User authentication and secure transaction system

US 20060212407A1
Filed: 06/22/2005
Published: 09/21/2006
Est. Priority Date: 03/17/2005
Status: Abandoned Application

First Claim

Patent Images

1. A distributed data processing system (DDPS) functioning to reduce fraud, said DDPS comprising:

an enrollment computer having data entry capabilities to capture user identity data and/or merchant identity data;

a central control computer having access to one or more databases including user data, and/or merchant data, and/or enrollment data, and/or fraud related data, and/or duplicate data, and/or transaction data;

said central control computer further comprising a key creation subsystem and an authentication subsystem;

a merchant computer having data collection and transaction subsystems;

a first link enabling a first two way communication between the central control computer and the enrollment computer;

a second link enabling a second two way communication between the central control computer and the merchant computer;

wherein each user and/or each merchant may enroll in the DDPS via the enrollment computer, obtain a user key or a merchant access key respectively, and each user may engage in said transaction subsystem as authenticated by the authentication subsystem via the merchant computer and the second link;

the central control computer having a higher level of physical and/or electronic security than the merchant computer; and

the merchant computer having a higher level of physical and/or electronic security than the enrollment computer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and apparatus to minimize fraud at the user, merchant, and/or financial institution level. A control computer provides authentication and/or transaction processing. The control computer has access to databases comprising user, merchant, enrollment, transaction, duplicate, and fraudulent activity data. Parties may enroll in the system via an enrollment computer and conduct transactions through the system via a merchant computer. Users are issued hardware identification keys containing an encrypted user code. Access keys can be required in addition to an authorized user key to conduct certain actions. Keys are copy protected and can comprise a computer operating system. The hardware profile of client devices can be recorded. Parties may specify minimum and/or maximum security levels and restrict transactions. Transactions with parties can be authenticated without sending user personal data to the parties. Users can control transfer of information from their personal communication device to other devices.

480 Citations

54 Claims

1. A distributed data processing system (DDPS) functioning to reduce fraud, said DDPS comprising:
- an enrollment computer having data entry capabilities to capture user identity data and/or merchant identity data;
  
  a central control computer having access to one or more databases including user data, and/or merchant data, and/or enrollment data, and/or fraud related data, and/or duplicate data, and/or transaction data;
  
  said central control computer further comprising a key creation subsystem and an authentication subsystem;
  
  a merchant computer having data collection and transaction subsystems;
  
  a first link enabling a first two way communication between the central control computer and the enrollment computer;
  
  a second link enabling a second two way communication between the central control computer and the merchant computer;
  
  wherein each user and/or each merchant may enroll in the DDPS via the enrollment computer, obtain a user key or a merchant access key respectively, and each user may engage in said transaction subsystem as authenticated by the authentication subsystem via the merchant computer and the second link;
  
  the central control computer having a higher level of physical and/or electronic security than the merchant computer; and
  
  the merchant computer having a higher level of physical and/or electronic security than the enrollment computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The DDPS of claim 1 further comprising a hierarchical key creation structure, wherein:
    - an administrator access key for a central control computer administrator has an exclusive capability to create an enrollment access key for an enrollment agent;
      
      the enrollment access key has an exclusive capability to create a financial access key for a financial agent;
      
      the financial access key has an exclusive capability to create the user key for each user and the merchant access key for each merchant;
      
      the user key and the merchant access key cannot create any other keys; and
      
      wherein any key further comprises a unique identification subsystem.
  - 3. The DDPS of claim 2, wherein identity data for each user, for each merchant, the financial agent, the enrollment agent, and the central control computer administrator is housed in a respective user profile, merchant profile, financial profile, enrollment profile, and central control computer administrator profile.
  - 4. The DDPS of claim 3, wherein the identity data for the central control computer administrator further comprises:
    - a name;
      
      a physical address;
      
      an email address;
      
      a client hardware identification signature; and
      
      an internet protocol address.
  - 5. The DDPS of claim 2, wherein the key creation subsystem further comprises a key creation process, the process comprising:
    - the central control computer administrator, and/or enrollment agent, and/or financial agent interfacing an access key and the user key to a chosen device;
      
      an access key authentication subsystem authenticating the access key;
      
      a user key authentication subsystem authenticating the user key;
      
      a party entering identity data into the chosen device;
      
      the key creation subsystem creating a new access profile and/or a new user profile from the identity data;
      
      the key creation subsystem creating personal unique login credentials from the new access profile and/or the new user profile;
      
      the key creation subsystem creating an alphanumeric identification code from the personal unique login credentials; and
      
      wherein a new access key or a new user key comprising the alphanumeric identification code is produced.
  - 6. The DPPS of claim 1, wherein each key further comprises a portable card with a computer readable segment.
  - 7. The DDPS of claim 6, wherein each key comprises a copy protection subsystem.
  - 8. The DDPS of claim 6, wherein each portable card further comprises a compact disc.
  - 9. The DDPS of claim 6, wherein each key further comprises an alphanumeric identification code.
  - 10. The DDPS of claim 1, wherein the user identity data further comprises:
    - a user name;
      
      a physical mailing address;
      
      a social security number;
      
      a date of birth;
      
      a user photo;
      
      a government issued identification code;
      
      credit/debit card information;
      
      bank account information;
      
      biometric information; and
      
      a system based transaction limit.
  - 11. The DDPS of claim 1 further comprising a user configurable user profile in a central control computer accessible database, wherein the user profile requires the authentication subsystem to follow a predetermined minimum authentication procedure established by the user when authenticating an individual who purports to be the user.
  - 12. The DDPS of claim 11, wherein the user configurable user profile in the central control computer accessible database further comprises the user profile prohibiting the authentication subsystem from authenticating transactions on behalf of the user that are not of a predetermined transaction type, that exceed a predetermined consideration amount, that fall outside a predetermined time frame, and/or occur outside a predetermined geographic scope.
  - 13. The DDPS of claim 11, wherein the user configurable user profile in the central control computer accessible database further comprises instructing the central control computer to notify the user by electronic means when the central control computer processes transactions of a predetermined category on the user'"'"'s behalf.
  - 14. The DDPS of claim 1 further comprising a user configurable user profile in a central control computer accessible database, wherein the user profile prohibits the authentication subsystem from transferring predetermined categories of user identity data to a third party when verifying the user on behalf of the third party.
  - 15. The DDPS of claim 1 further comprising a merchant configurable merchant profile in a central control computer accessible database, wherein the merchant profile requires the authentication subsystem to follow a predetermined minimum authentication procedure when authenticating a party who wishes to enter into a transaction with the merchant.
  - 16. The DDPS of claim 1, wherein the user identity data for enrollment of the user further comprises an electronically stored user voice segment.
  - 17. The DDPS of claim 1, where the user identity data for enrollment of the user further comprises an electronically stored image of the user'"'"'s face.
  - 18. The DDPS of claim 1, wherein the transaction subsystem further comprises an exchange of consideration for a product and/or service.
  - 19. The DDPS of claim 1, wherein the transaction subsystem further comprises a lock control subsystem, wherein the user can operate a lock.
  - 20. The DDPS of claim 1, further comprising a facilitation subsystem, wherein the user can exchange consideration with another party.
  - 21. The DDPS of claim 1 further comprising:
    - a user computer means functioning to access the merchant computer for conducting a user transaction;
      
      a third link enabling a third two way communication between the merchant computer and the user computer; and
      
      wherein the user may engage in the transaction subsystem as authenticated by the authentication subsystem via the user computer, the third link, the merchant computer, and the second link.
  - 22. The DDPS of claim 1 further comprising:
    - a device having the ability to generate a device profile comprising its hardware and/or software characteristics;
      
      a fourth link enabling a fourth two way communication between the central control computer and the device;
      
      wherein, the authentication subsystem can authenticate the device via the fourth link by comparing the device profile generated by the device to device data housed in the one or more databases comprising device data accessible to the central control computer; and
      
      the central control computer having a higher level of physical and/or electronic security than the device.
  - 23. The DDPS of claim 1 further comprising a new user and/or a new merchant enrollment process, the enrollment process further comprising:
    - wherein at least a minimum of predetermined categories of user identity data and/or merchant identity data is provided to the DDPS;
      
      wherein the DDPS compares the user identity data or merchant identity data provided by the new user or new merchant respectively to data housed in the one or more databases comprising registered user data, registered merchant data, fraud related data, and duplicate data;
      
      wherein the DDPS either grants or denies enrollment based upon a predetermined policy in response to the above mentioned comparison;
      
      wherein the DDPS writes the user identity data or merchant identity data provided by the new user or new merchant respectively to one or more databases; and
      
      wherein the new user or new merchant is mailed a key comprising information identifying the new user or new merchant if the DDPS grants enrollment.
  - 24. The DDPS of claim 1 further comprising:
    - a personal communication device capable of acting as a computer terminal;
      
      an external device capable of conducting a transaction;
      
      a fifth link enabling a fifth two way communication between the central control computer and the personal communication device;
      
      a sixth link enabling a sixth two way communication between the central control computer and the external device; and
      
      wherein the user can access the external device as governed by the central control computer via the personal communication device, the fifth link, and the sixth link.
  - 25. The DDPS of claim 24, wherein:
    - the personal communication device comprises a portable device;
      
      the external device comprises a lock; and
      
      wherein the user can operate the lock via the portable device, the fifth link, the central control computer, and the sixth link.

26. A distributed data processing security system (DDPSS) functioning to provide secured access to a facility, said DDPSS comprising:
- an enrollment computer having data entry capabilities to capture user identity data;
  
  a central control computer having access to one or more databases including user data, and/or merchant data, and/or enrollment data, and/or fraud related data, and/or duplicate data, and/or transaction data;
  
  said central control computer further comprising a key creation subsystem and an authentication subsystem;
  
  a secured facility locking means functioning to open/close via a remote signal;
  
  a first link enabling a first two way communication between the central control computer and the enrollment computer;
  
  a second link enabling a second two way communication between the central control computer and the secured facility locking means; and
  
  wherein a new user may enroll in the DDPSS via the enrollment computer, obtain a user key, and a user may create the remote signal as authenticated by the authentication subsystem via the secured facility locking means, the second link, and the central control computer.

27. A method of authenticating a user or a merchant in order to execute a transaction, the method comprising the steps of:
- creating a user identity and/or a merchant identity by assigning each a key;
  
  interfacing the key issued to the user or the merchant to an authentication subsystem;
  
  obtaining from the key information identifying the user or merchant;
  
  determining characteristics of the transaction;
  
  determining authentication requirements for the transaction by comparing the user or merchant identity and the characteristics of the transaction to respective user or merchant authentication requirements previously provided by the respective user or merchant housed in one or more databases accessible to the authentication subsystem;
  
  determining required verification data from the authentication requirements, wherein the required verification data further comprises a user or merchant voice segment and a user'"'"'s or merchant'"'"'s driver'"'"'s license;
  
  requesting the user or merchant to provide the authentication subsystem the required verification data;
  
  providing the authentication subsystem the required verification data;
  
  comparing the required verification data provided by the user or merchant to verification data housed in one or more databases accessible to the authentication subsystem which was provided by the user or merchant respectively during an enrollment process; and
  
  granting or denying authentication based upon a predetermined policy in response to results of comparing the required verification data housed in one or more databases accessible to the authentication subsystem which was provided by the user or merchant respectively during the enrollment process.
- View Dependent Claims (28, 29, 30)
- - 28. The method of authenticating the user or merchant of claim 27, wherein the user or merchant is authenticated for one or more third parties.
  - 29. The method of claim 28, wherein the user or merchant is authenticated for the one or more third parties without disclosing some or all of the user'"'"'s or merchant'"'"'s personal information to the one or more third parties.
  - 30. The method of authenticating the user or merchant of claim 27, wherein the required verification data further comprises a picture of the user'"'"'s face.

31. A key comprising:
- a portable card having a computer readable segment and a unique cardholder identity key thereon;
  
  said computer readable segment further comprising a read-only computer operating system segment capable of operating a computer; and
  
  wherein the key can be used to operate the computer; and
  
  wherein a user can conduct a transaction only via a central control computer'"'"'s successful interactive authentication of verification data housed in a central control computer accessible database and not housed in the portable card.
- View Dependent Claims (32, 33)
- - 32. The key of claim 31, wherein the portable card overrides an operating system installed on the computer.
  - 33. The key of claim 31, wherein the portable card operates a computer not having a functional operating system.

34. A distributed data processing system (DDPS), the DDPS comprising:
- a personal communication device comprising the ability to send data to and receive data from an external device;
  
  a central control computer having access to one or more databases housing a user'"'"'s data;
  
  a first link enabling a first two way communication between the central control computer and the personal communication device;
  
  a second link enabling a second two way communication between the central control computer and the external device;
  
  wherein the central control computer can police an exchange of data between the personal communication device and the external device; and
  
  wherein the user can create a custom policing protocol.
- View Dependent Claims (35, 36)
- - 35. The DDPS of claim 34 further comprising:
    - a location subsystem, wherein the central control computer tracks a lost or stolen personal communication device by accessing location data provided by a global positioning system housed in the lost or stolen personal communication device; and
      
      wherein upon communication between the lost or stolen personal communication device and the central control computer, the lost or stolen personal communication device sends its location data to the central control computer.
  - 36. The DDPS of claim 34, wherein the personal communication device further comprises a host capability for an internet website.

37. A key creation process, the process comprising the steps of:
- interfacing an access key and a user key to a chosen device;
  
  authenticating the access key;
  
  authenticating the user key;
  
  entering identity data into the chosen device;
  
  creating a new access profile and/or a new user profile from the identity data;
  
  creating personal unique login credentials from the new access profile and/or the new user profile;
  
  creating an alphanumeric identification code from the personal unique login credentials; and
  
  producing a new access key or a new user key comprising the alphanumeric identification code.
- View Dependent Claims (38, 39)
- - 38. The key creation process of claim 37, wherein each key further comprises a portable card with a computer readable segment.
  - 39. The key creation process of claim 38, wherein the computer readable segment further comprises a read-only computer operating system segment capable of operating a computer.

40. A process of authenticating a key when the key is first used in an on-line transaction, the process comprising the steps of:
- providing a card having the key, having a computer readable segment, and having an alphanumeric identification code;
  
  interfacing the key to a chosen device;
  
  logging onto a website associated with a central control computer;
  
  obtaining the alphanumeric identification code from the key;
  
  comparing the alphanumeric identification code from the key to a alphanumeric identification code housed in a database accessible to an authentication subsystem;
  
  determining authentication requirements for the key by comparing a key holder'"'"'s identity to requirements previously provided by the key holder housed in one or more databases accessible to the authentication subsystem;
  
  determining required verification data from the authentication requirements;
  
  requesting the key holder provide the authentication subsystem the required verification data;
  
  providing the authentication subsystem the required verification data;
  
  comparing the required verification data provided by the key holder to verification data housed in one or more databases accessible to the authentication subsystem which was provided by the key holder during an enrollment process;
  
  granting or denying authentication based upon a predetermined policy in response to results of comparing the required verification data to the verification data provided by the key holder during the enrollment process; and
  
  transferring software having the ability to create a hardware identification signature to the chosen device if the authentication subsystem grants authentication.

41. A process of authenticating a key when used in an on-line transaction subsequent to the key'"'"'s first on-line transaction, the process comprising the steps of:
- providing a card having the key, having a computer readable segment, and having an alphanumeric identification code;
  
  interfacing the key to a chosen device;
  
  logging onto a website associated with a central control computer;
  
  generating a hardware signature of the chosen device;
  
  obtaining the alphanumeric identification code from the key and the hardware signature from the chosen device;
  
  comparing the alphanumeric identification code from the key to a alphanumeric identification code housed in a database accessible to an authentication subsystem;
  
  determining authentication requirements for the key by comparing a key holder'"'"'s identity to requirements previously provided by the key holder housed in one or more databases accessible to the authentication subsystem;
  
  determining required verification data from the authentication requirements;
  
  requesting the key holder provide the authentication subsystem the required verification data;
  
  providing the authentication subsystem the required verification data;
  
  comparing the required verification data provided by the key holder to verification data housed in one or more databases accessible to the authentication subsystem which was provided by the key holder during an enrollment process;
  
  granting or denying authentication based upon a predetermined policy in response to results of comparing the required verification data to the verification data provided by the key holder during the enrollment process;
  
  comparing the hardware signature from the chosen device to a hardware signature of a device used for initial login of the key housed in a database accessible to the authentication subsystem; and
  
  permitting the key holder to modify a profile associated with the key holder if the hardware signature of the chosen device matches the hardware signature of the device used for initial login of the key.

42. A process of authenticating an on-line transaction between a user and a party, the process comprising the steps of:
- providing a card having a computer readable segment, wherein the computer readable segment comprises an unique identification code associated with the user;
  
  providing a current communication device identifiable by an electronic signature, wherein the current communication device is pre-registered via its electronic signature with a central control computer;
  
  providing a database accessible by the central control computer comprising one or more pre-registered electronic signatures, wherein each pre-registered electronic signature corresponds to a communication device pre-registered with the central control computer;
  
  connecting the user to the party via the current communication device and a communication link;
  
  interfacing the card to the current communication device;
  
  verifying that the electronic signature of the current communication device matches one of the pre-registered electronic signatures in the database accessible by the central control computer; and
  
  permitting the on-line transaction to proceed if the electronic signature of the current communication device matches one of the pre-registered electronic signatures.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 52, 53)
- - 43. The process of claim 42, wherein the user connects to the party via a web site associated with the party.
  - 44. The process of claim 42, wherein the on-line transaction further comprises a financial transaction.
  - 45. The process of claim 44 further comprising requiring the user to activate the card by registering the card with the central control computer via a communication device and the communication link prior to using the card in a transaction.
  - 46. The process of claim 45 further comprising designating the communication device used to register the card with the central control computer as an administrative communication device.
  - 47. The process of claim 46 further comprising transferring a software application from the central control computer to the administrative communication device via the communication link while the user registers the card with the central control computer.
  - 48. The process of claim 47 further comprising generating an electronic signature of the administrative communication device via the software application while the user registers the card with the central control computer.
  - 49. The process of claim 48 further comprising transferring the electronic signature of the administrative communication device to the database accessible by the central control computer via the communication link while the user registers the card with the central control computer.
  - 50. The process of claim 49, wherein the electronic signature further comprises a drive identification code and a network interface identification code.
  - 52. The process of claim 42 further comprising the steps of:
    - providing the current communication device verification data;
      
      verifying that the verification data matches pre-determined verification data;
      
      permitting the on-line transaction to proceed if the verification data matches the pre-determined verification data; and
      
      preventing the on-line transaction from proceeding if the verification data does not match the pre-determined verification data.
  - 53. The process of claim 52, wherein the verification data further comprises a password.

51. The process of 46 further comprising permitting the user to register an additional communication device with the central control computer solely via the administrative communication device.

54. A process of authenticating an on-line transaction between a user and a party, the process comprising the steps of:
- providing a card having a computer readable segment, wherein the computer readable segment comprises an unique identification code associated with the user;
  
  providing a current communication device identifiable by an electronic signature, wherein the current communication device is not pre-registered via its electronic signature with a central control computer;
  
  providing a database accessible by the central control computer comprising one or more pre-registered electronic signatures, wherein each pre-registered electronic signature corresponds to a communication device pre-registered with the central control computer;
  
  connecting the user to the party via the current communication device and a communication link;
  
  interfacing the card to the current communication device;
  
  verifying that the electronic signature of the current communication device matches one of the pre-registered electronic signatures in the database accessible by the central control computer; and
  
  prohibiting the on-line transaction from proceeding because the electronic signature of the current communication device does not match one of the pre-registered electronic signatures.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authenticol Systems LLC
Original Assignee
Authenticol Systems LLC
Inventors
Lyon, Dennis Bower

Application Number

US11/158,731
Publication Number

US 20060212407A1
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

User authentication and secure transaction system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

480 Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication and secure transaction system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

480 Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links