Authentication Method for Wireless Transactions

US 20090228966A1
Filed: 05/17/2007
Published: 09/10/2009
Est. Priority Date: 05/18/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of providing authentication of a transaction between a mobile device and a remote computer via a wireless communications link, the method comprising:

i. performing a first method of authentication comprising;

a. verifying that a token stored in the mobile device corresponds with a token associated with that device at the remote computer; and

b. sending a new token from the remote computer to the mobile device during an active session to replace the existing token and associating the new token with the mobile device at the remote computer; and

ii. performing a second method of authentication prior to processing the transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication method in which a token is associated with a mobile device and a user of a remote computer, it is established that the token at the mobile device and remote computer match and the token at the mobile device and remote computer is updated during a connection. Preferably a two factor authentication method is employed in which password authentication is the second factor.

77 Citations

View as Search Results

44 Claims

1. A method of providing authentication of a transaction between a mobile device and a remote computer via a wireless communications link, the method comprising:
- i. performing a first method of authentication comprising;
  
  a. verifying that a token stored in the mobile device corresponds with a token associated with that device at the remote computer; and
  
  b. sending a new token from the remote computer to the mobile device during an active session to replace the existing token and associating the new token with the mobile device at the remote computer; and
  
  ii. performing a second method of authentication prior to processing the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 42, 44)
- - 2. A method as claimed in claim 1 wherein the second method of authentication is performed separately to authentication of the token.
  - 3. A method as claimed in claim 1 wherein the second method of authentication is performed after the token has been authenticated.
  - 4. A method as claimed in claim 1 wherein the second method of authentication is performed before the token has been authenticated.
  - 5. A method as claimed in claim 1 wherein authentication data for the second method of authentication is sent from the mobile device to the remote computer system in a separate data stream.
  - 6. A method as claimed in claim 2 wherein the second method of authentication occurs over a secure connection.
  - 7. A method as claimed in claim 5 wherein the secure connection uses https protocol.
  - 8. A method as claimed in claim 1 wherein the second method of authentication is sending a password from the mobile device to the remote computer.
  - 9. A method as claimed in claim 1 wherein the token is authenticated during the establishment of a wireless communications connection.
  - 10. A method as claimed in claim 9 wherein the password is authenticated at the remote computer.
  - 11. A method as claimed in claim 7 wherein the password is authenticated by a customer computer system linked to the remote computer system.
  - 12. A method as claimed in claim 9 wherein the customer computer system is a banking computer system.
  - 13. A method as claimed in claim 1 wherein a check is conducted to ensure that the token sent to the remote computer is not in use in another session.
  - 14. A method as claimed in claim 13 wherein the check is conducted during authentication.
  - 15. A method as claimed in claim 14 wherein the check is conducted during an authenticated session.
  - 16. A method as claimed in claim 1 wherein an application is downloaded to the mobile device which manages authentication of the token with the remote computer.
  - 17. A method as claimed in claim 16 wherein the token is stored within the application.
  - 18. A method as claimed in claim 17 wherein the application contains obfuscated code and the token is stored within the obfuscated code.
  - 19. A method as claimed in claim 16 wherein the application runs as a virtual machine.
  - 20. A method as claimed in claim 16 wherein the application is written in J2ME.
  - 21. A method as claimed in claim 16 wherein the application is downloaded via a wireless link.
  - 22. A method as claimed in claim 21 wherein a URL link is sent to the mobile device in a WAP message and the application is downloaded upon activation of the URL link.
  - 23. A method as claimed in claim 22 wherein the WAP message is sent in response to a request from a user during an internet banking session.
  - 24. A method as claimed in claim 22 wherein the WAP message is sent in response to a SMS message from a user.
  - 25. A method as claimed in claim 22 wherein the URL link is a unique URL address associated with the mobile device.
  - 26. A method as claimed in claim 16 wherein a user specific signature is inserted into the application downloaded to the mobile device.
  - 27. A method as claimed in claim 26 wherein the user specific signature is stored in a JAR file.
  - 28. A method as claimed in claim 16 wherein the downloaded application stores the URL used to download the application in memory of the mobile device.
  - 29. A method as claimed in claim 28 wherein the application checks the memory of the mobile device to check the URL used to download the application and if not present or different to a URL associated with the application then the application requires entry of an activation code to run.
  - 30. A method as claimed in claim 29 wherein the activation code is a code provided to a user associated with the mobile device.
  - 31. A method as claimed in claim 29 wherein upon entry of an activation code by a user the activation code and the user specific signature stored in the application are sent to the remote computer for validation.
  - 32. A method as claimed in claim 31 wherein a token is sent to the mobile device if the activation code and user specific signature are validated for the mobile device.
  - 33. A method as claimed in claim 1 wherein the method is performed to enable an online banking transaction to be performed.
  - 34. A method as claimed in claim 33 wherein the online banking transaction is selected from the group of:
    - bill payment, funds transfer, obtain transaction history and view account balance.
  - 35. Software for a mobile device for implementing the mobile device side of authentication according to the method of claim 1.
  - 36. A mobile device including software as claimed in claim 35.
  - 37. Software for a remote computer for implementing the remote computer side of authentication according to the method of claim 1.
  - 38. A remote computer including software as claimed in claim 37.
  - 39. A mobile commerce system configured to perform the method of claim 1.
  - 42. A mobile wireless communications device configured to perform the method of claim 1.
  - 44. A computer platform configured to perform the method of claim 1.

40. A mobile commerce system comprising:
- i. a computer including memory for storing security tokens associated with user identification information; and
  
  ii. a communications gateway for conveying authentication information from a mobile network to the computer,wherein the computer is adapted to verify a token associated with a user during a session with a mobile device and to generate a new token, store it in memory and forward it to the mobile device via the communications gateway and to authenticate a transaction based upon the token received and a second authentication code received from the mobile device.

41. A mobile wireless communications device configured to store an authentication token, transmit the token over a wireless link at the initiation of a session and to replace the token with a new token received during the session.

43. A computer platform in communication with a wireless communications service, the computer platform configured to store a plurality of tokens associated with a plurality of users, to verify whether a token received during initiation of a session corresponds with a token associated with that user and to generate a new token during a session, associate it with the respective user and forward it to a mobile device associated with the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fronde Anywhere Ltd.
Original Assignee
Fronde Anywhere Ltd.
Inventors
Williams, Antony John, Parfene, Horatiu Nicolae

Application Number

US12/085,772
Publication Number

US 20090228966A1
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2129   Authenticate client device ...

G06Q 20/3223   Realising banking transacti...

G06Q 20/3227   using secure elements embed...

G06Q 20/326   Payment applications instal...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 20/425   using two different network...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04W 12/069   using certificates or pre-s...

Authentication Method for Wireless Transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

77 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication Method for Wireless Transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links