Verification engine for user authentication
First Claim
1. A computer-implemented user identity authentication method comprising:
- presenting one or more predefined queries to an authentication subject, wherein the predefined queries are permitted by each of multiple independent, remote, third-party databases storing identifying information about the authentication subject, wherein the databases are configured to accept and process only certain predefined permitted queries received from an authorized verification engine, and the databases are not selected by the authentication subject, and wherein at least one query presented to the authentication subject requires knowledge of out-of-wallet data associated with the subject to answer the query;
receiving an answer to at least one of the predefined queries from the authentication subject;
transmitting at least one of the answers received from the authentication subject, combined with an indication of the corresponding permitted query, to at least one of the multiple independent databases that has corresponding identifying information;
obtaining from said at least one of the multiple independent databases a corresponding authentication confidence level for each transmitted answer, wherein the multiple independent database contents are not disclosed; and
combining the authentication confidence level obtained from the multiple independent databases for each answer into a combined confidence level for authenticating the authentication subject.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer-implemented system and methods for authenticating the identity of a person, for example a customer (1) of an E-Commerce web site (15). The web site or other verification “client” (110) contacts a verification engine (10, 100) (“Authentex”), which may be implemented as a web server (604). The verification engine (10), in turn, has limited access to a plurality of independent, third-party secure databases (21, 112) which are maintained by Trusted Validators (3, 610, 620, etc), which are entities such as banks that have a pre-existing relationship with customer (FIG. 4), and due to that relationship, acquire and maintain “out-of-wallet” data (4) that may be useful to authenticate the identity of the customer. That confidential customer data—held by the third-party “Trusted Validators”—is not disclosed.
113 Citations
12 Claims
-
1. A computer-implemented user identity authentication method comprising:
-
presenting one or more predefined queries to an authentication subject, wherein the predefined queries are permitted by each of multiple independent, remote, third-party databases storing identifying information about the authentication subject, wherein the databases are configured to accept and process only certain predefined permitted queries received from an authorized verification engine, and the databases are not selected by the authentication subject, and wherein at least one query presented to the authentication subject requires knowledge of out-of-wallet data associated with the subject to answer the query; receiving an answer to at least one of the predefined queries from the authentication subject; transmitting at least one of the answers received from the authentication subject, combined with an indication of the corresponding permitted query, to at least one of the multiple independent databases that has corresponding identifying information; obtaining from said at least one of the multiple independent databases a corresponding authentication confidence level for each transmitted answer, wherein the multiple independent database contents are not disclosed; and combining the authentication confidence level obtained from the multiple independent databases for each answer into a combined confidence level for authenticating the authentication subject.
-
-
2. A method of authenticating the putative identity of a subject who is an individual, the method comprising the steps of:
-
negotiating a predetermined set of permitted types of queries with an owner of an independent, remote, third-party database, the independent, remote, third-party database including identifying information associated with the subject; providing a database interface for interacting with the independent, remote, third-party database without storing any significant portion of the third-party database locally, and wherein the interaction is limited to submitting a query among the predetermined set of permitted types of queries, and receiving from the third-party database a response to the permitted query; responsive to a request from a client to authenticate the putative identity of the subject, forming a first query to elicit from the subject at least one item of information sufficient to form one of the permitted types of queries, and sending the first query to the subject via the client; receiving identifying information associated with the subject in response to the first query to authenticate his identity, the received identifying information including at least one item of information sufficient to form one of the permitted types of queries; forming a permitted type of query based on the received identifying information; transmitting the formed query to the remote, third-party database; and receiving a response from the remote, third-party database wherein the database interface does not otherwise provide access to the remote, third-party database, so that privacy of the remote, third-party database content remains under control of its owner. - View Dependent Claims (3, 4, 5, 6, 7)
-
-
8. A computer-implemented identity authentication system comprising:
-
an authentication client software component configured to enable a business client software component to communicate with a verification engine to request authentication of the identity of a customer; a software-implemented verification engine to authenticate the identity of a customer at the request of the business client, wherein the verification engine includes— a client interface for communication with the authentication client software component; database interfaces configured for communications with multiple independently operated databases, to enable sending permitted queries to the databases and receiving confidence levels returned from the databases; a client interface for sending at least one selected query to the customer, and for receiving a corresponding answer from the customer; means for forming a permitted database query based on the selected query and the corresponding answer received from the customer, and transmitting the permitted query to at least one of the independently operated databases via the database interfaces; means for combining the confidence levels returned from the databases to form an overall authentication confidence level that the subject is in fact who he purports to be; and means for transmitting the overall authentication confidence level to the requesting business client via the client interface.
-
-
9. A computer-implemented identity authentication system comprising:
-
an authentication client software component to enable a business client to communicate with a verification engine to request authentication of the identity of a customer; a software-implemented verification engine to authenticate the identity of the customer at the request of the business client, wherein the verification engine includes— a client interface for communication with the authentication client software component; database interfaces configured for communications with multiple independently operated databases, to enable sending permitted queries to the databases and receiving confidence levels returned from the databases; means for sending at least one selected query to the customer, and for receiving a corresponding answer from the customer; means for forming a permitted database query based on the selected query and the corresponding answer received from the customer, and transmitting the permitted query to at least one of the independently operated databases via the database interfaces; means for combining the confidence levels returned from the databases to form an overall authentication confidence level that the subject is in fact who he purports to be; and means for transmitting the overall authentication confidence level to the requesting business client via the client interface; and
wherein;the multiple independently operated databases each stores information associated with the customer, wherein the database information includes confidential, out-of-wallet data previously acquired by the corresponding database operator in the course of doing business with the customer; the databases are configured to accept and process only certain predefined permitted queries received from an authorized verification engine, and to respond to the permitted queries by returning a confidence level as to whether or not data contained in the query is consistent with the confidential, out-of-wallet data stored by the database in association with the subject; and wherein the database does not return or otherwise disclose the confidential, out-of-wallet data stored by the database in association with the subject. - View Dependent Claims (10, 11, 12)
-
Specification