Direct Authentication and Authorization System and Method for Trusted Network
`
`of Financial Institutions
`
`U.S. Patent Application of:
`
`Nader Asghari-Kamrani ;
`
`and
`
`Kamran Asghari-Kamrani.
`
`1of41
`
`1
`
`USAA 1014
`
`
`
`of Financial Institutions
`
`U.S. Patent Application of:
`
`Nader Asghari-Kamrani ;
`
`and
`
`Kamran Asghari-Kamrani.
`
`1of41
`
`1
`
`USAA 1014
`
`
`
`Direct Authentication and Authorization System and Method for Trusted Network
`
`of Financial Institutions
`
`CROSS-REFERENCE TO RELATED APPLICATIONS
`
`This application is a continuation in part of and claims priority to U.S. patent
`
`application Serial No. 09/940,635 filed August 29, 2001. This application also
`
`claims priority to U.S. provisional patent application Serial No. 60/615,603 filed
`
`October 5, 2004.
`
`BACKGROUND OF THE INVENTION
`
`1. FIELD OF THE INVENTION
`
`The present invention generally relates to a direct authentication and
`
`authorization system and method for trusted network of financial
`
`institutions
`
`allowing them to directly authenticate their customers and receive their
`
`2 of41
`
`
`
`authorization of financial transactions over a communication network such as the
`
`lntemet. More specifically, the present invention is based on a new identification
`
`and authentication scheme as digital identity that enables financial institutions to
`
`directly authenticate their account owners and/or receive their authorization of
`
`financial transactions over a communication network such as the lntemet.
`
`2. BACKGROUND OF THE INVENTION
`
`Vifith the advent of the Internet, the number of online financial transactions
`
`has increased dramatically. V\fith this increase, concerns for the security of the
`
`financial transactions, proof of authorization for such transactions, and the need
`
`for direct authentication of the parties to these transactions have also risen.
`
`Therefore the Internet is more than just a different delivery channel for online
`
`financial transactions. There are two unique characteristics of the Internet that
`
`require special considerations:
`
`- The anonymity of the Internet creates an environment in which parties are not
`
`certain with whom they are doing business, which poses unique opportunities
`
`for fraud
`
`- The lntemet is an open network, which requires special security procedures
`
`to be deployed to prevent unauthorized access to the consumer financial
`
`information
`
`These unique characteristics of the Internet needed to be addressed by
`
`financial institutions in order to maintain their dominance in the payment arena.
`
`3of41
`
`
`
`Today, any authentication over a communication network such as the lntemet is an
`
`indirect authentication. Meaning, customers provide confidential, personal and
`
`financial information, in the form of social security numbers, names, addresses,
`
`credit card and bank account numbers, and businesses verify this information by
`
`accessing external databases. This type of authentication is not sufficient to truly
`
`identify the identity of customers and tell whether the customer is the actual
`
`account owner. This is why financial institutions have limited their online interbank
`
`and intrabank service offerings.
`
`For example,
`
`today,
`
`the financial
`
`institutions
`
`require their account owners to do their interbank funds transfer at a branch
`
`office and send a physical check to the receiver of the funds for payment, both of
`
`which are inconvenient and burdensome to corporate and individual customers.
`
`NACHA (National Clearing House Association) operating rules and federal
`
`government regulations also require financial
`
`institutions to authenticate their
`
`customers’
`
`identity and receive their authorization for any type of financial
`
`transaction such as payment or funds transfer over the Internet. In the physical
`
`world, financial transactions are authorized by the account owners in writing and
`
`signed or
`
`similarly authenticated.
`
`in the online world however,
`
`financial
`
`institutions do not have any solution to meet these requirements. An electronic
`
`authorization for an online transaction should be authenticated by a method that
`
`1) identifies the customer (account owner), and 2) manifests the assent of the
`
`customer to the authorization. Therefore, financial institutions must use a method
`
`that provides the same assurance as a signature in the physical world (a
`
`4 of41
`
`
`
`signature both uniquely identifies a person and evidences his assent to an
`
`agreement). These objectives should be met by whatever method or process a
`
`financial
`
`institution
`
`employs when obtaining
`
`a
`
`customers’
`
`authorization
`
`electronically.
`
`When dealing with customers over any communication network such as
`
`the Internet, financial institutions are facing numerous challenges:
`
`- Be able to identify the identity of the customers;
`
`- Be able to obtain transaction authorization from customers over the
`
`Internet;
`
`— Be able to confirm that the customer is the account owner and is
`
`authorized to use such account
`
`Financial institutions must meet these challenges in order to expand their
`
`online service offerings (interbank and intrabank) and maintain their dominance
`
`in the market. But lack of identification and real-time account verification methods
`
`have prevented financial institutions to achieve their goals.
`
`Today, there are three different identification and authentication schemes
`
`in the market:
`
`- Knowledge-based, which involve allowing access according to what a user
`
`knows;
`
`5of41
`
`
`
`-
`
`token-based, which involve allowing access according to what a user
`
`possesses;
`
`-
`
`biometrics-based, which involve allowing access according to what the user
`
`is.
`
`Due to various problems the current authentication schemes have, financial
`
`insfitutions have not been able to successfully use these technologies to perfonn
`
`direct authentication and authorization of
`
`their customers. Passwords are
`
`inexpensive and easy to use, but the static nature of passwords, makes them
`
`vulnerable for replay attacks. Another drawback of passwords is that online banking
`
`password cannot be used for identification and verification of financial account at
`
`the third party web sites. Biometrics can also be useful for user identification, but
`
`one problem with these schemes is the difficult tradeoff between imposter pass
`
`rate and false alarm rate. in addition, many biometric systems require specialized
`
`devices, which may be expensive. Token-based schemes are problematic as
`
`well. These are expensive to implement and require users to install special
`
`devices and software. Most
`
`token-based authentication systems also use
`
`knowledge-based authentication to prevent impersonation through theft or loss of
`
`the token.
`
`National Clearing House Association (NACHA) and several
`
`financial
`
`institutions such as \fisa and MasterCard have also attempted to develop
`
`authentication systems and methods,
`
`such as ISAP (lntemet Secure ATM
`
`6of41
`
`
`
`Payments) and SET (Secure Electronic Transaction) using smart card technology,
`
`but due to aforementioned smart card problems they failed to achieve customer
`
`acceptance. Therefore,
`
`they are now experimenting new password based
`
`programs such as VPAS (Visa Payer Authentication Service) and UCAF
`
`(MasterCard Payer Authentication Service) to allow registered cardholders to
`
`verify
`
`their purchases,
`
`a process known as payer
`
`authentication, but
`
`unfortunately these have abovementioned password issues and are specific to
`
`credit card transactions and do not apply to bank account transactions. it is also
`
`very difficult for a customer to manage. Owning N different credit cards requires
`
`recalling N different passwords for payment at checkout. According to a survey
`
`from Jupiter Media Metrix (epaynews.com, Feb. 21 2002), these systems and
`
`methods are also complicating the picture for consumers, who are worried by the
`
`mix of identification and authentication schemes.
`
`As for the financial account ownership verification, currently,
`
`there are
`
`several companies that are attempting to bring systems and methods for verifying
`
`account ownership, such as Paypal (EBAY) and CashEdge.
`
`Paypal
`
`introduces a system that
`
`initiates one or more verifying
`
`transactions using financial account information given by the customer. Selected
`
`details of the transaction(s) are saved, particularly details that may vary from one
`
`transaction to another. Such variable details may include the number of
`
`transactions performed, the amount of a transaction, the type of transaction (e.
`
`7of41
`
`
`
`g., credit, debit, deposit, withdrawal), the merchant name or account used by the
`
`system for the transaction, etc. The customer then retrieves evidence of the
`
`transaction(s) from his or her financial institution, which may be accomplished
`
`on-line, by telephone,
`
`in a monthly statement, etc., and submits the requested
`
`details to the Paypal system. The submitted details are compared to the stored
`
`details and, if they match, the account ownership is verified and the customer is
`
`then allowed to use the financial account. There are many drawbacks associated
`
`with the Paypal’s system, including:
`
`— No real-time account verification:
`
`It takes 2 to 3 days to verify customer's
`
`financial account
`
`- High cost: Paypal suggests sending two deposits (credits) to the user’s
`
`financial account, each of which is less than $0.99 in value.
`
`— Weak account verification: An unauthorized individual who has access to the
`
`details about verifying transactions would be verified as the account owner.
`
`CashEdge’s system requires the customer to provide bank account
`
`information along with the username and password of the online banking web
`
`site that the customer is using to access his/her bank account. The system then
`
`applies the customer's usemame and password to login to the online banking
`
`system for verification of the account ownership, The drawback of CashEdge
`
`system includes:
`
`8of41
`
`
`
`Security and Privacy Concerns: Requesting the customer to provide the
`
`online banking username and password to CashEdge raises customers’
`
`security and privacy concerns.
`
`Weak account verification: An unauthorized individual who has access to the
`
`customer’s username and password would be verified as the account owner.
`
`Fraud Risk: Vlfithout CashEdge’s system, a fraudster who has access to
`
`customers online banking username and password,
`
`is not able to transfer
`
`funds from the customer’s account, but CashEdge system provides this
`
`opportunity to an unauthorized individual to commit fraud.
`
`Financial
`
`institutions need a system that eliminates the aforementioned
`
`problems and concerns by:
`
`verifying customers’ identity
`
`verifying account ownerships in real-time
`
`providing prove of transaction authorization
`
`being secure, inexpensive and easy to use
`
`not
`
`requiring financial
`
`institutions
`
`to change their existing systems and
`
`processes
`
`covering bank account as well as credit card transactions
`
`For convenience, the term "customer" is used throughout to represent a
`
`financial institution's individual or corporate customer.
`
`9of41
`
`
`
`The tenn “financial institution” is used herein to denote any institution such
`
`as bank, credit card issuer, brokerage finn, debit card or credit card Company such
`
`as \/Isa, Master card, and AMEX or any other company that offers, financial
`
`services.
`
`The tenn “financial account” is used herein to denote any bank account,
`
`brokerage account, debit card and credit card account.
`
`The term "account ownership verification” is used herein to denote the
`
`process of verifying that the financial account belongs to the customer and the
`
`customer is authorized to use such financial account.
`
`,The tenn “communication network” is used herein to denote any private,
`
`wireless or public network such as lntemet.
`
`The term “indirect
`
`authentication”
`
`is used herein to denote
`
`any
`
`authentication method that authenticates the customers based on customers’
`
`infonnation. Meaning, customers provide confidential, personal and financial
`
`information,
`
`in the form of social security numbers, names, addresses, credit
`
`card and bank account numbers, and businesses verify this information by
`
`accessing external databases.
`
`10 of41
`
`10
`
`
`
`The tenn “direct authentication" is used herein to denote any authentication
`
`method that authenticates the customers based on customers‘ credentials such as
`
`biometric data or smart card.
`
`The tenn “funds transfer network” is used herein to denote any- network that
`
`financial institutions use to transfer funds, such as ACH, Fed wire, \fisa network.
`
`The term “interbank funds transfer" is used herein to denote account-to-
`
`account funds transfer between accounts at different financial institutions.
`
`The tenn “debit pull” is used herein to denote the way electronic payments
`
`and funds transfer are authorized and executed, where the receiver of funds is
`
`asking customer’s financial institution to debit the customer’s account.
`
`The term “credit push" is used herein to denote the way electronic payments
`
`and funds transfer are authorized and executed, where the customer instructs
`
`his/her financial
`
`institution to credit the account of the receiver (e.g. merchant
`
`account).
`
`The term “digital
`
`identity" is used herein to denote a dynamic, non-
`
`predictable and time dependent alphanumeric code, or any other key, which may
`
`be given by customer’s financial institution to the customer over a communication
`
`network such as the Internet, and may be valid for one-time use. The customer’s
`
`11 of41
`
`11
`
`
`
`digital identity is used for identification, authentication and authorization purposes
`
`for processing transactions over the communication network. Digital identity is
`
`calculated using a proprietary algorithm that may include any other customer
`
`and/or transaction specific infonnation to make the digital identity customer and
`
`transaction specific.
`
`The term “identity authority” is used herein to denote any entity that offers
`
`direct authentication services to other businesses. Identity authority issues and
`
`manages the digital identity.
`
`The term “Digital Identity System” is used herein to denote the system that
`
`deals with the calculation, transformation and validation of the digital
`
`identity
`
`using a proprietary algorithm.
`
`The term "Digital ldentity Network" is used herein to denote the trusted
`
`network between financial institutions using any communication network such as
`
`the lntemet. The Digital Identity Network enables the communication between
`
`financial
`
`institutions
`
`to send and receive Digital
`
`Identity Messages
`
`for
`
`identification and authentication of account owners and authorization of financial
`
`transactions.
`
`12 of41
`
`12
`
`
`
`The term “Digital Identity Message” is used herein to denote the message
`
`sent or received over the Digital Identity Network that may include customer’s
`
`digital identity and transaction information.
`
`13 of41
`
`13
`
`
`
`SUMMARY OF THE INVENTION
`
`The present invention provides solution to the aforementioned problems
`
`and the challenges the financial
`
`institutions face today. The present invention
`
`relates to a direct authentication and authorization system and method for trusted
`
`network of financial
`
`institutions allowing them to directly authenticate their
`
`customers
`
`and
`
`receive
`
`their
`
`authorization of financial or non-financial
`
`transactions over a communication network such as the Internet.
`
`To overcome the drawbacks of the known systems and methods discussed
`
`above, the present invention is based on a new identification and authentication
`
`method as digital
`
`identity. The new digital
`
`identity-based identification and
`
`authentication system and method:
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`verifies customers’ identity
`
`verifies account ownerships in real—time
`
`provides prove of transaction authorization
`
`reduces the risk of fraud and identity theft
`
`is secure, inexpensive and easy to use
`
`does not require financial
`processes
`
`institutions to change their existing systems and
`T
`
`-
`
`could be utilized for bank account as well as credit card transactions
`
`14 of41
`
`14
`
`
`
`The digital
`
`identity is an alphanumeric code and unlike password,
`
`biometric and smart card, the digital identity may be valid for one time use and is
`
`dynamic, non-predictable and may be time dependent, which is calculated using
`
`a proprietary algorithm that may include other customer’s specific information,
`
`which makes the digital
`
`identity customer specific. Thus,
`
`it
`
`is impossible to
`
`calculate the same digital
`
`identity for two different customers or two different
`
`customers receive the same digital identity. Therefore, the digital identity offers
`
`the benefits of a password, biometric and smart card, without their disadvantages.
`
`It's as easy to use as password and as secure as biometric and smart card.
`
`This invention comprises of Digital
`
`identity System and Digital Identity
`
`Network. The Digital Identity System deals with the calculation, transformation
`
`and validation of the digital identity. The Digital Identity Network is the trusted
`
`network between financial institutions that enables the communication between
`
`financial
`
`institutions
`
`to send and receive Digital
`
`Identity Messages
`
`for
`
`identification and authentication of account owners and authorization of financial
`
`or non-financial
`
`transactions. The Digital
`
`Identity Message may include
`
`customer's digital identity and transaction infonnation.
`
`Direct authentication and authorization system and method according to
`
`the present invention may include the following participants:
`
`15 of41
`
`15
`
`
`
`Originator - the Originator is the individual or corporate customer of the
`
`Participating Financial Institution (PFI). The Originator receives a new digital
`
`identity from its Participating Financial
`
`Institution (PFI) each time the
`
`Originator desires to initiate and authorize any non-financial or financial
`
`transaction such as payment or funds transfer. The Originator provides the
`
`digital
`
`identity to the Receiver
`
`for
`
`identification, authentication and/or
`
`authorization of the transaction.
`
`Receiver: Receiver is the individual or corporate customer of the Participating
`
`Financial
`
`Institution (PFI)
`
`that
`
`receives Originator's digital
`
`identity for
`
`identification, authentication and/or authorization of the non-financial or
`
`financial transaction such as payment or funds transfer.
`
`PFI — the Participating Financial Institution is the financial institution that has
`
`an existing relationship with Originators and/or Receivers and offers services
`
`to the Originators and/or Receivers. When a PFI serves Originators, the PFI
`
`is acting as an Originating Participating Financial Institution (OPFI) and when
`
`a PFI serves Receivers the PFI
`
`is acting as a Receiving Participating
`
`Financial Institution (RPFI). A Participating Financial Institution (PFI) may
`
`participate in the Digital Identity Network as an OPFI as well as a RPFI.
`
`DID Operator - the Digital Identity Operator is the digital identity authority that
`
`provides digital identity-based authentication and authorization services to the
`
`Participating Financial
`
`Institutions
`
`(PFls) by maintaining, operating and
`
`managing the Digital Identity System and Network. Each time the Originator
`
`desires to initiate and authorize any non-financial or financial transaction such
`
`16 of41
`
`16
`
`
`
`as payment or funds transfer,
`
`its Participating Financial Institutions (OPFI)
`
`requests the DID Operator to calculate a new digital
`
`identity for
`
`that
`
`Originator.
`
`Financial
`
`institutions need to become the Digital
`
`Identity Network
`
`participants to perform identification and authentication of their customers and/or
`
`receive their authorization of transactions.
`
`This invention enables financial institutions and their business customers
`
`to perform identification and authentication of their customers and/or to manifest
`
`their assent to the authorization of transactions. The customer's digital identity,
`
`which has been provided to that customer by the customer's financial institution,
`
`is issued and used at the time when third parties (e.g. merchant , billers) or other
`
`Participating Financial Institution needs to authenticate the customer's identity,
`
`verify the account ownership and/or receive the customer's authorization for the
`
`financial or non-financial
`
`transaction. Participating Financial Institutions issue
`
`digital identities to their account holders and validate digital identities issued by
`
`other Participating Financial Institutions in real time. Using Digital Identity System
`
`and Network, financial institutions can establish an environment in which parties
`
`to a transaction can reliably verify the electronic identities of customers, engage
`
`in legally binding agreements, and maintain auditable electronic information
`
`trails. The resulting high level of security and trust enables financial institutions to
`
`better serve the customers by enhancing their online service offerings.
`
`17 of41
`
`17
`
`
`
`This invention enables financial
`
`institutions to enhance security and
`
`reduce fraud by identifying their customers and account holders. This will allow
`
`them to provide various services to their customers. As an example, the invention
`
`may be used in interbank funds transfer transactions to perfomi identification and
`
`authentication, receive customers’ authorization and verify account ownership.
`
`As another example, the invention may be used in online payment transactions
`
`to perform identification and authentication of customers, receive customers’
`
`authorization, obtain payments and receive account ownership verification.
`
`As another example, the invention may be used in identity verification
`
`service offered by financial institutions to provide customer identification in e-
`
`commerce.
`
`This invention relates to a system and method for verification of customers’
`
`identity over a communication network such as the Internet.
`
`Accordingly,
`
`it is a principal objective of the invention to perform account
`
`ownership verification in real-time over a communication network such as the
`
`lntemet.
`
`18 of41
`
`18
`
`
`
`It is another objective of the invention to allow all parties involved in a
`
`transaction to give and receive transaction authorization over a communication
`
`network such as the Internet.
`
`It is another objective of the invention to provide a direct authentication
`
`and authorization system and method that is secure, inexpensive, easy to use and
`
`offers privacy to the financial institutions customers.
`
`It is another objective of the invention to_ provide a direct authentication
`
`and authorization system and method that does not require financial institutions to
`
`change their existing systems.
`
`It is another objective of the invention to provide a direct authentication
`
`and authorization system and method that is independent from any financial
`
`institution and applies to various types of financial accounts.
`
`jlt is another objective of the invention to reduce fraud and identity theft
`
`and increase security.
`
`It is another objective of the invention to build a circle of trust between
`
`customers, financial institutions, and businesses in e-commerce.
`
`19 of41
`
`19
`
`
`
`It
`
`is another objective of the invention to enable financial institutions to
`
`become the identity authority.
`
`These and other objects of the present invention will become readily
`
`apparent upon further review of the following specification and drawings.
`
`20 of41
`
`20
`
`
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`Fig. 1 is a high-level overview of a direct authentication and authorization system
`
`and method for trusted network of financial institutions according to the present
`
`invention.
`
`Fig. 2 is a high—level overview of Digital Identity System and Digital Identity
`
`Network in a direct authentication and authorization system and method
`
`according to the present invention.
`
`Fig. 3 illustrates the participants of direct authentication and authorization system
`
`and method according to the present invention.
`
`Fig. 4 illustrates
`
`financial
`
`institutions
`
`utilizing direct authentication and
`
`authorization system and method to process an interbank funds transfer
`
`transaction according to the present invention.
`
`Fig. 5, 6, 7 are block diagrams illustrating the process flow of financial institutions
`
`utilizing direct authentication and authorization system and method to process an
`
`interbank funds transfer transaction according to the present invention.
`
`21 of 41
`
`21
`
`
`
`Fig.
`
`8
`
`illustrates
`
`financial
`
`institutions
`
`utilizing direct authentication and
`
`authorization system and method to process an online payment transaction
`
`according to the present invention.
`
`Fig. 9, 10, 11 are block diagrams illustrating the process flow of financial
`
`institutions utilizing direct authentication and authorization system and method to
`
`process an online payment transaction according to the present invention..
`
`22 0f41
`
`22
`
`
`
`DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
`
`Detailed descriptions of the preferred embodiment are provided herein.
`
`It
`
`is to be understood, however, that the present invention may be embodied in
`
`various forms.
`
`Therefore, specific details disclosed herein are not
`
`to be
`
`interpreted as limiting, but
`
`rather as a basis for
`
`the claims and as a
`
`representative basis for teaching one skilled in the art to employ the present
`
`invention in virtually any appropriately detailed system, structure or manner.
`
`The present
`
`invention Fig. 1
`
`relates to a direct authentication and
`
`authorization system and method 1, for trusted network of financial institutions
`
`25, 35 allowing them to directly authenticate their customers 20 and receive their
`
`authorization of financial or non-financial transactions over a communication
`
`network 50 such as the Internet. More specifically, the present invention is based
`
`on a new identification and authentication method as digital
`
`identity 10 that
`
`enables financial institutions 25, 35 to directly authenticate their account owners
`
`20 and/or receive their authorization of financial or non-financial transactions
`
`over a communication network 50 such as the lntemet. The digital identity 10
`
`based authentication is secure, inexpensive, easy to useland does not require
`
`financial institutions’ customers 20 to install any hardware or software on their
`
`systems.
`
`23 of41
`
`23
`
`
`
`The digital
`
`identity 10 is an alphanumeric code and unlike password,
`
`biometric and smart card, the digital identity 10 is dynamic, non-predictable and
`
`may be time dependent, which is calculated using a proprietary algorithm that
`
`may include other customer’s 20 specific information, which makes the digital
`
`identity 10 customer 20 specific. Thus,
`
`it is impossible to calculate the same
`
`digital identity 10 for two different customers 20 or two different customers 20
`
`receive the same digital identity 10. Those skilled in the an appreciate that for
`
`digital identity 10 many different configurations are possible. In one embodiment
`
`the digital identity 10 is valid for one-time use and in another embodiment the
`
`digital identity is valid for multiple-time use.
`
`The digital identity 10 is:
`
`Dynamic — each time a digital
`
`identity 10 is requested, a different digital
`
`identity 10 is calculated;
`
`Non-predictable - there is no concern with recognizing the pattern, therefore
`
`it is impossible to predict the next digital identity 10;
`
`Time dependent — the digital
`
`identity 10 may be valid within certain time
`
`constraints to prevent replay attacks;
`
`Sensitive — any change to a digital identity 10 in transit results in an invalid
`
`digital identity 10.
`
`24 of41
`
`24
`
`
`
`The digital identity 10 offers the benefits of a password, biometric and smart
`
`card, without their disadvantages.
`
`It 10 is as easy to use as password and as
`
`secure as biometric and smart card.
`
`As illustrated in Fig. 2, this invention comprises of Digital Identity System
`
`2 and Digital Identity Network 3. The Digital Identity System 2 deals with the
`
`calculation,
`
`transformation and validation of the digital
`
`identity 10 using a
`
`proprietary algorithm. The Digital
`
`Identity Network 3 is the trusted network
`
`between financial institutions 25, 35 that enables the communication between
`
`financial
`
`institutions 25, 35 to send and receive Digital Identity Messages for
`
`identification and authentication of account owners 20 and authorization of
`
`financial or non-financial transactions. The Digital Identity Message may include
`
`customer's digital
`
`identity 10 and transaction information. When a financial
`
`institution 25,35 agrees to use the Digital
`
`Identity System 2,
`
`the financial
`
`institution 25, 35 will participate in the Digital Identity Network 3 to interchange
`
`authentication and authorization messages as well as Digital Identity Messages
`
`with other Participating Financial Institutions 25, 35.
`
`The Digital Identity System 2 and Digital Identity Network 3 are managed
`
`and operated by the DID Operator 30.
`
`The Digital Identity Network 3 is used for identification and authentication
`
`of the financial
`
`institutions’ 25, 35 account owners 20 andlor authorization of
`
`25 of41
`
`25
`
`
`
`financial or non-financial transactions. The Digital identity Network 3 will not be
`
`used for the transfer of the actual funds between financial institutions 25, 35.
`
`Upon successful authentication and authorization,
`
`the Participating Financial
`
`institutions 25, 35 or any third party on their behalf, will use their desired funds
`
`transfer network, such as ACH or Fed wire, to transfer funds between. accounts.
`
`Performing identification, authentication and authorization using digital
`
`identity 10 is secure. It is possible to compute millions of digital identities 10 for
`
`the same customer 20, and it is computationally infeasible to find customer's
`
`information from a given digital identity 10, or to find two different customers 20
`
`with the same digital identity 10. Any change to a digital identity 10 in transit will
`
`fail to verify. The timing and dynamic nature of the digital identity protects the
`
`system 1
`
`from replay attacks. Therefore the digital
`
`identity 10 offers more
`
`benefits to the financial institutions 25, 35, and their customers 20, 40 than the
`
`existing technologies such as biometrics.
`
`Direct authentication and authorization system and method 1, Fig. 3
`
`according to the present invention may include the following participants:
`
`— Originator 20: The Originator 20 is the individual or corporate customer of the
`
`Participating Financial Institution (PFl) 25, 35. The Originator 20 receives a
`
`new digital identity 10 from its Participating Financial institution (PFl) 25 each
`
`time the Originator 20 desires to initiate and authorize any non-financial or
`
`financial transaction such as payment or funds transfer. The Originator 20
`
`26 of41
`
`26
`
`
`
`provides the digital
`
`identity 10 to the Receiver 40 for
`
`identification,
`
`authentication and/or authorization of
`
`the transaction.
`
`A plurality of
`
`Originators 20 has an existing relationship with a Participating Financial
`
`Institution (PFI) 25. The Originator 20 could also act as a Receiver 40 in a
`
`transaction.
`
`Receiver 40: The Receiver 40 is an individual or corporate customer of the
`
`Participating Financial
`
`Institution (RPFI) 35 that receives Originator’s 20
`
`digital identity 10 for identification, authentication and/or authorization of the
`
`non-financial or financial transaction such as payment or funds transfer. The
`
`Receiver 40 processes the digital identity 10 received from the Originator 20
`
`through its existing relationship with its Participating Financial
`
`Institution
`
`(RPFl) 35. The Receiver 40 could also act as an Originator E 20 in a
`
`transaction.
`
`PFI 25, 35: The Participating Financial Institution 25, 35 is an institution that
`
`has an existing relationship with a plurality of Originators 20 and/or Receivers
`
`40 and offers services to them 20, 40 . When a PFl serves the Originator 20,
`
`the PFI is acting as an Originating Participating Financial Institution (OPFI) 25
`
`and when a PFI serves the Receiver 40 the PFI is acting as a Receiving
`
`Participating Financial
`
`Institution (RPFI) 35. A Participating Financial
`
`Institution (PFI) could act as an OPFI 25 as well as a RPFI 35.
`
`27 of 41
`
`27
`
`
`
`- DID Operator (Digital Identity Operator) 30: The DID Operator 30 is the digital
`
`identity authority that provides digital
`
`identity-based authentication and
`
`authorization services to the Participating Financial Institutions (PFIs) 25, 35
`
`by maintaining, operating and managing the Digital Identity System 2 and
`
`Network 3. Each time the Originator 20 desires to initiate and authorize any
`
`non-financial or financial transaction such as payment or funds transfer,
`
`its
`
`Participating Financial Institutions (OPFI) 25 requests the DID Operator 30 to
`
`calculate a new digital
`
`identity 10 for that Originator 20. A plurality of
`
`Participating Financial Institutions 25, 35 (PF|s) have an existing relationship
`
`with the DID Operator 30 to process digital id
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
