System, Method and Device To Authenticate Relationships By Electronic Means
First Claim
1. A system for additionally authenticating existing relationships by electronic means between a user and an organization, in which the user takes non-deniable responsibility for any decision or transaction carried on through said relationships, thereby reducing the possibility of fraud, comprising:
- a central gateway server having at least one computer processor, a computer memory, and at least one network interface,said computer memory containing;
a private key associated with said central gateway server,a digital certificate associated with said central gateway server, said digital certificate being from a trusted certification authority, andcomputer processor executable instructions for communicating and relaying data through said at least one network interface and for encrypting and decrypting data with said private key and said digital certificate;
a data base server having at least one computer processor, a computer memory, and at least one network interface connecting said data base server to at least one existing central server of said organization,said computer memory containing;
data that relates a unique identifier associated with said user with a mobile phone number associated with said user and a digital certificate associated with said user;
a permanent link between said at least one network interface of said central gateway server and said at least one network interface of said at least one existing central server of said organizationa mobile phone associated with said user, the mobile phone having at least one computer processor, a computer memory, at least one cellular network interface and at least one additional wireless interface to other wireless devices;
a mobile operator network capable of establishing data communication between said central gateway server and said mobile phone;
a special purpose device having at least one computer processor, a computer memory, a data communication link with said mobile phone, and a smart card containing;
a data communication link with said special purpose device, anda computer memory containing;
a private key associated with said user,a digital certificate associated with said user, said digital certificate being from a trusted certification authority,a digital certificate associated with said central gateway server, said digital certificate being from a trusted certification authority andcomputer processor executable instructions for encrypting and decrypting data;
wherein the at least one computer memory of the at least one existing central server associated with the said organization contains computer processor executable instructions for requesting the data base server to return, when provided with the unique identifier associated with said user, the mobile phone number and a digital certificate associated with said user;
wherein the computer memory of the data base server, contains computer executable instructions for returning the mobile phone number and a digital certificate associated with said user, on the basis of the unique identifier associated with said user, when requested by one existing central server associated with the said organization;
wherein the at least one computer memory of the at least one existing central server associated with said organization contains computer processor executable instructions for sending a message requiring an authenticated and confirmed response from the user through said invented system, and for receiving said authenticated and confirmed response;
wherein the computer memory of the central gateway server contains computer executable instructions for encrypting and communicating said message requiring an authenticated and confirmed response from said user through said mobile phone associated with said user and for receiving and decrypting said authenticated and confirmed response from said mobile phone associated with said user.wherein the computer memory of said mobile phone contains computer executable instructions for said mobile phone to communicate with said central gateway server through said mobile operator;
wherein the computer memory of said mobile phone contains computer executable instructions for said mobile phone to communicate with said special purpose device, for displaying messages to said user, and for receiving the response provided by said user, being it a personal identification number, a yes for accepting or a no for rejecting the details of the transaction message received at said mobile phone, and taking a non-deniable responsibility for that by confirming his decision.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention is in the Information Technology field, specifically in the authentication of systems'"'"' users by using wireless remote communication technologies and refers to a system, a method, and a device capable of authenticating users and providers of centralized services, safely and reciprocally. More specifically, the invention'"'"'s field of application is that of methods of management of people authenticating processes, in their relationships through digital electronic means.
-
Citations
3 Claims
-
1. A system for additionally authenticating existing relationships by electronic means between a user and an organization, in which the user takes non-deniable responsibility for any decision or transaction carried on through said relationships, thereby reducing the possibility of fraud, comprising:
-
a central gateway server having at least one computer processor, a computer memory, and at least one network interface, said computer memory containing; a private key associated with said central gateway server, a digital certificate associated with said central gateway server, said digital certificate being from a trusted certification authority, and computer processor executable instructions for communicating and relaying data through said at least one network interface and for encrypting and decrypting data with said private key and said digital certificate; a data base server having at least one computer processor, a computer memory, and at least one network interface connecting said data base server to at least one existing central server of said organization, said computer memory containing; data that relates a unique identifier associated with said user with a mobile phone number associated with said user and a digital certificate associated with said user; a permanent link between said at least one network interface of said central gateway server and said at least one network interface of said at least one existing central server of said organization a mobile phone associated with said user, the mobile phone having at least one computer processor, a computer memory, at least one cellular network interface and at least one additional wireless interface to other wireless devices; a mobile operator network capable of establishing data communication between said central gateway server and said mobile phone; a special purpose device having at least one computer processor, a computer memory, a data communication link with said mobile phone, and a smart card containing; a data communication link with said special purpose device, and a computer memory containing; a private key associated with said user, a digital certificate associated with said user, said digital certificate being from a trusted certification authority, a digital certificate associated with said central gateway server, said digital certificate being from a trusted certification authority and computer processor executable instructions for encrypting and decrypting data; wherein the at least one computer memory of the at least one existing central server associated with the said organization contains computer processor executable instructions for requesting the data base server to return, when provided with the unique identifier associated with said user, the mobile phone number and a digital certificate associated with said user; wherein the computer memory of the data base server, contains computer executable instructions for returning the mobile phone number and a digital certificate associated with said user, on the basis of the unique identifier associated with said user, when requested by one existing central server associated with the said organization; wherein the at least one computer memory of the at least one existing central server associated with said organization contains computer processor executable instructions for sending a message requiring an authenticated and confirmed response from the user through said invented system, and for receiving said authenticated and confirmed response; wherein the computer memory of the central gateway server contains computer executable instructions for encrypting and communicating said message requiring an authenticated and confirmed response from said user through said mobile phone associated with said user and for receiving and decrypting said authenticated and confirmed response from said mobile phone associated with said user. wherein the computer memory of said mobile phone contains computer executable instructions for said mobile phone to communicate with said central gateway server through said mobile operator; wherein the computer memory of said mobile phone contains computer executable instructions for said mobile phone to communicate with said special purpose device, for displaying messages to said user, and for receiving the response provided by said user, being it a personal identification number, a yes for accepting or a no for rejecting the details of the transaction message received at said mobile phone, and taking a non-deniable responsibility for that by confirming his decision.
-
-
2. A method for additionally authenticating existing relationships by electronic means between a user and an organization, in which the user takes non-deniable responsibility for any decision or transaction carried on through said relationships, thereby reducing the possibility of fraud, in a system comprising:
a central gateway server having at least one computer processor, a computer memory, and at least one network interface, said computer memory containing; a private key associated with said central gateway server, a digital certificate associated with said central gateway server, said digital certificate being from a trusted certification authority, and computer processor executable instructions for communicating and relaying data through said at least one network interface and for encrypting and decrypting data with said private key and said digital certificate; a data base server having at least one computer processor, a computer memory, and at least one network interface connecting said data base server to at least one existing central server of said organization, said computer memory containing; data that relates a unique identifier associated with said user with a mobile phone number associated with said user and a digital certificate associated with said user; a permanent link between said at least one network interface of said central gateway server and said at least one network interface of said at least one existing central server of said organization a mobile phone associated with said user, the mobile phone having at least one computer processor, a computer memory, at least one cellular network interface and at least one additional wireless interface to other wireless devices; a mobile operator network capable of establishing data communication between said central gateway server and said mobile phone; a special purpose device having at least one computer processor, a computer memory, a data communication link with said mobile phone, and a smart card containing; a data communication link with said special purpose device, and a computer memory containing; a private key associated with said user, a digital certificate associated with said user, said digital certificate being from a trusted certification authority, a digital certificate associated with said central gateway server, said digital certificate being from a trusted certification authority and computer processor executable instructions for encrypting and decrypting data; the steps of the method comprising; said user turning on the special purpose device and activating it by keying in a personal identification number on the mobile phone of said user, said user submitting the approval of his/her request to the existing central server of said organization through the existing user interface level offered by said organization; receiving in the at least one existing central server of said organization a request from said user, said request being for the approval of a transaction or event requested by said user, through the existing user interface level offered by said organization; generating and sending a message from the at least one existing central server of said organization to the central gateway server of said invented system through the permanent link containing an identification of the organization, a message number ID, an identification of the user, the mobile phone number of the user, the digital certificate of the user, and data characterizing the request for the approval of a transaction or event requested by the user; generating in the central gateway server a cryptographic challenge, including a double digital signature of the message received from the at least one existing central server of said organization with the private key associated with the central gateway server and the public key contained in the digital certificate of the user, thereby encrypting the message from the at least one central server; sending the encrypted message from the central gateway server through the mobile operator network to the mobile phone of the user; waiting for the mobile phone of the user to communicate with the special purpose device together with the smart card to decrypt the message using a process based on validating the double signature of the message using the public key contained in the digital certificate of said user and the private key of said central gateway server; waiting for the mobile phone of the user to present the decrypted message, including the identification of the organization and information regarding the nature of the transaction or event; waiting for the user to input and confirm a response to the information presented to the user by the mobile phone; waiting for the mobile phone to transmit the response of the user in addition to information regarding the transaction or event to the special purpose device; waiting for the special purpose device, together with the smart card to perform cryptographic operations to generate a secure message containing the response from the user, the message being digitally signed using the private key of the user and the public key of the central gateway server; waiting for the mobile phone to transmit the secure digitally signed message back to the central gateway server through the mobile operator network; receiving the secure digitally signed message in the central gateway server and determining if the secure digitally signed message is authentic; if the secure digitally signed message is not authentic, then sending an error message to the at least one existing central server of said organization; if no response from said user is received in a pre-defined time interval, then sending an error message to the at least one existing central server of said organization; if the secure digitally signed message is authentic, sending a message with the response of said user through said permanent link to the at least one existing central server of said organization; receiving the message at the existing central server of said organization and identifying the nature of the received message; if it is an error message then sending in sequence a message denying the requested approval back to the existing user level interface offered by said organization from which it came from; if it is a message with a no from said user, then sending in sequence a message denying the requested approval back to the existing user level interface offered by said organization from which it came from; if it is a message with a yes from said user, then sending in sequence a message approving the requested approval back to the existing user level interface offered by said organization from which it came from.
-
3. Equipment for use in electronically authenticating relationships between a user and an organization, comprising:
-
a special purpose device comprising; at least one computer processor; a computer memory; a data communication interface enabling the special purpose device to establish a data communication link with a mobile phone; hardware, and computer executable instructions in the computer memory, adapted to enable the special purpose device to read and write data to a PKI (public key infrastructure) enabled JAVA smart card, with the dimensions of a standard SIM card inserted in the special purpose device and, in conjunction with said smart card, to encrypt and decrypt data sent to and received from the mobile phone; a button to turn said special purpose device on or off; a light emitting element adapted for indicating when the device is on; and a battery for supplying energy to the special purpose device. wherein the data communication link between the mobile phone and the special purpose device is wireless; wherein the said special purpose device further contains computer executable instructions to verify whether the personal identification number transmitted from the mobile phone is correct and to operate in conjunction with the mobile phone and the smart card to encrypt and decrypt data only if the transmitted personal identification number is correct; wherein the said special purpose device further contains computer executable instructions to perform the digital signatures validation and creation, in conjunction with said smart card, and in accordance to the steps mentioned in said invented method; wherein said smart card contains the private key and digital certificate of said user, and the digital certificate associated with said central gateway server.
-
Specification