Direct personal mobile device user to service provider secure transaction channel
First Claim
Patent Images
1. A method comprising:
- issuing with a transaction server a first one-time activation code (OTAC) to a user;
receiving with the transaction server a message from a mobile device executing an electronic transaction facility, the mobile device operated by the user, the message comprising a plurality of keys generated on the mobile device and the first OTAC, wherein the first OTAC is entered by the user into the mobile device during a registration process with the transaction server;
authenticating the mobile device and associating the mobile device with the user based on the received message;
updating credentials of a service provider on the mobile device with the transaction server and forwarding credentials of the mobile device to the service provider, thereby providing secure communication directly between the user via the mobile device and the service provider; and
authenticating with the service provider the user of the mobile device, wherein the user is authenticated by verifying a second OTAC sent to the user from the service provider and then received directly from the mobile device after being encrypted on the mobile device using the updated credentials of the service provider.
2 Assignments
0 Petitions
Accused Products
Abstract
Ensuring security of electronic transactions between a personal mobile device user and a service provider involves establishing trust between a user and a transaction service provider, authenticating the personal mobile device of the user, establishing a secure communication channel between the user and the service provider, and registering the user with the service provider over the secure communications channel.
363 Citations
2 Claims
-
1. A method comprising:
-
issuing with a transaction server a first one-time activation code (OTAC) to a user; receiving with the transaction server a message from a mobile device executing an electronic transaction facility, the mobile device operated by the user, the message comprising a plurality of keys generated on the mobile device and the first OTAC, wherein the first OTAC is entered by the user into the mobile device during a registration process with the transaction server; authenticating the mobile device and associating the mobile device with the user based on the received message; updating credentials of a service provider on the mobile device with the transaction server and forwarding credentials of the mobile device to the service provider, thereby providing secure communication directly between the user via the mobile device and the service provider; and authenticating with the service provider the user of the mobile device, wherein the user is authenticated by verifying a second OTAC sent to the user from the service provider and then received directly from the mobile device after being encrypted on the mobile device using the updated credentials of the service provider.
-
-
2. A secure service provider-to-mobile device user transaction channel, comprising:
-
a mobile device executing an electronic transaction facility; a service provider server configured to provide a first one-time activation code (OTAC) to a user of the electronic transaction facility; and a transaction server configured to; issue a second OTAC to a user of the mobile device; receive a message comprising a plurality of keys generated on the mobile device, the message further comprising the second OTAC that is entered by the user into the mobile device during a registration process; authenticate the mobile device during the registration process based on the second OTAC received in the message; associate the mobile device with the user during the registration process based on the received message; update credentials of the service provider on the mobile device and forward mobile device credentials to the service provider, thereby providing secure communication directly between the user via the mobile device and the service provider; wherein the service provider server is further configured to authenticate the mobile device user by verifying the first OTAC received directly from the mobile device where the first OTAC is encrypted using the updated credentials of the service provider.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMastercard Mobile Transactions Solutions, Inc. (MasterCard Incorporated)
-
Original AssigneeMastercard Mobile Transactions Solutions, Inc. (MasterCard Incorporated)
-
InventorsPitroda, Satyan G., Desai, Mehul
-
Primary Examiner(s)Coppola, Jacob C.
-
Application NumberUS14/983,956Publication NumberTime in Patent Office1,063 DaysField of SearchUS Class CurrentCPC Class CodesG06F 21/606 by securing the transmissio...G06Q 20/02 involving a neutral party, ...G06Q 20/045 using payment protocols inv...G06Q 20/047 using payment protocols inv...G06Q 20/10 specially adapted for elect...G06Q 20/12 specially adapted for elect...G06Q 20/145 Payments according to the d...G06Q 20/322 Aspects of commerce using m...G06Q 20/3223 Realising banking transacti...G06Q 20/3226 Use of secure elements sepa...G06Q 20/3227 using secure elements embed...G06Q 20/325 using wireless networksG06Q 20/327 Short range or proximity pa...G06Q 20/367 involving electronic purses...G06Q 20/3674 involving authenticationG06Q 20/382 insuring higher security of...G06Q 20/3821 Electronic credentialsG06Q 20/38215 Use of certificates or encr...G06Q 20/3829 involving key managementG06Q 20/385 using an alias or single-us...View All
