Identity theft mitigation

US 20070179903A1
Filed: 01/30/2006
Published: 08/02/2007
Est. Priority Date: 01/30/2006
Status: Abandoned Application

First Claim

Patent Images

1. An authentication method comprising:

providing a declaration of adoption of public-key authentication for account creation;

providing a public key of a public key-private key cryptographic key pair;

requesting to establish an account based on said public-key authentication, wherein at least a portion of said request is signed with a private of said key pair;

receiving notification that said account is one of authorized and not authorized; and

providing a disclaimer of liability resulting from a transaction conducted based on fact based authentication.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Public-key authentication, based on public key cryptographic techniques, is utilized to authenticate a person opening an account. The person provides a declaration to use only public-key authentication and a copy of his/her public key to an authorized agent, such as a credit bureau. The person provides a signed request to open an account with a merchant based on public-key authentication. This merchant requests a credit report from the credit bureau, providing the credit bureau the applicant'"'"'s public key. The credit bureau uses the public key to locate a credit report. Barring theft of the user'"'"'s private key, the credit report will be that of the requesting user with a high probability. The credit bureau can then provide the requested information to the merchant, and the merchant can provide notification to the person that the account is authorized or not, based on what the merchant reads in the credit report.

Citations

20 Claims

1. An authentication method comprising:
- providing a declaration of adoption of public-key authentication for account creation;
  
  providing a public key of a public key-private key cryptographic key pair;
  
  requesting to establish an account based on said public-key authentication, wherein at least a portion of said request is signed with a private of said key pair;
  
  receiving notification that said account is one of authorized and not authorized; and
  
  providing a disclaimer of liability resulting from a transaction conducted based on fact based authentication.
- View Dependent Claims (3, 4, 6)
- - 3. A method in accordance with claim 1 wherein said act of requesting comprises providing said public key signed utilizing said private key.
  - 4. A method in accordance with claim 1, wherein:
    - said declaration and said public key are provided to a first entity; and
      
      said act of requesting is performed to establish an account with a second entity.
  - 6. A method in accordance with claim 1, further comprising in person authentication of a requester requesting to establish said account.

2. (canceled)

5. A method in accordance with claim 5, wherein:
- said first entity comprises a credit bureau; and
  
  said second entity comprises a merchant.

7. An authentication method comprising:
- receiving a declaration of adoption of public-key authentication;
  
  receiving a public key of a public key-private key cryptographic key pair;
  
  receiving a request to establish an account based on said public-key authentication, wherein at least a portion of said request is signed utilizing a private key of said key pair, determining an authenticity of said request;
  
  providing a notification that said account is one of authorized and not authorized; and
  
  receiving a disclaimer of liability resulting from a transaction conducted based on fact based authentication.
- View Dependent Claims (8, 10, 11, 12, 13)
- - 8. A method in accordance with claim 7, further comprising:
    - receiving a request to establish an alternate account based on personally identifiable information;
      
      receiving an exception request authenticated by said key-pair, said exception request comprising permission to establish said alternate account, wherein permission to establish said alternate account is limited to a predetermined amount of time;
      
      verifying an authenticity of said request to establish said alternate account utilizing said key pair and said authenticated exception request; and
      
      providing a notification that said alternate account is one of authorized and not authorized.
  - 10. A method in accordance with claim 7 wherein said request to establish an account comprises providing said public key signed utilizing said private key.
  - 11. A method in accordance with claim 7, wherein:
    - said declaration and said public key are received by a first entity; and
      
      said request to establish said account is with a second entity.
  - 12. A method in accordance with claim 11, wherein:
    - said first entity comprises a credit bureau; and
      
      said second entity comprises a merchant.
  - 13. A method in accordance with claim 7, further comprising in person authentication of a requester requesting to establish said account.

9. (canceled)

14. A authentication system comprising a processing portion for:
- generating a public key-private key cryptographic key pair comprising a public key and a private key;
  
  a memory portion for storing said public key and said private key; and
  
  an input/output portion for;
  
  providing a declaration of adoption of public-key authentication for account creation;
  
  providing said public key of said public key-private key pair;
  
  providing a request to establish, utilizing said private key of said key pair, an account based on said public-key authentication;
  
  receiving notification that said account is one of authorized and not authorized; and
  
  providing a disclaimer of liability resulting from a transaction conducted based on fact based authentication.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A system in accordance with claim 14, wherein:
    - said processor portion signs, utilizing said private key, said public key; and
      
      said request to establish an account based on said public-key authentication comprises a signed request including said public key.
  - 17. A system in accordance with claim 14, wherein:
    - said input/output portion provides said declaration and said public key to a first entity; and
      
      said input/output portion provides request to establish an account based on said public-key authentication to a second entity.
  - 18. A system in accordance with claim 17, wherein said first entity comprises a credit bureau.
  - 19. A system in accordance with claim 17, wherein said second entity comprises a merchant.
  - 20. A system in accordance with claim 14, wherein said memory portion comprises at least one of hard disk memory, flash memory, portable memory, a universal serial bus (USB) compatible memory, and smart card memory.

15. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Seinfeld, Marc, Ellison, Carl

Application Number

US11/342,447
Publication Number

US 20070179903A1
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/3674   involving authentication

G06Q 20/3823   combining multiple encrypti...

G06Q 20/4016   involving fraud or risk lev...

H04L 2209/80   Wireless

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Identity theft mitigation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identity theft mitigation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links