Portable security transaction protocol

US 8,583,928 B2
Filed: 04/16/2012
Issued: 11/12/2013
Est. Priority Date: 10/27/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

transmitting, using a programmed computer, an initiation request to a recipient;

generating, at the programmed computer, a message integrity component, wherein the message integrity component comprises a message integrity key, and wherein the message integrity component protects data against unauthorized modification;

generating, at the programmed computer, a user authentication component, wherein the user authentication component comprises a user authentication key for uniquely authenticating the recipient, and wherein the user authentication key is displayed on an external device;

encrypting, at the programmed computer, the message integrity key and the user authentication key into a key management component, wherein the entropy of the user authentication key is less than the entropy of the message integrity key, and wherein the key management component is transmitted to the recipient to securely transport the message integrity key and the user authentication key; and

uploading, using the programmed computer, transaction data to the recipient for validation, wherein validation comprises cross-referencing the uploaded transaction data with the message integrity component.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for providing message authenticity includes accepting transaction information, accepting a first data item used for authenticating an originating user, cryptographically processing the transaction information using only a second data item, wherein the entropy of the first data item is less than the entropy of the second data item, and authenticating the originating user using the first data item. The first data item can be a sequence of digits corresponding to those displayed on an external device, such as, for example, an RSA authorization token, credit card, etc.

Citations

15 Claims

1. A computer-implemented method, comprising:
- transmitting, using a programmed computer, an initiation request to a recipient;
  
  generating, at the programmed computer, a message integrity component, wherein the message integrity component comprises a message integrity key, and wherein the message integrity component protects data against unauthorized modification;
  
  generating, at the programmed computer, a user authentication component, wherein the user authentication component comprises a user authentication key for uniquely authenticating the recipient, and wherein the user authentication key is displayed on an external device;
  
  encrypting, at the programmed computer, the message integrity key and the user authentication key into a key management component, wherein the entropy of the user authentication key is less than the entropy of the message integrity key, and wherein the key management component is transmitted to the recipient to securely transport the message integrity key and the user authentication key; and
  
  uploading, using the programmed computer, transaction data to the recipient for validation, wherein validation comprises cross-referencing the uploaded transaction data with the message integrity component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the message integrity component further comprises a unique nonce.
  - 3. The method of claim 1, wherein the message integrity key is not derivable from the user authentication key.
  - 4. The method of claim 1, wherein the external device is an authentication token.
  - 5. The method of claim 4, wherein information obtained from the authentication token contributes to the user authentication key exclusively.
  - 6. The method of claim 4, wherein the authentication token is a one-way authentication token.
  - 7. The method of claim 1, wherein the user authentication key includes one or more of a sequence of digits corresponding to those displayed on the external device.
  - 8. The method of claim 7, wherein the external device is not electronically connected to a computer system.
  - 9. The method of claim 7, wherein the number of digits of the sequence of digits is less than ten.
  - 10. The method of claim 9, wherein the entropy of the message integrity key is 80 bits or greater.
  - 11. The method of claim 7, wherein the number of digits of the sequence of digits is less than twenty-one.
  - 12. The method of claim 11, wherein the entropy of the message integrity key is 80 bits or greater.
  - 13. The method of claim 1, wherein the user authentication key is inaccessible to an entity authorized to process a transaction related to the message.

14. A computer system, comprising:
- a computer-readable memory; and
  
  a processor communicatively coupled to the computer-readable memory, the processor programmed to;
  
  transmit an initiation request to a recipient;
  
  generate a message integrity component, wherein the message integrity component comprises a message integrity key, and wherein the message integrity component protects data against unauthorized modification;
  
  generate a user authentication component, wherein the user authentication component comprises a user authentication key for uniquely authenticating the recipient, and wherein the user authentication key is displayed on an external device;
  
  encrypt the message integrity key and the user authentication key into a key management component, wherein the entropy of the user authentication key is less than the entropy of the message integrity key, andwherein the key management component is transmitted to the recipient to securely transport transports the message integrity key and the user authentication key; and
  
  upload transaction data to the recipient for validation, wherein validation comprises cross-referencing the uploaded transaction data with the message integrity component.

15. A non-transitory computer-readable storage medium carrying one or more sequences of instructions for implementing a method, wherein execution of the one or more sequences of instructions by one or more computers causes the one or more computers to perform the steps of:
- transmitting an initiation request to a recipient;
  
  generating a message integrity component, wherein the message integrity component comprises a message integrity key, and wherein the message integrity component protects data against unauthorized modification;
  
  generating a user authentication component, wherein the user authentication component comprises a user authentication key for uniquely authenticating the recipient, and wherein the user authentication key is displayed on an external device;
  
  encrypting the message integrity key and the user authentication key into a key management component, wherein the entropy of the user authentication key is less than the entropy of the message integrity key, and wherein the key management component is transmitted to the recipient to securely transport the message integrity key and the user authentication key; and
  
  uploading transaction data to the recipient for validation, wherein validation comprises cross-referencing the uploaded transaction data with the message integrity component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Benson, Glenn Stuart, Calaceto, Joseph R., Logar, Russell M.
Primary Examiner(s)
THIAW, CATHERINE B

Application Number

US13/447,993
Publication Number

US 20120260093A1
Time in Patent Office

575 Days
Field of Search

713168-172, 713/181, 726/2, 726/9, 726/20, 726/21, 726 27- 30
US Class Current

713/170
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Portable security transaction protocol

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Portable security transaction protocol

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links