Identity verification systems and methods
First Claim
1. A system for accessing confidential data of a user via a network, the system comprising:
- a server hosting an application providing selective access by the user to confidential data related to the user;
a client interface capable of interfacing with the server via the application;
at least one database having the confidential data stored therein, the database in communication with the server;
a processor configured to execute the application, wherein the application includes a multi-layer authentication function that causes the server to;
request and receive initial authentication data from the user, the initial authentication data comprising wallet data associated with the user,using the initial authentication data, search for confidential data associated with the user in the at least one database, and if confidential data associated with the user is found,transmit to the client interface and present to the user a plurality of randomly ordered and selectable options, wherein one of the selectable options corresponds to a correct option comprising an incomplete portion of the confidential data associated with the user, and wherein the other selectable options correspond to false options provided in a format similar to the correct option,receive a selection from the user of a selected one of the options, and if the selected one of the options is the correct option,request and receive entry of additional data by the user to complete the incomplete portion of the confidential data associated with the user, and if the additional data correctly completes the confidential data of the user,grant access to the user of the user'"'"'s confidential data.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for authenticating the identity of a user prior to giving access to confidential data at a user interface via a network are described. In an exemplary implementation in an Internet environment, a server hosts an application providing selective access by the user to confidential data related to the user. The user provides initial data to the application as part of a request to access the confidential data. At least one database having the confidential data stored therein is accessed by the server to retrieve confidential data relating to the user located in the database based on the initial data received from the client interface. An authentication function causes the server to transmit to the client interface and present to the user an incomplete portion of the confidential data relating to the user, which is not identical to the initial data, along with at least one other portion of data having a substantially identical format to the incomplete portion of the confidential data. The authentication function requests the user to provide additional data to complete the incomplete portion of the confidential data. The user is granted access to the confidential data subsequent to determination by the application that the user correctly completed the incomplete portion of the confidential data.
-
Citations
23 Claims
-
1. A system for accessing confidential data of a user via a network, the system comprising:
-
a server hosting an application providing selective access by the user to confidential data related to the user; a client interface capable of interfacing with the server via the application; at least one database having the confidential data stored therein, the database in communication with the server; a processor configured to execute the application, wherein the application includes a multi-layer authentication function that causes the server to; request and receive initial authentication data from the user, the initial authentication data comprising wallet data associated with the user, using the initial authentication data, search for confidential data associated with the user in the at least one database, and if confidential data associated with the user is found, transmit to the client interface and present to the user a plurality of randomly ordered and selectable options, wherein one of the selectable options corresponds to a correct option comprising an incomplete portion of the confidential data associated with the user, and wherein the other selectable options correspond to false options provided in a format similar to the correct option, receive a selection from the user of a selected one of the options, and if the selected one of the options is the correct option, request and receive entry of additional data by the user to complete the incomplete portion of the confidential data associated with the user, and if the additional data correctly completes the confidential data of the user, grant access to the user of the user'"'"'s confidential data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for authenticating an identity of a user seeking access to data related to the user via a client device in communication with a server, the method comprising the steps of:
-
requesting by the server and receiving from the client device initial authentication data entered by the user, the initial authentication data comprising wallet information associated with the user; using the initial authentication data, searching for confidential data associated with the user in a database associated with the server, and if confidential data is found, sending to the client device a plurality of randomly ordered and selectable options, wherein one of the selectable options corresponds to a correct option comprising an incomplete portion of the confidential data associated with the user, and wherein the other selectable options correspond to false options provided in a format similar to the correct option; receiving a selection from the user of a selected one of the options, and if the selected one of the options is the correct option; requesting by the server and receiving from the client device additional data entered by the user in an attempt to complete the incomplete;
portion of the confidential data associated with the user;determining by the server whether the additional data entered by the user correctly completes the incomplete portion of the confidential data and granting the user access to the data related to the user if the server determines that the additional data entered by the user correctly completes the incomplete portion of the confidential data. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium having computer-executable instructions for performing steps of a server process for authenticating an identity of a user seeking access to confidential data related to the user over a network via a client interface, the steps comprising:
-
requesting and receiving from the client interface initial authentication data entered by the user, the initial authentication data comprising wallet information associated with the user; using the authentication data, searching for confidential data associated with the user in a database associated with the server, and if confidential data associated with the user is found, sending to the client device a plurality of randomly ordered and selectable options, wherein one of the selectable options corresponds to a correct option comprising an incomplete portion of the confidential data associated with the user, and wherein the other selectable options correspond to false options provided in a format similar to the correct option; receiving a selection from the user of a selected one of the options, and if the selected one of the options is the correct option; requesting and receiving from the client interface additional data entered by the user in an attempt to complete the incomplete portion of the confidential data associated with the user; determining whether the additional data entered by the user correctly completes the incomplete portion of the confidential data; and granting the user access to the confidential data associated with the user if the additional data entered by the user correctly completes the incomplete portion of the confidential data. - View Dependent Claims (18, 19)
-
-
20. A non-transitory computer readable medium having software code for execution on a computer processor, for authenticating an identity of a user seeking access to confidential data related to the user over a network via a client interface, comprising:
-
a first code segment for requesting and receiving from the client interface initial authentication data entered by the user, the initial authentication data comprising wallet information associated with the user; a second code segment for initiating a search, using the initial authentication data, for confidential data associated with the user in at least one database, a third code segment for sending to the client interface a plurality of randomly ordered and selectable options, wherein one of the selectable options corresponds to a correct option comprising an incomplete portion of the confidential data associated with the user, and wherein the other selectable options correspond to false options provided in a format similar to the correct option; a fourth code segment for requesting and receiving from the client interface a selection from the user of a selected one of the options; a fifth code segment for determining whether the selected one of the options is the correct option; a sixth code segment for requesting by the server and receiving from the client interface additional data entered by the user to complete the incomplete portion of the confidential data associated with the user; a seventh code segment for determining whether the additional data entered by the user correctly completes the incomplete portion of the confidential data; and an eighth code segment for granting the user access to the confidential data related to the user if the additional data entered by the user correctly completes the incomplete portion of the confidential data.
-
-
21. A system for accessing confidential data of a user via a network, the system comprising:
-
a server having a processor and hosting an application providing selective access by the user to confidential data related to the user, the server capable of communication with at least one database having the confidential data stored therein and a client interface via the application;
the processor configured to execute the application, wherein the application includes a multi-layer authentication function that causes the server to;request and receive initial authentication data from the user, the initial authentication data comprising wallet data associated with the user, using the initial authentication data, initiate a search for confidential data associated with the user in the at least one database, and if confidential data associated with the user is found, transmit to the client interface and present to the user a plurality of randomly ordered and selectable options, wherein one of the selectable options corresponds to a correct option comprising an incomplete telephone number associated with the confidential data of the user, and wherein the other selectable options correspond to false options comprising a plurality of randomly generated incomplete telephone numbers provided in a format similar to the transmitted portion of the telephone number associated with the confidential data of the user, receive a selection from the user of a selected one of the options, and if the selected one of the options is the correct option, request and receive entry of additional data by the user to complete the telephone number, and if the additional data correctly completes the telephone number associated with the confidential data of the user, generate and transmit a PIN to the client interface; and an automated telephone calling system in communication with the server for automatically placing a telephone call to a telephone number selected by the user when the processor determines that the additional data correctly completes the telephone number associated with the confidential data of the user, wherein the automated telephone calling system is configured to request and receive entry of the PIN by the user via a client device associated with the telephone call to the user to complete authentication of an identity of the user.
-
-
22. A method for authenticating an identity of a user seeking access to data related to the user via a client device in communication with a server, the method comprising the steps of:
-
requesting by the server and receiving from the client device initial authentication data entered by the user, the initial authentication data comprising wallet information associated with the user; using the initial authentication data, initiating a search for confidential data associated with the user in at least one database associated with the server, and if confidential data associated with the user is found, transmitting to the client device a plurality of randomly ordered and selectable options, wherein one of the selectable options corresponds to a correct option comprising an incomplete telephone number associated with the confidential data of the user, and wherein the other selectable options correspond to false options comprising a plurality of randomly generated incomplete telephone numbers provided in a format similar to the transmitted portion of the telephone number associated with the confidential data of the user; receiving a selection from the user of a selected one of the options, and if the selected one of the options is the correct option, requesting by the server and receiving from the client device additional data entered by the user to complete the incomplete portion of the confidential data associated with the user; determining by the server whether the additional data entered by the user correctly completes the incomplete portion of the confidential data; automatically placing a telephone call via a processor associated with an automatic telephone calling system to a telephone number selected by the user when the server determines that the additional data correctly completes the telephone number associated with the confidential data of the user; generating and transmitting a PIN to the user via either the server or the automatic telephone calling system; receiving entry of the PIN by the user through the other of either the server or the automatic telephone calling system; determining whether the received PIN matches the PIN transmitted to the user; and
if identical,granting the user access to the data related to the user.
-
-
23. A non-transitory computer readable medium having software code for execution on a computer processor, for authenticating an identity of a user seeking access to confidential data related to the user over a network via a client interface, comprising:
-
a first code segment for requesting by the server and receiving from the client device initial authentication data entered by the user, the initial authentication data comprising wallet information associated with the user; a second code segment for initiating a search, using the initial authentication data, for confidential data associated with the user in the at least one database; a third code segment for transmitting to the client device a plurality of randomly ordered and selectable options, wherein one of the selectable options corresponds to a correct option comprising an incomplete telephone number associated with the confidential data of the user, and wherein the other selectable options correspond to false options comprising a plurality of incomplete telephone numbers provided in a format similar to the transmitted portion of the telephone number associated with the confidential data of the user; a fourth code segment for receiving a selection from the user of a selected one of the options; a fifth code segment for determining if the selected one of the options is the correct option; a sixth code segment for requesting by the server and receiving from the client device additional data entered by the user to complete the incomplete portion of the confidential data associated with the user; a seventh code segment for determining by the server whether the additional data entered by the user correctly completes the incomplete portion of the confidential data; a eighth code segment for automatically placing a telephone call via a processor associated with an automatic telephone calling system to a telephone number selected by the user; a ninth code segment for generating and transmitting a PIN to the user via the server or via the automatic calling system; a tenth code segment for receiving entry of the PIN by the user in either the client device or a device associated with the telephone call; a eleventh code segment for determining whether the received PIN matches the PIN transmitted to the user; and
if identical,a twelfth code segment for granting the user access to the confidential data of the user.
-
Specification