System and method for providing authentication and authorization utilizing a personal wireless communication device
First Claim
1. A method for initializing a mobile communication device for use as an authentication device comprising:
- receiving user information at the mobile communication device, the user information also being provided, by the user, to a trusted server;
opening a dialog between the mobile communication device and the trusted server, the dialog being carried out over a wireless communication link;
generating shared information in connection with the dialog;
wherein the shared information includes a shared secret generated via a cryptographic key exchange between the mobile communication device and the trusted server;
storing the shared information in a user programmable memory of the mobile communication device;
wherein the shared information enables, at least in part, the mobile communication device to operate as an authentication device;
receiving, from the trusted server, a digital signature of a quantity incorporating at least a portion of the user information and the shared secret;
digitally signing a quantity incorporating at least a portion of the user information and the shared secret stored in the user programmable memory so as to generate a validation signature;
comparing the digital signature with the validation signature; and
aborting, in the event the digital signature and the validation signature are different, the initialization of the mobile communication device for use as an authentication device.
0 Assignments
0 Petitions
Accused Products
Abstract
An authorization and authentication system utilizing a mobile communication device. The authentication and authorization system enables a trusted server, in conjunction with a user controlled mobile communication device (which has been registered with the trusted site), to authorize a transaction carried out at a transaction management system. An identity of the user is authenticated by a verification that the user is in possession of the mobile communication device. In this way, the transaction management system is able to effectuate an authorized transaction with confidence that the authorization was from the user and not a third party. In variations, the authentication is a multi-factor authentication, i.e., the user must both possess the mobile communication device and information, e.g., a password.
-
Citations
20 Claims
-
1. A method for initializing a mobile communication device for use as an authentication device comprising:
-
receiving user information at the mobile communication device, the user information also being provided, by the user, to a trusted server; opening a dialog between the mobile communication device and the trusted server, the dialog being carried out over a wireless communication link; generating shared information in connection with the dialog;
wherein the shared information includes a shared secret generated via a cryptographic key exchange between the mobile communication device and the trusted server;storing the shared information in a user programmable memory of the mobile communication device;
wherein the shared information enables, at least in part, the mobile communication device to operate as an authentication device;receiving, from the trusted server, a digital signature of a quantity incorporating at least a portion of the user information and the shared secret; digitally signing a quantity incorporating at least a portion of the user information and the shared secret stored in the user programmable memory so as to generate a validation signature; comparing the digital signature with the validation signature; and aborting, in the event the digital signature and the validation signature are different, the initialization of the mobile communication device for use as an authentication device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for initializing a mobile communication device for use as an authentication device comprising:
-
receiving user information at a trusted server, the user information also being provided, by the user, to the mobile communication device; opening a dialog between the mobile communication device and the trusted server, the dialog being carried out over a wireless communication link; generating shared information in connection with the dialog wherein the shared information includes a shared secret generated via a cryptographic key exchange between the mobile communication device and the trusted server; storing the shared information in a database, the shared information also being stored in the mobile communication device, the shared information enabling, at least in part, the mobile communication device to operate as an authentication device; receiving, from the mobile communication device, a digital signature of a quantity incorporating at least a portion of the user information and the shared secret; digitally signing a quantity incorporating at least a portion of the user information and the shared secret stored in the database so as to generate a validation signature; comparing the digital signature with the validation signature; and aborting, in the event the digital signature and the validation signature are different, the initialization of the mobile communication device for use as an authentication device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method of providing a plurality of user authentications in conjunction with a mobile device comprising:
-
performing an initialization process, said initialization process including the steps of; receiving user information at the mobile communication device, the user information also being provided, by the user, to a trusted server; opening a dialog between the mobile communication device and the trusted server, the dialog being carried out over a wireless communication link; generating, in connection with the dialog, via a cryptographic key exchange between the device and the server, a shared secret disposed to facilitate a plurality of user authentications; storing the shared secret in a user programmable memory of the mobile communication device; receiving, from the trusted server, a digital signature of a quantity incorporating at least a portion of the user information and the shared secret; digitally signing a quantity incorporating at least a portion of the user information and the shared secret stored in the user programmable memory so as to generate a validation signature; comparing the digital signature with the validation signature; and aborting, in the event the digital signature and the validation signature are different, the initialization of the mobile communication device for use as an authentication device; and performing a plurality of user authentications based, at least in part, on said shared secret generated by said initialization process. - View Dependent Claims (16, 17)
-
-
18. A computer readable medium comprising executable instructions for initializing a portable device for user authentication, including instructions to:
-
receive user information at the device, wherein the user information is also provided, by the user, to a trusted server; initiate a dialog between the device and a trusted server, the dialog being carried out over a wireless communication link, said trusted server having been provided said user information by said user; generate, in connection with the dialog, via a cryptographic key exchange between the device and the server, a shared secret disposed to facilitate a plurality of user authentications; and store, in a user programmable memory of the device, the shared secret wherein the shared secret enables, at least in part, the mobile communication device to operate as an authentication device; receiving, from the trusted server, a digital signature of a quantity incorporating at least a portion of the user information and the shared secret; digitally signing a quantity incorporating at least a portion of the user information and the shared secret stored in the user programmable memory so as to generate a validation signature; comparing the digital signature with the validation signature; and aborting, in the event the digital signature and the validation signature are different, the initialization of the mobile communication device for use as an authentication device. - View Dependent Claims (19, 20)
-
Specification