Mobile pin pad

US 8,555,355 B2
Filed: 12/07/2010
Issued: 10/08/2013
Est. Priority Date: 12/07/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating, by a server device, a message based on an authentication request for a transaction, wherein the authentication request comprises first location information;

transmitting, by the server device, the message to a remote device based on the authentication request, wherein the message prompts a pin pad application;

receiving, by the server device, a message response from the remote device, wherein the message response comprises a first one time password (OTP) generated by the pin pad application of the remote device, and second location information;

validating, by the server device, the first OTP;

generating, by the server device, a success authentication response when the validating of the first OTP is successful, where the success authentication response comprises an approval of the transaction;

calculating, by the server device, a risk score for the transaction based on the first and second location information; and

transmitting, by the server device, the success authentication response and the risk score.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is configured to: receive an authentication request for a transaction from a web server; identify a phone number of the mobile device based on identifying information of the user in the authentication request and the user information, transmit a message to the mobile device based on the phone number, receive a message response from the mobile device, determine whether the mobile device provided a mobile pin pad authentication for the user based on the message response, and transmit a success authentication response to the web server when the mobile device provided the mobile pin pad authentication for the user.

Citations

20 Claims

1. A method comprising:
- generating, by a server device, a message based on an authentication request for a transaction, wherein the authentication request comprises first location information;
  
  transmitting, by the server device, the message to a remote device based on the authentication request, wherein the message prompts a pin pad application;
  
  receiving, by the server device, a message response from the remote device, wherein the message response comprises a first one time password (OTP) generated by the pin pad application of the remote device, and second location information;
  
  validating, by the server device, the first OTP;
  
  generating, by the server device, a success authentication response when the validating of the first OTP is successful, where the success authentication response comprises an approval of the transaction;
  
  calculating, by the server device, a risk score for the transaction based on the first and second location information; and
  
  transmitting, by the server device, the success authentication response and the risk score.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - transmitting the pin pad application to the remote device, where the pin pad application displays a pin pad and generates the first OTP when the pin pad is used to enter a correct personal identification number (PIN);
      
      receiving the authentication request for the transaction from a web server;
      
      determining an identity of a user of the remote device based on the authentication request; and
      
      determining contact information of the remote device based on the identity of the user,where the transmitting the message to the remote device based on the authentication request comprises transmitting the message to the remote device based on the contact information.
  - 3. The method of claim 2,where the contact information is a phone number, andwhere the remote device is a mobile device.
  - 4. The method of claim 1, where the validating of the first OTP comprises:
    - generating a second OTP; and
      
      determining whether the first OTP matches the second OTP, where the validating of the first OTP is successful when the first OTP matches the second OTP.
  - 5. The method of claim 1,wherein the first location information of the authentication request comprises a location of the transaction;
    - andwherein the second location information of the message response comprises a location of the remote device.
  - 6. The method of claim 1, wherein the generating of the message by the server device further includes:
    - specifying, by the server device, one or more criterion that determines whether the remote device is to automatically generate the OTP in response to the transmitted message, wherein the one or more criterion includes at least one of;
      
      a predetermined period of time for providing a personal information number (PIN), ora predetermined distance for the remote device in response to a determined location information.
  - 7. The method of claim 1, where the transaction is one of logging into a website by a user of the remote device, purchasing an item by the user, or providing verification of identity by the user.

8. A system comprising:
- a memory to store user information for a user of a mobile device; and
  
  a processor, connected to the memory, to;
  
  receive an authentication request for a transaction from a web server, wherein the authentication request comprises a request for at least one geographical coordinate of the mobile device,identify a phone number of the mobile device based on identifying information of the user in the authentication request and the user information,transmit a message to the mobile device based on the phone number, wherein the message prompts a mobile pin pad application of the mobile device,receive a message response from the mobile device, wherein the message response comprises at least another geographical coordinate,determine whether the mobile device provided a mobile pin pad authentication for the user based on the message response, andtransmit a success authentication response to the web server when the mobile device provided the mobile pin pad authentication for the user, wherein the success authentication response includes the at least one other geographical coordinate.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, where the message response comprises a first one time password (OTP) generated by the mobile device.
  - 10. The system of claim 9, where, when determining whether the mobile device provided the mobile pin pad authentication for the user, the processor is further to:
    - generate a second OTP; and
      
      determine whether the first OTP matches the second OTP.
  - 11. The system of claim 8, wherein the mobile device automatically generates a personal identification number (PIN) for the pin pad authentication based on predetermined conditions, andwherein the authentication request comprises the request for the at least one geographical coordinate of the mobile device.
  - 12. The method of claim 11, wherein the predetermined conditions comprises:
    - a PIN being provided within a predetermined period of time, orthe mobile device being within a predetermined distance of a location.
  - 13. The method of claim 8,wherein the at least one geographical coordinate of the authentication request comprises a first location of the transaction,wherein the at least other geographical coordinate of the message response comprises a second location of the mobile device,wherein the processor is further to generate a risk score for the transaction based on the first location and the second location, andwherein the success authentication response comprises the risk score.
  - 14. The method of claim 8,where the transaction requires a first form of authentication and a second form of authentication,where the second form of authentication is provided by the success authentication response.

15. A non-transitory computer-readable media storing a program for causing a computer to perform a method, the method comprising:
- receiving a message from an authentication server;
  
  determining whether the received message includes a request for location information;
  
  displaying a request based on the message;
  
  receiving a response to the request from a user;
  
  transmitting location information that comprises first location information and second location information in response to determining that the received message includes a request for location information;
  
  displaying a mobile pin pad when the response indicates that the user wants to proceed with providing mobile pin pad authentication for a transaction;
  
  receiving a personal identification number (PIN) input through the mobile pin pad;
  
  calculating a risk score for the transaction based on the first and second location information;
  
  generating a message response based on the pin input, wherein the calculated risk score is included in the message response; and
  
  transmitting the message response and the location information to the authentication server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable media of claim 15, wherein the method further comprises:
    - determining whether the PIN input is equal to a personal identification number (PIN) stored for the user; and
      
      generating a first one time password (OTP) when the PIN input is equal to the PIN.
  - 17. The non-transitory computer-readable media of claim 16, wherein the generating the OTP comprises generating the OTP based on a seed value provided by the authentication server.
  - 18. The non-transitory computer-readable media of claim 16, wherein the generating the message response comprises including the OTP in the message response when the PIN input is equal to the PIN.
  - 19. The non-transitory computer-readable media of claim 15, further comprising:
    - determining whether to automatically generate the PIN for the pin pad authentication based on predetermined conditions.
  - 20. The non-transitory computer-readable media of claim 15,wherein the message comprises a text of the request, andwherein the request describes the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Rathbun, George Steven
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US12/961,886
Publication Number

US 20120144461A1
Time in Patent Office

1,036 Days
Field of Search

726/5, 726/11, 726/29
US Class Current

726/5
CPC Class Codes

G06Q 20/4014   Identity check for transact...

G06Q 20/4097   using mutual authentication...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 9/3213   using tickets or tokens, e....

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

H04W 12/06   Authentication

H04W 12/67   Risk-dependent, e.g. select...

Mobile pin pad

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile pin pad

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links