Computer systems have evolved to the point where it is possible for a user to remotely access personal information via a computer. For example, one can monitor account balances, purchase securities, purchase goods, check the status of goods, and the like, through the use of a personal computer by using, for example, a web browser connected to the Internet.
In providing services such as those listed above, it is desirable that certain types of information be accessible only by authorized users. For example, only the account holder should be able to access information regarding his bank account, be able to perform certain activities (e.g., transfers and withdrawals) on said bank account, or be able to purchase goods using funds from said bank account.
In the past, such security has typically been provided in the form of the combination of a user id and a password. For example, an account at a bank may be protected by having a user “log in” to a banking application by providing a user id and password. However, such a security system may not provide as much security as desired. For example, if an unauthorized person were to become aware of the user id and password, the unauthorized person would then be able to access information and perform tasks that should be limited to a select group of authorized users.
There are several other problems with the above-described scenario. The association between a user ID and an account may become broken. For example, a user named John Smith may select, as a user ID, JSMITH1 and an associated password for use with a bank account. Another person named Joe Smith may select, as a user ID, JSMITH2 and an associated password for use with a different account. After a few months of non-use, Joe Smith attempts to login to his brokerage account. Not remembering his user ID, he thinks his user ID is JSMITH1. After several unsuccessful log-in attempts, he contacts a customer service representative.
In the prior art, the typical method of customer service verifying the user would be to verify ownership of the account. After verifying several pieces of information with Joe Smith (e.g., social security number, mailing address, etc.), the customer service representative is convinced that Joe Smith is who he says he is and grants him access to his brokerage account using the name JSMITH1. When John Smith later tries to login, the same scenario may occur, as John Smith is no longer able to use the JSMITH1 name that he established and contacts customer service to change the password. The result is that the JSMITH1 user ID becomes associated with both the accounts of John Smith and Joe Smith and customer service needs to intervene in order to grant the users their desired authorization level.
Thus, no sufficient system exists that accurately associates customer relationship and validates the continuing integrity of the customer relationship. In particular, the prior art is solely concerned with verifying the ownership of the account, and not verifying the relationship between the user ID and the account. It is desirable to have a more robust method of managing user identities in a computerized system.