Method and system for authorizing secure electronic transactions using a security device

US 9,548,978 B2
Filed: 05/26/2015
Issued: 01/17/2017
Est. Priority Date: 02/03/2009
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a security device at a local network location for providing a secure access from the local network location to a remote network location, the method comprising:

at the security device, having a global unique identifier (UID), a processor and a memory;

obtaining, from the remote network location, a private security software, and causing the private security software to obtain a user selectable personal identification number (PIN), and the UID of the security device, the UID uniquely identifying the security device;

forwarding the PIN, the UID and the private security software to the remote network location for generating a user-personalized credential code using the PIN, the UID and the private security software, comprising encrypting the user-personalized credential code;

at the security device, obtaining the user-personalized credential code from the remote network location, and verifying an authenticity of the user selectable PIN and the UID, without communicating over a network, comprising decrypting the user-personalized credential code;

retrieving access credentials to the remote network location upon verifying the authenticity of the user selectable PIN and the UID; and

performing a transaction authorization of a transaction using the security device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for authenticating a security device for providing a secure access and transaction authorization to a remote network location are provided. The security device is authenticated by installing private security software on the security device. A Two-Channel authorization method includes a transaction notification/authorization channel and a transaction channel. A Three-Channel authorization method includes a transaction notification channel, a transaction authorization channel, and the transaction channel. Embodiments of the present invention provide increased security and privacy. A corresponding system for authenticating a security device and preforming secure private transactions is also provided.

58 Citations

21 Claims

1. A method for authenticating a security device at a local network location for providing a secure access from the local network location to a remote network location, the method comprising:
- at the security device, having a global unique identifier (UID), a processor and a memory;
  
  obtaining, from the remote network location, a private security software, and causing the private security software to obtain a user selectable personal identification number (PIN), and the UID of the security device, the UID uniquely identifying the security device;
  
  forwarding the PIN, the UID and the private security software to the remote network location for generating a user-personalized credential code using the PIN, the UID and the private security software, comprising encrypting the user-personalized credential code;
  
  at the security device, obtaining the user-personalized credential code from the remote network location, and verifying an authenticity of the user selectable PIN and the UID, without communicating over a network, comprising decrypting the user-personalized credential code;
  
  retrieving access credentials to the remote network location upon verifying the authenticity of the user selectable PIN and the UID; and
  
  performing a transaction authorization of a transaction using the security device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein the performing the transaction authorization comprises:
    - sending a transaction authorization request including the user-personalized credential code from an authorization server at the remote network location to the security device;
      
      generating a transaction authorization response at the security device using the user-personalized credential code; and
      
      sending the transaction authorization response from the security device to a transaction server.
  - 3. The method of claim 2 wherein the sending the transaction authorization response from the security device to the transaction server comprises:
    - sending the transaction authorization response from the security device to the transaction server on a transaction authorization channel.
  - 4. The method of claim 2 wherein the sending the transaction authorization response from the security device to the transaction server comprises:
    - sending the transaction authorization response from the security device to the authorization server at the remote network location; and
      
      sending the transaction authorization response from the authorization server at the remote network location to the transaction server.
  - 5. The method of claim 4 wherein the sending the transaction authorization response from the security device to the authorization server at the remote network location comprises:
    - sending the transaction authorization response from the security device to the authorization server at the remote network location on a transaction authorization channel.
  - 6. The method of claim 4 wherein the sending the transaction authorization response from the authorization server at the remote network location to the transaction server comprises:
    - sending the transaction authorization response from the authorization server at the remote network location to the transaction server on a service channel.
  - 7. The method of claim 2 further comprising:
    - sending a transaction request from a user terminal to the transaction server; and
      
      sending the transaction authorization response from the transaction server to the user terminal.
  - 8. The method of claim 7 wherein the sending a transaction request from a user terminal to the transaction server comprises:
    - sending a transaction request from a user terminal to the transaction server on a transaction channel.
  - 9. The method of claim 7 wherein the sending the transaction authorization response from the transaction server to the user terminal comprises:
    - sending the transaction authorization response from the transaction server to the user terminal on a transaction channel.
  - 10. The method of claim 2 further comprising:
    - sending a pre-authorization condition from the security device to the authorization server.
  - 11. The method of claim 1 further comprising:
    - establishing a connection to an authorization server including;
      
      establishing a transaction channel, andestablishing a transaction notification channel;
      
      authorizing a user to access a service on a transaction server, using a client program executing on the security device and a server program executing on the authorization server;
      
      authorizing a transaction using the security device;
      
      performing the transaction; and
      
      closing the connection to the authorization server.

12. A system for providing a secure access from a local network location to a remote network A system for providing a secure access from a local network location to a remote network location, the system comprising:
- a remote server computer at the remote network location; and
  
  a security device at the local network location, the security device having a global unique identifier (UID) uniquely identifying the security device and permanently associated with the security device, a processor and a memory having computer readable instructions stored thereon, causing the processor to;
  
  obtain, from the remote server computer, a private security software;
  
  cause the private security software to obtain a user selectable personal identification number (PIN), and the UID of the security device;
  
  the UID uniquely identifying the security device and being permanently associated with the security device; and
  
  forward the PIN, the UID and the private security software to the remote server computer;
  
  the remote server computer being configured to generate a user-personalized credential code using the PIN, the UID and the private security software, and to encrypt the user-personalized credential code;
  
  the computer readable instructions being further configured to cause the processor to;
  
  obtain the user-personalized credential code from the remote server computer;
  
  verify an authenticity of the user selectable PIN and the UID, using the user-personalized credential code, and without communicating over a network, comprising decrypting the user-personalized credential code; and
  
  retrieve access credentials to the remote network location upon verifying the authenticity of the user selectable PIN and the UID; and
  
  perform a transaction authorization of a transaction using the security device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The system of claim 12 further comprising:
    - an authorization server configured to;
      
      send a transaction authorization request including the user-personalized credential code from the authorization server at the remote network location to the security device,wherein the security device is configured to;
      
      generate a transaction authorization response at the security device using the user-personalized credential code; and
      
      send the transaction authorization response from the security device to a transaction server.
  - 14. The system of claim 13 wherein the security device is configured to:
    - send the transaction authorization response from the security device to the transaction server on a transaction authorization channel.
  - 15. The system of claim 13 wherein:
    - the security device is configured to;
      
      send the transaction authorization response from the security device to the authorization server at the remote network location; and
      
      the authorization server is configured to;
      
      send the transaction authorization response from the authorization server at the remote network location to the transaction server.
  - 16. The system of claim 15 wherein the security device is configured to:
    - send the transaction authorization response from the security device to the authorization server at the remote network location on a transaction authorization channel.
  - 17. The system of claim 15 wherein the authorization server is configured to:
    - send the transaction authorization response from the authorization server at the remote network location to the transaction server on a service channel.
  - 18. The system of claim 13 wherein:
    - a user terminal is configured to;
      
      send a transaction request from the user terminal to the transaction server; and
      
      the transaction server is configured to;
      
      send the transaction authorization response from the transaction server to the user terminal.
  - 19. The system of claim 18 wherein the user terminal is configured to:
    - send a transaction request from a user terminal to the transaction server on a transaction channel.
  - 20. The system of claim 18 wherein the transaction server is configured to:
    - send the transaction authorization response from the transaction server to the user terminal on a transaction channel.
  - 21. The system of claim 13 wherein the security device is configured to:
    - send a pre-authorization condition from the security device to the authorization server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
inBay Technologies, Inc.
Original Assignee
inBay Technologies, Inc.
Inventors
Wang, Yiwen, Ding, Yuebin, Kuang, Randy, Xavier, Stanislus Kisito, Mann, David Michael, Zhu, He
Primary Examiner(s)
Truong, Thanhnga B

Application Number

US14/721,996
Publication Number

US 20150326559A1
Time in Patent Office

602 Days
Field of Search

726 1- 6, 380/44, 713/155, 713/168, 709/206, 370/401
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/42   using separate channels for...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2115   Third party

H04L 2463/102   applying security measure f...

H04L 63/0281   Proxies

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 63/105   Multiple levels of security

Method and system for authorizing secure electronic transactions using a security device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Method and system for authorizing secure electronic transactions using a security device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others