Direct authentication system and method via trusted authenticators
DCFirst Claim
1. A method for enhancing network security by authenticating a user during an electronic transaction between the user and a computer system, the method comprising:
- receiving, at a computer of a trusted authentication system, during said electronic transaction between the user and the computer system, an electronic request for a dynamic code for the user;
generating, during said electronic transaction, by a dynamic code generator of the trusted authentication system, a dynamic code for the user in response to the request, wherein the dynamic code is valid for a predetermined time, and becomes invalid after being used;
providing by the computer of the trusted authentication system said generated valid dynamic code to the user during said electronic transaction;
receiving electronically by the trusted authentication system a request for authenticating the user from the computer system based on a digital identity including user specific information and the dynamic code, wherein the user is remote from the computer system as well as from the trusted authentication system during the transaction;
the trusted authentication system authenticating the user during the transaction based on the digital identity including the user specific information and the dynamic code, wherein the dynamic code is used for authenticating the user for a first time within the predetermined time after a generation of the dynamic code; and
the trusted authentication system providing a result of the authenticating to the computer system during said electronic transaction,wherein the authenticating is based on the user specific information, the received dynamic code, and a current time, andwherein the electronic request for the dynamic code is digitally triggered during the transaction and the triggered request is received by the trusted authentication system during the transaction.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Fraud and identity theft are enabled by two faulty assumptions about the way that the identity of a person is verified in our society. The first is that someone who demonstrates knowledge of certain items of personal or financial information about a particular person is presumed to be that person. The second assumption, which gives rise to the first assumption, is that these items of information can be kept confidential. Because fraudsters and identity thieves often seek to use their victim'"'"'s personal and financial information, this invention proposes a direct authentication system and method that does not depend on these assumptions. The proposed method enables businesses to determine whether the customer is truly the person who he says he is by adopting a new “two-factor” authentication technique and authenticating customer'"'"'s identity utilizing customer'"'"'s trusted authenticator. A customer'"'"'s trusted authenticator can be found within the financial services community; in particular, a bank or other financial institution with whom the customer has a trusted relationship, such as a bank account.
-
Citations
26 Claims
-
1. A method for enhancing network security by authenticating a user during an electronic transaction between the user and a computer system, the method comprising:
-
receiving, at a computer of a trusted authentication system, during said electronic transaction between the user and the computer system, an electronic request for a dynamic code for the user; generating, during said electronic transaction, by a dynamic code generator of the trusted authentication system, a dynamic code for the user in response to the request, wherein the dynamic code is valid for a predetermined time, and becomes invalid after being used; providing by the computer of the trusted authentication system said generated valid dynamic code to the user during said electronic transaction; receiving electronically by the trusted authentication system a request for authenticating the user from the computer system based on a digital identity including user specific information and the dynamic code, wherein the user is remote from the computer system as well as from the trusted authentication system during the transaction; the trusted authentication system authenticating the user during the transaction based on the digital identity including the user specific information and the dynamic code, wherein the dynamic code is used for authenticating the user for a first time within the predetermined time after a generation of the dynamic code; and the trusted authentication system providing a result of the authenticating to the computer system during said electronic transaction, wherein the authenticating is based on the user specific information, the received dynamic code, and a current time, and wherein the electronic request for the dynamic code is digitally triggered during the transaction and the triggered request is received by the trusted authentication system during the transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for enhancing network security by authenticating a user during an electronic transaction between the user and one of plural computer systems available to the user with which the user can engage in the electronic transaction over a communication network, the method comprising:
-
receiving, at a computer of a trusted authentication system, during said electronic transaction between the user and that one of the computer systems engaged in the electronic transaction with the user, an electronic request for a dynamic code for the user; generating, by a dynamic code generator of the trusted authentication system, a dynamic code for the user in response to the electronic request for the dynamic code, wherein the dynamic code is valid for a predetermined time, and becomes invalid after being used; providing by the computer of the trusted authentication system said valid dynamic code to the user during the electronic transaction; the trusted authentication system receiving electronically, during the electronic transaction, a request for authenticating the user from that one of the plural computer systems engaged in the electronic transaction with the user, the request including a digital identity comprising user specific information and the dynamic code, wherein the user is remote from the trusted authentication system as well as from that one of the plural computer systems during the transaction; the trusted authentication system authenticating, during the electronic transaction, the user based on the digital identity including the user specific information and the dynamic code, wherein the dynamic code is used for authenticating the user for a first time within the predetermined time after a generation of the dynamic code; and the trusted authentication system providing, during the electronic transaction, a result of the authenticating to that one of the computer systems engaged in the electronic transaction with the user, wherein the authenticating is based on the user specific information, the received dynamic code and a current time, and wherein the electronic request for the dynamic code is digitally triggered during the transaction and the triggered request is received by the trusted authentication system during the transaction. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification