Method for Internet User Authentication

Abstract

A computer-implemented method of authenticating the identity of a user is provided, where the user is associated with a computer signature and is in possession of a mobile phone. The method involves obtaining a current geographical location of the mobile phone, determining if the computer signature is associated in a database with a stored geographical location of the phone, and, if the computer signature is associated in the database with a stored geographical location, comparing the stored geographical location to the current geographical location of the phone.

Claims

1. A computer-implemented method of authenticating the identity of a user who is associated with a computer signature, the user being in possession of a mobile phone, the method comprising the computer-implemented steps of: (a) obtaining a current geographical location of the mobile phone; (b) determining if the computer signature is associated in a database with a stored geographical location; (c) if the computer signature is associated in the database with the stored geographical location, comparing the stored geographical location to the current geographical location of the mobile phone; and (i) if the result of the comparison is a difference in location that is not within an acceptable distance, or if the computer signature is not associated in the database with a stored geographical location, then attempting to authenticate the identity of the user by requiring, from the user, additional authentication information; and only if the identity of the user is authenticated by said additional authentication information, carrying out one or more of the following actions: 1) allowing the user access and/or the ability to conduct transactions; 2) assigning to the user a positive score; and 3) storing, in the database, the computer signature in association with the mobile phone geographical location; otherwise (ii) if the result of the comparison is a difference in location that is within an acceptable distance, carrying out one or more of the following actions: 1) allowing the user access and/or the ability to conduct transactions; 2) assigning to the user a positive score; and 3) storing, in the database, the computer signature in association with the mobile phone geographical location; wherein the current geographical location of the mobile phone is traced by at least one method selected from the group consisting of: Galileo, GPS, cellular antenna network, Wi-Fi, Bluetooth, MIMO, UWB, and WiMAX; and wherein the stored geographical location is a previous geographical location of the mobile phone.

2. The method of claim 1, further comprising, if the identity of the user is not authenticated by the additional authentication information, carrying out one or more of the following actions: 1) limiting the ability of the user to conduct transaction; 2) requesting additional authentication information from the user; and 3) terminating access of the user.

3. The method of claim 1, wherein the computer signature comprises at least one identifier selected from the group consisting of installed software identifiers and installed hardware identifiers.

4. The method of claim 3, wherein the software identifier is at least one selected from the group consisting of a cookie, a computer name, an identifier of the user's browser and an identifier of the operating system.

5. The method of claim 1, wherein the computer signature is a signature of the mobile phone.

6. The method of claim 1, wherein the computer signature is a signature of a device other than the mobile phone.

7. A computer-implemented method of authenticating the identity of a user who is associated with a computer signature, the user being in possession of a mobile phone, the method comprising the computer-implemented steps of: (a) obtaining a current geographical location of the mobile phone; (b) determining if the computer signature is associated in a database with a stored geographical location; (c) if the computer signature is associated in the database with the stored geographical location, comparing the stored geographical location to the current geographical location of the mobile phone; and (i) if the result of the comparison is a difference in location that is not within an acceptable distance, then attempting to authenticate the identity of the user by requiring, from the user, additional authentication information; and only if the identity of the user is authenticated by said additional authentication information, carrying out one or more of the following actions: 1) allowing the user access and/or the ability to conduct transactions; 2) assigning to the user a positive score; and 3) storing, in the database, the computer signature in association with the mobile phone geographical location; otherwise (ii) if the result of the comparison is a difference in location that is within an acceptable distance, carrying out one or more of the following actions: 1) allowing the user access and/or the ability to conduct transactions; 2) assigning to the user a positive score; and 3) storing, in the database, the computer signature in association with the mobile phone geographical location; wherein the current geographical location of the mobile phone is traced by at least one method selected from the group consisting of: Galileo, GPS, cellular antenna network, Wi-Fi, Bluetooth, MIMO, UWB, and WiMAX.

8. The method of claim 7, wherein the stored geographical location is a previous geographical location of the mobile phone.

9. The method of claim 7, wherein the computer signature comprises at least one identifier selected from the group consisting of: installed unique software identifiers, installed common software identifiers, installed unique hardware identifiers and installed common hardware identifiers.

10. The method of claim 7, further comprising, if the identity of the user is not authenticated by the additional authentication information, carrying out one or more of the following actions: 1) assigning to the user a negative score; 2) limiting the ability of the user to conduct transactions; 3) requesting additional authentication information from the user; and 4) terminating access of the user.

11. The method of claim 7, wherein the computer signature comprises at least one identifier selected from the group consisting of installed software identifiers and installed hardware identifiers, wherein the software identifier is at least one selected from the group consisting of a cookie, a computer name, an identifier of the user's browser and an identifier of the operating system.

12. The method of claim 7, wherein the computer signature is a signature of the mobile phone.

13. The method of claim 7, wherein the computer signature is a signature of a device other than the mobile phone.

14. A computer-implemented method of authenticating the identity of a user who is associated with a computer signature, the user being in possession of a mobile phone, the method comprising the computer-implemented steps of: (a) obtaining a current geographical location of the mobile phone; (b) determining if the computer signature is stored in a database; (c) if the computer signature is not stored in a database, then attempting to authenticate the identity of the user by requiring, from the user, additional authentication information; and only if the identity of the user is authenticated by said additional authentication information, carrying out one or more of the following actions: 1) allowing the user access and/or the ability to conduct transactions; 2) assigning to the user a positive score; and 3) storing, in the database, the computer signature in association with the mobile phone geographical location; otherwise (d) if the identity of the user is not authenticated by the additional authentication information, carrying out one or more of the following actions: 1) assigning to the user a negative score; 2) limiting the ability of the user to conduct transactions; 3) requesting additional authentication information from the user; and 4) terminating access of the user; wherein the current geographical location of the mobile phone is traced by at least one method selected from the group consisting of: Galileo, GPS, cellular antenna network, Wi-Fi, Bluetooth, MIMO, UWB, WiMAX and wherein the computer signature comprising at least one identifier selected from the group consisting of installed software identifiers and installed hardware identifiers.

15. The method of claim 14, wherein the software identifier is at least one selected from the group consisting of a cookie, a computer name, an identifier of the user's browser and/or identifier of the operating system.

16. The method of claim 14, wherein the computer signature is a signature of mobile phone.

17. The method of claim 14, wherein the computer signature is a signature of a device other than the mobile phone.

18. The method of claim 14, further comprising, if the computer signature is stored in the database, comparing a stored geographical location associated with the computer signature to the current geographical location of the mobile phone.

19. The method of claim 18, further comprising, if the result of the comparison is a difference in location that is not within an acceptable distance, then carrying out one or more of the following actions: 1) assigning to the user a negative score; 2) limiting the ability of the user to conduct transactions; 3) requesting additional authentication information from the user; and 4) terminating access of the user;

20. The method of claim 18, further comprising, if the result of the comparison is a difference in location that is within an acceptable distance, then carrying out one or more of the following actions: 1) assigning to the user a positive score; 2) allowing the user access and/or the ability to conduct transactions; and 3) storing, in the database, the computer signature in association with the mobile phone geographical location.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0026] In the drawings, like elements are depicted by like reference numerals. The drawings are briefly described as follows.

[0027] FIG. 1 is a flow chart of the method and system of the present invention.

BEST MODE FOR CARRYING OUT THE INVENTION

[0028] This invention relates to a method and system for authenticating Internet user identity by cross-referencing or comparing at least two independent sources of information, identifying at least two geographical locations. Based upon geographical proximity of said locations, a score is assigned to the internet user, and predetermined access to a website and an ability to conduct transactions is allowed or limited based upon said score. Alternatively, additional authentication information can be required or access can be terminated. The invention is also a convenient means for determining a more accurate geographical location of routers.

[0029] FIG. 1 illustrates a method for authenticating internet user identity by cross-referencing and comparing at least two independent sources of information. In step 1, an internet user starts authentication. Then, in step 2, the online entity locates the geographic location of the Internet user's cell phone and checks the user's computer signature. In step 3, the online entity looks for the computer signature in a database. If the computer signature is discovered, the method proceeds to step 4. In step 4, the online entity compares the distance between the geographic location of the computer defined by the computer signature and the geographic location of the user's cell phone. If the distance is acceptable, the authentication process continues at step 8. If the distance is not acceptable, the method goes to step 5.

[0030] If the computer signature is not in the database, the method also continues to step 5. In step 5, the online entity attempts to authenticate the computer by other means. In step 6, the authentication is confirmed. If the authentication is acceptable, the method continues to step 7. If the authentication is not acceptable, the method returns to step 5 and repeats step 5.

[0031] If the authentication is acceptable, continues to step 7 assigning the geographic location of the user's cell phone to the computer signature and saving it in the database. The method then continues with the authentication in step 8.

[0032] Referring to FIG. 1, the method starts when the online entity decides to authenticate the internet user accessing a website and provides information, as in steps 1 and 2. The website vendor then decides to authenticate internet user identity, based on the information provided by the internet user, as shown in step 3. What information will trigger the decision to authenticate the identity of the internet user will vary among vendors employing the method described herein. For purposes of clarity, the term vendor will be used hereafter and it should be understood that vendor means any business, organization or commercial entity which conducts on-line commercial transactions through a website on the internet, such as, but not limited to, banking institutions, on-line stores or other commercial or none commercial entities.

[0033] Upon accessing a website, in step 2, the computer signature will be identified. The invention is not limited to a conventional computer, but may include terminals, smart phones (PDA's) or other devices capable of communicating with the internet. Whenever the internet user enters a website, the internet user's computer signature is identified for a website owner.

[0034] A computer signature is created by identifying certain characteristics of the computer. These characteristics act as identifiers of the computer. Every computer that connected to the Internet has few unique identifiers. Using one, or more then one, common identifiers together it is possible to create one unique computer signature. These identifiers are selected from the list of Computer Network Mac address, CPU serial number, Operating System S/N. and more. In addition to the above the computer uses other network resources that have unique identifiers such as but not limited to a Gateway or Router Mac Address. In addition to the above every computer has common identifiers such as but not limited to: Operating system version, Disk Size, Internet browser version, hardware installed on the computer, network card speed, Operating system patches installed on the computer, CPU speed, memory size, virtual memory size, other installed software on the computer and more. A person skilled in the art will see that other computer characteristics could be used as identifiers to create a computer signature.

[0035] The vendor will then request from the internet user a contact number for a communications voice device, which is accessible to the internet user at the internet user's current location. Communication voice device, as used in the context of the present invention, applies to any voice device capable of communicating with another voice device such as, but not limited to, phone, mobile voice device, VoIP telephone or personal digital assistant (hereinafter PDA). Other non-limiting examples include any device that has been modified or designed for voice or text communication. A geographical location for the communication voice device is then traced, as stated in step 2.

[0036] It should be understood that the term mobile voice device, as used in the context of the present invention, applies to any mobile device modified or designed for voice or text communication and capable of communicating with another device via wireless network such as but not limited to cellular system, radio system, Wi-Fi, WiMax, RFID, Bluetooth (short wavelength radio transmissions), MIMO, UWB (Ultra Wide Band), satellite system or any other such wireless networks known now or in the future.

[0037] Other non-limiting examples include any device that has been modified or designed to communicate with a web-ready PDA, a Blackberry, a laptop computer with cellular connect capability, or a notification server, such as email server:

[0038] The geographical location of a telephone can be traced using any one of existing databases. As a non-mobile telephone is attached to a single physical location, the location is available using various existing databases. A Voice over Internet Protocol (hereinafter VoIP) telephone is connected to high-speed internet access such as Ti, DSL, cable modems, or other available internet connection systems. A VoIP location is available using various databases. A VoIP connection provider company can provide the IP address to which such VoIP telephone is connected such that the geographical location of the internet user is traceable to the IP address.

[0039] The geographical location of a mobile voice device can be traced using technology such as, but not limited to, Galileo, GPS, cellular antenna network, phone antenna, Wi-Fi, Bluetooth (short wavelength radio transmissions), MIMO, UWB, WiMax, etc.

[0040] A cellular telephone location system for automatically recording the location of one or more mobile cellular telephones is described, for example, in U.S. Pat. No. 5,327,144. The system comprises a central site system operatively coupled to at least three cell sites. Each of the cell sites receives cellular telephone signals and integrates a timing signal common to all the cell sites. The central site calculates differences in times of arrival of the cellular telephone signals arriving among the cell sites and thereby calculates the position of the cellular telephone producing the cellular telephone signals. Additional examples of known methods for locating phones are cell sector and cell site.

[0041] The position of an internet user's mobile voice device can be determined by, for example: (a) an internal positioning apparatus such as a Global Positioning System (hereinafter GPS) receiver built into the mobile voice device that receives GPS radio signals transmitted from GPS satellites; and (b) an external positioning apparatus such as a cellular positioning system that computes the position of the mobile voice device by observing time differences among the arrivals of a radio signal transmitted by the mobile voice device at a plurality of observation points, i.e., base stations. The operation of the GPS is well-known and will not be described further herein.

[0042] Next, the geographical location of the IP address of the internet user is traced, as stated in step 2. Such an IP address can be traced geographically to its source so as to determine the location (state and city) of the internet user. In some cases the system used to trace the IP address can be so accurate that it can identify a street and house number of the internet user.

[0043] Another means for obtaining the geographical location of the internet user's computer signature, the internet user's ISP can be contacted to request a full address from where the internet user is connected. For example, a modem dial-up internet user is assigned a unique computer signature by their ISP. After the internet user enters a username and password the ISP knows from which phone number that internet user called and can trace a contacting number to a geographical location.

[0044] The present invention includes a method of locating a router's geographical location based on the computer signature geographical location. In addition, the invention includes a method of geographically comparing the user communication voice device and the computer signature. All of the methods may utilize a communication voice device that is either non-mobile telephone, a mobile telephone or a mobile voice device.

[0045] Since the following is known:

[0046] 1. The geographical location of the user's computer signature.

[0047] 2. The routing table between the vendor internet web site and the internet user.

[0048] Then, the vendor can locate the geographical location of the closest public router to the internet user computer signature. Since the first public router that the internet user is using is close geographically to the internet user computer signature.

[0049] It is to be understood that the present invention is not limited to the embodiments described above, but encompasses any and all embodiments under the doctrine of equivalents.

[0050] In conclusion, herein is presented a method and system for authenticating internet user identity. The invention is illustrated by example in the drawing figures, and throughout the written description. It should be understood that numerous variations are possible, while adhering to the inventive concept. Such variations are contemplated as being a part of the present invention.

INDUSTRIAL APPLICABILITY

[0051] This invention can be used for any purpose that is related to internet security, internet commerce and internet user identification. The invention is specifically envisioned as an improvement over existing log-in methods and purchases identification methods, but a person skilled in the art will recognize other applications.

Method for Internet User Authentication

Assignee

Inventors

Cpc classification

Classification Explorer

G06Q20/18

PHYSICS

Classification Explorer

H04W12/06

ELECTRICITY

Classification Explorer

H04L63/107

ELECTRICITY

Classification Explorer

G06Q20/3226

PHYSICS

Classification Explorer

G06Q20/4014

PHYSICS

Classification Explorer

G06Q20/425

PHYSICS

Classification Explorer

G06Q20/3224

PHYSICS

Classification Explorer

H04L63/0876

ELECTRICITY

Classification Explorer

H04W12/71

ELECTRICITY

Classification Explorer

G06Q20/3227

PHYSICS

Classification Explorer

G06Q20/4015

PHYSICS

Classification Explorer

G06Q20/322

PHYSICS

Classification Explorer

H04L63/0892

ELECTRICITY

Classification Explorer

G06Q20/20

PHYSICS

Classification Explorer

G06Q20/4016

PHYSICS

Classification Explorer

H04W12/63

ELECTRICITY

International classification

Classification Explorer

G06Q20/40

PHYSICS

Classification Explorer

G06Q20/32

PHYSICS

Classification Explorer

H04L29/06

ELECTRICITY

Abstract

Claims

Description