TRANSACTION AUTHORIZATION METHOD AND SYSTEM
5 Assignments
0 Petitions
Accused Products
Abstract
Authorizing transactions by an authentication provider involves at least one preparatory phase and an authorization phase. The preparatory phase includes registering a user account with several personal devices, each with an authentication application installed. The authorization phase receives knowledge of the transaction; determines the user account related to the transaction; determines at least one personal device registered with the user account related to the transaction; receives a request for details specific to the transaction from at least one personal device; provides the authentication application of the at least one personal device with the requested details specific to the transaction; receives from the authentication application a digitally signed transmission which indicates transaction-specific instructions received by the authentication application; and authorizes or denies the transaction based on the received transaction-specific instructions.
-
Citations
30 Claims
-
1. (canceled)
-
2. (canceled)
-
3. (canceled)
-
4. (canceled)
-
5. (canceled)
-
6. (canceled)
-
7. (canceled)
-
8. (canceled)
-
9. (canceled)
-
10. (canceled)
-
11. (canceled)
-
12. (canceled)
-
13. (canceled)
-
14. (canceled)
-
15. (canceled)
-
16. A method for authorizing a transaction, the method comprising the following acts performed by a telecommunications server configured to act as an authentication provider:
-
at least one preparatory phase; and at least one authorization phase; wherein the at least one preparatory phase comprises for each of several user accounts; registering the user account via a user terminal; registering a plurality of personal devices with the registered user account, wherein registering of a personal device comprises registering an authentication application installed in the registered personal device; wherein the authentication application is configured to; indicate at least a subset of received transaction-specific details via a user interface; receive transaction-specific instructions via the user interface; and digitally sign the transaction-specific instructions by using a cryptographic private key assigned to the user account; wherein the at least one authorization phase comprises for each of several transactions related to one of the several user accounts; receiving knowledge of the transaction; determining the user account related to the transaction; determining at least one personal device registered with the user account related to the transaction; receiving a request for details specific to the transaction from at least one personal device; providing the authentication application of the at least one personal device with the requested details specific to the transaction; receiving from the authentication application a digitally signed transmission which indicates transaction-specific instructions received by the authentication application; and authorizing or denying the transaction based on the received transaction-specific instructions. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A data processing system comprising:
-
a memory system for storing program code instructions and data; a processing system including at least one processing unit, wherein the processing system executes at least a portion of the program code instructions and processes the data; wherein the memory system stores program code instructions that, when executed by the processing system, instruct the processing system to act as an authentication provider configured to perform the following acts; at least one preparatory phase; and at least one authorization phase; wherein the at least one preparatory phase comprises for each of several user accounts; registering the user account via a user terminal; registering a plurality of personal devices with the registered user account, wherein registering of a personal device comprises registering an authentication application installed in the registered personal device; wherein the authentication application is configured to; indicate at least a subset of received transaction-specific details via a user interface; receive transaction-specific instructions via the user interface; and digitally sign the transaction-specific instructions by using a cryptographic private key assigned to the user account; wherein the at least one authorization phase comprises for each of several transactions related to one of the several user accounts; receiving knowledge of the transaction; determining the user account related to the transaction; determining at least one personal device registered with the user account related to the transaction; receiving a request for details specific to the transaction from at least one personal device; providing the authentication application of the at least one personal device with the requested details specific to the transaction; receiving from the authentication application a digitally signed transmission which indicates transaction-specific instructions received by the authentication application; and authorizing or denying the transaction based on the received transaction-specific instructions.
-
-
30. A non-transitory computer program carrier comprising program code instructions executable in a data processing system, which is operationally connectable to a user terminal, a plurality of personal devices managed by a user of the user terminal, and to at least one service provider, wherein execution of the program code instructions in the data processing system causes the data processing system to carry out a method, which comprises:
-
at least one preparatory phase; and at least one authorization phase; wherein the at least one preparatory phase comprises for each of several user accounts; registering the user account via a user terminal; registering a plurality of personal devices with the registered user account, wherein registering of a personal device comprises registering an authentication application installed in the registered personal device; wherein the authentication application is configured to; indicate at least a subset of received transaction-specific details via a user interface; receive transaction-specific instructions via the user interface; and digitally sign the transaction-specific instructions by using a cryptographic private key assigned to the user account; wherein the at least one authorization phase comprises for each of several transactions related to one of the several user accounts; receiving knowledge of the transaction; determining the user account related to the transaction; determining at least one personal device registered with the user account related to the transaction; receiving a request for details specific to the transaction from at least one personal device; providing the authentication application of the at least one personal device with the requested details specific to the transaction; receiving from the authentication application a digitally signed transmission which indicates transaction-specific instructions received by the authentication application; and authorizing or denying the transaction based on the received transaction-specific instructions.
-
Specification