System and method for secure authentication

US 9,686,245 B2
Filed: 09/16/2014
Issued: 06/20/2017
Est. Priority Date: 09/16/2014
Status: Active Grant

First Claim

Patent Images

1. A method for secure authentication performed by an authentication application on a mobile communication device, the method comprising the authentication application carrying out the following:

receiving, via an authentication application protocol handler, a unique identifier for a transaction from a first application provided on the same mobile communication device as the authentication application, wherein the first application communicates with a remote application server for carrying out the transaction and wherein the unique identifier is sent locally between the first application and the authentication application via a first application protocol handler provided at the first application for invoking the authentication application;

receiving an encrypted transaction from a remote secure server;

decrypting or obtaining decryption of the transaction with a private key of the authentication application;

signing or obtaining signing of the transaction with the private key;

signing the transaction with the unique identifier received from the first application; and

transmitting the signed transaction back to the remote secure server,wherein the authentication application communicates with the remote secure server via a secure protocol for authentication of the transaction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for secure authentication performed on a mobile communication device. The method includes an authentication application carrying out the steps of: receiving a unique identifier for a transaction from a first application provided on the same mobile communication device as the authentication application; receiving an encrypted transaction from a remote secure server; decrypting or obtaining decryption of the transaction with a private key of the authentication application; signing or obtaining signing of the transaction with the private key; signing the transaction with the unique identifier; and transmitting the signed transaction back to the remote secure server.

43 Citations

View as Search Results

19 Claims

1. A method for secure authentication performed by an authentication application on a mobile communication device, the method comprising the authentication application carrying out the following:
- receiving, via an authentication application protocol handler, a unique identifier for a transaction from a first application provided on the same mobile communication device as the authentication application, wherein the first application communicates with a remote application server for carrying out the transaction and wherein the unique identifier is sent locally between the first application and the authentication application via a first application protocol handler provided at the first application for invoking the authentication application;
  
  receiving an encrypted transaction from a remote secure server;
  
  decrypting or obtaining decryption of the transaction with a private key of the authentication application;
  
  signing or obtaining signing of the transaction with the private key;
  
  signing the transaction with the unique identifier received from the first application; and
  
  transmitting the signed transaction back to the remote secure server,wherein the authentication application communicates with the remote secure server via a secure protocol for authentication of the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as claimed in claim 1, wherein the private key of the authentication application is stored by the authentication application and wherein the steps of decrypting the transaction and signing the transaction with the private key are carried out by the authentication application on the mobile communication device.
  - 3. The method as claimed in claim 1, wherein the private key of the authentication application is stored by a separate device and including:
    - sending the received transaction to the separate device via a proximity communication; and
      
      receiving the transaction signed with the private key at the authentication application via the proximity communication.
  - 4. The method as claimed in claim 1 wherein the method includes:
    - the first application invoking the authentication application locally and sending the unique identifier to the authentication application.
  - 5. The method as claimed in claim 1, wherein the method includes:
    - the first application carrying out the steps of;
      
      sending a transaction request to a remote transaction server, the transaction request having been authenticated using a first factor; and
      
      receiving the unique identifier identifying the transaction.
  - 6. The method as claimed in claim 1, wherein the unique identifier identifies a transaction and identifies a user by a public key corresponding to the private key of the authentication application.
  - 7. The method as claimed in claim 1, wherein the method includes:
    - the authentication application displaying the decrypted transaction before signing the transaction.
  - 8. The method as claimed in claim 1, wherein the method includes:
    - the authentication application carrying out an authorization step including receiving an input from a user and verifying the input before signing the transaction.
  - 9. The method as claimed in claim 1, wherein the method includes:
    - the authentication application passing control back locally to the first application after transmitting the signed transaction back to the secure server.

10. A system for secure authentication, the system comprising a mobile communication device including:
- a first application for communicating with a remote application server for carrying out a transaction; and
  
  an authentication application for communicating with a secure server via a secure protocol for authentication of a transaction;
  
  wherein a unique identifier for a transaction is sent locally between the first application and the authentication application via a first application protocol handler provided at the first application for invoking the authentication application, andwherein the authentication application includes;
  
  an authentication application protocol handler for receiving a unique identifier for a transaction from the first application;
  
  a receiving component for receiving an encrypted transaction from a remote secure server;
  
  a decrypting component for decrypting or obtaining decryption of the transaction with a private key of the authentication application;
  
  a first signing component for signing or obtaining signing of the transaction with the private key;
  
  a second signing component for signing the transaction with the unique identifier; and
  
  a transmitting component for transmitting the signed transaction back to the remote secure server.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system as claimed in claim 10, wherein the first application is provided in a first sandbox on the mobile communication device and the authentication application is provided in a second sandbox on the mobile communication device.
  - 12. The system as claimed in claim 10, wherein the private key of the authentication application is stored at the authentication application and the first and second signing components are provided by a single component.
  - 13. The system as claimed in claim 10, wherein the private key of the authentication application is stored on a separate token device, wherein the separate token device includes:
    - a cryptographic component for signing the transaction with the private key; and
      
      a proximity communication component capable of communicating with the authentication application.
  - 14. The system as claimed in claim 10, wherein the first application includes:
    - a transaction request component for sending a transaction request to a remote transaction server, the transaction request having been authenticated using a first factor; and
      
      a receiving component for receiving a unique identifier for the transaction.
  - 15. The system as claimed in claim 10, wherein the authentication application includes:
    - a displaying component for displaying the decrypted transaction before signing the transaction.
  - 16. The system as claimed in claim 10, wherein the authentication application includes:
    - an authorization component for carrying out an authorization step including receiving an input from a user and verifying the input before signing the transaction.
  - 17. The system as claimed in claim 10, wherein the authentication application includes:
    - a control component for passing control back locally to the first application after transmitting the signed transaction back to the secure server.

18. A computer program product for secure authentication performed by an authentication application on a mobile communication device, the computer program product comprising a non-transitory computer readable storage medium having computer-readable program code configured to cause the authentication application to carry out the following:
- receiving, via an authentication application protocol handler, a unique identifier for a transaction from a first application provided on the same mobile communication device as the authentication application, wherein the first application communicates with a remote application server for carrying out the transaction and wherein the unique identifier is sent locally between the first application and the authentication application via a first application protocol handler provided at the first application for invoking the authentication application;
  
  receiving an encrypted transaction from a remote secure server;
  
  decrypting or obtaining decryption of the transaction with a private key of the authentication application;
  
  signing or obtaining signing of the transaction with the private key;
  
  signing the transaction with the unique identifier received from the first application; and
  
  transmitting the signed transaction back to the remote secure server,wherein the authentication application communicates with the remote secure server via a secure protocol for authentication of the transaction.
- View Dependent Claims (19)
- - 19. The computer program product as claimed in claim 18, wherein the computer program product comprises the non-transitory computer-readable storage medium, which is a software development kit provided to embed authentication procedures in a software application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entersekt International limited (Entersekt Pty Ltd.)
Original Assignee
Entersekt International limited (Entersekt Pty Ltd.)
Inventors
Brand, Christiaan Johannes Petrus
Primary Examiner(s)
DOAN, TRANG T

Application Number

US14/488,160
Publication Number

US 20160080326A1
Time in Patent Office

1,008 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/53   by executing in a restricte...

H04L 2463/082   applying multi-factor authe...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 9/321   involving a third party or ...

H04W 12/06   Authentication

H04W 12/086   using security domains

System and method for secure authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links