The present invention relates to systems and methods for automatically validating users of credit cards, computer systems, online accounts, customer service organizations and the like and, more particularly, to such validations in situations in which some, but not necessarily all, legitimate users employ secondary identification mechanisms.
Identity theft poses serious problems. Over 10 million adults were victims of identity theft in 2010, amounting to about $48 billion of fraud. Lost or stolen wallets, checkbooks and credit or debit cards make up about 43 percent of all identity theft incidents in which the “method of access” was known. Fear of credit and debit card fraud is very high among Americans, exceeding fear of terrorism, computer and health viruses and personal safety, according to a 2009 Unisys Security Index.
Various methods and systems have been developed in efforts to reduce identity theft. Most of these systems and methods involve techniques for determining if a person is who he or she claims to be. Known approaches for authenticating humans rely on at least one of three approaches, namely requiring: “something you know” (ex., a password or an answer to a predetermined question), “something you have” (ex., a security token) or “something you are” (ex., a fingerprint or a retina pattern).
A security token is a device that displays a code, typically a six-digit number, that changes with passage of time according to a secret “seed” value and an algorithm that is difficult to decipher. The displayed code typically changes every few seconds, thus observing or intercepting a successful transaction is not likely to provide sufficient information to enable an imposter to reuse a displayed code. A security token that is implemented as a dedicated hardware device is typically referred to as a “hardware token.” RSA, The Security Division of EMC, 174 Middlesex Turnpike, Bedford, Mass. 01730, provides exemplary hardware security tokens under the trade name SecurID.
Alternatively, a security token may be implemented in software that is executed on a general purpose processor, such as a processor in a mobile communication device. Such a security token is typically referred to as a “software token.” Software tokens are also available from RSA, The Security Division of EMC, under the trade name RSA SecurID Software Token. For simplicity of explanation, hardware and software tokens are collectively referred to herein as “security tokens.”
A system that requires entry of a security token code typically stores the seed values and algorithms of authorized users' security tokens in a database. When a purported user attempts to conduct a transaction with such a system, the system uses the seed value and the algorithm to calculate the code that the authorized user's security token should currently display and challenges the purported user to enter the code displayed by the security token. If the user-entered value matches the calculated value, the system assumes the user possesses the security token, or the user is at least in near real-time communication with someone who possesses the security token, and therefore the user is authorized.
“Two-factor authentication” (TFA, T-FA or 2FA) is an approach to authentication that requires presentation of two different kinds of evidence that a person is who she claims to be. TFA is a part of a broader family of multi-factor authentication (MFA), which is a defense-in-depth approach to security. From a security perspective, the underlying theory involves use of evidences that have separate ranges of attack vectors (ex., logical and physical), leading to more complex attack scenarios and, lower risk. For example, a typical TFA system requires entry of a passcode and entry of a displayed security token value.
On-line and in-person credit card transactions routinely require entry of TFA information. For example, a typical credit card transaction requires entry of a credit card account number (to identify the purported user), as well as the credit card's expiration date and a card verification value (CVV) code printed on the reverse side of the credit card (to verify authenticity of the purported user). Because the CVV is printed, but not embossed, on credit cards, transaction slips imprinted using credit cards do not contain the CVV. Expiration dates are embossed, thus transaction slips contain expiration dates. Thus, if an attack vector used to obtain a credit card number and expiration date involves obtaining transaction slips or copies thereof, a different attack vector would be required to obtain the corresponding CVV. Some merchants require credit card users to also display additional identification credentials, such as drivers' licenses with picture identifications, before completing in-person credit card transactions.
Innovative Card Technologies, Los Angeles, Calif. (InCard) developed a credit card (trade name DisplayCard) with an integrated security token.
MasterCard, 2000 Purchase Street, Purchase, N.Y. 10577, developed a SecureCode system that enables subscribing credit card users to select a passcode. When a credit card user accesses an on-line merchant system that participates in the SecureCode program, an in-line window appears to prompt for the user's passcode. However, when the credit card user access an on-line merchant system that does not participate in the SecureCode program, no such in-line window appears, and the user is not prompted for the passcode.
American Bank Incorporated (AmericanBank), 4029 West Tilghman Street, Allentown, Pa. 18104 provides on-line banking services, such as obtaining account balances, transferring funds between accounts and paying bills. In addition to a username and a passcode, each user is required to select either an answer to a secret question (essentially, a second passcode) or a security token. Before being permitted to conduct an on-line banking transaction, a user must enter her username, passcode and second passcode or security token code (as the case may be). In the case of a second passcode, after the user has entered her username and passcode on a first screen, the on-line banking system displays a second screen to prompt for entry of the second passcode. In the case of a security token, the user enters the security token code, concatenated with the password, in the password field of the first screen, and no second screen is displayed. Thus, AmericanBank utilizes TFA in their on-line banking system.
Although some banks and merchants may require multiple user authorizations (MFAs), such as entry of a passcode and entry of a security token code, per transaction, not all credit cards are equipped with built-in security tokens or are distributed with associated stand-alone security tokens. Some users may prefer the additional security provided by MFAs beyond expiration date and CVV, even if their credit card providers do not support such additional security measures. Other users may feel the additional complexity of MFA transactions is not justified.
The invention will be more fully understood by referring to the following Detailed Description of Specific Embodiments in conjunction with the Drawings, of which:
In accordance with embodiments of the present invention, methods and apparatus are disclosed for supporting optional user authentication. That is, whether an authentication, or an enhanced type of authentication, is required before proceeding with a transaction can be determined on a user-by-user basis. In some embodiments, some credit card users subscribe to a service that provides the users with security tokens. Transactions involving these credit cards may require correct entry or transmittal of a security token code, before the transactions are allowed to proceed, and they may first require activation of the security token by biometrics (e.g. a fingerprint swipe; a retinal scan), or activation by a series of one or more graphical algorithms (e.g., correct identification by the user of an image known only to the user within a collage of random images; correct identification by the user of one or more sections of an image known only to the user within a larger image; correct identification by the user of a signature or watermark known only to the user within an image or dynamic presentation of said watermarks and images). Thus, these users may feel their credit cards are less subject to fraud than credit cards not subscribed to the service. However, other credit card users, i.e., users who have not subscribed to the service, are not required to enter a security token code before their transactions are allowed to proceed. Merchants may, therefore, give preferential treatment, such as discounts, to credit card users who subscribe to the service.
Similar methods and apparatus may be used for other types of financial transactions (such as automatic teller machine (ATM) transactions), as well as non-financial transactions, such as gaining access to computer systems (logging on), obtaining customer support services (such as may be provided to users who have paid for real-time or priority telephone support) and unlocking physical locks (so as to gain entry to secured facilities).
In accordance with some embodiments of the present invention, methods and apparatus enable a merchant, credit card provider or other provider to support a user base, a portion of which utilizes an enhanced authentication mechanism (such as security tokens), while the remained of the user base does not utilize the enhanced authentication mechanism. For example, a credit card provider that wishes to implement an enhanced authentication mechanism typically cannot do so instantly. That is, it may take time (such as hours, days, weeks, months or longer) to switch over from handling credit card transactions without any enhanced user authentication to handling some or all credit card transactions with such authentication. For example, it may take time to replace or reprogram servers that authorize credit card transactions, so these servers use the enhanced authentication information. Furthermore, it may take time to distribute security tokens to credit card users or to replace the users' credit cards with credit cards having built-in security tokens and for the users to begin using the tokens or replacement credit cards.
Some, but not all, of the users might use the enhanced authentication mechanism, while other of the user might use their credit cards without an enhanced authentication mechanism, at least for a period of time. Embodiments of the present invention may handle both types of transactions, i.e., transactions that do not include enhanced authentication information, as well as transactions that include such information, during a transition to full implementation or full adoption of the enhanced authentication scheme.
These and other embodiments will now be described in detail. For simplicity of description, credit cards, charge cards (which require any balance to be paid in full at the end of each billing cycle), cash cards (used for conducting ATM transactions), debit cards and the like are all collectively referred to herein as credit cards. Also for simplicity, purchases and refunds are collectively referred to herein as purchases or purchase transactions.
The merchant system 100 communicates via an appropriate network, such as the Internet or via a dial-up telephone connection, to a credit card authorization system 102 operated by an acquirer or acquiring bank, as is well known in the art. The merchant system 100 sends information 104, such as the credit card account number, expiration date, CVV, transaction amount and transaction type (ex., purchase or refund), to the credit card authorization system 102. The credit card authorization system 102 queries a database 106 (possibly maintained by an issuer of the credit card) that contains a list of valid credit card account numbers and corresponding credit limits. If the user's credit card account number appears in the database 106 as a valid account, and the user's credit limit is sufficient to support the proposed transaction, the credit card authorization system 102 adjusts the credit limit (i.e., reserves an appropriate amount of the user's credit limit) based on the transaction amount and sends an approval message 108 to the merchant system 100. Otherwise, the credit card authorization system 102 sends a message 108 disapproving the transaction to the merchant system 100. Eventually, the issuer is debited, and the acquirer is credited, and the acquirer credits the merchant, less a discount rate, all as is well known in the art. For simplicity of explanation, I collectively refer to this process as “causing funds to be transferred,” and I refer to the credit card authorization system 102 as causing funds to be transferred, in relation to the transaction and the user account.
The subscribing users register their credit cards with a user verification system 200, which associates the registered credit cards with the users' security tokens. Thereafter, transactions involving these credit cards require entry of the codes displayed by the associated security tokens, at least for transactions conducted with merchants who also subscribe to the service. Transactions conducted with a non-subscribing merchant, such as the conventional merchant system 100 described above, do not require entry of the security token code and are handled as describe above, with respect to
A modified merchant system 204 that subscribes to the identification verification service accepts input of a credit card number and may accept an expiration date and/or a CVV, as in the merchant system 100 of
The modified merchant system 204 communicates with a user identity verification system 200 to verify users who subscribe to the service, as describe in detail below. The modified merchant system 204 also communicates with the credit card authorization system 102, as in the prior art. As noted, in this embodiment, the modified merchant system 204 has no a priori information upon which to distinguish subscribed credit cards or subscribed users from non-subscribed credit cards or non-subscribed users. Thus, the modified merchant system 204 interacts with two verification/authorization systems 200 and 102 for each transaction, regardless of whether the transaction involves a subscriber or a non-subscriber. In other words, the modified merchant system 204 always seeks identity verification from the user identity verification system 200, even if no security token code was entered.
As described in more detail below, in this embodiment, if the user identity verification system 200 does not recognize the credit card or user (i.e., the credit card or user is not subscribed to the service), the user identity verification system 200 nevertheless returns a positive indicator, thus permitting the modified merchant system 204 to continue processing the transaction, despite no security token code having been entered. However, if the credit card or user is subscribed to the service, the user identity verification system 200 returns a positive indicator only if a correct security token code has been entered. Thus, the modified merchant system 204 does not need to distinguish between subscribed and non-subscribed credit cards or users. The modified merchant system 204 simply queries the user identity verification system 200 for all credit card transactions. Furthermore, the credit card authorization system 102 and the interactions between the modified merchant system 204 and the credit card authorization system 102 need not be modified from the prior art.
The user identity verification system 200 verifies the identities of subscribed users, and the system 200 assumes all non-subscribed users are valid, leaving the credit card authorization system 102 to perform its checks. The enhanced user identity verification provided by the user identity verification system 200 is optional, in that the enhanced user identity verification is provided only for subscribers. That is, whether an enhanced authentication is required is determined on a user-by-user basis. The user identity verification system 200 is distinct from the credit card authorization system 102. The user identity verification system 200 verifies identity of a user, but it does not cause funds to be transferred.
It should be noted that, in some embodiments, although entry of the security token code (user verification data) is optional, this description and the associated claims are distinct from, and not intended to cover, a conventional username-and-password-protected system, such as a convention computer log-on. In such a conventional system, a user may intentionally or unintentionally omit entering a password. However, such conventional systems do not decide whether a password is required, based on an entered username.
The user verification system 200 is coupled to a database 202, which stores information associating the subscribed credit cards with security tokens. Data may be entered and modified in the database 202 through a manual or an automatic data management system 203.
In one embodiment, the first portion 302 of the record 300 includes the account number associated with the credit card or, preferably, a one-way hashed (encrypted) version of the account number. Optionally or alternatively, the first portion 302 may include a user name or other user-unique identifier of the user of the credit card. Thus, as used herein, a user identifier may be a username, a credit card account number or another user-unique identifier.
The contents of the first portion 302 are preferably encrypted, preferably before the contents are provided to the user verification system 200, so the user verification system 200 does not store, ideally not even temporarily, an unencrypted version of the credit card account number or other user identifier. Avoiding storing this unencrypted information in the user verification system 200 prevents creating a potential cyber-attack target, because a one-way hashed version of the credit card account number would be of no value to an imposter.
The second portion 304 of the record 300 includes a seed value, preferably encrypted, of the security token and/or other information, such as an algorithm, needed to automatically calculate a value that is expected to be displayed by the security token. If the security tokens are provided by the subscription service, the seed values, algorithms, etc. are known to the service and may be manually or automatically added to the database 202, such as via the data management system 203. However, if a user uses an existing security token, the seed value, etc. may need to be obtained from the original issuer of the security token. This information may be electronically obtained from an appropriate security token system, such as via an appropriate computer network. Optionally or alternatively, the second portion 304 of the record 300 includes a pointer, such as a URL, or other information that enables the user verification system 200 to communicate with an external security token code checker 205.
Returning to
Optionally, other fields (not shown), such as user's billing address, may also be included. Optionally, the user interface 400 includes a hyperlink 416 that, when invoked, causes display of a web page that includes information about the user verification service and solicits users and merchants to subscribe to the service. Optionally or alternatively, the user interface 400 may include a field for a username or other user identifier (not shown), in addition to or in place of the credit card number field 402.
Once the fields 402-410 and, optionally, field 412 have been filled in, activating a “Continue” button 414 causes the merchant system 204 to read and process the field contents. The person who provided the credit card account number is referred to herein as a “purported user,” at least until the purported user's identity has been verified.
Returning again to
The message 500 includes the credit card account number (preferably one-way hashed) 504 or another value (such as a user name) that the purported user provided to identify herself. The modified merchant system 204 preferably encrypts (such as with a one-way hash) this information to protect this information while the message 206 is in transit. Furthermore, preferably, the user's credit card account number or other identifier is stored as an encrypted value by the user identity verification system 200, as discussed above.
A security token code field 506 contains the security token code provided by the purported user, if the user provided such a code. This field 506 may also be encrypted. As noted, some legitimate credit card users do not have security tokens. Thus, merely because the purported user does not provide a security token code does not necessarily indicate the purported user is an imposter.
The message 500 may also include one or more additional fields, such as field 508, to store a credit card expiration date, CVV, credit card user's name, etc. Other fields (not shown) may be included in the message 500, as needed or desired.
Returning to
An identification verification result field 604 of the identification verification response message 600 may include a code to indicate whether the identity of the purported user was verified by the user identity verification system 200. In this embodiment, one of two possible values is returned in the identification verification result field 604, namely either “Valid” or “Invalid.” (Other equivalent terms, such as “Verified” and “Not verified,” may be used.)
As noted, the user verification system 200 queries the database 202 for a record that contains the credit card account number or other user identifier contained in field 502 of the identification verification request message 206. As noted, these values may be encrypted. Furthermore, values derived from the credit card account number or user identifier or encrypted versions thereof may be used in the identification verification request message 206 and/or in the database 202. Therefore, I refer to this database query as checking if the database contains a record storing a user identifier equivalent to the received identifier of the purported user.
If such a record is found, the user identity verification system 200 compares the security token code (field 506) in the message 206 to information in the second portion 304 of the found record. This may involve using the seed value, algorithm and/or other information stored in the second portion 304 of the record to calculate an expected security code displayed by the corresponding security token. The user identity verification system 200 compares this calculated value to the value passed in the security token code field 506 of the identification verification request message 206. Alternatively, the user identity verification system 200 communicates with an external server 205, which performs an equivalent comparison. In either case, I refer to this comparison as checking if the received data purportedly verifying the identity of the purported user corresponds with the identity verification information stored in the record, and I refer to the identity verification information stored in the record as being configured to enable verification of a code automatically generated by a security token.
If the values match, the user identity verification system 200 sets the value of the identification verification result field 604 of the identification verification result message 208 to “Valid.” If the values do not match, the value of the identification verification result field 604 is set to “Invalid.”
However, if the query of the database 202 for a record that contains the credit card account number or other user identifier contained in field 502 of the identification verification request message 206 fails, that is, if the database 202 does not contain a record storing a user identifier equivalent to the received identifier (field 502) of the purported user, therefore indicating the purported user is not subscribed to the user identity verification system 200, the user identity verification system 200 sets the value of the identification verification result field 604 of the identification verification result message 208 to “Valid,” and the identification verification result message 208 is sent to the modified merchant system 204. (“Valid” is equivalent to “verified.”)
It is counterintuitive to indicate the purported user is verified under these circumstances. Conventional authorization systems return an indicator of “not verified” when a purported user is not found in a database of authorized users. However, in this embodiment, the user verification system 200 returns an indicator of “Valid,” because the purported user has not subscribed to the verification system, as indicated by absence of the purported user's credit card or other identification information in the database 202. The user verification system 200 has no basis on which to conclude the purported user is an imposter.
The user identity verification system 200 provides enhanced user identity verification for subscribed users or subscribed credit cards. In other words, the verification performed by the user identity verification system 200 is in addition to any verification performed by the credit card authorization system 102. Even if the user identity verification system 200 finds the purported user valid, the credit card authorization system 102 may deny the transaction, such as if the user's credit limit is insufficient or the credit card has been reported stolen. Similarly, if the user or credit card is not subscribed, the user identity verification system 200 has no basis on which to prevent the transaction from proceeding, but the credit card authorization system 102 may deny the transaction.
If the identification verification result message 208 contains “Valid” in the identification verification result field 604, the modified merchant system 204 allows the transaction to proceed. For example, the modified merchant system 204 may then communicate 210 and 212 with the credit card authorization system 102, as in the prior art. However, if the identification verification result field 604 contains “Invalid,” the modified merchant system 204 prevents the transaction from proceeding. For example, the modified merchant system 204 may decline the transaction. Optionally, the modified merchant system 204 may send a message 214 to the credit card authorization system 102 indicating that the user's credit card account may have been compromised.
It is important to note that, in this embodiment, the merchant system 204 sends an identity verification request message 206 each time a credit card transaction is initiated, regardless of whether a security token code was entered or not entered in the security token field 412 (
Optionally or alternatively, the modified merchant system 204 may include a database (shown in dashed line at 216 in
The database 202 used by the user identity verification system 200 may be part of the user identity verification system 200. Optionally or alternatively, all or part of the database 202 may be implemented as a separate database coupled to a single computer or set of computers that implement the user identity verification system 200. Optionally or alternatively, all or part of the database 202 may be remote from the single computer or set of computers that implement the user identity verification system 200. As noted, the user verification system 200 may communicate with an external security token verification system 205, such as a system operated by a security token service provider, such as RSA, The Security Division of EMC.
As noted, the user identity verification system 200 may be implemented as a server, and it may serve several modified merchant systems and/or other types of clients.
The user identity verification system 200 may serve one or more modified credit card authorization systems 700. Each modified credit card authorization system 700 may send a message similar to message 206 (
The above-described embodiments use security token generated codes to verify identities of purported users. Optionally or alternatively, other forms of information may be used to verify the identity of the purported user. For example, in an embodiment of the present invention, a passcode (or a hash thereof) is stored in the second portion 304 (
Yet another embodiment is similar to the embodiment described above, with respect to
If such a record is found, the user identity verification system 200 compares the security token code (field 506) in the message 206 to information in the second portion 304 of the found record, as described above. If the values match, the user identity verification system 200 sets the value of the identification verification result field 604 of the identification verification result message 208 to “Valid.” If the values do not match, the value of the identification verification result field 604 is set to “Invalid.” However, if the query of the database 202 for a record that contains the credit card account number or other user identifier contained in field 502 of the identification verification request message 206 fails, that is, if the database 202 does not contain a record storing a user identifier equivalent to the received identifier (field 502) of the purported user, therefore indicating the purported user is not subscribed to the user identity verification system 200, the user identity verification system 200 sets the value of the identification verification result field 604 of the identification verification result message 208 to “Unknown.”
It should be noted that “Unknown” is different than “Invalid.” “Invalid” means the user identity verification system 200 positively determined that the user identity verification information passed in field 506 of the identity verification request message 206 is incorrect for the purported user identity indicated by the credit card account number field 504. On the other hand, “Unknown” means the user identity verification system 200 does not have information about the purported user indicated by the credit card account number field 504.
No known user identity verification system returns one of three values, including “Unknown” if the purported user is not listed in an associated database.
Some embodiments require the identification verification request message 206 to include a security token code (field 506) in the message 206. Some embodiments allow, but do not require, the identification verification request message 206 to include a security token code (field 506) in the message 206. In other words, data purportedly verifying identity of the purported user may be required by some embodiments, whereas other embodiments make the data purportedly verifying identity of the purported user optional. In either of these embodiments, if the user identity verification system 200 (
A modified merchant system that communicates with such a tri-output user identity verification system may be configured to allow a transaction to proceed, if the response from the user identity verification system indicates verification of the user is “Unknown.”
The message formats described above, with respect to
A credit card authorization system may include functionality of a conventional credit card authorization system 102 (
A first credit card account verification module 806 performs functions similar to functions performed by the user identity verification system 200 (
The database 808 is configured to store identification verification information, other than a credit card account identifier, for each credit card account identifier for which enhanced user identity verification is required. For example, as discussed above with respect to
The first credit card account verification module 806 is configured to output an approval 810 if the received purported credit card account identifier is represented in the database 808, and the received data purportedly providing enhanced user identity verification corresponds with the identification verification information stored in the database 808.
A second credit card account verification module 812 is configured to output an approval 814 if the received purported credit card account identifier is valid, i.e., if the purported user's credit card account number appears in the database 808 as a valid account, and the user's credit limit supports the proposed transaction. Other checks, such as checks for unusual spending activity, reported lost or compromised credit card accounts, etc., may be performed, as are well known in the art.
The receiver 802 and the two credit card authorization modules 806 and 812 are coupled to a controller 816. The controller 816 receives the approvals 810 and 814. If both the first and the second credit card account verification modules 806 and 812 output approvals 810 and 814, the controller 816 authorizes 818 the received credit card transaction authorization request 804. In addition, the user's credit limit is adjusted, as discussed above.
Another embodiment of an enhanced credit card authorization system 900 is shown schematically in
A second credit card authorization module 812 operates as described above, with respect to
If the second credit card authorization module 812 and at least one of the CVV checker 906 or the security token code checker 912 outputs approvals 814 and 910 or 913, a controller 916 approves the credit card transaction.
Optionally or alternatively, both the CVV and the security token code are required for the controller 916 to approve the credit card transaction.
Optionally or alternatively, to streamline user interactions for transactions less than a predetermined amount, such as about $10, the modified merchant system 204 (
Optionally or alternatively, the modified merchant system 204 or the modified credit card authorization system 700 may send a transaction amount in a transaction amount field 510 of the message 500 (
Optionally or alternatively, only predefined types of transactions cause communication with the user verification system 200 or, alternatively, all transaction types other than the predefined types of transactions cause communication with the user verification system 200. Similarly, only predefined types of transactions may be checked by the user identity verification system 200 or, alternatively, all transaction types other than the predefined types of transactions may be checked by the user identity verification system 200. The database 214, 202 or 704 may store a criterion (or several criteria) (“verification initiation criterion”), by which a decision can be made by the modified merchant system 204, the modified credit card authorization system 700 or the user identity verification system 200, as to whether to check identity of a purported user who initiates a particular transaction. For example, the user identification verification system 200 may check the identity of the purported user only for a predetermined list of merchants, or for any merchant other than merchants included in a predetermined list. Similarly, purported user identity checks may be performed or dispensed with, based on the type of merchant or the type of goods or services involved. For example, gasoline, grocery and clothing purchases may be checked, whereas in-person payments to medical service providers may be dispensed with. The message 500 (
As used herein, a validation request is more than a request to see if a purported user exists, such as a query to a database of users, for example LinkedIn.com. As used herein, a validation request is for the purpose of determining if the purported user is authorized to conduct a transaction. A user identity verification system, a modified merchant system, a modified credit card authorization system and an augmented credit card authorization system, as described herein, may be implemented by a processor controlled by instructions stored in a memory. The memory may be random access memory (RAM), read-only memory (ROM), flash memory or any other memory, or combination thereof, suitable for storing control software or other instructions and data. Some of the functions performed by the systems described herein have been described with reference to flowcharts and/or block diagrams. Those skilled in the art should readily appreciate that functions, operations, decisions, etc. of all or a portion of each block, or a combination of blocks, of the flowcharts or block diagrams may be implemented as computer program instructions, software, hardware, firmware or combinations thereof. Those skilled in the art should also readily appreciate that instructions or programs defining the functions of the present invention may be delivered to a processor in many forms, including, but not limited to, information permanently stored on tangible non-writable storage media (e.g. read-only memory devices within a computer, such as ROM, or devices readable by a computer I/O attachment, such as CD-ROM or DVD disks), information alterably stored on tangible writable storage media (e.g. floppy disks, removable flash memory and hard drives) or information conveyed to a computer through communication media, including wired or wireless computer networks. In addition, while the invention may be embodied in software, the functions necessary to implement the invention may optionally or alternatively be embodied in part or in whole using firmware and/or hardware components, such as combinatorial logic, Application Specific Integrated Circuits (ASICs), Field-Programmable Gate Arrays (FPGAs) or other hardware or some combination of hardware, software and/or firmware components.
While the invention is described through the above-described exemplary embodiments, it will be understood by those of ordinary skill in the art that modifications to, and variations of, the illustrated embodiments may be made without departing from the inventive concepts disclosed herein. For example, although some aspects of the systems have been described with reference to a flowchart, those skilled in the art should readily appreciate that functions, operations, decisions, etc. of all or a portion of each block, or a combination of blocks, of the flowchart may be combined, separated into separate operations or performed in other orders. Moreover, while the embodiments are described in connection with various illustrative data structures, one skilled in the art will recognize that the system may be embodied using a variety of data structures. Furthermore, disclosed aspects, or portions of these aspects, may be combined in ways not listed above. Accordingly, the invention should not be viewed as being limited to the disclosed embodiments.
This application claims the benefit of priority to U.S. provisional application 61/576,718 filed Dec. 16, 2011 which is hereby incorporated by reference.
Number | Date | Country | |
---|---|---|---|
61576718 | Dec 2011 | US |