Authentication method

US 8,752,125 B2
Filed: 10/19/2005
Issued: 06/10/2014
Est. Priority Date: 10/20/2004
Status: Active Grant

First Claim

Patent Images

1. An authentication method comprising:

requesting a user of a personal mobile terminal to enter a personal code into the personal mobile terminal in response to receipt of an authentication request transmitted to the personal mobile terminal, the authentication request including transaction data of an action that requires user authentication;

displaying the transaction data on a display of the personal mobile terminal to enable the user to apprehend that the authentication request validly relates to transaction details of the action; and

processing an entered personal code together with challenge data derived from the transaction data contained in the authentication request to determine whether one or more predetermined conditions are met and, if one or more predetermined conditions are met including that the personal code is correct, producing a valid and signed authentication code from the challenge data that the user can provide in order to authenticate the action;

whereby the transaction data which is displayed on the display of the mobile terminal is tied to said valid and signed authentication code and the authentication code is also tied to the user through entry of the correct personal code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is disclosed an authentication method comprising requesting a user of a personal mobile terminal to enter a personal code into a personal mobile terminal in response to receipt of an authentication request transmitted to the personal mobile terminal, the authentication request being related to an action that requires user authentication, and processing an entered personal code together with challenge data corresponding to the authentication request to determine whether one or more predetermined conditions are met and, if one or more predetermined conditions are met, producing a valid and signed authentication code that the user can provide in order to authenticate the action.

Citations

37 Claims

1. An authentication method comprising:
- requesting a user of a personal mobile terminal to enter a personal code into the personal mobile terminal in response to receipt of an authentication request transmitted to the personal mobile terminal, the authentication request including transaction data of an action that requires user authentication;
  
  displaying the transaction data on a display of the personal mobile terminal to enable the user to apprehend that the authentication request validly relates to transaction details of the action; and
  
  processing an entered personal code together with challenge data derived from the transaction data contained in the authentication request to determine whether one or more predetermined conditions are met and, if one or more predetermined conditions are met including that the personal code is correct, producing a valid and signed authentication code from the challenge data that the user can provide in order to authenticate the action;
  
  whereby the transaction data which is displayed on the display of the mobile terminal is tied to said valid and signed authentication code and the authentication code is also tied to the user through entry of the correct personal code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. An authentication method as claimed in claim 1, comprising transmitting challenge data to said personal mobile terminal as part of said authentication request.
  - 3. An authentication method as claimed in claim 1, comprising generating, at said personal mobile terminal, challenge data corresponding to at least part of said authentication request.
  - 4. An authentication method as claimed in claim 1, comprising also processing the entered personal code together with at least one key stored on the mobile phone.
  - 5. An authentication method as claimed in claim 4, wherein at least one of said one or more predetermined conditions is that the key is correct.
  - 6. An authentication method as claimed in claim 1, wherein the transaction data is only displayed after the personal code is entered.
  - 7. An authentication method as claimed in claim 1, further comprising:
    - transmitting the authentication request to a personal mobile terminal designated as belonging to a user in response to the initiation of an action that requires authentication by the user; and
      
      receiving the authentication code from the user;
      
      authenticating the action upon the authentication code being valid.
  - 8. An authentication method as claimed in claim 7, wherein the action is a transaction initiated by the user.
  - 9. An authentication method as claimed in claim 8, wherein the transaction is a banking transaction.
  - 10. An authentication method as claimed in claim 8, wherein the transaction is an order for a product or service.
  - 11. An authentication method as claimed in claim 7, wherein the action is a transaction initiated by an entity whose actions require authorization by said user.
  - 12. A method as claimed in claim 1, further comprising configuring a personal mobile terminal by:
    - providing an activation code to a user by a means independent of the user'"'"'s personal mobile terminal;
      
      placing a security application on a web server for retrieval by the user'"'"'s personal mobile terminal;
      
      providing details of the security application to the user that are sufficient for the user to retrieve the security application;
      
      running the security application on the user'"'"'s personal mobile terminal in order to prompt the user for the activation code and to generate a confirmation code if the activation code is entered into the personal mobile terminal; and
      
      providing the confirmation code to the authentication system; and
      
      activating the user if the confirmation code is valid.
  - 13. A method as claimed in claim 12, wherein the confirmation code is provided by a means independent of the user'"'"'s personal mobile terminal.
  - 14. A method as claimed in claim 12, wherein the user initiates a configuration of the user'"'"'s personal mobile terminal by accessing the web server.
  - 15. A method as claimed in claim 12, wherein the security application is personalized for said user.
  - 16. A method as claimed in claim 1, comprising displaying the transaction data to the user prior to the user entering the personal code.
  - 17. A method as claimed in claim 16, comprising automatically transmitting the authentication code after it is produced.
  - 18. A method as claimed in claim 1, further comprising displaying transaction details corresponding to the transaction data on a display independent of the mobile terminal display.
  - 19. A method as claimed in claim 1, wherein the challenge data comprises a cryptographic hash of the transaction data.
  - 20. A method as claimed in claim 19, comprising signing the cryptographic hash with a private key stored on the mobile terminal to produce the authentication code.

21. A computer program stored on a web server for downloading to a mobile terminal, that, when executed by a personal mobile terminal, enables the personal mobile terminal to:
- request a user of the mobile terminal to enter a personal code following receipt of an authentication request transmitted to the mobile terminal, the authentication request including transaction data of an action that requires user authentication;
  
  display the transaction data on a display of the personal mobile terminal to enable the user to apprehend that the authentication request validly relates to transaction details of the action;
  
  process an entered personal code together with challenge data derived from the transaction data contained in the authentication request; and
  
  produce a valid and signed authentication code from the challenge data that the user can provide in order to authenticate the action if one or more predetermined conditions are met, including that the personal code is correct;
  
  whereby the transaction data which is displayed on the display of the mobile terminal is tied to said valid and signed authentication code and the authentication code is also tied to the user through entry of the correct personal code.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. A computer program stored on a web server as claimed in claim 21, that enables a personal mobile terminal to process challenge data transmitted to said personal mobile terminal as part of said authentication request.
  - 23. A computer program stored on a web server as claimed in claim 21, wherein said computer program generates, at said personal mobile terminal, challenge data corresponding to at least part of said authentication request.
  - 24. A computer program stored on a web server as claimed in claim 21, wherein the computer program enables the personal mobile terminal to process the entered personal code together with at least one key stored on the mobile phone.
  - 25. A computer program stored on a web server as claimed in claim 24, wherein at least one of said one or more predetermined conditions is that the key is correct.
  - 26. A computer program stored on a web server as claimed in claim 21, wherein the transaction data is only displayed after the personal code is entered.
  - 27. A computer program stored on a web server as claimed in claim 21, wherein the computer program is arranged to be automatically executed by the personal mobile terminal upon receipt of the authentication request.
  - 28. A computer program stored on a web server as claimed in claim 21, that causes the personal mobile terminal to automatically provide the authentication code on the user'"'"'s behalf after completion of processing of the personal code.
  - 29. A computer program as claimed in claim 21, wherein the challenge data comprises a cryptographic hash of the transaction data.
  - 30. A computer program as claimed in claim 29, comprising signing the cryptographic hash with a private key stored on the mobile terminal to produce the authentication code.

31. A personal mobile terminal comprising:
- a request handler arranged to request a user of the mobile terminal to enter a personal code following receipt of an authentication request transmitted to the mobile terminal, the authentication request including transaction data of an action that requires user authentication;
  
  a data display engine arranged to display the transaction data on a display of the personal mobile terminal to enable the user to apprehend that the authentication request validly relates to transaction details of the action; and
  
  a data crypto engine arranged to process an entered personal code together with challenge data derived from the transaction data contained in the authentication request to determine whether one or more predetermined conditions are met, including that the personal code is correct, and produce a valid and signed authentication code from the challenge data that the user can provide in order to authenticate the action if the one or more predetermined conditions are met;
  
  whereby the transaction data which is displayed on the display of the mobile terminal is tied to said valid and signed authentication code and the authentication code is also tied to the user through entry of the correct personal code.
- View Dependent Claims (32, 33)
- - 32. A personal mobile terminal as claimed in claim 31, wherein the challenge data comprises a cryptographic hash of the transaction data.
  - 33. A personal mobile terminal as claimed in claim 32, comprising signing the cryptographic hash with a private key stored on the mobile terminal to produce the authentication code.

34. A system for authenticating actions comprising:
- an action authentication server; and
  
  one or more personal mobile terminals belonging to respective ones of one or more users of the system, the action authentication server being configured to transmit an authentication request to a personal mobile terminal of a user in response to initiation of an action requiring authentication by a user, the authentication request including transaction data of the action;
  
  each users'"'"' personal mobile terminal being configured to;
  
  request the user of the personal mobile terminal to enter a personal code following receipt of the authentication request;
  
  display the transaction data on a display of the personal mobile terminal to enable the user to apprehend that the authentication request validly relates to transaction details of the action;
  
  process an entered personal code together with challenge data derived from the transaction data contained in the authentication request corresponding to the authentication request; and
  
  produce a valid and signed authentication code from the challenge data that the user can provide in order to authenticate the action if one or more predetermined conditions are met, including that the personal code is correct;
  
  whereby the transaction data which is displayed on the display of the mobile terminal is tied to said valid and signed authentication code and the authentication code is also tied to the user through entry of the correct personal code.
- View Dependent Claims (35, 36, 37)
- - 35. A system as claimed in claim 34, wherein the action authentication server is configured to receive the authentication code and authenticate the action if the authentication code is valid.
  - 36. A system for authenticating actions as claimed in claim 34, wherein the challenge data comprises a cryptographic hash of the transaction data.
  - 37. A system for authenticating actions as claimed in claim 36, comprising signing the cryptographic hash with a private key stored on the mobile terminal to produce the authentication code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salt Group Pty Ltd.
Original Assignee
Salt Group Pty Ltd.
Inventors
Baharis, Chris, Oakley, Ross
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
SIMS, JING F

Application Number

US11/665,719
Publication Number

US 20080046988A1
Time in Patent Office

3,156 Days
Field of Search

705/64, 705/67, 713/169, 713/176, 713/182
US Class Current

726/2
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 2463/102   applying security measure f...

H04L 63/083   using passwords cryptograph...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 88/02   Terminal devices

Authentication method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links