Mobile Device Transaction Using Multi-Factor Authentication

US 20120110341A1
Filed: 11/02/2011
Published: 05/03/2012
Est. Priority Date: 11/02/2010
Status: Active Grant

First Claim

Patent Images

1. A method of conducting an electronic transaction using a mobile device, the method comprising:

(a) storing an identifier in persistent memory of the mobile device;

(b) storing a biometric model in an encrypted form in persistent memory of the mobile device, the biometric model representing biometric features of an authorized user of the mobile device;

(c) generating a first public key and private key pair (P_PDA, R_PDA) for registration with at least one certificate authority;

(d) utilizing a predetermined hash function to generate a plurality of hash values Y_ibased upon reference data, said reference data including said identifier stored in 1a and data of said biometric model of 1b in decrypted form;

(e) encrypting said plurality of hash values Y_iwith said private key R_PDAto derive a plurality of encrypted hash values Z_i, and communicating said plurality of encrypted hash values Z_ias well as said public key P_PDAto the at least one certificate authority;

(f) at the at least one certificate authority, decrypting said plurality of encrypted hash values Z, utilizing said public key P_PDAto reconstruct said plurality of hash values Y_i;

(g) at the at least one certificate authority, generating a respective second public key and private key pair (P_CA, R_CA) for registration with the authorized user and the mobile device;

(h) at the at least one certificate authority, encrypting said plurality of hash values Y_ireconstructed in 1f with said respective private key R_CAto derive a plurality of encrypted hash values A_i;

(i) persistently storing said plurality of encrypted hash values A_ifor access by the mobile device;

(j) persistently storing said respective public key R_CAfor access by the mobile device;

(k) performing a validation process on the mobile device thati. decrypts said plurality of encrypted hash values A_ipersistently stored in 1i utilizing said respective public key RCA persistently stored in 1j to derive a plurality of hash values Y_i^CA,ii. utilizing said predetermined hash function of 1d to generate a plurality of hash values Y_ibased upon said reference data, andiii. comparing said plurality of hash values Y_i^CAderived in 1(k)i and said plurality of hash values Y_iderived in 1(k)ii to determine if said hash values match one another; and

(l) selectively performing a sequence of operations for carrying out the electronic transaction based upon the determination of 1(k)iii, wherein said sequence of operations include biometric verification for a user of the mobile device utilizing said biometric model stored in 1b.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The following is a system in which a person may use a Cellular (Mobile) Telephone, a PDA or any other handheld computer to make a purchase. This is an example only. The process may entail any type of transaction which requires authentication, such as any financial transaction, any access control (to account information, etc.), and any physical access scenario such as doubling for a passport or an access key to a restricted area (office, vault, etc.). It may also be used to conduct remote transactions such as those conducted on the Internet (E-Commerce, account access, etc.). In the process, a multi-factor authentication is used.

89 Citations

View as Search Results

30 Claims

1. A method of conducting an electronic transaction using a mobile device, the method comprising:
- (a) storing an identifier in persistent memory of the mobile device;
  
  (b) storing a biometric model in an encrypted form in persistent memory of the mobile device, the biometric model representing biometric features of an authorized user of the mobile device;
  
  (c) generating a first public key and private key pair (P_PDA, R_PDA) for registration with at least one certificate authority;
  
  (d) utilizing a predetermined hash function to generate a plurality of hash values Y_ibased upon reference data, said reference data including said identifier stored in 1a and data of said biometric model of 1b in decrypted form;
  
  (e) encrypting said plurality of hash values Y_iwith said private key R_PDAto derive a plurality of encrypted hash values Z_i, and communicating said plurality of encrypted hash values Z_ias well as said public key P_PDAto the at least one certificate authority;
  
  (f) at the at least one certificate authority, decrypting said plurality of encrypted hash values Z, utilizing said public key P_PDAto reconstruct said plurality of hash values Y_i;
  
  (g) at the at least one certificate authority, generating a respective second public key and private key pair (P_CA, R_CA) for registration with the authorized user and the mobile device;
  
  (h) at the at least one certificate authority, encrypting said plurality of hash values Y_ireconstructed in 1f with said respective private key R_CAto derive a plurality of encrypted hash values A_i;
  
  (i) persistently storing said plurality of encrypted hash values A_ifor access by the mobile device;
  
  (j) persistently storing said respective public key R_CAfor access by the mobile device;
  
  (k) performing a validation process on the mobile device thati. decrypts said plurality of encrypted hash values A_ipersistently stored in 1i utilizing said respective public key RCA persistently stored in 1j to derive a plurality of hash values Y_i^CA,ii. utilizing said predetermined hash function of 1d to generate a plurality of hash values Y_ibased upon said reference data, andiii. comparing said plurality of hash values Y_i^CAderived in 1(k)i and said plurality of hash values Y_iderived in 1(k)ii to determine if said hash values match one another; and
  
  (l) selectively performing a sequence of operations for carrying out the electronic transaction based upon the determination of 1(k)iii, wherein said sequence of operations include biometric verification for a user of the mobile device utilizing said biometric model stored in 1b.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. A method according to claim 1, wherein the biometric verification of the user of the mobile device in said sequence of operations of 1(l) includes:
    - (m) capturing a biometric sample for the user of the mobile device;
      
      (n) executing a recognition engine on the mobile device thati) processes the biometric sample of the user captured in (m) to extract biometric features of the user and stores first data representative thereof,ii) decrypts the encrypted biometric model of 1b to reconstruct the biometric features of the authorized user and stores second data representative thereof;
      
      iii) compares the first data and the second data to determine whether the user of the mobile device whose biometric sample was captured in (m) is the authorized user of the mobile device.
  - 3. A method according to claim 1 wherein:
    - the biometric verification of the user of the mobile device in said sequence of operations of 1(l) includes a liveliness challenge communicated to said user.
  - 4. A method according to claim 1, wherein:
    - the sequence of operations of 1(l) further include at least one challenge to the user of the mobile device, the at least one challenge based upon stored information and known to the authorized user.
  - 5. A method according to claim 1, wherein:
    - said biometric model is generated by capturing at least one biometric sample of the authorized user during an enrollment process that includes the operations of steps 1c through 1i.
  - 6. A method according to claim 1, wherein:
    - the biometric model of the authorized user is based on at least one image of an anatomical part of the authorized user, and the biometric sample of the user is based on at least one image of the anatomical part of the user, wherein the anatomical part is selected from the group consisting of the ear, the face, the finger, the palm, the iris, and the retina.
  - 7. A method according to claim 1, wherein:
    - the biometric model of the authorized user is based a plurality of images of the face of the authorized user for a plurality of expressions, and the biometric sample of the user is based on at least one image of the face of the user for one or more of the plurality of expressions as specified in a challenge communicated to the user.
  - 8. A method according to claim 1, wherein:
    - the biometric model of the authorized user is based on reflection of sound in the ear canal of the authorized user, and the biometric sample of the user is based on reflection of sound in the ear canal of the user.
  - 9. A method according to claim 1, wherein:
    - the biometric model of the authorized user is based on recorded speech of the authorized user, and the biometric sample of the user is based on recorded speech of the user.
  - 10. A method according to claim 1, wherein:
    - the biometric model of the authorized user is based on recorded handwriting of the authorized user, and the biometric sample of the user is based on recorded handwriting of the user.
  - 11. A method according to claim 1, wherein:
    - the biometric model of the authorized user is based on recorded keystrokes of the authorized user, and the biometric sample of the user is based on recorded keystrokes of the user.
  - 12. A method according to claim 1, wherein:
    - the biometric model of the authorized user is based on at least one scan of the veins of an anatomical part of the authorized user, and the biometric sample of the user is based on at least one scan of the veins of an anatomical part of the user.
  - 13. A method according to claim 1, wherein:
    - the biometric model of the authorized user is based on at least one thermogram of an anatomical part of the authorized user, and the biometric sample of the user is based on at least thermogram of an anatomical part of the user.
  - 14. A method according to claim 1, wherein:
    - the operations of if through 1h are carried out over a plurality of certificate authorities.
  - 15. A method according to claim 14, wherein:
    - the encryption of 1h is carried out in a serial order over the plurality of certificate authorities; and
      
      the decryption of 1(k)i is carried out in a reverse serial order with respect to the serial order of 1h.
  - 16. A method according to claim 14, wherein:
    - the encryption of 1h is carried out in a parallel manner over the plurality of certificate authorities; and
      
      the decryption of 1(k)i is carried out in a parallel manner over the plurality of certificate authorities.
  - 17. A method according to claim 1, wherein:
    - said plurality of encrypted hash values A_iis persistently stored in a distributed manner over a plurality of network storage locations.
  - 18. A method according to claim 1, wherein:
    - said plurality of network storage locations are maintained by a plurality of certificate authorities.
  - 19. A method according to claim 1, further comprising:
    - performing a registration process with a transaction authority, the registration process generating a third public and private key pair (P_PDA^T, R_PDA^T) for communication of the authorized user and the mobile device to the transaction authority as well as a fourth public and private key pair (P_TA, R_TA) for communication of the transaction authority to the authorized user and the mobile device, wherein said transaction authority persistently stores data that links the fourth public and private key pair (P_TA, R_TA) as well as the third public key P_PDA^Tto an account of the authorized user for carrying out electronic transactions specific to the authorized user.
  - 20. A method according to claim 19, wherein:
    - said mobile device persistently stores data that that links the third public and private key pair(P_PDA^T,R_PDA^T) as well as the fourth public key P_TAto an account identifier for said account of the authorized user.
  - 21. A method according to claim 20, wherein:
    - the account identifier is communicated from the transaction authority to said mobile device during the registration process.
  - 22. A method according to claim 19, wherein said sequence of operations of 1(l) further includes:
    - generating transaction data at the mobile device in response to communication between the mobile device and a point of service;
      
      encrypting the transaction data at the mobile device using the private key R_PDA^Tto generate encrypted transaction data;
      
      communicating the encrypted transaction data to the transaction authority via the point of service;
      
      decrypting the encrypted transaction data at the transaction authority using the public P_PDA^Tto recover the transaction data; and
      
      performing a transaction using the recovered transaction data.
  - 23. A method according to claim 22, further comprising:
    - generating receipt data at the transaction authority for the transaction;
      
      encrypting the receipt data at the transaction authority using the private key R_TA;
      
      communicating the encrypted receipt data to the mobile device via the point of service;
      
      decrypting the encrypted receipt data at the mobile device using the public key P_TA;
      
      storing the decrypted receipt data at the mobile device for access by the authorized user.
  - 24. A method according to claim 22, wherein:
    - said point of service is part of said transaction authority.
  - 25. A method according to claim 19, wherein:
    - the transaction authority maintains data that specifies particular operations of the verification process of 1k and/or of the sequence of operations of 1(l).
  - 26. A method according to claim 19, wherein:
    - a point of service is in communication with the mobile device, and the point of service generates data that specifies particular operations of the verification process of 1k and/or of the sequence of operations of 1(l).
  - 27. A method according to claim 1, wherein:
    - the electronic transaction is a commercial transaction for the payment of goods or services.
  - 28. A method according to claim 1, wherein:
    - the electronic transaction is used to control access to a secure area.
  - 29. A method according to claim 28, wherein:
    - the secured area is selected from the group consisting of a secured premises, a secured building, a secured vault, a secured safety deposit bock, a safe, a lock box, and a gun vault.
  - 30. A method according to claim 1, wherein:
    - the electronic transaction realizes an electronic passport.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Homayoon Beigi
Original Assignee
Homayoon Beigi
Inventors
Beigi, Homayoon

Granted Patent

US 9,064,257 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06Q 20/3223   Realising banking transacti...

G06Q 20/3827   Use of message hashing

G06Q 20/409   Device specific authenticat...

H04L 2463/082   applying multi-factor authe...

H04L 63/0861   using biometrical features,...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3268   using certificate validatio...

H04W 12/069   using certificates or pre-s...

Mobile Device Transaction Using Multi-Factor Authentication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile Device Transaction Using Multi-Factor Authentication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links