PTOISB/05 (04.05)
`Approved for use through o7r31r2oos. onus oe51-ooaz
`US. Patent and Trademark Otfice. US. DEPARTMENT OF COMMERCE
`a at d to a collection ofinfonnation unless it di -:
`a valid OMB control nu . - r.6
`
`A«omeyom«~o.
`
`«dc
`Asghari-Kamrani et al.
`» Fm ,m_,,,D,
`
`
`tleTi
`_ Direct Authentition and Aulhoriz (V in
`O)
`.
`
`(Only lbr new mnpmvisional applicafions under 37 CFR 1.53(1)»
`Express Mail Label No.
`
`
`Commissioner for Patents
`APPLICATION ELEMENTS
`P.O. Box 1450
`ADDRESS TO.‘
`
`See MPEP chapter 600 conceming utility patent application contents
`Alexandria VA 22313-1450
`
`-
`
`UTILITY
`
`PATENT APPLICATION
`
`
`
`
`TRANSMITTAL
`
`
`
`
`
`
`
`10. El 37_CFR 3.73(b)Statement
`(when there is an assignee)
`
`Power of
`_ Attorney
`
`11. CI English Translation Document (if applicable)
`
`
`
`
`1.
`
`2.
`
`3.
`
`i.
`
`
`
`
`Fee Transmittal Form (e.g.. PTO/SBI17)
`(Submit an angina! and a dupficate forfee processing)
`
`Applicant claims small entity status.
`See 37 CFR 1.27.
` 9. [3 Assignment Papers (cover sheet & docur'nent(s))‘
`[Total Pages_:fli[_]
`Specification
` Name of Assignee
`Both the claims and abstract must start on a new page
`(Fotinformatiorr on Ute preferred anangemerrl, see MPH’ 6o8.01(a))
`
`4. Dravring(s)(35 u.s.c. 113)
`[Tatalsheets
`11
`1
`5. Oath or Declaration
`[Total Sheets
`2
`]
`a.
`Newly executed (original or copy) '
`b. I A copy from a prior application (37 CFR 1.63(d))
`for continuation/divisional with Box 18 completed)
`DELETION OF lNVENTOR(S)
`‘
`Signed statement attached deleting inventor(s)‘
`name in the prior application, see 37 CFR
`- 1.63(d)(2) and 133th).
`
`
`13. D Preliminary Amendment
`
`
`
`
`
`14: D Retum Receipt Postcard (MPEP 503)
`(Should be specifically itemized)
`
`61:] Application Data Sheet. See 37 CFR 1.76
`
`7. C] CD-ROM or CD-R in duplicate, large ‘table or
`~
`puter Program (Appendix)
`Landscape Table on CD
`
`
`
`
`
`
`
`
`
`
`lllllllilliiillllllllllllll
`
`-s...
`
`.
`
`
`
`
`8. Nucleotide andlor Amino Acid Sequence Submission‘
`(if ap Iicable. items a. ~ c. are required)
`a.
`Computer Readable Form (CRF)
`b.
`Specification Sequence Listing on:
`
`
`15. C] Certified Copy of Priority Documentis)
`(if foreign priority is daimed)
`
`.16. [jNonpublication Request under 35 U.S.C. 122(b)(2)(B)(i).
`Applicant must attach town PTO/SBl35 or equivalent.
`
`
`
`a. CI concur orCD—R (2 copies); or
`3,‘ 1:]
`paper
`
`17. [:IOther:
`
`c. E] Statements verifying identity of above copies
`18. If a CONTINUING APPLICATION, check appropriate box, and supply line requisite information below and in the first sentence of the
`specifimlion following the title, or in an Application Data Sheet under 37 CFR 1. 76:
`
`
`
`
`
`E] Continuation
`Prior application information:
`
`I: Divisional
`Examiner A,[\Jg_I1§ha[
`
`Continuation—in-part(ClP)
`
`of prior application No.: 0.9/94053.5..........
`Artunft gjgg
`
`19. CORRESPONDENCE ADDRESS
`
`s5
`
`
`
`
`
`
`
`
`‘
`.
`E]The address associated with CustomerNumber: OR
` Nader Asghari-Kamrani
`A
`'
`
`
`‘
`6558 Palisades Drive
`
`
`cemreville ‘ : Ej
`
` j T°'eP“°"°
`<7o3>222~1o7o T
`I"-3.:
`
`j
`A
`"1
`are
`Anome mem
`Naerlksghan-Kamranr
`This wllection of infomration is required by 37 CFR 1.530)). The infonnationr is required to obtain'or retain a benefit by the public which is to file (and by the
`USPTO to process) an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.11 and 1.14. This colledion is estimated to take 12 minutes to
`complete, including gathering, preparing. and submitting the completed application form to the _USPTO. Time will vary depending upon the individual use. Any
`comments on the amount of time you require to complete this form and/or suggestions for reducing this burden. should be sent to the Chief Information Otficer,
`U.S. Patent and Trademark Ottice. U.S. Departmem of Commerce. R0. Box 1450, Alexandria, VA 22313-1450. 00 NOT SEND FEES OR COMPLETED
`FORMS To THIS ADDRESS. SEND To: Commissioner for Patents. P.O. Box 1450, Alexandria, VA 22313-1450.
`Ifyou need assistance in completing the form, all 1-eoo4>To-9199 andselect option 2.
`
`
`
`Conespondenoe address below
`
`1
`
`USAA 1031
`
`
`
`
`
`

`
`.4;
`
`Privacy Act Statement
`
`The Privacy Act of 1974 (P.L. 93-579) requires that you be given certain information in connection
`with your submission of the attached form related to a patent application or patent. Accordingly,
`pursuant to the requirements of the Act, please be advised that: (1) the general authority for the
`collection of this information is 35 U.S.C. 2(b)(2); (2) fumishing of the information solicited is voluntary;
`and (3) the principal purpose for which the information is used by the U.S. Patent and Trademark
`Office is to process and/or examine your submission related to a patent application or patent. If you do
`not fumish the requested infomwation. the U.S. Patent and Trademark Office may not be able to
`process andlor examine your submission, which may result in termination of proceedings or
`abandonment of the application or expiration of the patent.
`
`The infonnation provided by you in this form will be subject to the following routine uses:
`
`1. The information on this fonn will be treated confidentially to the extent allowed under the
`Freedom of information Act (5 U.S.C. 552) and the Privacy Act (5 U.S.C 552a). Records from
`this system of records may be disclosed to the Department of Justice to detemnine whether
`disclosure of these records is required by the Freedom of information Act.
`A record from this system of records may be disclosed, as a routine use. in the course of
`presenting evidence to a court. magistrate. or administrative tribunal. including disclosures to
`opposing counsel in the course of settlement negotiations.
`'
`A record in this system of records may be disclosed. as a routine use. to a Member of
`Congress submitting a request involving an individual. to whom the record pertains, when the
`individual has requested assistance from the Member with respect to the subject matter of the '
`record.
`
`A record in this system of records may be disclosed, as a routine use, to a contractor of the
`Agency having need for the information in order to perform a contract. Recipients of
`information shall be required to comply with the requirements of the Privacy Act of 1974. as
`amended, pursuant to 5 U.S.C. 552a(m).
`A record related to an lntemational Application filed under the Patent Cooperation Treaty in
`this system of records may be disclosed. as a routine use. to the lntemational Bureau of the
`Wortd Intellectual Property Organization, pursuant to the Patent Cooperation Treaty.
`. A record in this system of records may be disclosed, as a routine use, to another federal
`agency for purposes of National Security review (35 U.S.C. 181) and for review pursuant to .
`the Atomic Energy Act (42 U.S.-C. 218(c)).
`A record from this system of records may be disclosed, as a routine use. to the Administrator,
`General Sen/ices. or his/her designee, during an inspection of records conducted by GSA as
`part of that agency's responsibility to recommend improvements in records management
`’ practices and programs, under authority of 44 U.S.C. 2904 and 2906. Such disclosure shall
`be made in accordance with the GSA regulations governing inspection of records for this
`purpose. and any other relevant (i. 9., GSA or Commerce) directive. Such disclosure shall not
`be used to make determinations about individuals.
`A record from this system of records may be disclosed, as a routine use, to the public after
`either publication of the application pursuant to 35 U.S.C. 122(b) or issuance of a patent’
`pursuant to 35 U.S.C. 151. Further, a record may be disclosed, subject to the limitations of 37
`CFR 1.14. as a routine use, to the public if the record was filed in an application which
`became abandoned or in which the proceedings were terminated and which application is
`referenced by either a published application, an application open to public inspection or an
`issued patent.
`.
`A record from this system of records may be disclosed. as a routine use. to a Federal. State.
`or local law enforcement agency. if the USPTO becomes aware of a violation or potential
`violation of law or regulation.
`
`A
`
`

`
`
`
`PTOISBII7 (12-O4V2)
`Approved for use through 07/31/2006. OMB 0551-0032
`.
`U.S. Patent and Trademark Office: US, DEPARTMENT OF COMMERCE
`Under the Paoarwnrlt Reduction Act of 1995 no oersons are reouirad to respond to a collection of information unlas it clisolavs a valid 0MB control number
`
`'
`
`
`
`Effective on 12/ca/2004.
`Complete if Known
`Fees pursuant to the Consofidared Appropriatiorrs Act. 2005 (H.R. 4818).
`—
`;-s; FEE TRANSMITTAL T
`
`8
`For FY 2005
`- _
`‘W’ T
`
`I
`
`:re;Ai. AMOUNT OF PAYMENT
`
`($)
`
`5oo
`
`Mame, owe, N.,_
`
`—
`
`fiisri-ioo or PAYMENT (check all that ap I )
`Check i:i Credit Card D Money Order CI None ijOther (please identify):
`El Deposit Account Deposit Account Number'._____m. Deposit Account Name:
`For the above-identified deposit account. the Director is hereby authorized to: (check all that apply)
`
`
`
`
`
`
`
`[:1 Charge lee(s) indicated below, except for the filing foe
`D Charge fee(s) indicated below
`-
`Charge any additional fee(s) or underpayments of fee(s)
`E] Cw“ 3"’ °"°"’a"“°"‘5
`I: under 37 CFR 1.16 and 1.17
`WARNING: information on this lorrn may become public. Credit card Information should not be included on this form. Provide credit card
`information and authorization on PTO-2038.
`‘
`
`
`
`FEE CALCULATlON
`
`
`
`
`
`
`
`O
`
`‘ 1. BASIC FILING. SEARCH, AND EXAMINATION FEES
`FILING FEES
`SEARCH FEES
`Small Entig
`Small Entity
`Feem
`Feo(§)
`150
`250
`100
`50
`100
`I50
`150
`250
`100
`0
`
`'
`
`59.1151
`300
`200
`200
`300
`200
`
`i-£61
`500
`. 100
`300
`500
`0
`
`Foo (Q
`
`Fee Paid [§)
`
`—
`
`Fee Paid jfl
`
`,
`
`'
`
`EXAMINATION FEES
`Small Entity
`Foe(§)
`100
`65
`
`FAQ)
`200
`130
`160
`600
`0
`
`-
`
`$521.53!
`Fee (5)
`.E9.°_i§l
`' 25
`50
`100
`200
`180
`360
`Multiple Degndent Claims
`Fee (5)
`Fee Paid (Q
`
`_
`A "°3"°"T
`Utility
`Design
`Plant
`Reissue
`.
`Provisional
`2. EXCESS CLAIM FEES
`Foo Descrlflon
`Each claim over 20 (including Reissues)
`Each independent claim over 3 (including Reissues)
`Multiple dependent claims
`Total Claims
`Extra Claims
`x
`- 20 or HP =
`HP = highest numberoftotai claims paid for. if greater than 20.
`lndeg, Claims
`Extra Claims
`Fee (§[
`=
`x
`— 3 or HP =
`‘
`HP = highest numberof independent claims paid for, ifgreater than 3,
`_
`3. APPLICATION SIZE FEE
`If the specification and drawings exceed 100 sheets of paper (excluding electronically filed sequence or computer
`listings under 37 CFR 1.52(e)), the application size fee due is $250 ($125 for small entity) for each additional 50
`sheets or fraction thereof. See 35 U.S.C. 4l(§i)(l)(G) and 37 CFR l.16(:)‘.
`Total Shoots
`Extra Sheets
`Num or of each additional 50 or
`ction thereof
`- 100:
`I 50 =
`(round up to a Wnole number)
`x
`4. OTHER FEE(s)
`.
`$130 fee (no small entity discount)
`Non-English Specification,
`Other (e.g., late filing surcharge):
`
`Fee
`
`Fee Paid (§[
`
`F
`
`p 5., ,5,
`fies 3
`
` . ' ttj - '
`
`
`
`K’:'~’’’!5-. T°''*'’“°“° 003) 222-1070
`‘i
`Name (Pn‘n1ITvpe) Nader hari-Kamrani
`'
`Date 09 2
`This oolledion of information is required by 37 CFR 1.136. The information is required to obtain or retain a benefit by the public which is to tile (and by the
`USPTO to process) an applicafion. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.14. This collection is estimated to take 30 minutes to complete.
`including gathering. preparing. and submitting the completed application fonn to the USPTO. Time Will vary depending upon the individual case. Any comments
`on the amount of time you require to complete this form andlor suggestions for reducing this burden, should be sent to the Chief information Officer. U.S. Patent
`and Trademark Ofl'rc‘e. US. Department of Commerce. P.O. Box 1450, Alexandria. VA 22313-1450. DO NOT SEND FEES OR COMPLETED FORMS TO THlS
`ADDRESS. SEND TO: Commissioner for Patients, P.O. Box 1450, Alexandria, VA 22313-1450.
`Ifyou need assistance in completing the form, call 1-800-PTO-9199 and select option 2.
`
`

`
`Direct Authentication and Authorization System and Method for Trusted Network
`
`of Financial Institutions
`
`U.S. Patent Application of:
`
`Nader Asghari-Kamrani ;
`
`and
`
`Kamran Asghari-Kamwrani.
`
`1 of41
`
`

`
`Direct Authentication and Authorization System and Method for Trusted Network
`
`of Financial Institutions
`
`CROSS-REFERENCE TO RELATED APPLICATIONS
`
`This application is a continuation in part of and claims priority to U.S. patent
`
`application Serial No. 09/940,635 filed August 29, 2001. This application also
`
`claims priority to U.S. provisional patent application Serial No. 60/615,603 filed
`
`October 5, 2004.
`
`BACKGROUND OF THE INVENTION
`
`1. FIELD OF THE INVENTION
`
`The present invention generally relates to a direct authentication and
`
`authorization system and method for trusted network of financial
`
`institutions
`
`allowing them to directly authenticate their customers and receive their
`
`2of41
`
`

`
`authorization of financial transactions over a communication network such as the
`
`lntemet. More specifically, the present invention is based on a new identification
`
`and authentication scheme as digital identity that enables financial institutions to
`
`directly authenticate their account owners and/or receive their authorization of
`
`financial transactions over a communication network such as the lntemet.
`
`2. BACKGROUND OF THE INVENTION
`
`With the advent of the Internet, the number of online financial transactions
`
`has increased dramatically. V\fith this increase, concerns for the security of the
`
`financial transactions, proof of authorization for such transactions, and the need
`for direct authentication of the parties to these transactions have also risen.
`
`Therefore the Internet is more than just a different delivery channel for online
`
`financial transactions. There are two unique characteristics of the lntemet that
`
`require special considerations:
`
`- The anonymity of the Internet creates an environment in which parties are not
`
`certain with whom they are doing business, which poses unique opportunities
`
`for fraud
`
`- The Internet is an open network, which requires special security procedures
`
`to be deployed to prevent unauthorized access to the consumer financial
`
`information
`
`These unique characteristics of the Internet needed to be addressed by
`
`financial institutions in order to maintain their dominance in the payment arena.
`
`3of41
`
`

`
`Today, any authentication over a communication network such as the lntemet is an
`
`indirect authentication. Meaning, customers provide confidential, personal and
`
`financial information, in the form of social security numbers, names, addresses,
`
`credit card and bank account numbers, and businesses verify this information by
`
`accessing external databases. This type of authentication is not sufficient to truly
`
`identify the identity of customers and tell whether the customer is the actual
`
`account owner. This is why financial institutions have limited their online interbank
`
`and intrabank service offerings.
`
`For example,
`
`today,
`
`the financial
`
`institutions
`
`require their account owners to do their interbank funds transfer at a branch
`
`office and send a physical check to the receiver of the funds for payment, both of
`
`which are inconvenient and burdensome to corporate and individual customers.
`
`NACHA (National Clearing House Association) operating rules and federal
`
`government regulations also require financial institutions to authenticate their
`
`customers’
`
`identity and receive their authorization for any type of financial
`
`transaction such as payment or funds transfer over the lntemet. In the physical
`
`world, financial transactions are authorized by the account owners in writing and
`
`signed or
`
`similarly authenticated.
`
`in the online world however,
`
`financial
`
`institutions do not have any solution to meet these requirements. An electronic
`
`authorization for an online transaction should be authenticated by a method that
`
`1) identifies the customer (account owner), and 2) manifests the assent of the
`
`customer to the authorization. Therefore, financial institutions must use a method
`
`that provides the same assurance as a signature in the physical world (a
`
`4of41
`
`

`
`signature both uniquely identifies a person and evidences his assent to an
`
`agreement). These objectives should be met by whatever method or process a
`
`financial
`
`institution
`
`employs when obtaining
`
`a
`
`customers’
`
`authorization
`
`electronically.
`
`When dealing with customers over any communication network such as
`
`the lntemet, financial institutions are facing numerous challenges:
`
`- Be able to identify the identity of the customers;
`
`- Be able to obtain transaction authorization from customers over the
`
`lntemet;
`
`- Be able to confirm that the customer is the account owner and is
`
`authorized to use such account
`
`Financial institutions must meet these challenges in order to expand their
`
`online service offerings (interbank and intrabank) and maintain their dominance
`
`in the market. But lack of identification and real-time account verification methods
`
`have prevented financial institutions to achieve their goals.
`
`Today, there are three different identification and authentication schemes
`
`in the market:
`
`- Knowledge-based, which.involve allowing access according to what a user
`
`knows;
`
`5 0f41
`
`

`
`-
`
`token-based, which involve allowing access according to what a user
`
`possesses;
`
`-
`
`biometrics-based, which involve allowing access according to what the user
`
`is.
`
`Due to various problems the current authentication schemes have, financial
`
`institutions have not been able to successfully use these technologies to perform
`
`direct authentication and authorization of
`
`their customers. Passwords are
`
`inexpensive and easy to use, but the static nature of passwords, makes them
`
`vulnerable for replay attacks. Another drawback of passwords is that online banking
`
`password cannot be used for identification and verification of financial account at
`
`the third party web sites. Biometrics can also be useful for user identification, but
`
`one problem with these schemes is the difficult tradeoff between imposler pass
`
`rate and false alarm rate. In addition, many biometric systems require specialized
`
`devices, which may be expensive. Token-based schemes are problematic as
`
`well. These are expensive to implement and require users to install special
`
`devices and software. Most
`
`token—based authentication systems also use
`
`knowledge-based authentication to prevent impersonation through theft or loss of
`
`the token.
`
`National Clearing House Association (NACHA) and several
`
`financial
`
`institutions such as \fisa and MasterCard have also attempted to develop
`
`authentication systems and methods, such as ISAP (lntemet Secure ATM
`
`6of41
`
`

`
`Payments) and SET (Secure Electronic Transaction) using smart card technology,
`
`but due to aforementioned smart card problems they failed to achieve customer
`
`acceptance. Therefore,
`
`they are now experimenting new password based
`
`programs such as VPAS (Visa Payer Authentication Service) and UCAF
`
`(MasterCard Payer Authentication Service) to allow registered cardholders to
`
`verify their purchases,
`
`a process known as payer authentication, but
`
`unfortunately these have abovementioned password issues and are specific to
`
`credit card transactions and do not apply to bank account transactions. It is also
`
`very difficult for a customer to manage. Owning N different credit cards requires
`
`recalling N different passwords for payment at checkout. According to a survey
`
`from Jupiter Media Metrix (epaynews.com, Feb. 21 2002), these systems and
`
`methods are also complicating the picture for consumers, who are worried by the
`
`mix of identification and authentication schemes.
`
`As for the financial account ownership verification, currently,
`
`there are
`
`several companies that are attempting to bring systems and methods for verifying
`
`account ownership, such as Paypal (EBAY) and CashEdge.
`
`Paypal
`
`introduces a system that
`
`initiates one or more verifying
`
`transactions using financial account information given by the customer. Selected
`
`details of the transaction(s) are saved, particularly details that may vary from one
`
`transaction to another. Such variable details may include the number of
`
`transactions performed, the amount of a transaction, the type of transaction (e.
`
`7of41
`
`10
`
`

`
`g., credit, debit, deposit, withdrawal), the merchant name or account used by the
`
`system for the transaction, etc. The customer then retrieves evidence of the
`
`transaction(s) from his or her financial institution, which may be accomplished
`
`on-line, by telephone.
`
`in a monthly statement, etc., and submits the requested
`
`details to the Paypal system. The submitted details are compared to the stored
`
`details and, if they match, the account ownership is verified and the customer is
`
`then allowed to use the financial account. There are many drawbacks associated
`
`with the Paypal's system, including:
`
`— No real-time account verification:
`
`It takes 2 to 3 days to verify customefs
`
`financial account
`
`- High cost: Paypal suggests sending two deposits (credits) to the users
`
`financial account, each of which is less than $0.99 in value.
`
`— Weak account verification: An unauthorized individual who has access to the
`
`details about verifying transactions would be verified as the account owner.
`
`CashEdge’s system requires the customer to provide bank account
`
`information along with the usemame and password of the online banking web
`
`site that the customer is using to access his/her bank account. The system then
`
`applies the customer’s usemame and password to login to the online banking
`
`system for verification of the account ownership, The drawback of CashEdge
`
`system includes:
`
`8of41
`
`11
`
`

`
`-
`
`Security and Privacy Concerns: Requesting the customer to provide the
`
`online banking username and password to CashEdge raises customers’
`
`security and privacy concerns.
`
`- Weak account verification: An unauthorized individual who has access to the
`
`customer's username and password would be verified as the account owner.
`
`-
`
`Fraud Risk: Vtfithout CashEdge’s system, a fraudster who has access to
`
`customer’s online banking usemame and password,
`
`is not able to transfer
`
`funds from the customer’s account, but CashEdge system provides this
`
`opportunity to an unauthorized individual to commit fraud.
`
`Financial
`
`institutions need a system that eliminates the aforementioned
`
`problems and concerns by:
`
`-
`
`-
`
`~
`
`-
`
`—
`
`verifying customers’ identity
`
`verifying account ownerships in real-time
`
`providing prove of transaction authorization
`
`being secure, inexpensive and easy to use
`
`not
`
`requiring financial
`
`institutions to change their existing systems and
`
`processes
`
`-
`
`covering bank account as well as credit card transactions
`
`_For convenience, the term "customer" is used throughout to represent a
`
`financial lnstitution’s individual or corporate customer.
`
`9of41
`
`12
`
`

`
`The tenn “financial institution” is used herein to denote any institution such
`
`as bank, credit card issuer, brokerage finn, debit card or credit card Company such
`
`as \fisa, Master card, and AMEX or any other company that offers financial
`
`services.
`
`The tenn "financial account“ is used herein to denote any bank account,
`
`brokerage account, debit card and credit card account.
`
`The term “account ownership verification” is used herein to denote the
`
`process of verifying that the financial account belongs to the customer and the
`
`customer is authorized to use such financial account
`
`:The term “communication network" is used herein to denote any pn'vate,
`
`wireless or public network such as lnternet.
`
`The term “indirect
`
`authentication"
`
`is used herein to denote
`
`any
`
`authentication method that authenficates the customers based on customers’
`
`information. Meaning, customers provide confidential, personal and financial
`
`information,
`
`in the fonn ofsocial security numbers, names, addresses, credit
`
`card and bank account numbers, and businesses verify this infonnation by
`
`accessing external databases.
`
`10of41
`
`13
`
`

`
`The tenn “direct authentication" is used herein to denote any authentication
`
`method that authenticates the customers based on customers’ credentials such as
`
`biometric data or smart card.
`
`The tenn “funds transfer network" is used herein to denote any network that
`
`financial institutions use to transfer funds, such as ACH, Fed wire, \fisa network.
`
`‘The term “interbank funds transfer’ is used herein to denote account-to-
`
`account funds transfer between accounts at different financial institutions.
`
`The tenn “debit pull" is used herein to denote the way electronic payments
`
`and funds transfer are authorized and executed, where the receiver of funds is
`
`asking customers financial institution to debit the customers account.
`
`The term “credit push” is used herein to denote the way electronic payments
`
`and funds transfer are authorized and executed, where the customer instructs
`
`his/her financial
`
`institution to credit the account of the receiver (e.g. merchant
`
`account).
`
`The tenn “digital
`
`identity“ is used herein to denote a dynamic. non-
`
`predictable and time dependent alphanumeric code, or any other key, which may
`
`be given by customer's financial institution to the customer over a communication
`
`network such as the lntemet, and may be valid for one-time use. The customer’s
`
`1‘lof41
`
`14
`
`

`
`digital identity is used for identification, authentication and authorization purposes
`
`for processing transactions over the communication network. Digital identity is
`
`calculated using a proprietary algorithm that may include any other customer
`
`and/or transaction specific infonnation to make the digital identity customer and
`
`transaction specific.
`
`The term “identity authority" is used herein to denote any entity that offers
`
`direct authentication services to other businesses. Identity authority issues and
`
`manages the digital identity.
`
`The term "Digital Identity System” is used herein to denote the system that
`
`deals with the calculation, transformation and validation of the digital
`
`identity
`
`using a proprietary algorithm.
`
`The term "Digital Identity Network" is used herein to denote the trusted
`
`network between financial institutions using any communication network such as
`
`the lntemet. The Digital Identity Network enables the communication between
`
`financial
`
`institutions
`
`to send and receive Digital
`
`Identity Messages
`
`for
`
`identification and authentication of account owners and authorization of financial
`
`transactions.
`
`12 of41
`
`15
`
`

`
`The term “Digital Identity Message” is used herein to denote the message
`
`sent or received over the Digital Identity Network that may include customer's
`
`digital identity and transaction information.
`
`13 of41
`
`16
`
`

`
`SUMMARY OF THE iNVENTlON
`
`The present invention provides solution to the aforementioned problems
`
`and the challenges the financial institutions face today. The present invention
`
`relates to a direct authentication and authorization system and method for trusted
`
`network of financial
`
`institutions allowing them to directly authenticate their
`
`customers
`
`and receive
`
`their
`
`authorization :of
`
`financial
`
`or non-financial
`
`transactions over a communication network such as the lntemet.
`
`To overcome the drawbacks of the known systems and methods discussed
`
`above, the present invention is based on a new identification and authentication
`
`method as digital
`
`identity. The new digital
`
`identity-based identification and
`
`authentication system and method:
`
`-
`
`-
`
`-
`
`-
`
`-
`
`-
`
`verifies customers’ identity
`
`verifies account ownerships in real-time
`
`provides prove of transaction authorization
`
`reduces the risk of fraud and identity theft
`
`is secure, inexpensive and easy to use
`
`does not require financial
`processes
`
`institutions to change their existing systems and
`A
`
`-
`
`could be utilized for bank account as well as credit card transactions
`
`14 of 41
`
`17
`
`

`
`The digital
`
`identity is an alphanumeric code and unlike password,
`
`biometric and smart card, the digital identity may be valid for one time use and is
`
`dynamic, non-predictable and may be time dependent, which is calculated using
`
`a proprietary algorithm that may include other customer’s specific information,
`
`which makes the digital
`
`identity customer specific. Thus,
`
`it
`
`is impossible to
`
`calculate the same digital identity for two different customers or two different
`
`customers receive the same digital identity. Therefore, the digital identity offers
`
`the benefits of a password, biometric and smart card, without their disadvantages.
`
`It's as easy to use as password and as secure as biometric and smart card.
`
`This invention comprises of Digital
`
`identity System and Digital Identity
`
`Network. The Digital Identity System deals with the calculation, transformation
`
`and validation of the digital identity. The Digital Identity Network is the trusted
`
`T network between financial institutions that enables the communication between
`
`financial
`
`institutions
`
`to send and receive Digital
`
`Identity Messages
`
`for
`
`identification and authentication of account owners and authorization of financial
`
`or non-financial
`
`transactions. The Digital
`
`Identity Message may include
`
`customefs digital identity and transaction infonnation.
`
`Direct authentication and authorization system and method according to
`
`the present invention may include the following participants:
`
`15 of41
`
`18
`
`

`
`Originator - the Originator is the individual or corporate customer of the
`
`Participating Financial institution (PFI). The Originator receives a new digital
`
`identity from its Participating Financial
`
`institution (PFI) each time the
`
`Originator desires to initiate and authorize any non—financial or financial
`
`transaction such as payment or funds transfer. The Originator provides the
`
`digital
`
`identity to the Receiver
`
`for
`
`identification, authentication and/or
`
`authorization of the transaction.
`
`Receiver: Receiver is the individual or corporate customer of the Participating
`
`Financial
`
`institution (PFI)
`
`that
`
`receives Originator‘s digital
`
`identity for
`
`identification, authentication and/or authorization of the non-financial or
`
`financial transaction such as payment or funds transfer.
`
`PFl — the Participating Financiallnstitution is the financial institution that has
`
`an existing relationship with Originators and/or Receivers and offers services
`
`to the Originators and/or Receivers. When a PFI serves Originators, the PFI
`
`is acting as an Originating Participating Financial institution (OPFI) and when
`
`a PFl serves Receivers the PFI
`
`is acting as a Receiving Participating
`
`Financial
`
`institution (RPFI). A Participating Financial
`
`institution (PFI) may
`
`participate in the Digital identity Network as an OPFI as well as a RPFI.
`
`DID Operator - the Digital Identity Operator is the digital identity authority that
`
`provides digital identity-based authentication and authorization services to the
`
`Participating Financial
`
`Institutions
`
`(PFis) by maintaining, operating and
`
`managing the Digital Identity System and Network. Each time the Originator
`
`desires to initiate and authorize any non-financial or financial transaction such
`
`16 of41
`
`19
`
`

`
`as payment or funds transfer,
`
`its Participating Financial Institutions (OPFI)
`
`requests the DID Operator to calculate a new digital
`
`identity for
`
`that
`
`Originator.
`
`Financial
`
`institutions need to become the Digital
`
`Identity Network
`
`participants to perform identification and authentication of their customers and/or
`
`receive their authorization of transactions.
`
`This invention enables financial institutions and their business customers
`
`toperform identification and authentication of their customers and/or to manifest
`
`their assent to the authorization of transactions. The customer's digital identity,
`
`which has been provided to that customer by the customer's financial institution,
`
`is issued and used at the time when third parties (e.g. merchant , billers) or other
`
`Participating Financial institution needs to authenticate the customer's identity,
`
`verify the account ownership and/or receive the customer's authorization for the
`
`financial or non-financial transaction. Participating Financial Institutions issue
`
`digital identities to their account holders and validate digital identities issued by
`
`other Participating Financial Institutions in real time. Using Digital identity System
`
`and Network, financial institutions can establish an environment in which parties
`
`to a transaction can reliably verify the electronic identities of customers, engage
`
`in legally binding agreements, and maintain auditable electronic infonnation
`
`trails. The resulting high level of security and trust enables financial institutions to
`
`better serve the customers by enhancing their online service offerings.
`
`17 of41
`
`20
`
`

`
`This invention enables financial
`
`institutions to enhance security and
`
`reduce fraud by identifyin