Transaction & payment system securing remote authentication/validation of transactions from a transaction provider
First Claim
1. A method for payment and service authentication in a mobile environment, comprising:
- sharing common secret keys and a seed between a remote server and at least one local server for use in connection with an authentication algorithm;
generating in the remote server and in the at least one local server a list of valid authenticated tokens for the purchase of services and/or goods and based on the shared common secret keys and seed with the authentication algorithm;
requesting and providing payment for the services and/or goods from the remote server by a mobile terminal;
selecting an authentication token from the list of valid authenticating tokens in the remote server;
returning the selected authentication token to the mobile terminal;
submitting, by the mobile terminal, the authentication token to one of the at least one local servers for the purchase of services and/or goods;
comparing the authentication token to the list of valid authentication tokens in the local server; and
providing the services and/or goods to the mobile terminal if the authentication token matches an authentication token in the list of valid authentication tokens in the at least one local server.
2 Assignments
0 Petitions
Accused Products
Abstract
A mobile terminal is equipped for SMS payment and service authentication with a remote transaction provider. The remote provider uses common secrets & a seed in a keyed Hash Machine Address Code (HMAC) executing a Message Digest Algorithm to generate a list of authentication token (username-password) for the purchase of services an/or goods. The common secrets and seed are shared with local redemption devices which also generate the list of authentication token. A subscriber conducts payment with the remote transaction provider and receives an authentication token corresponding to the purchased service. The subscriber provides the authentication token to the redemption device which compares the authentication token with sets of valid authentication tokens generated by the redemption terminal. If the comparison indicates a match, the redemption device provides the service to the subscriber.
119 Citations
74 Claims
-
1. A method for payment and service authentication in a mobile environment, comprising:
-
sharing common secret keys and a seed between a remote server and at least one local server for use in connection with an authentication algorithm;
generating in the remote server and in the at least one local server a list of valid authenticated tokens for the purchase of services and/or goods and based on the shared common secret keys and seed with the authentication algorithm;
requesting and providing payment for the services and/or goods from the remote server by a mobile terminal;
selecting an authentication token from the list of valid authenticating tokens in the remote server;
returning the selected authentication token to the mobile terminal;
submitting, by the mobile terminal, the authentication token to one of the at least one local servers for the purchase of services and/or goods;
comparing the authentication token to the list of valid authentication tokens in the local server; and
providing the services and/or goods to the mobile terminal if the authentication token matches an authentication token in the list of valid authentication tokens in the at least one local server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for payment and service authentication in a mobile environment, comprising:
-
sharing means for sharing common secret keys and a seed between a remote server and at least one local server for use in connection with an authentication algorithm;
generating means for generating in the remote server and in the at least one local server a list of valid authenticating tokens for the purchase of services and/or goods and based on the shared common secret keys and seed with the authentication algorithm;
requesting and providing means for requesting and providing payment for the services and/or goods from the remote server by a mobile terminal;
selecting means for selecting an authentication token from the list of valid authenticating tokens in the remote server;
returning means for returning the selected authentication token to the mobile terminal;
submitting means, by the mobile terminal, for submitting the authentication token to one of the at least one local servers for the purchase of services and/or goods;
comparing means for comparing the authentication token to the list of valid authentication tokens in the local server; and
providing means for providing the services and/or goods to the mobile terminal if the authentication token matches an authentication token in the list of valid authentication tokens in the at least one local server. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
-
54. A medium, executable in a computer system, for payment and service authentication in a mobile environment, the medium, comprising:
-
program code for selecting and storing common secret keys and a seed in a remote server for use in an authentication algorithm;
program code for generating in the remote server a list of username-passwords as authentication token applicable for the purchase of services and/or goods and based on the common secret keys and seed;
program code for storing and executing the authentication algorithm in at least one local server to generate and store the list of authentication token in the local server;
program code for requesting and providing payment for services from the remote server;
program code for generating in the remote server an authentication token from the list and tied to the request;
program code for submitting the authentication token to the local server for the purchase of services and/or good;
program code for comparing the authentication token to the list of authentication token generated in the local server from the common secrets and the seed; and
program code for providing the service and/or goods if the authentication token matches an authentication token in the list. - View Dependent Claims (56)
-
-
55. A medium, executable in a computer system, for payment and service authentication in a mobile environment, the medium comprising:
-
program code for sharing common secret keys and a seed between a remote server and at least one local server for use in connection with an authentication algorithm;
program code for generating in the remote server and in the at least one local server a list of valid authenticating tokens for the purchase of services and/or goods and based on the shared common secret keys and seed with the authentication algorithm;
program code for requesting and providing payment for the services and/or goods from the remote server by a mobile terminal;
program code for selecting an authentication token from the list of valid authenticating tokens in the remote server;
program code for returning the selected authentication token to the mobile terminal;
program code for submitting, by the mobile terminal, the authentication token to one of the at least one local servers for the purchase of services and/or goods;
program code for comparing the authentication token to the list of valid authentication tokens in the local server; and
program code for providing the services and/or goods to the mobile terminal if the authentication token matches an authentication token in the list of valid authentication tokens in the at least one local server. - View Dependent Claims (57, 58, 59, 60, 61, 62, 63, 64)
-
-
65. Transaction and payment apparatus operating in a mobile environment, comprising:
-
means for selecting and storing common secret keys and a seed for use in an authentication algorithm;
first communication means for sharing the common secret keys and the seed with at least one local server;
means for generating a list of valid authentication tokens for services and/or goods available from a supplier based on the common secret keys and the seed with the authentication algorithm;
second communication means implementing short message protocol for communication with remote users accessing the apparatus via a mobile terminal;
transaction server means for processing requests by the users for the available services and/or goods and selecting an authentication token from the list of valid authenticating tokens for the requested services and/or goods after payment by the user; and
transmitting means transmitting the selected authentication token to the user via the second communication means for the requested services and/or goods.
-
-
66. Redemption apparatus operating in a mobile environment, comprising
a local server for processing and validating tickets/tokens presented by users for available services and/or goods; -
communication means coupled to a transaction server on a non-continuous basis for receiving common secret keys and a seed for use in an authentication algorithm;
generating means generating a list of valid authenticated ticket/tokens for the purchase of services and/or goods based on the shared common secret keys and seed with the authenticating algorithm; and
comparing means for comparing tickets/tokens presented by a user against the list of valid authenticated tickets/token for access to the available services and/or goods in the case of validated tickets/tokens. - View Dependent Claims (67, 68, 70)
-
-
69. The redemption apparatus of 66, wherein the comparing means compares a token to all possible tokens in time period (l) defined by a date (d);
- a period (p) and (r) a factor providing authentication periods overlap compensating for an assumed synchronization mismatch between the local server and the transaction server clocks.
-
71. A mobile terminal for acquiring services and/or goods in a mobile environment, comprising:
-
a cellular network interface for communicating with a transaction server over a cellular network for (a) the purchase of authenticated tickets/tokens in electronic form usable for acquiring of services and/or goods, and (b) payment for such services and/or goods in order to receive the authenticated tickets/tokens;
a storage device for storing the authenticated tickets/tokens in the terminal; and
a short-range communication interface for transferring the authenticated tickets/tokens to a local server for acquisition of the services and/or goods after validation of the authenticated tickets/tokens by the local server. - View Dependent Claims (72, 73, 74)
-
Specification