US008266432B2
`
`(12) United States Patent
`Asghari-Kamrani et a].
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 8,266,432 B2
`*Sep. 11, 2012
`
`(54)
`
`(76)
`
`CENTRALIZED IDENTIFICATION AND
`AUTHENTICATION SYSTEM AND METHOD
`
`Inventors: Nader Asghari-Kamrani, Centreville,
`VA (US); Kamran Asghari-Kamrani,
`Centreville, VA (US)
`
`Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`USC 154(b) by 0 days.
`This patent is subject to a terminal dis
`claimer.
`
`(21)
`
`Appl. N0.: 12/210,926
`
`(22)
`
`Filed:
`
`Sep. 15, 2008
`
`(65)
`
`(63)
`
`(60)
`
`(51)
`
`(52)
`
`(58)
`
`Prior Publication Data
`
`US 2009/0013182 A1
`
`Jan. 8, 2009
`
`Related US. Application Data
`
`Continuation of application No. 11/239,046, ?led on
`Sep. 30, 2005, now Pat. No. 7,444,676, which is a
`continuation of application No. 09/940,635, ?led on
`Aug. 29, 2001, now Pat. No. 7,356,837.
`
`Provisional application No. 60/615,603, ?led on Oct.
`5, 2004.
`
`Int. Cl.
`(2006.01)
`H04L 29/06
`(2012.01)
`G06Q 20/00
`US. Cl. .......... .. 713/168; 713/184; 705/67; 705/74;
`705/78
`
`Field of Classi?cation Search .................. .. 726/21,
`726/25, 212, 8, 18, 27, 28; 713/155, 168,
`713/170, 182*186; 705/35, 39, 44, 50, 64,
`705/67, 72, 76, 78
`See application ?le for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`4,747,050 A
`5/1988 Brachtlet 31.
`4,965,568 A 10/1990 Atalla et a1.
`5,535,276 A *
`7/1996 Ganesan ..................... .. 713/155
`5,732,137 A *
`3/1998 Aziz ............ ..
`713/155
`5,883,810 A *
`3/1999 Franklin et a1.
`700/232
`6,067,621 A *
`5/2000 Yu et a1. ....... ..
`713/172
`
`6,236,981 B1* 5/2001 Hill . . . . . . . . . . . . .
`
`. . . .. 705/67
`
`6,338,140 B1* 1/2002 Owens et a1. ............... .. 713/168
`(Continued)
`Primary Examiner * Gilberto Barron, Jr.
`Assistant Examiner * Abdulhakim Nobahar
`(74) Attorney, Agent, or Firm *Michael P. Fortkort, Esq.;
`Michael P For‘tkort PC
`(57)
`ABSTRACT
`A method and system is provided by a Central-Entity, for
`identi?cation and authorization of users over a communica
`tion network such as lntemet. Central-Entity centralizes users
`personal and ?nancial information in a secure environment in
`order to prevent the distribution of user’s information in
`e-commerce. This information is then used to create digital
`identity for the users. The digital identity of each user is
`dynamic, non predictable and time dependable, because it is
`a combination of user name and a dynamic, non predictable
`and time dependable secure code that will be provided to the
`user for his identi?cation. The user will provide his digital
`identity to an EXtemal-Entity such as merchant or service
`provider. The EXtemal-Entity is dependent on Central-Entity
`to identify the user based on the digital identity given by the
`user. The External-Entity forwards user’s digital identity to
`the Central-Entity for identi?cation and authentication of the
`user and the transaction. The identi?cation and authentication
`system provided by the Central-Entity, determines whether
`the user is an authorized user by checking whether the digital
`identity provided by the user to the EXtemal-Entity, corre
`sponds to the digital identity being held for the user by the
`authentication system. If they correspond, then the authenti
`cation system identi?es the user as an authorized user, and
`sends an approval identi?cation and authorization message to
`the EXtemal-Entity, otherwise the authentication system will
`not identify the user as an authorized user and sends a denial
`identi?cation and authorization message to the EXtemal-En
`tity.
`
`55 Claims, 5 Drawing Sheets
`
`Cnmmunlclllnn
`
`m I [K
`(such as hum-n
`
`30
`
`1
`
`USAA 1001
`
`

`
`US 8,266,432 B2
`Page 2
`
`US. PATENT DOCUMENTS
`6,529,885 131* 30003 Johnson ““““““““““““ “ 705/64
`6,715,082 Bl* 3/2004 chang etal.
`.. 726/8
`7,150,038 Bl* 12/2006 sarnar .......... ..
`.. 726/8
`.
`.
`7,353,541 Bl* 4/2008 Ish1bash1 et a1.
`726/26
`7,546,274 B2* 6/2009 Ingrarn et a1.
`705/43
`2002/0040346 A“ ‘V2002 Kw‘m """" "
`705/51
`2002/0046189 Al* 4/2002 Moritaetal.
`705/67
`2002/0069174 A1* 6/2002 Fox et a1. ...................... .. 705/52
`
`2002/0133412 Al* 9/2002 Oliver et a1. .................. .. 705/26
`*
`2002/0184143 Al* 12/2002 Khater
`.. 705/39
`2002/0188481 A1 12/2002 Berg etal.
`705/4
`*
`2004/0030752 A1
`2/2004 Selgas et a1. ................ .. 709/206
`,,
`2005/0222963 A1 10/2005 Johnson ........................ .. 705/67
`,1
`-
`2007/0073621 A1
`3/2007 Du11n et a1.
`.. 705/50
`,1
`-
`2008/0016003 A1
`1/2008 Hutch1s0n et a1.
`.. 705/67
`2010/0100724 Al* 4/2010 Kaliski Jr
`713/155
`’
`' """"""""" "
`
`* cited by examiner
`
`2
`
`

`
`US. Patent
`
`Sep. 11,2012
`
`Sheet 1 of5
`
`US 8,266,432 B2
`
`10
`
`USER 1
`
`10
`
`USER 2
`
`10
`
`50
`
`20
`
`External-Entity 1
`
`20
`
`I
`
`0123:: Ion 1 External-Entlty 2
`(such as Internet)
`
`C
`
`.
`
`t.
`
`USER 3 1
`
`20
`
`External-Entity 3
`
`Central-Entity
`
`Figure 1
`
`3
`
`

`
`US. Patent
`
`Sep. 11,2012
`
`Sheet 2 of5
`
`US 8,266,432 B2
`
`Personal or Financial information
`
`SecureCode
`Generation
`
`.
`
`.
`
`.
`
`\ Dlgltalldentlty
`_Comparison
`
`/ G \
`
`i
`
`Account Information
`
`RoquestlReeeive SecureCode
`
`A Communication
`
`\ Central-Entity I,
`
`Registration Phase
`Steps:
`
`Transaction Phase
`Steps:
`
`Identification & Authorization Phase
`Steps:
`
`Figure 2
`
`4
`
`

`
`US. Patent
`
`Sep. 11, 2012
`
`Sheet 3 0f 5
`
`US 8,266,432 B2
`
`100
`
`104
`
`108
`
`User signs-up at the Central
`Entity by providing his personal
`or financial information
`
`Central-Entity creates an
`account for the USER
`
`USER receives account
`information from the Central
`Entity, including UserName and
`Password
`
`@
`
`110
`
`Figure 3
`
`5
`
`

`
`US. Patent
`
`Sep. 11,2012
`
`Sheet 4 of5
`
`US 8,266,432 B2
`
`108
`
`110\
`
`114\
`
`118\
`
`120
`
`124
`
`USER attempts to get access to
`a restricted web site OR to buy
`goods/services
`
`USER requests SecureCode
`from the Central-Entity over the
`communication network
`
`Central-Entity generates
`dynamic, non-predictable and
`time dependent SecureCode
`
`USER receives the SecureCode
`
`USER provides his UserName
`and SecureCode as digital
`identity to the External-Entity for
`identification
`
`130
`
`Figure 4
`
`6
`
`

`
`US. Patent
`
`Sep. 11,2012
`
`Sheet 5 of5
`
`US 8,266,432 B2
`
`124
`
`130 \
`
`The External-Entlty forwards the
`user's tllgllal Identity along wlth
`the Identl?cetlon and
`euthen?catlon request to the
`Oentral-Entlty
`
`134 \ The Central-Entlty locates the
`
`USER's dlgltal Identity In the
`system
`
`1 38
`\~. Central-Entity compares the
`user's digital identity retrieved
`‘from the system to the digital
`Identity resolved from the
`External-Entity
`
`150 /
`
`Central-Entity sends a denial
`l'll—ll ldenttlicatlon and authorlzatlen
`message to the Eartemal-Entlty
`
`Central-Entity sends an approval
`lrtentlfleatlon and aulhorlzstlen
`message to the External-Entlty
`
`Figure 5
`
`7
`
`

`
`US 8,266,432 B2
`
`1
`CENTRALIZED IDENTIFICATION AND
`AUTHENTICATION SYSTEM AND METHOD
`
`RELATED APPLICATIONS
`
`This application is a Continuation of application Ser. No.
`11/239,046, ?led Sep. 30, 2005 now US. Pat. No. 7,444,676,
`with a priority of a US. provisional application 60/615,603,
`?led Oct. 5, 2004, with the same inventors and assignee. This
`application is also a Continuation of another US. application
`Ser. No. 09/940,635, ?ledAug. 29, 2001, and patented as US.
`Pat. No. 7,356,837, on Apr. 8, 2008, titled “Centralized iden
`ti?cation and authentication system and method”, with the
`same inventors and assignee. Please note that the current
`application has the same exact speci?cation and Figures as
`those submitted with the original application Ser. No. 09/ 940,
`635, ?led Aug. 29, 2001.
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`The present invention relates to a centralized identi?cation
`and authentication system and method for identifying an indi
`vidual over a communication network such as Internet, to
`increase security in e-commerce. More particularly a method
`and system for generation of a dynamic, non-predictable and
`time dependent SecureCode for the purpose of positively
`identifying an individual.
`2. Description of the Related Art
`The increasing use of the Internet and the increase of busi
`nesses utilizing e-commerce have lead to a dramatic increase
`in customers releasing con?dential personal and ?nancial
`information, in the form of social security numbers, names,
`addresses, credit card numbers and bank account numbers, to
`identify themselves. This will allow them to get access to the
`restricted web sites or electronically purchase desired goods
`or services. Unfortunately this type of identi?cation is not
`only unsafe but also it is not a foot proof that the user is really
`the person he says he is. The effect of these increases is
`re?ected in the related art.
`US. Pat. No. 5,732,137 issued to Aziz outlines a system
`and method for providing remote user authentication in a
`public computer network such as the Internet. More speci?
`cally, the system and method provides for remote authentica
`tion using a one-time password scheme having a secure out
`of-band channel for initial password delivery.
`US. Pat. No. 5,815,665 issued to Teper et al. outlines the
`use of a system and method for enabling consumers to anony
`mously, securely and conveniently purchase on-line services
`from multiple service providers over a distributed network,
`such as the Internet. Speci?cally, a trusted third-party broker
`provides billing and security services for registered service
`providers via an online brokering service, eliminating the
`need for the service providers to provide these services.
`US. Pat. No. 5,991,408 issued to Pearson, et al. outlines a
`system and method for using a biometric element to create a
`secure identi?cation and veri?cation system, and more spe
`ci?cally to an apparatus and a method for creating a hard
`problem which has a representation of a biometric element as
`its solution.
`Although each of the previous patents outline a valuable
`system and method, what is really needed is a system and
`method that offers digital identity to the users and allows
`them to participate in e-commerce without worrying about
`the privacy and security. In addition to offering security and
`privacy to the users, the new system has to be simple for
`businesses to adopt and also doesn’t require the ?nancial
`
`10
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`institutions to change their existing systems. Such a secure,
`?exible and scalable system and method would be of great
`value to the businesses that would like to participate in
`today’s electronic commerce.
`None of the above inventions and patents, taken either
`singularly or in combination, is seen to describe the instant
`invention as claimed. Thus a centralized identi?cation and
`authentication system and method solving the aforemen
`tioned problems is desired.
`For convenience, the term “user” is used throughout to
`represent both a typical person consuming goods and services
`as well as a business consuming goods and services.
`As used herein, a “Central-Entity” is any party that has
`user’s personal and/or ?nancial information, UserName,
`Password and generates dynamic, non-predictable and time
`dependable SecureCode for the user. Examples of Central
`Entity are: banks, credit card issuing companies or any inter
`mediary service companies.
`As also used herein, an “External-Entity” is any party
`offering goods or services that users utilize by directly pro
`viding their UserName and SecureCode as digital identity.
`Such entity could be a merchant, service provider or an online
`site. An “Extemal-Entity” could also be an entity that receives
`the user’s digital identity indirectly from the user through
`another External-Entity, in order to authenticate the user, such
`entity could be a bank or a credit card issuing company.
`The term “UserName” is used herein to denote any alpha
`numeric name, id, login name or other identi?cation phrase,
`which may be used by the “Central-Entity” to identify the
`user.
`The term “Password” is used herein to denote any alpha
`numeric password, secret code, PIN, prose phrase or other
`code, which may be stored in the system to authenticate the
`user by the “Central-Entity”.
`The term “SecureCode” is used herein to denote any
`dynamic, non-predictable and time dependent alphanumeric
`code, secret code, PIN or other code, which may be broadcast
`to the user over a communication network, and may be used
`as part of a digital identity to identify a user as an authorized
`user.
`The term “digital identity” is used herein to denote a com
`bination of user’ s “SecureCode” and user’s information such
`as “UserName”, which may result in a dynamic, non-predict
`able and time dependable digital identity that could be used to
`identify a user as an authorized user.
`The term “?nancial information” is used herein to denote
`any credit card and banking account information such as debit
`cards, savings accounts and checking accounts.
`
`SUMMARY OF THE INVENTION
`
`The invention relates to a system and method provided by
`a Central-Entity for centralized identi?cation and authentica
`tion of users and their transactions to increase security in
`e-commerce. The system includes:
`A Central-Entity: This entity centralizes users personal and
`?nancial information in a secure environment in order to
`prevent the distribution of user’ s information in e-com
`merce. This information is then used to create digital
`identity for the users. The users may use their digital
`identity to identify themselves instead of providing their
`personal and ?nancial information to the Extemal-Enti
`ties;
`A plurality of users: A user represents both a typical person
`consuming goods and services as well as a business
`consuming goods and services, who needs to be identi
`?ed in order to make online purchases or to get access to
`
`8
`
`

`
`US 8,266,432 B2
`
`3
`the restricted Web sites. The user registers at the Central
`Entity to receive his digital identity, Which is then pro
`vided to the EXtemal-Entity for identi?cation;
`A plurality of External-Entities: An EXtemal-Entity is any
`party offering goods or services in e-commerce and
`needs to authenticate the users based on digital identity.
`The user signs-up at the Central-Entity by providing his
`personal or ?nancial information. The Central-Entity creates
`a neW account With user’s personal or ?nancial information
`and issues a unique UserName and PassWord to the user. The
`user provides his Username and PassWord to the Central
`Entity for identi?cation and authentication purposes When
`accessing the services provided by the Central-Entity. The
`Central-Entity also generates dynamic, non-predictable and
`time dependent SecureCode for the user per user’s request
`and issues the SecureCode to the user. The Central-Entity
`maintains a copy of the SecureCode for identi?cation and
`authentication of the user’ s digital identity. The user presents
`his UserName and SecureCode as digital identity to the Exter
`nal-Entity for identi?cation. When an External-Entity
`receives the user’s digital identity (UserName and Secure
`Code), the External-Entity Will forWard this information to
`the Central-Entity to identify and authenticate the user. The
`Central-Entity Will validate the information and sends an
`approval or denial response back to the EXtemal-Entity.
`There are also communications netWorks for the user, the
`Central-Entity and the EXtemal-Entity to give and receive
`information betWeen each other.
`This invention also relates to a system and method pro
`vided by a Central-Entity for centraliZed identi?cation and
`authentication of users to alloW them access to restricted Web
`sites using their digital identity, preferably Without revealing
`con?dential personal or ?nancial information.
`This invention further relates to a system and method pro
`vided by a Central-Entity for centraliZed identi?cation and
`authentication of users to alloW them to purchase goods and
`services from an External-Entity using their digital identity,
`preferably Without revealing con?dential personal or ?nan
`cial information.
`Accordingly, it is a principal object of the invention to offer
`digital identity to the users for identi?cation in e-commerce.
`It is another object of the invention to centraliZe user’s
`personal and ?nancial information in a secure environment.
`It is another object of the invention to prevent the user from
`distributing their personal and ?nancial information.
`It is a further object of the invention to keep merchants,
`service providers, Internet sites and ?nancial institutions sat
`is?ed by positively identifying and authenticating the users.
`It is another object of the invention to reduce fraud and
`increase security for e-commerce.
`It is another object of the invention to alloW businesses to
`control visitor’s access to their Web sites.
`It is another object of the invention to protect the customer
`from getting bills for goods and services that Were not
`ordered.
`It is another object of the invention to increase customers’
`trust and reduce customers’ fear for e-commerce.
`It is another object to decrease damages to the customers,
`merchants and ?nancial institutions.
`It is an object of the invention to provide improved ele
`ments and arrangements thereof for the purposes described
`Which are inexpensive, dependable and fully effective in
`accomplishing its intended purposes.
`These and other objects of the present invention Will
`become readily apparent upon further revieW of the folloWing
`speci?cation and draWings.
`
`4
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a high-level overvieW of a centraliZed identi?ca
`tion and authentication system and method according to the
`present invention.
`FIG. 2 is a detailed overvieW of a centraliZed identi?cation
`and authentication system and method according to the
`present invention.
`FIG. 3 is a block diagram of the registration of a customer
`utiliZing a centraliZed identi?cation and authentication sys
`tem and method according to the present invention.
`FIG. 4 is a block diagram of the transaction of a customer
`utiliZing a centraliZed identi?cation and authentication sys
`tem and method according to the present invention.
`FIG. 5 is a block diagram of a Central-Entity authorizing a
`user utiliZing a centraliZed identi?cation and authentication
`system and method according to the present invention.
`
`DETAILED DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`
`20
`
`Detailed descriptions of the preferred embodiment are pro
`vided herein. It is to be understood, hoWever, that the present
`invention may be embodied in various forms. Therefore, spe
`ci?c details disclosed herein are not to be interpreted as lim
`iting, but rather as a basis for the claims and as a representa
`tive basis for teaching one skilled in the art to employ the
`present invention in virtually any appropriately detailed sys
`tem, structure or manner.
`The invention relates to a system 1 and method 2 to identify
`and authenticate the users and their transactions to increase
`security in e-commerce. FIG. 1 illustrates a system to posi
`tively identify the users 10 in e-commerce based on digital
`identity.
`The system 1 comprises a plurality of users 10, a plurality
`of Extemal-Entities 20 With goods and services that are
`desired by the users 10 and a Central-Entity 30 providing a
`unique UserName and PassWord to the users 10 and generat
`ing dynamic, non-predictable and time dependent Secure
`Code for the users 10 per user’s request. There are also com
`munication netWorks 50 for the user 10, the Central-Entity 30
`and the EXtemal-Entity 20 to give and receive information
`betWeen each other.
`It Would be desirable to develop a neW system 1 and
`method 2 to centraliZe user’s personal and ?nancial informa
`tion in a secure environment and to offer digital identity to the
`users 10 in order to provide privacy, increase security and
`reduce fraud in e-commerce. Ideally, a secure identi?cation
`and authentication system 1 Would identify legitimate users
`10 and unauthoriZed users 10. This Would increase the user’ s
`trust, Which leads to more sales and cash ?oW for the mer
`chants/ service providers.
`The present invention relates to a system 1 and method 2 to
`support this ideal identi?cation and authentication system.
`For identi?cation purpose, a digital identity (a unique User
`Name and a dynamic, non-predictable and time dependent
`SecureCode) is used by the user 10 at the time of ordering or
`at the time of accessing a restricted Internet site. A series of
`steps describing the overall method are conducted betWeen
`the users 10, the Central-Entity 30 and the EXtemal-Entity 20
`and are outlined in FIG. 3,4,5.
`There are three distinct phases involved in using the cen
`traliZed identi?cation and authentication system FIG. 2, the
`?rst of Which being the registration phase, Which is depicted
`in FIG. 3. During the registration phase, the user 10 provides
`his personal or ?nancial information to the Central-Entity 30.
`The user 10 registers at the Central-Entity 30, 100, 104 and
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`9
`
`

`
`US 8,266,432 B2
`
`5
`receives his account and login information such as UserName
`and Password 108. User 10 can access his account at any time
`by accessing the Central-Entity’s system using a communi
`cation netWork 50 and logging into the system.
`Next is the transaction phase, Where the user 10 attempts to
`access a restricted Web site or attempts to buy services or
`products 110, as illustrated in FIG. 4, through a standard
`interface provided by the External-Entity 20, similar to What
`exists today and selects digital identity as his identi?cation
`and authorization or payment option. The EXtemal-Entity 20
`displays the access or purchase authorization form requesting
`the user 10 to authenticate himself using his UserName and
`SecureCode as digital identity. The user 10 requests Secure
`Code from the Central-Entity 30 by accessing his account
`over the communication netWork 50, 114. The Central-Entity
`30 generates dynamic, non-predictable and time dependable
`SecureCode 118 for the user 10. The Central-Entity 30 main
`tains a copy of the SecureCode for identi?cation and authen
`tication of the user 10 and issues the SecureCode to the user
`10. When the user 10 receives the SecureCode 120, the user
`10 provides his UserName and SecureCode as digital identity
`to the External-Entity 20, 124, FIG. 4.
`The third phase is identi?cation and authorization phase.
`Once the user 10 provides his digital identity to the Extemal
`Entity 20, the External-Entity 20 forWards user’s digital iden
`tity along With the identi?cation and authentication request to
`the Central-Entity 30, 130, as illustrated in FIG. 5. When the
`Central-Entity 30 receives the request containing the user’s
`digital identity, the Central-Entity 30 locates the user’ s digital
`identity (UserName and SecureCode) in the system 134 and
`compares it to the digital identity received from the Extemal
`Entity 20 to identify and validate the user 10, 138. The Cen
`tral-Entity 30 generates a reply back to the External-Entity 20
`via a communication netWork 50 as a result of the compari
`son. If both digital identities match, the Central-Entity 30 Will
`identify the user 10 and Will send an approval of the identi?
`cation and authorization request to the EXtemal-Entity 20,
`140, otherWise Will send a denial of the identi?cation and
`authorization request to the External-Entity 20, 150. The
`EXtemal-Entity 20 receives the approval or denial response in
`a matter of seconds. The EXtemal-Entity 20 might also dis
`play the identi?cation and authentication response to the user
`10.
`To use the digital identity feature, the Central-Entity 30
`provides the authorized user 10 the capability to obtain a
`dynamic, non-predictable and time dependable SecureCode.
`The user 10 Will provide his UserName and SecureCode as
`digital identity to the External-Entity 20 When this informa
`tion is required by the External-Entity 20 to identify the user
`10.
`The Central-Entity 30 may add other information to the
`SecureCode before sending it to the user 10, by algorithmi
`cally combining SecureCode With user’ s information such as
`UserName. The generated SecureCode Will have all the infor
`mation needed by the Central-Entity 30 to identify the user
`10. In this case the user Will only need to provide his Secure
`Code as digital identity to the External-Entity 20 for identi
`?cation.
`In the preferred embodiment, the user 10 uses the commu
`nication netWork 50 to receive the SecureCode from the Cen
`tral-Entity 30. The user 10 submits the SecureCode in
`response to External-Entity’ s request 124. The SecureCode is
`preferably implemented through the use of an indicator. This
`indicator has tWo states: “on” for valid and “off” for invalid.
`When the user 10 receives the SecureCode, the SecureCode is
`in “on” or “valid” state. The Central-Entity 30 may improve
`the level of security by invalidating the SecureCode after it’s
`
`20
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`use. This may increase the level of dif?culty for unauthorized
`user. TWo events may cause a valid SecureCode to become
`invalid:
`l . Timer event: This event occurs When the prede?ned time
`passes. As mentioned above the SecureCode is time depen
`dent.
`2. Validation event: This event occurs When the Secure
`Code forWarded to the Central-Entity 30 (as part of digital
`identity) corresponds to the user’s SecureCode held in the
`system. When this happens the Central-Entity 30 Will invali
`date the SecureCode to prevent future use and sends an
`approval identi?cation and authorization message to the
`EXtemal-Entity 20,140.
`A valid digital identity corresponds to a valid SecureCode.
`When the SecureCode becomes invalid, the digital identity
`Will also become invalid.
`While the invention has been described in connection With
`a preferred embodiment, it is not intended to limit the scope of
`the invention to the particular form set forth, but on the con
`trary, it is intended to cover such alternatives, modi?cations,
`and equivalents as may be included Within the spirit and scope
`of the invention as de?ned by the appended claims.
`The invention claimed is:
`1. A method for authenticating a user during an electronic
`transaction betWeen the user and an external-entity, the
`method comprising:
`receiving electronically a request for a dynamic code for
`the user by a computer associated With a central-entity
`during the transaction betWeen the user and the external
`entity;
`generating by the central-entity during the transaction a
`dynamic code for the user in response to the request,
`Wherein the dynamic code is valid for a prede?ned time
`and becomes invalid after being used;
`providing by the computer associated With the central
`entity said generated dynamic code to the user during the
`transaction;
`receiving electronically by the central-entity a request for
`authenticating the user from a computer associated With
`the eXtemal-entity based on a user-speci?c information
`and the dynamic code as a digital identity included in the
`request Which said dynamic code Was received by the
`user during the transaction and Was provided to the
`eXtemal-entity by the user during the transaction; and
`authenticating by the central-entity the user and providing
`a result of the authenticating to the eXtemal-entity dur
`ing the transaction if the digital identity is valid.
`2. A method as recited in claim 1, further comprising:
`combining said generated dynamic code With the user
`speci?c information using a predetermined algorithm to
`form a combined dynamic code and user speci?c infor
`mation;
`maintaining the combined dynamic code and user speci?c
`information at the central-entity;
`comparing the combined dynamic code and user speci?c
`information With a received combined dynamic code
`and user speci?c information to validate the user.
`3. The method of claim 1, Wherein the user speci?c infor
`mation comprises one or more of the folloWing: an alphanu
`meric name, an ID, a lo gin name, and an identi?cation phrase.
`4. The method of claim 1, Wherein the transaction corre
`sponds to a ?nancial transaction.
`5. The method of claim 1, Wherein the transaction corre
`sponds to a non-?nancial transaction.
`6. The method of claim 1, Wherein the transaction corre
`sponds to access to restricted Web-site or restricted computer/
`server.
`
`10
`
`

`
`US 8,266,432 B2
`
`7
`7. The method of claim 1, wherein said transaction occurs
`over a communication network, wherein said communication
`network comprises one or more of the following: a public
`network, the Internet, a wireless network, a mobile network,
`a satellite network, and a private network.
`8. The method of claim 1, wherein said transaction occurs
`over a communication network to which is coupled said user,
`said central-entity, and said external-entity.
`9. A method as recited in claim 2, wherein said algorith
`mically combined dynamic code and user speci?c informa
`tion is used to authenticate a user’s identity.
`10. A method as recited in claim 2, wherein said central
`entity is using said algorithmically combined dynamic code
`and user speci?c information to authenticate a user’ s identity.
`11. A method as recited in claim 1, wherein said extemal
`entity and said central-entity are the same entity.
`12. The method as recited in claim 1, wherein said central
`entity invalidates the dynamic code after authenticating the
`user.
`13. The method as recited in claim 1, wherein the central
`entity invalidates the dynamic code after a prede?ned period
`of time passes from when the dynamic code was generated.
`14. The method as recited in claim 1, wherein said central
`entity generates the dynamic code with dependence on the
`user information.
`15. The method as recited in claim 14, wherein said user
`information comprises one or more of the following: an
`alphanumeric name, an ID, a login name, and an identi?ca
`tion phrase.
`16. The method as recited in claim 1, wherein said user
`communicates with said central-entity over a communication
`network.
`17. The method as recited in claim 1, wherein said user
`communicates with said external-entity over a communica
`tion network.
`18. The method as recited in claim 1, wherein said dynamic
`code is generated based on a request submitted by said user
`over a communication network.
`19. The method as recited in claim 18, wherein said request
`is initiated by said user through a standard interface provided
`to said user.
`20. A method as recited in claim 1, wherein said digital
`identity is invalid if the dynamic code is invalid.
`21. A method as recited in claim 1, wherein said digital
`identity is valid if at least the dynamic code is valid.
`22. A method as recited in claim 1, wherein said extemal
`entity authenticates the user upon receiving an a?irmation
`authentication message from the central-entity.
`23. A method as recited in claim 1, wherein said extemal
`entity authenticates the user if said central-entity authenti
`cates the user based on the dynamic code.
`24. The method of claim 1, wherein the user-speci?c infor
`mation includes user-identifying information.
`25. An apparatus for authenticating a user during an elec
`tronic transaction with an external-entity, the apparatus com
`prising:
`a ?rst central-entity computer adapted to:
`generate a dynamic code for the user in response to a
`request during the electronic transaction, wherein the
`dynamic code is valid for a prede?ned time and
`becomes invalid after being used; and
`provide said dynamic code to the user during the elec
`tronic transaction;
`a second central-entity computer adapted to validate a digi
`tal identity in response to an authentication request from
`the eXtemal-entity, which authentication request
`includes a user-speci?c information and the dynamic
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`65
`
`8
`code as the digital identity which dynamic code was
`received by the user during the electronic transaction
`and was provided to the eXtemal-entity by the user dur
`ing the electronic transaction, and to authenticate the
`user if the digital identity is valid and to provide a result
`of the authentication of the user to the external-entity
`during the electronic transaction.
`26. The apparatus as recited in claim 25, wherein said user
`has a pre-existing relationship with the external-entity.
`27. The apparatus as recited in claim 25, wherein said user
`has no pre-existing relationship with the external-entity.
`28. The apparatus as