SYSTEM AND METHOD FOR SECURED DATA TRANSFER OVER A NETWORK FROM A MOBILE DEVICE

US 20100131764A1
Filed: 04/30/2008
Published: 05/27/2010
Est. Priority Date: 05/03/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for end-to-end secure data transfer between a mobile device of a user and a server via an insecure network to a target domain, the method comprising:

generating a dynamic key and a seed exchange and management during a transaction between the user and the target domain;

authenticating the user of the mobile device in a transaction authentication;

generating a server key at an application server comprising a server seed and a server-device key-pair dynamically generated from a server domain;

transmitting the device key to the mobile device;

receiving data input from the user at the mobile device;

dynamically generating a client seed at the mobile device and encrypting the data input with device key, encoded and/or padded with the client seed at the mobile device and transmitting the encrypted data input with the client seed to the application server;

decrypting the encrypted data input using server key; and

translating the decrypted data input using a target key within a hardware security module without exposing the encrypted data input to the network and transmitting the translated data input to the target domain.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secured data transfer system (10) and method is disclosed in accordance with an embodiment of the invention that enables sensitive data to be securely exchanged from a user/client'"'"'s mobile device (12), phone, personal digital assistant (PDA), or the like to a back-end host (28), flowing through many hops and points in an public network, for example the Internet and/or in applications such as service provider'"'"'s wireless networks, without being exposed to any security gaps in between servers. The system and method provides a secure solution that plugs the gaps and ensures a true end-to-end, bank-grade secured transaction exchange between the user/client'"'"'s mobile device (12) and the back-end host (28) and using caching method for network traffic data reduction techniques.

72 Citations

View as Search Results

25 Claims

1. A method for end-to-end secure data transfer between a mobile device of a user and a server via an insecure network to a target domain, the method comprising:
- generating a dynamic key and a seed exchange and management during a transaction between the user and the target domain;
  
  authenticating the user of the mobile device in a transaction authentication;
  
  generating a server key at an application server comprising a server seed and a server-device key-pair dynamically generated from a server domain;
  
  transmitting the device key to the mobile device;
  
  receiving data input from the user at the mobile device;
  
  dynamically generating a client seed at the mobile device and encrypting the data input with device key, encoded and/or padded with the client seed at the mobile device and transmitting the encrypted data input with the client seed to the application server;
  
  decrypting the encrypted data input using server key; and
  
  translating the decrypted data input using a target key within a hardware security module without exposing the encrypted data input to the network and transmitting the translated data input to the target domain.
- View Dependent Claims (2, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 further comprisingdownloading a midlet from the server to the mobile device;
    - anddynamically generating a second server seed at the server; and
      
      loading the midlet with the second server seed and a transaction identifier.
  - 4. The method of claim 1 further comprising, using a pre-loaded set of keys or generating a static public key with validity periods between the user and an established target institution.
  - 5. The method of claim 4 further comprising a SMS channel.
  - 6. The method of claim 2 further comprising loading the user key onto the midlet upon input of the encrypted data to the midlet, wherein the user key is an RSA public key.
  - 7. The method of claim 2 wherein the server seed and the transaction identifier are session based.
  - 8. The method of claim 2 wherein authenticating the user comprises locating the transaction status of the transaction identifier.
  - 9. The method of claim 1 further comprising generating a dynamic client seed and verifying the client seed is with the encoded data over the session period.
  - 10. The method of claim 2 further comprising checking whether the second server seed stored in the server matches the server seed derived from the encrypted data.
  - 11. The method of claim 1 further comprising synchronizing the midlet of the mobile device with the server and informing the server of page information and cached pages on mobile device;
    - and generating a page footprint for updating uncached pages.
  - 12. The method of claim 11 wherein the midlet is in SMS mode and the synchronizing is instigated upon page access or by a user manual activation.

3. (canceled)

13. A system for end-to-end secure data transfer between a mobile device of a user and a server via an insecure network to a target domain, the system comprising:
- an authenticating module in the server configured to authenticate a user of the mobile device in a transaction authentication, and a key module configured to generate a dynamic key and a seed exchange and management during a transaction between the user and the target domain;
  
  a server key module configured to generate a dynamic server key at an application server comprising a dynamic server seed and a server-device key-pair entered from the target domain and configured to transmit the device key to the mobile device;
  
  a data input module configured to receive data input from the user at the mobile device;
  
  an encrypting module configured to generate a client seed at the mobile device and encrypting the data input with the device key, encoded and/or padded with client seed at the mobile device and configured to transmit the encrypted data input with the client seed to the application server;
  
  a decrypting module on the application server configured to decrypt the encrypted data input using the server key; and
  
  a translator configured to translate the decrypted data input using a target key within a hardware security module without exposing the encrypted data input to the network and configured to transmit the translated data input to the target domain.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system of claim 13 further comprising a downloading module configured to download a midlet from the server to mobile device;
    - and a seed module within the server to configured to generate a second server seed, and configured to load the midlet with the second server seed and a transaction identifier.
  - 15. The system of claim 13 wherein the authenticating module comprises the key module configured to generate the dynamic key and the seed exchange and management during the transaction between the user and a established target institution, wherein the key module is further configured to enable a telco agnostic with multiple secured domains from a single mobile client application to established target institutions.
  - 16. The system of claim 13 wherein the key module further comprises a pre-loaded set of keys or a static public key with validity periods between the user and established target institution.
  - 17. The system of claim 16 further comprising a SMS channel.
  - 18. The system of claim 14 wherein the user key is an RSA public key, and wherein the seed module is further configured to load the user key onto the midlet at input of the encrypted data at the midlet.
  - 19. The system of claim 14 wherein the server seed and the transaction identifier are session based.
  - 20. The system of claim 14 wherein the authenticating module authenticates the user by locating the transaction status of the transaction identifier.
  - 21. The system of claim 13 wherein the authenticating module is further configured to generate a dynamic client seed;
    - and verifying the client seed is with the encoded data over the session period.
  - 22. The system of claim 14 wherein the authenticating module is further configured to check whether the second server seed stored in the server matches the server seed derived from the encrypted data.
  - 23. The system of claim 13 further comprising a synchronizing module configured to synchronize the midlet of the mobile device with the server, and configured to inform the server of page information of cached pages on mobile device, and configured to generate a page footprint for updating uncached pages.
  - 24. The system of claim 23 wherein the midlet is in SMS mode and the synchronizing is instigated upon the page access or by a user manual activation.

25. A midlet for enabling a system for end-to-end secure data transfer between a mobile device of a user and an application server via an insecure network to a target domain, the midlet for downloading from the server to the mobile device, comprising:
- a server interface configured to interface with the server and a user interface configured to interface with the user of the mobile device, an authenticating module configured to authenticate the user of the mobile device in a transaction authentication and generating a dynamic key and a seed exchange and management during a transaction between the user and the target domain, and configured to communicate with a server key module configured to dynamically generate a server key at the application server comprising a server seed and a server-device key-pair generated from the server domain, and configured to transmit the device key to the mobile device via the midlet;
  
  the user interface further configured to receive at a data input module data input from the user at the mobile device;
  
  the server interface further configured to enable an encrypting module configured to dynamically generate a client seed at the mobile device and configured to encrypt the data input with device key, encode and/or padded with client seed at the mobile device and configured to transmit the encrypted data input with client seed to the application server, and a decrypting module on the application server configured to decrypt the encrypted data input using server key; and
  
  a translator module on the application server configured to translate the decrypted data input using target key within a hardware security module without exposing the encrypted data input to the network and configured to transmit the translated data input to the target domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ezypay Pte Limited
Original Assignee
Ezypay Pte Limited
Inventors
Goh, Chuan Iau

Application Number

US12/598,396
Publication Number

US 20100131764A1
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0442   wherein the sending and rec...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0897   involving additional device...

H04L 9/302   involving the integer facto...

H04L 9/321   involving a third party or ...

SYSTEM AND METHOD FOR SECURED DATA TRANSFER OVER A NETWORK FROM A MOBILE DEVICE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR SECURED DATA TRANSFER OVER A NETWORK FROM A MOBILE DEVICE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links