APPARATUS, SYSTEM AND METHOD EMPLOYING A WIRELESS USER-DEVICE

US 20120240195A1
Filed: 09/16/2011
Published: 09/20/2012
Est. Priority Date: 09/17/2010
Status: Active Application

First Claim

Patent Images

1. A system for controlling access to at least one computer, the system comprising:

a network having at least a portion that includes a wireless network;

at least one computer coupled to the network;

a handheld device configured to communicate with the at least one computer over the wireless network, the handheld device including;

a user interface programmed to receive a user input including secret information known to a user of the handheld device;

a processor coupled to the user interface, the processor programmed to authenticate the user of the handheld device and to generate a first time-varying non-predictable value following a successful authentication, by the handheld device, of the secret information received via the user interface; and

a wireless transceiver coupled to the processor and configured to transmit via the network a wireless signal including the first time-varying non-predictable value; and

a secure registry system including a communication interface coupled to the network, the secure registry system configured to receive the first time-varying non-predictable value and successfully authenticate the user where the first time-varying non-predictable value is matched to the user by the secure registry system,wherein the user of the handheld device is permitted to operate the at least one computer to access resources with the at least one computer so long as the at least one computer periodically receives subsequent authentication information from the handheld device that results in a continued successful authentication of the user for time periods subsequent to a time at which the first time-varying non-predictable value is generated.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention generally relate to apparatus, systems and methods for authentication, in particular, apparatus, systems and methods for authenticating an entity for computer and/or network security, secure authorization of a payment or for funds transfer and for selectively granting privileges and providing other services in response to such authentications. In addition, embodiments of the invention relate generally to apparatus, systems and methods for the communication of information between a mobile user-device and a point-of-sale device to securely provide authorization for a financial transaction.

Citations

33 Claims

1. A system for controlling access to at least one computer, the system comprising:
- a network having at least a portion that includes a wireless network;
  
  at least one computer coupled to the network;
  
  a handheld device configured to communicate with the at least one computer over the wireless network, the handheld device including;
  
  a user interface programmed to receive a user input including secret information known to a user of the handheld device;
  
  a processor coupled to the user interface, the processor programmed to authenticate the user of the handheld device and to generate a first time-varying non-predictable value following a successful authentication, by the handheld device, of the secret information received via the user interface; and
  
  a wireless transceiver coupled to the processor and configured to transmit via the network a wireless signal including the first time-varying non-predictable value; and
  
  a secure registry system including a communication interface coupled to the network, the secure registry system configured to receive the first time-varying non-predictable value and successfully authenticate the user where the first time-varying non-predictable value is matched to the user by the secure registry system,wherein the user of the handheld device is permitted to operate the at least one computer to access resources with the at least one computer so long as the at least one computer periodically receives subsequent authentication information from the handheld device that results in a continued successful authentication of the user for time periods subsequent to a time at which the first time-varying non-predictable value is generated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 22, 23)
- - 2. The system of claim 1, wherein the secure registry system is configured to lock the computer to prevent the user from operating the computer to access resources when the computer fails to periodically receive the subsequent authentication information.
  - 3. The system of claim 2, wherein the secure registry system is configured to lock the computer to prevent the user from operating the computer to access resources when the computer fails to periodically receive the subsequent authentication information because the handheld device is no longer within proximity of the computer.
  - 4. The system of claim 3, wherein the wireless network includes any one of a Wi-fi communication, near field communication and Bluetooth communication employed for communication between the computer and the handheld device, andwherein the proximity is determined by a range of the wireless network local to the computer.
  - 5. The system of claim 4, wherein the handheld device includes any of a mobile phone, a tablet computer and a personal digital assistant, andwherein the computer includes any one of a desktop computer, a notebook computer, a laptop computer, a netbook computer and a tablet computer.
  - 6. The system of claim 3, wherein the secure registry system is coupled to a plurality of computers, the computers each associated with a plurality of users, respectively, andwherein the secure registry system is configured to authenticate each of the plurality of users to provide access for each user to at least one computer associated with the user, respectively.
  - 7. The system of claim 6, wherein the plurality of users includes a second user associated with a second computer,wherein the second user is in possession of a second handheld device including a second processor, andwherein the processor is configured to generate a second time-varying non-predictable value following a successful authentication of the second user by the second device.
  - 8. The system of claim 7, wherein the second handheld device includes a second wireless transceiver coupled to the second processor and configured to transmit via a second network a second wireless signal including the second time-varying value,wherein the communication interface of the secure registry is configured to receive the second time-varying non-predictable value and successfully authenticate the second user where the second time-varying non-predictable value is matched to the second user by the secure registry system, andwherein the second user is permitted to operate the second computer to access resources so long as subsequent authentication information from the second handheld device of the second user results in a continued successful authentication of the second user for time periods subsequent to a time at which the second time-varying non-predictable value is generated.
  - 9. The system of claim 8, wherein the secure registry is configured to lock the first computer to prevent access to resources using the first computer when the first computer fails to periodically receive authentication information subsequent to the time at which the first time-varying non-predictable value is generated because the first handheld device is no longer within proximity of the first computer, andwherein the secure registry is configured to lock the second computer to prevent access to resources using the second computer when the second computer fails to periodically receive authentication information subsequent to the time at which the second time-varying non-predictable value is generated because the second handheld device is no longer within proximity of the second computer.
  - 10. The system of claim 1, wherein the secure registry system is located remote from the computer, andwherein the authentication of the first time-varying non-predictable value and any subsequent time-varying non-predictable values occur at the secure registry system.
  - 11. The system of claim 1, wherein at least a portion of the secure registry system is located at the computer, andwherein the authentication of the first time-varying non-predictable value and any subsequent time-varying non-predictable values occur at the computer.
  - 12. The system of claim 1, wherein the handheld device includes a memory coupled to the processor, the memory configured to store a seed employed by the processor to generate the first time-varying non-predictable value;
    - andwherein the processor is configured to employ time, the secret information and the seed to generate the first time-varying non-predictable value.
  - 13. The system of claim 12, wherein the secure registry is configured to distribute seed-updates to the handheld device via the network without requiring any interaction on the part of the user, andwherein the seed-updates are communicated at random intervals to provide a new seed value to the handheld device.
  - 14. The system of claim 13, wherein at least a portion of the secure registry system is located in a computer, the computer proximate the handheld device when the wireless signal is transmitted,wherein the computer includes a memory configured to store the seed, andwherein the seed is employed by the computer to authenticate the user.
  - 15. The system of claim 14, wherein the processor is configured to combine the secret information with the seed to generate the first time-varying non-predictable value.
  - 16. The system of claim 15, wherein the processor is configured to generate the first time-varying non-predictable value, at least in part, by combining the secret information and the seed in an exclusive-or operation, andwherein the secret information is not stored in the handheld device.
  - 17. The system of claim 14, wherein the memory is configured to store at least one of an electronic serial number and a SIM code, andwherein the processor is configured to generate the first time-varying non-predictable value, at least in part, by combining the seed with at least one of the electronic serial number and the SIM code in an exclusive-or operation.
  - 18. The system of claim 17, wherein the secret information is not stored in the handheld device.
  - 19. The system of claim 17, wherein the handheld device includes a secure element, andwherein the secure element is configured to store at least one of the seed and the electronic serial number.
  - 20. The system of claim 14, wherein the handheld device includes a biometric sensor comprising a microphone configured to receive a spoken input provided by the user,wherein the user interface is programmed to display a multi-character string including at least one of a plurality of alpha-characters and a plurality of numeric-characters, andwherein the processor is programmed to authenticate the user based on the spoken input of the multi-character string by the user.
  - 22. The system of claim 11, wherein the secure registry system includes a database configured to store the seed,wherein, following a successful authentication of the user, the secure registry system is configured to generate a second time-varying non-predictable value using time, the secret information and the seed,wherein the communication interface is configured to transmit the second time-varying non-predictable value to the handheld device via the network, andwherein the processor is configured to authenticate the secure registry system using the second time-varying non-predictable value.
  - 23. The system of claim 22, wherein the processor is configured to, following a successful authentication of the secure registry system, generate a third time-varying non-predictable value,wherein the wireless signal is a first wireless signal,wherein the wireless transceiver is configured to transmit via the network a second wireless signal including the third time-varying non-predictable value, andwherein the secure registry system is configured to authenticate the user using the third time-varying non-predictable signal.

21. The system of claim 21, wherein the secure registry system is programmed to randomly generate the multi-character string and communicate the multi-character string via the network to the handheld device for display,wherein at least a portion of the secure registry system is located in a computer, the computer proximate the handheld device when the wireless signal is transmitted, andwherein the at least the portion of the secure registry located in the computer is configured to generate the multi-character string.

24. A method of securing a computing device, the method comprising:
- receiving, at the computing device, a first wireless signal including first authentication information wirelessly transmitted from a mobile device proximate to the computing device;
  
  processing the first authentication information to initially authenticate a user in possession of the mobile device, the user attempting to access resources with the computing device;
  
  temporarily allowing the user to employ the computing device to access the resources when the initial authentication is successful;
  
  continuing to allow the user to employ the computing device to access the resources upon a subsequent receipt of authentication information from the mobile device that is successfully authenticated; and
  
  automatically terminating use of the computing device by the user based on at least one of authentication information no longer being received from the mobile device and authentication information received from the mobile device no longer being successfully authenticated.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 25. The method of securing a computing device of claim 24, further comprising:
    - receiving, at the computing device, subsequent wireless signals from the first wireless device on a periodic basis, the periodic basis including a predetermined period during which the computing device must receive authentication information;
      
      continuing to allow the user to employ the computing device to access the resources where the subsequent wireless signals include authentication information that is successfully authenticated; and
      
      terminating use of the computing device when at least one of the subsequent wireless signals is not received during a respective predetermined period.
  - 26. The method of claim 24, further comprising:
    - including at least a first time-varying non-predictable value generated by the mobile device in the first authentication information; and
      
      including in the authentication information included in each of the subsequent wireless signals a respective time-varying non-predictable value generated by the mobile device.
  - 27. The method of claim 26, further comprising initially authenticating the user of the mobile device when the first time-varying non-predictable value is matched to the user by a secure registry system geographically remote from the computing device.
  - 28. The method of claim 27, further comprising subsequently authenticating the user of the mobile device at each occurrence where the respective time-varying non-predictable value is matched to the user by the secure registry.
  - 29. The method of claim 27, further comprising:
    - including at least a portion of the secure registry system in the computing device; and
      
      locally authenticating the user with the computing device.
  - 30. The method of claim 29, further comprising:
    - including public identifying information of the user in the authentication information; and
      
      authenticating the user by comparing the time-varying non-predictable value received in the wireless signal with verification information for the user based on an identity provided by the public identifying information.
  - 31. The method of claim 24, further comprising:
    - locating at least a portion of the secure registry system remote from the computing device;
      
      communicating the first time-varying non-predictable value to the remote portion of the secure registry system for an initial authentication; and
      
      locally authenticating the respective time-varying non-predictable values with the computing device.
  - 32. The method of claim 25, further comprising maintaining an ability for the mobile device to wirelessly communicate with the computing device so long as the mobile device is located within a pre-determined distance of the computing device.
  - 33. The method of claim 24, wherein the mobile device includes any of a personal digital assistant, mobile phone and a tablet computer, andwherein the method further comprises communicating the wireless signal by one of Bluetooth, near field communication and Wi-Fi.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Universal Secure Registry LLC
Original Assignee
Universal Secure Registry LLC
Inventors
Weiss, Kenneth P.

Granted Patent

US 8,613,052 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06Q 20/3224   Transactions dependent on l...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/40145   Biometric identity checks

H04L 63/08   for authentication of entit...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04W 12/068   using credential vaults, e....

APPARATUS, SYSTEM AND METHOD EMPLOYING A WIRELESS USER-DEVICE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS, SYSTEM AND METHOD EMPLOYING A WIRELESS USER-DEVICE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links