made. Thus, the user has an easy and efficient method for performing a log-in to a remote bank device. In addition to the ease of use for the customer, systems and methods in accordance with embodiments of this invention provide two separate authentication means which provide added security to the user and comply with various regulatory requirements that banks must meet.

Figure 1 illustrates a remote bank device that is in communicative connection with a bank system via a network in accordance with embodiments of this invention. Network 100 may be the Internet, a Public Switched Telephonic Network (PSTN), a Wide Area Network (WAN), a Local Area Network (LAN), or any other type of network that may be used to transmit data between two devices. Bank system 105 is shown as a single server in Figure 1. However, bank system 105 may be a network of devices including any number of connected routers, servers, memory devices and/or any other devices that perform the processes described with respect to a banking system in accordance with embodiments of this invention. Automated Teller Machine (ATM) 110 is a remote bank device in accordance with embodiments of this invention. One skilled in the art will recognize that a remote bank device may be other types of devices including computer terminals, touch pads, kiosks or any other processing device that a bank provides that allows a user to interact with bank system 105 to complete banking transactions. Personal Digital Assistant 115 and mobile telephone 116 are examples of mobile user devices in accordance with embodiments of this invention. One skilled in the art will recognize that a mobile user device in accordance with embodiments of this invention is any handheld device capable of displaying data on a display screen and capable of being wirelessly connected for communication.

Figure 2 illustrates a more detailed view of ATM 110 in accordance with embodiments of this invention. ATM 10 is similar to most conventional ATMs. However, ATM 110 includes enclosure 210. Enclosure 210 is an opening within a surface of ATM 110 that is configured to receive a mobile user device. As shown in Figure 4, enclosure 210 includes NFC reader 410 within and/or proximate the bottom surface of enclosure 210. NFC reader 410 is positioned within enclosure 210 to allow easy contact between NFC reader 410 and an NFC device that is associated with a mobile user device. One skilled in the art will recognize that although NFC communicative connections, NFC readers, and NFC devices associated with the mobile user device are described in accordance with embodiments of the present invention, other wireless protocol and devices may be used without departing from this invention. Examples of other wireless protocols and device include, but are not limited to, WI-FI, RFID, and the like. In the shown embodiment, NFC reader 410 is within the bottom surface as it is envisioned that the NFC device associated with a mobile user device will be either near a back surface or bottom surface of the device. The position of the NFC reader makes it likely that the mobile user device will be placed inside enclosure 210 with a display facing a top surface of enclosure 210. As such, first image capture device 405 is positioned within and/or proximate the top surface of enclosure 210 such that the lens is aimed at the likely position of a mobile user device when the mobile user device is in contact with NFC reader 410. First image capture device 405 is a digital camera or other device capable of capturing a digital image of an object. Although shown as an enclosure, one skilled in the art will recognize that many other configurations for positioning an image capturing device and NFC reader to allow the capture of an image of the display of the mobile user device while the NFC device is near a NFC reader is possible without departing from this invention. One skilled in the art will recognize that first image capture device 405 and NFC reader 410 are positioned to allow substantially concurrent capturing of the image of the display and receiving of the information transmitted by the NFC device associated with the mobile user device. Furthermore, second image capture device 205 is a conventional digital camera available in most ATMs that may be used to capture biometric images as will be discussed below. Alternatively, second image capture device 205 may be replaced and/or supplemented with another image capturing device that captures a biometric image without departing from this invention.

Processes provided by instructions stored by a media that are executed by processing systems in a mobile user device, the remote bank device, and one or more servers in the bank system provide systems and methods in accordance with embodiments of this invention. The instructions may be stored as firmware, hardware, or software by these devices. Furthermore, one skilled in the art will recognize that some of the steps of the described processes may be combined, separated, repeated, or omitted without departing from embodiments of this invention. Figure 3 illustrates processing system 300 such as one of the processing systems in a personal user device and the servers that execute the instructions to perform the processes for providing a method and/or system in accordance with an embodiment of this invention. One skilled in the art will recognize that the exact configuration of each processing system may be different and the exact configuration of the processing system in each device may vary; and Figure 3 is given by way of example only.

Processing system 300 includes Central Processing Unit (CPU) 305. CPU 305 is a processor, microprocessor, or any combination of processors and microprocessors that execute instructions to perform the processes in accordance with an embodiment of the present invention. CPU 305 connects to a memory bus and Input/Output (I/O) bus. The memory bus connects CPU 305 to memories 310 and 315 to transmit data and instructions between the memories and CPU 305. The I/O bus connects CPU 305 to peripheral devices to transmit data between CPU 305 and the peripheral devices. One skilled in the art will recognize that the I/O bus and the memory bus may be combined into one bus or subdivided into many other busses and the exact configuration is left to those skilled in the art.

A non-volatile memory 315, such as a Read Only Memory (ROM), is connected to the memory bus. Non-volatile memory 315 stores instructions and data needed to operate various sub-systems of processing system 300 and to boot the system at start-up. One skilled in the art will recognize that any number of types of memory may be used to perform this function.

A volatile memory 310, such as Random Access Memory (RAM), is also connected to the memory bus. Volatile memory 310 stores the instructions and data needed by CPU 305 to perform software instructions for processes such as the processes that provide systems and methods in accordance with an embodiment of this invention. One skilled in the art will recognize that any number of types of memory may be used as volatile memory and the exact type used is left as a design choice to those skilled in the art.

I/O device 320, keyboard 325, display 330, memory 340, network device 345 and any number of other peripheral devices connect to the I/O bus to exchange data with CPU 305 for use in applications being executed by CPU 305. I/O device 320 is any device that transmits and/or receives data from CPU 305. Keyboard 325 is a specific type of I/O device that receives user input and transmits the input to CPU 305. Display 330 receives display data from CPU 305 and display images on a screen for a user to see. Memory 340 is a device that transmits and receives data to and from CPU 305 for storing data to a media. Network device 345 connects CPU 305 to a network for transmission of data to and from other processing systems.

In accordance with embodiments of this invention, a remote bank device, such as an ATM performs a process to authenticate a user when the user wants to conduct a banking transaction using the remote bank device. A log-in process for authenticating a user in accordance with an embodiment of this invention is illustrated in Figure 5. Process 500 begins in step 505 when user credentials are received from a mobile user device. A process for receiving the user credentials using NFC communications is provided below with reference to Figure 6. Information for the first authentication process is then received by the remote bank device in step 510. In accordance with some embodiments, the information for the first authentication process is an image of the display of the mobile user device and a process for capturing a display image is described below with reference to Figure 7. In step 515, the remote bank device receives the information for the second authentication to perform. In accordance with some embodiments of this invention, the second authentication process is a biometric test. In particular, a biometric image of a portion of the user is captured and compared to biometric information of the user to authenticate the user. For purposes of this discussion, biometric means any physical characteristic of a user that is unique enough to correctly distinguish a particular user from other parties. Further, the portions of the body that may be used include, but are not limited to, the face, the eyes, and finger prints. A process for obtaining the biometric image to complete steps 515 in accordance with an embodiment of this invention is described below with reference to Figure 8. One skilled in the art will recognize that steps 505-515 may start and be performed substantially concurrently in accordance with embodiments of this invention. Once all of the information is received, the remote bank device transmits the user credentials, the display image, and the biometric image to the bank system in step 520. The bank system will then perform the two authentication processes and transmit a response to the remote bank device. In step 525, the remote bank device receives a transmission from the bank system either authenticating the user or rejecting the user. If the user is rejected, the session is terminated in step 550 and process 500 ends.

If the user is authenticated, the remote bank device provides a list of transactions the user may select. The remote bank device then receives a request for a transaction in step 530. In step 535, the remote bank device receives the transaction details. For example, the transactions details may be an amount withdrawn and/or deposited to an account of the user. The transaction details are then transmitted to the bank system in step 540. In step 545, the details of the completion of the transaction are received from the bank system and displayed for the user. The remote bank device then completes the transaction. The user may then request another transaction in step 550. If another transaction is requested, process 500 is repeated from step 530. Otherwise, process 500 ends.

In accordance with another embodiment of this invention, after the user is authenticated, the user may pre-define a transaction that is saved on the bank system. The pre-defined transaction may be, for example, an amount to be withdrawn. When the user requests for transaction, either on the same occasion as when the authenticated took place or on a separate occasion, the remote bank device receives the request for the transaction and automatically completes the transaction based on the pre-defined transaction without the need for further authentication. In accordance with embodiments of this invention, the authentication process begins by transmitting user credentials from the mobile user device to the remote bank system using Near Field Communication (NFC) transmissions. In accordance with these embodiments, the user mobile device has an NFC device that is associated with the device. The NFC device may be integral to the mobile user device or the NFC device may be an attachment that connects to the mobile user device via an Input/ Output (I/O) port of the device. A process for receiving the user credentials via the NFC communications in accordance with embodiments of this invention is shown in Figure 6.

Process 600 begins in step 605 when the NFC reader in the remote bank device detects the presence of an NFC device associated with a mobile user device. The presence is detected when the NFC device associated with mobile user device is within a predetermined proximity of the NFC reader. In accordance with some embodiments, the presence is detected when the mobile user device is placed within enclosure 210 of ATM 110. In response to detecting the presence of the NFC device associated with the mobile user device, the remote bank device interrogates the NFC device using the NFC reader to establish a NFC communicative connection between the remote bank device and the mobile user device in step 610. In response to the NFC connection being established, the remote bank device requests the user credentials from the mobile user device in step 615. In response to the request, the remote bank device receives the user credentials from the user mobile device in step 620 via the NFC connection and process 600 ends.

In accordance with embodiments of this invention, two authentication processes are performed. In accordance with some of these embodiments, the authentication processes include one device authentication and one biometric authentication. One device authentication process is to detect the display of a particular design unique to the user. The unique design may be a bar code, a QR code, or some other specific symbol. Furthermore, the same symbol may be displayed every time a user attempts to log-in to a remote bank device or a new symbol may be generated every time a log-in is attempted, depending on the particular system. The other authentication process is a biometric authentication process. A biometric authentication process uses a unique physical trait to identify the user. In accordance with embodiments of this invention, the biometric authentication process is performed using an image of a portion of the user. The portion may be a fingerprint, a retina scan, a face, or any other portion of the body with a distinguishing feature.

A process for capturing a display image that is an image of the display of the mobile user device in accordance with an embodiment of this invention is shown in Figure 7. Process 700 begins in step 705 when the remote bank device receives a signal indicating the presence of a mobile user device in a designated area such as in enclosure 210 of ATM 110. The presence may be detected through the use of the NFC reader in the ATM. In response to receiving a signal indicating the presence of a mobile user device, the remote bank device prepares the first image capture device to capture a display image which is an image that includes the display of the mobile user device in step 710. The preparation may include focusing the image, preparing flash lighting, and/or any other processes that may be needed to capture the image.

In optional step 715, process 700 determines whether the mobile user device is properly aligned to capture an image of the display with the first image capturing device. This may be performed by software that determines whether the image is within a certain border. Alternatively, an image may be displayed to the user showing a border to allow the user to adjust the position of the device. If the display of the mobile user device is properly aligned, the first image capturing device captures the display image in step 720. In step 725, a verification process to determine the image is acceptable may be performed. This verification process may be performed by a process that determines whether symbols in the display image are clearly recognizable for use in the authentication process. Alternatively, the verification process may include displaying the image to the user and asking the user to verify that the image is clear. If the image is acceptable, process 700 ends. Otherwise, process 700 is repeated from step 710 to capture an acceptable display image.

A process for capturing a biometric image in accordance with an embodiment of this invention is shown in Figure 8. A biometric image is an image of a portion of the body of the user that has a unique physical trait. Process 800 begins in step 805 when the remote bank device receives a signal indicating the presence of the user in a designated area such as in front of second image capture device 205 of ATM 1 10. The presence may be detected through the use of the NFC reader in the ATM. Alternatively, a motion detector or a pressure sensor may be used to indicate the user is in a proper position to capture the image. In response to receiving a signal indicating the presence of the user, the remote bank device prepares the second image capture device to capture a biometric image which is an image that includes the portion of the user needed for biometric analysis in step 810. The preparation may include focusing the image, preparing flash lighting, and/or any other processes that may be needed to capture the image.

In optional step 815, process 800 determines whether the portion of the user is properly aligned to capture an image of the needed portion of the body with the second image capturing device. This may be performed by software that determines whether the image is within a certain border. Alternatively, an image may be displayed to the user showing a border to allow the user to adjust the position of the user prior to having the image captured. If the user is properly aligned, the second image capturing device captures the biometric image in step 820. In step 825, a verification process to determine whether the image is acceptable may be performed. This verification process may be performed by a process that determines whether portion of the body needed is clearly recognizable for use in the authentication process. Alternatively, the verification process may include displaying the image to the user and asking the user to verify that the image is clear. If the image is acceptable, process 800 ends. Otherwise, process 800 is repeated from step 810 to capture an acceptable biometric image.

The process of authenticating the user is performed by the bank system in accordance with embodiments of this invention. The bank system performs two separate authentication processes. The authentication processes are ideally performed concurrently or substantially concurrently to reduce the amount of time needed to authenticate the user. A process for performing an authentication of a user in accordance with an embodiment of this invention is illustrated in Figure 9. Process 900 begins in step 905 when user credentials, a display image, and the biometric image for a user are received from a remote bank device. In step 910, the user credentials are used to retrieve user information. User information may include account information for the user, information to authenticate the display image, and the biometric data needed to authenticate the biometric image. In step 915, the bank system performs analysis on the display image to authenticate the user. The authentication may be as simple as comparing the display image to a template to determine a match. Alternatively, the analysis may include extracting data to the image and comparing the extracted information to information in the user information to confirm a match. The exact test will depend on the information used and is left as a design choice to those skilled in the art. The process determines if the display image is authenticated in step 920. If the display image is not authenticated, a rejection of the authentication is generated and transmitted to the remote bank device. Step 925 performs the biometric analysis on the biometric image to authenticate the user. The exact analysis done and the requirements for authenticating the user will vary depending on the part of the body analyzed. Thus, the exact process performed in step 925 is omitted for brevity. In step 930, the process determines if the biometric image is authenticated. If the biometric image is not authenticated, a rejection of the authentication is generated and transmitted to the remote bank device in step 940 and process 900 ends. If the both the display image and the biometric image are authenticated, an approval message is generated by the bank system and transmitted to the remote bank device in step 935. Process 900 then ends.

A process performed by a mobile user device to provide an authentication display in accordance with embodiments of this invention is illustrated by Figure 10. Process 1000 begins in step 1005 by receiving an input of a request for interaction with a remote bank device. This request may be an input from the user or may be a signal from the NFC device indicating proximity to a reader of a remote bank device. In response to the request, the mobile user device begins executing interaction software in step 1010. The interaction software may be an 'app', specific application or other executable that may be performed by the mobile user device to communicate with remote bank device. The interaction software then generates the authentication display and causes the display of the device to provide the authentication display in step 1015. The authentication display is then displayed by the mobile user device until an exit command is received in step 1020. One skilled in art will recognize that the exit command may be user input or may be a command received from the remote bank device via the NFC device associated with the mobile user device. In response to receiving the exit command, the mobile user device may receive and store any updates in step 1025. The updates may include data needed to generate a proper authentication display during a subsequent use. Process 1000 then ends.

The above is a description of devices and processes in accordance with systems and methods embodying this invention. It is envisioned those skilled in the art can and will design alternative embodiments that infringe this invention as set forth in the following claims.