Direct Authentication System and Method via Trusted Authenticators
First Claim
1. A computer implemented method to authenticate an individual in communication with an entity over a communication network during a communication between the entity and the individual, the computer implemented method comprising:
- receiving electronically a request for a dynamic code for the individual, which request is received by a trusted-authenticator'"'"'s computer during an authentication of the individual by the entity;
calculating the dynamic code for the individual in response to the request during the authentication of the individual by the entity, wherein the dynamic code is valid for a predefined time and becomes invalid after being used;
sending electronically the dynamic code to the individual during the authentication of the individual by the entity;
receiving electronically an authentication request to authenticate the individual based on a user information and the dynamic code included in the authentication request;
authenticating an identity of the individual based on the user information and the dynamic code included in the authentication request; and
providing a result of authenticating to the entity during communication between the individual and the entity.
0 Assignments
0 Petitions
Accused Products
Abstract
Fraud and identity theft are enabled by two faulty assumptions about the way that the identity of a person is verified in our society. The first is that someone who demonstrates knowledge of certain items of personal or financial information about a particular person is presumed to be that person. The second assumption, which gives rise to the first assumption, is that these items of information can be kept confidential. Because fraudsters and identity thieves often seek to use their victim'"'"'s personal and financial information, this invention proposes a direct authentication system and method that does not depend on these assumptions. The proposed method enables businesses to determine whether the customer is truly the person who he says he is by adopting a new “two-factor” authentication technique and authenticating customer'"'"'s identity utilizing customer'"'"'s trusted authenticator. A customer'"'"'s trusted authenticator can be found within the financial services community; in particular, a bank or other financial institution with whom the customer has a trusted relationship, such as a bank account.
-
Citations
34 Claims
-
1. A computer implemented method to authenticate an individual in communication with an entity over a communication network during a communication between the entity and the individual, the computer implemented method comprising:
-
receiving electronically a request for a dynamic code for the individual, which request is received by a trusted-authenticator'"'"'s computer during an authentication of the individual by the entity; calculating the dynamic code for the individual in response to the request during the authentication of the individual by the entity, wherein the dynamic code is valid for a predefined time and becomes invalid after being used; sending electronically the dynamic code to the individual during the authentication of the individual by the entity; receiving electronically an authentication request to authenticate the individual based on a user information and the dynamic code included in the authentication request; authenticating an identity of the individual based on the user information and the dynamic code included in the authentication request; and providing a result of authenticating to the entity during communication between the individual and the entity. - View Dependent Claims (2, 3)
-
-
4. A computer implemented method for an entity to authenticate an individual over a communication network during a communication with the individual, the method comprising:
-
requesting electronically both a user information and a dynamic code from the individual in order to validate the individual'"'"'s identity during the communication with the individual, which the individual obtains the dynamic code from a computer associated with a trusted-authenticator during the transaction between the individual and the entity, wherein the dynamic code is valid for a predefined time and becomes invalid after being used; requesting electronically both the user information and the dynamic code from the individual during transaction between the individual and entity; requesting the trusted-authenticator to authenticate the individual based on the user information and the dynamic code received from the individual during transaction; and receiving by the entity the result of authentication from the computer associated with the trusted-authenticator that the user information and the dynamic code received by the trusted-authenticator during the transaction between the individual and the entity properly authenticates the individual. - View Dependent Claims (5, 6)
-
-
7. A computer implemented method for a website to authenticate an individual over a communication network during a communication session between the individual and the website, the computer implemented method comprising:
-
requesting by a computer associated with the website both a user information and a dynamic code from the individual in order to validate the individual'"'"'s identity, wherein the dynamic code is valid for a predefined time and becomes invalid after being used; receiving both the user information and the dynamic code from the individual, which individual receives the dynamic code during the communication session between the individual and the website; requesting the trusted-authenticator to authenticate the individual based on the user information and the dynamic code received from the individual during communication session; and receiving the result of authentication from the computer associated with the trusted-authenticator during communication session that is based on the user information and the dynamic code. - View Dependent Claims (8, 9, 10)
-
-
11. A computer implemented method for authenticating an individual in communication with an entity over a communication network during communication between the entity and the individual, the method comprising:
-
receiving by a computer associated with the entity a dynamic code during authentication of the individual by the entity, which said dynamic code was sent to the individual by a trusted-authenticator in response to a request for the dynamic code received by the trusted authenticator during authentication of the individual by the entity and was calculated by the trusted-authenticator during authentication of the individual by the entity, wherein the dynamic code is valid for a predefined time and becomes invalid after being used; sending electronically by the entity an authentication request to the trusted-authenticator to authenticate the individual based on a user information and a received dynamic code included in the authentication request, wherein said authentication request is sent during authentication of the individual by the entity; and receiving electronically by the entity a message from the trusted-authenticator either confirming or denying an identity of the individual based on the user information and the received dynamic code included in the authentication request from the entity during the time of authentication of the individual by the entity. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A computer implemented method for authenticating an individual in communication with an entity during communication between the entity and the individual, the computer implemented method comprising:
-
sending electronically a request for a dynamic code to a trusted-authenticator during authentication of the individual by the entity; receiving electronically the dynamic code from the trusted-authenticator during authentication of the individual by the entity, which the dynamic code was calculated during authentication of the individual by the entity, wherein the dynamic code is valid for a predefined time and becomes invalid after being used; sending electronically a user information and the dynamic code during authentication of the individual by the entity to the trusted-authenticator for verification by the trusted-authenticator during authentication of the individual by the entity; and receiving electronically acceptance or denial of authentication from the entity based on said verification by the trusted-authenticator of the user information and the dynamic code received from the individual during authentication of the individual by the entity.
-
-
17. A computer implemented method to authenticate an individual during communication between the individual an entity, the method comprising:
-
receiving by a trusted authenticator electronically a request for a dynamic code for the individual, wherein the request is received directly or indirectly from the individual during authentication of the individual by the entity; sending by the trusted authenticator the dynamic code electronically to the individual during authentication of the individual by the entity, wherein the dynamic code is valid for a predefined time and becomes invalid after being used; receiving electronically by the trusted authenticator an authentication request including a user information and the dynamic code received from the individual during authentication of the individual by the entity, wherein said authentication request is received during authentication of the individual by the entity; authenticating by the trusted authenticator an identity of the individual based on the user information and the received dynamic code during the time of authentication of the individual by the entity, wherein said authenticating of the individual occurs during said authentication between the individual and the entity; and providing by the trusted-authenticator a result of authenticating to the entity during said authentication between the individual and the entity. - View Dependent Claims (18)
-
-
19. A computer implemented method to perform a two-factor authentication of an individual based on a user information as a first credential and a dynamic code as a second credential during communication between an entity and the individual, the method comprising:
-
accepting or denying electronically by a trusted-authenticator of the two-factor authentication of the individual based on the user information and the dynamic code received from the individual, wherein; said user information comprises the first credential and said dynamic code comprises the second credential; said dynamic code was calculated by a computer associated with the trusted-authenticator and sent by the trusted-authenticator to the individual during communication between the individual and the entity, wherein the dynamic code is valid for a predefined time and becomes invalid after being used; said user information and said dynamic code were received electronically by the trusted authenticator during authentication of the individual by the entity and were verified by the trusted-authenticator during said communication between the individual and the entity; said computer associated with said trusted-authenticator calculates a different value for said dynamic code each time the individual requests a dynamic code from the trusted-authenticator; and said computer associated with said trusted-authenticator providing a result of authenticating to a computer associated with the entity. - View Dependent Claims (20, 21, 22)
-
-
23. A computer implemented method to perform a two-factor authentication of an individual during electronic transaction between an entity and the individual, the method comprising receiving electronically acceptance or denial of two-factor authentication from the entity based on two credentials received from the individual, wherein:
-
said user information comprises the first credential and said dynamic code comprises the second credential; said dynamic code was requested from a trusted authenticator and provided to the individual over the communication network during said electronic transaction between the entity and the individual and electronically received from the individual during the electronic transaction and electronically received and verified by a computer associated with a trusted-authenticator during authentication of the individual by the entity wherein the dynamic code is valid for a predefined time and becomes invalid after being used. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. A computer implemented method to authenticate an individual in communication with an entity over a communication network during a communication between the entity and the individual, the computer implemented method comprising:
-
receiving electronically by a trusted-authenticator'"'"'s computer a request for authenticating the user based on a user information and the dynamic code received during the communication between the entity and the individual, wherein the dynamic code was requested from the trusted authenticator and electronically provided to the individual during said the communication between the entity and the individual; verifying by the trusted-authenticator'"'"'s computer an identity of the individual based on the user information and the dynamic code; and providing by the trusted-authenticator a result of authenticating to the entity. - View Dependent Claims (30, 31, 32, 33, 34)
-
Specification