Transaction authentication based on contextual data presentation

US 10,560,273 B2
Filed: 10/14/2016
Issued: 02/11/2020
Est. Priority Date: 10/14/2016
Status: Active Grant

First Claim

Patent Images

1. A method of producing a message in connection with a detected transaction, the method comprising:

receiving transaction information that describes details of the detected transaction;

receiving user-provided contextual information that describes a context of the detected transaction, wherein the user-provided contextual information comprises a description of the detected transaction generated by a person that initiated the detected transaction, and generated during the detected transaction, wherein receiving the user-provided contextual data comprises;

receiving a selection by the user of automatic contextual information generation or manual contextual information generation;

in response to the selection being the automatic contextual information generation, obtaining machine-generated contextual information to use as the user-provided contextual information; and

in response to the selection being the manual contextual information generation, obtaining custom contextual data that is unrelated to the transaction information to use as the user-provided contextual information;

producing at least one digital signature based on a combination of the transaction information and the user-provided contextual information; and

transmitting the digital signature in a message to a server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, devices, and systems are provided for approving a transaction through an exchange of presented user contextual approval information and approval decryption. The user contextual approval information is generated by a user during a transaction, cryptographically signed, and provided to a transaction server. The user contextual data uniquely describes the transaction to the user and can be employed to aid a user in approving or validating the transaction in a subsequent approval action. In particular, a transaction may present the contextual approval information to a user in the form of an approval challenge message. The approval challenge message may be sent to a known user device via the transaction server in the form of a text or multi-media message. The user may respond to the message with an approval or denial response.

13 Citations

View as Search Results

16 Claims

1. A method of producing a message in connection with a detected transaction, the method comprising:
- receiving transaction information that describes details of the detected transaction;
  
  receiving user-provided contextual information that describes a context of the detected transaction, wherein the user-provided contextual information comprises a description of the detected transaction generated by a person that initiated the detected transaction, and generated during the detected transaction, wherein receiving the user-provided contextual data comprises;
  
  receiving a selection by the user of automatic contextual information generation or manual contextual information generation;
  
  in response to the selection being the automatic contextual information generation, obtaining machine-generated contextual information to use as the user-provided contextual information; and
  
  in response to the selection being the manual contextual information generation, obtaining custom contextual data that is unrelated to the transaction information to use as the user-provided contextual information;
  
  producing at least one digital signature based on a combination of the transaction information and the user-provided contextual information; and
  
  transmitting the digital signature in a message to a server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the at least one digital signature comprises a first cryptographic signature of the transaction information and a second cryptographic signature of the user-provided contextual information.
  - 3. The method of claim 1, wherein the at least one digital signature comprises a cryptographic signature of the transaction information as well as the user-provided contextual information.
  - 4. The method of claim 1, wherein the server forwards at least a portion of the message to a user of a user device, wherein the at least a portion of the message forwarded includes a request for the user to verify the detected transaction and further provides a description of the user-provided contextual information.
  - 5. The method of claim 4, wherein the at least a portion of the message forwarded includes a rule violation trigger.
  - 6. The method of claim 5, wherein user approval or disapproval of the detected transaction includes an approval/disapproval for the rule violation.
  - 7. The method of claim 1, wherein the message is formatted for delivery to a social media profile associated with the person that initiated the detected transaction such that the social media profile associated with the person that initiated the detected transaction displays the transaction information and/or the user-provided contextual information.
  - 8. The method of claim 1, wherein the message is transmitted in one or more communication packets over a packet-based communication network.
  - 9. The method of claim 1, further comprising:
    - generating a template that includes automatically generated text based on the detected transaction;
      
      allowing the person that initiated the transaction to edit the template with additional custom information; and
      
      including the edited template as part of the user-provided contextual information.

10. A server, comprising:
- a processor; and
  
  a computer-readable storage medium having instructions stored thereon that, when executed by the processor, cause the processor to;
  
  receive transaction information describing details of a detected transaction;
  
  receive contextual information describing a custom user-provided context for the detected transaction, wherein the custom user-provided context comprises a description of the detected transaction generated by a person that initiated the detected transaction, and generated during the detected transaction, wherein to receive the custom user-provided context, the processor is to;
  
  receive a selection by the user of automatic contextual information generation or manual contextual information generation;
  
  in response to the selection being the automatic contextual information generation, obtain machine-generated contextual information to use as the custom user-provided context; and
  
  in response to the selection being the manual contextual information generation, obtain custom contextual data that is unrelated to the transaction information to use as the custom user-provided context; and
  
  transmit a cryptographically signed and/or encrypted challenge message including the custom user-provided context to a user device.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The server of claim 10, wherein the processor is further caused to:
    - receive a signed and encrypted response to the challenge message, wherein the response includes an approval or denial of the detected transaction based on the custom user-provided context.
  - 12. The server of claim 10, wherein the processor is further caused to:
    - receive a signed and encrypted response to the challenge message; and
      
      decrypt and verify the received signed and encrypted response.
  - 13. The server of claim 10, wherein the cryptographically signed and/or encrypted challenge message including the custom user-provided context is configured for presentation to a display of the user device.
  - 14. The server of claim 10, wherein the cryptographically signed and/or encrypted challenge message excludes information about the transaction other than the custom user-provided context.
  - 15. The server of claim 14, wherein the processor is further caused to:
    - receive a response to the challenge message, wherein the response includes an inquiry requesting more information regarding the transaction detected before approval of the transaction is allowed.
  - 16. The server of claim 15, wherein in response to receiving the inquiry requesting more information regarding the transaction detected, the processor is further caused to:
    - transmit transaction information previously excluded from the cryptographically signed and/or encrypted challenge message in a subsequent cryptographically signed and encrypted challenge message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Khan, Milan, Guyomarc'h, Francois-Eric Michel, Holland, James William
Primary Examiner(s)
Hoffman, Brandon S
Assistant Examiner(s)
Truong, Thong P

Application Number

US15/294,573
Publication Number

US 20180109386A1
Time in Patent Office

1,215 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/3223   Realising banking transacti...

G06Q 20/3224   Transactions dependent on l...

G06Q 20/3825   Use of electronic signatures

G06Q 20/4016   involving fraud or risk lev...

G06Q 20/405   Establishing or using trans...

G06Q 2220/00   Business processing using c...

G06Q 50/01   Social networking

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/68   Special signature format, e...

H04L 63/123   received data contents, e.g...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Transaction authentication based on contextual data presentation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Transaction authentication based on contextual data presentation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others