Systems and methods for secure authentication of electronic transactions

US 20050044385A1
Filed: 01/07/2003
Published: 02/24/2005
Est. Priority Date: 09/09/2002
Status: Abandoned Application

First Claim

Patent Images

11. A method for secure authentication, comprising:

receiving an authentication request comprising transactional information;

generating an authentication request message in response to the authentication request;

transmitting the authentication request message to a terminal; and

receiving a response to the authentication request message from the terminal that is encrypted using a transactionally unique session key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An online transaction system configured to implement authentication methods that allow for strong multi-factor authentication in online environments. The authentication methods can be combined with strong security methods to further ensure that the authentication process is secure. Further, the strong multi-factor authentication can be implemented with zero adoption dependencies through the implementation of automated enrollment methods.

Citations

27 Claims

11. A method for secure authentication, comprising:
- receiving an authentication request comprising transactional information;
  
  generating an authentication request message in response to the authentication request;
  
  transmitting the authentication request message to a terminal; and
  
  receiving a response to the authentication request message from the terminal that is encrypted using a transactionally unique session key.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein generating the authentication request message comprises encrypting the authentication request message.
  - 13. The method of claim 12, wherein encrypting the authentication message comprises generating a random number.
  - 14. The method of claim 12, wherein encrypting the authentication message comprises generating a time stamp.
  - 15. The method of claim 12, wherein encrypting the authentication message comprises generating an electronic signature.
  - 16. The method of claim 12, wherein encrypting the authentication message comprises retrieving a message key.
  - 17. The method of claim 11, further comprising decrypting the received response using the transactionally unique session key.

18. A terminal configured for secure authentication, the termianl comprising client software configured to allow the terminal to:
- receive an authentication request message from an authentication authority;
  
  prompt a user to interface a token with the terminal;
  
  extract unique information from the token once it is interfaced with the terminal;
  
  prompt the user for a personal identifier; and
  
  generate a response to the authentication request message based on the personal identifier and the unique information.
- View Dependent Claims (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 1. A method for secure authentication, comprising:
    - receiving an authentication request message at a terminal from an authentication authority;
      
      prompting a user to interface a token with the terminal;
      
      extracting unique information from the token once it is interfaced with the terminal;
      
      prompting the user for a personal identifier; and
      
      generating a response to the authentication request message based on the personal identifier and the unique information.
  - 2. The method of claim 1, further comprising generating a transactionally unique session key, using the transactionally unique session key to encrypt the response, and transmitting the encrypted response to the authentication authority.
  - 3. The method of claim 1, wherein the personal identifier is linked with an account associated with the token.
  - 4. The method of claim 1, wherein the unique information comprises a unique serial number.
  - 5. The method of claim 1, wherein the unique information comprises a message key.
  - 6. The method of claim 1, wherein the unique information comprises random data.
  - 7. The method of claim 1, wherein the unique information comprises a network address associated with the authentication authority.
  - 8. The method of claim 1, further comprising generating a time stamp and generating the response based on the time stamp.
  - 9. The method of claim 1, wherein the authentication request message is encrypted, and wherein the method further comprises decrypting the received authentication request message.
  - 10. The method of claim 1, further comprising synchronizing a time associated with the response based at least in part on time information included in the authentication request message.
  - 19. The terminal of claim 18, wherein the client software is further configured to allow the terminal to generate a transactionally unique session key, use the transactionally unique session key to encrypt the response, and transmit the encrypted response to the authentication authority.
  - 20. The terminal of claim 18, wherein the personal identifier is linked with an account associated with the token.
  - 21. The terminal of claim 18, wherein the unique information comprises a unique serial number.
  - 22. The terminal of claim 18, wherein the unique information comprises a message key.
  - 23. The terminal of claim 18, wherein the unique information comprises random data.
  - 24. The terminal of claim 23, wherein the client software is further configured to access the network address and automatically connect with the authentication authority.
  - 25. The terminal of claim 18, wherein the client software is further configured to allow the terminal to generate a time stamp and generate the response based on the time stamp.
  - 26. The terminal of claim 18, wherein the authentication request message is encrypted, and wherein the client software is further configured to allow the terminal to decrypt the received authentication request message.
  - 27. The terminal of claim 18, wherein the client software is further configured to allow the terminal to associated a time with the response based at least in part on time information included in the authentication request message.

23-1. The terminal of claim 18, wherein the unique information comprises a network address associated with the authentication authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
U.S. Encode Corporation
Original Assignee
U.S. Encode Corporation
Inventors
Holdsworth, John

Application Number

US10/338,822
Publication Number

US 20050044385A1
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/36   by graphic or iconic repres...

G06F 2221/2117   User registration

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

G07F 7/1025   Identification of user by a...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0869   involving random numbers or...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3271   using challenge-response

Systems and methods for secure authentication of electronic transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure authentication of electronic transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links