US007356837B2
`
`(12)
`
`United States Patent
`Asghari-Kamrani et a].
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 7,356,837 B2
`Apr. 8, 2008
`
`(54) CENTRALIZED IDENTIFICATION AND
`AUTHENTICATION SYSTEM AND METHOD
`
`(76) Inventors: Nader Asghari-Kamrani, 6558
`Palisades Dr., Centreville, VA (U S)
`20121; Kamran Asghari-Kamrani,
`6547 Palisades Dr., Centreville, VA
`(US) 20121
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 771 days.
`
`(21) Appl. N0.: 09/940,635
`
`(22) Filed?
`
`Allg- 29: 2001
`
`(65)
`
`Prior Publication Data
`Us 2003/0046591 A1
`Man 6, 2003
`
`(51) Int_ CL
`
`2002/0174062 A1* 11/2002 Sines et a1. ................. .. 705/39
`2002/0188481 A1 * 12/2002 Berg et a1. ...... ..
`705/4
`2004/0243478 A1* 12/2004 Walker et a1. .............. .. 705/26
`* Cited b examiner
`y
`Primary Examiner4Gilberto Barron
`Assistant ExamineriAbdulhakim Nobahar
`
`(57)
`
`ABSTRACT
`
`A method and system is provided by a Central-Entity, for
`identi?cation and authorization of users over a communica
`tion network such as Internet. Central-Entity centralizes
`users personal and ?nancial information in a secure envi
`ronment in order to prevent the distribution of user’s infor
`mation in e-commerce. This information is then used to
`create digital identity for the users. The digital identity of
`each user is dynamic, non predictable and time dependable,
`because it is a combination of user name and a dynamic, non
`predictable and time dependable secure code that Will be
`provided to the user for his identi?cation.
`
`G06F 17/30
`(52) gosziLcifqli ...............
`
`(2006.01)
`_
`0726/5; 713/155; 705/39;
`705/64; 705/67
`(58) Field of Classi?cation Search .............. .. 713/171,
`713/172 201 202 158 726/5 705/39
`’
`’
`’
`’
`7’05 /6 4 67’
`See application ?le for complete search history. 5
`
`1
`E t
`_d hi d_ _t 1 _d ft t
`_11
`Th
`euserW1 prov1e s 1g1a1en1y oan xema
`Entity $11011 as merchant or Service 19mm‘?- The External‘
`Entity is dependent‘ on ‘Central-Entity to identify the user
`bas‘?d on ‘he dlgm‘l ldenmy glYen by the user' The Emma‘
`Entity forwards user’s d1g1tal identity to the Central-Entity
`for identi?cation and authentication of the user and the
`transacnon'
`
`(56)
`
`References Cited
`
`US PATENT DOCUMENTS
`4,747,050 A *
`5/1988 Brachtl et a1. .............. .. 705/78
`4965568 A 4 10/1990 Atalla et a1‘
`713/1g5
`6,067,621 A *
`5/2000 Yu et a1, _ _ _ _ _ _
`_ _ _ __ 713/172
`6,343,361 B1 *
`1/2002 Nendell et a1. .
`713/171
`
`The identi?cation and authentication system provided by the
`Central-Entity, determines Whether the user is an authorized
`user by checking Whether the digital identity provided by the
`use/I10 the External-Entity, corresponds to the digital iden
`tity being held for the user by the authentication system. If
`they correspond, then the authentication system identi?es
`the user as an authorized user, and sends an approval
`
`5/2002 AIl?Ilda - - - - - - - - - -
`6,385,731 132*
`5/2005 Kremer et a1~ ~~
`6,895,394 B1 *
`2002/0029337 A1: 3/2002 Sudla et a1‘
`5885/8822333 21* Z5885
`
`- - - -- 713/202
`~~~~~ ~~ 705/67
`" 713/176
`81171111:117713335
`
`identi?cation and authorization message to the Extemal
`Entity, otherWise the authentication system Will not identify
`the user as an authorized user and sends a denial identi?
`ttttttt and tttthtttztttttt
`tt tht Extttttt-Etttty
`
`et a1. ............ .. 705/40
`2002/0077978 A1* 6/2002 O’Le
`2002/0087881 A1 *
`7/2002 Harifa? ..................... .. 713/201
`
`14 Claims, 5 Drawing Sheets
`
`1
`
`USAA 1005
`
`

`
`U.S. Patent
`
`Apr. 8, 2008
`
`Sheet 1 0f 5
`
`US 7,356,837 B2
`
`1 w“?
`
`/ 50
`
`10
`
`USER 1
`
`10
`
`USER 2
`
`10
`
`20
`
`External-Entity 1
`
`20
`
`I E ti 2
`E t
`x erna - n ty
`
`Communication
`Network
`(such as Internet)
`
`USER 3 1
`
`2o
`
`External-Entity 3
`
`Central-Entity
`
`Figure 1
`
`2
`
`

`
`U.S. Patent
`
`Apr. 8, 2008
`
`Sheet 2 0f 5
`
`US 7,356,837 B2
`
`1 O \
`\
`
`E
`
`F
`
`Personal or Financial information
`
`Registration
`
`SecureCode
`Generation
`
`Account
`Creati
`
`-
`
`Digital Identity
`Comparison
`K
`
`Request/Receive SecureCode
`
`H
`
`1) Communication (
`Network
`
`30
`
`20
`
`Registration Phase
`Steps:
`Transaction Phase Steps: @ G) @ G) '@ @
`
`@ ® @
`
`Identi?cation &Authorization Phase @ ® ®
`Steps:
`
`Figure 2
`
`3
`
`

`
`U.S. Patent
`
`Apr. 8, 2008
`
`Sheet 3 0f 5
`
`US 7,356,837 B2
`
`100
`
`104
`
`108
`
`User signs-up at the Central
`Entity by providing his personal
`or ?nancial information
`
`Central-Entity creates an
`account for the USER
`
`USER receives account
`infonnation from the Central_
`Entity, including UserName and
`Password
`
`@
`
`110
`
`Figure 3
`
`4
`
`

`
`U.S. Patent
`
`Apr. 8, 2008
`
`Sheet 4 0f 5
`
`US 7,356,837 B2
`
`108
`
`USER attempts to get access to
`a restricted web site OR to buy
`goodslservices
`
`110
`
`114
`
`USER requests SecureCode from
`the Central-Entity over the
`communication network
`
`118\ Central-Entity generates
`
`dynamie, non-predictable and
`time dependent SecureCode
`
`USER receives the SecureCode
`
`124 \
`
`USER provides his UserName
`and SeeureCode as digital
`identity to the External-Entity for
`identi?cation
`
`130
`
`Figure 4
`
`5
`
`

`
`U.S. Patent
`
`Apr. 8, 2008
`
`Sheet 5 0f 5
`
`US 7,356,837 B2
`
`124
`
`130
`
`134
`
`The Extemal-Entity forwards the
`user's digital identity along with
`the identi?cation and
`authentication request to the
`Central-Entity
`
`The Central-Entity locates the
`USER's digital identity in the
`system
`
`‘i 38
`\ Central-Entity compares the
`user's digital identity retrieved
`from the system to the digital
`identity received from the
`External-Entity
`
`150
`
`Central-Entity sends a denial
`N°———+ identi?cation and authorization
`message to the External-Entity
`
`1
`
`Yes
`l
`Central-Entity sends an approval
`identi?cation and authorization
`message to the External-Entity
`
`Figure 5
`
`6
`
`

`
`US 7,356,837 B2
`
`1
`CENTRALIZED IDENTIFICATION AND
`AUTHENTICATION SYSTEM AND METHOD
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`The present invention relates to a centralized identi?ca
`tion and authentication system and method for identifying an
`individual over a communication netWork such as Internet,
`to increase security in e-commerce. More particularly a
`method and system for generation of a dynamic, non
`predictable and time dependent SecureCode for the purpose
`of positively identifying an individual.
`2. Description of the Related Art
`The increasing use of the Internet and the increase of
`businesses utiliZing e-commerce have lead to a dramatic
`increase in customers releasing con?dential personal and
`?nancial information, in the form of social security numbers,
`names, addresses, credit card numbers and bank account
`numbers, to identify themselves. This Will alloW them to get
`access to the restricted Web sites or electronically purchase
`desired goods or services. Unfortunately this type of iden
`ti?cation is not only unsafe but also it is not a foot proof that
`the user is really the person he says he is. The effect of these
`increases is re?ected in the related art.
`US. Pat. No. 5,732,137 issued to AZiZ outlines a system
`and method for providing remote user authentication in a
`public computer netWork such as the Internet. More speci?
`cally, the system and method provides for remote authenti
`cation using a one-time passWord scheme having a secure
`out-of-band channel for initial passWord delivery.
`US. Pat. No. 5,815,665 issued to Teper et al. outlines the
`use of a system and method for enabling consumers to
`anonymously, securely and conveniently purchase on-line
`services from multiple service providers over a distributed
`netWork, such as the Internet. Speci?cally, a trusted third
`party broker provides billing and security services for reg
`istered service providers via an online brokering service,
`eliminating the need for the service providers to provide
`these services.
`US. Pat. No 5,991,408 issued to Pearson, et al. outlines
`a system and method for using a biometric element to create
`a secure identi?cation and veri?cation system, and more
`speci?cally to an apparatus and a method for creating a hard
`problem Which has a representation of a biometric element
`as its solution.
`Although each of the previous patents outline a valuable
`system and method, What is really needed is a system and
`method that offers digital identity to the users and alloWs
`them to participate in e-commerce Without Worrying about
`the privacy and security. In addition to offering security and
`privacy to the users, the neW system has to be simple for
`businesses to adopt and also doesn’t require the ?nancial
`institutions to change their existing systems. Such a secure,
`?exible and scalable system and method Would be of great
`value to the businesses that Would like to participate in
`today’s electronic commerce.
`None of the above inventions and patents, taken either
`singularly or in combination, is seen to describe the instant
`invention as claimed. Thus a centraliZed identi?cation and
`authentication system and method solving the aforemen
`tioned problems is desired.
`For convenience, the term “user” is used throughout to
`represent both a typical person consuming goods and ser
`vices as Well as a business consuming goods and services.
`As used herein, a “Central-Entity” is any party that has
`user’s personal and/or ?nancial information, UserName,
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`PassWord and generates dynamic, non-predictable and time
`dependable SecureCode for the user. Examples of Central
`Entity are: banks, credit card issuing companies or any
`intermediary service companies.
`As also used herein, an “Extemal-Entity” is any party
`offering goods or services that users utiliZe by directly
`providing their UserName and SecureCode as digital iden
`tity. Such entity could be a merchant, service provider or an
`online site. An “External-Entity” could also be an entity that
`receives the user’s digital identity indirectly from the user
`through another External-Entity, in order to authenticate the
`user, such entity could be a bank or a credit card issuing
`company.
`The term “UserName” is used herein to denote any
`alphanumeric name, id, login name or other identi?cation
`phrase, Which may be used by the “Central-Entity” to
`identify the user.
`The term “Password” is used herein to denote any alpha
`numeric passWord, secret code, PIN, prose phrase or other
`code, Which may be stored in the system to authenticate the
`user by the “Central-Entity”.
`The term “SecureCode” is used herein to denote any
`dynamic, non-predictable and time dependent alphanumeric
`code, secret code, PIN or other code, Which may be broad
`cast to the user over a communication netWork, and may be
`used as part of a digital identity to identify a user as an
`authoriZed user.
`The term “digital identity” is used herein to denote a
`combination of user’s “SecureCode” and users information
`such as “UserName”, Which may result in a dynamic,
`nonpredictable and time dependable digital identity that
`could be used to identify a user as an authorized user.
`The term “?nancial information” is used herein to denote
`any credit card and banking account information such as
`debit cards, savings accounts and checking accounts.
`
`SUMMARY OF THE INVENTION
`
`The invention relates to a system and method provided by
`a Central-Entity for centraliZed identi?cation and authenti
`cation of users and their transactions to increase security in
`e-commerce. The system includes:
`A Central-Entity: This entity centraliZes users personal
`and ?nancial information in a secure environment in
`order to prevent the distribution of user’s information
`in e-commerce. This information is then used to create
`digital identity for the users. The users may use their
`digital identity to identify themselves instead of pro
`viding their personal and ?nancial information to the
`External-Entities;
`A plurality of users: A user represents both a typical
`person consuming goods and services as Well as a
`business consuming goods and services, Who needs to
`be identi?ed in order to make online purchases or to get
`access to the restricted Web sites. The user registers at
`the Central-Entity to receive his digital identity, Which
`is then provided to the External-Entity for identi?ca
`tion;
`A plurality of Extemal-Entities: An External-Entity is any
`party o?fering goods or services in e-commerce and
`needs to authenticate the users based on digital identity.
`The user signs-up at the Central-Entity by providing his
`personal or ?nancial information. The Central-Entity creates
`a neW account With user’s personal or ?nancial information
`and issues a unique UserName and PassWord to the user. The
`user provides his Usemame and PassWord to the Central
`Entity for identi?cation and authentication purposes When
`
`7
`
`

`
`US 7,356,837 B2
`
`3
`accessing the services provided by the Central-Entity. The
`Central-Entity also generates dynamic, non-predictable and
`time dependent SecureCode for the user per user’s request
`and issues the SecureCode to the user. The Central-Entity
`maintains a copy of the SecureCode for identi?cation and
`authentication of the user’ s digital identity. The user presents
`his UserName and SecureCode as digital identity to the
`EXtemal-Entity for identi?cation. When an External-Entity
`receives the user’s digital identity (UserName and Secure
`Code), the External-Entity Will forWard this information to
`the Central-Entity to identify and authenticate the user. The
`Central-Entity Will validate the information and sends an
`approval or denial response back to the EXtemal-Entity.
`There are also communications netWorks for the user, the
`Central-Entity and the EXtemal-Entity to give and receive
`information betWeen each other.
`This invention also relates to a system and method
`provided by a Central-Entity for centraliZed identi?cation
`and authentication of users to alloW them access to restricted
`Web sites using their digital identity, preferably Without
`revealing con?dential personal or ?nancial information.
`This invention further relates to a system and method
`provided by a Central-Entity for centraliZed identi?cation
`and authentication of users to alloW them to purchase goods
`and services from an External-Entity using their digital
`identity, preferably Without revealing con?dential personal
`or ?nancial information.
`Accordingly, it is a principal object of the invention to
`offer digital identity to the users for identi?cation in e-com
`merce.
`It is another object of the invention to centraliZe user’s
`personal and ?nancial information in a secure environment.
`It is another object of the invention to prevent the user
`from distributing their personal and ?nancial information.
`It is a further object of the invention to keep merchants,
`service providers, Internet sites and ?nancial institutions
`satis?ed by positively identifying and authenticating the
`users.
`It is another object of the invention to reduce fraud and
`increase security for e-commerce.
`It is another object of the invention to alloW businesses to
`control visitor’s access to their Web sites.
`It is another object of the invention to protect the customer
`from getting bills for goods and services that Were not
`ordered.
`It is another object of the invention to increase customers’
`trust and reduce customers’ fear for e-commerce.
`It is another object to decrease damages to the customers,
`merchants and ?nancial institutions.
`It is an object of the invention to provide improved
`elements and arrangements thereof for the purposes
`described Which are inexpensive, dependable and fully
`effective in accomplishing its intended purposes.
`These and other objects of the present invention Will
`become readily apparent upon further revieW of the folloW
`ing speci?cation and draWings.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a high-level overvieW of a centraliZed identi?
`cation and authentication system and method according to
`the present invention.
`FIG. 2 is a detailed overvieW of a centraliZed identi?ca
`tion and authentication system and method according to the
`present invention.
`
`4
`FIG. 3 is a block diagram of the registration of a customer
`utiliZing a centraliZed identi?cation and authentication sys
`tem and method according to the present invention.
`FIG. 4 is a block diagram of the transaction of a customer
`utiliZing a centraliZed identi?cation and authentication sys
`tem and method according to the present invention.
`FIG. 5 is a block diagram of a Central-Entity authorizing
`a user utiliZing a centraliZed identi?cation and authentica
`tion system and method according to the present invention.
`
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENTS
`
`Detailed descriptions of the preferred embodiment are
`provided herein. It is to be understood, hoWever, that the
`present invention may be embodied in various forms. There
`fore, speci?c details disclosed herein are not to be inter
`preted as limiting, but rather as a basis for the claims and as
`a representative basis for teaching one skilled in the art to
`employ the present invention in virtually any appropriately
`detailed system, structure or manner.
`The invention relates to a system 1 and method 2 to
`identify and authenticate the users and their transactions to
`increase security in e-commerce. FIG. 1 illustrates a system
`to positively identify the users 10 in e-commerce based on
`digital identity.
`The system 1 comprises a plurality of users 10, a plurality
`of Extemal-Entities 20 With goods and services that are
`desired by the users 10 and a Central-Entity 30 providing a
`unique UserName and PassWord to the users 10 and gener
`ating dynamic, non-predictable and time dependent Secure
`Code for the users 10 per user’s request. There are also
`communication networks 50 for the user 10, the Central
`Entity 30 and the EXtemal-Entity 20 to give and receive
`information betWeen each other.
`It Would be desirable to develop a neW system 1 and
`method 2 to centraliZe user’s personal and ?nancial infor
`mation in a secure environment and to offer digital identity
`to the users 10 in order to provide privacy, increase security
`and reduce fraud in e-commerce. Ideally, a secure identi?
`cation and authentication system 1 Would identify legitimate
`users 10 and unauthorized users 10. This Would increase the
`user’s trust, Which leads to more sales and cash ?oW for the
`merchants/ service providers.
`The present invention relates to a system 1 and method 2
`to support this ideal identi?cation and authentication system.
`For identi?cation purpose, a digital identity (a unique User
`Name and a dynamic, non-predictable and time dependent
`SecureCode) is used by the user 10 at the time of ordering
`or at the time of accessing a restricted Internet site. A series
`of steps describing the overall method are conducted
`betWeen the users 10, the Central-Entity 30 and the Extemal
`Entity 20 and are outlined in FIGS. 3, 4, 5.
`There are three distinct phases involved in using the
`centraliZed identi?cation and authentication system FIG. 2,
`the ?rst of Which being the registration phase, Which is
`depicted in FIG. 3. During the registration phase, the user 10
`provides his personal or ?nancial information to the Central
`Entity 30. The user 10 registers at the Central-Entity 30, 100,
`104 and receives his account and login information such as
`UserName and PassWord 108. User 10 can access his
`account at any time by accessing the Central-Entity’ s system
`using a communication netWork 50 and logging into the
`system.
`Next is the transaction phase, Where the user 10 attempts
`to access a restricted Web site or attempts to buy services or
`products 110, as illustrated in FIG. 4, through a standard
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`8
`
`

`
`US 7,356,837 B2
`
`5
`interface provided by the Extemal-Entity 20, similar to What
`exists today and selects digital identity as his identi?cation
`and authorization or payment option. The Extemal-Entity 20
`displays the access or purchase authorization form request
`ing the user 10 to authenticate himself using his UserName
`and SecureCode as digital identity. The user 10 requests
`SecureCode from the Central-Entity 30 by accessing his
`account over the communication netWork 50, 114. The
`Central-Entity 30 generates dynamic, non-predictable and
`time dependable SecureCode 118 for the user 10. The
`Central-Entity 30 maintains a copy of the SecureCode for
`identi?cation and authentication of the user 10 and issues the
`SecureCode to the user 10. When the user 10 receives the
`SecureCode 120, the user 10 provides his UserName and
`SecureCode as digital identity to the Extemal-Entity 20,
`124, FIG. 4.
`The third phase is identi?cation and authorization phase.
`Once the user 10 provides his digital identity to the Extemal
`Entity 20, the Extemal-Entity 20 forWards user’s digital
`identity along With the identi?cation and authentication
`request to the Central-Entity 30, 130, as illustrated in FIG.
`5. When the Central-Entity 30 receives the request contain
`ing the user’s digital identity, the Central-Entity 30 locates
`the user’s digital identity (UserName and SecureCode) in
`the system 134 and compares it to the digital identity
`received from the Extemal-Entity 20 to identify and validate
`the user 10, 138. The Central-Entity 30 generates a reply
`back to the External-Entity 20 via a communication netWork
`50 as a result of the comparison. If both digital identities
`match, the Central-Entity 30 Will identify the user 10 and
`Will send an approval of the identi?cation and authorization
`request to the External-Entity 20, 140, otherwise Will send a
`denial of the identi?cation and authorization request to the
`Extemal-Entity 20, 150. The External-Entity 20 receives the
`approval or denial response in a matter of seconds. The
`Extemal-Entity 20 might also display the identi?cation and
`authentication response to the user 10.
`To use the digital identity feature, the Central-Entity 30
`provides the authorized user 10 the capability to obtain a
`dynamic, non-predictable and time dependable SecureCode.
`The user 10 Will provide his UserName and SecureCode as
`digital identity to the External-Entity 20 When this informa
`tion is required by the External-Entity 20 to identify the user
`10.
`The Central-Entity 30 may add other information to the
`SecureCode before sending it to the user 10, by algorithmi
`cally combining SecureCode With user’ s information such as
`UserName. The generated SecureCode Will have all the
`information needed by the Central-Entity 30 to identify the
`user 10. In this case the user Will only need to provide his
`SecureCode as digital identity to the Extemal-Entity 20 for
`identi?cation.
`In the preferred embodiment, the user 10 uses the com
`munication netWork 50 to receive the SecureCode from the
`Central-Entity 30. The user 10 submits the SecureCode in
`response to Extemal-Entity’s request 124. The SecureCode
`is preferably implemented through the use of an indicator.
`This indicator has tWo states: “on” for valid and “o?‘” for
`invalid. When the user 10 receives the SecureCode, the
`SecureCode is in “on” or “valid” state. The Central-Entity
`30 may improve the level of security by invalidating the
`SecureCode after its use. This may increase the level of
`dif?culty for unauthorized user. TWo events may cause a
`valid SecureCode to become invalid:
`l. Timer event: This event occurs When the prede?ned
`time passes. As mentioned above the SecureCode is
`time dependent.
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`2. Validation event: This event occurs When the Secure
`Code forWarded to the Central-Entity 30 (as part of
`digital identity) corresponds to the user’s SecureCode
`held in the system. When this happens the Central
`Entity 30 Will invalidate the SecureCode to prevent
`future use and sends an approval identi?cation and
`authorization message to the External-Entity 20, 140.
`A valid digital identity corresponds to a valid Secure
`Code. When the SecureCode becomes invalid, the digital
`identity Will also become invalid.
`While the invention has been described in connection
`With a preferred embodiment, it is not intended to limit the
`scope of the invention to the particular form set forth, but on
`the contrary, it is intended to cover such alternatives, modi
`?cations, and equivalents as may be included Within the
`spirit and scope of the invention as de?ned by the appended
`claims.
`What is claimed is:
`1. A Method for positively identifying and authenticating
`a user in e-commerce for a transaction based on a digital
`identity issued by a Central-Entity With Whom the user has
`a pre-existing relationship, the method comprising the steps
`of:
`a. the user communicates With an External-Entity over a
`communication netWork and needs to perform a secure
`transaction With the External-Entity, Wherein the user
`does not necessarily have a pre-existing relationship
`With the Extemal-Entity;
`b. the External-Entity requires the user to authenticate
`himself by providing a valid digital identity before
`executing the transaction;
`c. the user establishes communication With the Central
`Entity over a communication netWork and submits a
`request for a dynamic, non-predictable and time-de
`pendent SecureCode in response to the Extemal-Enti
`ty’s requirement;
`d. the Central-Entity:
`i. dynamically generates a dynamic, non-predictable
`and time-dependent SecureCode for the user in
`response to the user request;
`ii. algorithmically combines said generated Secure
`Code With user-speci?c information before provid
`ing the SecureCode to the user;
`iii. maintains a copy of said generated SecureCode in
`its system; and
`iv. provides said generated SecureCode to the user,
`e. the Extemal-Entity receives a digital identity from the
`user, Wherein the digital identity comprises a User
`Name and said generated SecureCode, and forWards
`said digital identity to the Central-Entity for positive
`identi?cation, and authentication of the user;
`f. the Central-Entity receives said digital identity, vali
`dates said digital identity based on said SecureCode
`maintained in its system and if valid: positively iden
`ti?es and authenticates the user and sends an af?rma
`tion message to the Extemal-Entity; and
`g. upon receipt of an af?rmation message from the Cen
`tral-Entity, the Extemal-Entity executes the transaction.
`2. The Method of claim 1, Wherein the user-speci?c
`information comprises UserName.
`3. The Method of claim 1, Wherein the UserName corre
`sponds to a alphanumeric name, ID, login name or an
`identi?cation phrase.
`4. The Method of claim 1, Wherein the transaction cor
`responds to a ?nancial transaction.
`5. The Method of claim 1, Wherein the transaction cor
`responds to a non-?nancial transaction.
`
`9
`
`

`
`US 7,356,837 B2
`
`7
`6. The Method of claim 1, wherein the transaction cor
`responds to access to restricted Web-site.
`7. A System for positively identifying and authenticating
`a user in e-commerce for a transaction based on a digital
`identity issued by a Central-Entity With Whom the user has
`a pre-existing relationship, the system comprising:
`a. the user in communication With an External-Entity over
`a communication netWork and needing to perform a
`secure transaction With the External-Entity, Wherein the
`user does not necessarily have a pre-existing relation
`ship With the External-Entity;
`b. the EXtemal-Entity adapted to require the user to
`authenticate himself by providing a valid digital iden
`tity before executing the transaction;
`c. the user in communication With the Central-Entity over
`a communication netWork and With a request for a
`dynamic, non-predictable and time-dependent Secure
`Code in response to the EXtemal-Entity’s requirement;
`d. the Central-Entity adapted to:
`i. dynamically generate a dynamic, non-predictable and
`time-dependent SecureCode for the user in response
`to the user request;
`ii. algorithmically combine said generated SecureCode
`With user-speci?c information before providing the
`SecureCode to the user;
`iii. maintain a copy of said generated SecureCode in its
`system; and
`iv. provide said SecureCode to the user,
`e. the EXtemal-Entity adapted to receive a digital identity
`from the user, Wherein the digital identity comprises a
`
`20
`
`25
`
`8
`UserName and said generated SecureCode, and to
`forWard said digital identity to the Central-Entity to
`identify and authenticate the user;
`f. the Central-Entity further adapted to validate the
`received said digital identity based on said SecureCode
`maintained in its system, and if valid: to positively
`identify and authenticate the user, and send an a?ir
`mation message to the EXtemal-Entity; and
`g. the EXtemal-Entity further adapted to execute the
`transaction upon receipt of an af?rmation message from
`the Central-Entity.
`8. The System of claim 7, Wherein the user-speci?c
`information comprises UserName.
`9. The System of claim 7, Wherein the UserName corre
`sponds to an alphanumeric name, ID, login name or an
`identi?cation phase.
`10. The System of claim 7, Wherein the transaction
`corresponds to a ?nancial transaction.
`11. The System of claim 7, Wherein the transaction
`corresponds to a non-?nancial transaction.
`12. The System of claim 7, Wherein the transaction
`corresponds to access to a restricted Web-site.
`13. The Method of claim 1, Wherein said communication
`netWork includes Internet, Wireless and private netWorks.
`14. The System of claim 7, Wherein said communication
`netWork includes Internet, Wireless and private netWorks.
`
`10