Apparatus, system and method for secure payment

US 9,531,696 B2
Filed: 12/16/2013
Issued: 12/27/2016
Est. Priority Date: 09/17/2010
Status: Active Grant

First Claim

Patent Images

1. A continuous authentication system for access control to resources on a protected first device with a mobile device, the system comprising:

a first processor associated with the protected first device;

the mobile device comprising;

a wireless transmitter configured to wirelessly transmit a wireless signal including a first pseudo-random non-predictable value;

a user interface programmed to authenticate an identity of a user of the mobile device based at least on first information known to the user and programmed to receive second information to authorize the user to access the protected first device; and

a mobile device processor programmed to authenticate the user of the mobile device based on the first information and to generate the first pseudo-random non-predictable value by combining at least a portion of the second information and a pseudo-random value;

a wireless receiver, coupled to a secure registry component and the first processor, configured to receive the wireless signal; and

the secure registry component configured to receive the first pseudo-random non-predictable value and successfully authenticate the user of the mobile device to the first processor based on the first pseudo-random non-predictable value, where the first pseudo-random non-predictable value is matched to the mobile device by the secure registry component;

wherein the first processor is configured to authorize the user of the mobile device to access the protected first device following successful authentication of the user based on the matching of the pseudo-random value;

wherein the first processor is configured to continue to permit the user of the mobile device to continue to access the protected first device to access the resources so long as the protected first device receives subsequent authentication information to re-authenticate the mobile device and so long as re-authentication results in a continued successful authentication of the mobile device using at least a subsequent pseudo-random non-predictable value, andwherein the first processor is configured to deny access to the user of the mobile device responsive to the mobile device being outside of a minimum wireless signal proximity of the wireless receiver.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention generally relate to apparatus, systems and methods for authentication, in particular, apparatus, systems and methods for authenticating an entity for computer and/or network security, secure authorization of a payment or for funds transfer and for selectively granting privileges and providing other services in response to such authentications. In addition, embodiments of the invention relate generally to apparatus, systems and methods for the communication of information between a mobile user-device and a point-of-sale device to securely provide authorization for a financial transaction.

189 Citations

29 Claims

1. A continuous authentication system for access control to resources on a protected first device with a mobile device, the system comprising:
- a first processor associated with the protected first device;
  
  the mobile device comprising;
  
  a wireless transmitter configured to wirelessly transmit a wireless signal including a first pseudo-random non-predictable value;
  
  a user interface programmed to authenticate an identity of a user of the mobile device based at least on first information known to the user and programmed to receive second information to authorize the user to access the protected first device; and
  
  a mobile device processor programmed to authenticate the user of the mobile device based on the first information and to generate the first pseudo-random non-predictable value by combining at least a portion of the second information and a pseudo-random value;
  
  a wireless receiver, coupled to a secure registry component and the first processor, configured to receive the wireless signal; and
  
  the secure registry component configured to receive the first pseudo-random non-predictable value and successfully authenticate the user of the mobile device to the first processor based on the first pseudo-random non-predictable value, where the first pseudo-random non-predictable value is matched to the mobile device by the secure registry component;
  
  wherein the first processor is configured to authorize the user of the mobile device to access the protected first device following successful authentication of the user based on the matching of the pseudo-random value;
  
  wherein the first processor is configured to continue to permit the user of the mobile device to continue to access the protected first device to access the resources so long as the protected first device receives subsequent authentication information to re-authenticate the mobile device and so long as re-authentication results in a continued successful authentication of the mobile device using at least a subsequent pseudo-random non-predictable value, andwherein the first processor is configured to deny access to the user of the mobile device responsive to the mobile device being outside of a minimum wireless signal proximity of the wireless receiver.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system according to claim 1, wherein the system is configured to provide proximity-based access control to the first device by the authenticated user of the mobile device so long as the mobile device is within the minimum wireless signal proximity of the wireless receiver, and wherein the wireless transmitter comprises a near field wireless transmitter configured to transmit a near field wireless signal, and the wireless receiver comprises a near field wireless receiver configured to receive a near field wireless signal.
  - 3. The system of claim 1, wherein the protected first device is configured to manage physical access to a secure space and to permit or deny entry to the secure space responsive to successful authentication of the mobile device.
  - 4. The system of claim 1, wherein the mobile device is identified by the secure registry component based on the first pseudo-random non-predictable value, and wherein the secure registry component is configured to confirm an identity of the secure registry component identity to the mobile device.
  - 5. The system of claim 4, wherein the secure registry component is configured to generate a second pseudo-random non-predictable value and communicate the second pseudo-random non-predictable value to identify the secure registry component to the mobile device.
  - 6. The system of claim 5, wherein the mobile device processor is configured to generate a third pseudo-random non-predictable value that includes combining at least a portion of the second information and a subsequent pseudo-random value, wherein the secure registry component is configured to authenticate the mobile device using the third pseudo-random non-predictable value.
  - 7. The system of claim 1, wherein the secure registry component is configured to require periodic re-authentication of the user, the re-authentication requirement derived from at least a subsequent time value and at least a portion of the second information in order to continue access to the protected first device.
  - 8. The system of claim 1, wherein the system includes a wireless network configured to communicate using any one of a Wi-Fi communication, near field communication and Bluetooth communication, and wherein a proximity between the mobile device and the protected first device is determined by a range of the network communication.
  - 9. The system of claim 1, wherein the secure registry component is configured to communicate with a plurality of processors for granting or denying access to respective devices, the secure registry component storing information for a plurality of users, andwherein the secure registry component is configured to authenticate each of the plurality of users to provide access for each user to at least one processor of a device associated with the user, respectively.
  - 10. The system of claim 9, wherein the plurality of users includes a second user associated with a second mobile device including a respective second mobile device processor and a second wireless transmitter, andwherein the second processor is configured to generate a second wireless signal including a respective second pseudo-random non-predictable value.
  - 11. The system of claim 10, wherein the secure registry component is configured to receive the second pseudo-random non-predictable value and successfully authenticate the second mobile device where the second pseudo-random non-predictable value is matched to the second mobile device, and wherein the second user is permitted access to the protected first device.
  - 12. The system of claim 1, wherein the secure registry component is located remote from the protected first device, and wherein the authentication of the first pseudo-random non-predictable value and any subsequent pseudo-random non-predictable values occur at the secure registry component.
  - 13. The system of claim 1, wherein at least a portion of the secure registry component is located at the protected first device, and wherein the authentication of the first pseudo-random non-predictable value and any subsequent pseudo-random non-predictable values occurs at the protected first device.
  - 14. The system of claim 1, wherein the mobile device includes a memory coupled to the mobile device processor, the mobile device programmed to store a seed employed by the mobile device processor to generate the first pseudo-random non-predictable value in the memory;
    - andwherein the mobile device processor is configured to use the pseudo-random value, the at least a portion of the second information and the seed to generate the first pseudo-random non-predictable value.
  - 15. The system of claim 14, wherein the secure registry component is configured to communicate seed-updates at random intervals to provide a new seed value to the mobile device.
  - 16. The system of claim 1, wherein the mobile device includes a biometric sensor configured to accept a biometric input from the user, and the first information includes information derived from the biometric input.
  - 17. The system of claim 1, wherein the mobile device processor is configured to generate the first pseudo-random non-predictable value following a successful authentication, by the mobile device, of the first information.

18. A method for access control to a protected first device with a mobile device, the method comprising:
- accepting, by the mobile device, first information known to a user of the mobile device to authenticate the user to the mobile device, and accepting second information to authorize the user to access the protected first device;
  
  generating, by the mobile device, a first pseudo-random non-predictable value based on combining at least a portion of the second information and a pseudo-random value;
  
  receiving, at a wireless receiver coupled to the protected first device, a first wireless signal including the first pseudo-random non-predictable value wirelessly transmitted from the mobile device to the protected first device;
  
  processing, by a secure registry component coupled to the protected first device, the first pseudo-random non-predictable value to authenticate the user in possession of the mobile device based on the first pseudo-random non-predictable value;
  
  allowing the user of the mobile device to access the protected first device following successful authentication;
  
  permitting, by the protected first device, the user to operate the protected first device so long as the protected first device receives subsequent authentication information to re-authorize the mobile device and so long as re-authentication results in a continued successful authentication of the user using at least a pseudo-random non-predictable value; and
  
  denying, by the protected first device, the user'"'"'s access to the protected first device responsive to the mobile device being outside of a minimum wireless signal proximity of the wireless receiver.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 19. The method of claim 18, wherein the act of receiving the first wireless signal comprises receiving the first wireless signal when the mobile device is within the minimum wireless signal proximity of the wireless receiver.
  - 20. The method of claim 18, further comprising:
    - receiving, at the protected first device, subsequent wireless signals from the mobile device on a periodic basis, the periodic basis including a predetermined period during which the protected first device is configured to receive authentication information;
      
      continuing to allow the user to access the protected first device where the subsequent wireless signals include authentication information that is successfully authenticated; and
      
      terminating access to the protected first device when at least one of the subsequent wireless signals is not received during a respective predetermined period.
  - 21. The method of claim 18, further comprising including in the authentication information included in each of the subsequent wireless signals a respective pseudo-random non-predictable value generated by the mobile device.
  - 22. The method of claim 18, further comprising:
    - including at least a portion of the secure registry component in the protected first device; and
      
      locally authenticating the user with the protected first device.
  - 23. The method of claim 18, further comprising:
    - locating at least a portion of a secure registry component remote from the protected first device;
      
      communicating the first pseudo-random non-predictable value to the remote portion of the secure registry component for initial authentication; and
      
      locally authenticating the respective pseudo-random non-predictable values with the protected first device.
  - 24. The method of claim 23, further comprising determining that the mobile device is located within a pre-determined distance of the protected first device.
  - 25. The method of claim 18, wherein the method further comprises communicating the first wireless signal by one of a Bluetooth signal, a near field communication signal and a Wi-Fi signal.
  - 26. The method of claim 18, further comprising storing in memory of the mobile device a seed and at least one of an electronic serial number, a unique code, or a SIM code, and wherein generating the first pseudo-random non-predictable value includes, at least in part, combining the seed with at least one of the electronic serial number, the unique code or the SIM code in an exclusive-or operation.
  - 27. The method of claim 18, wherein the protected first device is configured to forward the first pseudo-random non-predictable value to another computer system for authenticating the user.

28. A continuous authentication system for controlling access to resources on at least one computer, the system comprising:
- a protected computer having associated computer resources, the protected computer connected to a communication network;
  
  a portable device configured to communicate with the protected computer, the portable device including;
  
  a user interface programmed to authenticate a user to the portable device based on at least one of secret information known to the user of the portable device and information of the user of the portable device;
  
  a portable device processor programmed to generate a first pseudo-random non-predictable value following a successful authentication of the user on the portable device; and
  
  a wireless transceiver coupled to the portable device processor and configured to transmit a wireless signal including the first pseudo-random non-predictable value; and
  
  a secure registry component coupled to, and executing at least in part on, the protected computer, the secure registry component also coupled to a wireless receiver configured to receive the wireless signal including the first pseudo-random non-predictable value and successfully authenticate the user of the portable device where the first pseudo-random non-predictable value is matched to the user by the secure registry component, the secure registry component further configured to pass the successful authentication to the portable device,wherein the user of table device is permitted to operate the protected computer to access the associated resources through the protected computer so long as the protected computer receives subsequent authentication information to re-authenticate the portable device and so long as the re-authentication results in a continued successful authentication of the user using at least a subsequent pseudo-random non-predictable value, andwherein the user of the portable device is denied access to the protected computer responsive to the portable device being outside of a minimum wireless signal proximity of the wireless transmitter and receiver.

29. A continuous authentication system for access control to resources on a protected first device with a mobile device, the system comprising:
- a mobile device comprising;
  
  a wireless transmitter configured to wirelessly transmit a wireless signal including a first pseudo-random non-predictable value;
  
  a user interface programmed to authenticate a user based at least on one of first information known to the user of the mobile device and information of the user to authenticate the user to the mobile device, and programmed to receive second information to authorize the user to access the protected first device; and
  
  a mobile device processor programmed to authenticate the user of the mobile device based on the first information and the information of the user, and to generate the first pseudo-random non-predictable value by combining at least a portion of the second information and a pseudo-random value;
  
  a wireless receiver, coupled to a secure registry component and configured to receive the wireless signal; and
  
  the secure registry component configured to receive the first pseudo-random non-predictable value and successfully authenticate the user of the mobile device to the protected first device where the first pseudo-random non-predictable value is matched to the mobile device by the secure registry component,wherein the authentication by the secure registry component triggers a first processor of the protected device to authorize the user of the mobile device to access the protected first device following successful authentication of the user based on the matching of the pseudo-random value,wherein the user of the mobile device is permitted to operate the protected first device to access the resources so long as the protected first device receives subsequent authentication information to re-authenticate the mobile device and so long as re-authentication results in a continued successful authentication of the mobile device using at least a subsequent pseudo-random non-predictable value, andwherein the user of the mobile device is denied permission to operate the protected first device to access the resources responsive to the mobile device being outside of a minimum wireless signal proximity of the wireless transmitter and receiver.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Universal Secure Registry LLC
Original Assignee
Universal Secure Registry LLC
Inventors
Weiss, Kenneth P.
Primary Examiner(s)
Gee, Jason K

Application Number

US14/107,969
Publication Number

US 20140196118A1
Time in Patent Office

1,107 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06Q 20/3224   Transactions dependent on l...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/40145   Biometric identity checks

H04L 63/08   for authentication of entit...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

H04W 12/068   using credential vaults, e....

Apparatus, system and method for secure payment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

189 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus, system and method for secure payment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

189 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links