Tool for creating a system hardware signature for payment authentication
First Claim
1. A mobile device configured for transaction authentication using a device hardware signature, whereby presence of malware may be detected prior to payment information being compromised, the mobile device comprising:
- a processor, a display; and
a memory storing computer executable instructions that when executed by the processor cause the processor to;
create a unique signature, using a signature creation algorithm and based at least in part on a hardware profile of the mobile device, wherein;
the hardware profile of the mobile device comprises;
first information identifying a first part of the mobile device;
second information identifying a second part of the mobile device;
third information identifying the mobile device; and
fourth information corresponding to a software execution pattern, wherein the fourth information is determined based on monitoring authorized software programs and applications of the mobile device;
creating the unique signature further comprises;
obtaining fifth information related to a current time and/or a current date; and
combining at least a portion of the hardware profile of the mobile device and the fifth information to create the unique signature;
receive, at the mobile device, a user transaction trigger from a transaction terminal;
determine that malware has not compromised the signature creation algorithm associated with the created unique signature, in response to receiving the user transaction trigger from the transaction terminal, the determining comprising;
monitoring whether any application or system has accessed the hardware profile of the mobile device; and
determining that the signature creation algorithm has not been compromised based on (i) determining that the hardware profile was not accessed by any application or system, or (ii) determining that the application or system that accessed the hardware profile was authorized to access the hardware profile;
wherein the executable instructions further cause the processor to create a key, based on the unique signature, in response to determining that the signature creation algorithm has not been compromised;
initiate, on the display, a presentation of the key associated with the unique signature;
receive user input entered in response to the user viewing the key;
determine that the received user input matches the created key; and
transmit, via an operative communication channel between the mobile device and the transaction terminal, a notification to the transaction terminal associated with the user transaction trigger, the notification indicating successful authentication of the user when the received user input matches that created key.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention provide a method a authenticating a transaction at the point of transaction. In some embodiments of the invention, a unique signature is created based at least in part on a hardware profile of the system. In some embodiments, a request is received from a user to perform a transaction using the system. In some embodiments, in response to receiving the request a key is created based on the unique signature and displayed to the user. In some embodiments, user input entered in response to the user viewing the key is received and it is determined whether to proceed with transaction payment authentication based at least on whether the received user input matches the created key.
30 Citations
17 Claims
-
1. A mobile device configured for transaction authentication using a device hardware signature, whereby presence of malware may be detected prior to payment information being compromised, the mobile device comprising:
-
a processor, a display; and a memory storing computer executable instructions that when executed by the processor cause the processor to; create a unique signature, using a signature creation algorithm and based at least in part on a hardware profile of the mobile device, wherein; the hardware profile of the mobile device comprises; first information identifying a first part of the mobile device; second information identifying a second part of the mobile device; third information identifying the mobile device; and fourth information corresponding to a software execution pattern, wherein the fourth information is determined based on monitoring authorized software programs and applications of the mobile device; creating the unique signature further comprises; obtaining fifth information related to a current time and/or a current date; and combining at least a portion of the hardware profile of the mobile device and the fifth information to create the unique signature; receive, at the mobile device, a user transaction trigger from a transaction terminal; determine that malware has not compromised the signature creation algorithm associated with the created unique signature, in response to receiving the user transaction trigger from the transaction terminal, the determining comprising; monitoring whether any application or system has accessed the hardware profile of the mobile device; and determining that the signature creation algorithm has not been compromised based on (i) determining that the hardware profile was not accessed by any application or system, or (ii) determining that the application or system that accessed the hardware profile was authorized to access the hardware profile; wherein the executable instructions further cause the processor to create a key, based on the unique signature, in response to determining that the signature creation algorithm has not been compromised; initiate, on the display, a presentation of the key associated with the unique signature; receive user input entered in response to the user viewing the key; determine that the received user input matches the created key; and transmit, via an operative communication channel between the mobile device and the transaction terminal, a notification to the transaction terminal associated with the user transaction trigger, the notification indicating successful authentication of the user when the received user input matches that created key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer readable storage medium comprising computer readable program code, wherein the computer readable program code is for providing authentication using a device hardware signature associated with a mobile device, whereby presence of malware may be detected prior to payment information being compromised, wherein the computer readable program code when executed by a processor is structured to cause the processor to:
-
create a unique signature based at least in part on a hardware profile of the mobile device, wherein; the hardware profile of the mobile device comprises; first information identifying a first part of the mobile device; second information identifying a second part of the mobile device; third information identifying the mobile device; and fourth information corresponding to a software execution pattern, wherein the fourth information is determined based on monitoring authorized software programs and applications of the mobile device; creating the unique signature further comprises; obtaining fifth information related to a current time and/or a current date; and combining at least a portion of the hardware profile of the mobile device and the fifth information to create the unique signature; receive, at the mobile device, a user transaction trigger from a transaction terminal; determine that malware has not compromised the signature creation algorithm associated with the created unique signature, in response to receiving the user transaction trigger at the mobile device from the transaction terminal, the determining comprising; monitoring whether any application or system has accessed the hardware profile of the mobile device; and determining that the signature creation algorithm has not been compromised based on (i) determining that the hardware profile was not accessed by any application or system, or (ii) determining that the application or system that accessed the hardware profile was authorized to access the hardware profile; create a key based on the unique signature in response to determining that the signature creation algorithm has not been compromised; initiate, on a display associated with the mobile device, a presentation of the key associated with the unique signature; receive user input entered in response to the user viewing the key, wherein the key is different from the unique signature; determine that the received user input matches the created key; and transmit, via an operative communication channel between the mobile device and the transaction terminal, a notification to the transaction terminal associated with the user transaction trigger, the notification indicating successful authentication of the user when the received user input matches that created key. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer-implemented method for providing payment authentication using a device hardware signature associated with a mobile device, whereby presence of malware may be detected prior to payment information being compromised, the method comprising:
-
creating, using a computing device processor, a unique signature based at least in part on a hardware profile of the mobile device, wherein; the hardware profile of the mobile device comprises; first information identifying a first part of the mobile device; second information identifying a second part of the mobile device; third information identifying the mobile device; and fourth information corresponding to a software execution pattern, wherein the fourth information is determined based on monitoring authorized software programs and applications of the mobile device; creating the unique signature further comprises; obtaining fifth information related to a current time and/or a current date; and combining at least a portion of the hardware profile of the mobile device and the fifth information to create the unique signature; receive, at the mobile device, a user transaction trigger from a transaction terminal; determining that malware has not compromised the signature creation algorithm associated with the created unique signature, in response to receiving the user transaction trigger from the transaction terminal, the determining comprising; monitoring whether any application or system has accessed the hardware profile of the mobile device; determining that the signature creation algorithm has not been compromised based on (i) determining that the hardware profile was not accessed by any application or system, or (ii) determining that the application or system that accessed the hardware profile was authorized to access the hardware profile; creating, using a computing device processor, a key based on the unique signature, in response to determining that the signature creation algorithm has not been compromised; initiating, using a computing device processor, on a display associated with the mobile device, a presentation of the key associated with the unique signature; receiving, using a computing device processor, user input entered in response to the user viewing the key; and determining, using a computing device processor, that the received user input matches the created key; and transmitting, via an operative communication channel between the mobile device and the transaction terminal, a notification to the transaction terminal associated with the user transaction trigger, the notification indicating successful authentication of the user when the received user input matches that created key; wherein the user transaction trigger is transmitted by the transaction terminal when the user is within a predetermined proximity of a transaction terminal. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification