SYSTEM AND METHOD FOR SECURED DATA TRANSFER OVER A NETWORK FROM A MOBILE DEVICE
First Claim
1. A method for end-to-end secure data transfer between a mobile device of a user and a server via an insecure network to a target domain, the method comprising:
- generating a dynamic key and a seed exchange and management during a transaction between the user and the target domain;
authenticating the user of the mobile device in a transaction authentication;
generating a server key at an application server comprising a server seed and a server-device key-pair dynamically generated from a server domain;
transmitting the device key to the mobile device;
receiving data input from the user at the mobile device;
dynamically generating a client seed at the mobile device and encrypting the data input with device key, encoded and/or padded with the client seed at the mobile device and transmitting the encrypted data input with the client seed to the application server;
decrypting the encrypted data input using server key; and
translating the decrypted data input using a target key within a hardware security module without exposing the encrypted data input to the network and transmitting the translated data input to the target domain.
0 Assignments
0 Petitions
Accused Products
Abstract
A secured data transfer system (10) and method is disclosed in accordance with an embodiment of the invention that enables sensitive data to be securely exchanged from a user/client'"'"'s mobile device (12), phone, personal digital assistant (PDA), or the like to a back-end host (28), flowing through many hops and points in an public network, for example the Internet and/or in applications such as service provider'"'"'s wireless networks, without being exposed to any security gaps in between servers. The system and method provides a secure solution that plugs the gaps and ensures a true end-to-end, bank-grade secured transaction exchange between the user/client'"'"'s mobile device (12) and the back-end host (28) and using caching method for network traffic data reduction techniques.
72 Citations
25 Claims
-
1. A method for end-to-end secure data transfer between a mobile device of a user and a server via an insecure network to a target domain, the method comprising:
-
generating a dynamic key and a seed exchange and management during a transaction between the user and the target domain; authenticating the user of the mobile device in a transaction authentication; generating a server key at an application server comprising a server seed and a server-device key-pair dynamically generated from a server domain; transmitting the device key to the mobile device; receiving data input from the user at the mobile device; dynamically generating a client seed at the mobile device and encrypting the data input with device key, encoded and/or padded with the client seed at the mobile device and transmitting the encrypted data input with the client seed to the application server; decrypting the encrypted data input using server key; and translating the decrypted data input using a target key within a hardware security module without exposing the encrypted data input to the network and transmitting the translated data input to the target domain. - View Dependent Claims (2, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
3. (canceled)
-
13. A system for end-to-end secure data transfer between a mobile device of a user and a server via an insecure network to a target domain, the system comprising:
-
an authenticating module in the server configured to authenticate a user of the mobile device in a transaction authentication, and a key module configured to generate a dynamic key and a seed exchange and management during a transaction between the user and the target domain; a server key module configured to generate a dynamic server key at an application server comprising a dynamic server seed and a server-device key-pair entered from the target domain and configured to transmit the device key to the mobile device; a data input module configured to receive data input from the user at the mobile device; an encrypting module configured to generate a client seed at the mobile device and encrypting the data input with the device key, encoded and/or padded with client seed at the mobile device and configured to transmit the encrypted data input with the client seed to the application server; a decrypting module on the application server configured to decrypt the encrypted data input using the server key; and a translator configured to translate the decrypted data input using a target key within a hardware security module without exposing the encrypted data input to the network and configured to transmit the translated data input to the target domain. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A midlet for enabling a system for end-to-end secure data transfer between a mobile device of a user and an application server via an insecure network to a target domain, the midlet for downloading from the server to the mobile device, comprising:
-
a server interface configured to interface with the server and a user interface configured to interface with the user of the mobile device, an authenticating module configured to authenticate the user of the mobile device in a transaction authentication and generating a dynamic key and a seed exchange and management during a transaction between the user and the target domain, and configured to communicate with a server key module configured to dynamically generate a server key at the application server comprising a server seed and a server-device key-pair generated from the server domain, and configured to transmit the device key to the mobile device via the midlet; the user interface further configured to receive at a data input module data input from the user at the mobile device; the server interface further configured to enable an encrypting module configured to dynamically generate a client seed at the mobile device and configured to encrypt the data input with device key, encode and/or padded with client seed at the mobile device and configured to transmit the encrypted data input with client seed to the application server, and a decrypting module on the application server configured to decrypt the encrypted data input using server key; and a translator module on the application server configured to translate the decrypted data input using target key within a hardware security module without exposing the encrypted data input to the network and configured to transmit the translated data input to the target domain.
-
Specification