| CPC G06Q 20/40 (2013.01) [G06F 21/32 (2013.01); G06F 21/35 (2013.01); G06F 21/606 (2013.01); G06F 21/6263 (2013.01); G06Q 20/123 (2013.01); G06Q 20/382 (2013.01); G06Q 20/4012 (2013.01); G06Q 20/40145 (2013.01); G06Q 20/4016 (2013.01); G06Q 20/405 (2013.01); G06Q 20/409 (2013.01); G06Q 20/425 (2013.01); G06Q 30/06 (2013.01); G06Q 30/0601 (2013.01); G06Q 30/0613 (2013.01); G06Q 40/00 (2013.01)] |
| AS A RESULT OF REEXAMINATION, IT HAS BEEN DETERMINED THAT: |
| The patentability of claims 1-30 is confirmed. |
| New claims 31-70 are added and determined to be patentable. |
|
1. A method of validating a request for a secure transaction comprising:
receiving a request for the secure transaction at a website, the request including an electronic identification associated with a user device from which the request originated;
determining that the user device is not recognized based on the electronic identification compared to at least one electronic identification stored with respect to a profile associated with the request;
responsive to the determining, communicating with a fraud prevention application installed on a predefined out-of-band mobile phone, the mobile phone identified by the profile;
executing the application on the mobile phone to validate the request by at least requesting confirmation via the application that the request has the approval of a possessor of the mobile phone;
determining whether the validating of the request by the application was successful based on an indication received from the mobile application; and
responsive to successful validation, allowing the unrecognized computing device to proceed with the secure transaction.
|
|
[ 31. The method of claim 1,
wherein the at least one electronic identification store with respect to the profile associated with the request includes a plurality of electronic identifications stored with respect to the profile associated with the request,
wherein the request includes at least one additional electronic identification associated with the user device,
wherein the profile associated with the request further defines a plurality of conditions requiring identity verification, including at least non-recognition of the device, different ones of the conditions based on different types of data received with the request and wherein the plurality of conditions includes at least a first condition comprising comparison of the electronic identification to the at least one electronic identification of the plurality of electronic identifications, and
wherein the profile further defines communication with the fraud prevention application as a verification action to be taken responsive to the comparison of the electronic identification under the first condition resulting in the user device being not recognized.]
|
|
[ 32. The method of claim 31, wherein profile further defines at least a second verification action different from communication with the fraud prevention application to be taken responsive to at least a second of the plurality of conditions, different from the first condition, being evaluated and requiring verification as a result of the evaluation.]
|
|
[ 33. The method of claim 1, wherein the mobile phone is identified by the profile at least in part by designation, in the profile, of use of the fraud prevention application as a verification method responsive to the user device not being recognized.]
|
|
[ 34. The method of claim 33, wherein the request includes a user identifier usable to identify a user from whom the request purportedly originated and wherein the mobile phone is identified by the profile based at least in part on a stored association between the user identifier and the fraud prevention application.]
|
|
[ 35. The method of claim 34, wherein the stored association between the user identifier and the fraud prevention application was stored based at least in part on installation of the fraud prevention application on the mobile phone.]
|
|
[ 36. The method of claim 33, wherein use of the fraud prevention application as the verification method responsive to the user device not being recognized is one of a plurality of configurable options configurable to selectively designate one or more fraud verification methods, of a plurality of fraud verification methods, in conjunction with the profile and wherein the method further includes choosing the fraud prevention application as the verification method responsive to the user device not being recognized.]
|
|
[ 37. The method of claim 1, wherein the profile is a user profile and wherein the at least one electronic identification is stored with respect to the user profile by being stored as part of the user profile.]
|
|
[ 38. The method of claim 1, wherein the profile is a rules profile controlled by an operator of the website and is associated with the request based on a designation of the rules profile as a profile to be used for validating requests.]
|
|
[ 39. The method of claim 38, wherein the at least one electronic identification is stored in a user profile associated with a user identified by a user identifier included with the request and accessed responsive to use of the rules profile to validate the request from the identified user.]
|
|
[ 40. The method of claim 1, wherein the communication with the fraud prevention application comprises communicating with a specific installation of the fraud prevention application identified by a stored unique identification number stored in association with a user identified by a user identifier included in the request.]
|
|
[ 41. The method of claim 40, further comprising identifying the specific installation of the fraud prevention application prior to the communicating by accessing a profile, associated with the user, storing the unique identification number.]
|
|
[ 42. The method of claim 1, further comprising identifying a specific installation of the fraud prevention application identified by stored unique identification information related to the mobile phone and having a stored designation as identification information for the fraud prevention application; and wherein the communication with the fraud prevention application further comprises communicating with the specific installation of the fraud prevention application.]
|
|
[ 43. The method of claim 1, wherein the profile designates at least two configurable and different methods of contacting a user for verification, including use of the fraud prevention application and at least one different method.]
|
|
[ 44. The method of claim 1, further comprising:
receiving a request to install the fraud prevention application on the mobile device;
designating an exhaustible permission for installation of the fraud prevention application on the mobile device; and
exhausting the usability of the exhaustible permission responsive to receiving an indicator associated with installation of the fraud prevention application on the mobile device.]
|
|
[ 45. The method of claim 44, wherein the indicator includes attempted installation of the fraud prevention application on the mobile device.]
|
|
[ 46. The method of claim 44, wherein the exhaustible permission further includes a time-limitation beyond which usability of the exhaustible permission is automatically exhausted.]
|
|
[ 47. The method of claim 44, further comprising registering a specific instance of the application having a unique identifier associated therewith responsive to receiving the indicator associated with installation.]
|
|
[ 48. The method of claim 1, wherein the communication with the fraud prevention application includes at least communication using one or more internet protocols.]
|
|
[ 49. The method of claim 20, further comprising:
determining that the request requires identity verification based at least in part on a first plurality of electronic identifiers, received in conjunction with the request, compared to a second plurality of electronic identifiers stored with respect to a profile associated with the request; and wherein
the communicating with the fraud prevention application is further responsive to the determination that the request requires identity verification.]
|
|
[ 50. The method of claim 49,
wherein the profile associated with the request further defines a plurality of conditions requiring identity verification, different ones of the conditions based on different types of data received with the request and wherein the plurality of conditions includes at least a first condition comprising comparison of the first plurality of electronic identifiers to the at least the second plurality of electronic identifiers and a basis for the comparison resulting in a determination that the first computing device is not recognized, and
wherein the profile further defines communication with the fraud prevention application as a verification action to be taken responsive to comparison of the first plurality of electronic identifiers under the first condition resulting in the user device being not recognized based at least in part on the basis.]
|
|
[ 51. The method of claim 50, wherein the profile further defines at least a second verification action different from communication with the fraud prevention application to be taken responsive to at least a second of the plurality of conditions, different from the first condition, being evaluated and requiring verification as a result of the evaluation.]
|
|
[ 52. The method of claim 20, further comprising:
determining that the request requires identity verification based on evaluation of one or more of a plurality of conditions defined as applicable to the request based on inclusion in a profile associated with request, wherein different ones of the plurality of conditions are based on different types of data received with the request, wherein at least one of the conditions evaluated and resulting in the determination that the request requires identity verification includes a designation of use of the fraud prevention application as a verification method; and
wherein the communication with the fraud prevention application is further responsive to the evaluation of the at least one condition resulting in the determination that the request requires identity verification.]
|
|
[ 53. The method of claim 52, wherein the request includes a user identifier usable to identify a user from whom the request purportedly originated as part of the data received with the request and wherein the profile includes a stored association between the user identifier and the fraud prevention application.]
|
|
[ 54. The method of claim 53, wherein the stored association between the user identifier and the fraud prevention application was stored based at least in part on installation of the fraud prevention application on the mobile phone.]
|
|
[ 55. The method of claim 52, wherein use of the fraud prevention application as the verification method for the at least one condition is one of a plurality of configurable options configurable to selectively designate one or more fraud verification methods, of a plurality of fraud verification methods, in conjunction with the profile and wherein the method further includes choosing the fraud prevention application as the verification method for the at least one of the conditions.]
|
|
[ 56. The method of claim 52, wherein the profile is a rules profile controlled by a provisor of the software and is associated with the request based on a designation of the rules profile as a profile to be used for validating requests.]
|
|
[ 57. The method of claim 56, wherein user data to be used in the evaluation of the conditions is stored in a user profile associated with a user identified by a user identifier included with the request and accessed responsive to use of the rules profile to validate the request from the identified user.]
|
|
[ 58. The method of claim 52, wherein with the communication with the fraud prevention application comprises communicating with a specific installation of the fraud prevention application identified by a stored unique identification number stored in association with a user identified by a user identifier included in the request.]
|
|
[ 59. The method of claim 58, further comprising identifying the specific installation of the fraud prevention application prior to the communicating by accessing a profile, associated with the user, storing the unique identification number.]
|
|
[ 60. The method of claim 52, further comprising identifying a specific installation of the fraud prevention application identified by stored unique identification information related to the mobile phone and having a stored designation as identification information for the fraud prevention application; and wherein the communication with the fraud prevention application further comprising communicating with the specific installation of the fraud prevention application.]
|
|
[ 61. The method of claim 52, wherein the profile designates at least two configurable and different methods of contacting a user for verification, including use of the fraud prevention application and at least one different method.]
|
|
[ 62. The method of claim 52, further comprising:
receiving a request to install the fraud prevention application on the mobile device;
designating an exhaustible permission for installation of the fraud prevention application on the mobile device; and
exhausting the usability of the exhaustible permission responsive to receiving an indicator associated with installation of the fraud prevention application on the mobile device.]
|
|
[ 63. The method of claim 62, wherein the indicator includes attempted installation of the fraud prevention application on the mobile device.]
|
|
[ 64. The method of claim 62, wherein the exhaustible permission further includes a time-limitation beyond which usability of the exhaustible permission is automatically exhausted.]
|
|
[ 65. The method claim 62, further comprising registering a specific instance of the application having a unique identifier associated therewith responsive to receiving the indicator with installation.]
|
|
[ 66. The method of claim 62, wherein the communication with the fraud prevention application includes at least communication using one or more internet protocols.]
|
|
[ 67. The method of claim 20, further comprising:
receiving a request to install the fraud prevention application on the mobile device;
designating an exhaustible permission for installation of the fraud prevention application on the mobile device; and
exhausting the usability of the exhaustible permission responsive to receiving an indicator associated with installation of the fraud prevention application on the mobile device.]
|
|
[ 68. The method of claim 67, wherein the exhaustible permission further includes a time-limitation beyond which usability of the exhaustible permission is automatically exhausted.]
|
|
[ 69. The method of claim 67, further comprising registering a specific instance of the application having a unique identifier associated therewith responsive to receiving the indicator associated with installation.]
|
|
[ 70. The method of claim 20, wherein the communication with the fraud prevention application includes at least communication using one or more internet protocols.]
|