Express
Contactless ATM & Branch Authentication
User authenticates via personal device instead of shared kiosk — no physical contact required with bank terminals.
A contactless authentication platform that routes interactive challenges to the user's own device — never shared surfaces — and silently detects when a user is operating under coercion, without alerting the coercer.
Traditional banking authentication forces users to interact with shared kiosk terminals — touching surfaces handled by strangers, entering PINs in public. But there's a worse problem than hygiene: when a user is being coerced, there's no safe way to signal distress without alerting the attacker.
When a user initiates an event at a bank terminal, the platform sends an interactive authentication challenge to the user's pre-registered personal device — not the shared kiosk. The user responds on hardware only they control.
If the user is under duress, they include a pre-designated duress character anywhere in their authentication response. The platform detects it, authenticates normally to the coercer's eye, but simultaneously routes a silent alert to staff — and returns a specifically differentiated output distinguishable from a normal auth failure.
The enterprise terminal handles only the event request and the final response. All authentication happens on the user's own pre-registered device — severing the shared-surface attack surface entirely.
The platform retrieves user data from a database to generate a personalized interactive challenge — not a static form — before routing it to the registered device.
The platform generates a personalized interactive authentication request and transmits it directly to the user's pre-registered device. The user responds from their own hardware — their personal phone, not the bank's shared touchscreen.
Select a scenario below to see how the platform responds to each authentication outcome.
A user can pre-register a duress character — a specific digit, symbol, or position that they insert into their normal authentication response when under coercion. The platform recognizes it instantly; the attacker sees only what appears to be a normal PIN entry.
The duress trigger activates a distinct response path — alerting staff or security while allowing the event to appear to proceed normally, protecting the user from retaliation.
The platform generates differentiated outputs depending on the authentication result — allowing systems downstream to act on richer signal than a binary pass/fail, while keeping the user-facing display controlled.
The coercer sees the user-facing display. Staff and connected systems receive the internal alert. Neither sees the other's output.
First authentication output. Event is processed. Transmitted to the terminal and/or personal device.
Second authentication output — different from the first. Event denied. Transmitted with enough distinction for downstream systems to log and analyze.
Authentication response triggers the duress path. Platform generates the success-facing output to protect the user — while simultaneously routing a silent alert to staff. The attacker sees a normal completion; security receives a coded alert.
The system works because the user's personal device is pre-registered — known to the platform before any authentication event. When a challenge is issued, it goes to a device only the legitimate user controls, not any device a bad actor might intercept.
The platform retrieves user computing device data from a database tied to the user's profile — ensuring that even if credentials are stolen, auth challenges cannot be redirected to an attacker's device.
The combination of contactless interaction, pre-registered device routing, and silent duress signaling enables a range of high-security use cases across in-person banking and beyond.
Granted in late 2023, this patent has already been cited by four organizations building on its contactless authentication and event-processing framework — a fast adoption signal for a patent covering post-pandemic contactless infrastructure.