The use of the Internet has become a common a popular arena for the sale of goods and services. Such sales require the transmission of personal and confidential data belonging to the buyer of such goods and services. Such information is often the target of identity theft. In response to the increase in the opportunity for the commission of fraud through identity theft, sellers and providers of goods and services through the Internet require a method whereby such fraud can be reduced.
It is preferred to keep the Internet user's experience simple while the Internet user is shopping online or accessing their online bank account. On the other hand, the Internet fraud causes online banks and ecommerce providers to lose significant amounts of money to fraudulent transactions. In addition, for privacy reasons, it is preferable to acquire the Internet user's consent before locating the Internet user's wireless geographical location. Therefore, it is preferable to be able to authenticate the Internet user automatically without user intervention or with very little user intervention.
Present technologies that authenticate the Internet user or acquire the Internet user's consent to be located are using ‘Out Of Band’ technologies that require user intervention and involve at least one action with a communication voice device. For example, in a method referred to as phone authentication, when a transaction is initiated over the Internet, an automated phone call or text message can be sent to the user's registered phone number. The user is asked to verify the specific transaction, for example via the following hypothetical text or voice dialogue:
“This is phone verification calling to verify the transfer of $10,000 to account 77356 at Bank Of Canada. Please click ‘1’ to approve or click ‘2’ to talk with our representative.”
If the transaction is valid, the user presses “1” or replies to the text message to approve the transaction. If the user does not answer the call or respond to the text message with “2”, the transaction is denied or flagged for further review. In addition, the user can report fraudulent transactions by entering “2” during the call or in the text message reply. This locks the account and sends an alert to the bank's anti-fraud team.
Internet commerce is not the only activity where methods for user authentication are desirable. Owners of Internet web sites, web hosts, and other proprietors of Internet-accessible computer systems and servers usually wish to limit access to authorized users.
With respect to Internet usage, upon accessing the Internet, an Internet user's computer is identified with an IP address, a numeric identifier formatted according to the Internet protocol in use at the time. Whenever an Internet user enters a Internet site, the Internet user's IP address is identified to the Internet site owner. In parent applications to the present invention, the present inventor has described systems in which such an identified IP address can be traceable geographically to its source so as to determine the location (state and city) of the Internet user; in some cases the IP address can be traced to within a radius of a few miles from its source. The comparison of the geographical location of the Internet user IP address, with the geographical location of said Internet user communication voice device can provide the seller or provider a means to authenticate the identity of the Internet user.
U.S. patent application Pub. No. 2001/0034718 of Shaked et al. discloses a method of controlling access to a service over a network, including the steps of automatically identifying a service user and acquiring user information, thereby to control access. Additionally, a method of providing service over a network, in which the service requires identification of a user, including the steps of automatically identifying the user and associating the user with user information, thus enabling the service, is disclosed.
U.S. Pat. No. 6,466,779 to Moles et al. discloses a security apparatus for use in a wireless network including base stations communicating with mobile stations for preventing unprovisioned mobile stations from accessing an Internet protocol (IP) data network via the wireless network.
U.S. patent application Pub. No. 2002/0188712 of Caslin et al. discloses a fraud monitoring system for a communications system. The fraud monitoring system analyzes records of usage activity in the system and applies fraud pattern detection algorithms to detect patterns indicative of fraud. The fraud monitoring system accommodates both transaction records resulting from control of a packet-switched network and those from a circuit-switched network gateway.
U.S. patent application Pub. No. 2003/0056096 of Albert et al. discloses a method to securely authenticate user credentials. The method includes encrypting a user credential with a public key at an access device. The public key is part of a public/private key pair suitable for use with encryption algorithm. The decrypted user credential is then transmitted from the decryption server to an authentication server for verification. The decryption server typically forms part of a multi-party service access environment including a plurality of access providers. This method can be used in legacy protocols, such as Point-to-Point Protocol (PPP), Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), Remote Authentication Dial in User Server (RADIUS) protocol, Terminal Access Controller Access Control System (TACAS) protocol, Lightweight. Directory Access Protocol (LDAP), NT Domain authentication protocol, Unix password authentication protocol, Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol over Secure sockets layer (HTTPS), Extended Authentication Protocol (EAP), Transport Layer Security (TLS) protocol, Token Ring protocol, and/or Secure Remote Password protocol (SRP).
U.S. patent application Publication Number US 2003/0101134 of Liu et al. teaches a method for transaction approval, including submitting a transaction approval request from a transaction site to a clearing agency; submitting a user authorization request from the clearing agency to a user device; receiving a response to the user authorization request; and sending a response to the transaction approval request from the clearing agency to the transaction site. Another method for transaction approval includes: submitting a transaction approval request from a transaction site to a clearing agency; determining whether a trusted transaction is elected; submitting a user authorization request from the clearing agency to a user device if a trusted transaction is determined to be elected; receiving a response to the user authorization request from the user device if the user authentication request was submitted; and sending a response to the transaction approval request from the clearing agency to the transaction site. A system for transaction approval includes a clearing agency for the transaction approval wherein the clearing agency having a function to request for user authorization, a network operatively coupled to the clearing agency, and a user device adapted to be operatively coupled to the network for trusted transaction approval.
U.S. patent application Publication Number US 2003/0187800 of Moore et al. teaches systems, methods, and program products for determining billable usage of a communications system wherein services are provided via instant communications. In some embodiments, there is provision for authorizing the fulfillment of service requests based upon information pertaining to a billable account.
U.S. patent application Publication Number US 2004/0111640 of Baum teaches methods and apparatus for determining, in a reliable manner, a port, physical location, and/or device identifier, such as a MAC address, associated with a device using an IP address and for using such information, e.g., to support one or more security applications. Supported security applications include restricting access to services based on the location of a device seeking access to a service, determining the location of stolen devices, and authenticating the location of the source of a message or other IP signal, e.g., to determine if a user is contacting a monitoring service from a predetermined location.
U.S. patent application Publication Number US 2005/0159173 of Dowling teaches methods, apparatus, and business techniques for use in mobile network communication systems. A mobile unit, such as a smart phone, is preferably equipped with a wireless local area network connection and a wireless wide area network connection. The local area network connection is used to establish a position-dependent, e-commerce network connection with a wireless peripheral supplied by a vendor. The mobile unit is then temporarily augmented with the added peripheral services supplied by the negotiated wireless peripheral. Systems and methods allow the mobile unit to communicate securely with a remote server, even when the negotiated wireless peripheral is not fully trusted. Also included are mobile units, wireless user peripherals, and negotiated wireless peripherals projecting a non-area constrained user interface image on a display surface.
U.S. patent application Publication Number US 2005/0160280 of Caslin et al. teaches providing fraud detection in support of data communication services. A usage pattern associated with a particular account for remote access to a data network is monitored. The usage pattern is compared with a reference pattern specified for the account. A fraud alert is selectively generated based on the comparison.
U.S. patent application Publication Number US 2005/0180395 of Moore et al. teaches an approach for supporting a plurality of communication modes through universal identification. A core identifier is generated for uniquely identifying a user among a plurality of users within the communication system. One or more specific identifiers are derived based upon the core identifier. The specific identifiers serve as addressing information to the respective communication modes. The specific identifiers and the core identifier are designated as a suite of identifiers allocated to the user.
While these systems may be suitable for the particular purpose employed, or for general use, there remains a need for methods of user identification and authentication on computer networks.