×

Secure identity authentication in an electronic transaction

  • US 9,413,757 B1
  • Filed: 01/15/2015
  • Issued: 08/09/2016
  • Est. Priority Date: 01/15/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of:

  • a computer receiving a request from a mobile device of the user to initiate the electronic transaction and receiving information that specifies attributes of the user and the request;

    the computer selecting a request for a biometric identifier or a security question to authenticate the identity of the user;

    the computer converting the selected request for the biometric identifier or the security question to a first complete Quick Response (QR) code;

    based on the information that specifies the attributes of the user and the request, the computer disassembling the first complete QR code into first and second portions of the first complete QR code, the first portion of the first complete QR code selected by a QR code disassembly algorithm, and the first and second portions of the first complete QR code not having an element in common;

    the computer sending to the mobile device the first portion of the first complete QR code, but not the second portion of the first complete QR code, which prevents an entity other than the user and the enterprise from obtaining the request for the biometric identifier or the security question by capturing network traffic that includes the electronic transaction;

    in response to a scan of the first portion of the first complete QR code by the mobile device, a reassembly of the first complete QR code by the mobile device which employs the first portion of the first complete QR code and a QR code assembly algorithm, a display by the mobile device of the request for the biometric identifier or the security question, a receipt by the mobile device of the biometric identifier or an answer to the security question, a conversion of the biometric identifier or the answer to the security question to a second complete QR code, a disassembly of the second complete QR code into first and second portions of the second complete QR code by employing the QR code disassembly algorithm, and a transmission of the first portion of the second complete QR code from the mobile device to the computer, the computer reassembling the second complete QR code by employing the QR code assembly algorithm and the first portion of the second complete QR code, which prevents the entity other than the user and the enterprise from obtaining the biometric identifier or the answer to the security question by capturing the network traffic that includes the electronic transaction;

    the computer extracting the biometric identifier or the answer to the security question from the second complete QR code;

    the computer determining whether the extracted biometric identifier or the answer to the security question matches a record in a data repository that includes biometric identifiers or answers to security questions; and

    if the extracted biometric identifier or the extracted answer to the security question matches the record in the data repository, the computer authorizing the electronic transaction or if the extracted biometric identifier or the extracted answer to the security question does not match any record in the data repository, the computer indicating the electronic transaction is not authorized.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×