US20100131409A1 - Identification verification with user challenge - Google Patents
Identification verification with user challenge Download PDFInfo
- Publication number
- US20100131409A1 US20100131409A1 US12/276,329 US27632908A US2010131409A1 US 20100131409 A1 US20100131409 A1 US 20100131409A1 US 27632908 A US27632908 A US 27632908A US 2010131409 A1 US2010131409 A1 US 2010131409A1
- Authority
- US
- United States
- Prior art keywords
- user
- code
- service provider
- online service
- verified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2457—Query processing with adaptation to user needs
- G06F16/24575—Query processing with adaptation to user needs using context
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/313—User authentication using a call-back technique via a telephone network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
- G06Q20/425—Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2103—Challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Definitions
- This description relates generally to identification of a user, such as an online user, using data verification and a user challenge.
- online services include, for example, online banking online email services, online dating services and online social networks.
- a number of providers may provide a number of such services.
- These services are, however, subject to fraud and abuse.
- some users may sign up for online services using false identification information with the intent to misuse or abuse such services.
- SPAM unsolicited commercial emails
- someone may sign up for numerous email accounts that are used to generate unsolicited commercial emails, known as SPAM.
- SPAM unsolicited commercial emails
- someone may use false information to sign up for an online service with the intent of distributing materials for which the particular online service is not intended.
- someone may sign up with an online social networking service with the intent to use the social networking service to distribute commercial material.
- online service providers may use a number of techniques. For instance, an online service may require an individual attempting to sign up for an online service to provide some proof of their identity or perform an action that provides some level of confidence that the individual's intent is not to misuse the online service or services. For instance, in the case of automated attempts to access an online service, many online service providers use what is know as CAPTCHA technology, where a distorted series of characters is presented on a graphical interface and access to the service (or services) is allowed only if the correct sequence of characters is entered by a user and returned to the online service provider's server that is monitoring access to the online services. A number of other techniques also exist.
- a drawback of current approaches is that they do not provide sufficient assurance that a user seeking to access an online service is who they claim to be.
- Another drawback of current approaches it that abusers of online services constantly come up with ways of circumventing fraud protection techniques, such as automated ways of defeating CAPTCHA technology.
- Users of online services may also obtain different services from different online service providers.
- a user When requesting services from such online service providers, a user will set up a profile with each individual online service provider.
- Each individual online service provider may or may not verify the information included in a user's profile created exclusively to access services from a specific online service provider. Regardless, of how the individual online service providers maintain, process and make use of user profile data, a user having to recreate (and verify, if applicable) a user profile for each online service user wishes to access online services from may be frustrating and time consuming for the user.
- an example computer-implemented method which may be implemented by an online service provider system, includes requesting, from a user, a name and user identifying information associated with the provided name.
- the example method also includes querying a trusted database based on the provided name and the user identifying information and determining if a match exists in the database between the provided name and the user identifying information.
- the example method includes presenting a challenge to the user, the challenge being based on the user identifying information and determining a verification status of the user's identity based on a result of the challenge.
- the example method further includes designating the user's identity as verified or unverified in accordance with the verification status.
- the above method may be embodied as software instructions on a computer readable medium.
- FIG. 1 is a block diagram illustrating an example embodiment of a network.
- FIG. 2 is a diagram illustrating an example embodiment of a user profile.
- FIGS. 3A-C are flowcharts illustrating example embodiments of methods.
- FIG. 4 is a diagram illustrating an example embodiment of a user interface.
- FIG. 5 is a diagram illustrating another example embodiment of a user interface.
- FIG. 6 is a diagram illustrating an example embodiment of a financial transaction that may be used in conjunction with the example methods illustrated in FIGS. 3 , 7 and 8 .
- FIG. 7 is a flowchart illustrating an example embodiment of a method.
- FIG. 8 is a flowchart illustrating another example embodiment of a method.
- FIG. 9 shows an example of a computer device and a mobile computer device that can be used to implement the techniques described here.
- FIG. 1 is a block diagram illustrating an example embodiment of a system 100 in which identification verification using data verification and a user challenge may be implemented.
- a user 110 may use a user terminal 120 to gain access to an online service provider 130 (e.g., a server configured to provide online services).
- the user terminal 120 may take a number of forms.
- the user terminal 120 may be a personal computer, an internet appliance or a web-enabled mobile device, such as a personal digital assistant (PDA).
- PDA personal digital assistant
- the user terminal 120 may communicate with the online service provider 130 via a data network, such as the Internet or a wireless data network, for example.
- a data network such as the Internet or a wireless data network, for example.
- the online service provider 130 may provide one or more interfaces (e.g., graphical user interfaces) to the user terminal 120 over the data network.
- interfaces e.g., graphical user interfaces
- GUIs graphical user interfaces
- an online service provider 130 may provide a GUI requesting the user to provide a name and user identifying information, such as described herein.
- the entered information then may be communicated to the online service provider 130 via the data network, such as in response to the user clicking a button in an appropriate GUI to transmit the entered information.
- the user identifying information may include information associated with the user that can be verified, such as a mailing address, a residence address, a home telephone number, a mobile telephone number, a business telephone number, a facsimile telephone number, a bank account number, a credit card account number, an email address, or any other item of information associated with a person, where the information is subject to verification.
- the user identifying information may be verified in accordance with the techniques described herein and then used to challenge the user to determine whether or not to designate an online identity of the person as trusted or verified.
- the online service provider 130 may use the information provided by the user 110 to query a trusted database in order to verify that the information provided by the user agrees with data contained in the trusted database 150 . For instance, if the user 110 provides a name, address and phone number, the online service provider may query a telephone directory database that is maintained by a telecommunication service provider.
- the trusted database 150 may determine that the name, address and phone number provided by the user match information contained in the trusted database 150 .
- the trusted database 150 may determine that the name, address and phone number provided in the query (as received from the user 110 ) correspond with an actual person listed in the telephone directory database.
- the trusted database 150 in response to the query, may inform the online service provider 130 that a match was found in the trusted database 150 .
- the online service provider 130 would have a high level of confidence that the provided name, address and phone number were not falsified and correspond with the person whose name was provided to the online service provider 130 by the user 110 .
- the trusted database 150 may determine that there is a mismatch in the data included in the query from the online service provider 130 .
- the phone number may exist in the telephone directory database but may be assigned to a customer with a different name and/or address.
- a mismatch may occur where an address is included in the database but the name and/or telephone number associated with that address are inaccurate or do not match the information provided by the user 110 .
- the trusted database 150 may indicate the data mismatch to the online service provider 130 in response to the query.
- the data provided by the user 110 may not match any information in the trusted database 150 .
- the trusted database may not have any records corresponding with the provided name, address or phone number. In such a situation, the trusted database 150 may indicate that no data exists in response to the query.
- the online service provider 130 may take a number of appropriate actions. For example, in cases where the trusted database 150 indicates a data mismatch, the online service provider 130 may notify the user 110 (e.g., via a GUI communicated to, and displayed on the user terminal 120 ) that the provided data could not be verified. In such instances, in example embodiments, the user 110 may be asked to correct the provided data or may be informed that access to the online service is denied. Of course, other approaches are possible.
- the online service provider 130 may, again, take a number of appropriate actions. For instance, the online service provider 130 may send another query to another trusted database to attempt to verify the data provided by the user 110 . Alternatively, the online service provider 130 may inform the user 110 (e.g., via a GUI) that the provided data could not be verified. The online service provider 130 may then request that the user correct the information, provide additional information for verification purposes or inform the user 110 that access to the online service or services is denied, as some examples.
- the online service provider 130 may then challenge the user 110 based on the verified information.
- a user challenge may be done in a number of ways, and the techniques described herein for conducting a user challenge are given by way of example.
- the online service provider 130 may provide a verification code to the user through a user channel 140 , such as by calling a verified home telephone number, and require that the user return a correct version of the verification code using another channel, such as the user terminal 120 , to prove that the online user 110 has access to a channel associated with the verified user indentifying information. In such an approach, at least one of the channels used in the challenge would be associated with verified user identifying information.
- the online service provider 130 may provide a verification code to the user 110 through an channel not associated with verified user identifying information (an unverified channel) and then require that that the user accurately supply the provided code to the online service provider 130 via a channel associated with verified user identifying information (a verified channel) to demonstrate that the user 110 has access to the verified channel.
- the user 110 may be supplied a verification code in a short messaging system (SMS) message that is sent to an unverified mobile phone number.
- SMS short messaging system
- the user 110 may then provide the verification code to the online service provider 130 using a verified home phone number, where caller identification information is used to confirm use of the verified phone number.
- Such a verification code may be provided to, and returned from the user 110 in a number of ways.
- the verification code is either provided to the user via a verified channel or returned via the verified channel.
- the verification code may be included in a GUI provided to the (unverified) user terminal 120 by the online service provider 130 and returned to the online service provider 130 by the user 110 via a verified telephone number (land or mobile), or via another verified channel.
- the verification code may be provided to the user 110 via a short messaging system (SMS) message sent to the mobile telephone after the mobile telephone number is verified.
- SMS short messaging system
- the user 110 may then return the verification via a GUI displayed on the (unverified) user terminal 120 , for example.
- the user 110 demonstrates that he or she is able to receive a verification code via one channel (e.g., either a verified channel or an unverified channel), has access to the verified channel, and can return the verification code through the alternative channel (e.g., either unverified channel or the verified channel, respectively).
- verified channels may be used to provide and receive a verification code.
- a verification code may be provided to a user 100 by an online service provider 130 via a verified telephone number and the user 100 may return the verification code to the online service provider 130 via a verified email address, where the email address may be verified using techniques similar to those described above (e.g., using a trusted database of email addresses and corresponding names of email account holders).
- the verification code may be provided to the user in an email sent to a verified email address.
- a phone call may be placed to the user 110 at a verified phone number and the verification code may be provided to the user 110 via the called telephone.
- the verification code may be provided to the user 110 by sending a physical mailer (e.g., a postcard or letter) to a verified mailing address.
- a physical mailer e.g., a postcard or letter
- Still other embodiments may include sending a verification code via an amount deposited in a verified bank account or by making a small charge or refund to a credit card account and including the verification code in a transaction description for the charge or refund.
- other techniques for providing a verification code to a user are possible.
- the user 110 may then respond to the online service provider 130 to demonstrate that the user 110 has access to the verified channel either by demonstrating that the user 110 received the verification code via the verified channel or by providing the correct verification code to the online service provider 130 using the verified channel.
- a number of techniques may be used for the user 110 to return the provided verification code to the online service provider 130 , and the user 110 need not return the verification code through the same channel through which the user received the code as long as one of the resources used to provide or return the verification code to the online service provider is a verified channel.
- the user 110 may provide a verification code to the online service provider 130 by entering the verification code using a telephone that is associated with a verified phone number.
- the user 110 may provide a verification code to the online service provider 130 by entering the verification code using a GUI provided by the online service provider 130 to the user terminal 120 .
- the user 110 may provide a verification code to the online service provider 130 by sending the verification code to the online service provider in an email sent from a verified email address.
- other techniques may be used for the user 110 to communicate a verification code to the online service provider 130 . In such approaches, different channels are used to receive and return the verification code, with at least one of the channels being a verified channel.
- the online service provider 130 may then compare the user verification code with the original verification code (provided to the user 110 by the online service provider 130 ). If the user verification code matches the original verification code, the online service provider 130 may then determine that the user 110 has access to the verified user channel through which the online service provider 130 sent the verification code to the user 110 , or through which the user 110 returned the verification code to the online service provider 130 .
- the online service provider 130 may then determine that the user 110 either is the person associated with the verified data or is a person who has access to the personal information about the person associated with the data. As a result of such a determination, the online service provider 130 may grant the user 110 access to the online service or services provided by the online service provider 130 . For instance, the online service provider 130 may grant the user 110 access to protected functionality, may grant the user unrestricted access to one or more online services, and/or may grant the user 100 a “trusted” status/badge.
- the online service provider 130 may then determine that the user 110 does not, in fact, have access to the verified user channel. In such a situation, the online service provider 130 may deny the user 110 access to any online services provided by the online service provider 130 . For instance, the online service provider 130 may deny the user 110 access to protected functionality, may deny the user unrestricted access to one or more online services, and/or may refuse to grant the user 100 a “trusted” status/badge.
- the online service provider 130 may provide one or more online services, which may include an online social network or online professional network, as some examples. Other examples may include advertising services, payment services, blogs, online publishing services, online photo albums, online dating service, among a number of other online services.
- an online social or professional networking service a user may enter various pieces of personal information to create a user profile for use with the social or professional networking service.
- FIG. 2 is a diagram illustrating an example embodiment of such a user profile 200 .
- FIG. 2 will be described with further reference to the system 100 of FIG. 1 , in which such a user profile 200 may be implemented.
- the user profile 200 may be made available to multiple online service providers for the purpose of providing online services or other services to an associated user.
- the user profile 200 may be used for multiple services within a company, or may be made available to (shared with) other companies with complementary services.
- the user profile 200 may be used for online shopping purposes if the user has included bank account or credit card information in the profile 200 in addition to using the user profile 200 for an online professional networking service.
- the user profile 200 may be accessed by the multiple online service providers as part of the process of them providing their respective online services.
- Such an approach allows the user to create a single user profile 200 that is used by multiple online service providers rather than the user having to take the time to create individual profiles with each respective online service provider.
- login/password procedures may be implemented that are trusted by each online service provider that accesses the user profile 200 .
- Such an approach may insure that that information and updates to the user profile 200 are respected by the companies accessing the user profile 200 .
- the user profile 200 may include various pieces of information about the user 110 .
- the profile 200 may include a name, phone number, mailing address, email address, current employer, one or more previous employers, a credit card number, a bank account number, [billing address, shipping address, backup email address, academic institutions the user 110 has attended and professional organizations to which the user 110 belongs.
- the user profile 200 may also include a number of other profile information items.
- the profile 200 may include retail locations, employees, website addresses, etc. The particular items included in the user profile 200 may depend on the particular online services provided by the online service providers that make use of the user profile 200 .
- the user profile 200 may include a contact list 210 of the user 110 .
- Contact list 210 may include contact information for friends and/or business associates of the user 110 . If multiple online service providers make use of the user profile 200 , some or all of the information included in the user profile 200 may be shared with the various online service providers.
- the user 110 may determine the particular pieces of information of the user profile 200 to which each online service provider has access. As an example, a user could choose to share contacts or subsets of contacts with an online service provider, decide which information each service can display to the outside world, etc.
- the user 110 may enter values for each item of the user profile 200 using, for example, a GUI provided by the online service provider 130 to the user terminal 120 .
- the user profile 200 is for a user Joe Smith with a phone number of 408-555-1234 and mailing address 5432 Main St., San Jose Calif. 95101.
- an email address for Joe Smith of joesmith@google.com is included along with an indication of a current employer of Google.
- an indication of a previous employer of Apple is also included in the user profile 200 a credit card number, a bank account number, an indication that the user 110 attended Stanford University and an indication that the user 110 is a member of the IEEE professional organization.
- the online service provider 130 may verify some or all of the information included in the profile 200 . For instance, when the profile 200 is created, the online service provider 130 may verify the phone number and/or address included in the profile 200 by matching them to the name included in the profile 200 . This verification may be done using the techniques described herein, or using any other appropriate approach. For example, verification of the phone number and mailing address may be done using data verification and a user challenge, as was described above. In another example embodiment, verification of profile information items included in the profile 200 may be done using only data verification, e.g., by querying a trusted database.
- the profile 200 may also include, for each profile information item, an indication of whether or not each profile information item has been verified, the method (e.g., a specific trusted database) used to verify the profile information item (if verification has been done), a company or entity that performed the verification and the date the verification (if any) for each item was performed.
- another online service provider may request that one or more of the profile information items be verified (if not previously verified) or that a re-verification be done if the verification date is not consistent with the requirements of the particular online service provider. If an online service provider requests verification or re-verification of a profile information item, the profile 200 may be updated to reflect the most recent verification status for that item. In such an approach, other online service providers accessing the user profile 200 may also benefit from the updated verification status for the items of the user profile 200 .
- verification history for each of the items in the profile 200 may be kept.
- FIG. 3A illustrates an example embodiment of a method for verifying an online user using data verification and a user challenge, such as previously discussed with respect to FIG. 1 .
- FIGS. 3B and 3C illustrate example embodiments for performing a user challenge.
- FIGS. 3A-C will also be described with further reference to FIG. 1 .
- FIG. 3A illustrates an example method 300 for verifying a user (e.g., the user 110 ) using data verification and a user challenge, where the user challenge is performed such that the user 110 demonstrates access to a verified channel (e.g., that is associated with verified data listed in the user profile 200 ).
- the method 300 may include, at block 305 , the online service provider 130 requesting (e.g., via a GUI) a name of the user 110 in response to the user requesting access to an online service.
- the GUI requesting the user 110 ′s name may also request user identifying information associated with the user's name.
- the user identifying information may be, for example, a telephone number and/or a mailing address, or some other information associated with the user.
- the method 300 may include querying a trusted database (the trusted database 150 ) based on the user's name and the user identifying information. For instance, the online service provider 130 may send a query to a trusted telephone directory database. Such a query may include, for example, the name, address and telephone number provided by the user 110 .
- the method 300 may include determining if a match exists in the trusted database 150 between the user's name and the user identifying information.
- the determination may include the online service provider receiving a response to the query from the trusted database 150 .
- the response from the trusted database 150 may indicate that a match to the data included in the query was found, a mismatch was found or no data was found.
- the method 300 may include challenging the user to demonstrate access to a channel associated with the verified information (verified channel, as discussed above), for example, using a verification code in any of the fashions that were previously discussed.
- the method 300 may include determining a verification status of the user's identity based on a result of the challenge. For instance, if the user provides a correct verification code, the verification status may be determined as verified/trusted. Alternatively, if the correct code is not provided, the verification status may be determined as unverified/untrusted.
- the method 300 may include designating the user's identity as verified or unverified in accordance with the verification status.
- the determined verification status may be assigned to the user profile 200 , indicating that a person associated with that profile is trusted (e.g., allowed to access online services) or is not trusted (e.g., not allowed to access online services).
- FIG. 3B is a flowchart illustrating an example method 330 for performing a user challenge.
- the method 330 may include providing a code (verification code) to the user 110 . As discussed above and in further detail below, a number of approaches for providing a verification code to the user may be used.
- the method 330 may include calling a verified phone number provided by the user (e.g., a phone number verified using the trusted database 150 ).
- the method 330 may include prompting the user 110 to enter the provided code via the called telephone, such as by using an automated voice prompt, for example.
- the method 300 may further include receiving an entered (user) verification code from the user 110 via the called telephone (e.g., using the telephone's keypad).
- the method 330 at block 355 , may include designating the user 110 ′s identity as verified and allowing the user 110 access to online services provided by the online service provider 130 .
- FIG. 3C is a flowchart illustrating another example method 360 for conducting a user challenge based on data verified using a trusted database (database 150 ).
- the method 360 may include calling the verified telephone number and, at block 370 , providing a verification code to the user via the called telephone, or using any of the techniques described here.
- the method 360 may further include providing an online GUI for entering the code. Such a GUI may be provided in any appropriate fashion, such as using the techniques described above.
- the method 360 may also include receiving an entered code via the online GUI, such as by the user 110 entering the code using the user terminal 120 in the GUI and transmitting the entered code to the online service provider 130 via a data network, for example.
- the method 360 may still further include, at block 385 , designating the user's identity as verified and allowing the user access to online services provided by the online service provider 130 .
- a verification code may be provided in an SMS message sent to a verified mobile telephone number.
- a verification code may be provided using a verified email address or a verified physical mailing address.
- the user verification code may be communicated to the online service provider using any appropriate technique.
- the user verification code may be communicated to the online service provider 130 in an SMS message sent from a verified mobile telephone number or in an email from a verified email address.
- FIG. 4 is a diagram illustrating an example embodiment of an interface 400 for providing a verification code 410 to the user 110 .
- the interface 400 may be included, for example, in a web-based GUI. Alternatively, the interface 400 may be included in an SMS message or an email message.
- the interface 400 may also include a button 420 (such as in a web-based GUI) that the user 110 may click to initiate a phone call from the online service provider 130 for entering the verification code.
- FIG. 5 is a diagram illustrating an interface 500 for the user 110 to request a call to receive a verification code and then enter the verification code for transmission to the online service provider 130 .
- the interface 500 may be a web-based interface or may be implemented in another fashion.
- the interface 500 may include a button 510 that, when clicked by the user 110 , will initiate a phone call to a verified telephone number.
- the call may be made by the online service provider 130 and the verification code may be provided to the user 110 during the call.
- text-to-speech software may be used to provide the verification code to the user 110 .
- the interface 500 may also include a field 510 that may be used by the user 110 to enter the provided verification code, e.g., using the user terminal 120 .
- the interface 500 may further include a button 520 (such as in a web-based GUI) that the user 110 may click to transmit an entered code to the online service provider 130 to complete a user challenge, such as in the manners previously discussed.
- FIG. 6 is a diagram illustrating an example embodiment of such a challenge transaction 600 .
- the challenge transaction may include a transaction date 610 , a transaction description 620 and a transaction amount 630 .
- the transaction description 620 may include a verification code that a user may then provide to an online service provider to complete a user challenge.
- the online service provider may request that the user provide the transaction amount 620 to complete the user challenge.
- user information contained in a user profile may be shared by multiple online service providers.
- Such an approach may allow a user to create a single persistent profile 200 , that may be verified and maintained by a first online service provider and accessed by a number of other online service providers. Sharing the profile 200 may prevent the user 110 from having to create and verify his or her profile information for each online service provider the user 110 wishes to use.
- an online service provider that maintains such persistent user profiles may provide fee-based profile verification services to other online service providers.
- a first online service provider may receive profile information items from a user it wishes to verify, but the first online service provider may not implement the functionality to conduct the user identity verification.
- the first online service provider may provide the profile information items to a second online service provider (e.g., in a verification request) and the second online service provider may conduct a verification of one or more of the user profile items and provide the verification results to the first online service provider.
- the same user may then share his or her profile across service providers.
- the service providers that access the profile may share profile updates. For instance, the verifying service provider's profile for the user may be used as a master, shared profile.
- FIG. 7 is a flowchart illustrating an example method 700 for creation and maintenance of such a persistent, shared user profile 200 .
- the method 700 may include, at block 705 , receiving a plurality of profile information items from a user, such as the profile information items illustrated in the profile 200 in FIG. 2 .
- the method 700 may include storing, at a first entity (e.g., a first online service provider), the profile information items in an identification profile (e.g., the user profile 200 ) associated with the user (e.g., the user 110 ).
- the method 700 may include verifying at least one of the profile information items. Such verification may be done using the techniques described herein, or using any other appropriate technique.
- the method 700 may further include storing, as part of the identification profile 200 , a verification status corresponding with the verification performed at block 715 .
- the verification status may include, for each profile information item, an indication of whether the profile information item has been verified or not. If the profile information item has been verified, the verification status may further include an indication of how the item was verified (e.g., the trusted database used) and the date on which the verification was done.
- the method 700 may further include, at block 725 , receiving, at the first entity (e.g., the first online service provider), a request, from a second entity (a second online service provider), for one or more of the profile information items.
- the second online service provider may request a user's name, address and phone number.
- the method 700 may further include providing, from the first entity to the second entity, the requested profile information items and the verification status.
- FIG. 8 is a flowchart illustrating another example method 800 for creation and maintenance of such a persistent, shared user profile 200 .
- the method 800 may include receiving a plurality of profile information items from a user, such as the profile information items illustrated in the profile 200 in FIG. 2 .
- the method 800 may include storing, at a first entity (e.g., a first online service provider), the profile information items in an identification profile (e.g., the user profile 200 ) associated with the user (e.g. the user 110 ).
- a first entity e.g., a first online service provider
- the method 800 may include receiving, at the first entity (the first online service provider), a request from a second entity (a second online service provider) for one or more of the profile information items.
- the method 800 may further include, at block 815 , providing, from the first entity to the second entity, the profile information items requested by the second entity and a verification status, where the verification status indicates, for each provided profile item, that the profile information items have not yet been verified.
- the method 800 may further include, receiving, at the first entity, a verification request from the second entity to perform a verification of one or more of the provided profile information items.
- the request, at block 820 to perform the verification, may be made in response to the verification status indicating that the requested profile information items have not been previously verified.
- the verification request at block 820 may also include a budget for performing the verification.
- a trusted database lookup may represent a cost of ten cents and a user challenge phone call may represent a of cost twenty-five cents. Therefore, in order to complete such a verification including the user challenge phone call, the corresponding verification request should indicate a budget of thirty-five cents for performing the verification, as one example. A business operating the second entity would then pay the business operation the first entity thirty-five cents in payment for carrying out the verification request.
- one data verification request does not find a match (i.e., there is no data available)
- additional trusted databases may be consulted, at additional cost, until either the budget is used up, a match is found, or a mismatch is found (i.e., it is confirmed that the user is not the person they claim to be.
- the method 800 may further include verifying the one or more profile information items indicated in the verification request.
- the verification performed at block 825 may be carried out in accordance with a budget, as discussed above, that is indicated in the verification request from the second entity.
- the method 800 may further include updating the verification status of the user profile based on the verification done at block 825 .
- the method 800 at block 835 may still further include receiving, at the first entity, a request from a third entity (e.g., a third online service provider) for one or more of the profile information items.
- the method 800 , at block 840 may also include providing, from the first entity to the third entity, the profile information items requested by the third entity and the updated verification status.
- an online service provider may also make a verification request for profile information items where, based on the verification status, the verification date in the user profile indicates that the verification date for the profile information items exceeds a verification freshness threshold. For instance, an online service provider may require that a user's mailing address and/or phone number be verified once per month. In such an approach, if the last verification date for a user's mailing address and/or phone number indicated in the verification status is more than one month ago, the online service provider may, at block 820 of the method 800 , request that the mailing address and/or phone number be re-verified.
- FIG. 9 shows an example of a generic computer device 900 and a generic mobile computer device 950 , which may be used with the techniques described here.
- Computing device 900 is intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers.
- Computing device 950 is intended to represent various forms of mobile devices, such as personal digital assistants, cellular telephones, smart phones, and other similar computing devices.
- the components shown here, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed in this document.
- Computing device 900 includes a processor 902 , memory 904 , a storage device 906 , a high-speed interface 908 connecting to memory 904 and high-speed expansion ports 910 , and a low speed interface 912 connecting to low speed bus 914 and storage device 906 .
- Each of the components 902 , 904 , 906 , 908 , 910 , and 912 are interconnected using various busses, and may be mounted on a common motherboard or in other manners as appropriate.
- the processor 902 can process instructions for execution within the computing device 900 , including instructions stored in the memory 904 or on the storage device 906 to display graphical information for a GUI on an external input/output device, such as display 916 coupled to high speed interface 908 .
- multiple processors and/or multiple buses may be used, as appropriate, along with multiple memories and types of memory.
- multiple computing devices 900 may be connected, with each device providing portions of the necessary operations (e.g., as a server bank, a group of blade servers, or a multi-processor system).
- the memory 904 stores information within the computing device 900 .
- the memory 904 is a volatile memory unit or units.
- the memory 904 is a non-volatile memory unit or units.
- the memory 904 may also be another form of computer-readable medium, such as a magnetic or optical disk.
- the storage device 906 is capable of providing mass storage for the computing device 900 .
- the storage device 906 may be or contain a computer-readable medium, such as a floppy disk device, a hard disk device, an optical disk device, or a tape device, a flash memory or other similar solid state memory device, or an array of devices, including devices in a storage area network or other configurations.
- a computer program product can be tangibly embodied in an information carrier.
- the computer program product may also contain instructions that, when executed, perform one or more methods, such as those described above.
- the information carrier is a computer- or machine-readable medium, such as the memory 904 , the storage device 906 , or memory on processor 902 .
- the high speed controller 908 manages bandwidth-intensive operations for the computing device 900 , while the low speed controller 912 manages lower bandwidth-intensive operations.
- the high-speed controller 908 is coupled to memory 904 , display 916 (e.g., through a graphics processor or accelerator), and to high-speed expansion ports 910 , which may accept various expansion cards (not shown).
- low-speed controller 912 is coupled to storage device 906 and low-speed expansion port 914 .
- the low-speed expansion port which may include various communication ports (e.g., USB, Bluetooth, Ethernet, wireless Ethernet) may be coupled to one or more input/output devices, such as a keyboard, a pointing device, a scanner, or a networking device such as a switch or router, e.g., through a network adapter.
- input/output devices such as a keyboard, a pointing device, a scanner, or a networking device such as a switch or router, e.g., through a network adapter.
- the computing device 900 may be implemented in a number of different forms, as shown in the figure. For example, it may be implemented as a standard server 920 , or multiple times in a group of such servers. It may also be implemented as part of a rack server system 924 . In addition, it may be implemented in a personal computer such as a laptop computer 922 . Alternatively, components from computing device 900 may be combined with other components in a mobile device (not shown), such as device 950 . Each of such devices may contain one or more of computing device 900 , 950 , and an entire system may be made up of multiple computing devices 900 , 950 communicating with each other.
- Computing device 950 includes a processor 952 , memory 964 , an input/output device such as a display 954 , a communication interface 966 , and a transceiver 968 , among other components.
- the device 950 may also be provided with a storage device, such as a microdrive or other device, to provide additional storage.
- a storage device such as a microdrive or other device, to provide additional storage.
- Each of the components 950 , 952 , 964 , 954 , 966 , and 968 are interconnected using various buses, and several of the components may be mounted on a common motherboard or in other manners as appropriate.
- the processor 952 can execute instructions within the computing device 950 , including instructions stored in the memory 964 .
- the processor may be implemented as a chipset of chips that include separate and multiple analog and digital processors.
- the processor may provide, for example, for coordination of the other components of the device 950 , such as control of user interfaces, applications run by device 950 , and wireless communication by device 950 .
- Processor 952 may communicate with a user through control interface 958 and display interface 956 coupled to a display 954 .
- the display 954 may be, for example, a TFT LCD (Thin-Film-Transistor Liquid Crystal Display) or an OLED (Organic Light Emitting Diode) display, or other appropriate display technology.
- the display interface 956 may comprise appropriate circuitry for driving the display 954 to present graphical and other information to a user.
- the control interface 958 may receive commands from a user and convert them for submission to the processor 952 .
- an external interface 962 may be provide in communication with processor 952 , so as to enable near area communication of device 950 with other devices. External interface 962 may provide, for example, for wired communication in some implementations, or for wireless communication in other implementations, and multiple interfaces may also be used.
- the memory 964 stores information within the computing device 950 .
- the memory 964 can be implemented as one or more of a computer-readable medium or media, a volatile memory unit or units, or a non-volatile memory unit or units.
- Expansion memory 974 may also be provided and connected to device 950 through expansion interface 972 , which may include, for example, a SIMM (Single In Line Memory Module) card interface.
- SIMM Single In Line Memory Module
- expansion memory 974 may provide extra storage space for device 950 , or may also store applications or other information for device 950 .
- expansion memory 974 may include instructions to carry out or supplement the processes described above, and may include secure information also.
- expansion memory 974 may be provide as a security module for device 950 , and may be programmed with instructions that permit secure use of device 950 .
- secure applications may be provided via the SIMM cards, along with additional information, such as placing identifying information on the SIMM card in a non-hackable manner.
- the memory may include, for example, flash memory and/or NVRAM memory, as discussed below.
- a computer program product is tangibly embodied in an information carrier.
- the computer program product contains instructions that, when executed, perform one or more methods, such as those described above.
- the information carrier is a computer- or machine-readable medium, such as the memory 964 , expansion memory 974 , or memory on processor 952 , that may be received, for example, over transceiver 968 or external interface 962 .
- Device 950 may communicate wirelessly through communication interface 966 , which may include digital signal processing circuitry where necessary. Communication interface 966 may provide for communications under various modes or protocols, such as GSM voice calls, SMS, EMS, or MMS messaging, CDMA, TDMA, PDC, WCDMA, CDMA2000, or GPRS, among others. Such communication may occur, for example, through radio-frequency transceiver 968 . In addition, short-range communication may occur, such as using a Bluetooth, WiFi, or other such transceiver (not shown). In addition, GPS (Global Positioning System) receiver module 970 may provide additional navigation- and location-related wireless data to device 950 , which may be used as appropriate by applications running on device 950 .
- GPS Global Positioning System
- Device 950 may also communicate audibly using audio codec 960 , which may receive spoken information from a user and convert it to usable digital information. Audio codec 960 may likewise generate audible sound for a user, such as through a speaker, e.g., in a handset of device 950 . Such sound may include sound from voice telephone calls, may include recorded sound (e.g., voice messages, music files, etc.) and may also include sound generated by applications operating on device 950 .
- Audio codec 960 may receive spoken information from a user and convert it to usable digital information. Audio codec 960 may likewise generate audible sound for a user, such as through a speaker, e.g., in a handset of device 950 . Such sound may include sound from voice telephone calls, may include recorded sound (e.g., voice messages, music files, etc.) and may also include sound generated by applications operating on device 950 .
- the computing device 950 may be implemented in a number of different forms, as shown in the figure. For example, it may be implemented as a cellular telephone 980 . It may also be implemented as part of a smart phone 982 , personal digital assistant, or other similar mobile device.
- implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, specially designed ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof.
- ASICs application specific integrated circuits
- These various implementations can include implementation in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, coupled to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device.
- the systems and techniques described here can be implemented on a computer having a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user and a keyboard and a pointing device (e.g., a mouse or a trackball) by which the user can provide input to the computer.
- a display device e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor
- a keyboard and a pointing device e.g., a mouse or a trackball
- Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.
- the systems and techniques described here can be implemented in a computing system that includes a back end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front end component (e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back end, middleware, or front end components.
- the components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network (“LAN”), a wide area network (“WAN”), and the Internet.
- LAN local area network
- WAN wide area network
- the Internet the global information network
- the computing system can include clients and servers.
- a client and server are generally remote from each other and typically interact through a communication network.
- the relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Marketing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Technology Law (AREA)
- Software Systems (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Information Transfer Between Computers (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Methods and apparatus for conducting user identity verification are disclosed. An example method includes requesting, from a user, a name and user identifying information associated with the provided name. The example method also includes querying a trusted database based on the provided name and the user identifying information and determining if a match exists in the database between the provided name and the user identifying information. In the event a match exists, the example method includes presenting a challenge to the user, the challenge being based on the user identifying information and determining a verification status of the user's identity based on a result of the challenge. The example method further includes designating the user's identity as verified or unverified in accordance with the verification status.
Description
- This description relates generally to identification of a user, such as an online user, using data verification and a user challenge.
- As part of the rapid growth of Internet and World Wide Web use, there has been an ever increasing growth in the availability of online services. Such online services include, for example, online banking online email services, online dating services and online social networks. A number of providers may provide a number of such services. These services are, however, subject to fraud and abuse. For example, some users may sign up for online services using false identification information with the intent to misuse or abuse such services. For instance, someone may sign up for numerous email accounts that are used to generate unsolicited commercial emails, known as SPAM. In other cases, someone may use false information to sign up for an online service with the intent of distributing materials for which the particular online service is not intended. For example, someone may sign up with an online social networking service with the intent to use the social networking service to distribute commercial material. In some cases, such attempts to misuse or abuse online services is automated, where a computer program is used to sign up for such online services and carry out an improper use. Yet another type of misuse that may occur is payment fraud, such as a user attempting to make an online purchase using stolen credit card information.
- In order to reduce the amount of fraud and/or abuse, online service providers may use a number of techniques. For instance, an online service may require an individual attempting to sign up for an online service to provide some proof of their identity or perform an action that provides some level of confidence that the individual's intent is not to misuse the online service or services. For instance, in the case of automated attempts to access an online service, many online service providers use what is know as CAPTCHA technology, where a distorted series of characters is presented on a graphical interface and access to the service (or services) is allowed only if the correct sequence of characters is entered by a user and returned to the online service provider's server that is monitoring access to the online services. A number of other techniques also exist. A drawback of current approaches is that they do not provide sufficient assurance that a user seeking to access an online service is who they claim to be. Another drawback of current approaches it that abusers of online services constantly come up with ways of circumventing fraud protection techniques, such as automated ways of defeating CAPTCHA technology.
- Users of online services may also obtain different services from different online service providers. When requesting services from such online service providers, a user will set up a profile with each individual online service provider. Each individual online service provider may or may not verify the information included in a user's profile created exclusively to access services from a specific online service provider. Regardless, of how the individual online service providers maintain, process and make use of user profile data, a user having to recreate (and verify, if applicable) a user profile for each online service user wishes to access online services from may be frustrating and time consuming for the user.
- In a first general aspect, an example computer-implemented method, which may be implemented by an online service provider system, includes requesting, from a user, a name and user identifying information associated with the provided name. The example method also includes querying a trusted database based on the provided name and the user identifying information and determining if a match exists in the database between the provided name and the user identifying information. In the event a match exists, the example method includes presenting a challenge to the user, the challenge being based on the user identifying information and determining a verification status of the user's identity based on a result of the challenge. The example method further includes designating the user's identity as verified or unverified in accordance with the verification status. In a second aspect, the above method may be embodied as software instructions on a computer readable medium.
-
FIG. 1 is a block diagram illustrating an example embodiment of a network. -
FIG. 2 is a diagram illustrating an example embodiment of a user profile. -
FIGS. 3A-C are flowcharts illustrating example embodiments of methods. -
FIG. 4 is a diagram illustrating an example embodiment of a user interface. -
FIG. 5 is a diagram illustrating another example embodiment of a user interface. -
FIG. 6 is a diagram illustrating an example embodiment of a financial transaction that may be used in conjunction with the example methods illustrated inFIGS. 3 , 7 and 8. -
FIG. 7 is a flowchart illustrating an example embodiment of a method. -
FIG. 8 is a flowchart illustrating another example embodiment of a method. -
FIG. 9 shows an example of a computer device and a mobile computer device that can be used to implement the techniques described here. - Like reference symbols in the various drawings indicate like elements.
-
FIG. 1 is a block diagram illustrating an example embodiment of asystem 100 in which identification verification using data verification and a user challenge may be implemented. As illustrated inFIG. 1 , auser 110 may use a user terminal 120 to gain access to an online service provider 130 (e.g., a server configured to provide online services). The user terminal 120 may take a number of forms. For instance, the user terminal 120 may be a personal computer, an internet appliance or a web-enabled mobile device, such as a personal digital assistant (PDA). The user terminal 120 may communicate with theonline service provider 130 via a data network, such as the Internet or a wireless data network, for example. - In order to grant the
user 110 access to an online service offered by theonline service provider 130, theonline service provider 130 may provide one or more interfaces (e.g., graphical user interfaces) to the user terminal 120 over the data network. Such graphical user interfaces (GUIs) may request that theuser 110 enter information about himself or herself via the GUIs and then transmit that identifying information to theonline service provider 130. For instance, anonline service provider 130 may provide a GUI requesting the user to provide a name and user identifying information, such as described herein. - Once the
user 110 has entered information in response to the request, the entered information then may be communicated to theonline service provider 130 via the data network, such as in response to the user clicking a button in an appropriate GUI to transmit the entered information. In an example embodiment, the user identifying information may include information associated with the user that can be verified, such as a mailing address, a residence address, a home telephone number, a mobile telephone number, a business telephone number, a facsimile telephone number, a bank account number, a credit card account number, an email address, or any other item of information associated with a person, where the information is subject to verification. The user identifying information may be verified in accordance with the techniques described herein and then used to challenge the user to determine whether or not to designate an online identity of the person as trusted or verified. - In an example embodiment, the
online service provider 130 may use the information provided by theuser 110 to query a trusted database in order to verify that the information provided by the user agrees with data contained in the trusted database 150. For instance, if theuser 110 provides a name, address and phone number, the online service provider may query a telephone directory database that is maintained by a telecommunication service provider. - In response to the query from the
online service provider 130, the trusted database 150 may determine that the name, address and phone number provided by the user match information contained in the trusted database 150. For example, the trusted database 150 may determine that the name, address and phone number provided in the query (as received from the user 110) correspond with an actual person listed in the telephone directory database. In this case, the trusted database 150, in response to the query, may inform theonline service provider 130 that a match was found in the trusted database 150. In this situation, theonline service provider 130 would have a high level of confidence that the provided name, address and phone number were not falsified and correspond with the person whose name was provided to theonline service provider 130 by theuser 110. - Alternatively, the trusted database 150 may determine that there is a mismatch in the data included in the query from the
online service provider 130. For instance, the phone number may exist in the telephone directory database but may be assigned to a customer with a different name and/or address. In other instances, a mismatch may occur where an address is included in the database but the name and/or telephone number associated with that address are inaccurate or do not match the information provided by theuser 110. In such instances, the trusted database 150 may indicate the data mismatch to theonline service provider 130 in response to the query. - In other instances, the data provided by the
user 110 may not match any information in the trusted database 150. For instance, the trusted database may not have any records corresponding with the provided name, address or phone number. In such a situation, the trusted database 150 may indicate that no data exists in response to the query. - Depending on the response received to the query from the trusted database 150, the
online service provider 130 may take a number of appropriate actions. For example, in cases where the trusted database 150 indicates a data mismatch, theonline service provider 130 may notify the user 110 (e.g., via a GUI communicated to, and displayed on the user terminal 120) that the provided data could not be verified. In such instances, in example embodiments, theuser 110 may be asked to correct the provided data or may be informed that access to the online service is denied. Of course, other approaches are possible. - In another embodiment, if the trusted database 150 indicates to the
online service provider 130, in response to the query, that no data exists, theonline service provider 130 may, again, take a number of appropriate actions. For instance, theonline service provider 130 may send another query to another trusted database to attempt to verify the data provided by theuser 110. Alternatively, theonline service provider 130 may inform the user 110 (e.g., via a GUI) that the provided data could not be verified. Theonline service provider 130 may then request that the user correct the information, provide additional information for verification purposes or inform theuser 110 that access to the online service or services is denied, as some examples. - In yet another embodiment, if the trusted database 150, in response to the query from the
online service provider 130, indicates that a match exists for the data provided by theuser 110, theonline service provider 130 may then challenge theuser 110 based on the verified information. Such a user challenge may be done in a number of ways, and the techniques described herein for conducting a user challenge are given by way of example. In one example embodiment, theonline service provider 130 may provide a verification code to the user through auser channel 140, such as by calling a verified home telephone number, and require that the user return a correct version of the verification code using another channel, such as the user terminal 120, to prove that theonline user 110 has access to a channel associated with the verified user indentifying information. In such an approach, at least one of the channels used in the challenge would be associated with verified user identifying information. - In such an approach, if the user successfully completes the challenge, then, because the name provided by the
user 110 has been verified to be associated with the user identifying information and theuser 110 has proven access to a communication channel associated with the verified information, the individual may be considered to be verified/trusted and highly likely to be that individual. In other embodiments, theonline service provider 130 may provide a verification code to theuser 110 through an channel not associated with verified user identifying information (an unverified channel) and then require that that the user accurately supply the provided code to theonline service provider 130 via a channel associated with verified user identifying information (a verified channel) to demonstrate that theuser 110 has access to the verified channel. - For instance, the
user 110 may be supplied a verification code in a short messaging system (SMS) message that is sent to an unverified mobile phone number. Theuser 110 may then provide the verification code to theonline service provider 130 using a verified home phone number, where caller identification information is used to confirm use of the verified phone number. - Such a verification code may be provided to, and returned from the
user 110 in a number of ways. As noted above, in order to demonstrate that theuser 110 has access to a verified channel, in an example embodiment, the verification code is either provided to the user via a verified channel or returned via the verified channel. For instance, the verification code may be included in a GUI provided to the (unverified) user terminal 120 by theonline service provider 130 and returned to theonline service provider 130 by theuser 110 via a verified telephone number (land or mobile), or via another verified channel. - Alternatively, if a telephone number provided by the
user 110 corresponds with a mobile telephone, the verification code may be provided to theuser 110 via a short messaging system (SMS) message sent to the mobile telephone after the mobile telephone number is verified. Theuser 110 may then return the verification via a GUI displayed on the (unverified) user terminal 120, for example. In such approaches, theuser 110 demonstrates that he or she is able to receive a verification code via one channel (e.g., either a verified channel or an unverified channel), has access to the verified channel, and can return the verification code through the alternative channel (e.g., either unverified channel or the verified channel, respectively). - In other embodiments, verified channels (e.g., different resources) may be used to provide and receive a verification code. For instance, in an example embodiment, a verification code may be provided to a
user 100 by anonline service provider 130 via a verified telephone number and theuser 100 may return the verification code to theonline service provider 130 via a verified email address, where the email address may be verified using techniques similar to those described above (e.g., using a trusted database of email addresses and corresponding names of email account holders). - In still other embodiments, the verification code may be provided to the user in an email sent to a verified email address. In yet other embodiments, a phone call may be placed to the
user 110 at a verified phone number and the verification code may be provided to theuser 110 via the called telephone. In still other embodiments, the verification code may be provided to theuser 110 by sending a physical mailer (e.g., a postcard or letter) to a verified mailing address. Still other embodiments may include sending a verification code via an amount deposited in a verified bank account or by making a small charge or refund to a credit card account and including the verification code in a transaction description for the charge or refund. Of course, other techniques for providing a verification code to a user are possible. - In the above example approaches, once the
user 110 has received the verification code, in like fashion as discussed above, theuser 110 may then respond to theonline service provider 130 to demonstrate that theuser 110 has access to the verified channel either by demonstrating that theuser 110 received the verification code via the verified channel or by providing the correct verification code to theonline service provider 130 using the verified channel. - A number of techniques may be used for the
user 110 to return the provided verification code to theonline service provider 130, and theuser 110 need not return the verification code through the same channel through which the user received the code as long as one of the resources used to provide or return the verification code to the online service provider is a verified channel. For instance, theuser 110 may provide a verification code to theonline service provider 130 by entering the verification code using a telephone that is associated with a verified phone number. - In another example embodiment, the
user 110 may provide a verification code to theonline service provider 130 by entering the verification code using a GUI provided by theonline service provider 130 to the user terminal 120. In still another example embodiment, theuser 110 may provide a verification code to theonline service provider 130 by sending the verification code to the online service provider in an email sent from a verified email address. Depending on the particular embodiment, other techniques may be used for theuser 110 to communicate a verification code to theonline service provider 130. In such approaches, different channels are used to receive and return the verification code, with at least one of the channels being a verified channel. - In an example embodiment, when the
online service provider 130 receives a verification code from the user 110 (user verification code), theonline service provider 130 may then compare the user verification code with the original verification code (provided to theuser 110 by the online service provider 130). If the user verification code matches the original verification code, theonline service provider 130 may then determine that theuser 110 has access to the verified user channel through which theonline service provider 130 sent the verification code to theuser 110, or through which theuser 110 returned the verification code to theonline service provider 130. - As a result of such a match, the
online service provider 130 may then determine that theuser 110 either is the person associated with the verified data or is a person who has access to the personal information about the person associated with the data. As a result of such a determination, theonline service provider 130 may grant theuser 110 access to the online service or services provided by theonline service provider 130. For instance, theonline service provider 130 may grant theuser 110 access to protected functionality, may grant the user unrestricted access to one or more online services, and/or may grant the user 100 a “trusted” status/badge. - However, if the user verification code does not match the original verification code, the
online service provider 130 may then determine that theuser 110 does not, in fact, have access to the verified user channel. In such a situation, theonline service provider 130 may deny theuser 110 access to any online services provided by theonline service provider 130. For instance, theonline service provider 130 may deny theuser 110 access to protected functionality, may deny the user unrestricted access to one or more online services, and/or may refuse to grant the user 100 a “trusted” status/badge. - In an example embodiment, the
online service provider 130 may provide one or more online services, which may include an online social network or online professional network, as some examples. Other examples may include advertising services, payment services, blogs, online publishing services, online photo albums, online dating service, among a number of other online services. In the case of an online social or professional networking service, a user may enter various pieces of personal information to create a user profile for use with the social or professional networking service. -
FIG. 2 is a diagram illustrating an example embodiment of such auser profile 200.FIG. 2 will be described with further reference to thesystem 100 ofFIG. 1 , in which such auser profile 200 may be implemented. - Depending on the particular embodiment, the
user profile 200 may be made available to multiple online service providers for the purpose of providing online services or other services to an associated user. For instance, theuser profile 200 may be used for multiple services within a company, or may be made available to (shared with) other companies with complementary services. For instance, theuser profile 200 may be used for online shopping purposes if the user has included bank account or credit card information in theprofile 200 in addition to using theuser profile 200 for an online professional networking service. In other example embodiments, if auser 110 wishes to use online services from different online service providers, in an example embodiment, theuser profile 200 may be accessed by the multiple online service providers as part of the process of them providing their respective online services. Such an approach allows the user to create asingle user profile 200 that is used by multiple online service providers rather than the user having to take the time to create individual profiles with each respective online service provider. In the case of a shareduser profile 200, login/password procedures may be implemented that are trusted by each online service provider that accesses theuser profile 200. Such an approach may insure that that information and updates to theuser profile 200 are respected by the companies accessing theuser profile 200. - As shown in
FIG. 2 , theuser profile 200 may include various pieces of information about theuser 110. For instance, theprofile 200 may include a name, phone number, mailing address, email address, current employer, one or more previous employers, a credit card number, a bank account number, [billing address, shipping address, backup email address, academic institutions theuser 110 has attended and professional organizations to which theuser 110 belongs. Theuser profile 200 may also include a number of other profile information items. In an example embodiment, if theuser profile 200 is a business profile, theprofile 200 may include retail locations, employees, website addresses, etc. The particular items included in theuser profile 200 may depend on the particular online services provided by the online service providers that make use of theuser profile 200. - As is also shown in
FIG. 2 , theuser profile 200 may include acontact list 210 of theuser 110.Contact list 210 may include contact information for friends and/or business associates of theuser 110. If multiple online service providers make use of theuser profile 200, some or all of the information included in theuser profile 200 may be shared with the various online service providers. In an example embodiment, theuser 110 may determine the particular pieces of information of theuser profile 200 to which each online service provider has access. As an example, a user could choose to share contacts or subsets of contacts with an online service provider, decide which information each service can display to the outside world, etc. - When creating the
user profile 200, theuser 110 may enter values for each item of theuser profile 200 using, for example, a GUI provided by theonline service provider 130 to the user terminal 120. As illustrated inFIG. 2 , theuser profile 200 is for a user Joe Smith with a phone number of 408-555-1234 andmailing address 5432 Main St., San Jose Calif. 95101. In theuser profile 200, an email address for Joe Smith of joesmith@google.com is included along with an indication of a current employer of Google. Also included in theuser profile 200 is an indication of a previous employer of Apple, a credit card number, a bank account number, an indication that theuser 110 attended Stanford University and an indication that theuser 110 is a member of the IEEE professional organization. - After receiving the profile information included in the
user profile 200, theonline service provider 130 may verify some or all of the information included in theprofile 200. For instance, when theprofile 200 is created, theonline service provider 130 may verify the phone number and/or address included in theprofile 200 by matching them to the name included in theprofile 200. This verification may be done using the techniques described herein, or using any other appropriate approach. For example, verification of the phone number and mailing address may be done using data verification and a user challenge, as was described above. In another example embodiment, verification of profile information items included in theprofile 200 may be done using only data verification, e.g., by querying a trusted database. - As shown in
FIG. 2 , theprofile 200 may also include, for each profile information item, an indication of whether or not each profile information item has been verified, the method (e.g., a specific trusted database) used to verify the profile information item (if verification has been done), a company or entity that performed the verification and the date the verification (if any) for each item was performed. In an example embodiment, another online service provider may request that one or more of the profile information items be verified (if not previously verified) or that a re-verification be done if the verification date is not consistent with the requirements of the particular online service provider. If an online service provider requests verification or re-verification of a profile information item, theprofile 200 may be updated to reflect the most recent verification status for that item. In such an approach, other online service providers accessing theuser profile 200 may also benefit from the updated verification status for the items of theuser profile 200. In an example embodiment, verification history for each of the items in theprofile 200 may be kept. -
FIG. 3A illustrates an example embodiment of a method for verifying an online user using data verification and a user challenge, such as previously discussed with respect toFIG. 1 .FIGS. 3B and 3C illustrate example embodiments for performing a user challenge.FIGS. 3A-C will also be described with further reference toFIG. 1 . -
FIG. 3A illustrates anexample method 300 for verifying a user (e.g., the user 110) using data verification and a user challenge, where the user challenge is performed such that theuser 110 demonstrates access to a verified channel (e.g., that is associated with verified data listed in the user profile 200). Themethod 300 may include, atblock 305, theonline service provider 130 requesting (e.g., via a GUI) a name of theuser 110 in response to the user requesting access to an online service. The GUI requesting theuser 110′s name may also request user identifying information associated with the user's name. As discussed above, the user identifying information may be, for example, a telephone number and/or a mailing address, or some other information associated with the user. Atblock 310, themethod 300 may include querying a trusted database (the trusted database 150) based on the user's name and the user identifying information. For instance, theonline service provider 130 may send a query to a trusted telephone directory database. Such a query may include, for example, the name, address and telephone number provided by theuser 110. - At
block 315, themethod 300 may include determining if a match exists in the trusted database 150 between the user's name and the user identifying information. In this example, the determination may include the online service provider receiving a response to the query from the trusted database 150. As previously described, the response from the trusted database 150 may indicate that a match to the data included in the query was found, a mismatch was found or no data was found. In the event that a match exists, atblock 320, themethod 300 may include challenging the user to demonstrate access to a channel associated with the verified information (verified channel, as discussed above), for example, using a verification code in any of the fashions that were previously discussed. - At
block 325, themethod 300 may include determining a verification status of the user's identity based on a result of the challenge. For instance, if the user provides a correct verification code, the verification status may be determined as verified/trusted. Alternatively, if the correct code is not provided, the verification status may be determined as unverified/untrusted. - At
block 330, themethod 300 may include designating the user's identity as verified or unverified in accordance with the verification status. For example, the determined verification status may be assigned to theuser profile 200, indicating that a person associated with that profile is trusted (e.g., allowed to access online services) or is not trusted (e.g., not allowed to access online services). -
FIG. 3B is a flowchart illustrating anexample method 330 for performing a user challenge. Atblock 335, themethod 330 may include providing a code (verification code) to theuser 110. As discussed above and in further detail below, a number of approaches for providing a verification code to the user may be used. Atblock 340, themethod 330 may include calling a verified phone number provided by the user (e.g., a phone number verified using the trusted database 150). Atblock 345, themethod 330 may include prompting theuser 110 to enter the provided code via the called telephone, such as by using an automated voice prompt, for example. Atblock 350, themethod 300 may further include receiving an entered (user) verification code from theuser 110 via the called telephone (e.g., using the telephone's keypad). In the event the user verification code matches the code provided by theonline service provider 130, themethod 330, atblock 355, may include designating theuser 110′s identity as verified and allowing theuser 110 access to online services provided by theonline service provider 130. -
FIG. 3C is a flowchart illustrating anotherexample method 360 for conducting a user challenge based on data verified using a trusted database (database 150). Atblock 365, themethod 360 may include calling the verified telephone number and, atblock 370, providing a verification code to the user via the called telephone, or using any of the techniques described here. Atblock 375, themethod 360 may further include providing an online GUI for entering the code. Such a GUI may be provided in any appropriate fashion, such as using the techniques described above. Atblock 380, themethod 360 may also include receiving an entered code via the online GUI, such as by theuser 110 entering the code using the user terminal 120 in the GUI and transmitting the entered code to theonline service provider 130 via a data network, for example. In the event the entered code matches the provided code, themethod 360 may still further include, atblock 385, designating the user's identity as verified and allowing the user access to online services provided by theonline service provider 130. - As discussed above, other techniques for providing a verification code to a user may be employed. For instance, a verification code may be provided in an SMS message sent to a verified mobile telephone number. Alternatively, a verification code may be provided using a verified email address or a verified physical mailing address. In other example embodiments, the user verification code may be communicated to the online service provider using any appropriate technique. For instance, the user verification code may be communicated to the
online service provider 130 in an SMS message sent from a verified mobile telephone number or in an email from a verified email address. -
FIG. 4 is a diagram illustrating an example embodiment of aninterface 400 for providing averification code 410 to theuser 110. Theinterface 400 may be included, for example, in a web-based GUI. Alternatively, theinterface 400 may be included in an SMS message or an email message. Theinterface 400 may also include a button 420 (such as in a web-based GUI) that theuser 110 may click to initiate a phone call from theonline service provider 130 for entering the verification code. -
FIG. 5 is a diagram illustrating aninterface 500 for theuser 110 to request a call to receive a verification code and then enter the verification code for transmission to theonline service provider 130. As with theinterface 400 illustrated inFIG. 4 , theinterface 500 may be a web-based interface or may be implemented in another fashion. As shown inFIG. 5 , theinterface 500 may include abutton 510 that, when clicked by theuser 110, will initiate a phone call to a verified telephone number. The call may be made by theonline service provider 130 and the verification code may be provided to theuser 110 during the call. For instance, text-to-speech software may be used to provide the verification code to theuser 110. - The
interface 500 may also include afield 510 that may be used by theuser 110 to enter the provided verification code, e.g., using the user terminal 120. Theinterface 500 may further include a button 520 (such as in a web-based GUI) that theuser 110 may click to transmit an entered code to theonline service provider 130 to complete a user challenge, such as in the manners previously discussed. - Other techniques may also be used to carry out a user challenge. For example, a challenge transaction can be made to a user's credit card account or bank account.
FIG. 6 is a diagram illustrating an example embodiment of such achallenge transaction 600. As shown inFIG. 6 , the challenge transaction may include atransaction date 610, atransaction description 620 and atransaction amount 630. Thetransaction description 620 may include a verification code that a user may then provide to an online service provider to complete a user challenge. Alternatively, the online service provider may request that the user provide thetransaction amount 620 to complete the user challenge. - As was discussed above, in an example embodiment, user information contained in a user profile, such as the
user profile 200 illustrated inFIG. 2 , may be shared by multiple online service providers. Such an approach may allow a user to create a singlepersistent profile 200, that may be verified and maintained by a first online service provider and accessed by a number of other online service providers. Sharing theprofile 200 may prevent theuser 110 from having to create and verify his or her profile information for each online service provider theuser 110 wishes to use. As is discussed further below, in an example embodiment, an online service provider that maintains such persistent user profiles may provide fee-based profile verification services to other online service providers. - In another example embodiment, a first online service provider may receive profile information items from a user it wishes to verify, but the first online service provider may not implement the functionality to conduct the user identity verification. In such a situation, the first online service provider may provide the profile information items to a second online service provider (e.g., in a verification request) and the second online service provider may conduct a verification of one or more of the user profile items and provide the verification results to the first online service provider. Once the verification is completed, the same user may then share his or her profile across service providers. In such an approach, the service providers that access the profile may share profile updates. For instance, the verifying service provider's profile for the user may be used as a master, shared profile.
-
FIG. 7 is a flowchart illustrating anexample method 700 for creation and maintenance of such a persistent, shareduser profile 200. Themethod 700 may include, atblock 705, receiving a plurality of profile information items from a user, such as the profile information items illustrated in theprofile 200 inFIG. 2 . Atblock 710, themethod 700 may include storing, at a first entity (e.g., a first online service provider), the profile information items in an identification profile (e.g., the user profile 200) associated with the user (e.g., the user 110). Atblock 715, themethod 700 may include verifying at least one of the profile information items. Such verification may be done using the techniques described herein, or using any other appropriate technique. - At
block 720, themethod 700 may further include storing, as part of theidentification profile 200, a verification status corresponding with the verification performed atblock 715. As was discussed above, the verification status may include, for each profile information item, an indication of whether the profile information item has been verified or not. If the profile information item has been verified, the verification status may further include an indication of how the item was verified (e.g., the trusted database used) and the date on which the verification was done. - The
method 700 may further include, atblock 725, receiving, at the first entity (e.g., the first online service provider), a request, from a second entity (a second online service provider), for one or more of the profile information items. For example, the second online service provider may request a user's name, address and phone number. Atblock 730, themethod 700 may further include providing, from the first entity to the second entity, the requested profile information items and the verification status. -
FIG. 8 is a flowchart illustrating anotherexample method 800 for creation and maintenance of such a persistent, shareduser profile 200. Atblock 805, in like fashion asblock 705 of themethod 700, themethod 800 may include receiving a plurality of profile information items from a user, such as the profile information items illustrated in theprofile 200 inFIG. 2 . Atblock 810, in like fashion asblock 710 of themethod 700, themethod 800 may include storing, at a first entity (e.g., a first online service provider), the profile information items in an identification profile (e.g., the user profile 200) associated with the user (e.g. the user 110). - At
block 815, themethod 800 may include receiving, at the first entity (the first online service provider), a request from a second entity (a second online service provider) for one or more of the profile information items. Themethod 800 may further include, atblock 815, providing, from the first entity to the second entity, the profile information items requested by the second entity and a verification status, where the verification status indicates, for each provided profile item, that the profile information items have not yet been verified. Atblock 820, themethod 800 may further include, receiving, at the first entity, a verification request from the second entity to perform a verification of one or more of the provided profile information items. In themethod 800, the request, atblock 820, to perform the verification, may be made in response to the verification status indicating that the requested profile information items have not been previously verified. - In an example embodiment, the verification request at
block 820 may also include a budget for performing the verification. For instance, a trusted database lookup may represent a cost of ten cents and a user challenge phone call may represent a of cost twenty-five cents. Therefore, in order to complete such a verification including the user challenge phone call, the corresponding verification request should indicate a budget of thirty-five cents for performing the verification, as one example. A business operating the second entity would then pay the business operation the first entity thirty-five cents in payment for carrying out the verification request. For instance, if one data verification request does not find a match (i.e., there is no data available), additional trusted databases may be consulted, at additional cost, until either the budget is used up, a match is found, or a mismatch is found (i.e., it is confirmed that the user is not the person they claim to be. - At
block 825, themethod 800 may further include verifying the one or more profile information items indicated in the verification request. In an example embodiment, the verification performed atblock 825 may be carried out in accordance with a budget, as discussed above, that is indicated in the verification request from the second entity. Atblock 830, themethod 800 may further include updating the verification status of the user profile based on the verification done atblock 825. Themethod 800, atblock 835 may still further include receiving, at the first entity, a request from a third entity (e.g., a third online service provider) for one or more of the profile information items. Themethod 800, atblock 840, may also include providing, from the first entity to the third entity, the profile information items requested by the third entity and the updated verification status. - In other example embodiment, an online service provider may also make a verification request for profile information items where, based on the verification status, the verification date in the user profile indicates that the verification date for the profile information items exceeds a verification freshness threshold. For instance, an online service provider may require that a user's mailing address and/or phone number be verified once per month. In such an approach, if the last verification date for a user's mailing address and/or phone number indicated in the verification status is more than one month ago, the online service provider may, at
block 820 of themethod 800, request that the mailing address and/or phone number be re-verified. -
FIG. 9 shows an example of ageneric computer device 900 and a genericmobile computer device 950, which may be used with the techniques described here.Computing device 900 is intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers.Computing device 950 is intended to represent various forms of mobile devices, such as personal digital assistants, cellular telephones, smart phones, and other similar computing devices. The components shown here, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed in this document. -
Computing device 900 includes aprocessor 902,memory 904, astorage device 906, a high-speed interface 908 connecting tomemory 904 and high-speed expansion ports 910, and alow speed interface 912 connecting tolow speed bus 914 andstorage device 906. Each of thecomponents processor 902 can process instructions for execution within thecomputing device 900, including instructions stored in thememory 904 or on thestorage device 906 to display graphical information for a GUI on an external input/output device, such asdisplay 916 coupled tohigh speed interface 908. In other implementations, multiple processors and/or multiple buses may be used, as appropriate, along with multiple memories and types of memory. Also,multiple computing devices 900 may be connected, with each device providing portions of the necessary operations (e.g., as a server bank, a group of blade servers, or a multi-processor system). - The
memory 904 stores information within thecomputing device 900. In one implementation, thememory 904 is a volatile memory unit or units. In another implementation, thememory 904 is a non-volatile memory unit or units. Thememory 904 may also be another form of computer-readable medium, such as a magnetic or optical disk. - The
storage device 906 is capable of providing mass storage for thecomputing device 900. In one implementation, thestorage device 906 may be or contain a computer-readable medium, such as a floppy disk device, a hard disk device, an optical disk device, or a tape device, a flash memory or other similar solid state memory device, or an array of devices, including devices in a storage area network or other configurations. A computer program product can be tangibly embodied in an information carrier. The computer program product may also contain instructions that, when executed, perform one or more methods, such as those described above. The information carrier is a computer- or machine-readable medium, such as thememory 904, thestorage device 906, or memory onprocessor 902. - The
high speed controller 908 manages bandwidth-intensive operations for thecomputing device 900, while thelow speed controller 912 manages lower bandwidth-intensive operations. Such allocation of functions is exemplary only. In one implementation, the high-speed controller 908 is coupled tomemory 904, display 916 (e.g., through a graphics processor or accelerator), and to high-speed expansion ports 910, which may accept various expansion cards (not shown). In the implementation, low-speed controller 912 is coupled tostorage device 906 and low-speed expansion port 914. The low-speed expansion port, which may include various communication ports (e.g., USB, Bluetooth, Ethernet, wireless Ethernet) may be coupled to one or more input/output devices, such as a keyboard, a pointing device, a scanner, or a networking device such as a switch or router, e.g., through a network adapter. - The
computing device 900 may be implemented in a number of different forms, as shown in the figure. For example, it may be implemented as astandard server 920, or multiple times in a group of such servers. It may also be implemented as part of arack server system 924. In addition, it may be implemented in a personal computer such as alaptop computer 922. Alternatively, components fromcomputing device 900 may be combined with other components in a mobile device (not shown), such asdevice 950. Each of such devices may contain one or more ofcomputing device multiple computing devices -
Computing device 950 includes aprocessor 952,memory 964, an input/output device such as adisplay 954, acommunication interface 966, and atransceiver 968, among other components. Thedevice 950 may also be provided with a storage device, such as a microdrive or other device, to provide additional storage. Each of thecomponents - The
processor 952 can execute instructions within thecomputing device 950, including instructions stored in thememory 964. The processor may be implemented as a chipset of chips that include separate and multiple analog and digital processors. The processor may provide, for example, for coordination of the other components of thedevice 950, such as control of user interfaces, applications run bydevice 950, and wireless communication bydevice 950. -
Processor 952 may communicate with a user throughcontrol interface 958 anddisplay interface 956 coupled to adisplay 954. Thedisplay 954 may be, for example, a TFT LCD (Thin-Film-Transistor Liquid Crystal Display) or an OLED (Organic Light Emitting Diode) display, or other appropriate display technology. Thedisplay interface 956 may comprise appropriate circuitry for driving thedisplay 954 to present graphical and other information to a user. Thecontrol interface 958 may receive commands from a user and convert them for submission to theprocessor 952. In addition, anexternal interface 962 may be provide in communication withprocessor 952, so as to enable near area communication ofdevice 950 with other devices.External interface 962 may provide, for example, for wired communication in some implementations, or for wireless communication in other implementations, and multiple interfaces may also be used. - The
memory 964 stores information within thecomputing device 950. Thememory 964 can be implemented as one or more of a computer-readable medium or media, a volatile memory unit or units, or a non-volatile memory unit or units.Expansion memory 974 may also be provided and connected todevice 950 throughexpansion interface 972, which may include, for example, a SIMM (Single In Line Memory Module) card interface.Such expansion memory 974 may provide extra storage space fordevice 950, or may also store applications or other information fordevice 950. Specifically,expansion memory 974 may include instructions to carry out or supplement the processes described above, and may include secure information also. Thus, for example,expansion memory 974 may be provide as a security module fordevice 950, and may be programmed with instructions that permit secure use ofdevice 950. In addition, secure applications may be provided via the SIMM cards, along with additional information, such as placing identifying information on the SIMM card in a non-hackable manner. - The memory may include, for example, flash memory and/or NVRAM memory, as discussed below. In one implementation, a computer program product is tangibly embodied in an information carrier. The computer program product contains instructions that, when executed, perform one or more methods, such as those described above. The information carrier is a computer- or machine-readable medium, such as the
memory 964,expansion memory 974, or memory onprocessor 952, that may be received, for example, overtransceiver 968 orexternal interface 962. -
Device 950 may communicate wirelessly throughcommunication interface 966, which may include digital signal processing circuitry where necessary.Communication interface 966 may provide for communications under various modes or protocols, such as GSM voice calls, SMS, EMS, or MMS messaging, CDMA, TDMA, PDC, WCDMA, CDMA2000, or GPRS, among others. Such communication may occur, for example, through radio-frequency transceiver 968. In addition, short-range communication may occur, such as using a Bluetooth, WiFi, or other such transceiver (not shown). In addition, GPS (Global Positioning System)receiver module 970 may provide additional navigation- and location-related wireless data todevice 950, which may be used as appropriate by applications running ondevice 950. -
Device 950 may also communicate audibly usingaudio codec 960, which may receive spoken information from a user and convert it to usable digital information.Audio codec 960 may likewise generate audible sound for a user, such as through a speaker, e.g., in a handset ofdevice 950. Such sound may include sound from voice telephone calls, may include recorded sound (e.g., voice messages, music files, etc.) and may also include sound generated by applications operating ondevice 950. - The
computing device 950 may be implemented in a number of different forms, as shown in the figure. For example, it may be implemented as acellular telephone 980. It may also be implemented as part of asmart phone 982, personal digital assistant, or other similar mobile device. - Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, specially designed ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various implementations can include implementation in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, coupled to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device.
- These computer programs (also known as programs, software, software applications or code) include machine instructions for a programmable processor, and can be implemented in a high-level procedural and/or object-oriented programming language, and/or in assembly/machine language. As used herein, the terms “machine-readable medium” “computer-readable medium” refers to any computer program product, apparatus and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term “machine-readable signal” refers to any signal used to provide machine instructions and/or data to a programmable processor.
- To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user and a keyboard and a pointing device (e.g., a mouse or a trackball) by which the user can provide input to the computer. Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.
- The systems and techniques described here can be implemented in a computing system that includes a back end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front end component (e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back end, middleware, or front end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network (“LAN”), a wide area network (“WAN”), and the Internet.
- The computing system can include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
- A number of embodiments have been described. Nevertheless, it will be understood that various modifications may be made without departing from the spirit and scope of the invention.
- In addition, the logic flows depicted in the figures do not require the particular order shown, or sequential order, to achieve desirable results. In addition, other steps may be provided, or steps may be eliminated, from the described flows, and other components may be added to, or removed from, the described systems. Accordingly, other embodiments are within the scope of the following claims.
Claims (19)
1. A computer-implemented method comprising:
sending, by an online service provider system to a user, a request for:
a name; and
user identifying information associated with the provided name;
querying, by the online service provider system, a trusted database based on the provided name and the user identifying information;
determining, by the online service provider system, based on a result of the query, if a match exists in the database between the provided name and the user identifying information;
in the event a match exists, presenting, by the online service provider system, a challenge to the user, the challenge being based on the user identifying information;
determining, by the online service provider system, a verification status of the user's identity based on a result of the challenge; and
designating, by the online service provider system, the user's identity as verified or unverified in accordance with the verification status.
2. The computer-implemented method of claim 1 , wherein:
the user identifying information comprises a telephone number;
the trusted database comprises a telephone directory database; and
presenting the challenge comprises the online service provider system:
providing a code to the user;
calling the telephone number;
prompting the user to enter the provided code via the called telephone;
receiving an entered code from the user via the called telephone; and
in the event the entered code matches the provided code, designating, by the online service provider system, the user's identity as verified.
3. The computer-implemented method of claim 1 , wherein:
the user identifying information comprises a telephone number;
the trusted database comprises a telephone directory database; and
presenting the challenge comprises the online service provider system:
calling the telephone number;
providing a code to the user via the called telephone;
providing an online graphical interface for entering the code;
receiving an entered code; and
in the event the entered code matches the provided code, designating, by the online service provider system, the user's identity as being verified.
4. The computer-implemented method of claim 1 , wherein:
the user identifying information comprises a mobile telephone number;
the trusted database comprises a mobile telephone directory database; and
presenting the challenge comprises the online service provider system:
sending a short messaging system (SMS) message to the mobile telephone number, the SMS message including a code;
providing an online graphical interface for entering the code;
receiving an entered code; and
in the event the entered code matches the provided code, designating, by the online service provider system, the user's identity as verified.
5. The computer-implemented method of claim 1 , wherein:
the user identifying information comprises an account number of a credit card account;
the trusted database comprises a database associating credit cardholders' names with corresponding credit card account numbers; and
presenting the challenge comprises the online service provider system:
carrying out a transaction on the credit card account;
providing an online graphical interface for requesting information regarding the transaction;
receiving entered transaction information; and
in the event the entered transaction information matches the requested transaction information, designating, by the online service provider system, the user's identity as verified.
6. The computer-implemented method of claim 5 , wherein the requested transaction information comprises an amount of the transaction.
7. The computer-implemented method of claim 5 , wherein the requested transaction information comprises a code included in a description of the transaction.
8. The computer-implemented method of claim 1 , wherein:
the user identifying information comprises an account number of a bank account;
the trusted database comprises a database associating bank account numbers with accountholders' names; and
presenting the challenge comprises the online service provider system:
carrying out a transaction on the bank account;
providing an online graphical interface for requesting information regarding the transaction;
receiving entered transaction information; and
in the event the entered information matches the requested information, designating, by the online service provider system, the user's identity as verified.
9. The computer-implemented method of claim 1 , wherein:
the user identifying information comprises an email address;
the trusted database comprises a database associating email addresses with names of corresponding email account holders; and
presenting the challenge comprises the online service provider system:
emailing a code to the email address;
providing an online graphical interface for entering the code;
receiving an entered code; and
in the event the entered code matches the emailed code, designating, by the online service provider system, the user's identity as verified.
10. The computer-implemented method of claim 1 , wherein:
the user identifying information comprises an email address;
the trusted database comprises a database associating email addresses with names of corresponding email account holders; and
presenting the challenge comprises the online service provider system:
providing a code to the user;
sending an email to the user requesting the code;
receiving a response email including an entered code; and
in the event the entered code matches the provided code, designating, by the online service provider system, the user's identity as verified.
11. A computer program product tangibly embodied on a computer-readable medium and including executable instructions that, when executed, are configured to cause one or more data processing apparatuses to:
request, from a user:
a name; and
user identifying information associated with the provided name;
query a trusted database based on the provided name and the user identifying information;
determine if a match exists in the database between the provided name and the user identifying information;
in the event a match exists, presenting a challenge to the user, the challenge being based on the user identifying information;
determine a verification status of the user's identity based on a result of the challenge; and
designate the user's identity as verified or unverified in accordance with the verification status.
12. The computer program product of claim 11 , wherein:
the user identifying information comprises a telephone number;
the trusted database comprises a telephone directory database; and
presenting the challenge comprises:
providing a code to the user;
calling the telephone number;
prompting the user to enter the provided code via the called telephone;
receiving an entered code from the user via the called telephone; and
in the event the entered code matches the provided code, designating the user's identity as verified.
13. The computer program product of claim 11 , wherein:
the user identifying information comprises a telephone number;
the trusted database comprises a telephone directory database; and
presenting the challenge comprises:
calling the telephone number;
providing a code to the user via the called telephone;
providing an online graphical interface for entering the code;
receiving an entered code; and
in the event the entered code matches the provided code, designating the user's identity as verified.
14. The computer program product of claim 11 , wherein:
the user identifying information comprises a mobile telephone number;
the trusted database comprises a telephone directory database; and
presenting the challenge comprises:
sending a short messaging system (SMS) message to the mobile telephone number, the SMS message including a code;
providing an online graphical interface for entering the code;
receiving an entered code; and
in the event the entered code matches the provided code, designating the user's identity as verified.
15. The computer program product of claim 11 , wherein:
the user identifying information comprises an account number of a credit card account;
the trusted database comprises a database associating credit cardholders' names with corresponding credit card account numbers; and
presenting the challenge comprises:
carrying out a transaction on the credit card account;
providing an online graphical interface for requesting information regarding the transaction;
receiving entered transaction information; and
in the event the entered transaction information matches the requested transaction information, designating the user's identity as verified.
16. The computer program product of claim 11 , wherein:
the user identifying information comprises an account number of a bank account;
the trusted database comprises a database associating bank account numbers with accountholders' names; and
presenting the challenge comprises:
carrying out a transaction on the bank account;
providing an online graphical interface for requesting information regarding the transaction;
receiving entered transaction information; and
in the event the entered transaction information matches the requested transaction information, designating the user's identity as verified.
17. The computer program product of claim 11 , wherein:
the user identifying information comprises an email address;
the trusted database comprises a database associating email addresses with names of corresponding email account holders; and
presenting the challenge comprises:
emailing a code to the email address;
providing an online graphical interface for entering the code;
receiving an entered code; and
in the event the entered code matches the emailed code, designating the user's identity as verified.
18. The computer program product of claim 11 , wherein:
the user identifying information comprises an email address;
the trusted database comprises a database associating email addresses with names of corresponding email account holders; and
presenting the challenge comprises:
providing a code to the user;
sending an email to the user requesting the code;
receiving, from the email address, a response email including an entered code; and
in the event the entered code matches the provided code, designating the user's identity as verified.
19. A system comprising:
a server configured to provide online services to one or more users;
one or more computer-readable media including machine-executable instructions;
one or more instruction processors configured to execute at least a portion of the machine-executable instructions stored in the computer-readable media, wherein execution of the instructions, in response to a request from a user for access to the online services, results in:
requesting, from the user:
a name; and
user identifying information associated with the provided name;
querying a trusted database based on the provided name and the user identifying information;
determining if a match exists in the database between the provided name and the user identifying information;
in the event a match exists, presenting a challenge to the user, the challenge being based on the user identifying information;
determining a verification status of the user's identity based on a result of the challenge; and
designating the user's identity as verified or unverified in accordance with the verification status.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/276,329 US20100131409A1 (en) | 2008-11-22 | 2008-11-22 | Identification verification with user challenge |
US12/410,439 US9100438B2 (en) | 2008-11-22 | 2009-03-24 | Shared identity profile management |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/276,329 US20100131409A1 (en) | 2008-11-22 | 2008-11-22 | Identification verification with user challenge |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/410,439 Continuation US9100438B2 (en) | 2008-11-22 | 2009-03-24 | Shared identity profile management |
Publications (1)
Publication Number | Publication Date |
---|---|
US20100131409A1 true US20100131409A1 (en) | 2010-05-27 |
Family
ID=42197218
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/276,329 Abandoned US20100131409A1 (en) | 2008-11-22 | 2008-11-22 | Identification verification with user challenge |
US12/410,439 Active 2030-08-18 US9100438B2 (en) | 2008-11-22 | 2009-03-24 | Shared identity profile management |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/410,439 Active 2030-08-18 US9100438B2 (en) | 2008-11-22 | 2009-03-24 | Shared identity profile management |
Country Status (1)
Country | Link |
---|---|
US (2) | US20100131409A1 (en) |
Cited By (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100131589A1 (en) * | 2008-11-22 | 2010-05-27 | Google Inc. | Shared identity profile management |
US20120047262A1 (en) * | 2009-04-27 | 2012-02-23 | Koninklijke Kpn N.V. | Managing Undesired Service Requests in a Network |
WO2012094563A1 (en) * | 2011-01-06 | 2012-07-12 | Pitney Bowes Inc. | Systems and methods for providing secure electronic document storage, retrieval and use with electronic user identity verification |
US8250632B1 (en) * | 2011-08-08 | 2012-08-21 | Google Inc. | Generating authentication challenges based on preferences of a user's contacts |
US20120246702A1 (en) * | 2011-03-21 | 2012-09-27 | Webcetera, L.P. | System, method and computer program product for access authentication |
US20130013553A1 (en) * | 2011-07-08 | 2013-01-10 | Stibel Aaron B | Automated Entity Verification |
US20130031001A1 (en) * | 2011-07-26 | 2013-01-31 | Stephen Patrick Frechette | Method and System for the Location-Based Discovery and Validated Payment of a Service Provider |
US8412618B2 (en) * | 2011-08-16 | 2013-04-02 | Infinite Source Systems Corporation | System for managing construction project bidding |
US8544091B2 (en) | 2011-12-19 | 2013-09-24 | Credibility Corp. | Advocate for facilitating verification for the online presence of an entity |
US20130254300A1 (en) * | 2012-03-22 | 2013-09-26 | Adam Berk | Computer-based Methods and Systems for Verifying User Affiliations for Private or White Label Services |
US20130339141A1 (en) * | 2011-07-08 | 2013-12-19 | Credibility Corp. | Single System for Authenticating Entities Across Different Third Party Platforms |
CN103607419A (en) * | 2013-08-23 | 2014-02-26 | 合一网络技术(北京)有限公司 | High-quality user account anti-sharing method and system |
US8789150B2 (en) | 2011-09-22 | 2014-07-22 | Kinesis Identity Security System Inc. | System and method for user authentication |
WO2014209781A1 (en) * | 2013-06-24 | 2014-12-31 | Alibaba Group Holding Limited | Two factor authentication |
US20150087265A1 (en) * | 2013-09-24 | 2015-03-26 | Telesign Corporation | Call center sms verification system and method |
US8997240B1 (en) | 2011-09-21 | 2015-03-31 | Google Inc. | Generating user authentication challenges based on social network activity information |
WO2016131063A1 (en) * | 2015-02-15 | 2016-08-18 | Alibaba Group Holding Limited | System and method for user identity verification, and client and server by use thereof |
JP2017510876A (en) * | 2014-11-14 | 2017-04-13 | シャオミ・インコーポレイテッド | Authority verification method and apparatus |
US9922324B2 (en) | 2014-05-21 | 2018-03-20 | Square, Inc. | Verified purchasing by email |
US10467615B1 (en) | 2015-09-30 | 2019-11-05 | Square, Inc. | Friction-less purchasing technology |
US10528710B2 (en) | 2015-02-15 | 2020-01-07 | Alibaba Group Holding Limited | System and method for user identity verification, and client and server by use thereof |
US10776809B1 (en) | 2014-09-11 | 2020-09-15 | Square, Inc. | Use of payment card rewards points for an electronic cash transfer |
US10817615B2 (en) | 2015-03-20 | 2020-10-27 | Alibaba Group Holding Limited | Method and apparatus for verifying images based on image verification codes |
US10924931B2 (en) | 2017-05-24 | 2021-02-16 | Microsoft Technology Licensing, Llc | External sharing with improved security |
US10944752B2 (en) | 2017-05-24 | 2021-03-09 | Microsoft Technology Licensing, Llc | Transfer of secure external sharing link |
US11042863B1 (en) | 2015-03-20 | 2021-06-22 | Square, Inc. | Grouping payments and payment requests |
US20220360579A1 (en) * | 2021-05-07 | 2022-11-10 | Capital One Services, Llc | Email Processing for Improved Authentication Question Accuracy |
US11823191B1 (en) | 2022-08-29 | 2023-11-21 | Block, Inc. | Integration for performing actions without additional authorization requests |
Families Citing this family (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9373149B2 (en) * | 2006-03-17 | 2016-06-21 | Fatdoor, Inc. | Autonomous neighborhood vehicle commerce network and community |
US20100262550A1 (en) * | 2009-04-08 | 2010-10-14 | Avaya Inc. | Inter-corporate collaboration overlay solution for professional social networks |
US8543465B2 (en) * | 2009-11-01 | 2013-09-24 | Cheek'd, Inc | Method and software product for personalized meeting and relationship establishing |
US8571937B2 (en) | 2010-10-20 | 2013-10-29 | Playspan Inc. | Dynamic payment optimization apparatuses, methods and systems |
WO2012054779A1 (en) * | 2010-10-20 | 2012-04-26 | Playspan Inc. | Federated third-party authentication apparatuses, methods and systems |
WO2012128682A1 (en) * | 2011-03-22 | 2012-09-27 | Telefonaktiebolaget L M Ericsson (Publ) | Methods for exchanging user profile, profile mediator device, agents, computer programs and computer program products |
US10438176B2 (en) | 2011-07-17 | 2019-10-08 | Visa International Service Association | Multiple merchant payment processor platform apparatuses, methods and systems |
US10318941B2 (en) | 2011-12-13 | 2019-06-11 | Visa International Service Association | Payment platform interface widget generation apparatuses, methods and systems |
US10523618B2 (en) | 2011-09-07 | 2019-12-31 | Elwha Llc | Computational systems and methods for identifying a communications partner |
US9690853B2 (en) | 2011-09-07 | 2017-06-27 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US9432190B2 (en) | 2011-09-07 | 2016-08-30 | Elwha Llc | Computational systems and methods for double-encrypting data for subsequent anonymous storage |
US9747561B2 (en) * | 2011-09-07 | 2017-08-29 | Elwha Llc | Computational systems and methods for linking users of devices |
US9195848B2 (en) | 2011-09-07 | 2015-11-24 | Elwha, Llc | Computational systems and methods for anonymized storage of double-encrypted data |
US9141977B2 (en) | 2011-09-07 | 2015-09-22 | Elwha Llc | Computational systems and methods for disambiguating search terms corresponding to network members |
US9473647B2 (en) | 2011-09-07 | 2016-10-18 | Elwha Llc | Computational systems and methods for identifying a communications partner |
US10198729B2 (en) | 2011-09-07 | 2019-02-05 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US10606989B2 (en) | 2011-09-07 | 2020-03-31 | Elwha Llc | Computational systems and methods for verifying personal information during transactions |
US9928485B2 (en) | 2011-09-07 | 2018-03-27 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US9159055B2 (en) | 2011-09-07 | 2015-10-13 | Elwha Llc | Computational systems and methods for identifying a communications partner |
US10546306B2 (en) | 2011-09-07 | 2020-01-28 | Elwha Llc | Computational systems and methods for regulating information flow during interactions |
US9491146B2 (en) | 2011-09-07 | 2016-11-08 | Elwha Llc | Computational systems and methods for encrypting data for anonymous storage |
US10096022B2 (en) | 2011-12-13 | 2018-10-09 | Visa International Service Association | Dynamic widget generator apparatuses, methods and systems |
US9043888B1 (en) * | 2012-05-10 | 2015-05-26 | Google Inc. | Detecting automated identities in computer user communities |
EP2974210A1 (en) | 2013-03-13 | 2016-01-20 | nCrypted Cloud LLC | Multi-identity for secure file sharing |
US9288217B2 (en) | 2013-12-02 | 2016-03-15 | Airbnb, Inc. | Identity and trustworthiness verification using online and offline components |
US20170309552A1 (en) * | 2014-05-07 | 2017-10-26 | Uber Technologies, Inc. | System and method for verifying users for a network service using existing users |
US10332085B2 (en) | 2015-01-30 | 2019-06-25 | Loturas Llc | Communication system and server facilitating message exchange and related methods |
US11216468B2 (en) | 2015-02-08 | 2022-01-04 | Visa International Service Association | Converged merchant processing apparatuses, methods and systems |
EP3368995B1 (en) * | 2015-10-30 | 2023-09-20 | Intuit Inc. | Managing synchronization issues between profile stores and sources of truth |
US10733473B2 (en) | 2018-09-20 | 2020-08-04 | Uber Technologies Inc. | Object verification for a network-based service |
US10999299B2 (en) | 2018-10-09 | 2021-05-04 | Uber Technologies, Inc. | Location-spoofing detection system for a network service |
US11488165B1 (en) * | 2019-05-01 | 2022-11-01 | United Services Automobile Association (Usaa) | Method and apparatus for digital identity authentication |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5872917A (en) * | 1995-06-07 | 1999-02-16 | America Online, Inc. | Authentication using random challenges |
US20030177361A1 (en) * | 2000-08-04 | 2003-09-18 | Wheeler Lynn Henry | Method and system for using electronic communications for an electronic contract |
US6766454B1 (en) * | 1997-04-08 | 2004-07-20 | Visto Corporation | System and method for using an authentication applet to identify and authenticate a user in a computer network |
US6782080B2 (en) * | 2000-06-22 | 2004-08-24 | Icl Invia Oyj | Arrangement for authenticating user and authorizing use of secured system |
US20050273442A1 (en) * | 2004-05-21 | 2005-12-08 | Naftali Bennett | System and method of fraud reduction |
US20060106738A1 (en) * | 2004-11-17 | 2006-05-18 | Paypal. Inc. | Automatic address validation |
US20060294025A1 (en) * | 2005-06-28 | 2006-12-28 | Paypal Inc. | Mobile device communication system |
US20080028069A1 (en) * | 2006-07-31 | 2008-01-31 | Fisher-Rosemount Systems, Inc. | Distributed user validation and profile management system |
US7383570B2 (en) * | 2002-04-25 | 2008-06-03 | Intertrust Technologies, Corp. | Secure authentication systems and methods |
US7458508B1 (en) * | 2003-05-12 | 2008-12-02 | Id Analytics, Inc. | System and method for identity-based fraud detection |
US20080319899A1 (en) * | 1999-04-30 | 2008-12-25 | Paypal, Inc. | System and method for electronically exchanging value among distributed entities based on electronic mail addresses |
US20090089182A1 (en) * | 1998-10-07 | 2009-04-02 | Paypal, Inc. | Method and apparatus for data recipient storage and retrieval of data using a network communication device |
US20090132273A1 (en) * | 1998-10-07 | 2009-05-21 | Paypal, Inc. | E-mail invoked electronic commerce |
US20100131589A1 (en) * | 2008-11-22 | 2010-05-27 | Google Inc. | Shared identity profile management |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7006986B1 (en) * | 2000-09-25 | 2006-02-28 | Ecardless Bancorp, Ltd. | Order file processes for purchasing on the internet using verified order information |
US20020147683A1 (en) * | 2001-04-06 | 2002-10-10 | Anthony Capobianco | Method for purchasing web based digital media |
WO2003003321A2 (en) * | 2001-06-26 | 2003-01-09 | Enterprises Solutions, Inc. | Transaction verification system and method |
US8036983B2 (en) * | 2002-01-18 | 2011-10-11 | Hewlett-Packard Development Company, L.P. | System for and method of web based non-wage compensation |
US8528078B2 (en) | 2004-07-15 | 2013-09-03 | Anakam, Inc. | System and method for blocking unauthorized network log in using stolen password |
US8700729B2 (en) * | 2005-01-21 | 2014-04-15 | Robin Dua | Method and apparatus for managing credentials through a wireless network |
US20090102712A1 (en) | 2005-04-26 | 2009-04-23 | Guy Heffez | Method and system for monitoring electronic purchases and cash-withdrawals |
US9768963B2 (en) | 2005-12-09 | 2017-09-19 | Citicorp Credit Services, Inc. (Usa) | Methods and systems for secure user authentication |
JP3939736B1 (en) | 2006-03-27 | 2007-07-04 | 株式会社シー・エス・イー | User authentication system and method |
US7552467B2 (en) | 2006-04-24 | 2009-06-23 | Jeffrey Dean Lindsay | Security systems for protecting an asset |
US10783458B2 (en) * | 2006-05-01 | 2020-09-22 | Topcoder, Inc. | Systems and methods for screening submissions in production competitions |
US8510223B2 (en) * | 2006-08-03 | 2013-08-13 | The Western Union Company | Money transfer transactions via pre-paid wireless communication devices |
US10068220B2 (en) * | 2006-10-11 | 2018-09-04 | Visa International Service Association | Systems and methods for brokered authentication express seller links |
US8060916B2 (en) | 2006-11-06 | 2011-11-15 | Symantec Corporation | System and method for website authentication using a shared secret |
US20090047928A1 (en) | 2007-07-03 | 2009-02-19 | Utsch Thomas F | Method and system for using message based security challenge and response questions for multi-factor authentication in mobile access to electronic information |
US8296245B2 (en) * | 2008-01-03 | 2012-10-23 | Kount Inc. | Method and system for creation and validation of anonymous digital credentials |
US8141140B2 (en) | 2008-05-23 | 2012-03-20 | Hsbc Technologies Inc. | Methods and systems for single sign on with dynamic authentication levels |
US7734542B2 (en) | 2008-06-24 | 2010-06-08 | Hsbc Technologies Inc. | Methods and systems for verifying customer supplied financial account information verification using debit and credit transactions |
-
2008
- 2008-11-22 US US12/276,329 patent/US20100131409A1/en not_active Abandoned
-
2009
- 2009-03-24 US US12/410,439 patent/US9100438B2/en active Active
Patent Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5872917A (en) * | 1995-06-07 | 1999-02-16 | America Online, Inc. | Authentication using random challenges |
US6766454B1 (en) * | 1997-04-08 | 2004-07-20 | Visto Corporation | System and method for using an authentication applet to identify and authenticate a user in a computer network |
US20090132273A1 (en) * | 1998-10-07 | 2009-05-21 | Paypal, Inc. | E-mail invoked electronic commerce |
US20090089182A1 (en) * | 1998-10-07 | 2009-04-02 | Paypal, Inc. | Method and apparatus for data recipient storage and retrieval of data using a network communication device |
US20080319875A1 (en) * | 1999-04-30 | 2008-12-25 | Paypal, Inc. | System and method for facilitating value exchanges using mobile devices |
US20080319899A1 (en) * | 1999-04-30 | 2008-12-25 | Paypal, Inc. | System and method for electronically exchanging value among distributed entities based on electronic mail addresses |
US6782080B2 (en) * | 2000-06-22 | 2004-08-24 | Icl Invia Oyj | Arrangement for authenticating user and authorizing use of secured system |
US20030177361A1 (en) * | 2000-08-04 | 2003-09-18 | Wheeler Lynn Henry | Method and system for using electronic communications for an electronic contract |
US7383570B2 (en) * | 2002-04-25 | 2008-06-03 | Intertrust Technologies, Corp. | Secure authentication systems and methods |
US7458508B1 (en) * | 2003-05-12 | 2008-12-02 | Id Analytics, Inc. | System and method for identity-based fraud detection |
US20050273442A1 (en) * | 2004-05-21 | 2005-12-08 | Naftali Bennett | System and method of fraud reduction |
US20060106738A1 (en) * | 2004-11-17 | 2006-05-18 | Paypal. Inc. | Automatic address validation |
US20060294025A1 (en) * | 2005-06-28 | 2006-12-28 | Paypal Inc. | Mobile device communication system |
US20080028069A1 (en) * | 2006-07-31 | 2008-01-31 | Fisher-Rosemount Systems, Inc. | Distributed user validation and profile management system |
US20100131589A1 (en) * | 2008-11-22 | 2010-05-27 | Google Inc. | Shared identity profile management |
Cited By (55)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100131589A1 (en) * | 2008-11-22 | 2010-05-27 | Google Inc. | Shared identity profile management |
US9100438B2 (en) | 2008-11-22 | 2015-08-04 | Google Inc. | Shared identity profile management |
US20120047262A1 (en) * | 2009-04-27 | 2012-02-23 | Koninklijke Kpn N.V. | Managing Undesired Service Requests in a Network |
US11234128B2 (en) | 2009-04-27 | 2022-01-25 | Koninklijke Kpn N.V. | Managing undesired service requests in a network |
US9603022B2 (en) * | 2009-04-27 | 2017-03-21 | Koninklijke Kpn N.V. | Managing undesired service requests in a network |
WO2012094563A1 (en) * | 2011-01-06 | 2012-07-12 | Pitney Bowes Inc. | Systems and methods for providing secure electronic document storage, retrieval and use with electronic user identity verification |
US20120180116A1 (en) * | 2011-01-06 | 2012-07-12 | Pitney Bowes Inc. | Systems and methods for providing secure electronic document storage, retrieval and use with electronic user identity verification |
US9081952B2 (en) * | 2011-01-06 | 2015-07-14 | Pitney Bowes Inc. | Systems and methods for providing secure electronic document storage, retrieval and use with electronic user identity verification |
US20120246702A1 (en) * | 2011-03-21 | 2012-09-27 | Webcetera, L.P. | System, method and computer program product for access authentication |
US9923906B2 (en) | 2011-03-21 | 2018-03-20 | Webcetera, L.P. | System, method and computer program product for access authentication |
US9542545B2 (en) * | 2011-03-21 | 2017-01-10 | Webcetera, L.P. | System, method and computer program product for access authentication |
US8639930B2 (en) * | 2011-07-08 | 2014-01-28 | Credibility Corp. | Automated entity verification |
US10210539B2 (en) | 2011-07-08 | 2019-02-19 | Dun & Bradstreet Emerging Businesses Corp. | Single system for authenticating entities across different third party platforms |
US20130013927A1 (en) * | 2011-07-08 | 2013-01-10 | Stibel Aaron B | Automated Entity Verification |
US20140047505A1 (en) * | 2011-07-08 | 2014-02-13 | Credibility Corp. | Automated Entity Verification |
US20130013553A1 (en) * | 2011-07-08 | 2013-01-10 | Stibel Aaron B | Automated Entity Verification |
US8955154B2 (en) * | 2011-07-08 | 2015-02-10 | Credibility Corp. | Single system for authenticating entities across different third party platforms |
US8732803B2 (en) * | 2011-07-08 | 2014-05-20 | Credibility Corp. | Automated entity verification |
US20130339141A1 (en) * | 2011-07-08 | 2013-12-19 | Credibility Corp. | Single System for Authenticating Entities Across Different Third Party Platforms |
US8856956B2 (en) * | 2011-07-08 | 2014-10-07 | Credibility Corp. | Automated entity verification |
US20130031001A1 (en) * | 2011-07-26 | 2013-01-31 | Stephen Patrick Frechette | Method and System for the Location-Based Discovery and Validated Payment of a Service Provider |
US8782761B1 (en) | 2011-08-08 | 2014-07-15 | Google Inc. | Generating authentication challenges based on preferences of a user's contacts |
US8250632B1 (en) * | 2011-08-08 | 2012-08-21 | Google Inc. | Generating authentication challenges based on preferences of a user's contacts |
US9276923B1 (en) | 2011-08-08 | 2016-03-01 | Google Inc. | Generating authentication challenges based on preferences of a user's contacts |
US8412618B2 (en) * | 2011-08-16 | 2013-04-02 | Infinite Source Systems Corporation | System for managing construction project bidding |
US8997240B1 (en) | 2011-09-21 | 2015-03-31 | Google Inc. | Generating user authentication challenges based on social network activity information |
US8789150B2 (en) | 2011-09-22 | 2014-07-22 | Kinesis Identity Security System Inc. | System and method for user authentication |
US9729540B2 (en) | 2011-09-22 | 2017-08-08 | Kinesis Identity Security System Inc. | System and method for user authentication |
US8904500B2 (en) | 2011-12-19 | 2014-12-02 | Credibility Corp. | Advocate for facilitating verification for the online presence of an entity |
US8713651B1 (en) | 2011-12-19 | 2014-04-29 | Credibility Corp. | Advocate for facilitating verification for the online presence of an entity |
US8544091B2 (en) | 2011-12-19 | 2013-09-24 | Credibility Corp. | Advocate for facilitating verification for the online presence of an entity |
US20130254300A1 (en) * | 2012-03-22 | 2013-09-26 | Adam Berk | Computer-based Methods and Systems for Verifying User Affiliations for Private or White Label Services |
JP2016521899A (en) * | 2013-06-24 | 2016-07-25 | アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited | Two-factor authentication |
US9560033B2 (en) * | 2013-06-24 | 2017-01-31 | Alibaba Group Holding Limited | Method and system for authenticating user identity |
US20160087962A1 (en) * | 2013-06-24 | 2016-03-24 | Alibaba Group Holding Limited | Method and system for authenticating user identity |
US9231937B2 (en) | 2013-06-24 | 2016-01-05 | Alibaba Group Holding Limited | Method and system for authenticating user identity |
WO2014209781A1 (en) * | 2013-06-24 | 2014-12-31 | Alibaba Group Holding Limited | Two factor authentication |
CN103607419A (en) * | 2013-08-23 | 2014-02-26 | 合一网络技术(北京)有限公司 | High-quality user account anti-sharing method and system |
US9392456B2 (en) * | 2013-09-24 | 2016-07-12 | Telesign Corporation | Call center SMS verification system and method |
US20150087265A1 (en) * | 2013-09-24 | 2015-03-26 | Telesign Corporation | Call center sms verification system and method |
US9922324B2 (en) | 2014-05-21 | 2018-03-20 | Square, Inc. | Verified purchasing by email |
US10776809B1 (en) | 2014-09-11 | 2020-09-15 | Square, Inc. | Use of payment card rewards points for an electronic cash transfer |
JP2017510876A (en) * | 2014-11-14 | 2017-04-13 | シャオミ・インコーポレイテッド | Authority verification method and apparatus |
US10528710B2 (en) | 2015-02-15 | 2020-01-07 | Alibaba Group Holding Limited | System and method for user identity verification, and client and server by use thereof |
WO2016131063A1 (en) * | 2015-02-15 | 2016-08-18 | Alibaba Group Holding Limited | System and method for user identity verification, and client and server by use thereof |
US10817615B2 (en) | 2015-03-20 | 2020-10-27 | Alibaba Group Holding Limited | Method and apparatus for verifying images based on image verification codes |
US11042863B1 (en) | 2015-03-20 | 2021-06-22 | Square, Inc. | Grouping payments and payment requests |
US10810592B1 (en) | 2015-09-30 | 2020-10-20 | Square, Inc. | Friction-less purchasing technology |
US10467615B1 (en) | 2015-09-30 | 2019-11-05 | Square, Inc. | Friction-less purchasing technology |
US10924931B2 (en) | 2017-05-24 | 2021-02-16 | Microsoft Technology Licensing, Llc | External sharing with improved security |
US10944752B2 (en) | 2017-05-24 | 2021-03-09 | Microsoft Technology Licensing, Llc | Transfer of secure external sharing link |
US20220360579A1 (en) * | 2021-05-07 | 2022-11-10 | Capital One Services, Llc | Email Processing for Improved Authentication Question Accuracy |
US11785007B2 (en) * | 2021-05-07 | 2023-10-10 | Capital One Services, Llc | Email processing for improved authentication question accuracy |
US20230421555A1 (en) * | 2021-05-07 | 2023-12-28 | Capital One Services, Llc | Email Processing for Improved Authentication Question Accuracy |
US11823191B1 (en) | 2022-08-29 | 2023-11-21 | Block, Inc. | Integration for performing actions without additional authorization requests |
Also Published As
Publication number | Publication date |
---|---|
US9100438B2 (en) | 2015-08-04 |
US20100131589A1 (en) | 2010-05-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9100438B2 (en) | Shared identity profile management | |
US10742641B2 (en) | Method, device, and system of accessing online accounts | |
JP6457095B2 (en) | Facilitate sending and receiving peer-to-business payments | |
US8346217B2 (en) | Systems, methods and apparatus for controlling access to mobile devices | |
US8566414B2 (en) | Systems and methods for subscription management in a multi-channel context aware communication environment | |
US8401522B2 (en) | Systems, methods and apparatus for authenticating access to enterprise resources | |
US8301684B2 (en) | User challenge using information based on geography or user identity | |
US10193844B1 (en) | Secure cloud-based messaging and storage | |
US10129197B2 (en) | Computerized system and method for modifying a message to apply security features to the message's content | |
US9852276B2 (en) | System and methods for validating and managing user identities | |
US20150026056A1 (en) | Completing mobile banking transaction from trusted location | |
US20150026057A1 (en) | Completing mobile banking transaction with different devices | |
US20160335675A1 (en) | Binding social account interactions to a master agnostic identity | |
KR20100126850A (en) | Systems and methods for secure short messaging service and multimedia messaging service | |
US11811770B2 (en) | Systems and methods for data access notification alerts | |
JP6524205B1 (en) | Transaction management system, transaction management apparatus, transaction management method and transaction management program | |
US20170289161A1 (en) | Apparatus and Method for Automated Email and Password Creation and Curation Across Multiple Websites | |
US20220191194A1 (en) | Identity-linked device information for user identification and transaction personalization via mobile tagging | |
US10607300B1 (en) | Ad hoc electronic messaging using financial transaction data | |
JP6542672B2 (en) | Control account of online trading platform | |
US10200355B2 (en) | Methods and systems for generating a user profile | |
AU2015216627A1 (en) | Method and system for managing customer feedback survey responses | |
US20240146795A1 (en) | Sharing contact informataion | |
US20240244041A1 (en) | Systems and methods for restricting security connection data resets | |
US11410138B2 (en) | Value transfer card management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: GOOGLE INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LAWYER, JUSTIN;BARTA, SCOTT;GUO, PEIRAN;REEL/FRAME:022457/0479 Effective date: 20090128 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: GOOGLE LLC, CALIFORNIA Free format text: CHANGE OF NAME;ASSIGNOR:GOOGLE INC.;REEL/FRAME:044142/0357 Effective date: 20170929 |