System and method for authentication of network users

US 6,857,073 B2
Filed: 10/16/2002
Issued: 02/15/2005
Est. Priority Date: 05/21/1998
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A method of granting or denying an authentication mechanism online and in real time by a host system, comprising:

(a) first querying a user, who is operating a user system, about a first type of information;

(b) determining the extent to which the user correctly answers the first query;

(c) if the user sufficiently correctly answers the first query, second querying the user utilizing credit related information about the user wherein credit related information;

(i) is stored on a credit reporting system other than the user system or the host system; and

(ii) originates from a plurality of the user'"'"'s creditors who report to the credit reporting system credit related information about the user;

(d) in real time, determining the extent to which the user correctly answers the second query; and

(e) in real time and on-line, determining whether to grant or deny the user an authentication mechanism based at least part on the extent to which the user correctly answers the second query.

View all claims

0 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A network authentication system provides verification of the identity or other attributes of a network user to conduct a transaction, access data or avail themselves of other resources. The user is presented with a hierarchy of queries based on wallet-type (basic identification) and non-wallet type (more private) information designed to ensure the identity of the user and prevent fraud, false negatives and other undesirable results. A preprocessing stage may be employed to ensure correct formatting of the input information and clean up routine mistakes (such as missing digits, typos, etc.) that might otherwise halt the transaction. Queries can be presented in interactive, batch processed or other format. The authenticator can be configured to require differing levels of input or award differing levels of authentication according to security criteria.

445 Citations

24 Claims

1. A method of granting or denying an authentication mechanism online and in real time by a host system, comprising:
- (a) first querying a user, who is operating a user system, about a first type of information;
  
  (b) determining the extent to which the user correctly answers the first query;
  
  (c) if the user sufficiently correctly answers the first query, second querying the user utilizing credit related information about the user wherein credit related information;
  
  (i) is stored on a credit reporting system other than the user system or the host system; and
  
  (ii) originates from a plurality of the user'"'"'s creditors who report to the credit reporting system credit related information about the user;
  
  (d) in real time, determining the extent to which the user correctly answers the second query; and
  
  (e) in real time and on-line, determining whether to grant or deny the user an authentication mechanism based at least part on the extent to which the user correctly answers the second query.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the authentication mechanism is a digital certificate.
  - 3. The method of claim 1, wherein the authentication mechanism includes at least some of the following:
    - user identification, digital certificate serial number, an expiration period, information related to an issuer of the authentication mechanism, and fingerprint data for the authentication mechanism.
  - 4. The method of claim 1, wherein the authentication mechanism can be stored by the user system for subsequent release to other authentication devices in other transactions.
  - 5. The method of claim 1, wherein the authentication mechanism can be a data file for release by the user to other authentication devices for other transactions.
  - 6. The method of claim 1, wherein the authentication mechanism can be updated using at least some of elements (a)-(e).

7. A method for generating an authentication mechanism by a host system for a user operating a user system in real time, comprising:
- (a) querying the user about a first type of information;
  
  (b) determining a correspondence between the user'"'"'s response and the query about the first type of information;
  
  (c) if a sufficient correspondence exists between the user'"'"'s response and the query about the first type of information, querying the user about credit related information, wherein the credit related information;
  
  (i) is accessed by a credit reporting system separate from the user system and the host system; and
  
  (ii) originates from a plurality of user'"'"'s creditors reporting credit related information about the user to the credit reporting system;
  
  (d) determining a correspondence between the user'"'"'s response and the query for credit related information; and
  
  (e) if a sufficient correspondence exists between the user'"'"'s response and the query about the credit-related information, generating an authentication mechanism for the user.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the authentication mechanism is a digital certificate.
  - 9. The method of claim 7, wherein the authentication mechanism includes at least some of the following:
    - user identification, digital certificate serial number, an expiration period, information related to an issuer of the authentication mechanism, and fingerprint data for the authentication mechanism.
  - 10. The method of claim 7, wherein the authentication mechanism can be stored by the user system for subsequent release to other authentication devices in other transactions.
  - 11. The method of claim 7, wherein the authentication mechanism can be a data file for release by the user to other authentication devices for other transactions.
  - 12. The method of claim 7, wherein the authentication mechanism can be updated using at least some of elements (a)-(e).

13. A method of issuing an authentication mechanism from a host system by granting or denying the authentication mechanism to the user operating a user system in real time, wherein the host system communicates with a credit reporting system maintaining credit related information from a plurality of the user'"'"'s creditors, the method comprising:
- (a) querying the user about a first type of information;
  
  (b) determining a correspondence between the user'"'"'s response and the query about the first type of information;
  
  (c) if the user sufficiently responds to the first query about the first type of information, second querying the user about the user'"'"'s credit related information from the credit reporting system;
  
  (d) determining if the user sufficiently responds to the query for credit related information; and
  
  (e) determining whether to grant or deny the user an authentication mechanism based at least in part on the sufficiency of the user'"'"'s response to the second query.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, wherein the authentication mechanism is a digital certificate.
  - 15. The method of claim 13, wherein the authentication mechanism includes at least some of the following:
    - user identification, digital certificate serial number, an expiration period, information related to an issuer of the authentication mechanism, and fingerprint data for the authentication mechanism.
  - 16. The method of claim 13, wherein the authentication mechanism can be stored by the user system for subsequent release to other authentication devices in other transactions.
  - 17. The method of claim 13, wherein the authentication mechanism can be a data file for release by the user to other authentication devices for other transactions.
  - 18. The method of claim 13, wherein the authentication mechanism can be updated using at least some of elements (a)-(e).

19. An authentication system for generating an authentication mechanism for a user in real-time, wherein the user communicates via a remote user system, the authentication system comprising:
- a host system for communicating with the user system, the host system adapted to;
  
  query the user about a first type of information;
  
  determine a correspondence between the user'"'"'s response and the query about the first type of information;
  
  if the user sufficiently responds to the first query about the first type of information, second query the user about credit related information; and
  
  access credit related information in a credit reporting system;
  
  the credit reporting system adapted to;
  
  communicate credit related information from a plurality of a user'"'"'s creditors to the host system; and
  
  the host system further adapted to;
  
  determine if the user sufficiently responds to the second query based upon a comparison of a user'"'"'s response to the second query to the credit related information of the user; and
  
  determine whether to grant or deny the user an authentication mechanism based at least in part on the sufficiency of the user'"'"'s response to the second query.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The method of claim 19, wherein the authentication mechanism is a digital certificate.
  - 21. The method of claim 19, wherein the authentication mechanism includes at least some of the following:
    - user identification, digital certificate serial number, an expiration period, information related to an issuer of the authentication mechanism, and fingerprint data for the authentication mechanism.
  - 22. The method of claim 19, wherein the authentication mechanism can be stored by the user system for subsequent release to other authentication devices in other transactions.
  - 23. The method of claim 19, wherein the authentication mechanism can be a data file for release by the user to other authentication devices for other transactions.
  - 24. The method of claim 19, wherein the authentication mechanism can be updated.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Equifax, Inc.
Original Assignee
Equifax, Inc.
Inventors
Wilder, Jone, French, Jennifer
Primary Examiner(s)
HUA, LY

Application Number

US10/272,321
Publication Number

US 20030033526A1
Time in Patent Office

853 Days
Field of Search

713/168, 713/200, 713/201, 713/155, 713/156, 713/175, 713/176, 713/180, 713/202, 705/69, 705/68, 705/35, 705/76, 705/80, 705/186
US Class Current

713/168
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/40   by quorum, i.e. whereby two...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4014   Identity check for transact...

G06Q 20/4097   using mutual authentication...

G06Q 30/0609   Buyer or seller confidence ...

G07F 7/1008   Active credit-cards provide...

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

System and method for authentication of network users

First Claim

0 Assignments

Litigations

0 Petitions

Accused Products

Abstract

445 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authentication of network users

First Claim

0 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

445 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links