A System and Method For Verifying On-line Information Presented by
Internet Users
This application claims the benefit of U. S. Provisional Application No. 60/160,914, filed on October 22, 1999.
FIELD OF THE INVENTION
The present invention relates to a system and method for verifying on-line information, and more particularly, to a system and method for using a multi -layered identification scheme to identify Internet users.
BACKGROUND OF THE INVENTION
Advances in computer processing power and network communications have made information from a wide variety of sources available to users on computer networks. Computer networking allows network computer users to share information, software applications and hardware devices and internetworking enables a set of physical networks to be connected into a single network such as the Internet. Today, computers connected to the Internet have almost instant access to information stored in relatively distant regions. Moreover, computers connected to networks other than the Internet also have access to information stored on those networks. The World Wide Web (Wτeb), a hypermedia system used on the Internet, enables hypertext linking, whereby documents automatically reference
or link other documents located on connected computer networks around the world. Thus, users connected to the Internet have almost instant access to information stored in relatively distant regions.
A page of information on the Web may include references to other Web pages and may include a broad range of multimedia data including textual, graphical, audio, and animation information. Currently, Internet users retrieve information from the Internet, through the Web, by 'visiting' a web site on a computer that is connected to the Internet.
The web site is, in general terms, a server application that displays information stored on a network server computer. The web site accepts connections from client programs, such as Internet browser applications. Browser applications, such as Microsoft Internet Explorer ™ or Netscape Navigator ™, allow Internet users to access information displayed on the web site. Most browser applications display information on computer screens and permit a user to navigate through the Web using a mouse. Like other network applications, Web browsing uses the client-server paradigm. When given the Uniform Resource Locator (URL) of a document, the browser application becomes a client and it contacts a server application specified in the URL to request the document. After receiving the document from the server application, the browser application displays the document for the user. When the browser application interacts with the server application, the two applications follow the HyperText Transport Protocol (HTTP). HTTP allows the browser application to request a specific article, which the server application then returns. To ensure that browser applications and server applications inter-operate unambiguously, HTTP
defines the exact format for requests sent from the browser application to the server application as well as the format of replies that the server application returns.
As the number of physical networks connected to the Internet continues to grow, so too will the number of web sites that are accessible to Internet users and so too will commercial activity on the Internet. Providers of a wide range of products and/or services are continuously exploring new methods for promoting and selling them. With changes in federal regulations it is also easier for publicly held companies to sell shares of their stock to potential investors directly rather than selling through a broker. For example, public companies may use a Customer Stock Plan (CSP) to offer stock in the company directly to the public. Investors purchasing shares through the CSP become registered shareholders in the company rather than allowing the broker to hold their shares in a "street" name.
Research has shown that CSP investors are more loyal customers to the companies in which they hold equity than customers who are not investors. However, until now, CSP investors were required to enroll in these plans and perform transactions by mail. This has been a time-consuming and intimidating process that limited the number of people willing to invest in CSP plans. Consequently, as use of the Internet has increased, many companies have become interested in offering investors the opportunity to enroll in their CSP plans over the Internet. Because Internet-based transactions are lacking the physical documentation linking an investor to the information required for plan enrollment, a system is needed that is capable of accurately verifying the identity of otherwise anonymous
Internet users. Currently, there are many identity verification systems, such as VeriSign™,
which are used for selling goods on-line. Most of these systems only check the credit card information provided by the Internet users against credit card companies' databases for fraud identification. These systems thus do not bind the anonymous Internet user to a physical entity. Other than checking the zip code of the credit card billing address (called AVS verification), the customer's actual address is not verified. Even if the user's information is verified against a database, or an e-mail message is sent to the user to confirm the user's e-mail address, there is still no way of binding an on-line user to a physical entity. Thus a first on-line user with access to a second on-line user's personal information is easily able to impersonate the second on-line user. Since selling securities on-line may involve substantial amounts of money, a secure e-commerce system that has a reliable and effective identity verification scheme yet minimizes third party database costs is needed.
SUMMARY OF THE INVENTION It is therefore an object of the present invention to provide an on-line commerce system and method for using a multi-layered identification scheme to authenticate users. The system accurately links anonymous Internet users to a real world address by using a multi-layered authentication process. The authentication process includes a normalization component, a reflexive check component, an internal check component, a cross-reference check component, and a physical location check component.
The normalization component checks that all required fields have been filled out in the proper format. The reflexive check component checks that values and formats of predetermined data elements are correct by using predefined rules. The internal check component validates the information entered by the user against information previously entered by other users. The cross-reference check component uses third party and external data sources to determine whether multiple data elements are valid when considered together. The physical location check component binds the information given by the user to a physical address, thereby accurately confirming a user's identity. Since there is cost associated with processing each component, the inventive system performs the checks in a predefined order to accurately and efficiently authenticate information presented by the user while minimizing cost.
It is another object of the present invention to enable an Internet user to enroll in a company's CSP plan or another on-line purchase/reward plan by visiting a corporate web site where the CSP is offered. Upon selecting to participate in the CSP or another on-line purchase/reward plan, the user is directed to a web site utilizing the inventive system. Alternatively, the user may be directed to a third party's web site. The inventive system web site or the third party's web site is used to collect personal information from the user and to provide access to other investment information. The authentication process requires the user to enter personal and financial information. The authentication process then normalizes the information collected from the user into a standardized format for
manipulation by the system. The authentication process then verifies the user's address and other personal information using information obtained from third parties.
If all of the above mentioned third-party information is consistent with the information entered by the user, the user is e-mailed a personal identification number and other information required to activate an account. Finally, to complete the identity verification process, the system requires the user to call from a previously specified phone number to activate the assigned account. Upon calling to activate the assigned account, the authentication component verifies the calling phone number used by the Internet user against the calling telephone's phone number as supplied by Automatic Number Identification (ANI), thus binding the user to a specific place and time. The inventive system therefore greatly reduces the likelihood of identity fraud in on-line purchases.
Additional features and advantages of the invention will be set forth in the description that follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and advantages of the invention will be realized and attained by the system particularly pointed out in the written description and claims hereof as well as the appended drawings.
To achieve these and other advantages and in accordance with the purpose of the invention, as embodied and broadly described, the present invention provides a system for using a multi-layer identity verification scheme by linking the on-line user to a physical address when the on-line user fills out an application on the system, the system comprising: a normalization component for ensuring that the user fills out all required fields in the
application and for checking that all required fields have been filled out in proper formats; a reflexive check component for using predefined rules to validate that structures and values of predetermined data elements in the application are correct; an internal check component for comparing the information entered by the on-line user against information entered by previous on-line users; a cross-reference check component for determining whether multiple data elements are valid when considered against an external data source; and a physical location component for binding and verifying certain information given by the user to a physical address.
The present invention also provides a system for using a multi-layer identity verification scheme by linking the on-line user to a physical address when the on-line user fills out an application on the system, the system comprising: a plurality of components for ensuring that the user fills out all required fields in the application, for checking that all required fields have been filled out in proper formats, for using predefined rules to validate that structures and values of predetermined data elements in the application are correct, for comparing the information entered by the on-line user against information entered by previous on-line users, for determining whether multiple data elements are valid when considered against an external data source; and for binding and verifying certain information given by the user to the physical address; and means for executing the each of the plurality of components in a predefined order to accurately and efficiently authenticate information presented by the user while minimizing cost
The present invention also provides a method for using a multi-layer identification scheme to identify an on-line user by linking the on-line user to a physical address when the on-line user fills out an application on a system, the method comprising the steps of: registering, by the on-line user, with the system and entering information into a user interface on the system's web site; ensuring, in a normalization component, that the on-line user fills out all required fields in the application and checking that all required fields have been filled out in a proper format; using predefined rules, in a reflexive check component, to validate that structures and values of predetermined data elements in the application are correct; comparing, in an internal check component, the information entered by the on-line user against information entered by previous on-line users; determining, in a cross-reference check component, whether multiple data elements are valid when considered against an external data source; and binding and verifying in a physical location component certain information given by the user to the physical address.
The present invention also provides a system for using a multi-layer identification scheme to identify an on-line user by linking the on-line user to a physical address when the on-line user fills out an application on the system, the system comprising: a web page for enabling the on-line user to enter information in the application and means for submitting the entered information to a rules engine; means for checking that predefined information entered by the on-line user was not previously submitted by another user and for obtaining a certificate for the user; means, in a normalization component, for ensuring that the user fills out all required fields in the application in a proper format and normalizing information in
the required fields; means, in a reflexive check component, for using a credit card verification algorithm to verify credit card information, for performing a cyclic redundancy check to determine a valid format for a bank routing number, and for validating the telephone number to determine whether the telephone number is associated with a standard residential telephone line; means, in an internal check component, for comparing the information entered by the on-line user against information entered by previous on-line users and comparing the on-line user's information against information in active accounts in a system database; means, in a cross-reference check component, for determining whether multiple data elements are valid when considered against an external data source, verifying zip code information entered by the on-line user against a telephone company database, and converting the zip code information to a telephone company coordinate system, ensuring that there is sufficient funds on a credit card presented by the on-line user, comparing the on-line user's name and address against a third party database to determine if predetermined fraudulent activity codes are associated with the on-line user; means in a physical location component for binding and verifying the information given by the user to the physical address, automatically retrieving the on-line user's telephone number with an automatic number identification component, emailing to the on-line user a system generated pin number which is subsequently entered by the on-line user to retrieve the telephone number in the on-line user's account, comparing a retrieved telephone number to the telephone number associated with the telephone used by the on-line user, thereby binding the on-line
user to the physical address; and means in each component for rejecting the application if predefined checks performed by the component fails.
BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention that together with the description serve to explain the principles of the invention. In the drawings: Fig. 1 illustrates a computer network in which the inventive system may be incorporated;
Fig. 2 illustrates the TCP/IP Layering Model Protocol used during communications between components on the computer network;
Fig. 3 illustrates a rules engine for performing checks on information supplied by a subscriber of the system;
Fig. 4 illustrates the information that an investor is required to enter to purchase stock on-line;
Fig. 5 illustrates how the normalization component normalizes all information entered by the investor; Fig. 6 illustrates the steps implemented by reflexive check component;
Fig. 7 illustrates the steps implemented by internal check component;
Fig. 8 illustrates the steps implemented by cross-reference check component; and
Fig. 9 illustrates the steps implemented by the ANI check.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
Reference will now be made in detail to the preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings. The present invention described below extends the functionality of the inventive system and method for efficiently and accurately identifying and verifying on-line users. Fig. 1 is an example of a local area network (LAN) 100 that is configured to utilize a non-repudiation protocol. LAN 100 comprises a server 102, four computer systems 104- 110, and peripherals, such as printers and other devices 112, that may be shared by components on LAN 100. Computer systems 104-110 may serve as clients for server 102 and/or as clients and/or servers for each other and/or for other components connected to LAN 100. Components on LAN 100 are preferably connected together by cable media, for example copper or fiber-optic cable and the network topology may be a token ring topology 114. It should be apparent to those of ordinary skill in the art that other media, for example, wireless media, such as optical and radio frequency, may also connect LAN 100 components. It should also be apparent that other network topologies, such as Ethernet, may be used.
Data may be transferred between components on LAN 100 in packets, i.e., blocks of data that are individually transmitted over LAN 100. Routers 120, 122 create an expanded network by connecting LAN 100 to other computer networks, such as the Internet, other LANs or Wide Area Networks (WAN). Routers are hardware devices that may include a conventional processor, memory, and separate I/O interface for each network to which it connects. Hence, components on the expanded network may share information and services with each other. In order for communications to occur between components of physically connected networks, all components on the expanded network and the routers that connect them must adhere to a standard protocol. Computer networks connected to the Internet and to other networks typically use TCP/IP Layering Model Protocol. It should be noted that other internetworking protocols may be used.
As illustrated in Fig. 2, TCP/IP Layering Model comprises an application layer (Layer 5) 202, a transport layer (Layer 4) 204, an Internet layer (Layer 3) 206, a network interface layer (Layer 2) 208, and a physical layer (Layer 1) 210. Application layer protocols 202 specify how each software application connected to the network uses the network. Transport layer protocols 204 specify how to ensure reliable transfer among complex protocols. Internet layer protocols 206 specify the format of packets sent across the network as well as mechanisms used to forward packets from a computer through one or more routers to a final destination. Network interface layer protocols 208 specify how to organize data into frames and how a computer transmits frames over the network. Physical layer protocols 210 correspond to the basic network hardware. By using TCP/IP Layering
model protocols, any component connected to the network can communicate with any other component connected directly or indirectly to one of the attached networks.
Fig. 3 illustrates a rules engine 300 for performing checks on information supplied by a subscriber of the system. Rules engine 300 includes a normalization component 302, a reflexive check component 304, an internal check component 306, a cross-reference check component 308, and a physical location check component 310. Normalization component 302 is used to ensure that the subscriber has filled out required information fields and that the information in the required information fields is in the proper format. Reflexive check component 304 uses predefined rules to validate structures of particular data elements in order to determine whether those data elements have been entered in the correct sequence. Internal check component 306 uses information that was previously entered by other subscribers to determine whether an attempt is being made to impersonate another subscriber. Cross-reference check component 308 uses external data sources to determine whether multiple data elements are valid when considered together. Physical location check component 310 binds and verifies information given by the subscriber to a physical location. Since there is cost associated with performing each check in rules engine 300, the system performs the checks in a predefined order to accurately and efficiently verify information while minimizing cost. Thus, the checks that cost the least and are the most powerful in identifying valid and inaccurate information are utilized first. Specifically, in a preferred embodiment of the invention, when a subscriber registers with the system, the subscriber enters information into a user interface on a system web site
and submits the information for on-line processing. For example, a subscriber/investor applying to purchase equity on-line directly from a public company is required to enter personal information on-line. It should be noted that while the examples in this embodiment are directed to purchasing equity on-line, the present invention may be used to verify on-line information related to any activity where the identity of an on-line person needs to be verified.
Fig. 4 illustrates the information that an investor may be required to enter to purchase equity on-line. The investor is required to enter a name, address, telephone number, e-mail address, credit card information, bank information and social security number. As would be obvious to those skilled in the art, the user may be required to enter other information to purchase equity on-line. The system verifies that the social security number and bank account were not previously submitted by another investor and requests a certificate for the new investor. Upon receiving the certificate, the information is stored and rules engine 300 is called. Rules engine 300 queries a database for fields used by components 302-310 to perform a series of checks and either accepts or rejects the registration application. If the investor's information is correct, the investor is informed of a successful registration and the investor's account is placed in a pending status. If the registration application is rejected, the investor is instructed how to proceed via a system- generated e-mail message. As illustrated in Fig. 5, normalization component 302 normalizes all information entered by the investor so that the resulting data can be properly utilized by algorithms in
rules engine 300. Normalization component 302 formats the information by checking that all fields have data. If a field is blank, normalization check component 302 rejects the registration application. Normalization component 302 then changes the street number, zip code, phone number, credit card number, checking account number, check routing number and social security number fields to integers, and removes non-integer characters. Other normalization schemes will be known to those of ordinary skill in the art, and are within the scope of the present invention.
Upon normalizing, the information reflexive check component 304 processes the information. Fig. 6 illustrates the steps implemented by reflexive check component 304. In Step 6010, reflexive check component 304 ensures that the requested information in the registration form has been filled out. If the requested information has not been provided, and the fields in the registration application are blank, the registration application is rejected. In Step 6020, reflexive check component 304 uses a credit card verification algorithm to check that the credit card number is in a valid format and to determine the type of credit card, such as Visa™ or MasterCard™. If the credit card information fails this test, reflexive check component 304 rejects the registration application. In Step 6030, reflexive check component 304 also performs a cyclic redundancy check on the bank routing number from the user's check to determine if it is in a valid format. If the check routing number format is invalid, reflexive check component 304 rejects the registration application. Thereafter, in Step 6040, reflexive check component 304 compares the area code and prefix in the telephone number against a telephone company database. This enables reflexive
check component 304 to determine whether the prefix is valid and whether it is contained within the area code entered, and to determine whether the telephone line associated with the telephone number is a standard residential phone line, as opposed to a PBX, cell phone, pager, etc. If the telephone line is not a standard residential line, component 304 rejects the registration application. In Step 6050, reflexive check component 304 forwards the information to internal check component 306.
Fig. 7 illustrates the steps implemented by internal check component 306. In Step 7010, internal check component 306 compares the investor's social security number, credit card number, checking account and routing number against the social security numbers, credit card numbers, checking accounts and routing numbers associated with active accounts in a system database. Each active account contains information supplied by other investors. In Step 7020, internal check component 306 rejects the registration application if the social security number, credit card number, or checking account and routing number combination is currently in the system database of active accounts. Internal check component 306 does not check the checking account against pending accounts in the database so that investors applying jointly at the same time can use the same account information. However, once an account becomes active, a new investor cannot use the same account information. In Step 7030, upon processing the information, internal check component 306 transmits the information to cross-reference check component 308. Fig. 8 illustrates the steps implemented by cross-reference check component 308. In
Step 8010, cross-reference check component 308 uses a census bureau zip code file and a
conversion routine to convert the latitude/longitude of the centroid of the zip code to a telephone company coordinate system. In Step 8020, cross-reference check component 308 uses a telephone company database to look up the coordinates of a telephone switch indicated by the telephone area code and prefix. In Step 8030, cross-reference check component 308 then calculates the distance between the zip code and the telephone switch coordinates. The application is rejected if the distance is greater than a predefined threshold. In Step 8040, cross-reference check component 308 then checks the available credit on the credit card and the application is rejected if there is insufficient funds on the credit card to pay for the processing fee. In Step 8050, cross-reference check component 308 uses the investor's social security number and an external database to verify and cross check the investor's name and address. The application is rejected if the name and address verification fails. In Step 8060, cross-reference check component 308 then searches the investor's data in the database and evaluates any additional information on the investor, and then searches the additional information for predetermined codes indicating potentially fraudulent behavior. For example, predetermined codes may indicate a suspicious address or information, such as a social security number entered by the investor that belongs to a deceased person. Cross-reference check component 308 rejects the application if there are certain suspicious information codes associated with the investor.
Rules engine 300 then constructs a bit vector showing the scoring results for each test. Certain bit patterns will cause the application to be rejected. If the application is not rejected, the investor's account is marked as pending and a request to credit the investor's
credit card for the application-processing fee is created. The investor may now enter transactions. However, they will not be processed until the account status is changed to "approved".
Fig. 9 illustrates the steps implement in performing physical location check 310. In Step 9010, the investor is sent an e-mail message instructing the investor to use his/her home telephone to call a specific number and to enter a pre-assigned personal identification number (PIN) contained in the e-mail. In Step 9020, when the investor calls the identified number, the number of the phone being used by the investor is automatically retrieved with an automatic number identification component. The retrieved digits are temporarily stored in a buffer. Messages are then played instructing the investor to enter an activation code. In Step 9030, the automatic number identification component decodes the keypad presses and performs calculations to construct a database lookup code which retrieves the telephone number originally entered by the investor during the registration process from the investor's data in the database. In Step 9040, physical location check component 310 compares the telephone number in the database to the calling phone number in the buffer. If the calling phone number does not match the telephone number in the application, the investor is instructed to re-enter the activation number. If the numbers still do not match, the account is not activated. In Step 9050, if the telephone numbers match, rules engine 300 requests that the account is marked approved and the request for the application fee is processed. It should be noted that additional tests may also be used to further validate an individual's identity.
The foregoing description has been directed to specific embodiments of this invention. It will be apparent, however, that other variations and modifications may be made to the described embodiments, with the attainment of some or all of their advantages.