AUTHENTICATION FOR A COMMERCIAL TRANSACTION USING A MOBILE MODULE
2 Assignments
0 Petitions
Accused Products
Abstract
Current embodiments provide for authorization and payment of an online commercial transaction between a purchaser and a merchant including verification of an identity of the purchaser and verification of an ability of the purchaser to pay for the transaction, where the identity provider and the payment provider are often different network entities. Other embodiments also provide for protocols, computing systems, and other mechanisms that allow for identity and payment authentication using a mobile module, which establishes single or multilevel security over an untrusted network (e.g., the Internet). Still other embodiments also provide for a three-way secure communication between a merchant, consumer, and payment provider such that sensitive account information is opaque to the merchant, yet the merchant is sufficiently confident of the consumer'"'"'s ability to pay for requested purchases. In yet another embodiment, electronic billing information is used for authorization, auditing, payment federation, and other purposes.
374 Citations
122 Claims
-
1-24. -24. (canceled)
-
25. At a computing device in a distributed network environment, a method of authenticating a mobile module of portable device as being tied to a billing account of a mobile infrastructure in order to allow a user access to services, goods, or both, by validating the mobile module over a network independent of the mobile infrastructure'"'"'s radio network, the method comprising:
-
receiving a request to authenticate a mobile module when attempting to gain access to services, goods, or both;
receiving one or more credentials from the mobile module used by a mobile infrastructure in validating billing account information thereof;
sending the one or more credentials to the mobile infrastructure over an independent network separate from the mobile infrastructure'"'"'s radio network; and
receiving over the independent network authentication information corresponding to an activation status for the mobile module'"'"'s billing account on the mobile infrastructure, thus allowing for a portable digital identity for controlling access to the services, goods, or both. - View Dependent Claims (26, 34, 35)
-
-
27-29. -29. (canceled)
- 32. (canceled)
-
36-83. -83. (canceled)
-
84. In a distributed system, a computing framework used to abstract a host computer from a mobile operator system when connecting a mobile module thereto in order to label the host computer as peripheral equipment rather than a mobile terminal subject to strict requirements of the mobile operator system, the computing framework comprising:
-
a subscriber identity module (SIM) that includes information associated with a billing account for a mobile operator system;
a host computer connecting the SIM to the mobile operator system over a network independent of the mobile operator system'"'"'s radio network in order to authenticate the billing account information for the SIM;
a SIM driver attached to the host computer for reading information from the SIM for use in at least authenticating the SIM to the mobile operator system over the independent network; and
an interface acting as a firewall between the SIM and the SIM driver that defines a protocol used to protect the SIM from attack by restricting one or more of a number, sequence, or length, of commands sent between the SIM driver and the SIM. - View Dependent Claims (91)
-
-
85-90. -90. (canceled)
-
92. In a computing system tied to a distributed network, a method of establishing transport level secure communications between a client and a server over an otherwise insecure network by establishing a secure tunneling between a mobile module connected to the client and a mobile infrastructure associated therewith in order to delegate session keys to at least a software stack on the client for one or more of encryption or signing purposes, the method comprising:
-
identifying one or more credentials of a mobile module connected to a host computer;
sending the one or more credentials to a mobile infrastructure for authentication of a valid billing account for the mobile module, wherein the request is sent over an independent network separate form a radio network corresponding to the mobile infrastructure; and
based on the authentication, receiving from the mobile module a session key for use in a transport level secure communication over the independent network between the host computer and a server. - View Dependent Claims (93, 96, 97, 98, 99, 100, 106)
-
-
94. (canceled)
-
95. (canceled)
-
101-105. -105. (canceled)
-
107-113. -113. (canceled)
-
114. At a host computer in a distributed computing system, a method of establishing secure communication between the host computer and a server by using a protocol that authenticates a subscriber identity module (SIM) to a mobile infrastructure over a network connection independent from a radio network associated therewith, the method comprising:
-
creating a request for a session key which includes a computed challenge response from a subscription identity module (SIM) attached to a host computer attempting to establish a secure communication with a server, wherein the challenge response is used to authenticate the SIM to a mobile infrastructure that holds billing status information thereof;
sending the request for a session key to the server, which has a trusted relationship with the mobile infrastructure, the request for the session key sent over a network independent of a radio network related to the mobile infrastructure;
receiving a response to the request for a session key, which includes the session key and is signed, encrypted, or both, by mobile infrastructure using a shared key, which indicates that the SIM appropriately authenticated to the mobile infrastructure using the challenge response;
sending the session key to the SIM for validation using the shared key, which establishes a tunneled communication between the SIM and the mobile infrastructure; and
upon validation of the session key, allowing the host computer to use the decrypted session key for secure communicating with the server. - View Dependent Claims (115, 121)
-
-
116-120. -120. (canceled)
-
122-190. -190. (canceled)
Specification