Mobile Device Transaction Using Multi-Factor Authentication
First Claim
1. A method of conducting an electronic transaction using a mobile device, the method comprising:
- (a) storing an identifier in persistent memory of the mobile device;
(b) storing a biometric model in an encrypted form in persistent memory of the mobile device, the biometric model representing biometric features of an authorized user of the mobile device;
(c) generating a first public key and private key pair (PPDA, RPDA) for registration with at least one certificate authority;
(d) utilizing a predetermined hash function to generate a plurality of hash values Yi based upon reference data, said reference data including said identifier stored in 1a and data of said biometric model of 1b in decrypted form;
(e) encrypting said plurality of hash values Yi with said private key RPDA to derive a plurality of encrypted hash values Zi, and communicating said plurality of encrypted hash values Zi as well as said public key PPDA to the at least one certificate authority;
(f) at the at least one certificate authority, decrypting said plurality of encrypted hash values Z, utilizing said public key PPDA to reconstruct said plurality of hash values Yi;
(g) at the at least one certificate authority, generating a respective second public key and private key pair (PCA, RCA) for registration with the authorized user and the mobile device;
(h) at the at least one certificate authority, encrypting said plurality of hash values Yi reconstructed in 1f with said respective private key RCA to derive a plurality of encrypted hash values Ai;
(i) persistently storing said plurality of encrypted hash values Ai for access by the mobile device;
(j) persistently storing said respective public key RCA for access by the mobile device;
(k) performing a validation process on the mobile device thati. decrypts said plurality of encrypted hash values Ai persistently stored in 1i utilizing said respective public key RCA persistently stored in 1j to derive a plurality of hash values YiCA,ii. utilizing said predetermined hash function of 1d to generate a plurality of hash values Yi based upon said reference data, andiii. comparing said plurality of hash values YiCA derived in 1(k)i and said plurality of hash values Yi derived in 1(k)ii to determine if said hash values match one another; and
(l) selectively performing a sequence of operations for carrying out the electronic transaction based upon the determination of 1(k)iii, wherein said sequence of operations include biometric verification for a user of the mobile device utilizing said biometric model stored in 1b.
0 Assignments
0 Petitions
Accused Products
Abstract
The following is a system in which a person may use a Cellular (Mobile) Telephone, a PDA or any other handheld computer to make a purchase. This is an example only. The process may entail any type of transaction which requires authentication, such as any financial transaction, any access control (to account information, etc.), and any physical access scenario such as doubling for a passport or an access key to a restricted area (office, vault, etc.). It may also be used to conduct remote transactions such as those conducted on the Internet (E-Commerce, account access, etc.). In the process, a multi-factor authentication is used.
89 Citations
30 Claims
-
1. A method of conducting an electronic transaction using a mobile device, the method comprising:
-
(a) storing an identifier in persistent memory of the mobile device; (b) storing a biometric model in an encrypted form in persistent memory of the mobile device, the biometric model representing biometric features of an authorized user of the mobile device; (c) generating a first public key and private key pair (PPDA, RPDA) for registration with at least one certificate authority; (d) utilizing a predetermined hash function to generate a plurality of hash values Yi based upon reference data, said reference data including said identifier stored in 1a and data of said biometric model of 1b in decrypted form; (e) encrypting said plurality of hash values Yi with said private key RPDA to derive a plurality of encrypted hash values Zi, and communicating said plurality of encrypted hash values Zi as well as said public key PPDA to the at least one certificate authority; (f) at the at least one certificate authority, decrypting said plurality of encrypted hash values Z, utilizing said public key PPDA to reconstruct said plurality of hash values Yi; (g) at the at least one certificate authority, generating a respective second public key and private key pair (PCA, RCA) for registration with the authorized user and the mobile device; (h) at the at least one certificate authority, encrypting said plurality of hash values Yi reconstructed in 1f with said respective private key RCA to derive a plurality of encrypted hash values Ai; (i) persistently storing said plurality of encrypted hash values Ai for access by the mobile device; (j) persistently storing said respective public key RCA for access by the mobile device; (k) performing a validation process on the mobile device that i. decrypts said plurality of encrypted hash values Ai persistently stored in 1i utilizing said respective public key RCA persistently stored in 1j to derive a plurality of hash values YiCA, ii. utilizing said predetermined hash function of 1d to generate a plurality of hash values Yi based upon said reference data, and iii. comparing said plurality of hash values YiCA derived in 1(k)i and said plurality of hash values Yi derived in 1(k)ii to determine if said hash values match one another; and (l) selectively performing a sequence of operations for carrying out the electronic transaction based upon the determination of 1(k)iii, wherein said sequence of operations include biometric verification for a user of the mobile device utilizing said biometric model stored in 1b. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification