VERIFICATION ENGINE FOR USER AUTHENTICATION

US 20100050233A1
Filed: 11/05/2009
Published: 02/25/2010
Est. Priority Date: 10/30/2000
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented identity authentication system comprising:

an authentication client software component to enable a client to communicate with a verification engine to request authentication of the identity of a subject or customer;

multiple independently operated databases, each database storing information associated with the subject, wherein the database information includes confidential, out-of-wallet data previously acquired by the corresponding database operator in the course of doing business with the subject;

the databases configured to accept and process only certain predefined permitted queries received from an authorized verification engine, and to respond to the permitted queries by returning a confidence level as to whether or not data contained in the query is consistent with the confidential, out-of-wallet data stored by the database in association with the subject;

wherein the database does not return or otherwise disclose the confidential, out-of-wallet data stored by the database in association with the subject; and

a software-implemented verification engine to authenticate the identity of the subject at the request of the client, wherein the verification engine includesa client interface for communication with the authentication client software component;

database interfaces configured for communications with the multiple independently operated databases, to enable sending the permitted queries and receiving the returned confidence levels;

means for sending at least one selected query to the subject, and for receiving a corresponding answer from the subject;

means for forming a permitted database query based on the selected query and the corresponding answer received from the subject, and transmitting the permitted query to at least one of the independently operated databases via the database interfaces;

means for combining the confidence levels returned from the databases to form an overall authentication confidence level that the subject is in fact who he purports to be; and

means for transmitting the overall authentication confidence level to the requesting client via the client interface.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer-implemented system and methods for authenticating the identity of a person, for example a customer (1) of an E-Commerce web site (15). The web site or other verification “client” (110) contacts a verification engine (10, 100) (“Authentex”), which may be implemented as a web server (604). The verification engine (10), in turn, has limited access to a plurality of independent, third-party secure databases (21, 112) which are maintained by Trusted Validators (3, 610, 620, etc), which are entities such as banks that have a pre-existing relationship with customer (FIG. 4), and due to that relationship, acquire and maintain “out-of-wallet” data (4) that may be useful to authenticate the identity of the customer. That confidential customer data—held by the third-party “Trusted Validators”—is not disclosed.

115 Citations

View as Search Results

15 Claims

1. A computer-implemented identity authentication system comprising:
- an authentication client software component to enable a client to communicate with a verification engine to request authentication of the identity of a subject or customer;
  
  multiple independently operated databases, each database storing information associated with the subject, wherein the database information includes confidential, out-of-wallet data previously acquired by the corresponding database operator in the course of doing business with the subject;
  
  the databases configured to accept and process only certain predefined permitted queries received from an authorized verification engine, and to respond to the permitted queries by returning a confidence level as to whether or not data contained in the query is consistent with the confidential, out-of-wallet data stored by the database in association with the subject;
  
  wherein the database does not return or otherwise disclose the confidential, out-of-wallet data stored by the database in association with the subject; and
  
  a software-implemented verification engine to authenticate the identity of the subject at the request of the client, wherein the verification engine includesa client interface for communication with the authentication client software component;
  
  database interfaces configured for communications with the multiple independently operated databases, to enable sending the permitted queries and receiving the returned confidence levels;
  
  means for sending at least one selected query to the subject, and for receiving a corresponding answer from the subject;
  
  means for forming a permitted database query based on the selected query and the corresponding answer received from the subject, and transmitting the permitted query to at least one of the independently operated databases via the database interfaces;
  
  means for combining the confidence levels returned from the databases to form an overall authentication confidence level that the subject is in fact who he purports to be; and
  
  means for transmitting the overall authentication confidence level to the requesting client via the client interface.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-implemented identity authentication system of claim 1 wherein at least one of the independently operated databases is maintained by a financial institution.
  - 3. The computer-implemented identity authentication system of claim 1 wherein at least one of the independently operated databases is maintained by a federal government agency.
  - 4. The computer-implemented identity authentication system of claim 1 wherein at least one of the independently operated databases is maintained by a state government agency.

5. A user authorization method comprising the steps of:
- presenting to an authentication subject one or more predefined queries from each of multiple independent databases of identifying information;
  
  receiving from the authentication subject an answer to each of the selected queries;
  
  presenting each answer to at least one of the multiple independent databases that has corresponding identifying information;
  
  obtaining from the multiple independent databases an authentication confidence level for each answer; and
  
  combining the authentication confidence level for each answer into a combined confidence level for authenticating the authentication subject.

6. A user identity authentication system comprising:
- an authentication client for requesting authentication of a subject;
  
  a client interface to receive the authentication request from the authentication client;
  
  multiple independently operated databases, each database storing information out-of-wallet data associated with the subject, the associated information out-of-wallet data being accessible only through predefined queries to identify the subject, the predefined queries defined in advance by agreement with respective owners of each of the multiple independently operated databases, and at least one of the predefined queries requiring at least one item of out-of-wallet data in an answer to the query; and
  
  a verification engine for facilitating authentication of the subject by receiving the authentication request, selecting one or more of the predefined queries, including at least one of the predefined queries that requires at least one item of out-of-wallet data in an answer to the query, presenting the one or more selected queries to the subject via the authenticating client, receiving from the subject an answer to each of the one or more selected queries, and presenting the answer, including at least one item of out-of-wallet data, to each of the multiple independently operated databases for a validation response.
- View Dependent Claims (7, 8)
- - 7. The system of claim 6 further comprising a personal information database coupled to the verification engine, the personal information database containing in-wallet data identifying the subject.
  - 8. The system of claim 6 further comprising means for communicating over a network between the authentication client, the subject seeking to demonstrate his identity, the verification engine and the multiple independently operated databases.

9. A user identity authentication method comprising the steps of:
- presenting to an authentication subject one or more predefined queries, the predefined queries defined in advance by agreement with owners of each of multiple independent databases, the multiple independent databases storing identifying information about the authentication subject;
  
  receiving from the authentication subject an answer to each of the selected at least one of the predefined queries;
  
  presenting each answer to at least one of the multiple independent databases that has corresponding identifying information;
  
  obtaining from the multiple independent databases an authentication confidence level for each answer; and
  
  combining the authentication confidence level for each answer into a combined confidence level for authenticating the authentication subject.

10. A method of authenticating the putative identity of a subject who is an individual, the method comprising the steps of:
- negotiating a predetermined set of permitted types of queries with an owner of an independent, remote, third-party database, the independent, remote, third-party database including identifying information associated with the subject;
  
  providing a database interface for interacting with the independent, remote, third-party database without storing any significant portion of the third-party database locally, and wherein the interaction is limited to submitting a query among the predetermined set of permitted types of queries, and receiving from the third-party database a response to the permitted query;
  
  responsive to a request from a client to authenticate the putative identity of the subject, forming a first query to elicit from the subject at least one item of information sufficient to form one of the permitted types of queries, and sending the first query to the subject via the client;
  
  receiving identifying information associated with the subject in response to the first query to authenticate his identity, the received identifying information including at least one item of information sufficient to form one of the permitted types of queries;
  
  forming a permitted type of query based on the received identifying information;
  
  transmitting the formed query to the remote, third-party database; and
  
  receiving a response from the remote, third-party database wherein the database interface does not otherwise provide access to the remote, third-party database, so that privacy of the remote, third-party database content remains under control of its owner.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. A method of authenticating the putative identity of a subject according to claim 10 and wherein said receiving the identifying information associated with the subject transpires in a live interaction with the subject in person.
  - 12. A method of authenticating the putative identity of a subject according to claim 10 and wherein receiving the identifying information associated with the subject is through a computer network.
  - 13. A method of authenticating the putative identity of a subject according to claim 12 including receiving the identifying information associated with the subject via the Internet.
  - 14. A method of authenticating the putative identity of a subject according to claim 10 and wherein the database interface enables interaction with multiple independent, remote, third-party databases without storing any significant portion of any of said databases locally, so that privacy of the remote, third-party database contents remain under control of their respective owners.
  - 15. A method of authenticating the putative identity of a subject according to claim 14 including receiving responses from a plurality of the remote, third-party databases and assembling the responses from the multiple databases to form a result.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Matthews International Corporation
Original Assignee
RAF Technology, Incorporated (Constellation Software Incorporated)
Inventors
Ross, David Justin

Granted Patent

US 8,032,927 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06F 21/33   using certificates

G06F 2221/2103   Challenge-response

G06Q 10/063112   Skill-based matching of a p...

G06Q 20/0855   involving a third party

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

VERIFICATION ENGINE FOR USER AUTHENTICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

115 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

VERIFICATION ENGINE FOR USER AUTHENTICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links