Secure Transaction Authentication
First Claim
1. A method for authentication of a secure transaction to be conducted between a secure transaction host and a transacting user, the method to be carried out at an authentication service provider and comprising the steps of:
- receiving an authentication request from the secure transaction host;
receiving a digital identifier from a mobile communications device associated with the transacting user, the digital identifier being uniquely associated with that specific mobile communications device;
comparing the digital identifier with a list of digital identifiers associated with mobile communication devices of pre-enrolled users stored on a database associated with the authentication service provider;
of the transacting user if the received digital identifier corresponds to a digital identifier stored on the database, the request requiring the user to confirm or deny its intended performance of the secure transaction;
receiving a confirmation or denial result from the mobile communications device;
in response to a confirmation result, transmitting a positive authentication result to the secure transaction host; and
in response to a denial result, transmitting a negative authentication result to the secure transaction host.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for authenticating secure transactions between a transacting user (9) and a secure transaction host (15) is provided. The system includes a mobile phone software application (59) installed on a transacting user'"'"'s mobile phone (7) which is configured to compose a digital fingerprint (13) uniquely associated with the specific mobile phone (7) on which it is installed. The system further includes an authentication service provider with which users of the system may be enrolled by registering at least the digital identifiers composed by the applications installed on their mobile communication devices in an authentication database (5). The authentication service provider is configured to authenticate secure transactions on request from secure transaction hosts by sending transaction confirmation requests to mobile phones of enrolled users requiring them to confirm or deny secure transactions before such transactions are allowed to be finalized.
107 Citations
27 Claims
-
1. A method for authentication of a secure transaction to be conducted between a secure transaction host and a transacting user, the method to be carried out at an authentication service provider and comprising the steps of:
-
receiving an authentication request from the secure transaction host; receiving a digital identifier from a mobile communications device associated with the transacting user, the digital identifier being uniquely associated with that specific mobile communications device; comparing the digital identifier with a list of digital identifiers associated with mobile communication devices of pre-enrolled users stored on a database associated with the authentication service provider; of the transacting user if the received digital identifier corresponds to a digital identifier stored on the database, the request requiring the user to confirm or deny its intended performance of the secure transaction; receiving a confirmation or denial result from the mobile communications device; in response to a confirmation result, transmitting a positive authentication result to the secure transaction host; and in response to a denial result, transmitting a negative authentication result to the secure transaction host. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for authenticating a secure transaction conducted between a transacting user and a secure transaction host, the system comprising:
-
a mobile communication device application configured to be installed on a mobile communication device, to compose a digital identifier uniquely associated with the mobile communication device on which it is installed, and to store the digital identifier in a storage location on the mobile communication device; and an authentication service provider including at least one authentication server and an authentication database associated therewith; wherein the authentication server is configured to enrol users by registering at least digital identifiers composed by applications installed on their mobile communication devices in the authentication database;
to receive an authentication request from the secure transaction host;
to receive a digital identifier from a mobile communication device of the transacting user;
to compare the received digital identifier with a list of digital identifiers associated with mobile communication devices of pre-enrolled users stored in the database;
to transmit a transaction confirmation request to the mobile communication device of the transacting user if the received digital identifier corresponds to a digital identifier stored on the database, requesting the user to confirm or deny its intended performance of the secure transaction;
to receive a confirmation or denial result from the mobile communications device of the transacting user; and
to transmit a positive authentication result to the secure transaction host in response to a confirmation result and a negative authentication result in response to a denial result. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification