System and method for providing authentication and authorization utilizing a personal wireless communication device

US 7,697,920 B1
Filed: 05/05/2006
Issued: 04/13/2010
Est. Priority Date: 05/05/2006
Status: Active Grant

First Claim

Patent Images

1. A method for initializing a mobile communication device for use as an authentication device comprising:

receiving user information at the mobile communication device, the user information also being provided, by the user, to a trusted server;

opening a dialog between the mobile communication device and the trusted server, the dialog being carried out over a wireless communication link;

generating shared information in connection with the dialog;

wherein the shared information includes a shared secret generated via a cryptographic key exchange between the mobile communication device and the trusted server;

storing the shared information in a user programmable memory of the mobile communication device;

wherein the shared information enables, at least in part, the mobile communication device to operate as an authentication device;

receiving, from the trusted server, a digital signature of a quantity incorporating at least a portion of the user information and the shared secret;

digitally signing a quantity incorporating at least a portion of the user information and the shared secret stored in the user programmable memory so as to generate a validation signature;

comparing the digital signature with the validation signature; and

aborting, in the event the digital signature and the validation signature are different, the initialization of the mobile communication device for use as an authentication device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authorization and authentication system utilizing a mobile communication device. The authentication and authorization system enables a trusted server, in conjunction with a user controlled mobile communication device (which has been registered with the trusted site), to authorize a transaction carried out at a transaction management system. An identity of the user is authenticated by a verification that the user is in possession of the mobile communication device. In this way, the transaction management system is able to effectuate an authorized transaction with confidence that the authorization was from the user and not a third party. In variations, the authentication is a multi-factor authentication, i.e., the user must both possess the mobile communication device and information, e.g., a password.

128 Citations

20 Claims

1. A method for initializing a mobile communication device for use as an authentication device comprising:
- receiving user information at the mobile communication device, the user information also being provided, by the user, to a trusted server;
  
  opening a dialog between the mobile communication device and the trusted server, the dialog being carried out over a wireless communication link;
  
  generating shared information in connection with the dialog;
  
  wherein the shared information includes a shared secret generated via a cryptographic key exchange between the mobile communication device and the trusted server;
  
  storing the shared information in a user programmable memory of the mobile communication device;
  
  wherein the shared information enables, at least in part, the mobile communication device to operate as an authentication device;
  
  receiving, from the trusted server, a digital signature of a quantity incorporating at least a portion of the user information and the shared secret;
  
  digitally signing a quantity incorporating at least a portion of the user information and the shared secret stored in the user programmable memory so as to generate a validation signature;
  
  comparing the digital signature with the validation signature; and
  
  aborting, in the event the digital signature and the validation signature are different, the initialization of the mobile communication device for use as an authentication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the user information is a password.
  - 3. The method of claim 1 wherein the cryptographic key exchange includes a Diffie-Hellman key exchange.
  - 4. The method of claim 1 wherein the dialog is carried out via a secure channel.
  - 5. The method of claim 4 including sending the shared information over the secure channel to the trusted server.
  - 6. The method of claim 1 wherein the shared information includes a representation of the user information.
  - 7. The method of claim 1 wherein the opening the dialog is in response to the trusted server confirming an identity of the user by communication with the user via means other than the mobile communication device.

8. A method for initializing a mobile communication device for use as an authentication device comprising:
- receiving user information at a trusted server, the user information also being provided, by the user, to the mobile communication device;
  
  opening a dialog between the mobile communication device and the trusted server, the dialog being carried out over a wireless communication link;
  
  generating shared information in connection with the dialog wherein the shared information includes a shared secret generated via a cryptographic key exchange between the mobile communication device and the trusted server;
  
  storing the shared information in a database, the shared information also being stored in the mobile communication device, the shared information enabling, at least in part, the mobile communication device to operate as an authentication device;
  
  receiving, from the mobile communication device, a digital signature of a quantity incorporating at least a portion of the user information and the shared secret;
  
  digitally signing a quantity incorporating at least a portion of the user information and the shared secret stored in the database so as to generate a validation signature;
  
  comparing the digital signature with the validation signature; and
  
  aborting, in the event the digital signature and the validation signature are different, the initialization of the mobile communication device for use as an authentication device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8 wherein the user information is a password.
  - 10. The method of claim 8 wherein the cryptographic key exchange includes a Diffie-Hellman key exchange.
  - 11. The method of claim 8 wherein the dialog is carried out via a secure channel.
  - 12. The method of claim 11 including sending the shared information over the secure channel to the mobile communication device.
  - 13. The method of claim 8 wherein the shared information includes a representation of the user information.
  - 14. The method of claim 8 wherein the opening the dialog is in response to the trusted server confirming an identity of the user by communication with the user via means other than the mobile communication device.

15. A method of providing a plurality of user authentications in conjunction with a mobile device comprising:
- performing an initialization process, said initialization process including the steps of;
  
  receiving user information at the mobile communication device, the user information also being provided, by the user, to a trusted server;
  
  opening a dialog between the mobile communication device and the trusted server, the dialog being carried out over a wireless communication link;
  
  generating, in connection with the dialog, via a cryptographic key exchange between the device and the server, a shared secret disposed to facilitate a plurality of user authentications;
  
  storing the shared secret in a user programmable memory of the mobile communication device;
  
  receiving, from the trusted server, a digital signature of a quantity incorporating at least a portion of the user information and the shared secret;
  
  digitally signing a quantity incorporating at least a portion of the user information and the shared secret stored in the user programmable memory so as to generate a validation signature;
  
  comparing the digital signature with the validation signature; and
  
  aborting, in the event the digital signature and the validation signature are different, the initialization of the mobile communication device for use as an authentication device; and
  
  performing a plurality of user authentications based, at least in part, on said shared secret generated by said initialization process.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15 wherein the cryptographic key exchange includes a Diffie-Hellman key exchange.
  - 17. The method of claim 15 wherein the wireless communication channel comprises a secure channel.

18. A computer readable medium comprising executable instructions for initializing a portable device for user authentication, including instructions to:
- receive user information at the device, wherein the user information is also provided, by the user, to a trusted server;
  
  initiate a dialog between the device and a trusted server, the dialog being carried out over a wireless communication link, said trusted server having been provided said user information by said user;
  
  generate, in connection with the dialog, via a cryptographic key exchange between the device and the server, a shared secret disposed to facilitate a plurality of user authentications; and
  
  store, in a user programmable memory of the device, the shared secret wherein the shared secret enables, at least in part, the mobile communication device to operate as an authentication device;
  
  receiving, from the trusted server, a digital signature of a quantity incorporating at least a portion of the user information and the shared secret;
  
  digitally signing a quantity incorporating at least a portion of the user information and the shared secret stored in the user programmable memory so as to generate a validation signature;
  
  comparing the digital signature with the validation signature; and
  
  aborting, in the event the digital signature and the validation signature are different, the initialization of the mobile communication device for use as an authentication device.
- View Dependent Claims (19, 20)
- - 19. The computer readable memory of claim 18 wherein the cryptographic key exchange includes a Diffie-Hellman key exchange.
  - 20. The computer readable memory of claim 18 further comprising instructions to perform, based at least in part on said shared secret generated in said initialization, a plurality of user authentications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Boojum Mobile
Original Assignee
Boojum Mobile
Inventors
McClain, Fred
Primary Examiner(s)
Kincaid; Lester
Assistant Examiner(s)
MITCHELL, NATHAN A

Application Number

US11/429,470
Time in Patent Office

1,439 Days
Field of Search

455/411, 455/410
US Class Current

455/411
CPC Class Codes

G06F 21/43   wireless channels

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04L 63/12   Applying verification of th...

H04W 12/068   using credential vaults, e....

System and method for providing authentication and authorization utilizing a personal wireless communication device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

128 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing authentication and authorization utilizing a personal wireless communication device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

128 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links