Cyberspace Identification Trust Authority (CITA) System and Method
First Claim
1. A method and system providing for the establishment of trusted identities between two cyberspace parties and the secure processing of cyberspace transactions, said transactions comprising at a minimum service requests and/or payment requests, without the need for either party to openly divulge or exchange personal identifier and/or financial account information.
0 Assignments
0 Petitions
Accused Products
Abstract
When two parties of a cyberspace transaction register their identity attributes under a CITA system each party is assigned a unique, encrypted and digitally signed identity token. When the consuming party seeks access too, or payment for, cyberspace services, the providing party submits their identity token to the consuming party. The consuming party creates a request token, containing both the consumers'"'"' and the providers'"'"' identity tokens, and the transaction related information, to the CITA system. The CITA system validates the identity tokens and either creates a payment confirmation token by processing the payment request, or creates an access confirmation token by dynamically defining the minimal consumer identity attributes required to gain access to the provider'"'"'s service. The confirmation token is encrypted and digitally signed and returned to the consumer, and then forwarded to the provider to complete the transaction without either party openly exchanging personal identity attributes.
321 Citations
39 Claims
-
1. A method and system providing for the establishment of trusted identities between two cyberspace parties and the secure processing of cyberspace transactions, said transactions comprising at a minimum service requests and/or payment requests, without the need for either party to openly divulge or exchange personal identifier and/or financial account information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
2. The System of claim 1, wherein said System is comprised of the following components;
- a Network of Consumers, a Network of Service Providers, and a Cyberspace Identification Trust Authority (CITA) System, all interconnected through the Internet or an Intranet.
-
3. The System of claim 1, wherein said System utilizes a new identity authentication methodology based upon the “
- Validation of Light Transfer Zeligmetrics”
(VOLTZ) protocol, to establish trusted identities between said System components. Said method supporting cyberspace user identity authentication using Digital Tokens, and said method using the minimal amount of identity attributes required to authenticate said cyberspace user, and said identity attributes being based upon Zeligmetrics.
- Validation of Light Transfer Zeligmetrics”
-
4. The CITA System of claim 2 wherein said CITA System is further comprised of a Primary site and a redundant Backup site for high-availability operations, wherein each site is further comprised of a Server Farm, Load Balancers, Network Switches and Routers, a Network LAN/WAN Infrastructure, and connectivity to the Internet, or an Intranet.
-
5. The CITA System of claim 2, wherein said CITA System provides access to a Software Application that can be downloaded and installed on an electronic device, and said Software Application providing access to said CITA System using the Internet or an Intranet.
-
6. The CITA System of claim 2, wherein said CITA System supports a method for processing CITA Cyberspace Transactions, and said transactions supporting at a minimum;
- a Registration Method, a Request Access Method, and a Request Payment Method.
-
7. The CITA System of claim 2, wherein said CITA System supports a method for processing electronic payment requests through accounts established directly with said CITA System, or through an external interface to electronic commerce payment service provider systems and/or financial institution systems using established credit/debit financial accounts.
-
8. The CITA System of claim 2, wherein said CITA System utilizes PKI, digital signature, data hashing, data encryption, Multi-Modal Biometric Identification, and Credit Background Checking Methodologies to support the establishment of;
- a trusted cyberspace user identities;
mutually authenticated and secured communication links between two cyberspace parties; and
the exchange of encrypted and digitally signed data packets to guarantee transaction privacy and integrity between said cyberspace parties.
- a trusted cyberspace user identities;
-
9. The CITA System of claim 2, wherein said CITA System supports data mining methodologies and the ability to archive transaction metrics and generate Business Intelligence (BI) reports and analytical data pertaining to CITA cyberspace transactions.
-
10. The Network of Consumers of claim 2, wherein said Network of Consumers comprises;
- at least one cyberspace user requesting access to services, or requesting payment for services, provided by a cyberspace service provider, and said consumer having registered an account the CITA System of claim 2.
-
11. The Network of Service Providers of claim 2 wherein said Network of Service Providers comprises;
- at least one cyberspace user providing cyberspace services or accepting payment for services provided, and said service provider having registered an account with the CITA System of claim 2.
-
12. The Network of Service Providers of claim 2, wherein said Network of Service Providers comprises at least one Web Service Provider and/or one Retailer/Merchant Service Provider.
-
13. The Digital Tokens of claim 3, wherein said Digital Tokens are comprised of a data container, said data container being based upon a defined structure format, said format containing defined data elements, and said data elements including but being limited to;
- digital certificates, encrypted data objects, data hash values, and any other data elements required to process the CITA Cyberspace Transactions of claim 6, and said Data Tokens at a minimum being comprised of;
a Service Provider Registration (S-REG) Token, a Consumer Registration (C-REG) Token, a Service Provider Registration Confirmation (C-RCON) Token, a Consumer Registration Confirmation (C-RCON) Token, a Service Provider Digital Identity (S-DIT) Token, a Consumer Digital Identity (C-DIT) Token, a Service Provider Request Access (S-ACC) Token, a Consumer Request Access (C-ACC) Token, a Consumer Access Attribute (C-AAT) Token, a Service Provider Access Confirmation (S-ACON) Token, a Consumer Access Confirmation (C-ACON) Token, a Service Provider Request Payment (S-PAY) Token, a Consumer Request Payment (C-PAY) Token, a Consumer Payment Attribute (C-PAT) Token, a Service Provider Payment Confirmation (S-PCON) Token, and a Consumer Payment Confirmation (C-PCON) Token.
- digital certificates, encrypted data objects, data hash values, and any other data elements required to process the CITA Cyberspace Transactions of claim 6, and said Data Tokens at a minimum being comprised of;
-
14. The Server Farm of claim 4 wherein said Server Farm comprises;
- a database engine to store registration sets of identity attributes and Biometric Samples, a registration set provided by at least one cyberspace consumer and one cyberspace service provider;
a Biometric Comparator engine to compare live and registered biometric samples and establish unique identities across registered cyberspace consumers and service providers;
a Registration engine to process consumer and service provider registration requests, said registration process including biometric matching services, validation of identity through credit background checks and other means, and the assignment of unique digital identities;
an Access Services engine to process consumer requests for access to service provider services, and the creation of dynamic digital identity tokens containing the minimal identity attributes required to successfully execute the service access request;
a Payment Services engine to process consumer requests for payment of services provided by service providers, said Payment Service engine optionally supporting external interfaces to electronic commerce service payment providers and financial institutions, and/or the ability to process payments via accounts held and maintained by the CITA System of claim 2;
a Web Server engine providing Internet/Intranet connectivity between said CITA System, the Network of Consumers of claim 2, and the Network of Service Providers of claim 2; and
a Security engine providing digital signature, data encryption and PKI key management and processing services.
- a database engine to store registration sets of identity attributes and Biometric Samples, a registration set provided by at least one cyberspace consumer and one cyberspace service provider;
-
15. The Software Application of claim 5, wherein said Software Application can be hosted on an Electronic Device, supports the ability to capture biometric samples from the electronic device owner, supports the ability to interface with a Security Module configured on the electronic device, supports the ability to register device Owner Data to said Security Module on said device, supports the ability to interface with the CITA System of claim 2 to process CITA transactions, and supports the ability to utilize the Internet or an Intranet to electronically communicate with a cyberspace consumer and/or cyberspace service provider.
-
16. The Security Module of claim 15, wherein said Security Module is herein referred to as the CTI Module, as described under USPTO Non-Provisional patent application Ser. No. 13/744,369—
- Cyberspace Trusted Identity (CTI) Module.
-
17. The Software Application of claim 5, wherein said Software Application supports the ability to capture the Service Provider Request Access (S-ACC) token of claim 13 and the Service Provider Request Payment (S-PAY) Token of claim 13 using an electronic communications methodology. Said methodology including but not being limited to;
- passing the token in an electronic message, e.g., through a web browser session requesting access to a web portal or payment for services offered on-line; and
/or through the scanning of a barcode image which embeds said S-ACC or S-PAY token, e.g., using a smart phone at a Point-of-Sale (POS) payment terminal.
- passing the token in an electronic message, e.g., through a web browser session requesting access to a web portal or payment for services offered on-line; and
-
18. The Registration Method of claim 6, wherein said Registration Method supports the ability for a cyberspace user to register an account with the CITA System of claim 2. Said cyberspace user being either a Consumer or Service Provider of cyberspace services, and said cyberspace user being referred herein after as the Registering Party.
-
19. The Registration Method of claim 6, wherein the Registering Party of claim 18 uses the Software Application of claim 5 to create a CITA registration token, i.e., the Service Provider Registration (S-REG) Token of claim 13 for service providers or the Consumer Registration (C-REG) Token of claim 13 for consumers. Said token containing biometric samples, personal information, financial information, the unique Public Key from said Registering Party'"'"'s CTI Module or enterprise security framework, and/or the CTI Module Device ID, and said token being encrypted with a CITA Registration Public Key and digitally signed by said Registering Party using their CTI Module Private Key or Enterprise Security framework Private Key, and said transaction being submitted to the CITA System of claim 2 for processing.
-
20. The Registration Method of claim 6, wherein a CITA registration token, i.e., the Service Provider Registration (S-REG) Token of claim 13 for service providers or the Consumer Registration (C-REG) Token of claim 13 for consumers, is submitted to the CITA System of claim 2. Said token being processed by said CITA System and said processing including but not being limited to;
- a digital signature validation process;
a Multi-Modal Biometric Identification Process;
a Credit Background Check process;
the creation of a unique CITA Digital Identity Token, i.e., the Service Provider Digital Identity (S-DIT) Token of claim 13 for service providers or the Consumer Digital Identity (C-DIT) Token of claim 13 for consumers, and containing the Registering Party'"'"'s CITA Registration ID and a hash of the Registering Party'"'"'s CTI Module Device IDs;
the embedding of said Digital Identity Token in a CITA Registration Confirmation, i.e., the Service Provider Registration Confirmation (S-RCON) Token of claim 13 for service providers or the Consumer Registration Confirmation (C-RCON) Token of claim 13 for consumers, wherein said CITA Registration Token contains said CITA Digital Identity Token and a unique CITA Public Key, is encrypted with the Registering Party'"'"'s Public Key, and digitally signed with the CITA Private key, and returned to the Registering Party. Said Registering Party receiving said CITA Registration Confirmation Token using the Software Application of claim 5, validating the digital signature of said CITA System, decrypting said CITA Registration Confirmation Token contents to extract the embedded CITA Digital Identity Token and CITA Public Key, and storing the CITA Digital Identity Token and CITA Public Key on their CTI Module, and/or enterprise security server, for subsequent CITA transaction processing.
- a digital signature validation process;
-
21. The Request Access Method of claim 6, wherein said method is initiated when a Consumer requests access to a Service Provider'"'"'s service, said Service Provider providing the CITA Service Provider Request Access (S-ACC) Token of claim 13 to the Consumer in response to said request, and said token including the Service Provider CITA Digital Identity (S-DIT) Token of claim 13, which is encrypted with the CITA Public Key and digitally signed with the Service Provider'"'"'s Private Key. Said Consumer using the Software Application of claim 5 to Biometrically Authenticate their Identity to the CTI Module on their electronic device, using said software application to electronically capture said S-ACC Token, and using the CTI Module to generate the CITA Consumer Request Access Token (C-ACC) of claim 13, which imbeds said S-ACC Token and includes a copy of the Consumer'"'"'s CITA Digital Identity (C-DIT) Token of claim 13, and may include additional identity attributes, as supplied by the Consumer. Said C-ACC Token being encrypted with the CITA Public Key and digitally signed with the Consumer'"'"'s CTI Module Private Key, and submitted to the CITA System of claim 2 for processing. Said CITA System processing said C-ACC Token, which includes, but is not limited to;
- digital signature validation of the submission packet;
validation of the submitting CTI Module Device ID;
validation of the embedded S-DIT and C-DIT tokens;
the dynamic creation of the Consumer'"'"'s Zeligmetric Identity Attributes; and
the creation of the Service Provider Access Confirmation (S-ACON) Token of claim 13. Said S-ACON Token including the Consumer'"'"'s CITA generated zeligmetric identity attributes, Consumer CTI Module Public Key, and a hash of the Consumer'"'"'s CTI Module Device ID. Said S-ACON Token being encrypted with the CITA Service Provider'"'"'s Public Key, digitally signed with the CITA Private Key, and embedded in the Consumer Access Confirmation (C-ACON) Token of claim 13, which is encrypted with the Consumer'"'"'s CTI Module Public Key, digitally signed with the CITA Private Key, and returned to the Consumer. Said C-ACON Token being received by the Consumer using said software application on their electronic device, and said application using the Consumer'"'"'s CTI Module to validate the digital signature and decrypt said C-ACON token contents to extract the embedded S-ACON token. Said S-ACON token being presented to the Service Provider by the Consumer using said software application and said Service Provider receiving said S-ACON token, validating the digital signature of said CITA System, performing a CTI Module Device ID Hash Validation Process, and decrypting said S-ACON token contents to extract the Consumer'"'"'s zeligmetric identity attributes. Comparing said identity attributes to the Service Provider'"'"'s required identity attributes to determine accessibility to the requested service. Said Service Provider granting access to the requested service if the offered identity attributes match the required attribute criteria and denying access if the attributes do not fulfil the identity attribute requirements.
- digital signature validation of the submission packet;
-
22. The Request Access Method of claim 6, wherein said method supports the ability to reuse the Service Provider Access Confirmation (S-ACON) of claim 13 for subsequent access requests to the same service provider'"'"'s service. Said S-ACON token being stored locally on the Consumer'"'"'s CTI Module during the initial access request when the said token was created by the CITA System of claim 2, and maintained in an encrypted format so only the service provider can interpret the tokens contents.
-
23. The Request Payment Method of claim 6, wherein said method is initiated when a Consumer requests payment to a Service Provider for services provided, said Service Provider providing the CITA Service Provider Request Payment (S-PAY) Token of claim 13 to the Consumer in response to said request, and said token including the Service Provider CITA Digital Identity (S-DIT) Token of claim 13 and the Service Provider Payment Information Details, encrypted with the CITA Public Key and digitally signed with the Service Provider'"'"'s Private Key. Said Consumer using the Software Application of claim 5 to electronically capture said S-PAY Token and generating the CITA Consumer Request Payment Token (C-PAY) of claim 13. Said C-PAY token imbedding said S-PAY Token and including a copy of the consumer'"'"'s CITA Consumer Digital Identity (C-DIT) Token of claim 13, and the Consumer'"'"'s Payment Information Details. Said C-PAY Token being encrypted with the CITA Public Key and digitally signed with the Consumer'"'"'s CTI Module Private Key, and submitted to the CITA System of claim 2 for processing. Said CITA System processing said C-PAY Token, which includes, but is not limited to;
- digital signature validation of the submission packet;
performing a CTI Module Device ID Hash Validation Process;
validation of the embedded S-DIT and C-DIT tokens;
the electronic payment processing to satisfy the payment request; and
the creation of the Service Provider Payment Confirmation (S-PCON) Token of claim 13. Said S-PCON Token including the payment confirmation number, Consumer CTI Module Public Key, and a hash of the Consumer'"'"'s CTI Module Device ID. Said S-PCON token being encrypted with the CITA Service Provider'"'"'s Public Key, digitally signed with the CITA Private Key, and together with the payment confirmation number being embedded in the Consumer Payment Confirmation (C-PCON) Token of claim 13. Said C-PCON token being encrypted with the Consumer'"'"'s CTI Module Public Key, digitally signed with the CITA Private Key, and returned to the Consumer. Said C-PCON Token being received by the Consumer using said software application on their electronic device, and said application validating the digital signature and decrypting the token contents to extract the embedded S-PCON token. Said S-PCON token being presented to the Service Provider by the Consumer using said software application and said Service Provider receiving said S-PCON token, validating the digital signature of said CITA system, performing a CTI Module Device ID Hash Validation Process, and decrypting the token contents to extract the payment confirmation number to confirm payment for the service provided.
- digital signature validation of the submission packet;
-
24. The Web Service Provider of claim 12, wherein said Web Service Provider may be comprised of Network Switches/Routers, Firewalls, a Web Server Farm, and a Web Server Provider LAN/WAN providing connectivity to the Internet or an Intranet and offering cyberspace services to the cyberspace user community.
-
25. The Retailer/Merchant Service Provider of claim 12, wherein said Retailer/Merchant Service Provider may be comprised of Network Switches/Routers, Firewalls, a Point of Sale (POS) terminal, a Retailer/Merchant, and a Retailer/Merchant Service provider LAN/WAN providing connectivity to the Internet or an Intranet and providing goods and/or services to the cyberspace user community.
-
26. The Biometric Samples of claim 14, wherein said Biometric Samples include both physical Biometric Modalities, which may include but are not limited to;
- fingerprint;
face;
DNA;
iris;
retina;
vein;
skin spectroscopy; and
pulse electrocardiogram modalities, and behaviour biometric modalities, which may include but are not limited to;
gate;
keystroke;
voice;
signature; and
eye movement modalities.
- fingerprint;
-
27. The Electronic Device of claim 15, wherein said Electronic Device can be any form of computing device with an operating system, CPU, memory, system bus, Internet/Intranet connectivity, and/or display, and may include a desktop PC, laptop PC, tablet PC, smart phone, or other iterations of electronic devices supporting electronic computing and electronic communication mechanisms.
-
28. The Owner Data of claim 15, wherein said Owner Data may include name, phone numbers, addresses, email addresses, date of birth, financial account information, medical account information, insurance account information, club membership information, retailer account information, travel document information, web site portal information, CITA digital identity tokens, and any other information an electronic device owner may wish to securely store on their CTI Module.
-
29. The Multi-modal Biometric Identification method of claim 20, wherein the CITA System of claim 2 maintains a repository of biometric sample records for registered CITA users and biometric samples provided in new CITA registration requests are biometrically matched against said registered samples using multi-modal biometric identification technology. Said multi-modal biometrics comprising the Biometric Modalities of claim 26, and said multi-modal biometric identification matching providing the ability to uniquely identify and authenticate the identity of a CITA registered user.
-
30. The Credit Background Check method of claim 20, wherein the CITA System of claim 2 may utilize external credit checking services as a means of establishing and/or authenticating the identity of a CITA registered user. Said Credit Background Check process utilizing the biographical and financial account information provided by the CITA user under their registration request packet.
-
31. The CITA Registration ID of claim 20, wherein said ID is based upon alphanumeric characters, is generated by the CITA System of claim 2 upon a successful CITA registration transaction, is assigned to the registered CITA user, and used to uniquely identify said user.
-
32. The Service Provider Digital Identity (S-DIT) Token of claim 20, wherein said token is generated by the CITA System of claim 2 to uniquely identify the Service Provider. Said token containing the unique CITA Registration ID of claim 31, and the Service Provider'"'"'s registered CTI Module Device IDs.
-
33. The Consumer Digital Identity (C-DIT) Token of claim 20, wherein said token is generated by the CITA System of claim 2 to uniquely identify the Consumer. Said token containing the unique CITA Registration ID of claim 31, and the Consumer'"'"'s registered CTI Module Device IDs.
-
34. The Biometric Authentication of Identity method of claim 21, wherein the Software Application of claim 5 requires the owner to authenticate their identity to their electronic device CTI Module using multi-modal biometric identification technology in order to gain access to said module.
-
35. The Dynamic Creation of Consumer Zeligmetric Identity Attributes method of claim 21, wherein the CITA System of claim 2 performs a dynamic assessment of the identity attributes required by a service provider to grant access to their service, against the discrete identity attributes as provided by a consumer when they registered with said CITA System or requested access to said service of the service provider. Said assessment generating the minimal identity attributes required to satisfy the service provider'"'"'s identity authentication requirements.
-
36. The Zeligmetric Identity Attributes of claim 21, wherein said zeligmetric identity attributes are based upon a unique identity characteristic of a zelig, e.g., user name password, age, gender, email address, phone number, social security number, passport number, etc. Said zelig being defined as “
- A Chameleon like person who is unusually ubiquitous”
. Thus, a zelig has multiple discrete identity attributes, the combinations of which are defined as “
zeligmetrics” and
the use of said zeligmetrics in a discrete manner providing the ability for a cyberspace user to operate with a level of anonymity and pseudonymity within cyberspace, and be present within multiple cyberspace environments at the same time using different zeligmetric identity attributes as a mechanism to safeguard their personal identity and ensure only those identity attributes required to complete a cyberspace transaction are exchanged between two cyberspace parties.
- A Chameleon like person who is unusually ubiquitous”
-
37. The CTI Module Device ID Hash Validation method of claim 21, wherein the CITA transactions exchanged between a Consumer and Service Provider contain separate embedded hashes of the Consumer'"'"'s CTI Module Device ID, one encrypted by the CITA System of claim 2 using the Service Provider'"'"'s Public key such that only the Service Provider can decipher, and one presented by the Consumer. Thus, the Service Provider is provided a mechanism to authenticate the CITA token offered by the Consumer by comparing the two hash values in order to validate the offered token originated from the Consumer'"'"'s CTI Module, and is not a fraudulent token presented as a means of masking the consumer'"'"'s identity or presenting false payment for services provided.
-
38. The Service Provider Payment Information Details of claim 23, wherein a Service Provider identifies the total payment to be made by the Consumer for services provided. Said information including but not being limited to;
- merchandise, food, beverages, tax, fees, gratuities, services, etc.
-
39. The Consumer Payment Information Details of claim 23, wherein a Consumer using the Software Application of claim 5 on their electronic device can identify;
- the financial account to be used in providing payment for service provider services, the payment to be made, and any additional payments to be included, e.g., gratuities, fees, etc.
-
2. The System of claim 1, wherein said System is comprised of the following components;
Specification
- Resources
-
Current AssigneeRobert Matthew Voltz
-
Original AssigneeRobert Matthew Voltz
-
InventorsVoltz, Robert Matthew
-
Application NumberUS13/761,313Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current705/67CPC Class CodesG06Q 20/38215 Use of certificates or encr...G06Q 20/4014 Identity check for transact...G06Q 20/40145 Biometric identity checks