System and method for authentication of network users and issuing a digital certificate

US 6,321,339 B1
Filed: 05/20/1999
Issued: 11/20/2001
Est. Priority Date: 05/21/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of authenticating a user on a network using credit related information, the method comprising:

a) performing a first authentication step based on a first type of information by i) receiving the first type of information from the user, wherein the first type of information is identification information, and ii) processing the identification information;

b) performing at least a second authentication step based on a second type of information other than the first type of user identification information by i) retrieving the second type of information from a credit reporting company'"'"'s credit database, wherein the second type of information is user credit related information compiled from a plurality of sources, and ii) querying the user regarding the credit related information; and

c) if steps (a) and (b) authenticate the user, issuing a digital certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network authentication system generates digital certificates to users, which provide verification of the identity or other attributes of the users to conduct a transaction, access data or avail themselves of other resources. The user is presented with a hierarchy of queries based on wallet-type (basic identification) and non-wallet type (more private) information designed to ensure the identity of the user and prevent fraud, false negatives and other undesirable results. A preprocessing stage may be employed to ensure correct formatting of the input information and clean up routine mistakes (such as missing digits, typos, etc.) that might otherwise halt the transaction. The authenticator can be configured to require differing levels of input or award differing levels of privilege to the ultimate certificate.

528 Citations

54 Claims

1. A method of authenticating a user on a network using credit related information, the method comprising:
- a) performing a first authentication step based on a first type of information by i) receiving the first type of information from the user, wherein the first type of information is identification information, and ii) processing the identification information;
  
  b) performing at least a second authentication step based on a second type of information other than the first type of user identification information by i) retrieving the second type of information from a credit reporting company'"'"'s credit database, wherein the second type of information is user credit related information compiled from a plurality of sources, and ii) querying the user regarding the credit related information; and
  
  c) if steps (a) and (b) authenticate the user, issuing a digital certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The method of claim 1, wherein step (a) further comprises:
3. The method of claim 2, wherein the data source comprises a credit file of the user.
4. The method of claim 1, wherein the step (c) of issuing further comprises encoding the digital certificate with password information.
5. The method of claim 2, further comprising:
- d) determining, based at least in part on the level of correspondence determined in step (a)(iv), to;
  
  i) request additional information from the user;
  
  or ii) take other action.
6. The method of claim 5, wherein the step (d) of determining is further based on a level of certainty of authentication desired.
7. The method of claim 2, wherein the data source is used to identify the availability of the second type of information for the user.
8. The method of claim 2, wherein step (b) further comprises:
- iii) determining an availability of the credit related information for the user;
  
  iv) formulating at least one query based on the available credit related information for the user;
  
  v) presenting the at least one query to the user for response; and
  
  vi) evaluating the response.
9. The method of claim 8, wherein the identity of the user is authenticated based on the level of correspondence determined in step (a)(iv) and the evaluation made in step (b)(vi).
10. The method of claim 1, wherein at least one of step (a) and step (b) comprises generating an interactive query.
11. The method of claim 10, wherein the interactive query comprises at least one question having multiple choice answers.
12. The method of claim 1, further comprising (e) preprocessing the first type of information supplied by the user, wherein the first type of information has a plurality of fields.
13. The method of claim 12, wherein the step (e) of preprocessing comprises at least one of:
- i) standardizing at least one field of information;
  
  ii) formatting at least one field of information;
  
  iii) checking internal consistency between at least two fields of information; and
  
  iv) checking the validity of at least one field of information.
14. The method of claim 13, wherein based on the step (e) of preprocessing, the method further determines that:
- i) the user can not be authenticated;
  
  ii) the user can be authenticated;
  
  iii) the second authentication step should be performed;
  
  or iv) manual intervention is required before making an authentication determination.
15. The method of claim 1, wherein the first type of information comprises wallet-type information and the second type of information comprises non-wallet type information.
16. The method of claim 1, wherein the second type of information comprises information pertaining to credit accounts to which the user is a party.
17. The method of claim 16, wherein the second type of information comprises mortgage loan information, and the user is requested to identify at least one of:
- a) mortgage lender information; and
  
  b) mortgage loan amount information.
18. The method of claim 1, further comprising (f) receiving biometric input from the user.
19. The method of claim 1, wherein the network comprises the Internet.
20. The method of claim 1, further comprising (g) logging a transaction record for at least one of the authentication steps.
21. The method of claim 2, further comprising (h) executing a pattern recognition process to detect potential irregularities in the information supplied by the user.
22. The method of claim 1, wherein the digital certificate comprises levels corresponding to results of the authentication.
23. The method of claim 1, wherein the digital certificate comprises user identification information, issuer identification information and expiration information.
24. The method of claim 1, further comprising (k) generating an interactive query requesting digital certificate information.
25. The method of claim 1, further comprising (l) storing the digital certificate.
26. The method of claim 1, further comprising (m) performing an offline authentication based upon at least one of the first type of information and the second type of information.
27. The method of claim 26, wherein the step (m) of performing an offline authentication comprises applying a mailability filter to at least one of the first type of information and the second type of information.

28. A system for authenticating a user on a network, comprising:
- an input interface for receiving a first type of information from the user, the first type of information being identification information;
  
  a credit database from a credit reporting agency; and
  
  a processor connected to the input interface and configured to;
  
  perform a first authentication step based on the identification information by processing the identification information;
  
  perform at least a second authentication step based on a second type of information other than the first type of information by retrieving the second type of information from the credit database, wherein the second type of information is the user credit related information compiled from a plurality of sources; and
  
  determine whether to issue a digital certificate based on the first authentication step and second authentication step.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 29. The system of claim 28, wherein the first authentication step performed by the processor further comprises:
30. The system of claim 29, wherein the data source comprises a credit file of the user.
31. The system of claim 29, wherein the processor determines, based at least in part on the level of correspondence, whether to:
- request additional information from the user;
  
  or take other action.
32. The system of claim 31, wherein the determining is further based on a level of certainty of authentication desired.
33. The system of claim 29, wherein the data source is used to identify the availability of the second type of information for the user.
34. The system of claim 28, wherein the second authentication step performed by the processor comprises:
- determining an availability of the credit related information for the user;
  
  formulating at least one query based on the available credit related information for the user;
  
  presenting the at least one query to the user for a response; and
  
  evaluating the response.
35. The system of claim 29, wherein the identity of the user is authenticated based on the level of correspondence.
36. The system of claim 28, wherein the processor generates an interactive query.
37. The system of claim 36, wherein the interactive query comprises at least one question having multiple choice answers.
38. The system of claim 28, wherein the processor preprocesses the first type of information supplied by the user, wherein the first type of information has a plurality of fields.
39. The system of claim 38, wherein the preprocessing comprises at least one of:
- standardizing at least one field of information;
  
  formatting at least one field of information;
  
  checking internal consistency between at least two fields of information; and
  
  checking the validity of at least one field of information.
40. The system of claim 39, wherein based on the preprocessing, the processor determines that:
- the user can not be authenticated;
  
  the user can be authenticated;
  
  the second authentication step should be performed;
  
  or manual intervention is required before making an authentication determination.
41. The system of claim 28, wherein the first type of information comprises wallet-type information and the second type of information comprises non-wallet type information.
42. The system of claim 36, wherein the second type of information comprises information pertaining to credit accounts to which the user is a party.
43. The system of claim 42, wherein the second type of information comprises mortgage loan information, and the interactive query comprises a request for the user to identify at least one ofmortgage lender information;
- and mortgage loan amount information.
44. The system of claim 28, wherein the processor receives biometric input from the user.
45. The system of claim 28, wherein the network comprises the Internet.
46. The system of claim 28, wherein the processor logs a transaction record for at least one of the authentication steps.
47. The system of claim 29, wherein the processor executes a pattern recognition process to detect potential irregularities in the information supplied by the user.
48. The system of claim 28, wherein the digital certificate comprises levels corresponding to results of the authentication.
49. The system of claim 28, wherein the digital certificate comprises user identification information, issuer identification and expiration information.
50. The system of claim 28, wherein the processor generates an interactive query requesting digital certificate information.
51. The system of claim 50 wherein the processor encodes the digital certificate with password information.
52. The system of claim 28, wherein the processor stores the digital certificate.
53. The system of claim 28, wherein the processor performs an offline authentication based on at least one of the first type of information and the second type of information.
54. The system of claim 53, wherein the offline authentication comprises applying a mailability filter to the at least one of the first type of information and the second type of information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Equifax, Inc.
Original Assignee
Equifax, Inc.
Inventors
Wilder, Jone, French, Jennifer
Primary Examiner(s)
Trammell, James P.
Assistant Examiner(s)
ELISCA, PIERRE E

Application Number

US09/315,129
Time in Patent Office

915 Days
Field of Search

713/200, 713/201, 713/155, 713/156, 713/175, 713/176, 713/177, 713/180, 705/69, 705/68, 705/75, 705/76, 705/80, 705/186, 705/184
US Class Current

726/2
CPC Class Codes

G06F 21/33 using certificates

G06F 2221/2113 Multi-level security, e.g. ...

System and method for authentication of network users and issuing a digital certificate

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

528 Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authentication of network users and issuing a digital certificate

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

528 Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links