Methods and systems for electronic transactions using multifactor authentication
First Claim
1. A method of performing an electronic transaction using multifactor authentication, comprising:
- providing a physical token imprinted with account information encoded in high-density code, the encoded account information imprinted on the physical token consisting at least in part of a secret account identifier encrypted with a unique shared symmetric encryption key stored separately on a mobile device processor and an authentication server processor and an unencrypted shared symmetric key identifier, and said secret account identifier being different from any unencrypted, unencoded account number printed on the physical token;
decoding, by the mobile device processor coupled to mobile device memory and executing a mobile application, the encoded account information imprinted on the physical token consisting at least in part of the secret account identifier encrypted with the unique shared symmetric encryption key stored on the mobile device processor and the authentication server processor and the unencrypted shared symmetric key identifier;
locating, by the mobile device processor, the unique shared symmetric encryption key using the unencrypted shared symmetric key identifier;
decrypting, by the mobile device processor, the secret account identifier encrypted with the unique shared symmetric encryption key using the located unique shared symmetric encryption key;
receiving, by the authentication server processor coupled to authentication server memory, from the mobile device processor, a transaction message encrypted with a public key of a first asymmetric public/private key pair, the private key of which is stored only on the authentication server processor, the encrypted transaction message consisting of the account identifier and a transaction request;
decrypting, by the authentication server processor, the transaction message consisting of the account identifier and the transaction request, with the private key of the asymmetric public/private key pair stored only on the authentication server processor;
verifying, using the authentication server processor, the account information;
encrypting, by the authentication server processor, a transaction confirmation message with a public key of a second asymmetric public/private key pair, the private key of which is stored only on the mobile device processor; and
sending, by the authentication server processor, the transaction confirmation message encrypted with the public key of the second asymmetric public/private key pair, the private key of which is stored only on the mobile device processor to the mobile device processor.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for performing electronic transactions involve receiving, using a processor coupled to memory, from a mobile application on a user'"'"'s mobile device processor, a transaction message consisting at least in part of the user'"'"'s account information obtained by the mobile application reading user account information encoded on a token of the user that is physically distinct from the mobile device processor and a transaction request for the user. Using the processor, the user'"'"'s account information is verified and a transaction confirmation message is generated and sent to the mobile application on the user'"'"'s mobile device processor.
-
Citations
31 Claims
-
1. A method of performing an electronic transaction using multifactor authentication, comprising:
-
providing a physical token imprinted with account information encoded in high-density code, the encoded account information imprinted on the physical token consisting at least in part of a secret account identifier encrypted with a unique shared symmetric encryption key stored separately on a mobile device processor and an authentication server processor and an unencrypted shared symmetric key identifier, and said secret account identifier being different from any unencrypted, unencoded account number printed on the physical token; decoding, by the mobile device processor coupled to mobile device memory and executing a mobile application, the encoded account information imprinted on the physical token consisting at least in part of the secret account identifier encrypted with the unique shared symmetric encryption key stored on the mobile device processor and the authentication server processor and the unencrypted shared symmetric key identifier; locating, by the mobile device processor, the unique shared symmetric encryption key using the unencrypted shared symmetric key identifier; decrypting, by the mobile device processor, the secret account identifier encrypted with the unique shared symmetric encryption key using the located unique shared symmetric encryption key; receiving, by the authentication server processor coupled to authentication server memory, from the mobile device processor, a transaction message encrypted with a public key of a first asymmetric public/private key pair, the private key of which is stored only on the authentication server processor, the encrypted transaction message consisting of the account identifier and a transaction request; decrypting, by the authentication server processor, the transaction message consisting of the account identifier and the transaction request, with the private key of the asymmetric public/private key pair stored only on the authentication server processor; verifying, using the authentication server processor, the account information; encrypting, by the authentication server processor, a transaction confirmation message with a public key of a second asymmetric public/private key pair, the private key of which is stored only on the mobile device processor; and sending, by the authentication server processor, the transaction confirmation message encrypted with the public key of the second asymmetric public/private key pair, the private key of which is stored only on the mobile device processor to the mobile device processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A system for performing an electronic transaction using multifactor authentication, comprising:
-
a physical token imprinted with account information encoded in high-density code, the encoded account information imprinted on the physical token consisting at least in part of a secret account identifier encrypted with a unique shared symmetric encryption key stored separately on a mobile device processor and an authentication server processor and an unencrypted shared symmetric key identifier, and said secret account identifier being different from any unencrypted, unencoded account number printed on the physical token; the mobile device processor coupled to mobile device memory and being programmed to; decode the encoded account information imprinted on the physical token consisting at least in part of the secret account identifier encrypted with the unique shared symmetric encryption key stored on the mobile device processor and the authentication server processor and the unencrypted shared symmetric key identifier; locate the unique shared symmetric encryption key using the unencrypted shared symmetric key identifier; decrypt the secret account identifier encrypted with the unique shared symmetric encryption key using the located unique shared symmetric encryption key; the authentication server processor coupled to authentication server memory and being programmed to; receive, from a mobile application executing on the mobile device processor, a transaction message encrypted with a public key of a first asymmetric public/private key pair, the private key of which is stored only on the authentication server processor, the encrypted transaction message consisting of the account identifier encrypted and a transaction request; decrypt the transaction message, consisting of the account identifier and the transaction request, with the private key of the asymmetric public/private key pair stored only on the authentication server processor; verify the account information; encrypt a transaction confirmation message with a public key of a second asymmetric public/private key pair, the private key of which is stored only on the mobile device processor; and send the transaction confirmation message encrypted with the public key of the second asymmetric public/private key pair, the private key of which is stored only on the mobile device processor to the mobile device processor.
-
Specification