Apparatus, system and method employing a wireless user-device

US 8,613,052 B2
Filed: 09/16/2011
Issued: 12/17/2013
Est. Priority Date: 09/17/2010
Status: Active Grant

First Claim

Patent Images

1. A system for controlling access to at least one computer, the system comprising:

a network having at least a portion that includes wireless communication;

at least one computer coupled to the network;

a handheld device configured to communicate with the at least one computer over the network, the handheld device including;

a user interface programmed to receive a user input including first secret information known to a user of the handheld device to authenticate the user to the handheld device, and input of second secret information to authorize the user to use the at least one computer;

a processor coupled to the user interface, the processor programmed to authenticate the user of the handheld device and to generate a first time-varying non-predictable value following a successful authentication, by the handheld device, of the secret information received via the user interface, wherein generating the first time-varying non-predictable value includes combining at least a portion of the second secret information and a time varying value; and

a wireless transceiver coupled to the processor and configured to transmit a wireless signal including the first time-varying non-predictable value; and

a secure registry system including a communication interface coupled to the network, the secure registry system configured to receive the first time-varying non-predictable value and successfully authenticate the user where the first time-varying non-predictable value is matched to the user by the secure registry system,wherein the user of the handheld device is authorized to operate the at least one computer to access resources with the at least one computer so long as the at least one computer periodically receives subsequent authentication information from the handheld device that results in a continued successful authentication of the user for time periods subsequent to a time at which the first time-varying non-predictable value is generated.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention generally relate to apparatus, systems and methods for authentication, in particular, apparatus, systems and methods for authenticating an entity for computer and/or network security, secure authorization of a payment or for funds transfer and for selectively granting privileges and providing other services in response to such authentications. In addition, embodiments of the invention relate generally to apparatus, systems and methods for the communication of information between a mobile user-device and a point-of-sale device to securely provide authorization for a financial transaction.

Citations

46 Claims

1. A system for controlling access to at least one computer, the system comprising:
- a network having at least a portion that includes wireless communication;
  
  at least one computer coupled to the network;
  
  a handheld device configured to communicate with the at least one computer over the network, the handheld device including;
  
  a user interface programmed to receive a user input including first secret information known to a user of the handheld device to authenticate the user to the handheld device, and input of second secret information to authorize the user to use the at least one computer;
  
  a processor coupled to the user interface, the processor programmed to authenticate the user of the handheld device and to generate a first time-varying non-predictable value following a successful authentication, by the handheld device, of the secret information received via the user interface, wherein generating the first time-varying non-predictable value includes combining at least a portion of the second secret information and a time varying value; and
  
  a wireless transceiver coupled to the processor and configured to transmit a wireless signal including the first time-varying non-predictable value; and
  
  a secure registry system including a communication interface coupled to the network, the secure registry system configured to receive the first time-varying non-predictable value and successfully authenticate the user where the first time-varying non-predictable value is matched to the user by the secure registry system,wherein the user of the handheld device is authorized to operate the at least one computer to access resources with the at least one computer so long as the at least one computer periodically receives subsequent authentication information from the handheld device that results in a continued successful authentication of the user for time periods subsequent to a time at which the first time-varying non-predictable value is generated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 34, 35, 36)
- - 2. The system of claim 1, wherein the secure registry system is configured to lock the computer to prevent the user from operating the computer to access resources when the computer fails to periodically receive the subsequent authentication information.
  - 3. The system of claim 2, wherein the secure registry system is configured to lock the computer to prevent the user from operating the computer to access resources when the computer fails to periodically receive the subsequent authentication information because the handheld device is no longer within proximity of the computer.
  - 4. The system of claim 3, wherein the network includes any one of a Wi-fi communication, near field communication and Bluetooth communication employed for communication between the computer and the handheld device, andwherein the proximity is determined by a range of the network local to the computer.
  - 5. The system of claim 4, wherein the handheld device includes any of a mobile phone, smart phone, a tablet computer and a personal digital assistant, andwherein the computer includes any one of a desktop computer, a notebook computer, a laptop computer, a netbook computer and a tablet computer.
  - 6. The system of claim 3, wherein the secure registry system is coupled to a plurality of computers, the computers each associated with a plurality of users, respectively, andwherein the secure registry system is configured to authenticate each of the plurality of users to provide access for each user to at least one computer associated with the user, respectively.
  - 7. The system of claim 6, wherein the plurality of users includes a second user associated with a second computer,wherein the second user is in possession of a second handheld device including a second processor, andwherein the processor is configured to generate a second time-varying non-predictable value following a successful authentication of the second user by the second device.
  - 8. The system of claim 7, wherein the second handheld device includes a second wireless transceiver coupled to the second processor and configured to transmit via a second network a second wireless signal including the second time-varying value,wherein the communication interface of the secure registry is configured to receive the second time-varying non-predictable value and successfully authenticate the second user where the second time-varying non-predictable value is matched to the second user by the secure registry system, andwherein the second user is permitted to operate the second computer to access resources so long as subsequent authentication information from the second handheld device of the second user results in a continued successful authentication of the second user for time periods subsequent to a time at which the second time-varying non-predictable value is generated.
  - 9. The system of claim 8, wherein the secure registry system is configured to lock the first computer to prevent access to resources using the first computer when the first computer fails to periodically receive authentication information subsequent to the time at which the first time-varying non-predictable value is generated because the first handheld device is no longer within proximity of the first computer, andwherein the secure registry system is configured to lock the second computer to prevent access to resources using the second computer when the second computer fails to periodically receive authentication information subsequent to the time at which the second time-varying non-predictable value is generated because the second handheld device is no longer within proximity of the second computer.
  - 10. The system of claim 1, wherein the secure registry system is located remote from the computer, andwherein the authentication of the first time-varying non-predictable value and any subsequent time-varying non-predictable values occur at the secure registry system.
  - 11. The system of claim 1, wherein at least a portion of the secure registry system is located at the computer, andwherein the authentication of the first time-varying non-predictable value and any subsequent time-varying non-predictable values occur at the computer.
  - 12. The system of claim 1, wherein the handheld device includes a memory coupled to the processor, the memory configured to store a seed employed by the processor to generate the first time-varying non-predictable value;
    - andwherein the processor is configured to employ time, the at least a portion of the second secret information and the seed to generate the first time-varying non-predictable value.
  - 13. The system of claim 12, wherein the secure registry is configured to distribute seed-updates to the handheld device via the network without requiring any interaction on the part of the user, andwherein the seed-updates are communicated at random intervals to provide a new seed value to the handheld device.
  - 14. The system of claim 13, wherein at least a portion of the secure registry system is located in a computer, the computer proximate to the handheld device when the wireless signal is transmitted,wherein the computer includes a memory configured to store the seed, andwherein the seed is employed by the computer to authenticate the user.
  - 15. The system of claim 14, wherein the processor is configured to combine the at least a portion of the second secret information with the seed to generate the first time-varying non-predictable value.
  - 16. The system of claim 15, wherein the processor is configured to generate the first time-varying non-predictable value, at least in part, by combining the at least a portion of the second secret information and the seed in an exclusive-or operation, andwherein the secret information is not stored in the handheld device.
  - 17. The system of claim 14, wherein the memory is configured to store at least one of an electronic serial number, a unique code, and a SIM code, andwherein the processor is configured to generate the first time-varying non-predictable value, at least in part, by combining the seed with at least one of the electronic serial number, the unique code, and the SIM code in an exclusive-or operation.
  - 18. The system of claim 17, wherein the second secret information is not stored in the handheld device.
  - 19. The system of claim 17, wherein the handheld device includes a secure element, andwherein the secure element is configured to store at least one of the seed and the electronic serial number.
  - 20. The system of claim 14, wherein the handheld device includes a biometric sensor comprising a microphone configured to receive a spoken input provided by the user,wherein the user interface is programmed to display a multi-character string including at least one of a plurality of alpha-characters and a plurality of numeric-characters, andwherein the processor is programmed to authenticate the user based on the spoken input of the multi-character string by the user.
  - 21. The system of claim 20, wherein the secure registry system is programmed to randomly generate the multi-character string and communicate the multi-character string via the network to the handheld device for display,wherein at least a portion of the secure registry system is located in the at least one computer, andwherein the at least the portion of the secure registry located in the at least one computer configured to generate the multi-character string.
  - 22. The system of claim 11, wherein the secure registry system includes a database configured to store the seed,wherein, following a successful authentication of the user, the secure registry system is configured to generate a second time-varying non-predictable value using time, the at least a portion of the second secret information and the seed,wherein the communication interface is configured to transmit the second time-varying non-predictable value to the handheld device via the network, andwherein the processor is configured to authenticate the secure registry system using the second time-varying non-predictable value.
  - 23. The system of claim 22, wherein the processor is configured to, following a successful authentication of the secure registry system, generate a third time-varying non-predictable value,wherein the wireless signal is a first wireless signal,wherein the wireless transceiver is configured to transmit via the network a second wireless signal including the third time-varying non-predictable value, andwherein the secure registry system is configured to authenticate the user using the third time-varying non-predictable signal.
  - 34. The system according to claim 1, wherein the handheld device is configured to initiate a one-way communication signal to deliver the wireless signal.
  - 35. The system according to claim 34, wherein the handheld device is configured to initiate one-way communication of the subsequent authentication information.
  - 36. The system of claim 1, wherein the network is a short range wireless network and wherein the secure registry system is stored on the at least one computer.

24. A method of securing a computing device, the method comprising:
- receiving, at the computing device, a first wireless signal including first authentication information wirelessly transmitted from a mobile device proximate to the computing device, wherein the first authentication information includes a first time-varying non-predictable value combined from at least a portion of secret information known to a user and a time varying value;
  
  processing the first authentication information to initially authenticate a user in possession of the mobile device, the user attempting to access resources with the computing device;
  
  temporarily allowing the user to employ the computing device to access the resources when the initial authentication is successful;
  
  continuing to allow the user to employ the computing device to access the resources upon a subsequent receipt of authentication information from the mobile device that is successfully authenticated; and
  
  automatically terminating use of the computing device by the user based on at least one of authentication information no longer being received from the mobile device and authentication information received from the mobile device no longer being successfully authenticated.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 25. The method of securing a computing device of claim 24, further comprising:
    - receiving, at the computing device, subsequent wireless signals from the first wireless device on a periodic basis, the periodic basis including a predetermined period during which the computing device must receive authentication information;
      
      continuing to allow the user to employ the computing device to access the resources where the subsequent wireless signals include authentication information that is successfully authenticated; and
      
      terminating use of the computing device when at least one of the subsequent wireless signals is not received during a respective predetermined period.
  - 26. The method of claim 24, further comprising:
    - including in the authentication information included in each of the subsequent wireless signals a respective time-varying non-predictable value generated by the mobile device.
  - 27. The method of claim 26, further comprising initially authenticating the user of the mobile device when the first time-varying non-predictable value is matched to the user by a secure registry system geographically remote from the computing device.
  - 28. The method of claim 27, further comprising subsequently authenticating the user of the mobile device at each occurrence where the respective time-varying non-predictable value is matched to the user by the secure registry.
  - 29. The method of claim 27, further comprising:
    - including at least a portion of the secure registry system in the computing device; and
      
      locally authenticating the user with the computing device.
  - 30. The method of claim 29, further comprising:
    - including public identifying information of the user in the authentication information; and
      
      authenticating the user by comparing the time-varying non-predictable value received in the wireless signal with verification information for the user based on an identity provided by the public identifying information.
  - 31. The method of claim 24, further comprising:
    - locating at least a portion of a secure registry system remote from the computing device;
      
      communicating a first time-varying non-predictable value to the remote portion of the secure registry system for an initial authentication; and
      
      locally authenticating the respective time-varying non-predictable values with the computing device.
  - 32. The method of claim 25, further comprising maintaining an ability for the mobile device to wirelessly communicate with the computing device in response to determining that the mobile device is located within a pre-determined distance of the computing device.
  - 33. The method of claim 24, wherein the mobile device includes any of a personal digital assistant, mobile phone and a tablet computer, andwherein the method further comprises communicating the wireless signal by one of Bluetooth, near field communication and Wi-Fi.

37. A secure system for controlling access to at least one computer, the secure system comprising:
- at least one computer configured to receive a short range wireless signal;
  
  a handheld device configured to communicate with the at least one computer via the short range wireless signal, the handheld device including;
  
  a user interface programmed to receive a user input including secret information known to a user of the handheld device to authorize the user to use the at least one computer;
  
  a processor coupled to the user interface, the processor programmed to authenticate the user of the handheld device and to generate a first time-varying non-predictable value following a successful authentication, by the handheld device, of the secret information received via the user interface, wherein the generating the first time-varying non-predictable value includes combining at least a portion of the secret information and a time varying value; and
  
  a wireless transceiver coupled to the processor and configured to transmit the short range wireless signal including the first time-varying non-predictable value; and
  
  a secure registry component configured to receive the first time-varying non-predictable value from the short range wireless signal and that is configured to successfully authenticate the user where the first time-varying non-predictable value is matched to the user by the secure registry;
  
  wherein the user of the handheld device is authorized to operate the at least one computer to access resources with the at least one computer so long as the at least one computer periodically receives subsequent authentication information from the handheld device that results in a continued successful authentication of the user for time periods subsequent to a time at which the first time-varying non-predictable value is generated.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 38. The system of claim 37, wherein the secure system is configured to lock the at least one computer to prevent the user from operating the at least one computer to access resources when the at least one computer fails to periodically receive the subsequent authentication information.
  - 39. The system of claim 37, wherein the wireless signal includes any one of a near field communication and Bluetooth communication employed for communication between the at least one computer and the handheld device.
  - 40. The system of claim 37, wherein the handheld device includes a memory coupled to the processor, the memory configured to store a seed employed by the processor to generate the first time-varying non-predictable value;
    - andwherein the processor is configured to employ time, the secret information and the seed to generate the first time-varying non-predictable value.
  - 41. The system of claim 37, wherein the secure registry component is configured to distribute seed-updates to the handheld device via the wireless signal without requiring any interaction on the part of the user, and wherein the seed-updates are communicated at random intervals to provide a new seed value to the handheld device.
  - 42. The system of claim 37, wherein the at least one computer includes a memory configured to store the seed, and wherein the seed is employed by the at least one computer to authenticate the user.
  - 43. The system of claim 42, wherein the processor is configured to combine the secret information with the seed to generate the first time-varying non-predictable value.
  - 44. The system of claim 43, wherein the processor is configured to generate the first time-varying non-predictable value, at least in part, by combining the secret information and the seed in an exclusive-or operation, and wherein the secret information is not stored in the handheld device.
  - 45. The system of claim 37, wherein the handheld device includes a memory coupled to the processor, the memory configured to store a seed, at least one of an electronic serial number, a unique code, and a SIM code, and wherein the processor is configured to generate the first time-varying non-predictable value, at least in part, by combining the seed with at least one of the electronic serial number, the unique code and the SIM code in an exclusive-or operation.
  - 46. The system of claim 37, wherein the at least one computer is configured to forward the first time-varying non-predictable value to another computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Universal Secure Registry LLC
Original Assignee
Universal Secure Registry LLC
Inventors
Weiss, Kenneth P.
Primary Examiner(s)
Gee, Jason

Application Number

US13/234,874
Publication Number

US 20120240195A1
Time in Patent Office

823 Days
Field of Search

726/4
US Class Current

726/4
CPC Class Codes

G06Q 20/3224   Transactions dependent on l...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/40145   Biometric identity checks

H04L 63/08   for authentication of entit...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04W 12/068   using credential vaults, e....

Apparatus, system and method employing a wireless user-device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus, system and method employing a wireless user-device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links