System and method for providing authentication and authorization utilizing a personal wireless communication device

US 20040097217A1
Filed: 08/06/2003
Published: 05/20/2004
Est. Priority Date: 08/06/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for authenticating a user comprising:

receiving an address of a mobile wireless communication device at a trusted server, wherein the address identifies the mobile communication device in a communication network;

locating the address of the mobile communication device among a plurality of addresses in a database, wherein the user is associated with the address in the database;

establishing, in response to the locating the address, a wireless communication link with the mobile wireless communication device;

receiving identifying information from the mobile communication device over a communication path including the wireless communication link; and

authenticating the user in response to the identifying information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authorization and authentication system utilizing a mobile communication device. The authentication and authorization system enables a trusted server, in conjunction with a user controlled mobile communication device (which has been registered with the trusted site), to authorize a transaction carried out at a transaction management system. An identity of the user is authenticated by a verification that the user is in possession of the mobile communication device. In this way, the transaction management system is able to effectuate an authorized transaction with confidence that the authorization was from the user and not a third party. In variations, the authentication is a multi-factor authentication, i.e., the user must both possess the mobile communication device and information, e.g., a password.

278 Citations

26 Claims

1. A method for authenticating a user comprising:
- receiving an address of a mobile wireless communication device at a trusted server, wherein the address identifies the mobile communication device in a communication network;
  
  locating the address of the mobile communication device among a plurality of addresses in a database, wherein the user is associated with the address in the database;
  
  establishing, in response to the locating the address, a wireless communication link with the mobile wireless communication device;
  
  receiving identifying information from the mobile communication device over a communication path including the wireless communication link; and
  
  authenticating the user in response to the identifying information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the identifying information is produced, at least in part, from shared information stored in a user programmable memory of the mobile communication device.
  - 3. The method of claim 2, wherein the shared information comprises a representation of a password, wherein the password was provided to the trusted server during an initialization of the mobile communication device.
  - 4. The method of claim 3, wherein the identifying information comprises a digital signature of a combination of the password and a username, wherein the username is associated with the user.
  - 5. The method of claim 3, wherein the shared information comprises a shared secret key produced at both the mobile communication device and the trusted server.
  - 6. The method of claim 5, wherein the identifying information comprises a digital signature of a combination of information, wherein the information includes the shared secret and a timestamp.
  - 7. The method of claim 1, wherein the identifying information is not stored at either the mobile communication device or the trusted server.
  - 8. The method of claim 1, wherein the receiving the address comprises receiving the address of the mobile communication device from a transaction management system, wherein the address is sent from the transaction management system in response to the user requesting access to a resource controlled by the transaction management system, wherein the authenticating comprises sending an authentication to the transaction management system.
  - 9. The method of claim 1, wherein the mobile communication device is a device selected from the group consisting of a cellular telephone and a personal digital assistant.
  - 10. The method of claim 1, wherein the authenticating comprises sending a communication to a transaction management system indicating the user is authenticated.
  - 11. The method of claim 10, wherein the trusted server and the transaction management system are under the control of a single administrative entity.
  - 12. The method of claim 1 comprising:
    - receiving a request from the user to change information associated with the user within a database of the trusted server; and
      
      changing the information associated with the user in response to the receiving the request;
      
      wherein the authenticating the user in response to the identifying information comprises comparing verification information at the trusted server with the identifying information;
      
      wherein the verification information is changed as a result of the changing the information associated with the user.

13. A method for obtaining access to a resource controlled by a transaction management system comprising:
- providing an address of a mobile communication device to the transaction management system;
  
  communicating the address of the mobile communication device from the transaction management system to a trusted server;
  
  transmitting identifying information from the mobile communication device to the trusted server over a communication path including a wireless communication link;
  
  providing an authentication message to the transaction management system in response to the trusted server verifying that the identifying information appropriately corresponds to the address of the mobile communication device, wherein the transaction management system provides access to the resource in response to the authentication message.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, wherein the identifying information is derived from shared information stored in a user programmable memory of the mobile communication device.
  - 15. The method of claim 14, wherein the shared information is a representation of a password, wherein the password was shared with the trusted server prior to the providing the address of a mobile communication device to the transaction management system.
  - 16. The method of claim 15, wherein the identifying information is a digital signature of a combination of the password and a username of a user of the mobile communication device.
  - 17. The method of claim 14, wherein the shared information is a shared secret key.
  - 18. The method of claim 15, wherein the identifying information includes a digital signature of the secret key along with other information.
  - 19. The method of claim 14, wherein the identifying information is a temporary key.

20. A mobile communication device for enabling a user to effectuate a transaction at a transaction management system comprising:
- a user programmable memory comprising a representation of a password stored in connection with a registration of the mobile communication device with a trusted server, wherein the registration was facilitated by the user;
  
  means for establishing a communication link with the trusted server;
  
  means for providing information about the transaction to the user;
  
  means for prompting the. user for a password in connection with the providing information about the transaction to the user;
  
  means for receiving the password from the user;
  
  means for performing a comparison operation involving the password and the representation of the password and for generating an indication in the event the comparison operation yields a match; and
  
  means for transmitting, in response to the indication, identifying information to the trusted server, wherein the trusted server provides an authorization to the transaction management system to effectuate the transaction.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The mobile communication device of claim 20, wherein the identifying information comprises a temporary key produced, in part, from information stored in the user programmable memory.
  - 22. The mobile communication device of claim 20, wherein the identifying information includes a digital signature of the password along with information about the user.
  - 23. The mobile communication device of claim 20, wherein the identifying information is derived from shared information, which both the mobile communication device and the trusted server possessed during the registration of the mobile communication device with the trusted server.
  - 24. The mobile communication device of claim 20, wherein the means for performing a comparison operation includes means for calculating a digital signature of the password, wherein the representation of the password is a digital signature of a stored password.
  - 25. The mobile communication device of claim 20 further comprising means for erasing the representation of the password from the user programmable memory in the event the user incorrectly enters the password.
  - 26. The mobile communication device of claim 20, wherein the user programmable memory comprises a plurality of accounts, wherein each of the plurality of accounts is associated with a corresponding one of a plurality of trusted servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Boojum Mobile
Original Assignee
Boojum Mobile
Inventors
McClain, Fred

Application Number

US10/636,971
Publication Number

US 20040097217A1
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/12   Applying verification of th...

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

System and method for providing authentication and authorization utilizing a personal wireless communication device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

278 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing authentication and authorization utilizing a personal wireless communication device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

278 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links