Multi-Factor Authentication Using a Mobile Phone
First Claim
1. A method by which a presenter of a uniquely identifiable credential is authenticated for conducting a transaction with a second party comprising:
- a. a mobile phone whereon said presenter has previously been registered and associated with a secret pass phrase known only to said presenterb. a public key generated when said presenter registered themselves on said mobile phone using said secret pass phrasec. a private key generated when said presenter registered themselves on said mobile phone using said secret pass phrased. a public data base wherein the phone number associated with said mobile phone is registered and associated with said generated public key that is transmitted to and saved in said public data base when said presenter registered themselves with said mobile phonee. the registration of said uniquely identifiable credential on said mobile phone whereon said presenter has previously been registeredf. when said uniquely identifiable credential is presented to said second party by said presenter as authority to conduct said transaction, said second party uses said phone number of said mobile phone provided by said presenter of said uniquely identifiable credential to retrieve said public key from said public data baseg. said second party transmits to said mobile phone an authentication request encrypted using said public key retrieved from said public data baseh. said mobile phone on receipt of said encrypted authentication request uses said generated private key, associated with said presenter and said secret pass phrase entered into said mobile phone by said presenter, to decrypt said authentication request received by said mobile phone from said second partyi. said mobile phone uses said decrypted contents of said authentication request to determine authenticity of said presenter of said uniquely identifiable credential included in said authentication requestj. said user is requested to authorize said transaction request presented by said second party using said mobile phonek. said mobile phone, if said presenter successfully authorizes said transaction request, generates and returns to said second party an authentication response encrypted using said generated private key associated with said presenter previously registered on said mobile phonel. said second party decrypts said authentication response using said public key retrieved from said public data base and determines whether to accept or deny said transaction,
0 Assignments
0 Petitions
Accused Products
Abstract
The invention described here provides a fully-distributed solution to the problem of confirming the identity of the presenter of a payment card or other credentials, using multiple factors to authenticate the presenter. The invention leverages the wide penetration of mobile phones in modern economies as the basis for the distributed multi-factor authentication. For additional confidence levels biometric data can be incrementally included as part of the multi-factor authentication. The loss of any one of the multiple authentication factors does not compromise the integrity of the system or the individual, and there is no single point of vulnerability for attack or theft. The invention is fully backwards compatible with current payment cards systems and can be extended to almost any situation where the identity of the presenter of credentials needs to be authenticated prior to allowing the individual access to the protected services, systems, or locations. This allows for incremental adoption across a wide range of current and future systems.
182 Citations
17 Claims
-
1. A method by which a presenter of a uniquely identifiable credential is authenticated for conducting a transaction with a second party comprising:
-
a. a mobile phone whereon said presenter has previously been registered and associated with a secret pass phrase known only to said presenter b. a public key generated when said presenter registered themselves on said mobile phone using said secret pass phrase c. a private key generated when said presenter registered themselves on said mobile phone using said secret pass phrase d. a public data base wherein the phone number associated with said mobile phone is registered and associated with said generated public key that is transmitted to and saved in said public data base when said presenter registered themselves with said mobile phone e. the registration of said uniquely identifiable credential on said mobile phone whereon said presenter has previously been registered f. when said uniquely identifiable credential is presented to said second party by said presenter as authority to conduct said transaction, said second party uses said phone number of said mobile phone provided by said presenter of said uniquely identifiable credential to retrieve said public key from said public data base g. said second party transmits to said mobile phone an authentication request encrypted using said public key retrieved from said public data base h. said mobile phone on receipt of said encrypted authentication request uses said generated private key, associated with said presenter and said secret pass phrase entered into said mobile phone by said presenter, to decrypt said authentication request received by said mobile phone from said second party i. said mobile phone uses said decrypted contents of said authentication request to determine authenticity of said presenter of said uniquely identifiable credential included in said authentication request j. said user is requested to authorize said transaction request presented by said second party using said mobile phone k. said mobile phone, if said presenter successfully authorizes said transaction request, generates and returns to said second party an authentication response encrypted using said generated private key associated with said presenter previously registered on said mobile phone l. said second party decrypts said authentication response using said public key retrieved from said public data base and determines whether to accept or deny said transaction, - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method by which a presenter of a uniquely identifiable credential is authenticated for conducting a transaction with a second party comprising:
-
a. a mobile phone whereon said presenter has previously been registered and associated with a secret pass phrase known only to said presenter b. a public key generated when said presenter registered themselves on said mobile phone using said secret pass phrase c. a private key generated when said presenter registered themselves on said mobile phone using said secret pass phrase d. a public data base wherein phone number associated with said mobile phone is registered and associated with said generated public key that is transmitted to and saved in said public data base when said presenter registered themselves with said mobile phone e. the registration of said uniquely identifiable credential on said mobile phone whereon said presenter has previously been registered f. when said uniquely identifiable credential is presented to said second party by said presenter as authority to conduct said transaction, said second party uses said phone number of said mobile phone provided by said presenter of said uniquely identifiable credential to retrieve said public key from said public data base g. said second party retrieves from said presenter of said uniquely identifiable credential uniquely associated biometric data comprising; i. a thumb print, or finger print, or eye iris pattern scan, or voice print, or DNA pattern, or DNA signature, or hand geometry, or face scan or other biometric data uniquely associated with said presenter h. said second party transmits to said mobile phone an authentication request that includes said biometric data, in addition to any other information, encrypted using said public key retrieved from said public data base i. said mobile phone on receipt of said encrypted authentication request uses said generated private key, associated with said presenter and said secret pass phrase entered into said mobile phone by said presenter, to decrypt said authentication request received by said mobile phone from said second party j. said user is requested to authorize said transaction request presented by said second party using said mobile phone k. said mobile phone, if said presenter successfully authorizes said transaction request, uses decrypted contents of said authentication request and said biometric data included in said authentication request with said encrypted biometric data previously stored on said mobile phone, if any, to determine authenticity of said presenter l. said mobile phone generates and returns to said second party an authentication response encrypted using said generated private key associated with said presenter previously registered on said mobile phone m. said second party decrypts said authentication response using said public key retrieved from said public data base and determines whether to accept or deny said transaction, - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
Specification