Secure identity authentication in an electronic transaction

US 9,892,404 B2
Filed: 05/31/2017
Issued: 02/13/2018
Est. Priority Date: 01/15/2015
Status: Active Grant

First Claim

Patent Images

1. A method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of:

a computer converting (1) a request for a biometric identifier or (2) a security question to a first complete Quick Response (QR) code;

based on information that specifies attributes of (1) the user and (2) a request from a mobile device of the user to initiate the electronic transaction, the computer disassembling the first complete QR code into first and second portions of the first complete QR code;

the computer sending to the mobile device the first portion of the first complete QR code, but not the second portion of the first complete QR code;

in response to a receipt by the mobile device of the biometric identifier or an answer to the security question, a conversion of the biometric identifier or the answer to the security question to a second complete QR code, and a disassembly of the second complete QR code into first and second portions of the second complete QR code, the computer reassembling the second complete QR code;

the computer determining whether the biometric identifier or the answer to the security question converted to the second complete QR code matches a record in a data repository that includes biometric identifiers or answers to security questions; and

if the biometric identifier or the answer to the security question converted to the second complete QR code matches the record in the data repository, the computer authorizing the electronic transaction or if the biometric identifier or the answer to the security question converted to the second complete QR code does not match any record in the data repository, the computer indicating the electronic transaction is not authorized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for securely authenticating an identity of a user participating in an electronic transaction. A request for a biometric identifier/security question is converted to a first Quick Response (QR) code. Based on user attributes and a request from the user'"'"'s mobile device to a computer to initiate the transaction, the first QR code is disassembled into first and second portions. The first portion, but not the second portion, is sent to the mobile device. Responsive to the mobile device receiving and converting the biometric identifier/answer to the security question to a second QR code, and disassembling the second QR code into first and second portions, the second QR code is reassembled. The transaction is authorized based on whether the biometric identifier/answer matches a data repository record.

Citations

16 Claims

1. A method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of:
- a computer converting (1) a request for a biometric identifier or (2) a security question to a first complete Quick Response (QR) code;
  
  based on information that specifies attributes of (1) the user and (2) a request from a mobile device of the user to initiate the electronic transaction, the computer disassembling the first complete QR code into first and second portions of the first complete QR code;
  
  the computer sending to the mobile device the first portion of the first complete QR code, but not the second portion of the first complete QR code;
  
  in response to a receipt by the mobile device of the biometric identifier or an answer to the security question, a conversion of the biometric identifier or the answer to the security question to a second complete QR code, and a disassembly of the second complete QR code into first and second portions of the second complete QR code, the computer reassembling the second complete QR code;
  
  the computer determining whether the biometric identifier or the answer to the security question converted to the second complete QR code matches a record in a data repository that includes biometric identifiers or answers to security questions; and
  
  if the biometric identifier or the answer to the security question converted to the second complete QR code matches the record in the data repository, the computer authorizing the electronic transaction or if the biometric identifier or the answer to the security question converted to the second complete QR code does not match any record in the data repository, the computer indicating the electronic transaction is not authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the step of reassembling the second complete QR code is performed in response to:
    - the mobile device generating a plurality of initial potential QR codes of a plurality of requests for biometric identifiers or a plurality of security questions;
      
      the mobile device deleting portions of the respective initial potential QR codes by employing a QR code disassembly algorithm and the information that specifies the attributes of the user and the request, each of the deleted portions matching a shape of the first portion of the first complete QR code;
      
      the mobile device generating new potential QR codes by filling in the deleted portions with the first portion of the first complete QR code;
      
      the mobile device determining that one of the new potential QR codes matches one of the initial potential QR codes in the plurality of initial potential QR codes; and
      
      based on the one new potential QR code matching one of the initial potential QR codes, the mobile device determining the one new potential QR code is a reassembly of the first complete QR code.
  - 3. The method of claim 1, wherein the step of reassembling the second complete QR code includes:
    - the computer generating a plurality of initial potential QR codes of a plurality of biometric identifiers or a plurality of answers to the security questions;
      
      the computer deleting portions of the respective initial potential QR codes by employing a QR code disassembly algorithm and information that specifies the attributes of the user and a transmission of the first portion of the second complete QR code, each of the deleted portions matching a shape of the first portion of the second complete QR code;
      
      the computer generating new potential QR codes by filling in the deleted portions with the first portion of the second complete QR code;
      
      the computer determining that one of the new potential QR codes matches one of the initial potential QR codes in the plurality of initial potential QR codes; and
      
      based on the one new potential QR code matching one of the initial potential QR codes, the mobile device determining the one new potential QR code is a reassembly of the second complete QR code.
  - 4. The method of claim 1, further comprising the steps of:
    - the computer completing a handshake with the mobile device; and
      
      the computer recording a timestamp of the handshake, wherein the information that specifies the attributes of the request to initiate the electronic transaction includes the timestamp, and wherein the step of disassembling the first complete QR code into the first and second portions of the first complete QR code includes selecting the first portion of the first complete QR code based at least in part on the recorded timestamp.
  - 5. The method of claim 1, further comprising:
    - prior to any transaction between the user and the enterprise, the computer storing a plurality of security questions, receiving from the user and storing a plurality of biometric identifiers of the user or a plurality of answers to the security questions, and generating and storing a plurality of requests for the biometric identifiers;
      
      subsequent to a receipt of the request to initiate the electronic transaction, the computer determining the electronic transaction is a banking transaction for an amount of money that exceeds a threshold amount; and
      
      based on the banking transaction being for an amount of money exceeding the threshold amount, the computer utilizing a random number generator which randomly selects the request for the biometric identifier from the plurality of requests for the biometric identifiers or the security question from the plurality of security questions.
  - 6. The method of claim 1, further comprising the step of:
    - providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer readable program code in the computer, the program code being executed by a processor in the computer to implement the steps of converting the request or security question, disassembling the first complete QR code, sending the first portion of the first complete QR code, reassembling the second complete QR code, determining whether the biometric identifier or the answer to the security question matches the record in the data repository, and authorizing the electronic transaction if the biometric identifier or the answer matches the record or indicating the electronic transaction is not authorized if the biometric identifier or the answer does not match any record in the data repository.
  - 13. The computer system of claim 1, wherein the step of reassembling the second complete QR code is performed in response to:
    - the mobile device generating a plurality of initial potential QR codes of a plurality of requests for biometric identifiers or a plurality of security questions;
      
      the mobile device deleting portions of the respective initial potential QR codes by employing a QR code disassembly algorithm and the information that specifies the attributes of the user and the request, each of the deleted portions matching a shape of the first portion of the first complete QR code;
      
      the mobile device generating new potential QR codes by filling in the deleted portions with the first portion of the first complete QR code;
      
      the mobile device determining that one of the new potential QR codes matches one of the initial potential QR codes in the plurality of initial potential QR codes; and
      
      based on the one new potential QR code matching one of the initial potential QR codes, the mobile device determining the one new potential QR code is a reassembly of the first complete QR code.
  - 14. The computer system of claim 1, wherein the step of reassembling the second complete QR code includes:
    - the computer system generating a plurality of initial potential QR codes of a plurality of biometric identifiers or a plurality of answers to the security questions;
      
      the computer system deleting portions of the respective initial potential QR codes by employing a QR code disassembly algorithm and information that specifies the attributes of the user and a transmission of the first portion of the second complete QR code, each of the deleted portions matching a shape of the first portion of the second complete QR code;
      
      the computer system generating new potential QR codes by filling in the deleted portions with the first portion of the second complete QR code;
      
      the computer system determining that one of the new potential QR codes matches one of the initial potential QR codes in the plurality of initial potential QR codes; and
      
      based on the one new potential QR code matching one of the initial potential QR codes, the mobile device determining the one new potential QR code is a reassembly of the second complete QR code.
  - 15. The computer system of claim 1, wherein the method further comprises the steps of:
    - the computer system completing a handshake with the mobile device; and
      
      the computer system recording a timestamp of the handshake, wherein the information that specifies the attributes of the request to initiate the electronic transaction includes the timestamp, and wherein the step of disassembling the first complete QR code into the first and second portions of the first complete QR code includes selecting the first portion of the first complete QR code based at least in part on the recorded timestamp.
  - 16. The computer system of claim 1, wherein the method further comprises:
    - prior to any transaction between the user and the enterprise, the computer system storing a plurality of security questions, receiving from the user and storing a plurality of biometric identifiers of the user or a plurality of answers to the security questions, and generating and storing a plurality of requests for the biometric identifiers;
      
      subsequent to a receipt of the request to initiate the electronic transaction, the computer system determining the electronic transaction is a banking transaction for an amount of money that exceeds a threshold amount; and
      
      based on the banking transaction being for an amount of money exceeding the threshold amount, the computer system utilizing a random number generator which randomly selects the request for the biometric identifier from the plurality of requests for the biometric identifiers or the security question from the plurality of security questions.

7. A computer program product, comprising:
- a computer readable storage medium; and
  
  a computer readable program code stored in the computer readable storage medium, the computer readable program code containing instructions that are executed by a central processing unit (CPU) of a computer system to implement a method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of;
  
  the computer system converting (1) a request for a biometric identifier or (2) a security question to a first complete Quick Response (QR) code;
  
  based on information that specifies attributes of (1) the user and (2) a request from a mobile device of the user to initiate the electronic transaction, the computer system disassembling the first complete QR code into first and second portions of the first complete QR code;
  
  the computer system sending to the mobile device the first portion of the first complete QR code, but not the second portion of the first complete QR code;
  
  in response to a receipt by the mobile device of the biometric identifier or an answer to the security question, a conversion of the biometric identifier or the answer to the security question to a second complete QR code, and a disassembly of the second complete QR code into first and second portions of the second complete QR code, the computer system reassembling the second complete QR code;
  
  the computer system determining whether the biometric identifier or the answer to the security question converted to the second complete QR code matches a record in a data repository that includes biometric identifiers or answers to security questions; and
  
  if the biometric identifier or the answer to the security question converted to the second complete QR code matches the record in the data repository, the computer system authorizing the electronic transaction or if the biometric identifier or the answer to the security question converted to the second complete QR code does not match any record in the data repository, the computer system indicating the electronic transaction is not authorized.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The computer program product of claim 7, wherein the step of reassembling the second complete QR code is performed in response to:
    - the mobile device generating a plurality of initial potential QR codes of a plurality of requests for biometric identifiers or a plurality of security questions;
      
      the mobile device deleting portions of the respective initial potential QR codes by employing a QR code disassembly algorithm and the information that specifies the attributes of the user and the request, each of the deleted portions matching a shape of the first portion of the first complete QR code;
      
      the mobile device generating new potential QR codes by filling in the deleted portions with the first portion of the first complete QR code;
      
      the mobile device determining that one of the new potential QR codes matches one of the initial potential QR codes in the plurality of initial potential QR codes; and
      
      based on the one new potential QR code matching one of the initial potential QR codes, the mobile device determining the one new potential QR code is a reassembly of the first complete QR code.
  - 9. The computer program product of claim 7, wherein the step of reassembling the second complete QR code includes:
    - the computer system generating a plurality of initial potential QR codes of a plurality of biometric identifiers or a plurality of answers to the security questions;
      
      the computer system deleting portions of the respective initial potential QR codes by employing a QR code disassembly algorithm and information that specifies the attributes of the user and a transmission of the first portion of the second complete QR code, each of the deleted portions matching a shape of the first portion of the second complete QR code;
      
      the computer system generating new potential QR codes by filling in the deleted portions with the first portion of the second complete QR code;
      
      the computer system determining that one of the new potential QR codes matches one of the initial potential QR codes in the plurality of initial potential QR codes; and
      
      based on the one new potential QR code matching one of the initial potential QR codes, the mobile device determining the one new potential QR code is a reassembly of the second complete QR code.
  - 10. The computer program product of claim 7, wherein the method further comprises the steps of:
    - the computer system completing a handshake with the mobile device; and
      
      the computer system recording a timestamp of the handshake, wherein the information that specifies the attributes of the request includes the timestamp, and wherein the step of disassembling the first complete QR code into the first and second portions of the first complete QR code includes selecting the first portion of the first complete QR code based at least in part on the recorded timestamp.
  - 11. The computer program product of claim 7, wherein the method further comprises:
    - prior to any transaction between the user and the enterprise, the computer system storing a plurality of security questions, receiving from the user and storing a plurality of biometric identifiers of the user or a plurality of answers to the security questions, and generating and storing a plurality of requests for the biometric identifiers;
      
      subsequent to a receipt of the request to initiate the electronic transaction, the computer system determining the electronic transaction is a banking transaction for an amount of money that exceeds a threshold amount; and
      
      based on the banking transaction being for an amount of money exceeding the threshold amount, the computer system utilizing a random number generator which randomly selects the request for the biometric identifier from the plurality of requests for the biometric identifiers or the security question from the plurality of security questions.

12. A computer system comprising:
- a central processing unit (CPU);
  
  a memory coupled to the CPU; and
  
  a computer readable storage device coupled to the CPU, the storage device containing instructions that are executed by the CPU via the memory to implement a method of securely authenticating an identity of a user participating in an electronic transaction with an enterprise, the method comprising the steps of;
  
  the computer system converting (1) a request for a biometric identifier or (2) a security question to a first complete Quick Response (QR) code;
  
  based on information that specifies attributes of (1) the user and (2) a request from a mobile device of the user to initiate the electronic transaction, the computer system disassembling the first complete QR code into first and second portions of the first complete QR code;
  
  the computer system sending to the mobile device the first portion of the first complete QR code, but not the second portion of the first complete QR code;
  
  in response to a receipt by the mobile device of the biometric identifier or an answer to the security question, a conversion of the biometric identifier or the answer to the security question to a second complete QR code, and a disassembly of the second complete QR code into first and second portions of the second complete QR code, the computer system reassembling the second complete QR code;
  
  the computer system determining whether the biometric identifier or the answer to the security question converted to the second complete QR code matches a record in a data repository that includes biometric identifiers or answers to security questions; and
  
  if the biometric identifier or the answer to the security question converted to the second complete QR code matches the record in the data repository, the computer system authorizing the electronic transaction or if the biometric identifier or the answer to the security question converted to the second complete QR code does not match any record in the data repository, the computer system indicating the electronic transaction is not authorized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Sadacharam, Saravanan, Viswanathan, Ram
Primary Examiner(s)
Shaw, Brian F

Application Number

US15/609,819
Publication Number

US 20170270513A1
Time in Patent Office

258 Days
Field of Search

726 5
US Class Current
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06Q 20/3223   Realising banking transacti...

G06Q 20/3276   using a pictured code, e.g....

G06Q 20/40145   Biometric identity checks

G06Q 20/405   Establishing or using trans...

H04L 2463/121   Timestamp

H04L 63/0861   using biometrical features,...

H04W 12/06   Authentication

Secure identity authentication in an electronic transaction

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Secure identity authentication in an electronic transaction

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links