User authentication and secure transaction system
First Claim
1. A distributed data processing system (DDPS) functioning to reduce fraud, said DDPS comprising:
- an enrollment computer having data entry capabilities to capture user identity data and/or merchant identity data;
a central control computer having access to one or more databases including user data, and/or merchant data, and/or enrollment data, and/or fraud related data, and/or duplicate data, and/or transaction data;
said central control computer further comprising a key creation subsystem and an authentication subsystem;
a merchant computer having data collection and transaction subsystems;
a first link enabling a first two way communication between the central control computer and the enrollment computer;
a second link enabling a second two way communication between the central control computer and the merchant computer;
wherein each user and/or each merchant may enroll in the DDPS via the enrollment computer, obtain a user key or a merchant access key respectively, and each user may engage in said transaction subsystem as authenticated by the authentication subsystem via the merchant computer and the second link;
the central control computer having a higher level of physical and/or electronic security than the merchant computer; and
the merchant computer having a higher level of physical and/or electronic security than the enrollment computer.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and apparatus to minimize fraud at the user, merchant, and/or financial institution level. A control computer provides authentication and/or transaction processing. The control computer has access to databases comprising user, merchant, enrollment, transaction, duplicate, and fraudulent activity data. Parties may enroll in the system via an enrollment computer and conduct transactions through the system via a merchant computer. Users are issued hardware identification keys containing an encrypted user code. Access keys can be required in addition to an authorized user key to conduct certain actions. Keys are copy protected and can comprise a computer operating system. The hardware profile of client devices can be recorded. Parties may specify minimum and/or maximum security levels and restrict transactions. Transactions with parties can be authenticated without sending user personal data to the parties. Users can control transfer of information from their personal communication device to other devices.
-
Citations
54 Claims
-
1. A distributed data processing system (DDPS) functioning to reduce fraud, said DDPS comprising:
-
an enrollment computer having data entry capabilities to capture user identity data and/or merchant identity data;
a central control computer having access to one or more databases including user data, and/or merchant data, and/or enrollment data, and/or fraud related data, and/or duplicate data, and/or transaction data;
said central control computer further comprising a key creation subsystem and an authentication subsystem;
a merchant computer having data collection and transaction subsystems;
a first link enabling a first two way communication between the central control computer and the enrollment computer;
a second link enabling a second two way communication between the central control computer and the merchant computer;
wherein each user and/or each merchant may enroll in the DDPS via the enrollment computer, obtain a user key or a merchant access key respectively, and each user may engage in said transaction subsystem as authenticated by the authentication subsystem via the merchant computer and the second link;
the central control computer having a higher level of physical and/or electronic security than the merchant computer; and
the merchant computer having a higher level of physical and/or electronic security than the enrollment computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A distributed data processing security system (DDPSS) functioning to provide secured access to a facility, said DDPSS comprising:
-
an enrollment computer having data entry capabilities to capture user identity data;
a central control computer having access to one or more databases including user data, and/or merchant data, and/or enrollment data, and/or fraud related data, and/or duplicate data, and/or transaction data;
said central control computer further comprising a key creation subsystem and an authentication subsystem;
a secured facility locking means functioning to open/close via a remote signal;
a first link enabling a first two way communication between the central control computer and the enrollment computer;
a second link enabling a second two way communication between the central control computer and the secured facility locking means; and
wherein a new user may enroll in the DDPSS via the enrollment computer, obtain a user key, and a user may create the remote signal as authenticated by the authentication subsystem via the secured facility locking means, the second link, and the central control computer.
-
-
27. A method of authenticating a user or a merchant in order to execute a transaction, the method comprising the steps of:
-
creating a user identity and/or a merchant identity by assigning each a key;
interfacing the key issued to the user or the merchant to an authentication subsystem;
obtaining from the key information identifying the user or merchant;
determining characteristics of the transaction;
determining authentication requirements for the transaction by comparing the user or merchant identity and the characteristics of the transaction to respective user or merchant authentication requirements previously provided by the respective user or merchant housed in one or more databases accessible to the authentication subsystem;
determining required verification data from the authentication requirements, wherein the required verification data further comprises a user or merchant voice segment and a user'"'"'s or merchant'"'"'s driver'"'"'s license;
requesting the user or merchant to provide the authentication subsystem the required verification data;
providing the authentication subsystem the required verification data;
comparing the required verification data provided by the user or merchant to verification data housed in one or more databases accessible to the authentication subsystem which was provided by the user or merchant respectively during an enrollment process; and
granting or denying authentication based upon a predetermined policy in response to results of comparing the required verification data housed in one or more databases accessible to the authentication subsystem which was provided by the user or merchant respectively during the enrollment process. - View Dependent Claims (28, 29, 30)
-
-
31. A key comprising:
-
a portable card having a computer readable segment and a unique cardholder identity key thereon;
said computer readable segment further comprising a read-only computer operating system segment capable of operating a computer; and
wherein the key can be used to operate the computer; and
wherein a user can conduct a transaction only via a central control computer'"'"'s successful interactive authentication of verification data housed in a central control computer accessible database and not housed in the portable card. - View Dependent Claims (32, 33)
-
-
34. A distributed data processing system (DDPS), the DDPS comprising:
-
a personal communication device comprising the ability to send data to and receive data from an external device;
a central control computer having access to one or more databases housing a user'"'"'s data;
a first link enabling a first two way communication between the central control computer and the personal communication device;
a second link enabling a second two way communication between the central control computer and the external device;
wherein the central control computer can police an exchange of data between the personal communication device and the external device; and
wherein the user can create a custom policing protocol. - View Dependent Claims (35, 36)
-
-
37. A key creation process, the process comprising the steps of:
-
interfacing an access key and a user key to a chosen device;
authenticating the access key;
authenticating the user key;
entering identity data into the chosen device;
creating a new access profile and/or a new user profile from the identity data;
creating personal unique login credentials from the new access profile and/or the new user profile;
creating an alphanumeric identification code from the personal unique login credentials; and
producing a new access key or a new user key comprising the alphanumeric identification code. - View Dependent Claims (38, 39)
-
-
40. A process of authenticating a key when the key is first used in an on-line transaction, the process comprising the steps of:
-
providing a card having the key, having a computer readable segment, and having an alphanumeric identification code;
interfacing the key to a chosen device;
logging onto a website associated with a central control computer;
obtaining the alphanumeric identification code from the key;
comparing the alphanumeric identification code from the key to a alphanumeric identification code housed in a database accessible to an authentication subsystem;
determining authentication requirements for the key by comparing a key holder'"'"'s identity to requirements previously provided by the key holder housed in one or more databases accessible to the authentication subsystem;
determining required verification data from the authentication requirements;
requesting the key holder provide the authentication subsystem the required verification data;
providing the authentication subsystem the required verification data;
comparing the required verification data provided by the key holder to verification data housed in one or more databases accessible to the authentication subsystem which was provided by the key holder during an enrollment process;
granting or denying authentication based upon a predetermined policy in response to results of comparing the required verification data to the verification data provided by the key holder during the enrollment process; and
transferring software having the ability to create a hardware identification signature to the chosen device if the authentication subsystem grants authentication.
-
-
41. A process of authenticating a key when used in an on-line transaction subsequent to the key'"'"'s first on-line transaction, the process comprising the steps of:
-
providing a card having the key, having a computer readable segment, and having an alphanumeric identification code;
interfacing the key to a chosen device;
logging onto a website associated with a central control computer;
generating a hardware signature of the chosen device;
obtaining the alphanumeric identification code from the key and the hardware signature from the chosen device;
comparing the alphanumeric identification code from the key to a alphanumeric identification code housed in a database accessible to an authentication subsystem;
determining authentication requirements for the key by comparing a key holder'"'"'s identity to requirements previously provided by the key holder housed in one or more databases accessible to the authentication subsystem;
determining required verification data from the authentication requirements;
requesting the key holder provide the authentication subsystem the required verification data;
providing the authentication subsystem the required verification data;
comparing the required verification data provided by the key holder to verification data housed in one or more databases accessible to the authentication subsystem which was provided by the key holder during an enrollment process;
granting or denying authentication based upon a predetermined policy in response to results of comparing the required verification data to the verification data provided by the key holder during the enrollment process;
comparing the hardware signature from the chosen device to a hardware signature of a device used for initial login of the key housed in a database accessible to the authentication subsystem; and
permitting the key holder to modify a profile associated with the key holder if the hardware signature of the chosen device matches the hardware signature of the device used for initial login of the key.
-
-
42. A process of authenticating an on-line transaction between a user and a party, the process comprising the steps of:
-
providing a card having a computer readable segment, wherein the computer readable segment comprises an unique identification code associated with the user;
providing a current communication device identifiable by an electronic signature, wherein the current communication device is pre-registered via its electronic signature with a central control computer;
providing a database accessible by the central control computer comprising one or more pre-registered electronic signatures, wherein each pre-registered electronic signature corresponds to a communication device pre-registered with the central control computer;
connecting the user to the party via the current communication device and a communication link;
interfacing the card to the current communication device;
verifying that the electronic signature of the current communication device matches one of the pre-registered electronic signatures in the database accessible by the central control computer; and
permitting the on-line transaction to proceed if the electronic signature of the current communication device matches one of the pre-registered electronic signatures. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 52, 53)
-
-
51. The process of 46 further comprising permitting the user to register an additional communication device with the central control computer solely via the administrative communication device.
-
54. A process of authenticating an on-line transaction between a user and a party, the process comprising the steps of:
-
providing a card having a computer readable segment, wherein the computer readable segment comprises an unique identification code associated with the user;
providing a current communication device identifiable by an electronic signature, wherein the current communication device is not pre-registered via its electronic signature with a central control computer;
providing a database accessible by the central control computer comprising one or more pre-registered electronic signatures, wherein each pre-registered electronic signature corresponds to a communication device pre-registered with the central control computer;
connecting the user to the party via the current communication device and a communication link;
interfacing the card to the current communication device;
verifying that the electronic signature of the current communication device matches one of the pre-registered electronic signatures in the database accessible by the central control computer; and
prohibiting the on-line transaction from proceeding because the electronic signature of the current communication device does not match one of the pre-registered electronic signatures.
-
Specification