Transaction and payment system security remote authentication/validation of transactions from a transaction provider
First Claim
1. A method, comprising:
- generating in a remote server and in an at least one local server a list of valid authentication tokens based on secret keys shared between the remote server and the at least one local server and a seed with an authentication algorithm;
requesting, by a mobile terminal, a transaction token from the remote server;
selecting, by the remote server, an authentication token from the list of valid authentication tokens in the remote server;
purchasing, by the mobile terminal, the selected authentication token;
transmitting the purchased authentication token to the mobile terminal;
receiving, by the at least one local server, the purchased authentication token;
comparing by the at least one local server the purchased authentication token to the list of valid authentication tokens in the at least one local server;
authenticating the purchased token by determining, by the local server, that the purchased token matches an authentication token in the list of valid authentication tokens in the at least one local server; and
based on the determination that the received token is valid, accepting, by the at least one local server, the purchased token.
2 Assignments
0 Petitions
Accused Products
Abstract
A mobile terminal is equipped for SMS payment and service authentication with a remote transaction provider. The remote provider uses common secrets & a seed in a keyed Hash Machine Address Code (HMAC) executing a Message Digest Algorithm to generate a list of authentication token (username-password) for the purchase of services an/or goods. The common secrets and seed are shared with local redemption devices which also generate the list of authentication token. A subscriber conducts payment with the remote transaction provider and receives an authentication token corresponding to the purchased service. The subscriber provides the authentication token to the redemption device which compares the authentication token with sets of valid authentication tokens generated by the redemption terminal. If the comparison indicates a match, the redemption device provides the service to the subscriber.
47 Citations
53 Claims
-
1. A method, comprising:
-
generating in a remote server and in an at least one local server a list of valid authentication tokens based on secret keys shared between the remote server and the at least one local server and a seed with an authentication algorithm; requesting, by a mobile terminal, a transaction token from the remote server; selecting, by the remote server, an authentication token from the list of valid authentication tokens in the remote server; purchasing, by the mobile terminal, the selected authentication token; transmitting the purchased authentication token to the mobile terminal; receiving, by the at least one local server, the purchased authentication token; comparing by the at least one local server the purchased authentication token to the list of valid authentication tokens in the at least one local server; authenticating the purchased token by determining, by the local server, that the purchased token matches an authentication token in the list of valid authentication tokens in the at least one local server; and based on the determination that the received token is valid, accepting, by the at least one local server, the purchased token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A system, comprising:
-
a remote server comprising; a processor; and a memory comprised of computer readable instructions, when executed by the processor cause the processor to perform the steps of; generating in the remote server a list of valid authentication tokens based on secret keys and a seed with an authentication algorithm; and transmitting a purchased authentication token to a mobile terminal; at least one local server comprising; a processor; and a memory comprised of computer readable instructions, when executed by the processor cause the processor to perform the steps of; generating in the at least one local server a list of valid authentication tokens based on said secret keys shared between the remote server and the at least one local server and said seed with said authentication algorithm; receiving , by the at least one local server, the purchased authentication token; comparing by the at least one local server the purchased authentication token to the list of valid authentication tokens in the at least one local server; authenticating the purchased token by determining, by the local server, that the purchased token matches an authentication token in the list of valid authentication tokens in the at least one local server; and based on the determination that the received token is valid, accepting, by the at least one local server, the purchased token; the mobile terminal comprising; a processor; and a memory comprised of computer readable instructions, when executed by the processor cause the processor to perform the steps of; requesting, by the mobile terminal, a transaction token from the remote server; and purchasing, by the mobile terminal, the selected authentication token. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
Specification