1. Field of the Invention
The present invention relates to a centralized identification and authentication system and method for identifying an individual over a communication network such as Internet, to increase security in e-commerce. More particularly a method and system for generation of a dynamic, non-predictable and time dependent SecureCode for the purpose of positively identifying an individual.
2. Description of the Related Art
The increasing use of the Internet and the increase of businesses utilizing e-commerce have lead to a dramatic increase in customers releasing confidential personal and financial information, in the form of social security numbers, names, addresses, credit card numbers and bank account numbers, to identify themselves. This will allow them to get access to the restricted web sites or electronically purchase desired goods or services. Unfortunately this type of identification is not only unsafe but also it is not fool proof that the user is really the person he says he is. The effect of these increases is reflected in the related art.
U.S. Pat. No. 5,732,137 issued to Aziz outlines a system and method for providing remote user authentication in a public computer network such as the Internet. More specifically, the system and method provides for remote authentication using a one-time password scheme having a secure out-of-band channel for initial password delivery.
U.S. Pat. No. 5,815,665 issued to Teper et al. outlines the use of a system and method for enabling consumers to anonymously, securely and conveniently purchase on-line services from multiple service providers over a distributed network, such as the Internet. Specifically, a trusted third-party broker provides billing and security services for registered service providers via an online brokering service, eliminating the need for the service providers to provide these services.
U.S. Pat. No. 5,991,408 issued to Pearson, et al. outlines a system and method for using a biometric element to create a secure identification and verification system, and more specifically to an apparatus and a method for creating a hard problem which has a representation of a biometric element as its solution.
Although each of the previous patents outline a valuable system and method, what is really needed is a system and method that offers digital identity to the users and allows them to participate in e-commerce without worrying about the privacy and security. In addition to offering security and privacy to the users, the new system has to be simple for businesses to adopt and also doesn't require the financial institutions to change their existing systems. Such a secure, flexible and scalable system and method would be of great value to the businesses that would like to participate in today's electronic commerce.
None of the above inventions and patents, taken either singularly or in combination, is seen to describe the instant invention as claimed. Thus a centralized identification and authentication system and method solving the aforementioned problems is desired.
For convenience, the term “user” is used throughout to represent both a typical person consuming goods and services as well as a business consuming goods and services.
As used herein, a “Central-Entity” is any party that has user's personal and/or financial information, UserName, Password and generates dynamic, non-predictable and time dependent SecureCode for the user. Examples of Central-Entity are: banks, credit card issuing companies or any intermediary service companies.
As also used herein, an “External-Entity” is any party offering goods or services that users utilize by directly providing their UserName and SecureCode as digital identity. Such entity could be a merchant, service provider or an online site. An “External-Entity” could also be an entity that receives the user's digital identity indirectly from the user through another External-Entity, in order to authenticate the user, such entity could be a bank or a credit card issuing company.
The term “UserName” is used herein to denote any alphanumeric name, id, login name or other identification phrase, which may be used by the “Central-Entity” to identify the user.
The term “Password” is used herein to denote any alphanumeric password, secret code, PIN, prose phrase or other code, which may be stored in the system to authenticate the user by the “Central-Entity”.
The term “SecureCode” is used herein to denote any dynamic, non-predictable and time dependent alphanumeric code, secret code, PIN or other code, which may be broadcast to the user over a communication network, and may be used as part of a digital identity to identify a user as an authorized user.
The term “digital identity” is used herein to denote a combination of user's “SecureCode” and user's information such as “UserName”, which may result in a dynamic, non-predictable and time dependent digital identity that could be used to identify a user as an authorized user.
The term “financial information” is used herein to denote any credit card and banking account information such as debit cards, savings accounts and checking accounts.