Method and apparatus of secure authentication and electronic payment through mobile communication tool

US 20070130085A1
Filed: 09/18/2006
Published: 06/07/2007
Est. Priority Date: 12/07/2005
Status: Active Grant

First Claim

Patent Images

1. A system of ID authentication or electronic payment using mobile terminal, comprising an authentication circle path of public network and a Random Identification code (RID) generation means for providing a RID which is capable of traveling from an original point in the circle path through one direction and return to the original point in the circle path, wherein the RID is capable of being checked at the return point.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to apparatus and method utilizing a mobile terminal as a tool for secure authentication and electronic payment. A random ID code is passed through a circle path to verify the nodes along the path. If the RID sent back matches the one generated for the current transaction, the user is authenticated and the transaction is approved for further action. The user'"'"'s account server generates a Random ID code when a transaction request is received. This RID will be passed to the user'"'"'s mobile terminal and then passed to the terminal where the user request access or purchasing. The terminal will send the RID back to the account server. If the RID received and the original RID generated for this transaction matches the user is authenticated. The RID can also be passed through a reverse direction.

Citations

21 Claims

1. A system of ID authentication or electronic payment using mobile terminal, comprising an authentication circle path of public network and a Random Identification code (RID) generation means for providing a RID which is capable of traveling from an original point in the circle path through one direction and return to the original point in the circle path, wherein the RID is capable of being checked at the return point.
- View Dependent Claims (16)
- - 16. The method, as recited in claim 1, wherein in the step (a), the user account information is passed to the transaction terminal by means of a contact or contactless method selected from a group consisting of manually inputting, a barcode which contains both the user account information, saved information in a non-volatile memory of a mobile phone, and a manetic card.

2. A system of ID authentication or electronic payment using mobile terminal, comprising an authentication circle path of public network and a Random Identification code (RID) generation means for providing a RID which is capable of traveling from two directions and meet at a meet point in the circle path, wherein the RID is capable of being checked at the meet point.

3. A method of secure authentication and electronic payment through a mobile terminal, comprising the steps of:
- (a) passing a user account information to a transaction terminal and transaction server;
  
  (b) sending the user account information, an information of the transaction terminal and an action request by a transaction server to an account server for verification;
  
  (c) verifying user and transaction terminal accounts and feasibility of the request action by the account server;
  
  (d) generating a random identification code (RID) by the account server and sending to a mobile terminal through a mobile wireless network; and
  
  (e) sending the RID back to the account server by the mobile terminal and verifying the RID come back by the account server that an authentication is confirmed if the RID match to said RID generated by the account server for this transaction.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 4. The method, as recited in claim 3, wherein the authentication of a user comprising the steps of sending the RID to the mobile terminal belong to the user and checking the RID coming back from the transaction terminal.
  - 5. The method, as recited in claim 3, wherein in the step (b) the action request is selected from a group consisting of a payment request with an amount of money, a transaction request, an authentication request, and an authorization request.
  - 6. The method, as recited in claim 3, wherein the step (b) further comprises the steps of:
    - (b.1) sending the user account information and action request to the transaction server by the transaction terminal;
      
      (b.2) associating a transaction sequence number to this transaction by the transaction server; and
      
      (b.3) sending the transaction server ID/account, the transaction sequence number, an action request information, and a user account number to the account server by the transaction server.
  - 7. The method, as recited in claim 3, wherein the step (d) further comprises the steps of:
    - (d.1) generating the Random ID code (RID);
      
      (d.2) saving the RID with a transaction detail including a transaction sequence number, a user account, a terminal account, and a request action;
      
      (d.3) sending the RID to the mobile terminal;
      
      (d.4) providing an option for the user to enter a password to retrieve the RID; and
      
      (d.5) retrieving and passing the RID to the transaction terminal.
  - 8. The method, as recited in claim 3, wherein the step (d) further comprises a step (d.6) of sending a no-sensitive information of the transaction server/terminal by the account server for review.
  - 9. The method, as recited in claim 3, wherein the step (e) further comprises 5 the steps of:
    - (e.1) receiving the RID from the mobile terminal by the transaction terminal;
      
      (e.2) passing the RID to the transaction server by the transaction terminal;
      
      (e.3) passing the RID to the account server with an original sequence number of this transaction by the transaction server; and
      
      (e.4) checking by the account server if the received RID from the transaction server is the same as the one generated for this transaction.
  - 10. The method, as recited in claim 9, wherein in the step (e.1), the RID is received by the terminal through manually input wherein the RID is displayed on mobile terminal screen.
  - 11. The method, as recited in claim 9, wherein in the step (e.1), the RID is received by the terminal through a communication method selected from a group consisting of Infrared transmission, near field wireless transmission, Bluetooth transmission, radio frequency transmission, microwave transmission and other similar communication methods, wherein the RID is displayed as a barcode image on the mobile terminal and scanned by the transaction terminal.
  - 12. The method, as recited in claim 3, wherein the RID is sent to the mobile phone through a mobile wireless network selected from a group consisting of GSM, CDMA, and 3G network.
  - 13. The method, as recited in claim 3, wherein the transaction server and the account server are physically implemented in one or more places, and the RID is generated and verified by either the transaction server or the account server.
  - 14. The method, as recited in claim 3, wherein an apparatus is built in the mobile terminal to receive the RID from the account server and pass to the transaction terminal by means of wireless or wire communication.
  - 15. The method, as recited in claim 3, further comprising a step of sending a picture of the user by the account server to a manned terminal for further verification.

17. A method of secure authentication and electronic payment through a mobile terminal, comprising the steps of:
- (a) passing a user account information to a transaction terminal and transaction server;
  
  (b) sending the user account information, an information of the transaction terminal and an action request by a transaction server to an account server for verification;
  
  (c) verifying user and transaction terminal accounts and a feasibility of the request action by the account server;
  
  (d) generating a random ID code (RID) by the transaction/account server and sending to the transaction terminal; and
  
  (e) receiving the RID by the mobile terminal from the transaction terminal and passing the RID to the account server and the transaction/account server for matching that an authentication is confirmed if the RID match to said RID generated by the account server for this transaction.
- View Dependent Claims (18)
- - 18. The method, as recited in claim 17, wherein in the step (a), the user account information is passed to the transaction terminal by means of a contact or contactless method selected from a group consisting of manually inputting, a barcode which contains both the user account information, saved information in a non-volatile memory of a mobile phone, and a manetic card.

19. A method of secure authentication and electronic payment through a mobile terminal, comprising the steps of:
- (a) passing a user account information to a transaction terminal;
  
  (b) sending the user account information, an information of the transaction terminal and a request action by a transaction server to an account server for verification;
  
  (c) verifying user and transaction terminal accounts and a feasibility of the request action by the account server;
  
  (d) generating one random ID code (RID) by the transaction/account server and sending the RID to a verification server;
  
  (e) sending the same RID to the mobile terminal and passing it to the transaction terminal;
  
  (f) passing the RID to the verification server with original transaction sequence; and
  
  (g) checking if the two RIDs associated to the same transaction received by the verification server are the same.
- View Dependent Claims (20)
- - 20. The method, as recited in claim 19, wherein in the step (a), the user account information is passed to the transaction terminal by means of a contact or contactless method selected from a group consisting of manually inputting, a barcode which contains both the user account information, saved information in a non-volatile memory of a mobile phone, and a manetic card.

21. A method of determine a duplication or impersonated mobile terminal ID comprising steps of:
- (a) sending a ID request to a mobile terminal;
  
  (b) responding the request by the mobile terminal with a terminal ID and a random number generated for the request; and
  
  (c) when the wireless mobile network receive multiple responses for one ID request, checking by a verification server the random number embedded in the response, wherein when there are multiple different random numbers, the network determines an impersonated mobile terminal ID thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zhu Xi
Original Assignee
Zhu Xi
Inventors
Zhu, Xi

Granted Patent

US 7,577,616 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/75
CPC Class Codes

G06Q 20/32   using wireless devices

G06Q 20/325   using wireless networks

G06Q 20/385   using an alias or single-us...

G06Q 20/401   Transaction verification

G06Q 20/425   using two different network...

Method and apparatus of secure authentication and electronic payment through mobile communication tool

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus of secure authentication and electronic payment through mobile communication tool

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links