The present invention relates generally to authenticating identification numbers. Often people are leery of divulging user identification numbers, such as social security numbers, on remote or public terminals such as the internet or telephone operators, or even placing them on documents. For instance, a person using the internet to purchase goods may be asked to provide both publicly accessible information such as name and address along with a private user identification number such as a social security number (SSN), or a personal identification number (PIN). One problem with this scenario is that the user may not wish to reveal such information because of concerns about identity theft, maintaining privacy, and unauthorized third party use.
The Federal Trade Commission has noted that misuse of personal identifying information can result in temporary and sometimes permanent financial loss when wages are garnished, tax refunds are withheld, or liens are placed on victims' property as a result of someone else's criminal use of their identity. Beyond direct financial loss, consumers report being denied employment, credit, loans (including mortgages and student loans), government benefits, utility and telecommunications services, and apartment leases when credit reports and background checks are littered with the fraudulently incurred debts or wrongful criminal records of an identity thief. A SSN is especially vulnerable as it is a unique “person identifier” used by many agencies to track information such as credit or employment histories.
Recent legislation relating to identity theft includes the Federal Trade Commission Act, 15 U.S.C. §41 et seq. (prohibiting deceptive or unfair acts or practices, including violations of stated privacy policies); Fair Credit Reporting Act, 15 U.S.C. §1681 et seq. (addressing the accuracy, dissemination, and integrity of consumer reports); Children's Online Privacy Protection Act, 15 U.S.C. §6501 et seq. (prohibiting the collection of personally identifiable information from young children without their parents' consent); Identify Theft and Assumption Deterrence Act of 1998, 18 U.S.C. §1028 (directing the FTC to collect identity theft complaints, refer them to the appropriate credit bureaus and law enforcement agencies, and provide victim assistance); Gramm-Leach-Bliley Act, 15 U.S.C. §6801 et seq. (requiring financial institutions to provide notices to consumers and allowing consumers (with some exceptions) to choose whether their financial institutions may share their information with third parties).
Under all of this legislation, parties attempting to verify user identity may be severely limited in their access and use of such information. Thus, currently available methods for authenticating a user's identification number suffer from a lack of security and user privacy because other parties may intercept information, thus providing unauthorized and illegal access to these numbers. Also, parties with the legitimate need for this information or concerned about trying to protect themselves from fraudulent transactions, need a non-invasive method for authenticating a user identification number. A variety of methods, systems and apparatus for verifying a user identification number are known in the art.
U.S. Pat. No. 4,198,619 (Atalla) discloses a method of operating a personal verification system. The logic module receives an account code word (or any other data that is specific for an individual) and a secret code word from an individual for encoding in accordance with a logical combination of such code words altered in accordance with a selectable control word to produce a compiled code word of fixed length. There is no teaching that the second number/code being compared is a mathematical function of at least two predetermined digits within a users identification number.
U.S. Pat. No. 4,697,236 (Davies) discloses a secure system for identification verification by transmission of an access number, preferably a random number, from a central processor to a remote terminal. The system provides portable identification devices for use by individuals, programmed to perform specified mathematical functions on data input thereto. The portable devices may be cumbersome, expensive and difficult to modify since changes must be coordinated with the central processor. Also, there is no teaching of comparing a first number associated with a user with a second number, wherein the second number is a mathematical function of at least two predetermined digits of the user's identification number.
U.S. Pat. No. 4,992,783 (Zdunek et al.) teaches a method and apparatus for controlling access to a two-way communication system. The invention requires the use of both numbers and password codes in the subscriber units. Thus, it does not teach a method of authentication using a single user identification number.
U.S. Pat. No. 5,093,861 (Graham) discloses a method of authentication wherein a user identification number is coordinated with an associated pin code number. There is no teaching of a method of authentication of the user's identification number.
U.S. Pat. No. 5,555,303 (Stambler) teaches a secret transaction system which uses a joint code derived from a transaction, document, or thing to code information. The system involves a comparison of re-derived information against information recorded on the document to authenticate the accuracy of that information. Thus, there is no teaching of comparing a first number associated with a user with a second number, wherein the second number is a mathematical function of at least two predetermined digits of the user's identification number.
U.S. Pat. No. 5,655,020 (Powers) shows a system and method for authenticating the identity of an authorized person. The algorithm involves the generation of a second code that has more character positions than the first code. Again, there is no teaching of user authentication based on mathematical functions involving at least two predetermined digits of a user's identification number.
U.S. Pat. Nos. 5,754,652 and 5,940,511 (Wilfong) disclose a method and apparatus for secure PIN entry in which the user sequentially encodes each digit of number, one digit at a time. There is no teaching of non-sequentially encoding user identification numbers by modifying at least two digits within the user's identification number.
U.S. Pat. No. 5,754,653 (Canfield) teaches a coding formula for verifying checks and credit cards. The formula involves a numerical base code which is divided into two parts. Then the check number or transaction amount is modified by an assigned mathematical mode and each of the two parts of the base code. There is no teaching of comparing a first number associated with a user with a second number, wherein the second number is a mathematical function of at least two predetermined digits of the user's identification number.
U.S. Pat. No. 5,956,699 (Wong et al.) relates to a system for secure credit card transaction on the internet. The system generates a personal charge number from the user account number by inserting a user key into the user account number. Thus, it fails to teach user authentication based on mathematical functions involving at least two predetermined digits of a user's identification number.
U.S. Pat. No. 6,108,644 (Goldschlag et al.) discloses a system and method for electronic transactions, which uses an unblinded validated certificate and a blinded unvalidated certification. There is no teaching of user authentication based on mathematical functions involving at least two predetermined digits of a user's identification number.
United States Patent Application No. 2002/0073321 (Kinsella) discloses a method for fraud prevention for remote transactions in which a “scramble key” is generated. The user then generates an input code by modifying their user code in accordance with the scramble key. The user code and the input code are compared and authentication occurs if the user is determined to have used the user code to generate the input code. The scramble key is applied to all or parts of the user code but there is no teaching of the scramble key being a mathematical function that includes only predetermined digits within the user's identification number.
What is needed, then, is a non-intrusive method and apparatus for authenticating a user's identification that utilizes the user's Social Security Number.