System and method for authentication of a mobile device
First Claim
1. A system for authenticating a mobile device in a transaction where a one-time password is used to authenticate a user of the mobile device, comprising:
- a processor at the mobile device;
a subscriber identity module at the mobile device, the subscriber identity module containing a unique mobile ID assigned to the mobile device; and
a memory, the memory storing instructions that, when executed by the processor, cause the processor to;
receive, from a security server when the mobile device is being used to conduct a transaction, a hyperlink, with the hyperlink including metadata having a one-time password;
in response to the hyperlink being selected at the mobile device, retrieve from the subscriber identity module, the unique mobile ID, and populate the one-time password at a password field at the mobile device for being provided to a transaction server to authenticate the user;
provide the retrieved unique mobile ID to the security server for comparison to a mobile ID that has been validated as associated with the mobile device; and
provide the one-time password to the transaction server at which the transaction is being conducted, to authenticate the user of the mobile device with the one-time password and complete the transaction, only if the retrieved mobile ID matches the validated mobile ID.
3 Assignments
0 Petitions
Accused Products
Abstract
The security of a transaction conducted at a mobile device, using a one-time password to authenticate the mobile device user, is enhanced by requiring that the mobile device also be authenticated by providing a valid mobile device ID. A security server that provides the one-time password to the mobile device also provides a hyperlink that, when selected, causes a mobile device ID, such as an IMSI, to be retrieved from a SIM in the mobile device The retrieved mobile device ID is then sent to the security server. A database associated with the security server stores valid mobile device IDs, and compares the retrieved mobile device ID from the mobile device to the valid mobile device ID for that mobile device stored in the database. In alternative embodiments, the mobile device is authenticated without the use of a one-time password. In some cases the mobile device ID may be a phone number returned in an HTTP message header from the mobile device, and it is compared to a mobile device ID maintained by a bank or other entity managing the transaction.
92 Citations
20 Claims
-
1. A system for authenticating a mobile device in a transaction where a one-time password is used to authenticate a user of the mobile device, comprising:
-
a processor at the mobile device; a subscriber identity module at the mobile device, the subscriber identity module containing a unique mobile ID assigned to the mobile device; and a memory, the memory storing instructions that, when executed by the processor, cause the processor to; receive, from a security server when the mobile device is being used to conduct a transaction, a hyperlink, with the hyperlink including metadata having a one-time password; in response to the hyperlink being selected at the mobile device, retrieve from the subscriber identity module, the unique mobile ID, and populate the one-time password at a password field at the mobile device for being provided to a transaction server to authenticate the user; provide the retrieved unique mobile ID to the security server for comparison to a mobile ID that has been validated as associated with the mobile device; and provide the one-time password to the transaction server at which the transaction is being conducted, to authenticate the user of the mobile device with the one-time password and complete the transaction, only if the retrieved mobile ID matches the validated mobile ID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for authenticating a mobile device in a transaction where a one-time password is used to authenticate a user of the mobile device, comprising:
-
receiving, from a security server when the mobile device is being used to conduct a transaction, a hyperlink, with the hyperlink including metadata having a one-time password; in response to the hyperlink being selected at the mobile device, retrieving from a subscriber identity module at the mobile device, a unique mobile ID, and populating the one-time password at a password field at the mobile device for being provided to a transaction server to authenticate the user; providing the retrieved unique mobile ID to the security server for comparison to a mobile ID that has been validated as associated with the mobile device; and authenticating the user of the mobile device with the one-time password and completing the transaction at the transaction server, only if the retrieved mobile ID matches the validated mobile ID. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification