Tool for creating a system hardware signature for payment authentication

US 9,824,356 B2
Filed: 08/12/2014
Issued: 11/21/2017
Est. Priority Date: 08/12/2014
Status: Active Grant

First Claim

Patent Images

1. A mobile device configured for transaction authentication using a device hardware signature, whereby presence of malware may be detected prior to payment information being compromised, the mobile device comprising:

a processor, a display; and

a memory storing computer executable instructions that when executed by the processor cause the processor to;

create a unique signature, using a signature creation algorithm and based at least in part on a hardware profile of the mobile device, wherein;

the hardware profile of the mobile device comprises;

first information identifying a first part of the mobile device;

second information identifying a second part of the mobile device;

third information identifying the mobile device; and

fourth information corresponding to a software execution pattern, wherein the fourth information is determined based on monitoring authorized software programs and applications of the mobile device;

creating the unique signature further comprises;

obtaining fifth information related to a current time and/or a current date; and

combining at least a portion of the hardware profile of the mobile device and the fifth information to create the unique signature;

receive, at the mobile device, a user transaction trigger from a transaction terminal;

determine that malware has not compromised the signature creation algorithm associated with the created unique signature, in response to receiving the user transaction trigger from the transaction terminal, the determining comprising;

monitoring whether any application or system has accessed the hardware profile of the mobile device; and

determining that the signature creation algorithm has not been compromised based on (i) determining that the hardware profile was not accessed by any application or system, or (ii) determining that the application or system that accessed the hardware profile was authorized to access the hardware profile;

wherein the executable instructions further cause the processor to create a key, based on the unique signature, in response to determining that the signature creation algorithm has not been compromised;

initiate, on the display, a presentation of the key associated with the unique signature;

receive user input entered in response to the user viewing the key;

determine that the received user input matches the created key; and

transmit, via an operative communication channel between the mobile device and the transaction terminal, a notification to the transaction terminal associated with the user transaction trigger, the notification indicating successful authentication of the user when the received user input matches that created key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide a method a authenticating a transaction at the point of transaction. In some embodiments of the invention, a unique signature is created based at least in part on a hardware profile of the system. In some embodiments, a request is received from a user to perform a transaction using the system. In some embodiments, in response to receiving the request a key is created based on the unique signature and displayed to the user. In some embodiments, user input entered in response to the user viewing the key is received and it is determined whether to proceed with transaction payment authentication based at least on whether the received user input matches the created key.

30 Citations

View as Search Results

17 Claims

1. A mobile device configured for transaction authentication using a device hardware signature, whereby presence of malware may be detected prior to payment information being compromised, the mobile device comprising:
- a processor, a display; and
  
  a memory storing computer executable instructions that when executed by the processor cause the processor to;
  
  create a unique signature, using a signature creation algorithm and based at least in part on a hardware profile of the mobile device, wherein;
  
  the hardware profile of the mobile device comprises;
  
  first information identifying a first part of the mobile device;
  
  second information identifying a second part of the mobile device;
  
  third information identifying the mobile device; and
  
  fourth information corresponding to a software execution pattern, wherein the fourth information is determined based on monitoring authorized software programs and applications of the mobile device;
  
  creating the unique signature further comprises;
  
  obtaining fifth information related to a current time and/or a current date; and
  
  combining at least a portion of the hardware profile of the mobile device and the fifth information to create the unique signature;
  
  receive, at the mobile device, a user transaction trigger from a transaction terminal;
  
  determine that malware has not compromised the signature creation algorithm associated with the created unique signature, in response to receiving the user transaction trigger from the transaction terminal, the determining comprising;
  
  monitoring whether any application or system has accessed the hardware profile of the mobile device; and
  
  determining that the signature creation algorithm has not been compromised based on (i) determining that the hardware profile was not accessed by any application or system, or (ii) determining that the application or system that accessed the hardware profile was authorized to access the hardware profile;
  
  wherein the executable instructions further cause the processor to create a key, based on the unique signature, in response to determining that the signature creation algorithm has not been compromised;
  
  initiate, on the display, a presentation of the key associated with the unique signature;
  
  receive user input entered in response to the user viewing the key;
  
  determine that the received user input matches the created key; and
  
  transmit, via an operative communication channel between the mobile device and the transaction terminal, a notification to the transaction terminal associated with the user transaction trigger, the notification indicating successful authentication of the user when the received user input matches that created key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The mobile device of claim 1, wherein the software module comprises a unique signature software module configured to cause the processor to create the unique signature;
    - andwherein the unique signature software module is stored in the memory prior to creation of the unique signature and is protected, and thereby not writable, subsequent to being stored.
  - 3. The mobile device of claim 1, wherein determining comprises determining that the received user input does not match the created key, and in response, determining not to proceed with transaction payment authentication.
  - 4. The mobile device of claim 1, wherein determining whether malware has compromised the signature creation algorithm further comprises:
    - monitoring whether any application or system has accessed predetermined data stored in the memory of the mobile device;
      
      if so, determining whether the application or system that accessed the predetermined data was authorized to access the predetermined data;
      
      if so, determining that no malware has compromised the signature creation algorithm;
      
      if not, determining that malware has compromised the signature creation algorithm; and
      
      if not, determining that no malware has compromised the signature creation algorithm.
  - 5. The mobile device of claim 1, wherein determining whether malware has compromised the signature creation algorithm further comprises:
    - monitoring whether any application or system has accessed a predetermined application or algorithm stored in the memory of the mobile device;
      
      if so, determining whether the application or system that accessed the predetermined application or algorithm was authorized to access the predetermined application or algorithm;
      
      if so, determining that no malware has compromised the signature creation algorithm;
      
      if not, determining that malware has compromised the signature creation algorithm; and
      
      if not, determining that no malware has compromised the signature creation algorithm.
  - 6. The mobile device of claim 3, wherein the executable instructions when executed further cause the processor to:
    - determine that malware is present based at least on the received user input does not match the created key;
      
      initiate a malware presence communication, to the user and/or a second system, comprising an indication of the presence of malware on the mobile device; and
      
      initiate one or more remediation actions configured to mitigate an impact of the malware or eliminate the malware.

7. A non-transitory computer readable storage medium comprising computer readable program code, wherein the computer readable program code is for providing authentication using a device hardware signature associated with a mobile device, whereby presence of malware may be detected prior to payment information being compromised, wherein the computer readable program code when executed by a processor is structured to cause the processor to:
- create a unique signature based at least in part on a hardware profile of the mobile device, wherein;
  
  the hardware profile of the mobile device comprises;
  
  first information identifying a first part of the mobile device;
  
  second information identifying a second part of the mobile device;
  
  third information identifying the mobile device; and
  
  fourth information corresponding to a software execution pattern, wherein the fourth information is determined based on monitoring authorized software programs and applications of the mobile device;
  
  creating the unique signature further comprises;
  
  obtaining fifth information related to a current time and/or a current date; and
  
  combining at least a portion of the hardware profile of the mobile device and the fifth information to create the unique signature;
  
  receive, at the mobile device, a user transaction trigger from a transaction terminal;
  
  determine that malware has not compromised the signature creation algorithm associated with the created unique signature, in response to receiving the user transaction trigger at the mobile device from the transaction terminal, the determining comprising;
  
  monitoring whether any application or system has accessed the hardware profile of the mobile device; and
  
  determining that the signature creation algorithm has not been compromised based on (i) determining that the hardware profile was not accessed by any application or system, or (ii) determining that the application or system that accessed the hardware profile was authorized to access the hardware profile;
  
  create a key based on the unique signature in response to determining that the signature creation algorithm has not been compromised;
  
  initiate, on a display associated with the mobile device, a presentation of the key associated with the unique signature;
  
  receive user input entered in response to the user viewing the key, wherein the key is different from the unique signature;
  
  determine that the received user input matches the created key; and
  
  transmit, via an operative communication channel between the mobile device and the transaction terminal, a notification to the transaction terminal associated with the user transaction trigger, the notification indicating successful authentication of the user when the received user input matches that created key.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The non-transitory computer readable storage medium of claim 7, further comprising computer readable program code that when executed by a processor is configured to cause the processor to determine that the received user input does not match the created key, and in response, determining not to proceed with transaction payment authentication.
  - 9. The non-transitory computer readable storage medium of claim 7, further comprising computer readable program code that when executed by a processor is configured to cause the processor to:
    - determine that malware is present based at least on the received user input does not match the created key;
      
      initiate a malware presence communication, to the user and/or a second system, comprising an indication of the presence of malware on the mobile device;
      
      initiate one or more remediation actions configured to mitigate an impact of the malware or eliminate the malware.
  - 10. The non-transitory computer readable storage medium of claim 7, wherein determining whether malware has compromised the signature creation algorithm further comprises:
    - monitoring whether any application or system has accessed predetermined data stored in the memory of the mobile device;
      
      if so, determining whether the application or system that accessed the predetermined data was authorized to access the predetermined data;
      
      if so, determining that no malware has compromised the signature creation algorithm;
      
      if not, determining that malware has compromised the signature creation algorithm; and
      
      if not, determining that no malware has compromised the signature creation algorithm.
  - 11. The non-transitory computer readable storage medium of claim 7, wherein determining whether malware has compromised the signature creation algorithm further comprises:
    - monitoring whether any application or system has accessed a predetermined application or algorithm stored in the memory of the mobile device;
      
      if so, determining whether the application or system that accessed the predetermined application or algorithm was authorized to access the predetermined application or algorithm;
      
      if so, determining that no malware has compromised the signature creation algorithm;
      
      if not, determining that malware has compromised the signature creation algorithm; and
      
      if not, determining that no malware has compromised the signature creation algorithm.

12. A computer-implemented method for providing payment authentication using a device hardware signature associated with a mobile device, whereby presence of malware may be detected prior to payment information being compromised, the method comprising:
- creating, using a computing device processor, a unique signature based at least in part on a hardware profile of the mobile device, wherein;
  
  the hardware profile of the mobile device comprises;
  
  first information identifying a first part of the mobile device;
  
  second information identifying a second part of the mobile device;
  
  third information identifying the mobile device; and
  
  fourth information corresponding to a software execution pattern, wherein the fourth information is determined based on monitoring authorized software programs and applications of the mobile device;
  
  creating the unique signature further comprises;
  
  obtaining fifth information related to a current time and/or a current date; and
  
  combining at least a portion of the hardware profile of the mobile device and the fifth information to create the unique signature;
  
  receive, at the mobile device, a user transaction trigger from a transaction terminal;
  
  determining that malware has not compromised the signature creation algorithm associated with the created unique signature, in response to receiving the user transaction trigger from the transaction terminal, the determining comprising;
  
  monitoring whether any application or system has accessed the hardware profile of the mobile device;
  
  determining that the signature creation algorithm has not been compromised based on (i) determining that the hardware profile was not accessed by any application or system, or (ii) determining that the application or system that accessed the hardware profile was authorized to access the hardware profile;
  
  creating, using a computing device processor, a key based on the unique signature, in response to determining that the signature creation algorithm has not been compromised;
  
  initiating, using a computing device processor, on a display associated with the mobile device, a presentation of the key associated with the unique signature;
  
  receiving, using a computing device processor, user input entered in response to the user viewing the key; and
  
  determining, using a computing device processor, that the received user input matches the created key; and
  
  transmitting, via an operative communication channel between the mobile device and the transaction terminal, a notification to the transaction terminal associated with the user transaction trigger, the notification indicating successful authentication of the user when the received user input matches that created key;
  
  wherein the user transaction trigger is transmitted by the transaction terminal when the user is within a predetermined proximity of a transaction terminal.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, wherein the unique signature creation algorithm is stored in the memory prior to creation of the unique signature and is protected, and thereby not writable, subsequent to being stored.
  - 14. The method of claim 12, wherein determining comprises determining that the received user input does not match the created key, and in response, determining not to proceed with transaction payment authentication.
  - 15. The method of claim 12, wherein the method further comprises:
    - determining that malware is present based at least on the received user input does not match the created key;
      
      initiating a malware presence communication, to the user and/or a second system, comprising an indication of the presence of malware on the mobile device; and
      
      initiating one or more remediation actions configured to mitigate an impact of the malware or eliminate the malware.
  - 16. The method of claim 12, wherein determining whether malware has compromised the signature creation algorithm further comprises:
    - monitoring whether any application or system has accessed predetermined data stored in the memory of the mobile device;
      
      if so, determining whether the application or system that accessed the predetermined data was authorized to access the predetermined data;
      
      if so, determining that no malware has compromised the signature creation algorithm;
      
      if not, determining that malware has compromised the signature creation algorithm; and
      
      if not, determining that no malware has compromised the signature creation algorithm.
  - 17. The method of claim 12, wherein determining whether malware has compromised the signature creation algorithm further comprises:
    - monitoring whether any application or system has accessed a predetermined application or algorithm stored in the memory of the mobile device;
      
      if so, determining whether the application or system that accessed the predetermined application or algorithm was authorized to access the predetermined application or algorithm;
      
      if so, determining that no malware has compromised the signature creation algorithm;
      
      if not, determining that malware has compromised the signature creation algorithm; and
      
      if not, determining that no malware has compromised the signature creation algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Kurian, Manu Jacob
Primary Examiner(s)
AGWUMEZIE, CHINEDU CHARLES

Application Number

US14/458,031
Publication Number

US 20160048834A1
Time in Patent Office

1,197 Days
Field of Search

705 67
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/56   Computer malware detection ...

G06Q 20/3227   using secure elements embed...

G06Q 20/3674   involving authentication

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/4016   involving fraud or risk lev...

Tool for creating a system hardware signature for payment authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Tool for creating a system hardware signature for payment authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links