Secure Transaction Systems and Methods

US 20110082800A1
Filed: 03/31/2010
Published: 04/07/2011
Est. Priority Date: 10/06/2009
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving a user request for a secure transaction;

communicating the user request to a web server;

receiving transaction details from the web server, wherein the transaction details are signed with a secret key;

displaying transaction details to the user;

requesting the user to confirm the secure transaction by providing biometric data;

receiving an authentication token from a biometric device if the user'"'"'s biometric data is validated; and

communicating the authentication token to the web server, wherein the web server is configured to process the secure transaction if the authentication token is confirmed as a valid authentication token.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user request to implement a secure transaction is received and communicated to a web server. Transaction details signed with a secret key are received from the web server and displayed to the user. The user is requested to confirm the secure transaction by providing biometric data. If the user'"'"'s biometric data is validated, an authentication token is received from a biometric device and the authentication token is communicated to the web server. The web server processes the secure transaction if the authentication token is confirmed as a valid authentication token.

Citations

25 Claims

1. A method comprising:
- receiving a user request for a secure transaction;
  
  communicating the user request to a web server;
  
  receiving transaction details from the web server, wherein the transaction details are signed with a secret key;
  
  displaying transaction details to the user;
  
  requesting the user to confirm the secure transaction by providing biometric data;
  
  receiving an authentication token from a biometric device if the user'"'"'s biometric data is validated; and
  
  communicating the authentication token to the web server, wherein the web server is configured to process the secure transaction if the authentication token is confirmed as a valid authentication token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein communicating the authentication token to the web server is performed by a biometric service.
  - 3. The method of claim 1, wherein communicating the authentication token to the web server is performed by a web browser application.
  - 4. The method of claim 1, wherein communicating the authentication token to the web server is performed by a biometric browser extension.
  - 5. The method of claim 1, wherein the biometric data includes user fingerprint characteristics.
  - 6. The method of claim 1, further comprising communicating a unique identifier associated with the biometric device to the web server.
  - 7. The method of claim 1, further comprising receiving a random challenge from the web server.
  - 8. The method of claim 1, wherein displaying transaction details to the user is performed by a biometric service.
  - 9. The method of claim 1, wherein displaying transaction details to the user is performed by a web browser plug-in application.
  - 10. The method of claim 1, further comprising monitoring the displayed transaction details to ensure that the displayed transaction details are not modified.
  - 11. The method of claim 1, wherein displaying transaction details to the user includes:
    - validating a digital signature associated with an agent application configured to display the transaction details; and
      
      launching the agent application if the digital signature is validated.
  - 12. The method of claim 11, wherein a biometric service validates the digital signature.
  - 13. The method of claim 1, further comprising establishing a secure connection with the web service using an address received from the remote device.
  - 14. The method of claim 1, wherein the authentication token is a one time password.
  - 15. The method of claim 1, wherein the authentication token is a secret key.
  - 16. The method of claim 1, wherein the authentication token is a response to a challenge received from the web server.

17. A method comprising:
- receiving a request for a secure transaction from a user, wherein the secure transaction has associated secure transaction details;
  
  authenticating the user requesting the secure transaction with a biometric device;
  
  if the user is authenticated;
  
  verifying integrity of the secure transaction details;
  
  receiving an authentication token from a biometric device; and
  
  sending the authentication token to a remote device, wherein the remote device initiates the secure transaction.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
- - 18. The method of claim 17, wherein verifying integrity of the secure transaction details is performed by a biometric service.
  - 19. The method of claim 17, wherein authenticating the user includes requesting the user to interact with the biometric device.
  - 20. The method of claim 17, further comprising displaying secure transaction details to the user.
  - 21. The method of claim 20, wherein displaying secure transaction details to the user includes:
    - validating a digital signature associated with an agent application configured to display the transaction details; and
      
      launching the agent application if the digital signature is validated.
  - 22. The method of claim 17, wherein verifying the integrity of the secure transaction details includes identifying any changes to the secure transaction details.
  - 23. The method of claim 17, further comprising terminating the secure transaction if changes to the secure transaction details are detected.
  - 24. The method of claim 17, wherein verifying the integrity of the secure transaction details includes identifying any changes to the secure transaction details at predetermined time intervals.
  - 25. The method of claim 17, wherein verifying the integrity of the secure transaction details includes identifying any changes to the secure transaction details at random time intervals.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Synaptics Incorporated
Original Assignee
Validity Sensors Incorporated (Synaptics Incorporated)
Inventors
Schwab, Frank, Baghdasaryan, Davit, Hattery, Larry, Chan, Philip Yiu Kwong, Kesanupalli, Ramesh

Application Number

US12/751,952
Publication Number

US 20110082800A1
Time in Patent Office

Days
Field of Search
US Class Current

705/75
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/40145   Biometric identity checks

Secure Transaction Systems and Methods

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Transaction Systems and Methods

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links