Compact security device with transaction risk level approval capability

US 9,054,873 B2
Filed: 02/24/2014
Issued: 06/09/2015
Est. Priority Date: 10/23/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A system to secure electronic transactions configured to store criteria to classify transactions into a plurality of transaction categories;

receive a particular electronic transaction submitted by a user, the particular electronic transaction including transaction information;

receive a dynamic transaction category approval code indicating a proof of intention of the user to perform a transaction belonging to a user selected transaction category;

apply said criteria to the transaction information and assign said received particular electronic transaction to a particular one of said plurality of transaction categories based on said criteria; and

verify whether the received dynamic transaction category approval code is valid for the transaction category to which said received particular electronic transaction was assigned, to determine whether said received particular electronic transaction should be executed of denied;

wherein said dynamic transaction category approval code is generated by a token that cryptographically combines a first transaction category indicator that is indicative of the category of the transaction that the user intends to do, a first dynamic value, and a first generation secret value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to the field of securing electronic transactions and more specifically to systems to indicate and verify the approval of the risk level of a transaction and to systems for generating transaction risk level approval codes.

8 Citations

View as Search Results

20 Claims

1. A system to secure electronic transactions configured to store criteria to classify transactions into a plurality of transaction categories;
- receive a particular electronic transaction submitted by a user, the particular electronic transaction including transaction information;
  
  receive a dynamic transaction category approval code indicating a proof of intention of the user to perform a transaction belonging to a user selected transaction category;
  
  apply said criteria to the transaction information and assign said received particular electronic transaction to a particular one of said plurality of transaction categories based on said criteria; and
  
  verify whether the received dynamic transaction category approval code is valid for the transaction category to which said received particular electronic transaction was assigned, to determine whether said received particular electronic transaction should be executed of denied;
  
  wherein said dynamic transaction category approval code is generated by a token that cryptographically combines a first transaction category indicator that is indicative of the category of the transaction that the user intends to do, a first dynamic value, and a first generation secret value.
- View Dependent Claims (2, 3, 4, 13, 14, 16, 17, 18, 19)
- - 2. The system of claim 1 further configured to:
    - generate a verification reference value for the transaction category that said received particular electronic transaction was assigned to; and
      
      compare said dynamic transaction category approval code with said verification reference value to determine whether to execute or deny the transaction.
  - 3. The system of claim 2, further configured to determine a second transaction category indicator that is indicative of the category of said received transaction and cryptographically combine the second transaction category Indicator indicative of the category of the received transaction, a second dynamic value, and a second verification secret to generate the verification reference value.
  - 4. The system of claim 2 further configured to associate at least one of a finite set of discrete risk levels with each of said transaction categories;
    - wherein said dynamic transaction category approval code indicates a proof of said user'"'"'s intention to do a transaction having a particular one of said risk levels; and
      
      wherein the dynamic transaction category approval code is a dynamic risk level approval code and the first transaction category indicator comprises a first risk level indicator indicative of the risk level of the transaction that the user intends to do; and
      
      wherein the system is further configured to determine a second risk level indicator that is indicative of the risk level of the received transaction; and
      
      wherein the system is further configured to cryptographically combine the second risk level indicator indicative of the risk level of the received transaction, a second dynamic value, and a second verification secret value to generate the verification reference value.
  - 13. The system of claim 2, wherein said first generation secret value is shared with a verification server;
    - wherein a symmetric cryptographic algorithm is used to generate the dynamic transaction category approval code by cryptographically combining said first transaction category indicator, said first dynamic value and said first generation secret value;
      
      and wherein another algorithm is used to generate the verification reference value that is the same or similar as the symmetric cryptographic algorithm that is used to generate the dynamic transaction category approval code.
  - 14. The system of claim 4, wherein said first generation secret value is shared with a verification server;
    - wherein a symmetric cryptographic algorithm is used to generate the dynamic risk level approval code by cryptographically combining said first risk level indicator, said first dynamic value and said first generation secret value; and
      
      wherein another algorithm is used to generate the verification reference value that is the same or similar as the symmetric cryptographic algorithm that is used to generate the dynamic risk level approval code.
  - 16. The system of claim 1, wherein the number of transaction categories is at least two and less than six.
  - 17. The system of claim 4, wherein the number of risk levels is at least two and less than six.
  - 18. The system of claim 1, wherein said electronic transactions comprise Internet banking transactions and wherein said criteria include criteria related to the transaction type or the amount of money involved in the transaction or the ownership of accounts involved in the transaction or the historic pattern of the user'"'"'s transactions.
  - 19. The system of claim 1, wherein the dynamic transaction category approval code includes a string or sequence of human-interpretable symbols.

5. A system to generate a dynamic transaction category approval code indicating proof of intention by a user to perform a transaction of a particular transaction category;
- the system configured to obtain from the user a transaction category indicator indicating a particular transaction category selected by the user based on parameters of a transaction that the user intends to execute;
  
  capture the value of at least one dynamic variable;
  
  retrieve one or more secret values;
  
  apply an algorithm to generate a dynamic transaction category approval code using said selected transaction category indicator indicating the particular transaction category of the transaction that the user intends to perform, said dynamic variable value and said one or more secret values;
  
  said algorithm configured to determine with said retrieved one or more secret values a cryptographic secret key, cryptographically combine at least said dynamic variable value and said cryptographic secret key, and transform the result of said cryptographic combination into the dynamic transaction category approval code.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 15, 20)
- - 6. The system of claim 5 wherein said determination of a cryptographic secret key comprises selecting a cryptographic secret key out of said secret values on the basis of the value of said transaction category indicator.
  - 7. The system of claim 5 wherein said retrieving one or more secret values comprises retrieving the value of a master secret and wherein said determining of a cryptographic secret key comprises deriving a cryptographic secret key from said value of said master key using the value of said transaction category indicator.
  - 8. The system of claim 5 wherein said transaction category indicator comprises a risk level indicator.
  - 9. The system of claim 5 wherein said dynamic variable is time related.
  - 10. The system of claim 9 wherein said dynamic variable value comprises the value of a real-time clock.
  - 11. The system of claim 5 wherein said dynamic variable value comprises the value of a counter.
  - 12. The system of claim 5 wherein said cryptographically combining of said dynamic variable value and said cryptographic secret key comprises generating a cryptogram using a mathematical combination of said dynamic variable value and said transaction category indicator and using a cryptographic algorithm that is parameterized with said cryptographic secret key.
  - 15. The system of claim 5, wherein said cryptographically combining said dynamic variable value and said cryptographic secret key is done using a symmetric cryptographic algorithm and wherein said cryptographic secret key is shared with a verification server.
  - 20. The system of claim 5, wherein the number of transaction categories is at least two and less than six.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Onespan North America Incorporated (OneSpan, Inc.)
Original Assignee
Vasco Data Security Incorporated (OneSpan, Inc.)
Inventors
Hoornaert, Frank, Marien, Dirk
Primary Examiner(s)
DADA, BEEMNET W

Application Number

US14/187,840
Publication Number

US 20140237242A1
Time in Patent Office

470 Days
Field of Search

713/168, 713/172, 726 5- 7, 380/28, 380/44
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 2221/2151   Time stamp

G06Q 20/4016   involving fraud or risk lev...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/08   for authentication of entit...

H04L 9/32   including means for verifyi...

H04L 9/3234   involving additional secure...

Compact security device with transaction risk level approval capability

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Compact security device with transaction risk level approval capability

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links