Secure transaction and access using insecure device

US 10,425,407 B2
Filed: 07/22/2014
Issued: 09/24/2019
Est. Priority Date: 07/28/2013
Status: Active Grant

First Claim

Patent Images

1. A system for secure transaction and access, comprising:

a. Relying-Party-Service-Provider for transaction and access of a user;

b. an insecure endpoint device, for communication of the user with the Relying-Party-Service-Provider, and compromised by unknown malware;

c. such malware capable of modifying transaction context or altering access request;

d. a mobile phone of the user;

e. Remote Identity-Management-as-a-Service for identity verification of the user using said mobile phone and serving remotely said Relying-Party-Service-Provider;

f. whereas said Relying Party-Service Provider and said Identity-Management-as-a-Service receive the same authorization code from said user;

g. whereas this authorization code is being generated by Relying Party-Service-Provider, the value of this code depending on transaction or access request of said user;

h. whereas said transaction and access authorization is requested by said Relying-Party-Service-Provider, using said authorization code, from said Identity-Management-as-a-Service, thus defeating said malware.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention enables secure transactions or access using insecure endpoint devices, such as computers, tablets and smart-phones. These insecure devices are potentially compromised with malicious software that may attack the user in every possible way. The present invention does not pretend to prevent malware. Instead, malware attacks against secure transactions and access are made obsolete. The present invention includes data, directly connected to transaction or access request to Relying-Party-Service-Provider, into authentication process of Identity-as-a-Service Provider. The present invention includes user authentication using mobile phone vs. Identity-Management-as-a-Service provider. The present invention also includes entering request for secure transaction or access to Relying-Party-Service-Provider, using insecure device. The present invention also includes two-way communication between Relying-Party-Service-Provider and Identity-Management-as-a-Service. The advantages of the present invention include, without limitation, that it is resilient to malware attack.

15 Citations

View as Search Results

20 Claims

1. A system for secure transaction and access, comprising:
- a. Relying-Party-Service-Provider for transaction and access of a user;
  
  b. an insecure endpoint device, for communication of the user with the Relying-Party-Service-Provider, and compromised by unknown malware;
  
  c. such malware capable of modifying transaction context or altering access request;
  
  d. a mobile phone of the user;
  
  e. Remote Identity-Management-as-a-Service for identity verification of the user using said mobile phone and serving remotely said Relying-Party-Service-Provider;
  
  f. whereas said Relying Party-Service Provider and said Identity-Management-as-a-Service receive the same authorization code from said user;
  
  g. whereas this authorization code is being generated by Relying Party-Service-Provider, the value of this code depending on transaction or access request of said user;
  
  h. whereas said transaction and access authorization is requested by said Relying-Party-Service-Provider, using said authorization code, from said Identity-Management-as-a-Service, thus defeating said malware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 where the user uses a voice channel or DTMF channel of said mobile phone to interact with the Identity-Management-as-a-Service, whereas said Identity-Management-as-a-Service performs a strong authentication of said interacting user.
  - 3. The system of claim 2 where said interaction includes a spoken PIN and a spoken authorization code, wherein said PIN is being assigned to the user following registration with the Identity-Management-as-a-Service and said authorization code, determined by Relying-Party-Service-Provider, is directly connected to an access or transaction request of said user to the Relying-Party-Service-Provider.
  - 4. The system of claim 3 where the strong authentication by Identity-Management-as-a-Service includes a Caller ID, the PIN and a Voice Biometrics match, where the Voice Biometrics has the ability of rejecting the user'"'"'s voice replay and the user'"'"'s voice playback and the user'"'"'s voice synthesis, preceded by the user'"'"'s voice recording.
  - 5. The system of claim 4 where the user receives the Identity-Management-as-Service response, followed by the user adding said response into the access or transaction request to the Relying-Party-Service-Provider, using the insecure endpoint device.
  - 6. The system of claim 5 where the Relying-Party-Service-Provider sends said response, added to said request, to the Identity-Management-as-a-Service, wherein the Identity-Management-as-a-Service returns a user'"'"'s ID and the authorization code.
  - 7. The system of claim 6 where Relying-Party-Service-Provider matches the user'"'"'s ID and the authorization code with the transaction or access request received from the insecure endpoint device.
  - 8. The system of claim 2 where interaction includes a keypad-entered PIN and a keypad-entered authorization code, wherein said PIN is being assigned to the user following registration with the Identity-Management-as-a-Service and authorization code, determined by Relying-Party-Service-Provider, is directly connected to an access or transaction request of said user to the Relying-Party-Service-Provider.
  - 9. The system of claim 1 where the insecure endpoint device may be one of the network-connected devices, such as:
    - personal computers, laptops, tablets, smart-phones and mobile phones, including the user'"'"'s mobile phone.
  - 10. The system of claim 1 where the Relying-Party-Service-Provider may be one of the group consisting of Banks, Financial Services, Online Shops, Online Voting Sites, Enterprise Websites, Smart Home, Mobile and Web applications.

11. A method for secure transaction and access, comprising an interaction between a user;
- a mobile phone of the user;
  
  an insecure endpoint device, performing communication of the user with Relying-Party-Service-Provider and compromised by unknown malware, such malware capable of modifying transaction context or altering access request;
  
  Remote Identity-Management-as-a-Service, performing identity verification of the user and serving remotely said Relying-Party-Service-Provider; and
  
  Relying-Party-Service-Provider, performing transaction and access of the user;
  
  whereas said Relying Party-Service Provider and said Identity-Management-as-a-Service receive the same authorization code from said user;
  
  whereas this authorization code is being generated by Relying Party-Service-Provider, the value of this code depending on transaction or access request of said user; and
  
  whereas said transaction and access authorization is requested by said Relying-Party-Service-Provider, using said authorization code, from said Identity-Management-as-a-Service, thus defeating said malware.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11 where the user uses a voice channel or DTMF channel of said mobile phone to interact with the Identity-Management-as-a-Service, whereas said Identity-Management-as-a-Service performs a strong authentication of said interacting user.
  - 13. The method of claim 12 where the interaction includes a spoken PIN and an authorization code, wherein said PIN is being assigned to the user following a registration with the Identity-Management-as-a-Service and said authorization code, determined by Relying-Party-Service-Provider, is directly connected to an access or transaction request of said user to the Relying-Party-Service-Provider.
  - 14. The method of claim 12 where interaction includes a keypad-entered PIN and a keypad-entered authorization code, wherein said PIN is being assigned to the user following a registration with the Identity-Management-as-a-Service and said authorization code, determined by Relying-Party-Service-Provider, is directly connected to an access or transaction request of said user to the Relying-Party-Service-Provider.
  - 15. The method of claim 12 where the strong authentication includes a Caller ID, the PIN and a Voice Biometrics match, where the Voice Biometrics has the ability of rejecting the user'"'"'s voice replay and the user'"'"'s voice playback and the user'"'"'s voice synthesis, preceded by the user'"'"'s voice recording.
  - 16. The method of claim 12 where the user receives the Identity-Management-as-Service response, followed by the user adding said response into the access or transaction request to the Relying-Party-Service-Provider, using the insecure endpoint device.
  - 17. The method of claim 16 where the Relying-Party-Service-Provider sends said response to the Identity-Management-Service Provider, where the Identity-Management-as-a-Service returns a user'"'"'s ID and the authorization code.
  - 18. The method of claim 17 where Relying-Party-Service-Provider matches the user'"'"'s ID and the authorization code with the transaction or access request received from insecure endpoint device.
  - 19. The method of claim 11 where the insecure endpoint device may be one of the network-connected devices, such as:
    - personal computers, laptops, tablets, smart-phones and mobile phones, including user'"'"'s mobile phone.
  - 20. The method of claim 11 where the Relying-Party-Service-Provider may be one of the group consisting of Banks, Financial Services, Online Shops, Online Voting Sites, Enterprise Websites, Smart Home, Mobile and Web applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Eli Talmor
Original Assignee
Eli Talmor
Inventors
Talmor, Eli, Talmor, Rita
Primary Examiner(s)
Lin, Kenny S

Application Number

US14/905,829
Publication Number

US 20160191514A1
Time in Patent Office

1,890 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/42   using separate channels for...

G06Q 20/02   involving a neutral party, ...

G06Q 20/325   using wireless networks

G06Q 20/385   using an alias or single-us...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40145   Biometric identity checks

G06Q 20/425   using two different network...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/18   using different networks or...

Secure transaction and access using insecure device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure transaction and access using insecure device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links