Secure identity authentication in an electronic transaction
First Claim
1. A method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of:
- a computer receiving a request from a mobile device of the user to initiate the electronic transaction and receiving information that specifies attributes of the user and the request;
the computer selecting a request for a biometric identifier or a security question to authenticate the identity of the user;
the computer converting the selected request for the biometric identifier or the security question to a first complete Quick Response (QR) code;
based on the information that specifies the attributes of the user and the request, the computer disassembling the first complete QR code into first and second portions of the first complete QR code, the first portion of the first complete QR code selected by a QR code disassembly algorithm, and the first and second portions of the first complete QR code not having an element in common;
the computer sending to the mobile device the first portion of the first complete QR code, but not the second portion of the first complete QR code, which prevents an entity other than the user and the enterprise from obtaining the request for the biometric identifier or the security question by capturing network traffic that includes the electronic transaction;
in response to a scan of the first portion of the first complete QR code by the mobile device, a reassembly of the first complete QR code by the mobile device which employs the first portion of the first complete QR code and a QR code assembly algorithm, a display by the mobile device of the request for the biometric identifier or the security question, a receipt by the mobile device of the biometric identifier or an answer to the security question, a conversion of the biometric identifier or the answer to the security question to a second complete QR code, a disassembly of the second complete QR code into first and second portions of the second complete QR code by employing the QR code disassembly algorithm, and a transmission of the first portion of the second complete QR code from the mobile device to the computer, the computer reassembling the second complete QR code by employing the QR code assembly algorithm and the first portion of the second complete QR code, which prevents the entity other than the user and the enterprise from obtaining the biometric identifier or the answer to the security question by capturing the network traffic that includes the electronic transaction;
the computer extracting the biometric identifier or the answer to the security question from the second complete QR code;
the computer determining whether the extracted biometric identifier or the answer to the security question matches a record in a data repository that includes biometric identifiers or answers to security questions; and
if the extracted biometric identifier or the extracted answer to the security question matches the record in the data repository, the computer authorizing the electronic transaction or if the extracted biometric identifier or the extracted answer to the security question does not match any record in the data repository, the computer indicating the electronic transaction is not authorized.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach is provided for securely authenticating an identity of a user participating in an electronic transaction. A request is received from a mobile device to initiate the electronic transaction. Attributes of the user and request are received. A request is selected for a biometric identifier or a security question to authenticate the identity of the user. The request for the biometric identifier or security question is converted to a complete Quick Response (QR) code. Based on the user and request attributes, the complete QR code is disassembled into first and second portions by employing a disassembly algorithm. The first portion, but not the second portion, is sent to the mobile device, which prevents an entity other than the user and the enterprise from obtaining the request for the biometric identifier or security question by capturing network traffic that includes the electronic transaction.
16 Citations
15 Claims
-
1. A method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of:
-
a computer receiving a request from a mobile device of the user to initiate the electronic transaction and receiving information that specifies attributes of the user and the request; the computer selecting a request for a biometric identifier or a security question to authenticate the identity of the user; the computer converting the selected request for the biometric identifier or the security question to a first complete Quick Response (QR) code; based on the information that specifies the attributes of the user and the request, the computer disassembling the first complete QR code into first and second portions of the first complete QR code, the first portion of the first complete QR code selected by a QR code disassembly algorithm, and the first and second portions of the first complete QR code not having an element in common; the computer sending to the mobile device the first portion of the first complete QR code, but not the second portion of the first complete QR code, which prevents an entity other than the user and the enterprise from obtaining the request for the biometric identifier or the security question by capturing network traffic that includes the electronic transaction; in response to a scan of the first portion of the first complete QR code by the mobile device, a reassembly of the first complete QR code by the mobile device which employs the first portion of the first complete QR code and a QR code assembly algorithm, a display by the mobile device of the request for the biometric identifier or the security question, a receipt by the mobile device of the biometric identifier or an answer to the security question, a conversion of the biometric identifier or the answer to the security question to a second complete QR code, a disassembly of the second complete QR code into first and second portions of the second complete QR code by employing the QR code disassembly algorithm, and a transmission of the first portion of the second complete QR code from the mobile device to the computer, the computer reassembling the second complete QR code by employing the QR code assembly algorithm and the first portion of the second complete QR code, which prevents the entity other than the user and the enterprise from obtaining the biometric identifier or the answer to the security question by capturing the network traffic that includes the electronic transaction;
the computer extracting the biometric identifier or the answer to the security question from the second complete QR code;the computer determining whether the extracted biometric identifier or the answer to the security question matches a record in a data repository that includes biometric identifiers or answers to security questions; and if the extracted biometric identifier or the extracted answer to the security question matches the record in the data repository, the computer authorizing the electronic transaction or if the extracted biometric identifier or the extracted answer to the security question does not match any record in the data repository, the computer indicating the electronic transaction is not authorized. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product, comprising:
-
a computer-readable storage device; and a computer-readable program code stored in the computer-readable storage device, the computer-readable program code containing instructions that are executed by a central processing unit (CPU) of a computer system to implement a method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of; the computer system receiving a request from a mobile device of the user to initiate the electronic transaction and receiving information that specifies attributes of the user and the request; the computer system selecting a request for a biometric identifier or a security question to authenticate the identity of the user; the computer system converting the selected request for the biometric identifier or the security question to a first complete Quick Response (QR) code; based on the information that specifies the attributes of the user and the request, the computer system disassembling the first complete QR code into first and second portions of the first complete QR code, the first portion of the first complete QR code selected by a QR code disassembly algorithm, and the first and second portions of the first complete QR code not having an element in common; the computer system sending to the mobile device the first portion of the first complete QR code, but not the second portion of the first complete QR code, which prevents an entity other than the user and the enterprise from obtaining the request for the biometric identifier or the security question by capturing network traffic that includes the electronic transaction; in response to a scan of the first portion of the first complete QR code by the mobile device, a reassembly of the first complete QR code by the mobile device which employs the first portion of the first complete QR code and a QR code assembly algorithm, a display by the mobile device of the request for the biometric identifier or the security question, a receipt by the mobile device of the biometric identifier or an answer to the security question, a conversion of the biometric identifier or the answer to the security question to a second complete QR code, a disassembly of the second complete QR code into first and second portions of the second complete QR code by employing the QR code disassembly algorithm, and a transmission of the first portion of the second complete QR code from the mobile device to the computer system, the computer system reassembling the second complete QR code by employing the QR code assembly algorithm and the first portion of the second complete QR code, which prevents the entity other than the user and the enterprise from obtaining the biometric identifier or the answer to the security question by capturing the network traffic that includes the electronic transaction; the computer system extracting the biometric identifier or the answer to the security question from the second complete QR code; the computer system determining whether the extracted biometric identifier or the answer to the security question matches a record in a data repository that includes biometric identifiers or answers to security questions; and if the extracted biometric identifier or the extracted answer to the security question matches the record in the data repository, the computer system authorizing the electronic transaction or if the extracted biometric identifier or the extracted answer to the security question does not match any record in the data repository, the computer system indicating the electronic transaction is not authorized. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of:
-
a mobile device of the user sending a request to a server computer of the enterprise to initiate the electronic transaction and receiving information that specifies attributes of the user and the request to initiate the electronic transaction; in response to a selection of a request for a biometric identifier or a security question to authenticate the identity of the user, a conversion of the selected request for the biometric identifier or the security question to a first complete Quick Response (QR) code, a disassembly of the first complete QR code into first and second portions of the first complete QR code by a QR code disassembly algorithm based on the information that specifies the attributes of the user and the request to initiate the electronic transaction, the first and second portions of the first complete QR code not having an element in common, the mobile device receiving from the server computer the first portion of the first complete QR code, but not the second portion of the first complete QR code, which prevents an entity other than the user and the enterprise from obtaining the request for the biometric identifier or the security question by capturing network traffic that includes the electronic transaction; the mobile device scanning the first portion of the first complete QR code; the mobile device reassembling the first complete QR code by employing a QR code assembly algorithm based on the first portion of the first complete QR code and the information that specifies the attributes of the user and the request to initiate the electronic transaction; based on the reassembled first complete QR code, the mobile device displaying the request for the biometric identifier or the security question; the mobile device receiving from the user the biometric identifier or an answer to the security question; the mobile device converting the biometric identifier or the answer to the security question to a second complete QR code; the mobile device disassembling the second complete QR code into first and second portions of the second complete QR code by employing the QR code disassembly algorithm based on the information that specifies the attributes of the user and information that specifies attributes of a request to complete an authentication of the identity of the user; the mobile device sending the first portion of the second complete QR code to the server computer; and in response to a reassembly by the server computer of the second complete QR code by employing the QR code assembly algorithm based on the first portion of the second complete QR code, the information that specifies the attributes of the user, and the information that specifies the attributes of the request to complete the authentication, which prevents the entity other than the user and the enterprise from obtaining the biometric identifier or the answer to the security question by capturing the network traffic that includes the electronic transaction, an extraction by the server computer of the biometric identifier or the answer to the security question from the second complete QR code, a determination of whether the extracted biometric identifier or the answer to the security question matches a record in a data repository that includes biometric identifiers or answers to security questions, and if the extracted biometric identifier or the extracted answer to the security question matches the record in the data repository, the mobile device receiving an indication that the identity of the user is authorized or if the extracted biometric identifier or the extracted answer to the security question does not match any record in the data repository, the mobile device receiving an indication that the identity of the user is not authorized. - View Dependent Claims (13, 14, 15)
-
Specification