`
`Method
`
`Related Applications
`
`This application is a Continuation of Application Number 11/239,046, filed 9-30-
`
`2005, with a priority of a US provisional application 60/615,603, filed Oct-5-2004, with
`
`the same inventors and assignee. This application is also a Continuation of another US
`
`application 09/940,635, filed Aug 29, 2001, and patented as PN 7,356,837, on Apr-8-
`
`2008, titled “Centralized identification and authentication system and method”, with the
`
`same inventors and assignee. Please note that the current application has the same exact
`
`specification and Figures as those submitted with the original application 09/940,635,
`
`filed Aug 29, 2001.
`
`BACKGROUND OF THE INVENTION
`
`1. FIELD OF THE INVENTION
`
`The present invention relates to a centralized identification and authentication
`
`system and method for identifying an individual over a communication network such as
`
`Internet, to increase security in e-commerce. More particularly a method and system for
`
`generation of a dynamic, non-predictable and time dependent SecureCode for the purpose
`
`of positively identifying an individual.
`
`1 U
`
`SAA 1013
`
`USAA 1013
`
`
`
`2. DESCRIPTION OF THE RELATED ART
`
`The increasing use of the Internet and the increase of businesses utilizing e-
`
`commerce have lead to a dramatic increase in customers releasing confidential personal
`
`and financial information, in the form of social security numbers, names, addresses,
`
`credit card numbers and bank account numbers, to identify themselves. This will allow
`
`them to get access to the restricted web sites or electronically purchase desired goods or
`
`services. Unfortunately this type of identification is not only unsafe but also it is not a
`
`foot proof that the user is really the person he says he is. The effect of these increases is
`
`refiected in the related art.
`
`U.S. Pat. No. 5,732,137 issued to Aziz outlines a system and method for
`
`providing remote user authentication in a public computer network such as the Internet.
`
`More specifically, the system and method provides for remote authentication using a one-
`
`time password scheme having a secure out-of-band channel for initial password delivery.
`
`U.S. Pat. No. 5,815,665 issued to Teper et al. outlines the use of a system and
`
`method for enabling consumers to anonymously, securely and conveniently purchase on-
`
`line services from multiple service providers over a distributed network, such as the
`
`Internet. Specifically, a trusted third-party broker provides billing and security services
`
`for registered service providers via an online brokering service, eliminating the need for
`
`the service providers to provide these services.
`
`U.S. Pat. No 5,991,408 issued to Pearson , et al. outlines a system and method for
`
`using a biometric element to create a secure identification and verification system, and
`
`
`
`more specifically to an apparatus and a method for creating a hard problem which has a
`
`representation of a biometric element as its solution.
`
`Although each of the previous patents outline a valuable system and method, what
`
`is really needed is a system and method that offers digital identity to the users and allows
`
`them to participate in e-commerce without worrying about the privacy and security. In
`
`addition to offering security and privacy to the users, the new system has to be simple for
`
`businesses to adopt and also doesn’t require the financial institutions to change their
`
`existing systems. Such a secure, flexible and scalable system and method would be of
`
`great value to the businesses that would like to participate in today’s electronic
`
`commerce.
`
`None of the above inventions and patents, taken either singularly or in
`
`combination, is seen to describe the instant invenfition as claimed. Thus a centralized
`
`identification and authentication system and method solving the aforementioned
`
`problems is desired.
`
`For convenience, the term "user" is used throughout to represent both a typical
`
`person consuming goods and services as well as a business consuming goods and
`
`services.
`
`As used herein, a "Central-Entity" is any party that has user's personal and/or
`
`financial information, UserName, Password and generates dynamic, non-predictable and
`
`time dependable SecureCode for the user. Examples of Central-Entity are: banks, credit
`
`card issuing companies or any intermediary service companies.
`
`As also used herein, an "Extemal-Entity" is any party offering goods or services
`
`that users utilize by directly providing their UserName and SecureCode as digital
`
`
`
`identity. Such entity could be a merchant, service provider or an online site. An
`
`"Extemal-Entity" could also be an entity that receives the user's digital identity indirectly
`
`from the user through another Extemal-Entity, in order to authenticate the user, such
`
`entity could be a bank or a credit card issuing company.
`
`The term “UserName” is used herein to denote any alphanumeric name, id, login
`
`name or other identification phrase, which may be used by the “Central-Entity” to
`
`identify the user.
`
`The term “Password” is used herein to denote any alphanumeric password, secret
`
`code, PIN, prose phrase or other code, which may be stored in the system to authenticate
`
`the user by the “Central-Entity”.
`
`The term “SecureCode” is used herein to denote any dynamic, non-predictable
`
`and time dependent alphanumeric code, secret code, PIN or other code, which may be
`
`broadcast to the user over a communication network, and may be used as part of a digital
`
`identity to identify a user as an authorized user.
`
`The term "digital identity" is used herein to denote a combination of user's
`
`"SecureCode" and user's information such as "UserName", which may result in a
`
`dynamic, non-predictable and time dependable digital identity that could be used to
`
`identify a user as an authorized user.
`
`The term “financial information” is used herein to denote any credit card and
`
`banking account information such as debit cards, savings accounts and checking
`
`accounts.
`
`SUMMARY OF THE INVENTION
`
`
`
`The invention relates to a system and method provided by a Central-Entity for
`
`centralized identification and authentication of users and their transactions to increase
`
`security in e-commerce. The system includes:
`
`N
`
`A Central-Entity: This entity centralizes users personal and financial
`
`information in a secure environment in order to prevent the distribution of user’s
`
`information in e-commerce. This information is then used to create digital identity for the
`
`users. The users may use their digital identity to identify themselves instead of providing
`
`their personal and financial information to the Extemal-Entities;
`
`N
`
`A plurality of users: A user represents both a typical person consuming
`
`goods and services as well as a business consuming goods and services, who needs to be
`
`identified in order to make online purchases or to get access to the restricted web sites.
`
`The user registers at the Central-Entity to receive his digital identity, which is then
`
`provided to the Extemal-Entity for identification;
`
`N
`
`A plurality of Extemal-Entities: An Extemal-Entity is any party offering
`
`goods or services in e-commerce and needs to authenticate the users based on digital
`
`identity.
`
`The user signs-up at the Central-Entity by providing his personal or financial
`
`information. The Central-Entity creates a new account with user's personal or financial
`
`information and issues a unique UserName and Password to the user. The user provides
`
`his Usemame and Password to the Central-Entity for identification and authentication
`
`purposes when accessing the services provided by the Central-Entity. The Central-Entity
`
`also generates dynamic, non-predictable and time dependent SecureCode for the user per
`
`
`
`user's request and issues the SecureCode to the user. The Central-Entity maintains a copy
`
`of the SecureCode for identification and authentication of the user’s digital identity. The
`
`user presents his UserName and SecureCode as digital identity to the Extemal-Entity for
`
`identification. When an Extemal-Entity receives the user's digital identity (UserName and
`
`SecureCode), the Extemal-Entity will forward this information to the Central-Entity to
`
`identify and authenticate the user. The Central-Entity will validate the information and
`
`sends an approval or denial response back to the Extemal-Entity.
`
`There are also communications networks for the user, the Central-Entity and the
`
`Extemal-Entity to give and receive information between each other.
`
`This invention also relates to a system and method provided by a Central-Entity
`
`for centralized identification and authentication of users to allow them access to restricted
`
`web sites using their digital identity, preferably without revealing confidential personal or
`
`financial information.
`
`This invention further relates to a system and method provided by a Central-
`
`Entity for centralized identification and authentication of users to allow them to purchase
`
`goods and services from an Extemal-Entity using their digital identity, preferably without
`
`revealing confidential personal or financial information.
`
`Accordingly, it is a principal object of the invention to offer digital identity to the
`
`users for identification in e-commerce.
`
`It is another object of the invention to centralize user’s personal and financial
`
`information in a secure environment.
`
`It is another object of the invention to prevent the user from distributing their
`
`personal and financial information.
`
`
`
`It is a further object of the invention to keep merchants, service providers, Internet
`
`sites and financial institutions satisfied by positively identifying and authenticating the
`
`users.
`
`It is another object of the invention to reduce fraud and increase security for e-
`
`commerce.
`
`It is another object of the invention to allow businesses to control visitor's access
`
`to their web sites.
`
`It is another object of the invention to protect the customer from getting bills for
`
`goods and services that were not ordered.
`
`It is another object of the invention to increase customers‘ trust and reduce
`
`customers‘ fear for e-commerce.
`
`It is another object to decrease damages to the customers, merchants and financial
`
`institutions.
`
`It is an object of the invention to provide improved elements and arrangements
`
`thereof for the purposes described which are inexpensive, dependable and fully effective
`
`in accomplishing its intended purposes.
`
`These and other objects of the present invention will become readily apparent
`
`upon further review of the following specification and drawings.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`Fig. l is a high-level overview of a centralized identification and authentication
`
`system and method according to the present invention.
`
`
`
`Fig. 2 is a detailed overview of a centralized identification and authentication
`
`system and method according to the present invention.
`
`Fig. 3 is a block diagram of the registration of a customer utilizing a centralized
`
`identification and authentication system and method according to the present invention.
`
`Fig. 4 is a block diagram of the transaction of a customer utilizing a centralized
`
`identification and authentication system and method according to the present invention.
`
`Fig. 5 is a block diagram of a Central-Entity authorizing a user utilizing a
`
`centralized identification and authentication system and method according to the present
`
`invention.
`
`DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
`
`Detailed descriptions of the preferred embodiment are provided herein. It is to be
`
`understood, however, that the present invention may be embodied in various forms.
`
`Therefore, specific details disclosed herein are not to be interpreted as limiting, but rather
`
`as a basis for the claims and as a representative basis for teaching one skilled in the art to
`
`employ the present invention in virtually any appropriately detailed system, structure or
`
`1113111161‘.
`
`
`
`The invention relates to a system 1 and method 2 to identify and authenticate the
`
`users and their transactions to increase security in e-commerce. Fig. 1 illustrates a system
`
`to positively identify the users 10 in e-commerce based on digital identity.
`
`The system 1 comprises a plurality of users 10, a plurality of Extemal-Entities 20
`
`with goods and services that are desired by the users 10 and a Central-Entity 30 providing
`
`a unique UserName and Password to the users 10 and generating dynamic, non-
`
`predictable and time dependent SecureCode for the users 10 per user's request. There are
`
`also communication networks 50 for the user 10, the Central-Entity 30 and the Extemal-
`
`Entity 20 to give and receive information between each other.
`
`It would be desirable to develop a new system 1 and method 2 to centralize user's
`
`personal and financial information in a secure environment and to offer digital identity to
`
`the users 10 in order to provide privacy, increase security and reduce fraud in e-
`
`commerce. Ideally, a secure identification and authentication system 1 would identify
`
`legitimate users 10 and unauthorized users 10. This would increase the user's trust, which
`
`leads to more sales and cash flow for the merchants/service providers.
`
`The present invention relates to a system 1 and method 2 to support this ideal
`
`identification and authentication system. For identification purpose, a digital identity (a
`
`unique UserName and a dynamic, non-predictable and time dependent SecureCode) is
`
`used by the user 10 at the time of ordering or at the time of accessing a restricted Internet
`
`site. A series of steps describing the overall method are conducted between the users 10,
`
`the Central-Entity 30 and the Extemal-Entity 20 and are outlined in Fig. 3,4,5.
`
`There are three distinct phases involved in using the centralized identification and
`
`authentication system Fig. 2, the first of which being the registration phase, which is
`
`
`
`depicted in Fig. 3. During the registration phase, the user 10 provides his personal or
`
`financial information to the Central-Entity 30. The user l0 registers at the Central-Entity
`
`30, 100, 104 and receives his account and login information such as UserName and
`
`Password 108. User 10 can access his account at any time by accessing the Central-
`
`Entity's system using a communication network 50 and logging into the system.
`
`Next is the transaction phase, where the user 10 attempts to access a restricted
`
`web site or attempts to buy services or products ll0, as illustrated in Fig. 4, through a
`
`standard interface provided by the Extemal-Entity 20, similar to what exists today and
`
`selects digital identity as his identification and authorization or payment option. The
`
`Extemal-Entity 20 displays the access or purchase authorization form requesting the user
`
`10 to authenticate himself using his UserName and SecureCode as digital identity. The
`
`user 10 requests SecureCode from the Central-Entity 30 by accessing his account over
`
`the communication network 50, ll4. The Central-Entity 30 generates dynamic, non-
`
`predictable and time dependable SecureCode M8 for the user 10. The Central-Entity 30
`
`maintains a copy of the SecureCode for identification and authentication of the user l0
`
`and issues the SecureCode to the user 10. When the user 10 receives the SecureCode 120,
`
`the user 10 provides his UserName and SecureCode as digital identity to the Extemal-
`
`Entity 20, l24, Fig. 4.
`
`The third phase is identification and authorization phase. Once the user l0
`
`provides his digital identity to the Extemal-Entity 20, the Extemal-Entity 20 forwards
`
`user's digital identity along with the identification and authentication request to the
`
`Central-Entity 30, l30, as illustrated in Fig. 5. When the Central-Entity 30 receives the
`
`request containing the user's digital identity, the Central-Entity 30 locates the user's
`
`l0
`
`
`
`digital identity (UserName and SecureCode) in the system 134 and compares it to the
`
`digital identity received fiom the Extemal-Entity 20 to identify and validate the user l0,
`
`l38. The Central-Entity 30 generates a reply back to the Extemal-Entity 20 via a
`
`communication network 50 as a result of the comparison. If both digital identities match,
`
`the Central-Entity 30 will identify the user l0 and will send an approval of the
`
`identification and authorization request to the Extemal-Entity 20, l40, otherwise will
`
`send a denial of the identification and authorization request to the Extemal-Entity 20,
`
`l50. The Extemal-Entity 20 receives the approval or denial response in a matter of
`
`seconds. The Extemal-Entity 20 might also display the identification and authentication
`
`response to the user 10.
`
`To use the digital identity feature, the Central-Entity 30 provides the authorized
`
`user l0 the capability to obtain a dynamic, non-predictable and time dependable
`
`SecureCode. The user 10 will provide his UserName and SecureCode as digital identity
`
`to the Extemal-Entity 20 when this information is required by the Extemal-Entity 20 to
`
`identify the user 10.
`
`The Central-Entity 30 may add other information to the SecureCode before
`
`sending it to the user 10, by algorithmically combining SecureCode with user’s
`
`information such as UserName. The generated SecureCode will have all the information
`
`needed by the Central-Entity 30 to identify the user 10. In this case the user will only
`
`need to provide his SecureCode as digital identity to the Extemal-Entity 20 for
`
`identification.
`
`In the preferred embodiment, the user 10 uses the communication network 50 to
`
`receive the SecureCode from the Central-Entity 30. The user 10 submits the SecureCode
`
`ll
`
`
`
`in response to Extemal-Entity's request 124. The SecureCode is preferably implemented
`
`through the use of an indicator. This indicator has two states: "on" for valid and "off' for
`
`invalid. When the user 10 receives the SecureCode, the SecureCode is in "on" or "valid"
`
`state. The Central-Entity 30 may improve the level of security by invalidating the
`
`SecureCode after it's use. This may increase the level of difficulty for unauthorized user.
`
`Two events may cause a valid SecureCode to become invalid:
`
`l.
`
`Timer event: This event occurs when the predefined time passes. As
`
`mentioned above the SecureCode is time dependent.
`
`2.
`
`Validation event: This event occurs when the SecureCode forwarded to
`
`the Central-Entity 30 (as part of digital identity) corresponds to the user's SecureCode
`
`held in the system. When this happens the Central-Entity 30 will invalidate the
`
`SecureCode to prevent future use and sends an approval identification and authorization
`
`message to the Extemal-Entity 20,140.
`
`A valid digital identity corresponds to a valid SecureCode. When the SecureCode
`
`becomes invalid, the digital identity will also become invalid.
`
`While the invention has been described in connection with a preferred
`
`embodiment, it is not intended to limit the scope of the invention to the particular form
`
`set forth, but on the contrary, it is intended to cover such alternatives, modifications, and
`
`equivalents as may be included within the spirit and scope of the invention as defined by
`
`the appended claims.
`
`l2
`
`
`
`Claims
`
`1. A method for authenticating a user in e-commerce for a transaction based on a digital
`
`identity issued by a Central-Entity, the method comprising:
`
`a. the user communicates with an External-Entity and performs a secure
`
`transaction with the External-Entity;
`
`b. the External-Entity requires the user to authenticate itself by providing a valid
`
`digital identity before executing the transaction;
`
`c. the user establishes communication with the Central-Entity and submits a
`
`request for a dynamic SecureCode in response to the Extemal-Entity's requirement;
`
`d. the Central-Entity:
`
`i. dynamically generates a dynamic SecureCode for the user in response to the
`
`user request;
`
`ii. algorithmically combines said generated SecureCode with user-specific
`
`information before providing the SecureCode to the user;
`
`iii. maintains a copy of said generated SecureCode; and
`
`iv. provides said generated SecureCode to the user,
`
`e. the Extemal-Entity receives a digital identity from the user, wherein the digital
`
`identity comprises a UserName and said generated SecureCode, and forwards said digital
`
`identity to the Central-Entity for authentication of the user;
`
`f. the Central-Entity receives said digital identity, validates said digital identity
`
`based on said SecureCode maintained in its system, and if valid, then authenticates the
`
`user and sends an affirrnation message to the Extemal-Entity; and
`
`13
`
`
`
`g. upon receipt of an affirmation message from the Central-Entity, the Extemal-
`
`Entity executes the transaction.
`
`2. A method as recited in claim 1, wherein said user has a pre-existing
`
`relationship with the Extemal-Entity.
`
`3. A method as recited in claim 1, wherein said user has no pre-existing
`
`relationship with the Extemal-Entity.
`
`4. A method as recited in claim 1, wherein said Extemal-Entity and said Central-
`
`Entity share a cryptographic algorithm.
`
`5. A method as recited in claim 1, wherein said Extemal-Entity and said Central-
`
`Entity do not share any cryptographic algorithm.
`
`6. A method as recited in claim 1, wherein said Extemal-Entity and said Central-
`
`Entity are within the same organization.
`
`7. A method as recited in claim 1, wherein said Extemal-Entity and said Central-
`
`Entity are the same organization.
`
`8. A method as recited in claim 7, wherein all the communications and
`
`transactions between said Extemal-Entity and said Central-Entity are within said same
`
`organization.
`
`9. A method as recited in claim 8, wherein said all the communications and
`
`transactions between said Extemal-Entity and said Central-Entity are transparent to said
`
`user and an outside observer.
`
`l4
`
`
`
`10. A method as recited in claim 8, wherein said all the communications and
`
`transactions between said Extemal-Entity and said Central-Entity are done within a same
`
`server.
`
`ll. A method as recited in claim 8, wherein said all the communications and
`
`transactions between said Extemal-Entity and said Central-Entity are done between two
`
`or more different servers.
`
`12. A method as recited in claim 1, wherein said digital identity is based on a
`
`logical combination of the SecureCode and the user-specific information.
`
`13. A method as recited in claim 1, wherein said digital identity is based on the
`
`SecureCode and the user-specific information.
`
`14. The method of claim 1, wherein the user-specific information comprises
`
`UserName.
`
`15. The method of claim 14, wherein the UserName corresponds to a
`
`alphanumeric name, ID, login name, an identification phrase, account number, phone
`
`number, IP address, hardware key, software key, or serial number.
`
`16. The method of claim l, wherein the transaction corresponds to a financial
`
`transaction.
`
`17. The method of claim l, wherein the transaction corresponds to a non-financial
`
`transaction.
`
`18. The method of claim 1, wherein the transaction corresponds to access to
`
`restricted web-site.
`
`l5
`
`
`
`19. The method of claim 1, wherein said communication is done on a
`
`communication network including Internet, wireless, mobile network, satellite, or private
`
`network.
`
`20. The method of claim 1, wherein said communication is done on a
`
`communication network including at least a server and a client device.
`
`21. A system for authenticating a user in e-commerce for a transaction based on a digital
`
`identity issued by a Central-Entity, the system comprising:
`
`a. the user in communication with an Extemal-Entity and performs a secure
`
`transaction with the Extemal-Entity;
`
`b. the Extemal-Entity requires the user to authenticate itself by providing a valid
`
`digital identity before executing the transaction;
`
`c. the user in communication with the Central-Entity and with a request for a
`
`dynamic SecureCode in response to the Extemal-Entity's requirement;
`
`d. the Central-Entity adapted to:
`
`i. dynamically generate a dynamic SecureCode for the user in response to the user
`
`request;
`
`ii. algorithmically combine said generated SecureCode with user-specific
`
`information before providing the SecureCode to the user;
`
`iii. maintain a copy of said generated SecureCode; and
`
`iv. provide said SecureCode to the user,
`
`16
`
`
`
`e. the Extemal-Entity adapted to receive a digital identity from the user, wherein
`
`the digital identity comprises a UserName and said generated SecureCode, and to
`
`forward said digital identity to the Central-Entity to authenticate the user;
`
`f. the Central-Entity further adapted to Validate the received said digital identity
`
`based on said SecureCode maintained in its system, and if Valid, then to authenticate the
`
`user, and send an affirrnation message to the Extemal-Entity; and
`
`g. the Extemal-Entity further adapted to execute the transaction upon receipt of an
`
`affirmation message from the Central-Entity.
`
`22. A system as recited in claim 21, wherein said user has a pre-existing
`
`relationship with the Extemal-Entity.
`
`23. A system as recited in claim 21, wherein said user has no pre-existing
`
`relationship with the Extemal-Entity.
`
`24. A system as recited in claim 21, wherein said Extemal-Entity and said
`
`Central-Entity share a cryptographic algorithm.
`
`25. A system as recited in claim 21, wherein said Extemal-Entity and said
`
`Central-Entity do not share any cryptographic algorithm.
`
`26. A system as recited in claim 21, wherein said Extemal-Entity and said
`
`Central-Entity are within the same organization.
`
`27. A system as recited in claim 21, wherein said Extemal-Entity and said
`
`Central-Entity are the same organization.
`
`17
`
`
`
`28. A system as recited in claim 26, wherein all the communications and
`
`transactions between said Extemal-Entity and said Central-Entity are within said same
`
`organization.
`
`29. A system as recited in claim 28, wherein said all the communications and
`
`transactions between said Extemal-Entity and said Central-Entity are transparent to an
`
`outside observer and said user.
`
`30. A system as recited in claim 28, wherein said all the communications and
`
`transactions between said Extemal-Entity and said Central-Entity are done within a same
`
`server.
`
`3 l. A system as recited in claim 28, wherein said all the communications and
`
`transactions between said Extemal-Entity and said Central-Entity are done between two
`
`or more different servers.
`
`32. A system as recited in claim 21, wherein said digital identity is based on a
`
`logical combination of the SecureCode and the user-specific information.
`
`33. A system as recited in claim 21, wherein said digital identity is based on the
`
`SecureCode and the user-specific information.
`
`34. The system of claim 21, wherein the user-specific information comprises
`
`UserName.
`
`35. The system of claim 34, wherein the UserName corresponds to a
`
`alphanumeric name, ID, lo gin name, identification phrase, account number, phone
`
`number, IP address, hardware key, software key, or serial number.
`
`36. The system of claim 21, wherein the transaction corresponds to a financial
`
`transaction.
`
`18
`
`
`
`37. The system of claim 21, wherein the transaction corresponds to a non-
`
`financial transaction.
`
`38. The system of claim 21, wherein the transaction corresponds to access to
`
`restricted web-site.
`
`39. The system of claim 21, wherein said communication is done on a
`
`communication network including Internet, wireless, mobile network, satellite, or private
`
`network.
`
`40. The system of claim 21, wherein said communication is done on a
`
`communication network including at least a server and a client device.
`
`41. A method as recited in claim 4, wherein said Extemal-Entity is using said
`
`shared cryptographic algorithm to authenticate a user’s identity based on said
`
`SecureCode.
`
`42. A method as recited in claim 4, wherein said Central-Entity is using said
`
`shared cryptographic algorithm to generate said SecureCode.
`
`43. A method as recited in claim 4, wherein said Central-Entity is using said
`
`shared cryptographic algorithm to authenticate a user’s identity based on said
`
`SecureCode.
`
`44. A method as recited in claim l, wherein said Extemal-Entity and said Central-
`
`Entity are the same entity.
`
`45. The method as recited in claim l, wherein said Central —Entity generates
`
`SecureCode with dependence on at least a dynamic variable.
`
`46. The method as recited in claim 45, wherein said dynamic variable is time.
`
`19
`
`
`
`47. The method as recited in claim l, wherein said Central-Entity generates
`
`SecureCode with dependence on one or more alphanumeric Values.
`
`48. The method as recited in claim 47, wherein said one or more alphanumeric
`
`Values are one or more of the following: unique key, ID, login name, password,
`
`identification phrase, account number, phone number, IP address, Hardware key,
`
`software key or serial number.
`
`49. The method as recited in claim 47, wherein said one or more alphanumeric
`
`Values are seed Values.
`
`50. The method as recited in claim l, wherein said digital identity is a
`
`SecureCode.
`
`5 l. The method as recited in claim l, wherein said user communicates with said
`
`Central-Entity over a communication network.
`
`52. The system as recited in claim 21, wherein said digital identity is a
`
`SecureCode.
`
`53. The method as recited in claim l, wherein said user communicates with said
`
`Extemal-Entity over a communication network.
`
`54. The system as recited in claim 21, wherein said user communicates with said
`
`Central-Entity over a communication network.
`
`55. The system as recited in claim 21, wherein said user communicates with said
`
`Extemal-Entity over a communication network.
`
`56. The method as recited in claim 1, wherein said request is generated based on a
`
`request event which is automatically generated from a computer, server, or central entity.
`
`20
`
`
`
`57. The method as recited in claim 1, wherein said request is generated based on a
`
`request event which is manually generated by an entity or person.
`
`58. The method as recited in claim 1, wherein said request is generated based on a
`
`request event.
`
`59. The method as recited in claim 58, wherein said request event is pressing a
`
`button.
`
`60. The method as recited in claim 58, wherein said request event is a user’s
`
`authentication request at said Extemal-Entity.
`
`61. The method as recited in claim 58, wherein said request event is sending a
`
`message to said Central-Entity.
`
`62. The method as recited in claim 61, wherein said message is a text message.
`
`21
`
`
`
`ABSTRACT OF THE DISCLOSURE
`
`A method and system is provided by a Central-Entity, for identification and
`
`authorization of users over a communication network such as Internet. Central-Entity
`
`centralizes users personal and financial information in a secure environment in order to
`
`prevent the distribution of user’s information in e-commerce. This information is then
`
`used to create digital identity for the users. The digital identity of each user is dynamic,
`
`non predictable and time dependable, because it is a combination of user name and a
`
`dynamic, non predictable and time dependable secure code that will be provided to the
`
`user for his identification. The user will provide his digital identity to an Extemal-Entity
`
`such as merchant or service provider. The Extemal-Entity is dependent on Central-Entity
`
`to identify the user based on the digital identity given by the user. The Extemal-Entity
`
`forwards user’s digital identity to the Central-Entity for identification and authentication
`
`of the user and the transaction. The identification and authentication system provided by
`
`the Central-Entity, determines whether the user is an authorized user by checking
`
`whether the digital identity provided by the user to the Extemal-Entity, corresponds to the
`
`digital identity being held for the user by the authentication system. If they correspond,
`
`then the authentication system identifies the user as an authorized user, and sends an
`
`approval identification and authorization message to the Extemal-Entity, otherwise the
`
`authentication system will not identify the user as an authorized user and sends a denial
`
`identification and authorization message to the Extemal-Entity.
`
`22
`
`
`
`1/5
`
`50
`
`20
`
`External-Entity 1
`
`Communication
`Network
`
`(such as Internet)
`
`20
`
`External-Entity 2
`
`20
`
`External-Entity 3
`
`
`
`
`
`
`
`30
`
`Central-Entity
`
`Figure 1
`
`23
`
`
`
`Personal or Financial information
`
`2/5
`
`SecureCode
`
`Generation
`Account
`
`Creation ‘”\~—— .. \
`V
`» ‘”
`Digital Identity
`“
`
`Comparison
`®e,
`
`Account Information
`
`//i
`
`
`Registration
`
`RequestJReceive SecureCode
`, ,./—\_
`
`
`
`
`,,,.—\.,-""““ xi
`
`Central-Entity
`
`30
`
`V}, Communication
`Network
`
`/
`
`'
`
`/
`
`
`
`_....“
`
`External-Entity
`
`20
`
`§teegFi:tration Phase
`
`Co.) @
`
`Transaction Phase
`Steps:
`
`Q’) G) G) @ ® 6)
`
`Identification&Author