Methods and systems for electronic transactions using multifactor authentication

US 10,270,587 B1
Filed: 05/14/2012
Issued: 04/23/2019
Est. Priority Date: 05/14/2012
Status: Active Grant

First Claim

Patent Images

1. A method of performing an electronic transaction using multifactor authentication, comprising:

providing a physical token imprinted with account information encoded in high-density code, the encoded account information imprinted on the physical token consisting at least in part of a secret account identifier encrypted with a unique shared symmetric encryption key stored separately on a mobile device processor and an authentication server processor and an unencrypted shared symmetric key identifier, and said secret account identifier being different from any unencrypted, unencoded account number printed on the physical token;

decoding, by the mobile device processor coupled to mobile device memory and executing a mobile application, the encoded account information imprinted on the physical token consisting at least in part of the secret account identifier encrypted with the unique shared symmetric encryption key stored on the mobile device processor and the authentication server processor and the unencrypted shared symmetric key identifier;

locating, by the mobile device processor, the unique shared symmetric encryption key using the unencrypted shared symmetric key identifier;

decrypting, by the mobile device processor, the secret account identifier encrypted with the unique shared symmetric encryption key using the located unique shared symmetric encryption key;

receiving, by the authentication server processor coupled to authentication server memory, from the mobile device processor, a transaction message encrypted with a public key of a first asymmetric public/private key pair, the private key of which is stored only on the authentication server processor, the encrypted transaction message consisting of the account identifier and a transaction request;

decrypting, by the authentication server processor, the transaction message consisting of the account identifier and the transaction request, with the private key of the asymmetric public/private key pair stored only on the authentication server processor;

verifying, using the authentication server processor, the account information;

encrypting, by the authentication server processor, a transaction confirmation message with a public key of a second asymmetric public/private key pair, the private key of which is stored only on the mobile device processor; and

sending, by the authentication server processor, the transaction confirmation message encrypted with the public key of the second asymmetric public/private key pair, the private key of which is stored only on the mobile device processor to the mobile device processor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for performing electronic transactions involve receiving, using a processor coupled to memory, from a mobile application on a user'"'"'s mobile device processor, a transaction message consisting at least in part of the user'"'"'s account information obtained by the mobile application reading user account information encoded on a token of the user that is physically distinct from the mobile device processor and a transaction request for the user. Using the processor, the user'"'"'s account information is verified and a transaction confirmation message is generated and sent to the mobile application on the user'"'"'s mobile device processor.

Citations

31 Claims

1. A method of performing an electronic transaction using multifactor authentication, comprising:
- providing a physical token imprinted with account information encoded in high-density code, the encoded account information imprinted on the physical token consisting at least in part of a secret account identifier encrypted with a unique shared symmetric encryption key stored separately on a mobile device processor and an authentication server processor and an unencrypted shared symmetric key identifier, and said secret account identifier being different from any unencrypted, unencoded account number printed on the physical token;
  
  decoding, by the mobile device processor coupled to mobile device memory and executing a mobile application, the encoded account information imprinted on the physical token consisting at least in part of the secret account identifier encrypted with the unique shared symmetric encryption key stored on the mobile device processor and the authentication server processor and the unencrypted shared symmetric key identifier;
  
  locating, by the mobile device processor, the unique shared symmetric encryption key using the unencrypted shared symmetric key identifier;
  
  decrypting, by the mobile device processor, the secret account identifier encrypted with the unique shared symmetric encryption key using the located unique shared symmetric encryption key;
  
  receiving, by the authentication server processor coupled to authentication server memory, from the mobile device processor, a transaction message encrypted with a public key of a first asymmetric public/private key pair, the private key of which is stored only on the authentication server processor, the encrypted transaction message consisting of the account identifier and a transaction request;
  
  decrypting, by the authentication server processor, the transaction message consisting of the account identifier and the transaction request, with the private key of the asymmetric public/private key pair stored only on the authentication server processor;
  
  verifying, using the authentication server processor, the account information;
  
  encrypting, by the authentication server processor, a transaction confirmation message with a public key of a second asymmetric public/private key pair, the private key of which is stored only on the mobile device processor; and
  
  sending, by the authentication server processor, the transaction confirmation message encrypted with the public key of the second asymmetric public/private key pair, the private key of which is stored only on the mobile device processor to the mobile device processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. The method of claim 1, wherein receiving the transaction message further comprises receiving a self-service financial transaction terminal transaction request message.
  - 3. The method of claim 2, wherein receiving the self-service financial transaction terminal transaction request message further comprises receiving an automated teller machine withdrawal transaction request message.
  - 4. The method of claim 1, wherein receiving the transaction message further comprises receiving a payment transaction request message.
  - 5. The method of claim 4, wherein receiving the payment transaction request message further comprises receiving a merchant identifier and a payment amount for the payment transaction request.
  - 6. The method of claim 4, wherein receiving the payment transaction message further comprises receiving an online payment transaction request message.
  - 7. The method of claim 1, wherein receiving the transaction message further comprises receiving an electronic wallet fill request transaction message.
  - 8. The method of claim 1, wherein receiving the transaction message further comprises receiving a fund transfer transaction request message.
  - 9. The method of claim 8, wherein receiving the fund transfer transaction request message further comprises receiving a fund transfer amount for the fund transfer transaction.
  - 10. The method of claim 8, wherein receiving the fund transfer transaction request message further comprises receiving a fund transfer receiver identifier for the fund transfer transaction.
  - 11. The method of claim 1, wherein receiving the transaction message further comprises receiving the transaction message from the mobile application on the mobile device processor via a self-service financial transaction terminal.
  - 12. The method of claim 1, wherein receiving the transaction message further comprises receiving the transaction message from the mobile application on the mobile device processor via a point-of-sale (POS) device.
  - 13. The method of claim 1, wherein providing the physical token imprinted with account information encoded with high-density code further comprises providing the physical token imprinted with account information encoded with high-density, two-dimensional code.
  - 14. The method of claim 1, wherein providing the physical token imprinted with account information encoded with high-density code further comprises providing the physical token imprinted with account information encoded with matrix bar code.
  - 15. The method of claim 1, wherein providing the physical token imprinted with account information further providing the physical token imprinted with account information encoded on a transaction card of a user.
  - 16. The method of claim 1, wherein receiving the transaction message further comprises receiving the transaction message consisting at least in part of a user identifier.
  - 17. The method of claim 16 wherein receiving the transaction message consisting at least in part of the user identifier further comprises receiving the transaction message consisting at least in part of a user'"'"'s personal identification number (PIN).
  - 18. The method of claim 16, wherein receiving the transaction message consisting at least in part of the user identifier further comprises receiving the transaction message consisting at least in part of a user'"'"'s electronic wallet personal identification number (PIN).
  - 19. The method of claim 1, wherein receiving the transaction message further comprises receiving the transaction message consisting at least in part of a mobile device identifier.
  - 20. The method of claim 19, wherein receiving the transaction message consisting at least in part of the mobile device identifier further comprises receiving the transaction message consisting at least in part of an International Mobile Subscriber Identity (IMSI) designation for the mobile device.
  - 21. The method of claim 1, wherein receiving the transaction message further comprises receiving the transaction message encrypted by the mobile application with a public key of a card issuer.
  - 22. The method of claim 21, further comprising decrypting, by the authentication server processor, the encrypted transaction message with the card issuer'"'"'s private key of a public/private key pair of the card issuer.
  - 23. The method of claim 1, wherein verifying the account information further comprises checking the account balance, decrementing the account by a transaction request amount, and updating an account record.
  - 24. The method of claim 23, wherein updating a user'"'"'s account record further comprises updating electronic wallet account records for both a user as a sender in a fund transfer transaction with a receiver and the receiver in the fund transfer transaction.
  - 25. The method of claim 1, further comprising generating a two part transaction authorization message having a first part consisting at least in part of instructions to a self-service financial transaction terminal and a second part consisting at least in part of account balance information to the mobile application.
  - 26. The method of claim 1, further comprising generating an authorization code to a merchant'"'"'s point-of-sale (POS) device and a confirmation number to the mobile application.
  - 27. The method of claim 1, further comprising generating a confirmation message consisting at least in part of a transaction amount and a confirmation code.
  - 28. The method of claim 1, further comprising generating an authorization code consisting at least in part of a combination of a card issuer'"'"'s identifier and a transaction identifier.
  - 29. The method of claim 1, further comprising generating a transaction confirmation code and an account balance.
  - 30. The method of claim 1, wherein sending the transaction confirmation message to the mobile application further comprises sending an at least partially encrypted transaction confirmation message to the mobile application.

31. A system for performing an electronic transaction using multifactor authentication, comprising:
- a physical token imprinted with account information encoded in high-density code, the encoded account information imprinted on the physical token consisting at least in part of a secret account identifier encrypted with a unique shared symmetric encryption key stored separately on a mobile device processor and an authentication server processor and an unencrypted shared symmetric key identifier, and said secret account identifier being different from any unencrypted, unencoded account number printed on the physical token;
  
  the mobile device processor coupled to mobile device memory and being programmed to;
  
  decode the encoded account information imprinted on the physical token consisting at least in part of the secret account identifier encrypted with the unique shared symmetric encryption key stored on the mobile device processor and the authentication server processor and the unencrypted shared symmetric key identifier;
  
  locate the unique shared symmetric encryption key using the unencrypted shared symmetric key identifier;
  
  decrypt the secret account identifier encrypted with the unique shared symmetric encryption key using the located unique shared symmetric encryption key;
  
  the authentication server processor coupled to authentication server memory and being programmed to;
  
  receive, from a mobile application executing on the mobile device processor, a transaction message encrypted with a public key of a first asymmetric public/private key pair, the private key of which is stored only on the authentication server processor, the encrypted transaction message consisting of the account identifier encrypted and a transaction request;
  
  decrypt the transaction message, consisting of the account identifier and the transaction request, with the private key of the asymmetric public/private key pair stored only on the authentication server processor;
  
  verify the account information;
  
  encrypt a transaction confirmation message with a public key of a second asymmetric public/private key pair, the private key of which is stored only on the mobile device processor; and
  
  send the transaction confirmation message encrypted with the public key of the second asymmetric public/private key pair, the private key of which is stored only on the mobile device processor to the mobile device processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citigroup Technology, Inc. (Citigroup Incorporated)
Original Assignee
Citigroup Technology, Inc. (Citigroup Incorporated)
Inventors
Wu, Frank L.
Primary Examiner(s)
Nigh, James D
Assistant Examiner(s)
Immanuel, Isidora I

Application Number

US13/470,945
Time in Patent Office

2,535 Days
Field of Search

705 261, 705 39- 44, 705 64- 79, 705 50, 726 9, 726 16- 21, 235379-383
US Class Current
CPC Class Codes

G06Q 2220/00   Business processing using c...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/008   involving homomorphic encry...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3234   involving additional secure...

Methods and systems for electronic transactions using multifactor authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for electronic transactions using multifactor authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links