The subject of this provisional patent application relates generally to digital security, and more particularly to a system and associated methods for validating and managing user identities.
By way of some background, the proliferation of e-commerce and Internet-based communications generally has facilitated the growth and pervasiveness of identity theft and identity spoofing. Positive authentication of a person's identity in a disconnected environment such as the Internet has proven difficult. Furthermore, the risks of doing business with unauthorized or incorrectly identified persons in an online environment can result in financial loss and reputation damage through fraud, disclosure of customer information, corruption of data, or unenforceable agreements.
For example, when it comes to online transactions via the Internet, businesses have historically had no choice but to rely upon the accuracy of the information provided to them by consumers. Given the relative anonymity that is afforded by the Internet, along with the relative ease with which one may create a fake persona (including a fake email address), this has proven to be a fundamental flaw in the security of the Internet that is being exploited by cyber criminals countless times every day. This weakness enables criminals to use stolen credit card numbers to purchase products from online retailers, apply for new credit cards and loans in someone else's name, and redirect another person's sensitive financial information to themselves. These security flaws arise primarily because confirmations, receipts, and notices are sent to the fake email address provided by whomever initiates a given transaction, rather than the email address of the person whose information is being fraudulently used. The actual consumer remains unaware that he or she has been victimized until long after the fact.
As another example, online predators and cyber-stalkers often use fake email addresses, social media ID's and user aliases as masks to cover their true identities. Cloaked in anonymity, they are able to register on dating and social media websites in order to locate their victims and perpetrate serious violent and non-violent crimes. As a result, website owners have found themselves embroiled in lawsuits brought against them by victims and their families for failing to do more to protect their members.
As yet another example, another common ploy by cyber criminals is known as “phishing.” This is when a fake email message is created that has the appearance—with recognizable graphics, fonts, language—of a legitimate message but is designed to get the user to click on an embedded link. This often results in the infection of the user's device, and opens that user to a number of scenarios like key logging, password lifting, and the downloading of malware onto the user's device. This is possible because the header of an email message is easily tampered with so as to appear to be originating from a trusted source.
Thus, there remains a need for a system and associated methods for effectively validating and managing user identities. Aspects of the present invention fulfill these needs and provide further related advantages as described in the following summary.