Frictionless multi-factor authentication system and method

摘要

A frictionless multi-factor authentication system and method (“FMFA system”) that facilitates verification of the identity of a website user, registrant or applicant. The FMFA system reduces or removes the burden on the user by eliminating the additional manual second step traditionally required by two-factor authentication methods, and replacing the second step with an automated authentication step based on the location of a mobile device that is associated with the user. The FMFA system may be utilized for authenticating users to access sensitive data on online accounts, applications and websites, download files, perform online transactions, store information through websites or data stores, or the like. The FMFA system allows registration information obtained from a previously-registered user to authenticate the user on subsequent visits or logins to the website.

主权项

1. An authentication method implemented by an authentication server, comprising:
responsive to a successful authentication of a user by a client system, the authentication based on user entry of a personal identifier and a password on a mobile phone in order to access an online account, the client system maintaining a database of user credentials used in the authentication that is inaccessible to the authentication server, receiving from the client system a request to perform a location-based authentication of the mobile phone, the request including:
a first location corresponding to the mobile phone via which the user accesses the online account, the first location determined by the mobile phone using a global positioning system (GPS); andan identifier corresponding to the mobile phone; initiating as a background process the location-based authentication without user involvement, the location-based authentication comprising:
obtaining, based on the identifier, a second location corresponding to the mobile phone, the second location generated by a wireless network to which the mobile phone is connected;retrieving at least one authentication rule;determining, by a processor, whether the first and second locations generate a location match in accordance with the at least one authentication rule by determining that the first and second locations are within a threshold distance from each other, wherein the threshold distance is dynamically reduced when at least one of the first and second locations is a designated fraud location;generating an authentication response to allow or deny the user access to the online account based on whether the first and second locations generate a location match; andchallenging the user to another form of authentication to allow or deny the user access to the online account when the authentication response indicates that the first and second locations do not generate a location match.