Secure identity authentication in an electronic transaction
First Claim
1. A method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of:
- a computer converting (1) a request for a biometric identifier or (2) a security question to a first complete Quick Response (QR) code;
based on information that specifies attributes of (1) the user and (2) a request from a mobile device of the user to initiate the electronic transaction, the computer disassembling the first complete QR code into first and second portions of the first complete QR code;
the computer sending to the mobile device the first portion of the first complete QR code, but not the second portion of the first complete QR code;
in response to a receipt by the mobile device of the biometric identifier or an answer to the security question, a conversion of the biometric identifier or the answer to the security question to a second complete QR code, and a disassembly of the second complete QR code into first and second portions of the second complete QR code, the computer reassembling the second complete QR code;
the computer determining whether the biometric identifier or the answer to the security question converted to the second complete QR code matches a record in a data repository that includes biometric identifiers or answers to security questions; and
if the biometric identifier or the answer to the security question converted to the second complete QR code matches the record in the data repository, the computer authorizing the electronic transaction or if the biometric identifier or the answer to the security question converted to the second complete QR code does not match any record in the data repository, the computer indicating the electronic transaction is not authorized.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach is provided for securely authenticating an identity of a user participating in an electronic transaction. A request for a biometric identifier/security question is converted to a first Quick Response (QR) code. Based on user attributes and a request from the user'"'"'s mobile device to a computer to initiate the transaction, the first QR code is disassembled into first and second portions. The first portion, but not the second portion, is sent to the mobile device. Responsive to the mobile device receiving and converting the biometric identifier/answer to the security question to a second QR code, and disassembling the second QR code into first and second portions, the second QR code is reassembled. The transaction is authorized based on whether the biometric identifier/answer matches a data repository record.
-
Citations
16 Claims
-
1. A method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of:
-
a computer converting (1) a request for a biometric identifier or (2) a security question to a first complete Quick Response (QR) code; based on information that specifies attributes of (1) the user and (2) a request from a mobile device of the user to initiate the electronic transaction, the computer disassembling the first complete QR code into first and second portions of the first complete QR code; the computer sending to the mobile device the first portion of the first complete QR code, but not the second portion of the first complete QR code; in response to a receipt by the mobile device of the biometric identifier or an answer to the security question, a conversion of the biometric identifier or the answer to the security question to a second complete QR code, and a disassembly of the second complete QR code into first and second portions of the second complete QR code, the computer reassembling the second complete QR code; the computer determining whether the biometric identifier or the answer to the security question converted to the second complete QR code matches a record in a data repository that includes biometric identifiers or answers to security questions; and if the biometric identifier or the answer to the security question converted to the second complete QR code matches the record in the data repository, the computer authorizing the electronic transaction or if the biometric identifier or the answer to the security question converted to the second complete QR code does not match any record in the data repository, the computer indicating the electronic transaction is not authorized. - View Dependent Claims (2, 3, 4, 5, 6, 13, 14, 15, 16)
-
-
7. A computer program product, comprising:
-
a computer readable storage medium; and a computer readable program code stored in the computer readable storage medium, the computer readable program code containing instructions that are executed by a central processing unit (CPU) of a computer system to implement a method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of; the computer system converting (1) a request for a biometric identifier or (2) a security question to a first complete Quick Response (QR) code; based on information that specifies attributes of (1) the user and (2) a request from a mobile device of the user to initiate the electronic transaction, the computer system disassembling the first complete QR code into first and second portions of the first complete QR code; the computer system sending to the mobile device the first portion of the first complete QR code, but not the second portion of the first complete QR code; in response to a receipt by the mobile device of the biometric identifier or an answer to the security question, a conversion of the biometric identifier or the answer to the security question to a second complete QR code, and a disassembly of the second complete QR code into first and second portions of the second complete QR code, the computer system reassembling the second complete QR code; the computer system determining whether the biometric identifier or the answer to the security question converted to the second complete QR code matches a record in a data repository that includes biometric identifiers or answers to security questions; and if the biometric identifier or the answer to the security question converted to the second complete QR code matches the record in the data repository, the computer system authorizing the electronic transaction or if the biometric identifier or the answer to the security question converted to the second complete QR code does not match any record in the data repository, the computer system indicating the electronic transaction is not authorized. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer system comprising:
-
a central processing unit (CPU); a memory coupled to the CPU; and a computer readable storage device coupled to the CPU, the storage device containing instructions that are executed by the CPU via the memory to implement a method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of; the computer system converting (1) a request for a biometric identifier or (2) a security question to a first complete Quick Response (QR) code; based on information that specifies attributes of (1) the user and (2) a request from a mobile device of the user to initiate the electronic transaction, the computer system disassembling the first complete QR code into first and second portions of the first complete QR code; the computer system sending to the mobile device the first portion of the first complete QR code, but not the second portion of the first complete QR code; in response to a receipt by the mobile device of the biometric identifier or an answer to the security question, a conversion of the biometric identifier or the answer to the security question to a second complete QR code, and a disassembly of the second complete QR code into first and second portions of the second complete QR code, the computer system reassembling the second complete QR code; the computer system determining whether the biometric identifier or the answer to the security question converted to the second complete QR code matches a record in a data repository that includes biometric identifiers or answers to security questions; and if the biometric identifier or the answer to the security question converted to the second complete QR code matches the record in the data repository, the computer system authorizing the electronic transaction or if the biometric identifier or the answer to the security question converted to the second complete QR code does not match any record in the data repository, the computer system indicating the electronic transaction is not authorized.
-
Specification