`
`
`
`
`U.S. Patent Agglication of:
`
`Nader Asghari—Kamrani ;
`
`and
`
`Kamran Asghari—Kamrani.
`
`
`
`1of19
`
`1
`
`USAA1016
`
`
`
`Centralized Identification and Authentication System and Method
`
`
`
`
`
`BACKGROUND OF THE INVENTION
`
`1. FIELD OF THE INVENTION
`
`The present invention relates to a centralized identification and
`
`authentication system and method for identifying an individual over a
`
`communication network such as Internet, to increase security in e—commerce.
`
`More particularly a method and system for generation of a dynamic, non-
`
`predictable and time dependent Securecode for the purpose of positively
`
`identifying an individual.
`
`2. DESCRIPTION OF THE RELATED ART
`
`The increasing use of the Internet and the increase of businesses utilizing
`
`e—commerce have lead to a dramatic increase in customers releasing confidential
`
`personal and financial information, in the form of social security numbers, names,
`
`addresses, credit card numbers and bank account numbers, to identify
`
`2of19
`
`
`
`themselves. This will allow them to get access to the restricted web sites or
`
`electronically purchase desired goods or services. Unfortunately this type of
`
`identification is not only unsafe but also it is not a foot proof that the user is really
`
`the person he says he is. The effect of these increases is reflected in the related
`
`art.
`
`US. Pat. No. 5,732,137 issued to Aziz outlines a system and method for
`
`providing remote user authentication in a public computer network such as the
`
`lntemet. More specifically, the system and method provides for remote
`
`authentication using a one—time password scheme having a secure out—of-band
`
`channel for initial password delivery.
`
`U.S. Pat. No. 5,815,665 issued to Teper et al. outlines the use of a system
`
`and method for enabling consumers to anonymously, securely and conveniently
`
`purchase on-line services from multiple service providers over a distributed
`
`network, such as the Internet. Specifiwlly, a trusted third-party broker provides
`
`billing and security services for registered service providers via an online
`
`brokering service, eliminating the need for the service providers to provide these
`
`services.
`
`
`
`U.S. Pat. No 5,991,408 issued to Pearson , et al. outlines a system and
`
`method for using a biometric element to create a secure identification and
`
`verification system, and more specifically to an apparatus and a method for
`
`creating a hard problem which has a representation of a biometric element as its
`
`solution.
`
`3of19
`
` fiW"‘
`
`
`
`
`
`"-.=.;=
`
`§:&
`
`Although each of the previous patents outline a valuable system and
`
`method, what is really needed is a system and method that offers digital identity
`
`to the users and allows them to participate in e-commerce without worrying about
`
`the privacy and security. in addition to offering security and privacy to the users,
`
`the new system has to be simple for businesses to adopt and also doesn’t
`
`require the financial institutions to change their existing systems. Such a secure,
`
`flexible and scalable system and method would be of great value to the
`
`businesses that would like to participate in today’s electronic commerce.
`
`None of the above inventions and patents, taken either singularly or in
`
`combination, is seen to describe the instant invention as claimed. Thus a
`
`centralized identification and authentication system and method solving the
`
`aforementioned problems is desired.
`
`For convenience, the term “user" is used throughout to represent both a
`
`typical person consuming goods and services as well as a business consuming
`
`goods and services.
`
`As used herein, a "Central—Entity” is any party that has user‘s personal
`
`and/or financial information, UserName, Password and generates dynamic, non-
`
`predictable and time dependable Securecode for the user. Examples of Central-
`
`Entity are: banks, credit card issuing companies or any intermediary service
`
`companies.
`
`As also used herein, an "External-Entity" is any party offering goods or
`
`services that users utilize by directly providing their UserName and Securecode
`
`as digital identity. Such entity could be a merchant, service provider or an online
`
`4of19
`
`4
`
`
`
`
`
`site. An “External-Entity" could also be an entity that receives the user's digital
`
`identity indirectly from the user through another Extemal-Entity, in order to
`
`authenticate the user, such entity could be a bank or a credit card issuing
`
`company.
`
`The term “UserName” is used herein to denote any alphanumeric name,
`
`id, login name or other identification phrase, which may be used by the “Central—
`
`Entity” to identify the user.
`
`The term “Password” is used herein to denote any alphanumeric
`
`password, secret code, PIN, prose phrase or other code, which may be stored in
`
`the system to authenticate the user by the “Central—Entity”.
`
`The term “SecureCode” is used herein to denote any dynamic, non-
`
`predictable and time dependent alphanumeric code, secret code, PIN or other
`
`code, which may be broadcast to the user over a communication network, and
`
`may be used as part of a digital identity to identify a user as an authorized user.
`
`The term "digital identity" is used herein to denote a combination of users
`
`"SecureCode" and users information such as "UserName", which may result in a
`
`dynamic, non—predictable and time dependable digital identity that could be used to
`
`identify a user as an authorized user.
`
`The term “financial information” is used herein to denote any credit card and
`
`banking account information such as debit cards, savings accounts and checking
`
`BCCOUFTIIS.
`
`50f19
`
`
`
`SUMMARY OF THE INVENTION
`
`The invention relates to a system and method provided by a Central-Entity
`
`for centralized identification and authentication of users and their transactions to
`
`increase security in e—commerce. The system includes:
`
`— A Central-Entity: This entity centralizes users personal and financial
`
`information in a secure environment in order to prevent the distribution of
`
`user’s information in e—commerce. This information is then used to create
`
`digital identity for the users. The users may use their digital identity to identify
`
`themselves instead of providing their personal and financial information to the
`
` ~ A plurality of users: A user represents both a typical person consuming goods
`
`External—Entities;
`
`
`
`and services as well as a business consuming goods and services, who
`
`needs to be identified in order to make online purchases or to get access to
`
`the restricted web sites. The user registers at the Central—Entity to receive his
`
`digital identity, which is then provided to the External—Entity for identification;
`
`— A plurality of External-Entities: An External—Entity is any party offering goods
`
`or services in e—commerce and needs to authenticate the users based on
`
`digital identity.
`
`The user signs-up at the Central-Entity by providing his personal or
`
`financial information. The Central-Entity creates a new account with user's
`personal or financial information and issues a unique UserName and Password
`
`to the user. The user provides his Username and Password to the Central—Entity
`
`for identification and authentication purposes when accessing the services
`
`6of19
`
`6
`
`
`
`provided by the Central—Entity. The Central—Entity also generates dynamic, non-
`
`predictable and time dependent Securecode for the user per user's request and
`
`issues the Securecode to the user. The Central-Entity maintains a copy of the
`
`Securecode for identification and authentication of the user’s digital identity. The
`
`user presents his UserName and Securecode as digital identity to the External-
`
`Entity for identification. When an External-Entity receives the user's digital
`
`identity (UserName and Securecode), the External-Entity will forward this
`
`information to the Central—Entity to identify and authenticate the user. The
`
`Central—Entity will validate the information and sends an approval or denial
`
`response back to the Extemal—Entity.
`
`There are also communications networks for the user, the Central—Entity
`
`and the External-Entity to give and receive information between each other.
`
`This invention also relates to a system and method provided by a Central-
`
`Entity for centralized identification and authentication of users to allow them
`
`access to restricted web sites using their digital identity, preferably without
`
`revealing confidential personal or financial information.
`
`This invention further relates to a system and method provided by a
`
`Central—Entity for centralized identification and authentication of users to allow
`
`them to purchase goods and services from an Extemal—Entity using their digital
`
`identity, preferably without revealing confidential personal or financial
`
`information.
`
`Accordingly, it is a principal object of the invention to offer digital identity to
`
`the users for identification in e—commerce.
`
`
`
`
`
`
`
`it is another object of the invention to centralize user’s personal and
`
`financial information in a secure environment.
`
`it is another object of the invention to prevent the user from distributing
`
`their personal and financial information.
`
`it is a further object of the invention to keep merchants, service providers,
`
`Internet sites and financial institutions satisfied by positively identifying and
`
`authenticating the users.
`
`it is another object of the invention to reduce fraud and increase security
`
`for e—commerce.
`
`it is another object of the invention to allow businesses to control visitors
`
`access to their web sites.
`
`It is another object of the invention to protect the customer from getting
`
`bills for goods and services that were not ordered.
`
`It is another object of the invention to increase customers’ trust and reduce
`
`customers’ fear for e—commerce.
`
`It is another object to decrease damages to the customers, merchants and
`
`financial institutions.
`
`
`
`8of19
`
`
`
`it is an object of the invention to provide improved elements and
`
`arrangements thereof for the purposes described which are inexpensive,
`
`dependable and fully effective in accomplishing its intended purposes.
`
`These and other objects of the present invention will become readily
`
`apparent upon further review of the following specification and drawings.
`
`
`
`
`
`
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`Fig. 1 is a high—level overview of a centralized identification and authentication
`
`system and method according to the present invention.
`
`Fig. 2 is a detailed overview of a centralized identification and authentication
`
`system and method according to the present invention.
`
`Fig. 3 is a block diagram of the registration of a customer utilizing a centralized
`
`identification and authentication system and method according to the present
`
`invention.
`
`Fig. 4 is a block diagram of the transaction of a customer utilizing a centralized
`
`identification and authentication system and method according to the present
`
`invention.
`
`Fig. 5 is a block diagram of a Central-Entity authorizing a user utilizing a
`
`centralized identification and authentication system and method according to the
`
`present invention.
`
`
`
`10 of 19
`
`10
`
`
`
` iil
`
`
`
`DETAILED DESCRIPTION OF THE PREFERRED EMBODiMENTS
`
`Detailed descriptions of the preferred embodiment are provided herein.
`
`it
`
`is to be understood, however, that the present invention may be embodied in
`
`various forms. Therefore, specific details disclosed herein are not to be
`
`interpreted as limiting, but rather as a basis for the claims and as a
`
`representative basis for teaching one skilled in the art to employ the present
`
`invention in virtually any appropriately detailed system, structure or manner.
`
`The invention relates to a system 1 and method 2 to identify and
`
`authenticate the users and their transactions to increase security in e—commerce.
`
`Fig. 1 illustrates a system to positively identify the users 10 in e-commerce
`
`based on digital identity.
`
`The system 1 comprises a plurality of users 10, a plurality of External-
`
`Entities 20 with goods and services that are desired by the users 10 and a
`
`Central—Entity 30 providing a unique UserName and Password to the users 10
`
`and generating dynamic, non-predictable and time dependent Securecode for
`
`the users 10 per user's request. There are also communication networks 50 for
`
`the user 10, the Central—Entity 30 and the External-Entity 20 to give and receive
`
`information between each other.
`
`It would be desirable to develop a new system 1 and method 2 to
`
`centralize user's personal and financial information in a secure environment and
`
`to offer digital identity to the users 10 in order to provide privacy, increase
`
`security and reduce fraud in e—commerce. ideally, a secure identification and
`
`authentication system 1 would identify legitimate users 10 and unauthorized
`
`110f19
`
`11
`
`
`
`users 10. This would increase the user's trust, which leads to more sales and
`
`cash flow for the merchants/service providers.
`
`The present invention relates to a system 1 and method 2 to support this
`
`ideal identification and authentication system. For identification purpose, a digital
`
`identity (a unique UserName and a dynamic, non-predictable and time
`
`dependent Securecode) is used by the user 10 at the time of ordering or at the
`
`time of accessing a restricted Internet site. A series of steps describing the
`
`overall method are conducted between the users 10, the Central-Entity 30 and
`
`the External—Entity 20 and are outlined in Fig. 3,4,5.
`
`
`
`There are three distinct phases involved in using the centralized
`
`identification and authentication system Fig. 2, the first of which being the
`
`registration phase, which is depicted in Fig. 3. During the registration phase, the
`
`user 10 provides his personal or financial information to the Central-Entity 30.
`
`The user 10 registers at the Central—Entity 30, 100, 104 and receives his account
`
`and login information such as UserName and Password 108. User 10 can access
`
`his account at any time by accessing the Central—Entity's system using a
`
`communication network 50 and logging into the system.
`
`Next is the transaction phase, where the user 10 attempts to access a
`
`restricted web site or attempts to buy services or products 110, as illustrated in
`
`Fig. 4, through a standard interface provided by the Externa|—Entity 20, similar to
`
`what exists today and selects digital identity as his identification and
`
`authorization or payment option. The External-Entity 20 displays the access or
`
`purchase authorization form requesting the user 10 to authenticate himself using
`
`his UserName and Securecode as digital identity. The user 10 requests
`
`12 of 19
`
`12
`
`
`
`Securecode from the Central-Entity 30 by accessing his account over the
`
`communication network 50, 114. The Central-Entity 30 generates dynamic, non-
`
`predictable and time dependable Securecode 118 for the user 10. The Central-
`
`Entity 30 maintains a copy of the Securecode for identification and
`
`authentication of the user 10 and issues the Securecode to the user 10. When
`
`the user 10 receives the Securecode 120, the user 10 provides his UserName
`
`and Securecode as digital identity to the External-Entity 20, 124, Fig. 4.
`
`
`
`The third phase is identification and authorization phase. Once the user 10
`
`provides his digital identity to the External-Entity 20, the External-Entity 20
`
`forwards users digital identity along with the identification and authentication
`
`request to the Central-Entity 30, 130, as illustrated in Fig. 5. When the Central-
`
`Entity 30 receives the request containing the user's digital identity, the Central-
`
`Entity 30 locates the user's digital identity (UserName and Securecode) in the
`
`system 134 and compares it to the digitai identity received from the External-
`
`Entity 20 to identify and validate the user 10, 138. The Central-Entity 30
`
`generates a reply back to the External-Entity 20 via a communication network 50
`
`as a result of the comparison. if both digitat identities match, the Central-Entity 30
`
`will identify the user 10 and will send an approval of the identification and
`
`authorization request to the External-Entity 20, 140, otherwise will send a denial
`
`of the identification and authorization request to the External-Entity 20, 150. The
`
`External-Entity 20 receives the approval or denial response in a matter of
`
`seconds. The Extemal-Entity 20 might also display the identification and
`
`authentication response to the user 10.
`
`To use the digital identity feature, the Central-Entity 30 provides the
`
`authorized user 10 the capability to obtain a dynamic, non-predictable and time
`
`13 of 19
`
`13
`
`
`
`
`
`dependable Securecode. The user 10 will provide his UserName and
`
`Securecode as digital identity to the External—Entity 20 when this information is
`
`required by the External-Entity 20 to identify the user 10.
`
`The Central—Entity 30 may add other information to the Securecode
`
`before sending it to the user 10, by algorithmically combining Securecode with
`
`users information such as UserName. The generated Securecode will have all
`
`the information needed by the Central-Entity 30 to identify the user 10. in this
`
`case the user will only need to provide his Securecode as digital identity to the
`
`External—Entity 20 for identification.
`
`In the preferred embodiment, the user 10 uses the communication
`
`network 50 to receive the Securecode from the Central-Entity 30. The user 10
`
`submits the Securecode in response to External—Entity's request 124. The
`
`Securecode is preferably implemented through the use of an indicator. This
`
`indicator has two states: "on" for valid and "off" for invalid. When the user 10
`
`receives the Securecode, the Securecode is in “on" or "valid" state. The
`
`Central—Entity 30 may improve the level of security by invalidating the
`
`Securecode after it's use. This may increase the level of difficulty for
`
`unauthorized user. Two events may cause a valid Securecode to become
`
`invalid:
`
`1. Timer event: This event occurs when the predefined time passes. As
`
`mentioned above the Securecode is time dependent.
`
`2. Validation event: This event occurs when the Securecode forwarded
`
`to the Central-Entity 30 (as part of digital identity) corresponds to the
`
`user's Securecode held in the system. When this happens the Central-
`
`Entity 30 will invalidate the Securecode to prevent future use and
`
`14 of 19
`
`14
`
`
`
`
`
`sends an approval identification and authorization message to the
`
`External—Entity 20,140.
`
`A valid digital identity corresponds to a valid Securecode. When the
`
`SecureCode becomes invalid, the digital identity will also become invalid.
`
`While the invention has been described in connection with a preferred
`
`embodiment, it is not intended to limit the scope of the invention to the particular
`
`form set forth, but on the contrary, it is intended to cover such alternatives,
`
`modifications, and equivalents as may be included within the spirit and scope of
`
`the invention as defined by the appended claims.
`
`
`
`15 of 19
`
`15
`
`
`
`What is claimed is:
`
`CLAIMS
`
`1.
`
`A system for identifying an individual over a communication
`
`network; comprising:
`
`a User that needs to be identified in e—commerce;
`
`a Central-Entity that provides digital identity to the users to
`
`positively identify themselves in e—commerce;
`
`an External—Entity offering goods or services and needs to
`
`authenticate the users in e—commerce;
`
`a communication network for the user, the Central-Entity and the
`
`External-Entity to send and receive information between each other.
`
`2.
`
`The system according to claim 1‘, wherein said a digital identity
`
`includes Securecode and other information such as UserName.
`
`3.
`
`A system according to claim 2, wherein said a Securecode is a
`
`dynamic, non—predictable and time dependent alphanumeric code, secret
`
`code, PlN or other code.
`
`4.
`
`The system according to claim 1, wherein said communication
`
`network includes Internet, wireless and private networks.
`
`5.
`
`A method for identifying an individual; comprising the steps:
`
`The user registers at the Central-Entity;
`
`The user provides his personal andlor financial information to the
`
`Central—Entity;
`
`16 of 19
`
`16
`
`
`
`
`
`
`
`The user receives his unique UserName and Password from the
`
`Central—Entity;
`
`The user attempts to get access to a restricted web site or to buy
`
`goods and/or services from an External—Entity;
`
`The External-Entity requests the user to authenticate himself using
`
`his digital identity;
`
`The user requests Securecode from the Central—Entity;
`
`The Central-Entity generates dynamic, non-predictable and time
`
`dependabie Securecode for the user;
`
`The Centra|—Entity stores a copy of the Securecode and sends out
`
`the Securecode to the user over a communication network;
`
`The user receives the Securecode over a communication network;
`
`The user submits his Securecode as part of the digital identity in
`
`response to External-Entity‘s request;
`
`The External—Entity forwards the user's digital identity along with the
`
`identification and authentication request to the Central~Entity over a
`
`communication network;
`
`The Central—Entity retrieves the user's digital identity including the
`
`Securecode from the system;
`
`The Central—Entity compares the retrieved users digital identity with
`
`the digital identity received from the External—Entity;
`
`The Central-Entity sends approval identification and authorization
`
`message to the External-Entity when the digital identity forwarded to the
`
`Central—Entity, matches the user‘s digital identity retrieved from the
`
`system;
`
`The Central-Entity sends a denial identification and authorization
`
`message to the External-Entity when the digital identity forwarded to the
`
`17 of 19
`
`17
`
`
`
`Central-Entity does not match the user's digitai identity retrieved from the
`
`system.
`
`
`
`
`
`
`
`18 of 19
`
`18
`
`
`
`
`
`
`ABSTRACT OF THE DlSCLOSURE
`
`A method and system is provided by a Central-Entity, for identification and
`
`authorization of users over a communication network such as Internet. Central-
`
`Entity centralizes users personal and financial information in a secure
`
`environment in order to prevent the distribution of user’s information in e-
`
`commerce. This information is then used to create digital identity for the users.
`
`The digital identity of each user is dynamic, non predictable and time
`
`dependable, because it is a combination of user name and a dynamic, non
`
`predictable and time dependable secure code that will be provided to the user for
`
`his identification.
`
`The user will provide his digital identity to an External-Entity such as
`
`merchant or service provider. The External—Entity is dependent on Central-Entity
`
`to identify the user based on the digital identity given by the user. The External-
`
`Entity forwards user’s digital identity to the Central—Entity for identification and
`
`authentication of the user and the transaction.
`
`The identification and authentication system provided by the Central-
`
`Entity, determines whether the user is an authorized user by checking whether
`
`the digital identity provided by the user to the External-Entity, corresponds to the
`
`digital identity being held for the user by the authentication system. If they
`
`correspond, then the authentication system identifies the user as an authorized
`
`user, and sends an approval identification and authorization message to the
`
`External-Entity, otherwise the authentication system will not identify the user as
`
`an authorized user and sends a denial identification and authorization message
`
`to the External-Entity.
`
`19 of 19
`
`19
`
`
`
`Nader Asghari-Kamrani, et al.
`
`1 I 5
`
`1 W7
`
`/ 50
`
`10
`
`@
`
`10
`
`&
`
`1 0
`
`E
`
`
`
`communication
`Netwmk
`(such as Internet)
`
`
`
`
`20
`
`20
`
`E
`
`.
`xternal-Entity 2
`
`2o
`
`30
`
`Central-Entity
`
`Figure 1
`
`20
`
`
`
`Securecode
`Generation
`,
`
`Digital Identity
`
`Comparison
`
`Nader Asghari—Kamrani, et al.
`
`2 I 5
`
`2
`
`Personal or Financial information
`
`
`
`Registration
`
`Account
`C
`ti
`
`tea
` Account information
`
`
`
`
` 30
`
`
`) Communication
`Network
`
`"
`
`RequestIReceive Securecode
`
`
`
`20
`
`
`
`Registration Phase
`
`steps:
`
`6) @
`
`Transaction Phase Steps: ® ® ® @ ® G’
`
`Identification & Authorization Phase
`Steps:
`
`@696)
`
`Figure 2
`
`21
`
`
`
`Nader Asghari-Kamrani, et al.
`
`3/5
`
`
`
`100
`
`104
`
`108
`
`User signs-up a the central-
`Entity by providing his personal
`or financial information
`
`central-Entity creates an
`account for the USER
`
`USER receives account
`infonnation from the Central-
`
`Entity, including UserName and
`Password
`
`110
`
`Figure 3
`
`22
`
`
`
`Nader Asghari-Kamrani, et at.
`
`4 I 5
`
`1 O8
`
`
`
`110
`
`114
`
`118
`
`120
`
`124
`
`USER attempts to get access to
`a restricted web site OR to buy
`
`goodslservices
`
`USER requests Securecode from
`the Central-Entity over the
`
`communication network
`
`Central-Entity generates
`dynamic, non-predictable and
`
`time dependent securecode
`
`USER receives the Securecode
`
`USER provides his UserName
`and Securecode as digital
`identity to the External-Entity for
`
`identification
`
`130
`
`Figure 4
`
`23
`
`
`
`Nader Asghari-Kamrani, et at.
`
`5 I 5
`
`124
`
`The Extemal-Entity forwards the
`user's digital identity along with
`the identification and
`
`authentication request to the
`central-Entity
`
`USER's digital identity in the
`
`The Central-Entity locates the
`
`130
`
`13
`
`138
`
`140
`
`
`
`
`
`
`Central-Entity compares the
`user's digital identity retrieved
`from the system to the digital
`identity received from the
`External-Entity
`
`
`
`
`
`
`150
`
`central-Entity sends a denial
`identification and authorization
`message to the External-Entity
`
`Yes
`
`central-Entity sends an approval
`identification and authorization
`
`message to the External-Entity
`
`Figure 5
`
`24