Brent Williams

When confirming to a very high level of confidence that the asserted electronic identity is that of the actual individual, the individual conducting the electronic identity proofing shall assert an identity by providing the biographical details of their identity including, but not limited to their legal name, date of birth, and address. The system will query data repositories with the biographical data provided. These data repositories include, but are not limited to, existing enterprise… Show more

When confirming to a very high level of confidence that the asserted electronic identity is that of the actual individual, the individual conducting the electronic identity proofing shall assert an identity by providing the biographical details of their identity including, but not limited to their legal name, date of birth, and address. The system will query data repositories with the biographical data provided. These data repositories include, but are not limited to, existing enterprise records, public data sources, vendors who aggregate public data, and credit bureaus. This embodiment provides the method for meeting the three key process steps 1) validating the government issued identity, 2) validating the account number, and 3) confirming the address supplied in the records in real time. Additionally, this embodiment provides for additional knowledge-based questions from the data gathering process to be presented to further confirm the identity.

The present embodiment gathers variable amounts and qualities of data on the individual. Once gathered it then determines if it is capable of conducting the identity proofing based upon the data available. If so, it combines a set of graphical user interfaces as well as questions and answers to facilitate real-time implementation of this standard. Show less

A system and method for exchanging identity information and for correlating protected data across independent data systems connected through a network. The system contains connectors in communication with protected data systems which house the protected data. Data is correlated between the protected data systems through coincident authentication of both systems by a user. Messages are exchanged which allow the identity exchange system to correlate data based on a session identifier from an… Show more

A system and method for exchanging identity information and for correlating protected data across independent data systems connected through a network. The system contains connectors in communication with protected data systems which house the protected data. Data is correlated between the protected data systems through coincident authentication of both systems by a user. Messages are exchanged which allow the identity exchange system to correlate data based on a session identifier from an authenticated session on one of the protected data systems. Show less

A system and method for exchanging identity information and for correlating protected data across independent data systems connected through a network is disclosed. The system contains connectors in communication with protected data systems which house the protected data. Edge servers in communication with the connectors store correlation data sets that correlate protected data records using permanent tokens generated by the connectors. Root servers in communication with the edge servers store… Show more

A system and method for exchanging identity information and for correlating protected data across independent data systems connected through a network is disclosed. The system contains connectors in communication with protected data systems which house the protected data. Edge servers in communication with the connectors store correlation data sets that correlate protected data records using permanent tokens generated by the connectors. Root servers in communication with the edge servers store identity correlations generated by the root servers and propagated to the edge servers. Data identifiers used in the protected data system are correlated with distinct data identifiers used in the edge and root servers. The correlations are propagated throughout the edge servers so that each data system can transfer data to another data system without using the protected data identifiers. Show less

A system and method for exchanging identity information and for correlating protected data across independent data systems connected through a network is disclosed. The system contains connectors in communication with protected data systems which house the protected data. Data is correlated between the protected data systems through coincident authentication of both systems by a user. Messages are exchanged which allow the identity exchange system to correlate data based on a session identifier… Show more

A system and method for exchanging identity information and for correlating protected data across independent data systems connected through a network is disclosed. The system contains connectors in communication with protected data systems which house the protected data. Data is correlated between the protected data systems through coincident authentication of both systems by a user. Messages are exchanged which allow the identity exchange system to correlate data based on a session identifier from an authenticated session on one of the protected data systems. Show less

A system and method for managing consent for an enterprise to, for example, provide access to controlled data to another enterprise wherein the controlled data can be in the form of subject data records. The system includes a consent management module operative to associate a plurality of control levels with a subject data record and process a consent request requesting access to the controlled data. Access is determined based on the control levels associated with a subject of the controlled… Show more

A system and method for managing consent for an enterprise to, for example, provide access to controlled data to another enterprise wherein the controlled data can be in the form of subject data records. The system includes a consent management module operative to associate a plurality of control levels with a subject data record and process a consent request requesting access to the controlled data. Access is determined based on the control levels associated with a subject of the controlled data, a requesting operator, and/or the controlled data itself, A control level data set comprising the control levels for use in controlling access to the controlled data and/or subject data records is stored in a database. Show less

Systems and methods for using out-of-band authentication to confirm the asserted electronic identity of an individual and control the release of a cryptographic key are disclosed herein. When confirming to a very high level of confidence that the asserted electronic identity is that of registered to the individual, these confirm that a person conducting a transaction is who she claims she is by confirming first, something she knows, using a username and password (or username only) as a shared… Show more

Systems and methods for using out-of-band authentication to confirm the asserted electronic identity of an individual and control the release of a cryptographic key are disclosed herein. When confirming to a very high level of confidence that the asserted electronic identity is that of registered to the individual, these confirm that a person conducting a transaction is who she claims she is by confirming first, something she knows, using a username and password (or username only) as a shared knowledge token, and; confirming second, something she has, the item registered to him; and third, confirming the fact that she has control over that item. Once each of these confirmations is established, a cryptographic key may be released by the out-of-band authentication process. The cryptographic key released will either be specific to the individual or will be specific to the system that actually releases the key. If the system releases a key that is not specific to the individual, the association with the individual who authenticated the release of the key, thereby establishing non-repudiation of the key, shall be provided by association of the specific transmission of the system key with the unique authentication transaction through auditable logging. The cryptographic key released by the out-of-band authentication may be either symmetric or asymmetric, that is, one key may be used to generate a message authentication code and to verify the code, or two related keys, a public key and a private key, may be used for signature generation and signature verification, respectfully.

The methods and systems disclosed herein can be used for any sensitive online transaction in which strong assurance of the asserted and the actual electronic identity of the end-user is required. This includes, but is not limited to, electronic government, healthcare, banking, and commercial transactions performed on a network infrastructure including the WWW. Show less