EP-4738156-A1 - AUTHENTICATING A USER

Abstract

A method of authenticating a user to a third party using a computing device is disclosed, the method comprising: receiving an input comprising one or more words from the user; obtaining an identification number corresponding to the one or more words; transmitting the identification number to a third party device associated with the third party; and receiving a message from the third party device that indicates whether or not the identification number corresponds to a valid identity. A suitable system and computer program for implementing the method are also disclosed.

Inventors

• BURTON, ASHLEY

Assignees

• Eckoh UK Limited

Dates

Publication Date

20260506

Application Date

20251021

Claims (15)

1. A method of authenticating a user to a third party, the method performed by at least one computing device and comprising: receiving an input from the user, the input comprising one or more words; obtaining an identification number corresponding to the one or more words; transmitting the identification number to a third party device associated with the third party; and receiving a message from the third party device, the message comprising an indication of whether or not the identification number corresponds to a valid identity.
2. The method of claim 1, wherein, if the indication indicates that the identification number is valid, the method further comprises: outputting an authentication challenge for the user, the authentication challenge based on information included in the message from the third party device; receiving a user response to the authentication challenge; transmitting the user response to the third party device; and receiving a further message from the third party device, the further message comprising a further indication of whether or not the user has been successfully authenticated as being associated with the valid identity.
3. The method of any preceding claim, wherein obtaining the identification number comprises processing the one or more words and an obfuscation factor.
4. The method of claim 3, wherein the obfuscation factor is dependent on an identity of the third party.
5. The method of claim 3 or 4, wherein the obfuscation factor is dependent on an identity of the user.
6. The method of any of claims 3 to 5, wherein the obfuscation factor is unique to a particular communication session between the user and the third party.
7. The method of any of claims 3 to 5, wherein the obfuscation factor is valid for a predetermined time window.
8. The method of any preceding claim, wherein the input comprises an automated speech recognition result recorded during a communication session between the user and the third party, wherein the method optionally further comprises determining that the automatic speech recognition result meets predetermined confidence criteria.
9. The method of any preceding claim, wherein the input comprises text.
10. The method of any preceding claim, wherein the input is provided by the user during a communication session with the third party wherein optionally the communication session is a voice-based communication session, or an instant messaging communication session.
11. The method of any preceding claim, wherein the method further comprises evaluating a checksum associated with the list of words to determine whether or not the list of words corresponds to a valid identification number.
12. The method of any preceding claim, wherein obtaining the identification number comprises confirming that each word in the list of words appears in a predetermined set of words stored in a memory accessible by the computing device, wherein the predetermined set of words is in compliance with one or more predefined criteria.
13. The method of claim 12, wherein one of the predefined criteria is that the predetermined set of words lacks homophones; and/or one of the predefined criteria is that the predetermined set of words lacks homographs.
14. A computing device for authenticating a user to a third party, the computing device comprising a processor configured to: receive an input from the user, the input comprising one or more words; obtain an identification number corresponding to the one or more words; transmit the identification number to a third party device associated with the third party; and receive a message from the third party device, the message comprising an indication of whether or not the identification number corresponds to a valid identity.
15. A computer program for authenticating a user to a third party, the computer program containing instructions that, when executed by a processor of a computing device, cause the computing device to: receive an input from the user, the input comprising one or more words; obtain an identification number corresponding to the one or more words; transmit the identification number to a third party device associated with the third party; and receive a message from the third party device, the message comprising an indication of whether or not the identification number corresponds to a valid identity.

Description

FIELD OF THE INVENTION The invention generally relates to user authentication, in particular user authentication based on word lists. BACKGROUND TO THE INVENTION Customers regularly interact with automated self-service solutions and with agents in contact centers in order to manage and make use of commercial, government or healthcare services. Modern authentication methods typically require multiple factors that include an identifier along with one or more factors to prove the customer's identity, for example an account password, date of birth, postal code or zip code, last 4 digits of a bank account or payment card. Typically, in the course of an interaction the customer is required to assert an identifier that represents themselves (e.g. a social security number), an account held singularly or jointly (e.g. a bank or utility account), a payment instrument (e.g. a payment card), physical asset (e.g. a parcel) or virtual asset (e.g. a gift voucher, cryptocurrency wallet). These identifiers often involve a numeric or alphanumeric reference (e.g. account number, patient ID, invoice number, vehicle registration, license number, policy number, etc.). SUMMARY OF THE INVENTION The inventors have recognised that managing a growing number of numeric or alphanumeric references relating to different services can be challenging. Additionally, it is common for customers not to know their account number or identifier since it is often a procedurally generated by an organization's internal systems and is therefore not memorable. Failure to correctly identify the customer during automated journeys frequently requires a "drop out" or transfer from the authentication procedure to a contact center agent. This creates customer frustration and results in an increased computational burden. For example, creating a new communication session between the customer and the agent requires network and processor resources to be used. Furthermore, failure to correctly identify the customer during an agent led interaction typically means that contacts take longer to serve, again increasing network resource consumption and reducing customer satisfaction. The transmission of complex numeric and alphanumeric references is often most challenging in scenarios where voice is the channel over which the customer is communicating, such as automated telephone services, Al-based voice virtual agent interactions, voice assistants and virtual reality/metaverse applications. In these scenarios, long reference numbers are challenging and it would be far more effective for a customer to use a simpler and more memorable means of identifying themselves. The inventors have recognized that the use of long numeric or alphanumeric references as identifiers is not conducive to an engaging and efficient customer experience, nor are the resulting identifiers easily memorable, especially in the context of infrequent use. The authentication factors used to validate an identity may be more memorable since they are typically passwords or PINs set by the customer or personal information that the customer knows about themselves (e.g. date of birth, postcode, etc.). That said, it is increasingly common for authentication mechanisms to use time based one-time password (TOTP) generators, potentially introducing an additional non-intuitive numeric verification step. A failure to efficiently identify a customer results in increased friction, decreased customer satisfaction and additional network resource consumption in transferring customers to contact center agents to manually verify a customer's identity. As such, it is in the interest of both the customer and organizations to improve the performance of identification processes. It is with these considerations in mind that aspects of the present disclosure have been developed. According to an aspect of the present disclosure, there is provided a method of authenticating a user to a third party, the method performed by at least one computing device and comprising: receiving an input from the user, the input comprising one or more words; obtaining an identification number corresponding to the one or more words; transmitting the identification number to a third party device associated with the third party; and receiving a message from the third party device, the message comprising an indication of whether or not the identification number corresponds to a valid identity. It is noted that, throughout this disclosure, the term "identification number" is intended to cover any alphanumeric or other string in use as an identifier. An advantage of this method is that an ordered word list (OWL) is generally much more memorable for the user than an identification number. For example, using methods described herein, a 6-digit identification number may be replaced by 2 words drawn from a 1024-word master dictionary. The chance of the user forgetting their unique identifier is therefore greatly reduced. Additionally, OWLs may be easier