TOOL FOR CREATING A SYSTEM HARDWARE SIGNATURE FOR PAYMENT AUTHENTICATION

US 20160048834A1
Filed: 08/12/2014
Published: 02/18/2016
Est. Priority Date: 08/12/2014
Status: Active Grant

First Claim

Patent Images

1. A system for payment authentication using a system hardware signature, whereby presence of malware may be detected prior to payment information being compromised, the system comprising:

a computer apparatus including a processor and a memory; and

a software module stored in the memory, comprising executable instructions that when executed by the processor cause the processor to;

create a unique signature, using a signature creation algorithm and based at least in part on a hardware profile of the system, comprising;

obtaining first information identifying a first part of the computer apparatus;

obtaining second information identifying a second part of the computer apparatus;

obtaining third information identifying the computer apparatus;

obtaining fourth information related to a current time and/or a current date;

obtaining fifth information corresponding to a software execution pattern;

combining the first information, the second information, the third information, the fourth information and the fifth information to create the unique signature;

receive a request, from a user, to perform a transaction using the system;

in response to receiving the request, determining whether any application or system has accessed the hardware profile, comprising;

if not, determining that the signature creation algorithm has not been compromised; and

if so, determining that the application or system that accessed the hardware profile was authorized to access the hardware profile and thereby determining that the signature creation algorithm has not been compromised;

in response to determining that the signature creation algorithm has not been compromised, create a key based on the unique signature, wherein the key is different from the unique signature;

initiate display of the key to the user;

receive user input entered in response to the user viewing the key; and

determine whether to proceed with transaction payment authentication based at least on whether the received user input matches the created key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide a method a authenticating a transaction at the point of transaction. In some embodiments of the invention, a unique signature is created based at least in part on a hardware profile of the system. In some embodiments, a request is received from a user to perform a transaction using the system. In some embodiments, in response to receiving the request a key is created based on the unique signature and displayed to the user. In some embodiments, user input entered in response to the user viewing the key is received and it is determined whether to proceed with transaction payment authentication based at least on whether the received user input matches the created key.

15 Citations

View as Search Results

20 Claims

1. A system for payment authentication using a system hardware signature, whereby presence of malware may be detected prior to payment information being compromised, the system comprising:
- a computer apparatus including a processor and a memory; and
  
  a software module stored in the memory, comprising executable instructions that when executed by the processor cause the processor to;
  
  create a unique signature, using a signature creation algorithm and based at least in part on a hardware profile of the system, comprising;
  
  obtaining first information identifying a first part of the computer apparatus;
  
  obtaining second information identifying a second part of the computer apparatus;
  
  obtaining third information identifying the computer apparatus;
  
  obtaining fourth information related to a current time and/or a current date;
  
  obtaining fifth information corresponding to a software execution pattern;
  
  combining the first information, the second information, the third information, the fourth information and the fifth information to create the unique signature;
  
  receive a request, from a user, to perform a transaction using the system;
  
  in response to receiving the request, determining whether any application or system has accessed the hardware profile, comprising;
  
  if not, determining that the signature creation algorithm has not been compromised; and
  
  if so, determining that the application or system that accessed the hardware profile was authorized to access the hardware profile and thereby determining that the signature creation algorithm has not been compromised;
  
  in response to determining that the signature creation algorithm has not been compromised, create a key based on the unique signature, wherein the key is different from the unique signature;
  
  initiate display of the key to the user;
  
  receive user input entered in response to the user viewing the key; and
  
  determine whether to proceed with transaction payment authentication based at least on whether the received user input matches the created key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the software module comprises a unique signature software module configured to cause the processor to create the unique signature;
    - andwherein the unique signature software module is stored in the memory prior to creation of the unique signature and is protected, and thereby not writable, subsequent to being stored.
  - 3. The system of claim 2, wherein creating the unique signature is further based in part on a current date and/or a current time.
  - 4. The system of claim 1, wherein determining comprises determining that the received user input does not match the created key, and in response, determining not to proceed with transaction payment authentication.
  - 5. The system of claim 4, wherein the executable instructions when executed further cause the processor to:
    - determine that malware is present based at least on the received user input does not match the created key.
  - 6. The system of claim 5, wherein the executable instructions when executed further cause the processor to:
    - initiate one or more remediation actions configured to mitigate an impact of the malware or eliminate the malware.
  - 7. The system of claim 5, wherein the executable instructions when executed further cause the processor to:
    - initiate a malware presence communication, to the user and/or a second system, comprising an indication of the presence of malware on the system.

8. A computer program product for providing payment authentication using a system hardware signature, whereby presence of malware may be detected prior to payment information being compromised, the computer program product comprising:
- a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
  
  computer readable program code configured to create a unique signature based at least in part on a hardware profile of the system, wherein creating comprises;
  
  obtaining first information identifying a first part of the computer apparatus;
  
  obtaining second information identifying a second part of the computer apparatus;
  
  obtaining third information identifying the computer apparatus;
  
  obtaining fourth information related to a current time and/or a current date;
  
  obtaining fifth information corresponding to a software execution pattern;
  
  combining the first information, the second information, the third information, the fourth information and the fifth information to create the unique signature;
  
  computer readable program code configured to receive a request, from a user, to perform a transaction using the system;
  
  computer readable program code configured to, in response to receiving the request, determine whether any application or system has accessed the hardware profile, comprising;
  
  if not, determining that the signature creation algorithm has not been compromised; and
  
  if so, determining that the application or system that accessed the hardware profile was authorized to access the hardware profile and thereby determining that the signature creation algorithm has not been compromised;
  
  computer readable program code configured to, in response to determining that the signature creation algorithm has not been compromised, create a key based on the unique signature;
  
  computer readable program code configured to initiate display of the key to the user;
  
  computer readable program code configured to receive user input entered in response to the user viewing the key, wherein the key is different from the unique signature; and
  
  computer readable program code configured to determine whether to proceed with transaction payment authentication based at least on whether the received user input matches the created key.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer program product of claim 8, further comprising computer readable program code configured to create the unique signature is further based in part on a current date and/or a current time.
  - 10. The computer program product of claim 8, further comprising computer readable program code configured to determine that the received user input does not match the created key, and in response, determining not to proceed with transaction payment authentication.
  - 11. The computer program product of claim 8, further comprising computer readable program code configured to determine that malware is present based at least on the received user input does not match the created key.
  - 12. The computer program product of claim 8, further comprising computer readable program code configured to initiate one or more remediation actions configured to mitigate an impact of the malware or eliminate the malware.
  - 13. The computer program product of claim 8, further comprising computer readable program code configured to initiate a malware presence communication, to the user and/or a second system, comprising an indication of the presence of malware on the system.

14. A computer-implemented method for providing payment authentication using a system hardware signature, whereby presence of malware may be detected prior to payment information being compromised, the method comprising:
- creating, using a computing device processor, a unique signature based at least in part on a hardware profile of the system, wherein creating comprises;
  
  obtaining first information identifying a first part of the computer apparatus;
  
  obtaining second information identifying a second part of the computer apparatus;
  
  obtaining third information identifying the computer apparatus;
  
  obtaining fourth information related to a current time and/or a current date;
  
  obtaining fifth information corresponding to a software execution pattern;
  
  combining the first information, the second information, the third information, the fourth information and the fifth information to create the unique signature;
  
  receiving, using a computing device processor, a request, from a user, to perform a transaction using the system;
  
  in response to receiving the request, determining whether any application or system has accessed the hardware profile, comprising;
  
  if not, determining that the signature creation algorithm has not been compromised; and
  
  if so, determining that the application or system that accessed the hardware profile was authorized to access the hardware profile and thereby determining that the signature creation algorithm has not been compromised;
  
  in response to determining that the signature creation algorithm has not been compromised, creating, using a computing device processor, a key based on the unique signature, wherein the key is different from the unique signature;
  
  initiating, using a computing device processor, display of the key to the user;
  
  receiving, using a computing device processor, user input entered in response to the user viewing the key; and
  
  determining, using a computing device processor, whether to proceed with transaction payment authentication based at least on whether the received user input matches the created key.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the unique signature creation algorithm is stored in the memory prior to creation of the unique signature and is protected, and thereby not writable, subsequent to being stored.
  - 16. The method of claim 14, wherein creating the unique signature is further based in part on a current date and/or a current time.
  - 17. The method of claim 14, wherein determining comprises determining that the received user input does not match the created key, and in response, determining not to proceed with transaction payment authentication.
  - 18. The method of claim 14, wherein the method further comprise determining that malware is present based at least on the received user input does not match the created key.
  - 19. The method of claim 14, wherein the method further comprise determining initiating one or more remediation actions configured to mitigate an impact of the malware or eliminate the malware.
  - 20. The method of claim 14, wherein the method further comprise determining initiating a malware presence communication, to the user and/or a second system, comprising an indication of the presence of malware on the system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Kurian, Manu Jacob

Granted Patent

US 9,824,356 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/56   Computer malware detection ...

G06Q 20/3227   using secure elements embed...

G06Q 20/3674   involving authentication

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/4016   involving fraud or risk lev...

TOOL FOR CREATING A SYSTEM HARDWARE SIGNATURE FOR PAYMENT AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TOOL FOR CREATING A SYSTEM HARDWARE SIGNATURE FOR PAYMENT AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links