Method and system for secure transactions

US 9,852,426 B2
Filed: 12/23/2014
Issued: 12/26/2017
Est. Priority Date: 02/20/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for authenticating a payment transaction, the method performed by computer-readable instructions executed by a processor, the computer implemented method comprising the steps of:

receiving, at a secure payment computing device, a payment account number associated with the payment transaction;

determining, by the secure payment computing device using a database table, a registered mobile device identifier associated with the payment account number;

sending an authentication request from the secure payment computing device to a registered mobile device associated with the registered mobile device identifier;

receiving, at the secure payment computing device from the registered mobile device, an authentication response, the authentication response comprising a token indicating that a registered user has approved the payment transaction using a combination of a PIN number and one or more fingerprint biometric factors the one or more fingerprint biometric factors captured contemporaneously when the registered user touches numeric positions on a user interface of the registered mobile device, the fingerprint biometric factors received by a biometric signal handler of the registered mobile device and validated on the mobile device by comparing the one or more fingerprint biometric factors to previously registered fingerprint biometric factors stored on a file system or secure element of the mobile device, wherein a first number of the PIN and a first fingerprint biometric factor are captured when the registered user'"'"'s first finger touches a first numeric position of the user interface, and a second number of the PIN and a second fingerprint biometric factor are captured when the registered user'"'"'s second finger touches a second numeric position of the user interface;

andapproving the transaction based on the token received at the secure payment computing device matching a token previously stored at the secure payment computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention relates to systems and methods for authenticating transactions using a mobile device based primarily on the introduction of a layer of middleware and wherein the Payment Networks, Merchants, Issuing Banks, Credit Reporting Bureaus, Insurance Companies, Healthcare Providers may customize the implementation of the services based on individual strategy and consumer preferences.

92 Citations

View as Search Results

30 Claims

1. A computer-implemented method for authenticating a payment transaction, the method performed by computer-readable instructions executed by a processor, the computer implemented method comprising the steps of:
- receiving, at a secure payment computing device, a payment account number associated with the payment transaction;
  
  determining, by the secure payment computing device using a database table, a registered mobile device identifier associated with the payment account number;
  
  sending an authentication request from the secure payment computing device to a registered mobile device associated with the registered mobile device identifier;
  
  receiving, at the secure payment computing device from the registered mobile device, an authentication response, the authentication response comprising a token indicating that a registered user has approved the payment transaction using a combination of a PIN number and one or more fingerprint biometric factors the one or more fingerprint biometric factors captured contemporaneously when the registered user touches numeric positions on a user interface of the registered mobile device, the fingerprint biometric factors received by a biometric signal handler of the registered mobile device and validated on the mobile device by comparing the one or more fingerprint biometric factors to previously registered fingerprint biometric factors stored on a file system or secure element of the mobile device, wherein a first number of the PIN and a first fingerprint biometric factor are captured when the registered user'"'"'s first finger touches a first numeric position of the user interface, and a second number of the PIN and a second fingerprint biometric factor are captured when the registered user'"'"'s second finger touches a second numeric position of the user interface;
  
  andapproving the transaction based on the token received at the secure payment computing device matching a token previously stored at the secure payment computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein the database table comprises registered mobile device identifiers, rules, and settings that establish a criteria used in authenticating the payment transaction, wherein the criteria includes a prescribed PIN biometric correlation sequence.
  - 3. The computer-implemented method of claim 1, wherein the token is derived from a secure element of the registered mobile device.
  - 4. The computer-implemented method of claim 1, wherein the payment transaction is one of an ATM, POS and ecommerce transaction.
  - 5. The computer-implemented method of claim 1, wherein the payment account number is associated with one of a credit account, a debit account, a gift card account, a stored value account, or a bitcoin account.
  - 6. The computer-implemented method of claim 1, wherein the payment transaction is divided by the secure payment computing device into multiple payment transactions, each payment transaction comprising an account number based on one or more of a merchant location, an SIC code, and a product UPC code.
  - 7. The computer-implemented method of claim 1, wherein the payment account number is derived dynamically using a random seed value, sequence number, and defined algorithms securely stored on the registered mobile device.

8. A non-transitory computer-readable medium comprising instructions that when executed by a processor authenticate a payment transaction, the instructions comprising the steps of:
- receiving an authentication request at a registered mobile device from a secure payment computing device, the secure payment computing device having determined a registered mobile device identifier associated with a payment account number included with the payment transaction;
  
  transmitting, from the registered mobile device, an authentication response, the authentication response comprising a token indicating that a registered user has approved the payment transaction using a combination of a PIN number and one or more biometric factors the one or more biometric factors captured contemporaneously when the registered user touches numeric positions on a user interface of the registered mobile device, the biometric factors received by a biometric signal handler of the registered mobile device and validated on the mobile device by comparing the one or more biometric factors to previously registered biometric factors stored on a file system or secure element of the mobile device, wherein a first number of the PIN and a first biometric factor are captured when the registered user'"'"'s first finger touches a first numeric position of the user interface, and a second number of the PIN and a second biometric factor are captured when the registered user'"'"'s second finger touches a second numeric position of the user interface; and
  
  wherein the secure payment computing device approves the transaction based on the token received from the registered mobile device matching a token previously stored on the secure payment computing device.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 29, 30)
- - 9. The non-transitory computer-readable medium of claim 8, wherein the information stored in a database table at the secure payment computing device comprises registered mobile device identifiers, rules, and settings that establish a criteria used in authenticating the payment transaction, wherein the criteria includes a prescribed PIN biometric correlation sequence.
  - 10. The non-transitory computer-readable medium of claim 8, wherein as biometric factors are received by the biometric signal handler, the biometric factors are encrypted and stored in an encrypted biometric data file system within the registered mobile device.
  - 11. The non-transitory computer-readable medium of claim 8, wherein the payment transaction is one of an ATM, POS, and e-commerce transaction.
  - 12. The non-transitory computer-readable medium of claim 8, wherein the payment account number is associated with one of a credit account, a debit account, a gift card account, a stored value account, and a bitcoin account.
  - 13. The non-transitory computer-readable medium of claim 8, wherein the payment transaction is divided by the secure payment computing device into multiple payment transactions, each payment transaction comprising an account number based on one or more of a merchant location, an SIC code, and a product UPC code.
  - 14. The non-transitory computer-readable medium of claim 8, wherein the registered mobile device is operable to receive a biometric data request message from a remote server, wherein responsive to the biometric data request message, a biometric data handler module reads encrypted biometric data within an encrypted biometric data file system and retrieves, aggregates, and transmits biometric data to the remote server in accordance with authentication requirements.
  - 15. The non-transitory computer-readable medium of claim 8, wherein the biometric signal handler is further operable to receive and securely store biometric data received from one or more connected devices.
  - 16. The non-transitory computer-readable medium of claim 15, wherein the one or more connected devices comprise a biometric ring operable to collect and transmit body temperature data to the registered mobile device.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the one or more connected devices comprise a biometric eyeglass operable to collect and transmit iris scan data to the registered mobile device.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the one or more connected devices comprise a biometric watch operable to collect and transmit heart rate data to the registered mobile device.
  - 29. The non-transitory computer-readable medium of claim 8, wherein the token previously stored on the secure payment computing device is associated with the one or more biometric factors.
  - 30. The non-transitory computer-readable medium of claim 8, wherein the token previously stored on the secure payment computing device is associated with one of the mobile device, a payment account number, or a PIN.

19. A system for authenticating a payment transaction, the system comprising a secure payment computing device in communication via one or more communication links with one or more payment networks, one or more payment acquirers, and one or more payment issuers, the system further comprising computer-readable instructions that when executed by a processor are operable to perform the steps of:
- receiving, at the secure payment computing device, a payment account number associated with the payment transaction;
  
  determining, by the secure payment computing device using a database table,a registered mobile device identifier associated with the payment account number;
  
  sending an authentication request from the secure payment computing device to a registered mobile device associated with the registered mobile device identifier;
  
  receiving, at the secure payment computing device from the registered mobile device, an authentication response, the authentication response comprising a token indicating that a registered user has approved the payment transaction using a combination of a PIN number and one or more fingerprint biometric factors, the PIN and the one or more fingerprint biometric factors captured contemporaneously when the registered user touches numeric positions on a user interface of the registered mobile device, the fingerprint biometric factors received by a biometric signal handler of the registered mobile device and compared to previously registered and securely stored fingerprint biometric factors stored on the registered mobile device, wherein a first number of the PIN and a first fingerprint biometric factor are captured when the registered user'"'"'s first finger touches a first numeric position of the user interface, and a second number of the PIN and a second fingerprint biometric factor are captured when the registered user'"'"'s second finger touches a second numeric position of the user interface;
  
  andapproving the transaction based on the token received at the secure payment computing device matching a token previously stored on the secure payment computing device.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 20. The system of claim 19, wherein the database table comprises registered mobile device identifiers, rules, and settings that establish a criteria used in authenticating a payment transaction, wherein the criteria includes a prescribed PIN biometric correlation sequence.
  - 21. The system of claim 19, wherein as fingerprint biometric factors are data is received by the biometric signal handler, the fingerprint biometric factors are is encrypted and stored in an encrypted biometric data file system within the registered mobile device.
  - 22. The system of claim 19, wherein the payment transaction is one of an ATM, POS, and e-commerce transaction.
  - 23. The system of claim 19, wherein the payment account is associated with one of a credit account, a debit account, a gift card account, a stored value account, or a bitcoin account.
  - 24. The system of claim 19, wherein the registered mobile device is operable to receive a biometric data request message from a remote server, wherein responsive to the biometric data request message, a biometric data handler module reads encrypted biometric data within an encrypted biometric data file system and retrieves, aggregates, and transmits biometric data to the remote server in accordance with authentication requirements.
  - 25. The system of claim 19, wherein the biometric signal handler is further operable to receive and securely store biometric data received from one or more connected devices.
  - 26. The system of claim 25, wherein the one or more connected devices comprise a biometric ring operable to collect and transmit body temperature data to the registered mobile device.
  - 27. The system of claim 25, wherein the one or more connected devices comprise a biometric eyeglass operable to collect and transmit iris scan data to the registered mobile device.
  - 28. The system of claim 25, wherein the one or more connected devices comprise a biometric watch operable to collect and transmit heart rate data to the registered mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stripe, Inc.
Original Assignee
Collective Dynamics LLC
Inventors
Bacastow, Steven V.
Primary Examiner(s)
Glass, Shay S
Assistant Examiner(s)
Glass, Russell S

Application Number

US14/581,471
Publication Number

US 20150154597A1
Time in Patent Office

1,099 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/027   involving a payment switch ...

G06Q 20/26   Debit schemes, e.g. "pay now"

G06Q 20/321   using wearable devices

G06Q 20/322   Aspects of commerce using m...

G06Q 20/356   Aspects of software for car...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/405   Establishing or using trans...

G06Q 20/425   using two different network...

G07F 9/001   Interfacing with vending ma...

Method and system for secure transactions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

92 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure transactions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links