System and method for authentication of a mobile device

US 10,552,823 B1
Filed: 03/27/2017
Issued: 02/04/2020
Est. Priority Date: 03/25/2016
Status: Active Grant

First Claim

Patent Images

1. A system for authenticating a mobile device in a transaction where a one-time password is used to authenticate a user of the mobile device, comprising:

a processor at the mobile device;

a subscriber identity module at the mobile device, the subscriber identity module containing a unique mobile ID assigned to the mobile device; and

a memory, the memory storing instructions that, when executed by the processor, cause the processor to;

receive, from a security server when the mobile device is being used to conduct a transaction, a hyperlink, with the hyperlink including metadata having a one-time password;

in response to the hyperlink being selected at the mobile device, retrieve from the subscriber identity module, the unique mobile ID, and populate the one-time password at a password field at the mobile device for being provided to a transaction server to authenticate the user;

provide the retrieved unique mobile ID to the security server for comparison to a mobile ID that has been validated as associated with the mobile device; and

provide the one-time password to the transaction server at which the transaction is being conducted, to authenticate the user of the mobile device with the one-time password and complete the transaction, only if the retrieved mobile ID matches the validated mobile ID.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The security of a transaction conducted at a mobile device, using a one-time password to authenticate the mobile device user, is enhanced by requiring that the mobile device also be authenticated by providing a valid mobile device ID. A security server that provides the one-time password to the mobile device also provides a hyperlink that, when selected, causes a mobile device ID, such as an IMSI, to be retrieved from a SIM in the mobile device The retrieved mobile device ID is then sent to the security server. A database associated with the security server stores valid mobile device IDs, and compares the retrieved mobile device ID from the mobile device to the valid mobile device ID for that mobile device stored in the database. In alternative embodiments, the mobile device is authenticated without the use of a one-time password. In some cases the mobile device ID may be a phone number returned in an HTTP message header from the mobile device, and it is compared to a mobile device ID maintained by a bank or other entity managing the transaction.

92 Citations

View as Search Results

20 Claims

1. A system for authenticating a mobile device in a transaction where a one-time password is used to authenticate a user of the mobile device, comprising:
- a processor at the mobile device;
  
  a subscriber identity module at the mobile device, the subscriber identity module containing a unique mobile ID assigned to the mobile device; and
  
  a memory, the memory storing instructions that, when executed by the processor, cause the processor to;
  
  receive, from a security server when the mobile device is being used to conduct a transaction, a hyperlink, with the hyperlink including metadata having a one-time password;
  
  in response to the hyperlink being selected at the mobile device, retrieve from the subscriber identity module, the unique mobile ID, and populate the one-time password at a password field at the mobile device for being provided to a transaction server to authenticate the user;
  
  provide the retrieved unique mobile ID to the security server for comparison to a mobile ID that has been validated as associated with the mobile device; and
  
  provide the one-time password to the transaction server at which the transaction is being conducted, to authenticate the user of the mobile device with the one-time password and complete the transaction, only if the retrieved mobile ID matches the validated mobile ID.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein the hyperlink identifies an application resident at the mobile device, and wherein the application resident at the mobile device is launched by the processor in order to retrieve, from the subscriber identity module, the unique mobile ID and populate the one-time password at the password field at the mobile device.
  - 3. The system of claim 1, wherein the hyperlink includes instructions that, when the hyperlink is selected, cause the processor to retrieve, from the subscriber identity module, the unique mobile ID.
  - 4. The system of claim 1, wherein the stored instructions, when executed by the processor further cause the processor to:
    - provide the retrieved unique mobile ID for comparison to the validated mobile ID by transmitting the retrieved unique mobile ID to the security server, wherein the security server retrieves the validated mobile ID from a mobile ID database associated with the security server, and wherein the security server;
      
      compares the validated mobile ID with the unique mobile ID retrieved from the subscriber identity module to authenticate the mobile device.
  - 5. The system of claim 1, wherein the stored instructions, when executed by the processor, further cause the processor to:
    - provide the password field, within a data record at the mobile device, for being populated with the one-time password; and
      
      automatically populate the password field with the one-time password in the hyperlink from the security server.
  - 6. The system of claim 5, wherein the stored instructions, when executed by the processor, further cause the processor to:
    - provide the data record, including the populated password field, to the transaction server.
  - 7. The system of claim 6, wherein the security server receives, from the transaction server, a request to authenticate the mobile device when the mobile device is being used to conduct a transaction, wherein the request includes information identifying a user associated with the mobile device, and wherein the hyperlink is transmitted from the security server to the mobile device, based on the information identifying the user associated with the mobile device.
  - 8. The system of claim 7, wherein the information identifying the user associated with the mobile device comprises a mobile device telephone number.
  - 9. The system of claim 1, wherein the hyperlink includes an associated hyperlink active period, and wherein the stored instructions will cause the processor to, in response to the hyperlink being selected at the mobile device, retrieve from the subscriber identity module, the unique mobile ID, only when it is selected prior to expiration of the hyperlink active period.
  - 10. The system of claim 1, wherein the hyperlink includes an associated hyperlink time limit, and wherein the unique mobile ID is retrieved in response to the hyperlink being selected at the mobile device, only if the hyperlink is selected prior to the expiration of the hyperlink time limit.
  - 11. The system of claim 1, wherein the one-time password includes an associated password time limit, and wherein one-time password authenticates the user only if the one-time password is provided to the transaction server prior to expiration of the password time limit.
  - 12. The system of claim 1, wherein the unique mobile ID is an internal identifier used by a wireless service provider to communicate with the mobile device.
  - 13. The system of claim 12, wherein the unique mobile ID is an international mobile subscriber identity (IMSI).

14. A method for authenticating a mobile device in a transaction where a one-time password is used to authenticate a user of the mobile device, comprising:
- receiving, from a security server when the mobile device is being used to conduct a transaction, a hyperlink, with the hyperlink including metadata having a one-time password;
  
  in response to the hyperlink being selected at the mobile device, retrieving from a subscriber identity module at the mobile device, a unique mobile ID, and populating the one-time password at a password field at the mobile device for being provided to a transaction server to authenticate the user;
  
  providing the retrieved unique mobile ID to the security server for comparison to a mobile ID that has been validated as associated with the mobile device; and
  
  authenticating the user of the mobile device with the one-time password and completing the transaction at the transaction server, only if the retrieved mobile ID matches the validated mobile ID.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the hyperlink identifies an application resident at the mobile device, and wherein the application resident at the mobile device is launched by the processor at the mobile device in order to retrieve, from the subscriber identity module, the unique mobile ID and populate the one-time password at the password field at the mobile device.
  - 16. The method of claim 14, further comprising:
    - retrieving at the security server the validated mobile ID from a mobile ID database associated with the security server; and
      
      comparing at the security server the validated mobile ID with the unique mobile ID retrieved from the subscriber identity module to authenticate the mobile device.
  - 17. The method of claim 14, wherein the security server receives, from the transaction server, a request to authenticate the mobile device when the mobile device is being used to conduct a transaction, wherein the request includes information identifying a user associated with the mobile device, and wherein the hyperlink is transmitted from the security server to the mobile device, based on the information identifying the user associated with the mobile device.
  - 18. The method of claim 17, wherein the information identifying the user associated with the mobile device comprises a mobile device telephone number.
  - 19. The method of claim 14, wherein the hyperlink includes an associated hyperlink active period, and wherein the stored instructions will cause the processor to, in response to the hyperlink being selected at the mobile device, retrieve from the subscriber identity module, the unique mobile ID, only when it is selected prior to expiration of the hyperlink active period.
  - 20. The method of claim 14, wherein the hyperlink includes an associated hyperlink time limit, and wherein, the unique mobile ID is retrieved in response to the hyperlink being selected at the mobile device, only if the hyperlink is selected prior to the expiration of the hyperlink time limit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Payfone Incorporated
Original Assignee
Early Warning Services, LLC
Inventors
Woodward, Eric, Desai, Rodger, Bartrim, Aaron, Chan-Bauza, Betty
Primary Examiner(s)
Lemieux, Jessica

Application Number

US15/470,522
Time in Patent Office

1,044 Days
Field of Search

705 44
US Class Current
CPC Class Codes

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/325   using wireless networks

G06Q 20/4014   Identity check for transact...

G06Q 20/409   Device specific authenticat...

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

H04W 12/71   Hardware identity

System and method for authentication of a mobile device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

92 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authentication of a mobile device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links