Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
SYSTEM AND METHOD FOR COMBINED USER AUTHENTIFICATION AND IDENTIFICATION
Document Type and Number:
WIPO Patent Application WO/2019/010584
Kind Code:
A1
Abstract:
A method and system for combined authentication and identification of a user includes creating a new master user account for a user entity that a stores a first set of user attributes and initializing an authentication score and retrieving at least one existing electronic dataset stored in an existing electronic database. For each dataset, the first set of user attributes is compared against one or more user attributes of that set and, based on the comparing, an identification score is determined. For each existing user account having an identification score greater than a predetermined threshold, the dataset of the master account is compared against the dataset of the existing account, an informational request is determined based on the comparing, a response to the request is received and the authentication score and the identification score is updated based the response.

Inventors:
MUNROE PATRICK (CA)
POTVIN BENOIT (CA)
GRAVEL VIVIANNE (CA)
Application Number:
PCT/CA2018/050857
Publication Date:
January 17, 2019
Filing Date:
July 13, 2018
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
SOLUTIONS B CITI INC (CA)
International Classes:
G06F21/31; G07F11/00
Domestic Patent References:
WO2014038925A12014-03-13
Foreign References:
US20020023059A12002-02-21
US8620942B12013-12-31
US20140189829A12014-07-03
US7428750B12008-09-23
US20140258063A12014-09-11
US20160004852A12016-01-07
US20130074167A12013-03-21
EP1569405A12005-08-31
US9537853B22017-01-03
Attorney, Agent or Firm:
ROBIC LLP (CA)
Download PDF:
Claims:
CLAIMS

1 . A computer-implemented method for combined authentication and identification of a user, the method comprising:

receiving a request to register a new master user account for a user entity, the request having a first set of user attributes pertaining to the user entity;

in response to the request, creating in a master electronic database a new master electronic user account, storing the first set of user attributes within a master electronic dataset associated with the new master electronic user account, and initializing an authentication score for the new master electronic user account;

retrieving at least one existing electronic dataset stored in an existing electronic database, the existing electronic dataset being associated with an existing user account and storing one or more user attributes pertaining to an existing user entity associated with the existing user account;

for each given retrieved existing electronic dataset:

comparing the first set of user attributes against the one or more user attributes stored in the given existing electronic dataset;

based on the comparing, determining an identification score between the pairing of the new master user account and the existing user account associated with the given retrieved electronic dataset;

for each given existing user account having an identification score greater than a predetermined similarity threshold:

comparing a current set of user attributes stored in the master electronic dataset against the one or more user attributes stored in the existing electronic dataset associated with the given existing user account having the identification score greater than the predetermined similarity threshold; determining, based on the comparing, at least one informational request;

receiving an electronic response to the informational request; and

updating, based on the received electronic response, at least one of the authentication score for the new master electronic user account and the identification score for the pairing of the new master electronic user account with the given existing user account. 2. The method of claim 1 , wherein determining the at least one informational request is based on at least one of a non-matching, partial matching, or missing match between a type of user attribute of the current set of user attributes stored in the master electronic dataset and a corresponding type of user attribute stored in the existing electronic dataset associated with the given existing user account having the identification score greater than the predetermined similarity threshold.

3. The method of claim 2, wherein if the electronic response to the informational request reconciles the non-matching, partial matching or missing match between the type of the user attribute of the current set of user attributes stored in the master electronic dataset and the corresponding type of user attribute stored in the existing electronic dataset associated with the given existing user account, then increasing the authentication score for the new master electronic user account and increasing the identification score for the pairing of the new master electronic user account with the given existing user account. 4. The method of claims 2 or 3, wherein if the electronic response to the informational request confirms a mismatch between the type of the user attribute of the current set of user attributes stored in the master electronic dataset and the corresponding type of user attribute stored in the existing electronic dataset associated with the given existing user account, then decreasing the authentication score for the new master electronic user account and decreasing the identification score for the pairing of the new master electronic user account with the given existing user account.

5. The method of any one of claims 1 to 4, wherein the updating of the authentication score for the new master electronic user account is based on prestored authentication rules and the updating of the identification score for the pairing of the new master electronic user account is based on prestored identification rules.

6. The method of claim 5, further comprising updating, by machine learning, at least one of the authentication rules and the identification rules based on the change in the at least one of the authentication score and the identification score.

7. The method of any one of claims 1 to 6, further comprising updating an identification score for a pairing of the given existing user account with another existing user account based on the change in the identification score for the pairing of the new master electronic user account with the given existing user account.

8. The method of any one of claims 1 to 7, further comprising adjusting an identification score for a pairing of the given existing user account with another existing user account based on the user's usage of the other existing user account over time.

9. The method of any one of claims 1 to 8, wherein the information request is one or more of a request for additional documentation from the user, a question posed to the user, a prompt for a confirmation by the user, and account usage activity by the user. 10. The method of any one of claims 1 to 9, wherein the existing user account provides access to a service offered by an organization to the user.

1 1 . A system for combined authentication and identification of a user, the system comprising:

a memory for storing a plurality of instructions;

a processor coupled to the memory, the processor configured for: receiving a request to register a new master user account for a user entity, the request having a first set of user attributes pertaining to the user entity;

in response to the request, creating in a master electronic database a new master electronic user account, storing the first set of user attributes within a master electronic dataset associated with the new master electronic user account, and initializing an authentication score for the new master electronic user account;

retrieving at least one existing electronic dataset stored in an existing electronic database, the existing electronic dataset being associated with an existing user account and storing one or more user attributes pertaining to an existing user entity associated with the existing user account;

for each given retrieved existing electronic dataset:

comparing the first set of user attributes against the one or more user attributes stored in the given existing electronic dataset;

based on the comparing, determining an identification score between the pairing of the new master user account and the existing user account associated with the given retrieved electronic dataset;

for each given existing user account having an identification score greater than a predetermined similarity threshold:

comparing a current set of user attributes stored in the master electronic dataset against the one or more user attributes stored in the existing electronic dataset associated with the given existing user account having the identification score greater than the predetermined similarity threshold;

determining, based on the comparing, at least one informational request;

receiving an electronic response to the informational request; and

updating, based on the received electronic response, at least one of the authentication score for the new master electronic user account and the identification score for the pairing of the new master electronic user account with the given existing user account.

12. The system of claim 1 1 , wherein determining the at least one informational request is based on at least one of a non-matching, partial matching, or missing match between a type of user attribute of the current set of user attributes stored in the master electronic dataset and a corresponding type of user attribute stored in the existing electronic dataset associated with the given existing user account having the identification score greater than the predetermined similarity threshold.

13. The system of claim 12, wherein if the electronic response to the informational request reconciles the non-matching, partial matching or missing match between the type of the user attribute of the current set of user attributes stored in the master electronic dataset and the corresponding type of user attribute stored in the existing electronic dataset associated with the given existing user account, then increasing the authentication score for the new master electronic user account and increasing the identification score for the pairing of the new master electronic user account with the given existing user account.

14. The system of claims 12 or 13, wherein if the electronic response to the informational request confirms a mismatch between the type of the user attribute of the current set of user attributes stored in the master electronic dataset and the corresponding type of user attribute stored in the existing electronic dataset associated with the given existing user account, then decreasing the authentication score for the new master electronic user account and decreasing the identification score for the pairing of the new master electronic user account with the given existing user account.

15. The system of any one of claims 1 1 to 14, wherein the updating of the authentication score for the new master electronic user account is based on prestored authentication rules and the updating of the identification score for the pairing of the new master electronic user account is based on prestored identification rules.

16. The system of claim 15, wherein the processor is further configured for updating, by machine learning, at least one of the authentication rules and the identification rules based on the change in the at least one of the authentication score and the identification score. 17. The system of any one of claims 1 1 to 16, wherein the processor is further configured for updating an identification score for a pairing of the given existing user account with another existing user account based on the change in the identification score for the pairing of the new master electronic user account with the given existing user account. 18. The system of any one of claims 1 1 to 17, wherein the processor is further configured for adjusting an identification score for a pairing of the given existing user account with another existing user account based on the user's usage of the other existing user account over time.

19. The system of any one of claims 1 1 to 18, wherein the informational request is one or more of a request for additional documentation from the user, a question posed to the user, a prompt for a confirmation by the user, and account usage activity by the user.

20. The system of any one of claims 1 1 to 19, wherein the existing user account provides access to a service offered by an organization to the user.

Description:
SYSTEM AND METHOD FOR COMBINED USER AUTHENTICATION AND

IDENTIFICATION

RELATED PATENT APPLICATION

The present application claims priority from U.S. provisional patent application no. 62/531 ,952, filed July 13, 2017 and entitled "SYSTEM AND METHOD FOR COMBINED USER AUTHENTICATION AND IDENTIFICATION", the disclosure of which is hereby incorporated by reference in its entirety.

TECHNICAL FIELD

The present disclosure generally relates to a system and method for combined authentication of a user entity and identification of user datasets associated with the user entity, and more particularly relates to an authentication and identification system and method implementing machine learning.

BACKGROUND

A user entity, such as a natural person or legal person, may have a plurality of electronic datasets stored in various databases, each dataset providing information pertaining to a service (electronic or otherwise) used by that user entity. A plurality of electronic user accounts for the user entity are each linked to one or more of these electronic datasets. The services may be offered by various organizations. As well, the user accounts and electronic datasets storing information, as user attribute entries, pertaining to the use of the services may be managed separately by the organizations. As a result, the user entity may have to keep track of a plurality of separate user accounts in order to access information pertaining to the use of the different services offered by the different organizations. For example (in a local government context), a user entity who is a natural person, may have a first user account with a first municipality and access at least two services offered by the municipality. These services may include access to the municipalities public library (ex: an electronic service - the person can manage library loans through an electronic portal) and use of the sports recreation center (ex: a non-electronic service - the dataset for the person defines whether the person has paid for the services and has access to it). The person may have a second account with a second municipality (ex: to access continuing education courses). It will be appreciated that a person may have a plurality of other accounts, such as related to utilities, electoral roll, taxes, parking, etc..

As a result, the user entity must manage the plurality of electronic accounts in order to obtain access to the services offered by the various organizations, even where the information stored in the plurality of electronic datasets for that user entity may overlap. This management can include having to modify the information stored in the electronic datasets separately, deleting accounts over time, and reactivating and reacting accounts.

SUMMARY

According to one aspect, there is provided a computer-implemented method for combined authentication and identification of a user. The method includes: receiving a request to register a new master user account for a user entity, the request having a first set of user attributes pertaining to the user entity; in response to the request, creating in a master electronic database a new master electronic user account, storing the first set of user attributes within a master electronic dataset associated with the new master electronic user account, and initializing an authentication score for the new master electronic user account; retrieving at least one existing electronic dataset stored in an existing electronic database, the existing electronic dataset being associated with an existing user account and storing one or more user attributes pertaining to an existing user entity associated with the existing user account. The method also includes for each given retrieved existing electronic dataset: comparing the first set of user attributes against the one or more user attributes stored in the given existing electronic dataset, based on the comparing, determining an identification score between the pairing of the new master user account and the existing user account associated with the given retrieved electronic dataset. The method also includes for each given existing user account having an identification score greater than a predetermined similarity threshold: comparing a current set of user attributes stored in the master electronic dataset against the one or more user attributes stored in the existing electronic dataset associated with the given existing user account having the identification score greater than the predetermined similarity threshold, determining, based on the comparing, at least one informational request, receiving an electronic response to the informational request, and updating, based on the received electronic response, at least one of the authentication score for the new master electronic user account and the identification score for the pairing of the new master electronic user account with the given existing user account.

According to another aspect, there is provided a system for combined authentication and identification of a user. The system includes a memory for storing a plurality of instructions and a processor coupled to the memory. The processor is configured for receiving a request to register a new master user account for a user entity, the request having a first set of user attributes pertaining to the user entity, in response to the request, creating in a master electronic database a new master electronic user account, storing the first set of user attributes within a master electronic dataset associated with the new master electronic user account, and initializing an authentication score for the new master electronic user account, retrieving at least one existing electronic dataset stored in an existing electronic database, the existing electronic dataset being associated with an existing user account and storing one or more user attributes pertaining to an existing user entity associated with the existing user account. The processor is also configured for, for each given retrieved existing electronic dataset: comparing the first set of user attributes against the one or more user attributes stored in the given existing electronic dataset and based on the comparing, determining an identification score between the pairing of the new master user account and the existing user account associated with the given retrieved electronic dataset. The processor is further configured for, for each given existing user account having an identification score greater than a predetermined similarity threshold: comparing a current set of user attributes stored in the master electronic dataset against the one or more user attributes stored in the existing electronic dataset associated with the given existing user account having the identification score greater than the predetermined similarity threshold, determining, based on the comparing, at least one informational request, receiving an electronic response to the informational request, and updating, based on the received electronic response, at least one of the authentication score for the new master electronic user account and the identification score for the pairing of the new master electronic user account with the given existing user account.

BRIEF DESCRIPTION OF THE DRAWINGS

For a better understanding of the embodiments described herein and to show more clearly how they may be carried into effect, reference will now be made, by way of example only, to the accompanying drawings which show at least one exemplary embodiment, and in which:

Figure 1 A illustrates a schematic diagram of the relationship between a real- world user entity and their electronic profile; Figure 1 B illustrates a schematic diagram of electronic datasets (associated with user accounts) that form a user profile;

Figure 2 illustrates a schematic diagram of the relationship between a plurality of real-world user entities and their respective electronic profiles;

Figure 3A illustrates a schematic diagram of a system for combined authentication and identification according to one example embodiment;

Figure 3B illustrates a schematic diagram of an alternative system for combined authentication and identification according to an example embodiment;

Figure 4 illustrates a schematic diagram of the backend scoring unit according to an example embodiment; Figure 5 illustrates a schematic diagram showing flow of data to and from an information scoring unit of the system for combined authentication and identification; Figure 6 illustrates a schematic diagram showing the organization of information pertaining to user entities within a system administrated by an authority organization;

Figure 7A illustrates a flowchart showing the operational steps of a method for carrying out combined authentication and identification according to one example embodiment;

Figure 7B illustrates a flowchart showing the operational steps of a method for carrying out combined authentication and identification according to an alternative example embodiment; Figure 8 illustrates a flowchart showing the operational steps of a method for registering a user entity within the system for combined authentication and identification;

Figure 9 illustrates a flowchart showing the operational steps of a method for initializing an identification score for pairings of electronic datasets; Figure 10 illustrates a flowchart showing the operational steps of a method for comparing pairings of electronic datasets to determine similarity;

Figure 1 1 illustrates a flowchart showing the operational steps of a method for comparing pairings of electronic datasets to generate informational requests;

Figure 12 illustrates a flowchart showing the operational steps of a method for transmitting informational requests and receiving responses to the informational requests;

Figure 13A illustrates a flowchart showing the operational steps of a method for adjusting authentication score and identification scores;

Figure 13B illustrates a flowchart showing the operational steps of a method for adjusting identification scores for existing electronic datasets across a plurality of pairings of electronic datasets.

Figure 13C illustrates a flowchart of the operational steps of a method for adjusting identification scores for a triplet of electronic datasets by transitivity; Figure 14A, 14B and 14C illustrate changes in identification score between pairings of electronic datasets;

Figure 15 illustrates an example of adjustment of identification scores for groups of four electronic datasets; Figure 16 illustrates a schematic diagram of the relationship between a real- world user entity, their electronic profile and various electronic datasets storing user attributes; and

Figure 17 illustrates a schematic diagram of relationships between a real- world user, associated user account in a master database, and electronic accounts in external systems.

It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity. DETAILED DESCRIPTION

It will be appreciated that, for simplicity and clarity of illustration, where considered appropriate, reference numerals may be repeated among the figures to indicate corresponding or analogous elements or steps. In addition, numerous specific details are set forth in order to provide a thorough understanding of the exemplary embodiments described herein. However, it will be understood by those of ordinary skill in the art, that the embodiments described herein may be practiced without these specific details. In other instances, well-known methods, procedures and components have not been described in detail so as not to obscure the embodiments described herein. Furthermore, this description is not to be considered as limiting the scope of the embodiments described herein in any way but rather as merely describing the implementation of the various embodiments described herein.

"User entity" herein refers to a person, such as natural person or legal entity, that accesses services provided by various organizations. "User account" herein refers to an electronic entry stored in a database entry that identifies a user entity accessing a given service provided by a given organization.

An "electronic dataset" stored in a database is logically associated with a given user account. The electronic dataset herein refers to the electronic data entries that contain information pertaining to the access to the service of the user entity identified by the user account. The information is stored within the electronic dataset as user attribute data entries.

"Electronic user profile" for a given user entity herein refers to the amalgamation of information related to that user entity, that information being contained in electronic datasets stored in various electronic databases.

"Authenticating a user entity" or variants thereof herein refers to actions for verifying and validating whether a user entity is the actual account holder for a given electronic account providing access to one or more services. "Identifying associated electronic datasets" or variants thereof herein refers to identifying whether electronic datasets stored in databases for a single organization or for a plurality of organizations are linked to a unique user entity.

"Authority organization" or variants thereof herein refers to an organization having an authority status. Organization having authority status may include official/state bodies, such as different levels of government. The information pertaining to user entities stored in systems belonging to an authority organization are considered reliable, trustworthy and true.

Broadly described, systems and methods described herein provide a combined authentication of a user entity and identification of existing user accounts associated with that user entity. The systems and methods enable a user entity to register a master user account; identify, within the same registration process, existing user accounts (in the same electronic system or in external electronic systems); and authenticate that the user entity is the actual account holder of those accounts. For example, and as described above, a person may have an existing user account with a first municipality and accesses two services offered by that municipality (ex: public library and sports recreation centre). The same person may have a second existing user account with a second municipality (ex: to access continuing education courses). The person may have various other existing user accounts with other service providers (ex: utilities, electoral roll, taxes, parking, etc.). These user accounts often reside on separate, non-connected, electronic systems, which requires the user account to access each of these independently.

According to systems and methods described herein, the user entity registers a new master user account with a master system. Based on information provided by the user entity during the registration process, existing electronic user accounts across various electronic systems are identified as belonging to that user entity and the user entity is further authenticated as being the actual account holder of those accounts. In the provided example, the first user account with the first municipality and the second user account with the second municipality are identified as being associated with the user entity and the user entity is verified as being the true holder of those accounts. Accordingly, the user entity can access the master user account within the single master system to manage his or her existing user accounts instead of having to manage each of the existing electronic systems separately.

One or more systems and methods described herein may be implemented in computer programs executing on programmable computers, each comprising at least one processor, a data storage system (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. For example, and without limitation, the programmable computer may be a programmable logic unit, a mainframe computer, server, and personal computer, cloud-based program or system, laptop, personal data assistance, cellular telephone, smartphone, wearable device, tablet device, virtual reality devices, smart display devices (ex: Smart TVs), set-top box, video game console, portable video game devices, or virtual reality device. Each program is preferably implemented in a high-level procedural or object-oriented programming and/or scripting language to communicate with a computer system. However, the programs can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Each such computer program is preferably stored on a storage media or a device readable by a general or special purpose programmable computer for configuring and operating the computer when the storage media or device is read by the computer to perform the procedures described herein. In some embodiments, the systems may be embedded within an operating system running on the programmable computer.

Referring now to Figure 1A, therein illustrated is a schematic diagram of the relationship between a real-world user entity 1 and their electronic (ex: digital- world) profile 8. The electronic user profile 8 refers generally to the amalgamation of information related to the user entity contained in electronic datasets 16 stored in databases, which may be managed by a plurality organizations, and accessible via a plurality of electronic accounts associated with the user entity. As illustrated in Figure 1 B, because the electronic datasets 16 of the electronic profile 8 provide information for a unique user entity 1 , they can be identified as being associated.

Each electronic dataset is associated with a user account registered to an offered service and stores pertinent information, as user attribute data entries, pertaining to the user entity associated with the account and their use of the service (such as for example their personal address, telephone number, office phone number, etc.).

Referring now to Figure 2, therein illustrated is a schematic diagram of the relationship between a plurality of real-world user entities 1 a, 1 b, and 1 c and their respective electronic user profiles 8a, 8b, and 8c. Each real-world user entity is associated with the user accounts that form their respective electronic user profiles, each user account being further associated with its respective electronic dataset. The real-world user entity is permitted access to a user account, and the associated electronic dataset, after being authenticated. That is, for each user account associated with a user entity, the user entity has been verified as being the actual account holder for that user account.

An electronic user profile (ex: profile 8a) may have a plurality of associated electronic datasets. These datasets have been identified as belonging to the same user entity, even though the datasets may be stored within different electronic databases.

Referring now to Figure 3A, therein illustrated is a schematic diagram of a system 24 for combined authentication and identification according to one example embodiment. The system 24 includes a master database 32, which stores master electronic datasets for user entities 1 registered in the system 24. As described elsewhere herein, each master electronic dataset may include an entry defining an authentication score for the registered user entity 1 . Each master electronic dataset may also include an entry defining identification scores for a plurality of electronic datasets stored in external databases 40. The external databases 40 may be existing databases managed by the organizations that provide services used by the user entity 1 .

The system 24 further includes a backend scoring unit 48 that is in data communication with the master database 32 and that carries out the determination of authentication scoring and identification scoring, as described elsewhere herein. The backend scoring unit 48 is further in data communication via a network interface 56 with the external databases 40.

In some embodiments, the system 24 may be in data communication with a remote device 64 of an authority organization, the remote device 64 having access to information stored in authority databases 72. Referring now to Figure 3B, therein illustrated is a schematic diagram of an alternative system 24' for combined authentication and identification according to an example embodiment. The alternative system 24' is similar to the system 24 of Figure 3A, except that the master database 32 is in communication with the backend unit 48 via a network interface 56. It will be understood that the description provided herein with reference to system 24 is also applicable to the alternative system 24'.

Referring now to Figure 4, therein illustrated is a schematic diagram of the backend scoring unit 48 according to one example embodiment. The backend scoring unit 48 includes a storage unit 80, which stores rules for authenticating a user entity 1 and rules for identifying whether electronic datasets are associated with the same user entity 1 . The backend scoring unit 48 includes a processor 48 that executes computer programs for applying authentication rules and identification rules to determine authentication score and identification scores. An information scoring unit 88 in communication with the backend unit 48 can output one or more information scores in response to information provided by a registering user entity or information retrieved pertaining to that user entity. The information scoring unit 88 may be external to the system 24. The information scoring unit 88 outputs one or more information scores 1 12 for a user entity. An information score indicates the correctness of an informational entry pertaining to a user entity with respect to a validated set of user attributes for that user entity. The informational entry may be a user attribute for that user entity. The correctness indicates a level of matching between the informational entry and corresponding user attribute of the validated set. The validated set may be a dataset stored in an authority system 128, as described elsewhere herein. The information scores can be determined automatically based on a set of prestored information rules. The information scores can also be determined or adjusted by an authorized intermediary 132, which may be a human user of an authority organization.

A machine learning unit 96 receives the authentication score and identification scores for a given user entity and a given set of electronic datasets, compares attributes of the electronic datasets and updates, when appropriate, the authentication rules and identification rules stored in the internal storage 80 of the backend unit 48. The updated authentication rules and identification rules can be used by the scoring unit 88 for future authentication and identification of user entities and associated electronic datasets. Referring now to Figure 5, therein illustrated is a schematic diagram showing flow of data to and from the information scoring unit 88 of the system 24 for combined authentication and identification. The information scoring unit 88 receives user-provided information 104. This information 104 may be provided via a user portal (ex: a user interface displayed on a display device of a computing device used by the user). The information scoring unit 88 further receives data (ex: user attribute entries) of electronic datasets stored in the master database 32 and external databases 40.

Referring now to Figure 6, therein illustrated is a schematic diagram showing the organization of information within an authority system 128 administrated by an authority organization. The authority system 128 may include a plurality of authority subsystems that store information pertaining to a user entity. For example, the authority subsystems may correspond to subsystems used by various official or governmental bodies (ex: taxes, electoral roll, census, etc.). As described elsewhere herein, the information stored in the authority system 128 is considered to be trustworthy. An authorized intermediary 132 (which may be a human user interacting with an electronic device in communication with the authority system 128, or an autonomous electronic device) is in communication with the authority system 128 and external system 136. The external system 136 administrates external databases 40 storing information pertaining to the user's use of services offered by organizations. The authorized intermediary 132 can receive information from the user, verify the received information with information stored within the authority system 128 and provide an indication as to whether the user is associated with a given profile or electronic dataset stored in the external databases 40 of the external systems 136.

For example, the user submits an ID card and a copy of a utility bill to the authorized intermediary. Information on the ID card and the utility bill is verified against the information of a user profile stored in the authority system 128 for a user having the address indicated on the ID card and utility bill. If this information is verified, the authorized intermediary 132 provides an indication that the user has been verified as being the user residing at the given address. For example, a human user associated with the authorized intermediary 132 may provide an electronic message from an electronic system belonging to the trusted authorized intermediary 132 indicating the verification. It will be appreciated that this information can be used to authenticate and identify the user entity with electronic datasets in the external system 136 having a user attribute corresponding to that address.

Referring now to Figure 7A, therein illustrated is a flowchart showing the operational steps of a method 140 according to one example embodiment for carrying out combined authentication and identification of a user entity. The method 140 may be carried out by the system 24 for combined authentication and identification. The method 140, variants thereof, and its sub-methods may be implemented in computer programs executed by the processor 48 of the backend unit 48.

At step 148, the user entity registers with the system 24 by providing information pertaining to the user entity to the system 24 for combined authentication and identification. This information may be inputted electronically by a human user (being the user entity or representing the user entity) via a user interface displayed on an electronic device being used by that human user. The information may include a plurality of pieces of information about the user entity, such as user real world name, date of birth, address, etc. A new master electronic user account and a corresponding new master electronic dataset are created within the master database 32 of the system 24. The new electronic user account acts as a master user account - accessing the master user account provides access to accounts of external databases 40. The new electronic dataset acts as a master electronic dataset which is used to authenticate the user entity accessing the master user account. The master electronic dataset stores the information provided by the human user during the registration process. Furthermore, an authentication score is stored within the master database 32 and is associated with the given master electronic account. The authentication score, corresponding to the level at which the registering user entity and their master user account has been verified, is initially set to 0 (to indicate that no verification has been carried out). The master electronic dataset can further store a plurality of identification scores, each score being associated with a pairing of the electronic dataset with an existing electronic dataset (another dataset in the master database 32 or a dataset in an external database 40). In the example of the person having existing user accounts with two different municipalities, that person may begin the registration process by creating the new master electronic user account and providing a basic set of information (ex: name, date of birth, and address). The master electronic user account is initially not associated with any existing electronic user datasets. At step 156, an identification score is initialized for every pairing of the master electronic account and an existing electronic account. The existing electronic account can be another master electronic account being associated with a master electronic dataset already stored within the master database 32. The existing electronic account can be another electronic account being associated with an electronic dataset stored in an external database 40. The identification score for each pairing is associated with the master electronic user account and initialized. The initial identification score for a given pairing of master electronic account with an existing electronic account can be determined based on a comparison of an initial set of types of user attributes stored at the master electronic dataset associated with the master electronic account with corresponding types of user attributes stored at the existing electronic dataset associated with the existing electronic account. The comparison and the determination of the initial identification score is carried out on stored identification rules. The master electronic account stored in the master database 32 can be paired with every existing electronic account accessible to the system 24 (i.e. with every other existing electronic account stored in the master database 32 and every other existing electronic account stored in the external databases 40).

The identification rules can be applied to determine whether the degree at which two electronic accounts are associated with the same user entity. The identification rules can define differing weighting for matches (or partial matches) for a plurality of types of user attributes stored in the electronic datasets associated with the two electronic accounts. The identification rules can also define different weighting for different combinations of matches (or partial matches) for a plurality of types of user attributes. In the example of the person having existing user accounts with two different municipalities, system 24 for combined authentication and identification accesses the existing electronic user accounts (and their associated electronic datasets) stored in the databases being managed by the first and second municipalities. Amongst these existing electronic user accounts, those user accounts associated with electronic datasets storing attributes providing a sufficient match (ex: same name and address) to the set of attributes of the master datasets are identified as being similar.

At step 164, the existing electronic accounts that are considered to be similar to the master electronic account are retrieved. Similarity between a pairing of the master electronic account with a given electronic account may be based on the current identification score for that pairing. It will be understood that the identification score for that pairing may be updated as method 140 proceeds further. However, it will be understood that similarity between the pairing of electronic accounts may be based on one or more metrics other than the identification score.

At step 172, the existing electronic user accounts determined as being similar to the master electronic account are each compared with the master electronic account. More specifically, for each pairing of the master electronic account with a similar existing electronic account, user attributes stored in the master electronic dataset associated with the master electronic account are compared with the user attributes of the same type stored in the existing electronic dataset associated with the existing electronic user account. This comparison may identify the types of user attributes where the user attribute stored in the master electronic dataset is different from (no match or only partial match) the user attribute stored in the existing electronic dataset. The comparison may also identify the types of user attributes where the user attribute stored in the master electronic dataset is missing.

Also at step 172, one or more informational requests are generated based on the comparison of user attributes between the master electronic dataset and the existing electronic dataset. More particularly, the informational requests are generated based on differences or missing information between user attributes of the same type between the master electronic dataset and the existing electronic dataset.

The informational requests can prompt the user entity to provide additional information that is useful to reconcile, or confirm, differences between user attributes of the master electronic dataset and existing electronic dataset. This reconciliation or confirmation is useful to determine whether the user entity associated with the master electronic dataset is the same as the user entity associated with the existing electronic dataset. The user entity can provide a user entry (ex: text entry, user selection, etc.) as a response to the informational request.

Additionally, or alternatively, the informational requests can be in the form of a command for retrieving a specific type of information entry. The information entry can be automatically retrieved (i.e. without intervention from the user entity). Alternatively, user authorization may be required prior to retrieving the information entry, but the user entity does not need to provide the specific information entry. Examples of automatically retrieved information entry may include: current geographic coordinates of the user device (ex: obtaining GPS information) or IP address of the user. The additional informational request may be generated by the backend unit

48 based on informational request rules stored at the internal storage 80 thereof. For example, the informational request rules can define when there is a difference (or missing information) between the user attribute of two electronic datasets, the type and/or degree of that difference, and the informational request to be generated based on that difference. The informational request can be a question to be posed to and answered by the registering user. The informational request can be a request for additional documentation from the registering user. The informational request can also be a prompt for a confirmation by the user.

In the example of the person having existing user accounts with two different municipalities, the electronic dataset associated with the existing electronic user account with the first municipality may include a user attribute indicating the number of books that were loaned, and an informational request in the form of a question can be posed (ex: how many books did you borrow last year?). Furthermore, the electronic dataset associated with the second existing account with the second municipality may include user attributes storing results of courses taken by the person, and an informational request requesting additional documentation may be made (ex: please provide your transcripts for these continuing education courses). The electronic dataset associated with the first existing electronic account with the first municipality may include user attributes storing sports teams that the user entity belonged to, and a prompt for confirmation may be made (ex: did you participate in women's under 40 soccer?).

At step 180, the informational requests generated at step 172 are transmitted to the registering user entity, such as displaying prompts corresponding to the informational requests on the electronic device used by the user entity. Responses provided by the user entity to the informational requests are also received at step 180.

Also at step 180, an information score is determined at the information scoring unit 88 for each response to an informational request. For example, where an informational request was generated based on a user attribute being missing, or only having a partial match, in the master electronic dataset but being present in an existing electronic dataset, a received response that confirms the user attribute of the existing electronic dataset will be given a positive response score (ex: the user provides transcripts to his or her registered continuing education courses). Conversely, a response that confirms a difference will be given a negative response score (ex: the user answers "No" to participating in women's under 40 soccer, but the user attribute of the electronic dataset indicates that participation had occurred).

At step 188, the information scores are used to update the authentication score and the identification scores previously determined (ex: at step 148 and step 156, or in a previous iteration of step 188). The updating of the scores can be carried out by the backend unit 48.

A positive response score for a given response may cause an increase in the authentication score for the master user account and user entity associated with the master electronic user account. It will be appreciated that this represents a situation where the user was able to provide further information that confirms a similarity between the master electronic user account and an existing electronic user account (ex: providing the transcripts is a positive indicator that that user entity is the actual account holder of that user account).

A negative response score for a given response may cause a decrease in the authentication score for the master electronic user account and the user entity associated with the master electronic user account (ex: wrongly answering the prompt regarding participation in women's under 40 soccer is a negative indicator that that user entity is the actual holder of that user account).

The direction (increasing or decreasing) of the adjustment of the authentication score and the degree of the adjustment may be defined by authentication rules stored within the internal storage 80 of the backend unit 48. The authentication rules may define the adjustment to be carried out based on the type of user attribute provided within the response. The authentication rules may also define the adjustment to be carried out based on a combination of user attribute types that are compared between the master electronic user account and the existing electronic user account.

The information score generated for a response to an informational request for a given pairing of the master electronic user account and an existing electronic user account may also cause an adjustment to the identification score between the master electronic user account and that existing electronic user account. A positive response score may increase the identification score for the pairing. A negative response may decrease the identification score for the pairing.

The direction (increasing or decreasing) of the adjustment of the identification score for the pairing and the degree of the adjustment of the identification score may be defined by identification rules stored within the internal storage 80 of the backend unit 48. The identification rules may define the adjustment to be carried out based on the type of user attribute provided within the response to the informational request. The identification rules may also define the adjustment to be carried out based on a combination of user attribute types that are compared between the master electronic dataset and the existing electronic dataset of the pairing of the master electronic user account and the existing electronic user account.

For example, where an informational request was generated based on the attribution information of a specific type being different in a plurality of already created electronic datasets, a received response can increase the identification score between a first pair of already created electronic user accounts and/or decrease the identification score between a second pair of already created electronic user accounts (ex: the user providing their gas bill increases the identification score between an electronic user account associated with a dataset having an entry for "J Smith" that heats by gas and an electronic user account associated with another dataset having an entry for "John Smith" that also heats by gas, but decreases the identification score between the same electronic user account for "John Smith" that heats by gas and a third electronic user account associated with a dataset having an entry for "John Smith" that heats by electricity). Furthermore, positive (or negative) information scores to informational requests across a set of a plurality of pairings of the master electronic user accounts and an existing electronic user account can have the effect of increasing (or decreasing) identification score between the existing electronic user accounts of those pairings. For example, where a first positive response is received for a first pairing of the master electronic user account with a first existing electronic user account and a second positive response is received for a second pairing of the master electronic user account with a second existing electronic user account, the identification score between the first existing electronic user account and the second electronic user account can also be increased. At step 196, it is determined whether the authentication score for the master electronic user account and/or the identification scores were adjusted at step 188. If the authentication score and/or the identification scores were adjusted, the method proceeds to step 204 to update the authentication rules, the identification rules, and/or the informational request rules. If the authentication scores and/or the identification scores did not change, the method proceeds to step 212 and waits for further changes to electronic datasets that may cause changes in the scores.

At step 204, the machine learning unit 96 receives the changed authentication scores, changed identification scores, and the electronic datasets associated with the user accounts that were compared and led to the changed authentication scores and/or identification scores. Additionally, or alternatively, the machine learning unit 96 receives electronic datasets associated with user accounts that were not compared. The machine learning unit further updates the authentication rules, identification rules and informational request generation rules based on one or more of the following: · the amount of the change in the score,

• the direction of the change in the score,

• the similarities or differences between the user attributes between the electronic datasets associated with the pairing of the master electronic user account and existing electronic user account; and · similarities or differences between any one or more of the received electronic datasets.

The machine learning unit 96 may change the authentication rules, identification rules and informational request generation rules by adjusting weighting rules for matches (or partial matches) for some types of user attributes or some combinations of types of user attributes. The adjusting of the rules seeks to increase the relevance and accuracy of the rules for further computing of authentication scores and/or identification scores.

For example, over time, the machine learning unit 96 may adjust the weight of a particular type of user attribute (ex: "heating type") when the same electronic dataset stores another type of user attribute having a particular value (ex: user city/town has the value "Town A" - this may reflect a real-life situation where all, or almost all, residences of "Town A" use the same type of heating). Accordingly, for future determinations, where a pair of electronic dataset stores a type of attribute having the particular value (ex: residence in "town A"), a matching of the particular type of user attribute (ex: "heating type") between the datasets does not have the effect of increasing the identification score between the user accounts associated with those datasets (since all, or almost all residents of Town A use the same type of heating, the matching of heating type is not given heavy weight for adjusting authentication score or identification score). However, a mismatch of that particular type of user attributes between a pair of electronic datasets that store user attributes having the particular value will be heavily weighted and have the effect of substantially decreasing the identification score between the user accounts associated with those datasets (ex: where two residents of Town A use different types of heating, this is given a heavier weight for determining that the users are different).

The adjustment of the weighting rules carried out by the machine learning unit 96 may apply various machine learning methods known in the art.

It will be appreciated that through the registration process and the providing of responses to informational requests, existing user accounts that are most likely to belong to the user entity are identified and the likelihood that the user is the actual holder of those accounts is also verified. The user can then use the master electronic user account to access the various existing user accounts instead of having to separately access these existing user accounts. Referring now to Figure 7B, therein illustrated is a flowchart showing the operational steps of a method 140' according to an alternative example embodiment for carrying out combined authentication and identification of a user entity. It will be understood that many steps of method 140' substantially correspond to the steps of method 140 (illustrated in Figure 7A), and the description provided herein with reference to method 140 is also applicable to method 140'.

Within method 140', at step 204, an authorized intermediary 132 receives information from the registering user entity, verifies the information against data stored in the authorized system 128 and further provides an indication as to whether the user entity is associated with a given profile or electronic account stored in the external databases 40. The authentication score for the registering user entity may be adjusted accordingly. Identification scores can also be adjusted. It will be appreciated that a positive indication from an authority system provides a strong indication that the user entity has been verified.

At step 212, the machine learning unit 96 may update authentication rules and/or identification rules based on the indication provided by the authority system at step 204.

Parameters that can be updated by the machine learning unit 96 include one or more of the following:

Thresholds (constants):

• Threshold Similar Account (TSA); see Figure 10;

• Threshold Lower Information Score (TLIS); see Figure 13A;

• Threshold Upper Information Score (TUIS); see Figure 13A; · Threshold Equal (TE); see Figure 13C

• Threshold Different (TD); see Figure 13C;

• Difference threshold (epsilon_i1 , epsilon_i2, ... ), see Figure 1 1 .

Functions: • Metric of comparison of master electronic dataset M and existing electronic dataset X (d(X,M)), see Figure 9;

• Degree of difference between user attributes ((d_M (X_i1 , M_i1 ), d_i2(X_i2, M_i2), ... ), see Figure 1 1 ; · delta A +_M(S_i): the Authentication Score Increase Value, see step

440 of Figure 13A;

• delta A -_M(S_i): the Authentication Score Decrease Value, see step 472 of Figure 13A;

• delta A +MX(S_i): the Identification Score Increase Value between M and X, see step 448 of Figure 13A;

• delta A -_MX(S_i): the Identification Score Decrease Value between M and X, see step 480 of Figure 13A;

• UISE(IS_YZ,TE): the Updated Identification Score when two accounts are considered to be common; see step 516 of Figure 13C; · UISD(IS_YZ,TD): the Updated Identification Score when two accounts are considered to be non-common; see step 524 of Figure 13C;

Referring now to Figure 8, therein illustrated is a flow chart showing the operational steps of a method 148 for registering a user entity within the system 24 for combined authentication and identification. The method 148 illustrates sub- steps of step 148 of method 140.

At step 220, an initial set of user attributes entries are received. A human user interacting with an electronic device may be prompted to provide this initial set of user attribute entries. This initial set may be a basic set of information, such as the user's real-world name and address.

At step 228, a password to be used for the master electronic user account is received. The password can also be provided by the human user interacting with the electronic device. At step 236, a new master electronic user account is created within the master database 32 and is associated with a new master electronic dataset that stores the set of user attributes received at step 220.

At step 244, an authentication score linking the user entity to the new master electronic user account is initialized to 0, to indicate that verification of the user entity has not yet taken place.

Referring now to Figure 9, therein illustrated is a flow chart showing the operational steps of a method 156 for initializing an identification score for every pairing of the newly created master electronic user account and an existing electronic user account. The method 156 illustrates sub-steps of step 156 of method 140 for carrying out combined authentication and identification.

At step 252, the master electronic user account to be initialized is retrieved from a database, such as from the master database 32. More particularly, the master electronic dataset associated with the master electronic user account is retrieved. In the illustrated example, the master electronic user account corresponds to user account M.

At step 260, it is determined whether there remain existing electronic user accounts to be paired with the master electronic user account. If all of the existing electronic user accounts have been compared to the master electronic user account, the method proceeds to step 172 of method 140 to determine similar accounts. If there remain existing electronic user accounts to be compared, the method proceeds to step 268 to continue the comparison.

At step 268, a given existing electronic user account X is retrieved and paired with the master electronic user account M. For example, and as illustrated, the existing electronic user account X can be another master electronic user account stored in the master database 32 or an electronic user account stored in an external database 40 administrated by an external organization that offers a service used by the user entity. More particularly, the electronic dataset associated with the existing electronic user account X is retrieved. At step 276, the master electronic dataset for the master electronic user account M is compared with the existing electronic dataset for the existing electronic user account X. The comparison may be carried out based on a fixed metric d, which may be a comparison of a base set user attributes. The comparison may be based on identification rules stored within the backend unit 248.

At step 284, an identification score is initialized for the pairing of the master electronic dataset M with the existing electronic dataset X based on the comparison (ex: distance between X and M, d(X,M)) carried out step 276.

At step 292, the electronic user account X is identified as having been treated so that it is not retrieved and compared again. The method 156 then returns to step 260 to further determine whether there remain existing electronic user accounts to be paired with the master electronic user account and compared thereto.

Referring now to Figure 10, therein illustrated is a flow chart showing the operational steps of a method 164 for comparing pairings of the master electronic user account with an existing electronic user account to determine those existing electronic user accounts that are considered similar to the master electronic user account. The method 164 illustrates sub-steps of step 164 of method 140.

At step 300, if not already completed at step 252 of method 156, the master electronic user account M to be compared is retrieved from a database, such as from the master database 32. More particularly, the master electronic dataset associated with the master electronic user account M is retrieved.

At step 308, it is determined whether there remain existing electronic user accounts to be paired with the master electronic user account so that a determination can be made of whether the two electronic user accounts are considered sufficiently similar.

At step 316, a given existing electronic user account X is retrieved and paired with the master electronic user account. More particularly, the existing electronic dataset associated with the electronic user account X is retrieved. For example, and as illustrated, the existing electronic user account X can be another master electronic user account stored in the master database 32 or an electronic user account stored in an external database 40 administrated by an external organization that offers a service used by the user entity. At step 324, it is determined whether the identification score determined for the given pairing of the master electronic user account M with the existing electronic user account X (this identification score having been determined at substep 284 of step 156 or in a previous iteration of step 188) exceeds a predetermined similar dataset threshold TSA. This threshold corresponds to a particular identification score at which the master electronic user account M and the existing electronic user account X are considered to be sufficiently similar (ex: sufficient likelihood to be associated with the same real-world user entity), that additional informational requests should be generated for the pairing.

If the identification score for the given pairing is greater than the similar dataset threshold TSA at 324, the method proceeds to step 332 to identify the existing electronic user account of the pairing as being similar to the master electronic user account M. For example, a data entry may be stored as part of the master electronic dataset for electronic user account M identifying the given paired existing electronic user account as a similar electronic user account. The method 164 further proceeds to step 340 to identify the given electronic user account as having been treated, and returns to step 308 to further determine whether there remain existing electronic user accounts to be paired with the master electronic user account for determining similarity.

If the identification score for the given pairing is less than the similar dataset threshold at step 324, the method proceeds to step 340 to identify the given electronic user account as having been treated, and the method returns to step 308 to further determine whether there remain existing electronic data user accounts sets to be paired with the master electronic user account for determining similarity. Referring now to Figure 1 1 , therein illustrated is a flow chart showing the operational steps of a method 172 for comparing pairings of the master electronic user account M with an existing electronic user account to generate informational requests to be presented to the user. At step 348, if not already completed at step 252 of method 156 and/or step

300 of method 164, the master electronic user account M to be compared is retrieved from a database, such as from the master database 32. More particularly, the master electronic dataset associated with the master electronic user account M is retrieved. As illustrated, the master electronic dataset M stores a plurality of user attributes (illustrated in Figure 1 1 as "Feature M_1 ", "Feature M_2", ... "Feature M_3").

At step 356, it is determined whether there remain existing electronic user accounts to be paired with the master electronic user account so that a determination can be made of whether one or more informational requests should be generated for the pairing of electronic user accounts.

At step 364, a given existing electronic user account X is retrieved and paired with the master electronic user account M. More particularly, the existing electronic dataset associated with the given existing electronic user account X is retrieved. For example, and as illustrated, the existing electronic user account X can be another master electronic user account stored in the master database 32 or an electronic user account stored in an external database 40 administrated by an external organization that offers a service used by the user entity. Only those electronic user accounts determined to be similar to the master electronic user account M at step 164 are to be retrieved at step 364. As illustrated, the existing electronic dataset associated with the similar existing electronic user account stores a plurality of user attributes (illustrated Figure 1 1 as "Feature X_1 ", "Feature X_2", ... "Feature X_m").

At step 372, for the given pairing of the master electronic user account M with the existing electronic user account X, each user attribute of the existing electronic dataset (associated with the existing electronic user account X) is compared to a user attribute of the master electronic dataset (associated with the master electronic user account M) of the corresponding type. The comparison is carried out to determine whether there is match, partial match, missing attribute, or difference between the user attributes. Metrics for making this determination may be defined within the information comparison rules, which may be stored in the internal storage 80 of the backend unit 48.

At step 380, based on the comparisons carried at step 372, one or more informational requests are generated. The informational requests are generated to reconcile, or confirm, differences, missing attribute, or partial matches between the user attribute of the existing electronic dataset X and the user attribute of the master electronic dataset M of the corresponding type. For example, and as illustrated, a degree of difference between the user attributes is determined (d_i1 (X_i1 , M_i1 ), d_i2(X_i2, M_i2), ... ) and is compared with difference thresholds (epsilon_i1 , epsilon_i2, ... ). Where the degree of difference exceeds the difference threshold for that type of user attribute, an informational request is generated.

The method 172 proceeds to step 388 to identify the given electronic user account as having been treated, and returns to step 356 to further determine whether there remain similar existing electronic user accounts to be paired with the master electronic user account for generating informational requests. Referring now to Figure 12, therein illustrated is a flow chart showing the operational steps of a method 180 of transmitting the informational requests generated at step 172 and treating responses to the informational request. Method 180 illustrates sub-steps of step 180 of method 140.

At step 396, it is determined whether there remain informational requests generated at step 172 that still need to be treated.

At step 404, an informational request generated at step 172 is transmitted to the user that is registering with the system 24. The informational request may be transmitted by displaying a prompt corresponding to the informational request. As described elsewhere herein, the informational request can be a question to be posed to and answered by the registering user, a request for additional documentation, and/or a prompt for confirmation by the user. An electronic response to the informational request is also received from the user.

At step 408, an information score is received for the response received to the informational request of step 404. For example, where an informational request was generated based on a user attribute being missing, or only having a partial match in the master electronic dataset but being present in an existing electronic dataset, a received response that confirms the user attribute of the existing electronic dataset will be given a positive response score. Conversely, a response that confirms a difference will be given a negative response score. At step 412, the response score is stored. The response score may be stored within the internal storage 80 of the backend unit 48 in association with the pairing of the master electronic user account M and the given existing electronic user account X and further defining the type of user attribute that generated the informational request that led to the response. The method 180 then returns to 396 to determine whether there remain informational requests generated at step 172 that still need to be treated.

Referring now to Figure 13A, therein illustrated is a flow chart showing the operational steps of a method 188a of adjusting authentication score for the master user account and identification scores previously determined (ex: at step 148 and step 156, or in a previous iteration of step 188). Method 188a illustrates sub-steps of step 188 of method 140 for carrying out combined authentication and identification.

At step 420, it is determined whether there remain any information scores determined at step 180 that still need to be treated. At step 428, a yet-to-be treated information score for a given pairing of the master electronic user account M with a given existing electronic user account X for a given type of user attribute is retrieved. For example, and as illustrated in Figure 13A, an information score (illustrated as "Request/Information Score") is for a given existing electronic user account X_i and for the attribute of type / within the electronic dataset associated with that existing electronic user account.

At step 436, it is determined whether the given information score exceeds an upper information score threshold (TUIS). This threshold corresponds to an information score that indicates that the user-provided response reconciles a partial match, missing attribute or attribute difference between the given type of user attribute stored at the master electronic dataset M with respect to the given existing electronic dataset X. As described elsewhere, this represents a situation where the user was able to provide further information that confirms a similarity between the master electronic user account M and the existing electronic user account X.

Where the information score S_i exceeds the upper threshold TUIS, the method 188a proceeds to step 440 to increase the authentication score for the master electronic user account M, to indicate a higher level of verification/authentication of the user entity. The amount of the increase may be based on the type of user attribute associated with the information score S_i, this increase may be defined by authentication rules.

Furthermore, at step 448, the identification score between the master electronic user account M and the given existing electronic user account X is increased, to indicate a higher likelihood that the two electronic user accounts are associated with the same real-world user. The amount of the increase may be based on the type of user attribute associated with the information score S_i. This increase may be defined by identification rules.

At step 456, the information score for the given electronic user account X_i and user attribute type / is identified as having been treated and returns to step 420 to further determine whether there remain similar existing responses to be treated.

At step 464, it is determined whether the given information score is lower than a lower information score threshold (TLIS). This threshold corresponds to a response score that indicates that the user-provided response confirms a mismatch/difference between the give type of user attribute stored within the master electronic dataset associated with the master electronic user account M with respect to the given existing electronic dataset associated with the existing electronic user account X. As described elsewhere, this represents a situation where the user provided a response that indicates a dissimilarity between the master electronic user account M and the existing electronic user account X.

Where the information score S_i is below the lower threshold TLIS, the method 188a proceeds to step 472 to decrease the authentication score for the master electronic user account M, to indicate a lower level of verification/authentication of the user entity. The amount of the decrease may be based on the type of user attribute associated with the information score S_i, this decrease may be defined by authentication rules.

Furthermore, at step 480, the identification score between the master electronic user account M and the given existing electronic user account X is decreased, to indicate a lower likelihood that the two electronic user accounts are associated with the same real-world user. The amount of the decrease may be based on the type of user attribute associated with the information score S_i. This decrease may be defined by identification rules.

An information score that is neither higher than the upper threshold TUIS, nor lower than the lower threshold TLIS represents a situation where the user- provided response neither confirmed a similarity between the electronic user accounts, nor confirmed a difference between the electronic user accounts. Accordingly, the authentication score for the master electronic dataset M and the identification score for the pairing are not adjusted. As illustrated elsewhere herein, the information scores to informational requests across a set of a plurality pairings of the master electronic user account and an existing electronic user account can have the effect of increasing (or decreasing) identification score between the existing electronic user accounts of those pairings. Referring now to Figure 13B, therein illustrated is a flow chart showing the operational steps of a method 188b for adjusting identification scores for existing electronic datasets across a set of a plurality of pairings of electronic datasets. The method 188b illustrates sub-steps of step 188 of method 140 for carrying out combined authentication and identification.

At step 488, it is determined whether there remain any triplets of electronic user accounts that have not been treated.

A triplet of electronic user accounts refers to a set of three electronic user accounts arranged in at least two pairings. A first of the electronic user accounts (ex: the master electronic user accounts M) is paired with each of the other two electronic user accounts, thereby forming the at least two pairings. Attribute types of the electronic user accounts in each of the two pairings may be compared, thereby generating an identification score for each pairing of electronic user accounts. At step 496, a triplet of electronic user accounts that has not yet been treated is retrieved. For example, and as illustrated, the existing electronic user accounts X can be another master electronic user account stored in the master database 32 or an electronic user account stored in an external database 40 administrated by an external organization that offers a service used by the user entity. The identification scores for the at least two pairings of electronic user accounts within the triplet are also retrieved.

At step 504, the identification scores of the triplets are updated based on transitivity, as described elsewhere herein. That is, within the triplet, although two of the electronic user accounts have not been paired and compared, an identification score between these two electronic user accounts can be updated. The update of the identification score can be carried out based on each of their respective identification scores in relation to the first electronic user account (ex: the master electronic user accounts M) within the at least two pairings. At step 512, the triplet of electronic user accounts is identified as having been treated and the method further returns to step 488 to further determine whether there remain triplets of electronic datasets to be treated.

Referring now to Figure 13C, therein illustrated is a flow chart of the operation steps of a method 504 for adjusting identification scores for a triplet of electronic user accounts by transitivity. The method 504 illustrates sub-steps of step 504 of method 188b for adjusting identification scores for existing electronic user accounts across a set of a plurality of pairings of electronic user accounts.

As described elsewhere herein, the triplet of electronic user accounts is retrieved at step 496, which leads to the updating of identification scores.

At step 514, the identification score (ex: as updated according to method 188a described herein) of a first pairing of electronic user accounts of the triplet is compared with an equal threshold (TE) and the identification score (ex: as also updated according to method 188a described herein) of a second pairing of electronic user accounts of the triplet is also compared with the equal threshold. The equal threshold corresponds to a threshold level of the identification score indicating that the electronic user accounts for that identification score are sufficiently related (i.e. high likelihood of being associated with the same user entity) such that the indication may be used to adjust the identification score of another pairing by transitivity.

It will be appreciated that the pairing includes a common electronic user account (i.e. an electronic dataset that is a member of both the first pairing and the second paring). The common electronic user account is paired with a non-common electronic user account (i.e. an electronic user account that is a member of one of the pairings but not a member of the other pairing). In the illustrated example, electronic user account X is the common electronic user account and electronic user accounts Y and Z are non-common electronic user accounts.

At step 512, if the identification score for the first pairing is greater than the equal threshold TE and the identification score for the second pairing is also greater than the equal threshold TE, the identification score (ex: IS_YZ) for the pairing of the non-common electronic user accounts (ex: user accounts Y and Z) is increased at step 516. It will be appreciated that the increase in the identification score for the non-common electronic user accounts indicates that user accounts Y and Z are considered to be more likely to be associated with the same user entity. The amount of the increase between the pairing of the non-common electronic user accounts may be based on the previous identification score of the non- common electronic user accounts and/or the value of the equal threshold TE.

At step 520, the identification score (ex: as updated according to method 188a described herein) of one of the pairings of the electronic user accounts of the triplet is compared with an equal threshold TE and the identification score (ex: as also updated according to method 188a described herein) of the other pairing of the electronic user accounts of the triplet is compared with a different threshold (TD). The different threshold corresponds to a threshold level of the identification score indicating that the electronic user accounts for that identification score are sufficiently unrelated (i.e. low likelihood of being associated with the same user entity) such that the indication may be used to adjust the identification score of another pairing by transitivity.

For example, and as illustrated, step 520 includes considering:

• the first pairing of electronic user accounts (XY) being greater than the equal threshold TE and the second pairing of electronic user accounts (XZ) being less than the different threshold TD; and

• the first pairing of electronic user accounts (XY) being less than the different threshold TD and the second pairing of electronic user accounts (XZ) being greater than the equal threshold TE. At step 520, if the identification score for one of the pairings is greater than the equal threshold TE while the identification score for the other of the pairings is less than a different threshold TD, the identification score (ex: IS_YZ) for the pairing of the non-common electronic user accounts (ex: user accounts Y and Z) is decreased at step 524. It will be appreciated that the decrease in the identification score for the non-common electronic user accounts indicates that user accounts Y and Z are considered to be less likely to be associated with the same user entity. The amount of the decrease between the pairing of the non- common electronic user accounts may be based on the previous identification score of the non-common electronic user accounts and/or the value of the different threshold.

Referring now to Figures 14A, 14B and 14C therein illustrated or schematic diagrams showing changes in identification scores by transitivity.

In Figure 14A, the identification score for the pairing of electronic user accounts A and C is high (exceeds the equal threshold) while the identification score for the pairing of electronic user accounts A and B is low (is less than the different threshold). Accordingly, the identification score for the pairing of electronic user accounts B and C is lowered by transitivity. As a result, datasets A and C are considered to be associated with the same user entity.

In Figure 14B, the identification score for the pairing of electronic user accounts A and B is high (exceeds equal threshold) while the identification score for the pairing of electronic user accounts A and C is also high (exceeds the equal threshold). Accordingly, the identification score for the pairing of the electronic user accounts B and C is increased. Datasets A, B and C are considered to be associated with the same user entity. In Figure 14C, the identification score for the pairing of the electronic user accounts C and A is high (exceeds the equal threshold) while the identification score for the pairing of electronic user accounts C and B is neutral (does not exceed the equal threshold, nor is less than different threshold). Accordingly, the identification score for the pairing of electronic user accounts A and B is unchanged.

While various examples have been described for triplets of electronic user accounts, it will be understood that the adjusting of identification scores for a plurality of electronic user accounts can be applied to groups of electronic datasets greater than three electronic datasets. Figure 15 illustrates an example of adjusting identification scores for groups of four electronic user accounts. Referring now to Figure 16, therein illustrated is a schematic diagram of the relationship between a real-world user entity 1 , their electronic profile 8 and electronic datasets (each being associated with a respective electronic user account) storing user attributes for user entities following registration of the user entity 1 with the system 24 for combined authentication and identification. As illustrated, an authentication score of 80% has been determined for the user entity with respect to profile A, which may be identified by a corresponding master account for the user. The profile A is defined by electronic datasets A, B, and C and identification scores have been determined for pairings between the electronic user accounts associated with these datasets. The authentication score is increased or decreased based on responses provided by the user to informational requests and whether the responses match, or do not match, user attributes stored in the datasets of Profile A. The identification scores between the electronic user accounts associated with the datasets are also adjusted based on the responses. It will be appreciated that the current state illustrated in Figure 16 shows that it is unclear whether electronic user account associated with dataset C belongs to Profile A or Profile B. Additional responses to informational requests may be used to confirm whether electronic user account associated with dataset C belongs to Profile A, to Profile B, or whether Profile A and B are associated with the same user. As described elsewhere herein, the additional responses can be information provided by the user or from automatically retrieved information entry. The automatically retrieved information can come from usage of the electronic user account associated with dataset C. Confirmation of the dataset C belonging to either Profile A or Profile B can be caused by changes in the identification score between that dataset and the datasets already forming part of Profile A and Profile B. The changes in identification score can be caused by comparing of triplets (Figure 13B) through transitivity.

It will be understood that the ongoing adjustment of identification scores between pairings of electronic datasets as user accounts are being used allows identifying that an existing user account belongs to a particular profile (identified by a particular master user account) for a given user. This identification that the existing user account belongs to the same user profile (same master account) can occur, for example, through usage of the existing user account after creation of the master user account. The existing user account may even be created after creation of the master user account. According to one example embodiment, any activity relating to creation or modification to a dataset can be tracked. These may include modifications made by a user when using one or more user accounts (ex: changing the address attribute in one or more datasets). These may also include updates or adjustments made to authentication score for a master account or to an identification score for a pairing of user accounts in response to modifications to a user account or to usage by a user. These activities relating to a dataset can be stored within a blockchain that can be further stored in a distributed ledger. This allows ensuring integrity of information stored in the electronic datasets. Furthermore, a data source score may be calculated and updated over time for one or more entries in the dataset. The data source score can indicate a health check on the validity and integrity of the information in that dataset.

Referring now to Figure 17, therein illustrated is a schematic diagram of relationships between a real-world user 1 , associated electronic user account in the master database M1 , and existing electronic user accounts A, B, stored in external systems. User entity X has an authentication score AS of 30% to user account M1 . User account M1 has an identification score of 60% with electronic user account A, which further has an identification score of 50% with electronic user account B. An authorized intermediary 132 has confirmed that user entity X has been 100% authenticated with respect to profile A1 stored in the authority system. This profile A1 can have user attributes in common with user attributes stored in electronic dataset associated with electronic user account A, which increases the authentication score of user entity X with the master electronic user account M1 and further increases the identification score of the master electronic user account M1 with the electronic user account A. It will be appreciated that various example embodiments described herein provides for authentication and identification of accounts within a single registration process. As the user provides information about themselves, existing electronic accounts/datasets that may be associated with the user are identified. Responses to informational requests allow the system 24 to, within a same step, authenticate whether user is actually associated with a user profile formed of those electronic datasets and also identify whether these electronic datasets are associated with the same user entity. This allows aggregating together electronic datasets across different databases and associating these with the same user entity, which provides easier access to the electronic accounts for the user entity. At the same time, it is confirmed whether the user entity is the authentic owner of these electronic accounts.

According to an example use case, a user initially starts with multiple electronic user accounts which they must access separately. Each electronic user accounts is defined by a respective electronic dataset that may have partly overlapping types of user attributes. Some of the corresponding types of user attributes of the accounts can also exhibit a full match or a partial match. For example, the user can initially have the following four accounts:

Account #1 for service #1 (utility bill) at city #1 (Valleyfield): · Name: John Smith;

• Email address: j.smith@email.com

• Address: 123 Rome Street, Valleyfield

• Utility cost: $450 for 2017; $432 for 2016; $412 for 2015, etc. Account #2 for service #2 (Library Card) at city #1 (Valleyfield):

• Name: John Smith;

• Email address: iohn.smith@freemail.com

• Address: 123 Rome Street, Valleyfield

• Library usage: list of books loaned by John Smith Account #3 for service #3 (Recreation centre) at city #1 (Valleyfield):

• Name: John Smith;

• Email address: iohn.smith@freemail.com

• Address: 123 Rome Street, Valleyfield

· Activities: Registered spinning classes

Account #4 for service #1 (Recreation centre) at city #2 (Salaberry):

• Name: J Smith;

• Email address: j.smith(S)email.com

· Address: 123 Rome Street, Valleyfield

• Activities: squash ladder schedule;

As described above, the accounts are not initially interlinked with one another. Therefore, the user must provide appropriate credentials in order to access each account. Furthermore, the user's account information (user attributes) must be updated separately, such as when the user changes home address.

According to various example embodiments for authentication and identification of accounts within a single registration process, a user can undertake a process to create a user profile (a new master user account). The process can occur, for example, when the user renews their recreation centre membership. For example, the user can provide a set of registration information that matches those included for Account #3 listed above when initially creating the new master user account. An official at the recreation centre can verify a piece ID belonging to the user and the master user account is initially attributed a high authentication score. Following various methods described herein (ex: Figures 7A to 13C), various existing user accounts already stored in databases 40 and 32 are retrieved and compared to the set of registration information. Due to the matches in the address attribute, Accounts #1 to #4 are found to have identification scores that exceed the similarity threshold. Informational requests can then be generated during the registration process to better identify the user (to increase authentication and identification score). Due to the matches in name attribute, address attribute and email address attribute, Account #2 and Account #3 can be immediately determined as being part of the same user profile for the user. These two accounts can be linked to the newly created master user account. It will be appreciated that there is a mismatch in the email address for

Account #1. An informational request can therefore be generated to better identify this account. For example, the informational request can ask for the user to provide the amount of their utility bill for 2017. Upon the user providing this information, Account #1 is also linked with the newly created master user account. For Account #4, there is partial match between the name attributes and a mismatch in the email address attributed. Here, the informational request can ask for the user to provide the date of their next scheduled match in their squash ladder. Upon the user providing this information, Account #4 is also linked with the newly created master user account. Upon the four accounts being linked to the same user profile and master user account, the user can more easily manage these accounts (ex: to indicate a change in address, to pay for services, etc.). Suggestions or recommendations can also be made to the user based on information across the various accounts (ex: "the recreation centre in Salaberry is now offering spinning classes"). Some time after creating the master user account, the user may separately create additional electronic user accounts for other services that are not initially linked with the master user account. For example, the user can create the following loyalty membership account at a sporting goods store in a third city:

Account #5 for loyalty membership at ABC Sporting goods: · Name: John Smith;

• Email address: i.smith(5)email.com;

• Purchases: cycling gear purchases and squash equipment purchases.

Following exemplary method described herein (ex: Fig. 16), the identification scores for electronic datasets can be adjusted on an ongoing basis. Following the creation Account #5, the identification score between Account #5 and Account #4 can be identified as being sufficiently high (due to the matching of email addresses) to indicate that the two accounts possibly belong to the same user. However, the identification score is not sufficiently high to definitely find that the two accounts belong to the same user. In accordance with example embodiments described herein, the identification score can be adjusted over time based on new information for the user. For example, the user's event calender can be retrieved to show that the user repeatedly has scheduled squash match that correspond to those matches of the squash ladder schedule of Account #4. This correspondence can increase the identification score between Account #4 and Account #5 such that Account #5 is also found to belong to the same user. Accordingly, Account #5 is also linked to the same master user account. It will be appreciated that Account #5 is linked automatically without the user having to take an active step of deliberately linking the accounts. While the above description provides examples of the embodiments, it will be appreciated that some features and/or functions of the described embodiments are susceptible to modification without departing from the spirit and principles of operation of the described embodiments. Accordingly, what has been described above has been intended to be illustrative and non-limiting and it will be understood by persons skilled in the art that other variants and modifications may be made without departing from the scope of the invention as defined in the claims appended hereto.