US 11,941,643 B2
System, method, and apparatus for authenticating a user
Aditi Rungta, Singapore (SG); Kieu Trinh Nguyen, Singapore (SG); Wen Zhao Cheng, Singapore (SG); Xi Li, Singapore (SG); and Xudong Wu, Singapore (SG)
Assigned to Visa International Service Association, San Francisco, CA (US)
Appl. No. 17/045,206
Filed by Visa International Service Association, San Francisco, CA (US)
PCT Filed Apr. 1, 2019, PCT No. PCT/US2019/025136
§ 371(c)(1), (2) Date Oct. 5, 2020,
PCT Pub. No. WO2019/195143, PCT Pub. Date Oct. 10, 2019.
Claims priority of provisional application 62/653,062, filed on Apr. 5, 2018.
Prior Publication US 2021/0042764 A1, Feb. 11, 2021
Int. Cl. G06Q 30/018 (2023.01); H04L 9/40 (2022.01); G06Q 40/03 (2023.01)
CPC G06Q 30/0185 (2013.01) [G06Q 40/03 (2023.01); H04L 63/083 (2013.01); H04L 63/0853 (2013.01); H04L 63/0884 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A computer-implemented method for authenticating a user, comprising:
registering, by an authentication system, a plurality of user accounts for a plurality of users in at least one data structure based at least partially on user information and account data for each user of the plurality of users, the account data for each user comprising an account identifier associated with a portable payment device, wherein the account identifier comprises at least a primary account number (PAN) associated with a user account for each user;
generating, by the authentication system, an identity score for each user based on the PAN associated with the user account for each user;
receiving, by the authentication system, at least one message requesting to create a plurality of provider accounts for a plurality of third-party service providers, the at least one message comprising a required permissions field, the required permissions field comprising one or more parameters of user information and the PAN associated with the user account for each user requested by a third-party system;
registering, by the authentication system, the plurality of provider accounts for the plurality of third-party service providers in at least one data structure based at least partially on third-party service provider data;
receiving, from the third-party system corresponding to a third-party service provider of the plurality of third-party service providers, an initial request to authenticate a user of the plurality of users, the initial request communicated in response to the user creating an account with the third-party service provider;
redirecting a device associated with the user to a webpage of the authentication system comprising a first graphical user interface configured to receive a first input from the user;
receiving, from the device associated with the user, the first input from the user comprising user credentials corresponding to a first user account of the plurality of user accounts;
validating, by the authentication system, the user credentials based at least partially on the identity score for the user;
redirecting the device associated with the user to a webpage of the authentication system comprising a second graphical user interface configured to receive a second input from the user;
receiving, from the device associated with the user, the second input from the user comprising an approval for the third-party system to identify the one or more parameters of user information and the PAN associated with the user account of the user requested by the third-party system;
in response to receiving the second input from the user, communicating, by the authentication system, a redirect message to the device associated with the user, the redirect message comprising an authentication code, the redirect message configured to redirect the device associated with the third-party system;
storing the authentication code on the device associated with the user via a browser application executing on the device associated with the user based on receiving the redirect message;
receiving, from the third-party system, an access token request message comprising an authorization code and third-party service provider data;
validating, by the authentication system, the access token request message;
in response to validating the access token request message, generating, by the authentication system, an access token based at least partially on the authorization code and the third-party service provider data;
communicating, by the authentication system, the access token to the third-party system;
receiving, by the authentication system, a second request to authenticate the user from the third-party system, wherein the second request to authenticate the user comprises the access token;
validating, by the authentication system, the access token by analyzing a digital signature of the access token; and
communicating, by the authentication system to the third-party system, the one or more parameters of user information and the PAN associated with the first user account requested by the third-party system to the third-party system based on validating the access token.