Secure financial transaction system using a registered mobile device

US 20120028609A1
Filed: 07/26/2011
Published: 02/02/2012
Est. Priority Date: 07/27/2010
Status: Abandoned Application

First Claim

Patent Images

1. A system on a computer based network for secure transfer of a customer'"'"'s funds, comprising:

a secure financial proxy account such as an online wallet, established for the purpose of holding unused dormant customer funds until activated and allocated by means of a pre-registered personal handheld device;

a personal handheld device;

a registration protocol for the personal handheld device;

a mobile application installed on the personal handheld device;

a unique authentication identification number for the personal handheld device and for the mobile application installed on that device;

an activation protocol for identifying the account'"'"'s registered handheld device, its mobile application, its owner and its location coordinates for making the account and funds active for a particular desired transaction with a specific merchant or financial institution for a specified amount for a specific configurable amount of time;

a transactional and authentication server which stores and authenticates data sent from the customer'"'"'s personal handheld device sent over a telecommunications network;

and a unique customer and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token created by the transactional and authentication server which is specific to the handheld device, its location, and the customer'"'"'s personal identification information for consummating the particular transaction with the specific merchant or financial institution.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure system and method are disclosed to effectuate financial transactions over a secure internet backbone establishing and using a secure financial proxy account and a pre-registered personal handheld mobile device where all funds within the account remain in an “inactive” non-usable state until activated and allocated only by the registered mobile handheld device.

529 Citations

20 Claims

1. A system on a computer based network for secure transfer of a customer'"'"'s funds, comprising:
- a secure financial proxy account such as an online wallet, established for the purpose of holding unused dormant customer funds until activated and allocated by means of a pre-registered personal handheld device;
  
  a personal handheld device;
  
  a registration protocol for the personal handheld device;
  
  a mobile application installed on the personal handheld device;
  
  a unique authentication identification number for the personal handheld device and for the mobile application installed on that device;
  
  an activation protocol for identifying the account'"'"'s registered handheld device, its mobile application, its owner and its location coordinates for making the account and funds active for a particular desired transaction with a specific merchant or financial institution for a specified amount for a specific configurable amount of time;
  
  a transactional and authentication server which stores and authenticates data sent from the customer'"'"'s personal handheld device sent over a telecommunications network;
  
  and a unique customer and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token created by the transactional and authentication server which is specific to the handheld device, its location, and the customer'"'"'s personal identification information for consummating the particular transaction with the specific merchant or financial institution.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, further comprising:
    - a point of purchase barcode scanner on the personal handheld device to identify the specific merchant or financial institution with whom the transaction is to be consummated;
      
      a point of sale token scanner device; and
      
      a linked proprietary application used to authenticate the specific merchant or financial institution, the specific customer and device, and the subject matter for the transaction by identifying and validating the unique customer and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token.
  - 3. The system of claim 1, where the personal handheld device is a telecommunication device with access to a telecommunication data network.
  - 4. The system of claim 3, where the personal handheld device is a smartphone.
  - 5. The system of claim 3, where the personal handheld device is a tablet device.
  - 6. The system of claim 1, further comprising:
    - a front facing camera on the personal handheld device to take various industry-standardized facial measurements; and
      
      a biometric validation application component which combines the facial measurements into the customer'"'"'s personal identification information for further validation at the authentication server.
  - 7. The system of claim 2, wherein the point of sale token scanner used by the specific merchant or financial institution is a registered handheld or stationary telecommunication device for that specific merchant or financial institution linked to a telecommunications network;
    - the unique customer and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token is represented as a barcode or a graphic;
      
      and the proprietary application identifies and validates the unique customer and device specific, time-sensitive, single-use encrypted transactional alphanumeric digital token using barcode scanning methods.
  - 8. The system of claim 1, wherein the specific handheld device of the customer, and another telecommunication handheld or stationary device of the merchant or financial institution are enabled to communicate the unique customer and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token using a near-field communication, Bluetooth, infrared, light transmission protocols, audible frequency, sms, mms, wi-fi or other suitable synchronizing protocol over a telecommunications network.
  - 9. The system of claim 7, wherein the specific handheld device of the customer, and another telecommunication handheld or stationary device of the merchant or financial institution are enabled to communicate the unique customer and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token using a near-field communication, Bluetooth, infrared, light transmission protocols, audible frequency, sms, mms, wi-fi or other suitable synchronizing protocol over a telecommunications network.
  - 10. The system of claim 1, wherein:
    - the registration protocol for the personal handheld device further comprises;
      
      generating on the transactional and authentication server public and private encryption keys specific to the customer and the mobile device application; and
      
      sending the public and private encryption keys to the personal handheld device and its mobile application; and
      
      the activation protocol further comprises;
      
      encryption by means of the mobile application the unique authentication identification number for the personal handheld device and the mobile application, and the personal identification information for the customer with the customer'"'"'s assigned public key;
      
      decryption of the authentication identification number and the personal identification information and the desired transaction by the transactional and authentication server using the customer'"'"'s assigned private key;
      
      permanently hashing the results of the decryption by means of a one-way hash function;
      
      and comparison of these decrypted hashed results to the stored data on the transactional and authentication server for the specific customer'"'"'s account; and
      
      the unique customer and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token is encrypted by the transactional and authentication server using the customer'"'"'s assigned public key, is sent over a secure telecommunication network to the personal handheld device, and is decrypted at the device using the user and device specific private key located on the mobile application.

11. A method for secure transfer of customer funds, comprising the steps of:
- establishing an online account for a customer to hold dormant, unused funds for the customer;
  
  linking the online account to a transactional and authentication server wherein an application resides to effectuate transfer of secure funds;
  
  registering the customer'"'"'s personal handheld device onto the server via an appropriate protocol;
  
  generating a unique authentication identification number for the personal handheld device and for a mobile application installed on the personal handheld device;
  
  identifying the account'"'"'s registered handheld device and its owner for making the account and funds active;
  
  activating funds in the an online account for the customer via an appropriate protocol for a particular transaction with a specific merchant or financial institution in a specified amount for a specific configurable amount of time;
  
  generating a unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token by the transactional and authentication server using the unique identifier of the specific handheld device, the unique identifier of the mobile handset'"'"'s applications, and the customer'"'"'s personal identification information, for the purpose of consummating the particular transaction with the specific merchant or financial institution;
  
  transmitting the unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token by an ssl or tls or other secure protocol over a telecommunications network from the transactional and authentication server to the specific handheld device;
  
  inputting this unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token at the system'"'"'s point of sale or ATM application;
  
  sending the unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token, and the identifier of the handheld device to the transactional server; and
  
  verifying the unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token from the identifier of the handheld device by means of an appropriate secure transactional encryption and decryption algorithm.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further comprising the steps of:
    - scanning a barcode by means of a point of purchase barcode scanner on the personal handheld device so as to identify a merchant or financial institution and subject matter for the transaction;
      
      using the barcode information in the generating step for the unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token;
      
      transmitting the unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token to the merchant or financial institution via a telecommunications network;
      
      scanning the unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token, represented graphically, at a point of sale token scanner used by the specific merchant or financial institution;
      
      identifying and validating the unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token to consummate the transaction by means of an appropriate proprietary application.
  - 13. The method of claim 11, further comprising the steps of:
    - taking various industry-standardized facial measurements by means of a front facing camera of the smart phone;
      
      combining the facial measurements into the user'"'"'s personal identification information by means of a biometric validation application for further validation at the authentication server;
      
      storing the results of the combination step in the users account;
      
      passing the results of the combination step to the transactional and authentication server over the telecommunications network; and
      
      utilizing the results of the combination step to biometrically validate and authenticate the user for a desired transaction.
  - 14. The method of claim 11, wherein the personal handheld device is a telecommunication device with access to a telecommunication data network.
  - 15. The method of claim 14, wherein the personal handheld device is a smartphone.
  - 16. The method of claim 14, wherein the personal handheld device is a tablet device.
  - 17. The method of claim 12, wherein the proprietary application identifies and validates the unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token using barcode scanning methods;
    - andthe unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token is represented as a barcode or a graphic.
  - 18. The method of claim 11, wherein the specific handheld device of the user, and another handheld or stationary device of the merchant or financial institution are enabled to communicate the unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token using a near-field communication, Bluetooth, infrared, light transmission protocols, sms, mms, wi-fi or other suitable synchronizing protocol over a telecommunications network.
  - 19. The method of claim 17, wherein the specific handheld device of the user, and another handheld or stationary device of the merchant or financial institution are enabled to communicate the unique user and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token using a near-field communication, Bluetooth, infrared, light transmission protocols, sms, mms, wi-fi or other suitable synchronizing protocol over a telecommunications network.
  - 20. The method of claim 11, further comprising the steps of:
    - generating and assigning the customer with public and private encryption keys specific to the customer and the mobile device application;
      
      encrypting by means of the mobile application the unique authentication identification number for the personal handheld device and the mobile application, and the personal identification information for the customer and the desired transaction with the customer'"'"'s assigned public key;
      
      decrypting the authentication identification number and the personal identification information and the desired transaction by the transactional and authentication server using the customer'"'"'s assigned private key;
      
      applying a one-way encryption hash function by the transactional and authentication server to the decryption results;
      
      comparing this information to the stored data on the transactional and authentication server in order to authenticate the specific customer'"'"'s account;
      
      encrypting the unique customer and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token by the transactional and authentication server using the customer'"'"'s assigned public key prior to the transmission step; and
      
      decrypting after the transmission step the unique customer and device specific, time-sensitive, single-use encrypted digital transactional alphanumeric token by the mobile application at the device using the user and device specific private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
John Hruska
Original Assignee
John Hruska
Inventors
Hruska, John

Application Number

US13/136,218
Publication Number

US 20120028609A1
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

G06Q 20/3674   involving authentication

H04L 2209/56   Financial cryptography, e.g...

H04L 63/083   using passwords cryptograph...

H04L 9/3213   using tickets or tokens, e....

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/068   using credential vaults, e....

Secure financial transaction system using a registered mobile device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

529 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure financial transaction system using a registered mobile device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

529 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links