Centralized identity authentication for electronic communication networks

US 9,990,627 B2
Filed: 09/13/2013
Issued: 06/05/2018
Est. Priority Date: 03/06/2000
Status: Active Grant

First Claim

Patent Images

1. A computer system operative to perform centralized identity authentication for transactions conducted over the Internet with a plurality of different vendors, each vendor having a presence on the Internet via at least one vendor hardware server operatively connected to the Internet so as to allow for an exchange of electronic communications thereover, said system comprising:

at least one data storage device having a plurality of account holder records maintained therein, each record being (i) associated with a particular account holder and (ii) including at least one set of authentication data from which an identity of the associated account holder can be authenticated; and

at least one centralized agent hardware server operatively connected to the Internet so as to allow for an exchange of electronic communications thereover, said at least one centralized agent hardware server having access to the at least one data storage device and including;

a data obtaining part that obtains provided authentication data received over the Internet by the centralized agent hardware server from a user device operatively connected to the Internet so as to allow for an exchange of electronic communications thereover, said user device having been redirected over the Internet to the centralized agent hardware server from one of the vendor hardware servers; and

,an authenticating part that is operative to perform an authentication of a user of the user device providing the obtained authentication data over the Internet prior to completion of a transaction with the vendor, wherein said authenticating part performs said authentication by accessing the at least one data storage device to check the records stored therein and comparing the provided authentication data obtained by the data obtaining part to authentication data in the account holder records, wherein the user is identified as an account holder when there is a sufficient match resulting from the comparison, and is not identified as an account holder when there is no sufficient match resulting from the comparison;

wherein a given account holder employs the same set of authentication data to transact with multiple different vendors.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of centralized identity authentication for use in connection with a communications network includes registering users of the communications network such that each registered user'"'"'s identity is uniquely defined and determinable, and registering a plurality of vendors having a presence on the communications network. The registered vendors selectively transact with registered users, wherein the transactions include: (i) the registered vendor selling goods and/or services to the registered user; (ii) the registered vendor granting the registered user access to personal records maintained by the registered vendor; and/or (iii) the registered vendor communicating to the registered user personal information maintained by the registered vendor. The method also includes each user'"'"'s identity being authenticated over the communications network prior to completion of transactions between registered vendors and registered users.

75 Citations

25 Claims

1. A computer system operative to perform centralized identity authentication for transactions conducted over the Internet with a plurality of different vendors, each vendor having a presence on the Internet via at least one vendor hardware server operatively connected to the Internet so as to allow for an exchange of electronic communications thereover, said system comprising:
- at least one data storage device having a plurality of account holder records maintained therein, each record being (i) associated with a particular account holder and (ii) including at least one set of authentication data from which an identity of the associated account holder can be authenticated; and
  
  at least one centralized agent hardware server operatively connected to the Internet so as to allow for an exchange of electronic communications thereover, said at least one centralized agent hardware server having access to the at least one data storage device and including;
  
  a data obtaining part that obtains provided authentication data received over the Internet by the centralized agent hardware server from a user device operatively connected to the Internet so as to allow for an exchange of electronic communications thereover, said user device having been redirected over the Internet to the centralized agent hardware server from one of the vendor hardware servers; and
  
  ,an authenticating part that is operative to perform an authentication of a user of the user device providing the obtained authentication data over the Internet prior to completion of a transaction with the vendor, wherein said authenticating part performs said authentication by accessing the at least one data storage device to check the records stored therein and comparing the provided authentication data obtained by the data obtaining part to authentication data in the account holder records, wherein the user is identified as an account holder when there is a sufficient match resulting from the comparison, and is not identified as an account holder when there is no sufficient match resulting from the comparison;
  
  wherein a given account holder employs the same set of authentication data to transact with multiple different vendors.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 22, 24)
- - 2. The computer system of claim 1, wherein said at least one centralized agent hardware server further comprises:
    - a notification part operative to provide a notification over the Internet to the vendor hardware server from which the user device was redirected to the centralized agent hardware server, said notification indicating a result of the performed authentication.
  - 3. The computer system of claim 1, wherein said at least one centralized agent hardware server further comprises:
    - a notification part operative to provide a notification over the Internet to the user device, said notification indicating a result of the performed authentication.
  - 4. The computer system of claim 1, wherein said at least one centralized agent hardware server further comprises:
    - a redirecting part operative to redirect the user device over the Internet back to the vendor hardware server from which the user device was redirected to the centralized agent hardware server.
  - 5. The computer system of claim 1, wherein the user device is a computer on which is running a web browser application.
  - 6. The computer system of claim 1, wherein the set of authentication data includes at least one of a user name, a password, a personal identification number, biometric data, an answer to a security question and a dynamically changing non-predictable code.
  - 7. The computer system of claim 1, wherein the at least one centralized agent hardware server further comprises:
    - an authorization part operative to authorize completion of the transaction.
  - 8. The computer system of claim 7, wherein the data storage device is provisioned to permit storage of associated account privileges along with the account holder records, said privileges being operative to restrict authorization for at least one of transactions carried out with identified vendors, commercial transactions over a set price limit and automatically reoccurring transactions being conducted absent the direct participation of the account holder.
  - 9. The computer system of claim 1, wherein the plurality of different vendors includes at least one of a first type of vendor, such that transactions therewith over the Internet include a sale of at least one of goods and services from the vendor.
  - 10. The computer system of claim 9, wherein the plurality of different vendors includes at least one of a second type of vendor which maintains at least one database containing records associated with at least one of the account holders, such that transactions therewith over the Internet include the vendor providing account holders access to their records contained in the database.
  - 22. The computer system of claim 1, wherein the set of authentication data includes all of:
    - a user name, a password, a personal identification number, biometric data, an answer to a security question and a dynamically changing non-predictable code.
  - 24. The computer system of claim 1, wherein the set of authentication data includes biometric data.

11. A computer system operative to perform centralized identity authentication for transactions conducted over the Internet with a plurality of different vendors, each vendor having a presence on the Internet via vendor means operatively connected to the Internet so as to allow for an exchange of electronic communications thereover, said system comprising:
- storage means for digitally storing a plurality of account holder records maintained therein, each record being (i) associated with a particular account holder and (ii) including at least one set of authentication data from which an identity of the associated account holder can be authenticated; and
  
  authentication means operatively connected to the Internet so as to allow for an exchange of electronic communications thereover, said authentication means having access to the storage means and being operative to;
  
  obtain provided authentication data received over the Internet by the authentication means from user means operatively connected to the Internet so as to allow for an exchange of electronic communications thereover, said user means having been redirected over the Internet to the authentication means from one of the vendor means; and
  
  ,perform an authentication of a user of the user means providing the obtained authentication data over the Internet prior to completion of a transaction with the vendor, wherein said authentication is performed by accessing the storage means to check the records stored therein and comparing the provided authentication data obtained to authentication data in the account holder records, wherein the user is identified as an account holder when there is a sufficient match resulting from the comparison, and is not identified as an account holder when there is no sufficient match resulting from the comparison;
  
  wherein a given account holder employs the same set of authentication data to transact with multiple different vendors.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23, 25)
- - 12. The computer system of claim 11, wherein said authentication means is further operative to:
    - provide a notification over the Internet to the vendor means from which the user means was redirected to the authentication means, said notification indicating a result of the performed authentication.
  - 13. The computer system of claim 11, wherein said authentication means is further operative to:
    - provide a notification over the Internet to the user means, said notification indicating a result of the performed authentication.
  - 14. The computer system of claim 11, wherein said authentication means is further operative to:
    - redirect the user means over the Internet back to the vendor means from which the user means was redirected to the authentication means.
  - 15. The computer system of claim 11, wherein the user means is a computer on which is running a web browser application.
  - 16. The computer system of claim 11, wherein the set of authentication data includes at least one of a user name, a password, a personal identification number, biometric data, an answer to a security question and a dynamically changing non-predictable code.
  - 17. The computer system of claim 11, wherein the at least one authentication means is further operative to:
    - authorize completion of the transaction.
  - 18. The computer system of claim 17, wherein the storage means is provisioned to permit storage of associated account privileges along with the account holder records, said privileges being operative to restrict authorization for at least one of transactions carried out with identified vendors, commercial transactions over a set price limit and automatically reoccurring transactions being conducted absent the direct participation of the account holder.
  - 19. The computer system of claim 11, wherein the plurality of different vendors includes at least one of a first type of vendor, such that transactions therewith over the Internet include a sale of at least one of goods and services from the vendor.
  - 20. The computer system of claim 19, wherein the plurality of different vendors includes at least one of a second type of vendor which maintains at least one database containing records associated with at least one of the account holders, such that transactions therewith over the Internet include the vendor providing account holders access to their records contained in the database.
  - 21. The computer system of claim 11, wherein the authentication means comprises at least one hardware server acting as a centralized agent.
  - 23. The computer system of claim 11, wherein the set of authentication data includes all of:
    - a user name, a password, a personal identification number, biometric data, an answer to a security question and a dynamically changing non-predictable code.
  - 25. The computer system of claim 11, wherein the set of authentication data includes biometric data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CardinalCommerce Corporation (Visa, Inc.)
Original Assignee
CardinalCommerce Corporation (Visa, Inc.)
Inventors
Bhagavatula, Ravishankar S., Balasubramanian, Chandra, Sherwin, Francis M., Keresman, III, Michael A., Bowman, Jeffry J.
Primary Examiner(s)
Song, Hosuk

Application Number

US14/026,299
Publication Number

US 20140020075A1
Time in Patent Office

1,726 Days
Field of Search

713150, 713155, 713168, 713170, 726 2- 9, 705 50, 705 53, 705 67- 68, 705 70, 705 75- 79
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/445   by mutual authentication, e...

G06Q 20/4014   Identity check for transact...

G06Q 30/06   Buying, selling or leasing ...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

Centralized identity authentication for electronic communication networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

75 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Centralized identity authentication for electronic communication networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links