System and method for secure transaction process via mobile device

US 9,886,688 B2
Filed: 08/26/2012
Issued: 02/06/2018
Est. Priority Date: 08/31/2011
Status: Active Grant

First Claim

Patent Images

1. An electronic user device enabling secure user authentication, the electronic user device comprising:

a user device processor, a user device memory, a security control, and a secure element,the security control storing an encryption key and security control instructions, the security control instructions when executed by the security control cause the security control to receive output of a peripheral device and operate in a secure mode to;

produce an encrypted output of the peripheral device by encrypting the output of the peripheral device based on the encryption key; and

transmit the encrypted output of the peripheral device to the user device processor,the user device memory storing user device processor instructions, the user device processor instructions when executed by the user device processor cause the user device processor to transfer the encrypted output of the peripheral device to the secure element,the secure element storing a decryption key corresponding to the encryption key, the secure element further storing secure element instructions, the secure element instructions when executed by the secure element cause the secure element to;

decrypt the encrypted output of the peripheral device based on the decryption key to thereby obtain the output of the peripheral;

validate the output of the peripheral device; and

send to the user device processor data representing validation of the output of the peripheral device.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure element with a user security domain thereon, the user security domain constituted of: a security domain control circuitry; an encoder/decoder functionality responsive to the security domain control circuitry; and a secured keys storage in communication with the security domain control circuitry, the encoder/decoder functionality arranged to: encode data responsive to at least one first key stored on the secured keys storage, and output an encoded data; and decode received data responsive to at least one second key stored on the secured keys storage, and output a decoded data.

136 Citations

19 Claims

1. An electronic user device enabling secure user authentication, the electronic user device comprising:
- a user device processor, a user device memory, a security control, and a secure element,the security control storing an encryption key and security control instructions, the security control instructions when executed by the security control cause the security control to receive output of a peripheral device and operate in a secure mode to;
  
  produce an encrypted output of the peripheral device by encrypting the output of the peripheral device based on the encryption key; and
  
  transmit the encrypted output of the peripheral device to the user device processor,the user device memory storing user device processor instructions, the user device processor instructions when executed by the user device processor cause the user device processor to transfer the encrypted output of the peripheral device to the secure element,the secure element storing a decryption key corresponding to the encryption key, the secure element further storing secure element instructions, the secure element instructions when executed by the secure element cause the secure element to;
  
  decrypt the encrypted output of the peripheral device based on the decryption key to thereby obtain the output of the peripheral;
  
  validate the output of the peripheral device; and
  
  send to the user device processor data representing validation of the output of the peripheral device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The electronic user device of claim 1, wherein the peripheral device is a fingerprint reader.
  - 3. The electronic user device of claim 1, wherein the peripheral device includes at least one of:
    - a keypad;
      
      a secure keypad;
      
      a virtual keypad;
      
      a camera;
      
      a near field communications (NFC) device;
      
      a modem;
      
      a fingerprint reader;
      
      or a voice recorder.
  - 4. The electronic user device of claim 1, wherein the secure mode is a first mode, the security control instructions when executed cause the security control to transmit the output of the peripheral device in an unencrypted form to the user device processor responsive to the security control being in a second mode and not the first mode.
  - 5. The electronic user device of claim 4, wherein the user device processor instructions when executed by the user device processor cause the user device processor to set the security control to operate in the first mode or the second mode.
  - 6. The electronic user device of claim 4, wherein the secure element instructions when executed by the secure element cause the secure element to set the security control to operate in the first mode or the second mode.
  - 7. The electronic user device of claim 4, further comprising an indicator that indicates that the security control is operating in the first mode in response to the security control is operating in the first mode.
  - 8. The electronic user device of claim 1, wherein the secure element further stores validation information, the secure element instructions when executed by the secure element cause the secure element to validate the output of the peripheral device based on the validation information.
  - 9. The electronic user device of claim 1, wherein the secure element, security control, user device processor, and user device memory are within a mobile communication device.
  - 10. The electronic user device of claim 1, wherein the decryption key is inaccessible by the user device processor.

11. A method for enabling secure user authentication, comprising:
- at a security control and in response to when the security control is operating in a secure mode;
  
  receiving output of a peripheral device;
  
  producing an encrypted output of the peripheral device by encrypting the output of the peripheral device based on an encryption key; and
  
  transmitting the encrypted output of the peripheral device to a user device processor in communication with the security control;
  
  at a secure element;
  
  receiving from the user device processor the encrypted output of the peripheral device;
  
  obtaining the output of the peripheral device by decrypting the encrypted output of the peripheral device based on a decryption key stored at the secure element, the decryption key corresponding to the encryption key;
  
  validating the output of the peripheral device; and
  
  sending to the user device processor data representing validation of the output of the peripheral device.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein the secure mode is a first mode, the method further comprising, at the security control and responsive to the security control operating in a second mode, transmitting the output of the peripheral device to the user device processor in an unencrypted form.
  - 13. The method of claim 12, further comprising, at the user device processor, setting the security control to operate in the first mode or the second mode.
  - 14. The method of claim 12, further comprising, at the secure element, setting the security control to operate in the first mode or the second mode.
  - 15. The method of claim 12, further comprising indicating, at the secure element, that the security control is operating in the first mode in response to the security control operating in the first mode.
  - 16. The method of claim 11, wherein:
    - the validating the output of the peripheral device at the secure element includes validating the output of the peripheral device based on validation information stored at a memory of the secure element.
  - 17. The method of claim 11, wherein the decryption key is inaccessible by the user device processor.

18. A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the code comprising code to cause the processor to:
- receive, at a secure element, encrypted data from a security control via a user device processor in response to the security control receiving an output from a peripheral device and producing the encrypted data based on an encryption key;
  
  obtain the output of the peripheral device by decrypting the encrypted data based on a decryption key stored at the secure element and corresponding to the encryption key;
  
  validate the obtained output of the peripheral device; and
  
  send to the user device processor data representing validation of the output of the peripheral device.
- View Dependent Claims (19)
- - 19. The non-transitory processor-readable medium of claim 18, wherein the decryption key is inaccessible by the user device processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ping Identity Corporation
Original Assignee
Ping Identity Corporation
Inventors
Weiner, Avish Jacob, Ne'man, Ran, Ben-Shemen, Shmuel
Primary Examiner(s)
Nigh, James D
Assistant Examiner(s)
Neubig, Margaret

Application Number

US14/240,395
Publication Number

US 20140214688A1
Time in Patent Office

1,990 Days
Field of Search

705 50- 79, 705 44, 705 17, 455550
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06Q 20/3227   using secure elements embed...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/3829   involving key management

G07F 7/1016   Devices or methods for secu...

System and method for secure transaction process via mobile device

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

136 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure transaction process via mobile device

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links