SYSTEM AND METHOD FOR GENERATING A STRONG MULTI FACTOR PERSONALIZED SERVER KEY FROM A SIMPLE USER PASSWORD

US 20130124292A1
Filed: 07/28/2011
Published: 05/16/2013
Est. Priority Date: 07/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method of generating a multi-factor encryption key using a simple password in order to access control over information stored at a second entity from a first entity via at least one communication network, the method comprising:

having a pre-installed application or requesting to receive an application at the first entity from the second entity via the communication network;

activating the first entity to generate a shared secret key, wherein the shared secret key is computed from a first entity specific ID and a random number generated at the first and second entity; and

allowing the user to register with the application of the second entity by the first entity, wherein the registration include entry of a personal PIN (personal identification number), a personal message etc.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method of generating a multi-factor encryption key using a simple password in order to access control over information stored at a second entity from a first entity via at least one communication network. In one embodiment this is accomplished by, requesting to receive an application at the first entity from the second entity via the communication network, activating the first entity to generate a shared secret key, wherein the shared secret key is computed from a first entity specific ID and a random number generated at the first and second entity and allowing the user to register with the application of the second entity by the first entity, wherein the registration include entry of a personal PIN (personal identification number), a personal message etc.

155 Citations

30 Claims

1. A method of generating a multi-factor encryption key using a simple password in order to access control over information stored at a second entity from a first entity via at least one communication network, the method comprising:
- having a pre-installed application or requesting to receive an application at the first entity from the second entity via the communication network;
  
  activating the first entity to generate a shared secret key, wherein the shared secret key is computed from a first entity specific ID and a random number generated at the first and second entity; and
  
  allowing the user to register with the application of the second entity by the first entity, wherein the registration include entry of a personal PIN (personal identification number), a personal message etc.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the information stored includes transaction related data or authentication related data or encryption related data of a gift card account, a credit card account, a loyalty account, and/or a bank account.
  - 3. The method of claim 1, wherein the step of activation further comprising:
    - generating a random number by the first entity, wherein the random number generated using a standard cryptographic random number generator;
      
      computing the first entity specific ID, wherein the specific ID is distinctive to each entity; and
      
      transmitting the random number and the first entity specific ID to the second entity.
  - 4. The method of claim 3, further comprising;
    - receiving, at the second entity, the random number and the first entity specific ID from the first entity;
      
      generating a random number by the second entity, wherein the random number generated using a standard cryptographic random number generator; and
      
      generating activation code from the first entity specific ID, the second entity random number and the random number generated at the first entity; and
      
      transmitting the activation code to the first entity through at least one of the available communication network.
  - 5. The method of claim 3, further comprising:
    - receiving the activation code from the second entity;
      
      verifying the received activation code by checking the first entity specific ID; and
      
      storing the generated random number of the first and second entity.
  - 6. The method of claim 1, wherein the step of registration with the application of the second entity by the first entity comprising:
    - initializing on the first and second entity to generate a random ordered collection of items using a cryptographic random string generator, wherein the random ordered collection of items includes bytes, images, voices, characters etc;
      
      mapping the received user password at the first entity to an ordered list of index positions as per the items positions in the ordered item collections;
      
      transmitting the list of index positions to the second entity;
      
      mapping the received list of index positions to the corresponding characters in the random ordered character array of the second entity in order to decipher the second entity'"'"'s view of password entered by the user at the first entity and to derive user specific second entity key; and
      
      shuffling the random ordered array of items of the first entity by pseudo randomly after each password entry, and second entity after each authentication attempt such that the shuffling is in synchronization with the first entity.
  - 7. The method of claim 6, wherein the received user password at the first entity is used to generate a Masked One Time Password (MOTP), wherein the MOTP is a verifier based on the user password which has to be used on the server side to decipher the server side view of the user password.
  - 8. The method of claim 6, wherein the receiving of user password at the first entity is in a rotary format layout including of characters, graphics, bytes, images, voices etc.
  - 9. The method of claims 6, wherein the user entered password is always transformed using a transformation-matrix on the user device before it is transmitted to server, and wherein the server uses another transformation-matrix to deduce a different password, which is generated in a synchronized manner with client.
  - 10. The method of claims 1, where the method never stores a password either in the client device or on server in its original form.
  - 11. The method of claim 1, wherein the first entity is a user and or a merchant, and wherein the second entity is a server including one or more application modules.

12. A safe payment method by generating a dynamic single use password on a client device for performing a payment transaction, the method comprising:
- activating the client device to generate a shared secret key, wherein the shared secret key is computed from the client specific ID and a random number generated at the client device and server;
  
  allowing the user to register with the server by the client device, wherein the registration include entry of a personal PIN (personal identification number), a personal sign message, and a funding source etc; and
  
  generating a time synchronized single use financial authorization on the client device, wherein the financial authorization is a time dependent single use password to authorize financial transactions, and wherein the financial authorization is dependent on the user PIN.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 13. The method of claim 12, further comprising:
    - having a pre-installed application or requesting to receive an application by the client device from the server via at least one communication network.
  - 14. The method of claim 12, wherein the financial authorization generated at the client device includes virtual account number, wherein the financial authorization could be represented as a dynamic virtual credit card or a TAN.
  - 15. The method of claim 14, wherein if the financial authorization for use in a credit card network, the financial authorization includes dynamic virtual credit card number, expiry date, CVV or any other related information of the credit card.
  - 16. The method of claim 14, wherein if the financial authorization for use at a merchant having the application, the financial authorization is a TAN, where the TAN is represented graphically as a bar code.
  - 17. The method of claim 12, further comprising:
    - at the server, identifying to authenticate the client device for a transaction from the financial authorization.
  - 18. The method of claim 12, wherein the step of registering comprising:
    - assigning a time based client identification number (TCID) encryption key, a unique user identification number and a unique user identification key map layout by the server to the client device, wherein the unique identification key map layout includes a combination of unique user identification number and a key map at a particular time slot.
  - 19. The method of claim 18, wherein the time based client identification number encryption key is used to encrypt the time based client identification number before embedding it in the virtual account number.
  - 20. The method of claim 19, further comprising:
    - calculating a check digit from the time based client identification number, wherein the check digit value is used to determine a scheme for distributing the encrypted time based client identification number and a part of MOTP in the virtual account number.
  - 21. The method of claim 19, wherein the time based client identification number is of 6 to 8 digits in the virtual account number.
  - 22. The method of claim 16, further comprising:
    - scanning to read the bar code or enter the TAN generated at the client device by a third party entity;
      
      transmitting the scanned bar code or TAN to the server; and
      
      validating the TAN by the server triggers the confirmation of the transactions result.
  - 23. The method of claim 22, wherein the step of scanning includes receiving TAN through wire or wireless communication means, and wherein the wireless communication means includes near field communication.
  - 24. The method of claim 22, wherein the client device and the third party entity receives an instant confirmation about the result of the transaction, wherein the instant confirmation could be via SMS, Email, from the same communication network or any other real time confirmation to the user.
  - 25. The method of claim 24, wherein the real time confirmation message includes a part of the user'"'"'s personal sign message in order to verify the authenticity of the end-user.
  - 26. The method of claim 24, wherein the client device is a user and the third party entity is a merchant, wherein the merchant can be another user.
  - 27. The method of claim 16, wherein the barcode is a 1D or 2D barcode including EZ code, a data matrix code and a QR code.

28. A safe coupon delivery and redemption method using a user device for redeeming a coupon issued by a plurality of merchant, wherein the plurality of coupons is stored at a server, the method comprising:
- activating a coupon application at the user device in order to perceive a plurality of coupon redemption option message, wherein the coupon redemption option message includes information identifying the merchant and a value of the coupon;
  
  generating a Coupon Authorization Number (CAN) with a graphical representation of the same in a bar code, wherein the CAN is a form of time dependent single use password to authorize coupon redemption;
  
  scanning to read the bar code or enter the CAN generated at the user device by the merchant; and
  
  validating the CAN by the server triggers the confirmation of the transactions result at the user device and the merchant.
- View Dependent Claims (29, 30)
- - 29. A safe coupon delivery and redemption method of claim 28, wherein the step of validating the CAN includes:
    - identifying the user from the generated Coupon Authorization Number (CAN);
      
      obtaining the plurality of coupons stored for that particular user at the server; and
      
      sending only the relevant coupons which can be redeemed at the merchant.
  - 30. The safe coupon delivery and redemption method of claim 29, further including:
    - applying discount by the merchant only on the received coupons against the items purchased by the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nirmal Juthani
Original Assignee
Nirmal Juthani
Inventors
Juthani, Nirmal

Granted Patent

US 9,258,296 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/14.26
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06Q 20/4012   Verifying personal identifi...

G06Q 30/0225   Avoiding frauds

H04L 2209/56   Financial cryptography, e.g...

H04L 2463/061   applying further key deriva...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

SYSTEM AND METHOD FOR GENERATING A STRONG MULTI FACTOR PERSONALIZED SERVER KEY FROM A SIMPLE USER PASSWORD

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR GENERATING A STRONG MULTI FACTOR PERSONALIZED SERVER KEY FROM A SIMPLE USER PASSWORD

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links