Secure Transaction Authentication

US 20110086616A1
Filed: 12/03/2009
Published: 04/14/2011
Est. Priority Date: 12/03/2008
Status: Active Grant

First Claim

Patent Images

1. A method for authentication of a secure transaction to be conducted between a secure transaction host and a transacting user, the method to be carried out at an authentication service provider and comprising the steps of:

receiving an authentication request from the secure transaction host;

receiving a digital identifier from a mobile communications device associated with the transacting user, the digital identifier being uniquely associated with that specific mobile communications device;

comparing the digital identifier with a list of digital identifiers associated with mobile communication devices of pre-enrolled users stored on a database associated with the authentication service provider;

of the transacting user if the received digital identifier corresponds to a digital identifier stored on the database, the request requiring the user to confirm or deny its intended performance of the secure transaction;

receiving a confirmation or denial result from the mobile communications device;

in response to a confirmation result, transmitting a positive authentication result to the secure transaction host; and

in response to a denial result, transmitting a negative authentication result to the secure transaction host.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authenticating secure transactions between a transacting user (9) and a secure transaction host (15) is provided. The system includes a mobile phone software application (59) installed on a transacting user'"'"'s mobile phone (7) which is configured to compose a digital fingerprint (13) uniquely associated with the specific mobile phone (7) on which it is installed. The system further includes an authentication service provider with which users of the system may be enrolled by registering at least the digital identifiers composed by the applications installed on their mobile communication devices in an authentication database (5). The authentication service provider is configured to authenticate secure transactions on request from secure transaction hosts by sending transaction confirmation requests to mobile phones of enrolled users requiring them to confirm or deny secure transactions before such transactions are allowed to be finalized.

107 Citations

View as Search Results

27 Claims

1. A method for authentication of a secure transaction to be conducted between a secure transaction host and a transacting user, the method to be carried out at an authentication service provider and comprising the steps of:
- receiving an authentication request from the secure transaction host;
  
  receiving a digital identifier from a mobile communications device associated with the transacting user, the digital identifier being uniquely associated with that specific mobile communications device;
  
  comparing the digital identifier with a list of digital identifiers associated with mobile communication devices of pre-enrolled users stored on a database associated with the authentication service provider;
  
  of the transacting user if the received digital identifier corresponds to a digital identifier stored on the database, the request requiring the user to confirm or deny its intended performance of the secure transaction;
  
  receiving a confirmation or denial result from the mobile communications device;
  
  in response to a confirmation result, transmitting a positive authentication result to the secure transaction host; and
  
  in response to a denial result, transmitting a negative authentication result to the secure transaction host.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as claimed in claim 1, wherein the mobile communications device is a mobile telephone.
  - 3. The method as claimed in claim 1, further including the step of requesting the digital identifier from the mobile communications device upon receipt of the authentication request from the secure transactions host.
  - 4. The method as claimed in claim 1, further including the steps of establishing a secure communications link between the mobile communications device of the transacting user and the authentication service provider if the received digital identifier corresponds to a digital identifier stored on the database, and transmitting the transaction confirmation request over the secure communications link and receiving the confirmation or denial result over the secure communications link.
  - 5. The method as claimed in claim 1, wherein the step of receiving the digital identifier from the mobile communications device associated with the transacting user includes receiving the digital identifier from a secure storage location on the mobile communications device from where it is retrievable by means of an authentication application installed on the mobile communications device.

6. A system for authenticating a secure transaction conducted between a transacting user and a secure transaction host, the system comprising:
- a mobile communication device application configured to be installed on a mobile communication device, to compose a digital identifier uniquely associated with the mobile communication device on which it is installed, and to store the digital identifier in a storage location on the mobile communication device; and
  
  an authentication service provider including at least one authentication server and an authentication database associated therewith;
  
  wherein the authentication server is configured to enrol users by registering at least digital identifiers composed by applications installed on their mobile communication devices in the authentication database;
  
  to receive an authentication request from the secure transaction host;
  
  to receive a digital identifier from a mobile communication device of the transacting user;
  
  to compare the received digital identifier with a list of digital identifiers associated with mobile communication devices of pre-enrolled users stored in the database;
  
  to transmit a transaction confirmation request to the mobile communication device of the transacting user if the received digital identifier corresponds to a digital identifier stored on the database, requesting the user to confirm or deny its intended performance of the secure transaction;
  
  to receive a confirmation or denial result from the mobile communications device of the transacting user; and
  
  to transmit a positive authentication result to the secure transaction host in response to a confirmation result and a negative authentication result in response to a denial result.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 7. The system as claimed in claim 6, wherein a communication link is established between the server and the transacting user'"'"'s mobile communication device if the received digital identifier corresponds to a digital identifier stored on the database, with the transaction confirmation request and confirmation or denial result being communicated over the communications link.
  - 8. The system as claimed in claim 6, wherein the mobile communications device is a mobile phone.
  - 9. The system as claimed in claim 8, wherein the mobile communications device application is a software application which is downloadable from the mobile phone from a domain associated with the authentication service provider, over the Internet.
  - 10. The system as claimed in claim 6, wherein the digital identifier is composed as a function of the International Mobile Equipment Identity (IMEI) number of the mobile phone on which the application is installed, the International Mobile Subscriber Identity (IMSI) number of the SIM card being used in the mobile phone and a random number stored in a mobile phone memory.
  - 11. The system as claimed in claim 6, wherein the storage location on the mobile phone is secure and accessible by the application by means of Digital Rights Management features of an operating system operating on the mobile phone.
  - 12. The system as claimed in claim 11, wherein only authorized applications, preferably only the application, have access to the unique identifier stored on the mobile phone.
  - 13. The system as claimed in claim 6, wherein the application is configured to periodically compose a new digital identifier using the IMEI number of the mobile phone, the IMSI number of the mobile phone'"'"'s SIM card and a newly generated random number.
  - 14. The system as claimed in claim 13, wherein the new digital identifier is composed after each successful transaction authentication, with each new digital identifier being stored in the secure storage location on the mobile phone and uploaded to the authentication database upon its composition.
  - 15. The system as claimed in claim 6, wherein additional information associated with a user is recorded in the authentication database when a user is enrolled with the authentication server, with the additional information including one or more of personal information, bank account details and credit card details.
  - 16. The system as claimed in claim 9, wherein an enrolment pass key is created and assigned to a user when the application is downloaded to its mobile phone, with the enrolment pass key entitling the user to enrol with the authentication server.
  - 17. The system as claimed in claim 6, wherein the user is required to supply personal identification information to enable it to enrol with the authentication service provider.
  - 18. The system as claimed in claim 6, further including an authentication web server by means of which clients or client applications may interface with the authentication server.
  - 19. The system as claimed in claim 18, wherein the web server defines a number of XML-RPC queries by means of which client institutions may perform authentication queries with the authentication server.
  - 20. The system as claimed in claim 19, wherein the web server makes the results of queries to the authentication server available by means of an independent variable which may be read by the client institutions while preventing direct access by the client institutions to the authentication server and database.
  - 21. The system as claimed in claim 7, wherein the communication link is a wireless GSM or CDMA communications link, preferably a GPRS link in the case of a GSM network.
  - 22. The system as claimed in claim 6, wherein the application is configured to initiate a suitable alarm and pop-up that appears on a screen of the mobile phone of the transacting user in response to the confirmation or denial request from the authentication server, with the pop-up requesting the user to confirm or deny its intended performance of the secure transaction by means of a key press.
  - 23. The system as claimed in claim 7, wherein the authentication server is configured to transmit a text message to the mobile phone of the transacting user prompting the user to establish the communication link if the communication link had not yet been established when the authentication server attempts to transmit the confirmation or denial request to the transacting user'"'"'s mobile phone.
  - 24. The system as claimed in claim 7, wherein communication over the communication link is conducted by means of SSL or TLS secured messages.
  - 25. The system as claimed in claim 6, wherein the authentication service provider includes a plurality of authentication servers driven by a load balancing server that assigns servers to mobile communications devices of transacting users according to the loads on the respective servers.
  - 26. The system as claimed in claim 6, wherein the secure transaction includes any one or more of the group comprising access to a secure client domain, online financial transactions, offline financial transactions, online purchases, offline purchases, access to databases, access to information, physical access to buildings or other premises, access to computer networks, subscriber websites, and network portals.
  - 27. The system as claimed in claim 6, wherein a successful secured transaction is granted to the transacting user only upon receipt of a successful authentication result from the authentication server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entersekt International limited (Entersekt Pty Ltd.)
Original Assignee
Entersect Technologies Limited
Inventors
Müller, Daniel Jacobus, Brand, Christiaan Johannes Petrus, Van Tonder, Albertus Stefanus, Nolte, Dewald de Ridder

Granted Patent

US 8,862,097 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 20/326   Payment applications instal...

G06Q 20/42   Confirmation, e.g. check or...

G06Q 20/425   using two different network...

H04L 2463/082   applying multi-factor authe...

H04L 2463/102   applying security measure f...

H04L 63/0876   based on the identity of th...

H04L 63/18   using different networks or...

H04W 12/06   Authentication

Secure Transaction Authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

107 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Secure Transaction Authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others