WO2009108129A2 - Improved transaction system and method - Google Patents

Improved transaction system and method Download PDF

Info

Publication number
WO2009108129A2
WO2009108129A2 PCT/SG2009/000069 SG2009000069W WO2009108129A2 WO 2009108129 A2 WO2009108129 A2 WO 2009108129A2 SG 2009000069 W SG2009000069 W SG 2009000069W WO 2009108129 A2 WO2009108129 A2 WO 2009108129A2
Authority
WO
WIPO (PCT)
Prior art keywords
user
remote server
password
cellular phone
phone number
Prior art date
Application number
PCT/SG2009/000069
Other languages
French (fr)
Other versions
WO2009108129A3 (en
Inventor
How Kiap Gueh
Original Assignee
How Kiap Gueh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by How Kiap Gueh filed Critical How Kiap Gueh
Publication of WO2009108129A2 publication Critical patent/WO2009108129A2/en
Publication of WO2009108129A3 publication Critical patent/WO2009108129A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment

Definitions

  • the present invention relates to a system and/or method in the field of commercial transactions, specifically to the field of electronic transactions in an on-line environment.
  • the present invention particularly applies to a method of authenticating a human user when such a user is attempting to gain access to a remote computer system, or its contents, such as a database, or a number of electronic files associated with such a database or computer system.
  • Both scenarios may be referred to as a transaction between a human user and a system.
  • Prevalent problem associated with online transactions from simple scenario where a human user may simply wishes to gain access to a web-based content hosted by a computer system, such as gaining access to an email account, to financially sensitive transactions where a human user may wish to gain access to a remote server for performing a diverse range of financial related transactions where exchange of value is performed between the operator of the remote server (sometimes called the merchant) and the human user, is security.
  • the term merchant refers to any entity that operates a web site or related electronic content, or goods and services provider that is accessible using an electronic communications network, for example, the Internet.
  • Merchant usually hosts such material on a server.
  • the term includes any other third party that may be directly or indirectly performing or providing partial components relating to the performance of a transaction between the merchant and the user. 2. Database security problem
  • Dedicated encryption cards are sometimes deployed on computer systems hosting such encrypted databases to improve performance, at a significant cost.
  • Server security problem In one instance a web-site containing and hosting data belonging to several human users may be prone to vulnerabilities where (1) the human user's password is compromised and an unauthorized person has gained access to the user's data, or (2) an unauthorized person has gain access to the computer system hosting such data and have therefore gain access to data related to all human user's associated with data contained within such a computer system.
  • PCT application no. PCT/SG2001/000102 belonging to the applicant of the subject invention, and its subsequent national phase patent applications/patents disclose an authentication system wherein the user's password is divided into two portions and each portion authenticated over two channel, and one channel being deployed involves the user of a mobile cellular phone.
  • the overall authentication time is considerably lengthens due to the requirement for the user to input several characters on a phone keypad. Further, in various usability studies conducted, the log-on times associated are lengthen by a variance of 10-25%, and this may increase server load (due to hosting several simultaneous VOIP sessions).
  • Internet channel refers to the exchange of TCP/IP data packets between an internet- capable computer browser application and an Internet access gateway.
  • Internet access gateway refers to a server having means to connect a plurality of computer users to the Internet or equivalent electronic communications network.
  • the invention seeks to overcome or alleviate at least one of the problems of the prior art.
  • the invention provides an improved transaction method and system requiring an initial registration of the human user.
  • a human user Upon registration a human user is provided with a user ID and password, or submits to a computer system a preferred computer user ID and password.
  • the computer system further requests for submission of the user's cellular phone number for associating the phone number to the human user.
  • the computer server will initiate a VOIP (voice over IP) session to request for the user to input the last character of the user's password to complete user registration.
  • VOIP voice over IP
  • the remote server When the user has successfully entered log-on information to the remote server, the remote server will look-up the associated cellular phone number of the user and initiate a VOIP session to request for the user to enter the last character or digit of the user's password.
  • the remote server Upon the remote server receiving the correct entered last character of the user's password, the remote server will then allow the user access to the contents associated with the user that is stored on the remote server.
  • the improvement of the present invention is designed to ensure transaction security while at the same time reduce or minimize the length of time for the overall log-on process, since the user is only required to enter the last digit or character of the user's password which will also reduce or minimize VOIP session time for the remote server.
  • Most cellular phones have alpha-numeric keypads and the remote server is further adapted to allow for the human user to input key tone that can correspond to the correct character of the password.
  • the user will simply input once on the number "4" key of the cellular phone's keypad.
  • the user will simply input on the number "6" key of the cellular phone's keypad three times, corresponding to the "N" character on the "6" key.
  • the present invention is designed such that the human user does not have to make any changes to the habit of log-on for gaining access to a remote computer system (or a web-site remote server for example), but at the same time, the responsibility of the second tier authentication (further authenticating the identity of the user) falls on the remote server, and minimizing the VOIP session time required for the overall authentication process.
  • CMS Commercial Transaction System -
  • An improved transaction system that is performed between a user and a sever, over an electronic communications network requiring an initial registration of the human user.
  • a human user is provided with a user ID and password, or submits to a computer system a preferred computer user ID and password.
  • the computer system further requests for submission of the user's cellular phone number for associating the phone number to the human user.
  • the computer server will initiate a VOIP (voice over IP) session to request for the user to input the last character of the user's password to complete user registration.
  • VOIP voice over IP
  • the user When the user attempts to perform a transaction with the remote server, the user will first access a user log-on page that is available via the internet or some other electronic communications network, where such a page will request for the user to enter the following information for log-on:
  • the remote server When the user has successfully entered log-on information to the remote server, the remote server will look-up the associated cellular phone number of the user and initiate a VOIP session to request for the user to enter the last character or digit of the user's password.
  • the term "user” refers to any entity that wishes or has a business or transactional relationship/transaction with the merchant. Also refers to a human user on a computer network or computer system.
  • server refers to any computational host machine with an electronic processor device.
  • transaction refers to any actions made between the merchant and user wherein the actions may involve the exchange of value between the merchant and user.
  • the term includes internet-based financial transactions, electronic commerce, mobile-based commerce, sale/purchase contracts. It may also refer to a exchange of data between a human user and a data source, which may be a database, or database file on a server.
  • the remote server Upon the remote server receiving the correct entered last character of the user's password, the remote server will then allow the user access to the contents associated with the user that is stored on the remote server.
  • the improvement of the present invention is designed to ensure transaction security while at the same time reduce or minimize the length of time for the overall log-on process, since the user is only required to enter the last digit or character of the user's password.
  • Most cellular phones have alpha-numeric keypads and the remote server is further adapted to allow for the human user to input key tone that can correspond to the correct character of the password.
  • Example "A” If the user's password is ⁇ PASSWORD1234>,
  • the user will simply input once on the number "4" key of the cellular phone's keypad.
  • the user will simply input on the number "6" key of the cellular phone's keypad three times, corresponding to the "N" character on the "6" key.
  • the present invention is designed so that the human user does not have to make any changes to the habit of log-on for gaining access to a remote computer system (or a web-site remote server for example), but at the same time, the responsibility of the second tier authentication (further authenticating the identity of the user) falls on the remote server, and minimizing the VOIP session time required for the overall authentication process.
  • a remote computer system or a web-site remote server for example
  • This preferred embodiment is similar to the one above, but makes use of GPS co-ordinates of where the human user is each time a log-in attempt is made.
  • aGPS also called assisted GPS
  • the remote server will ask the human user for ID and password by the remote server, and when the human user enters the last character of user's password on cellular phone, the remote server will also check for the GPS information of where the user is, and compares such current GPS information to where a pre-stored or authorized GPS information for deviation.
  • the remote server may deny access to the human.
  • An improved transaction system that is performed between a user and a sever, over an electronic communications network.
  • the human user is required to make use of only assisted GPS (A.GPS) assisted cellular devices, that is, cellular devices equipped with a GPS receiver that is capable of sending GPS data to a remote a.GPS "assistance server".
  • assisted GPS assisted GPS
  • the term "cellular device/telecommunications device” refers to any device that is portable, and is capable of transmitting and receiving voice transmissions and performance of data exchange between the device and a service provider or telecommunications service provider.
  • server will poll and request for GPS data of the user's current location at point of access request and compare current GPS data to a stored GPS data (captured during initial user registration), if the difference between current and stored GPS data is within a standard variance, the remote server will grant access provided that user ID and password input by user also matches.
  • a database file or encrypted file which can also be a database file
  • the server, or file itself may be protected with a ID and password.
  • the server, or file itself, or both are protected with a ID and password of a human user, during initial registration, which is identical to the preferred embodiment "CMS", will require the use of an "assisted GPS" capable cell phone.
  • a human user is provided with a user ID and password, or submits to a computer system a preferred computer user ID and password.
  • the computer system further requests for submission of the user's cellular phone number for associating the phone number to the human user.
  • the user's cellular phone is then set up to point towards a specified assistance server and related reference a. GPS network location.
  • the computer server will initiate a VOIP (voice over IP) session to request for the user to input the last character of the user's password to complete user registration.
  • VOIP voice over IP
  • the assistance server (which may be operationally connected to the computer system or is part of the computer system performing initial and subsequent authentication of the human user) will compute and store the location data of the human user's point of registration, and in some cases, the point of registration may be also the point of access for subsequent authentication request by the user.
  • the remote server will obtain from assistance server GPS related data such as the following, but not limited to the following:
  • GPS orbital data of the cellular phone's location MMEA 0183 protocol data, MMEA 2000 protocol data, GPSD data, Other proprietary GPS data such as MTK
  • the remote server will make use of this reference location GPS data during future user log-on authentication sessions:
  • the user When the user attempts to perform a transaction with the remote server, the user will first access a user log-on page, or via a suitable software application, or soft code routine that is available via the internet or some other electronic communications network, where such a page will request for the user to enter the following information for log-on:
  • the remote server When the user has successfully entered log-on information to the remote server, the remote server will look-up the associated cellular phone number of the user and initiate a VOIP session to request for the user to enter the last character or digit of the user's password.
  • the remote server now being initiated and made aware of a log-on attempt by a specific user, will request for GPS data from its connected assistance server, and may obtain any of the following data types:
  • GPS orbital data of the cellular phone's location NMEA 0183 protocol data, MMEA 2000 protocol data, GPSD data, Other proprietary GPS data such as MTK
  • the remote server will compare and match the GPS data from the assistance server against the reference GPS data stored during initial user registration and if GPS data matches within a predetermined variance, the remote server proceeds with the remaining steps of the user log-on authentication, however, if such GPS data is outside of the variance, the remote server will terminate the log-on authentication request and store the latest GPS data in an event log.
  • the remote server Upon the remote server receiving the correct entered last character of the user's password, the remote server will then allow the user access to the contents associated with the user that is stored on the remote server.
  • the improvement of the present invention is designed to ensure transaction security while at the same time reduce or minimize the length of time for the overall log-on process, since the user is only required to enter the last digit or character of the user's password. This will also reduce or minimize VOIP session time for the remote server.
  • Most cellular phones have alpha-numeric keypads and the remote server is further adapted to allow for the human user to input key tone that can correspond to the correct character of the password.
  • the user will simply input once on the number "4" key of the cellular phone's keypad.
  • the user will simply input on the number "6" key of the cellular phone's keypad three times, corresponding to the "N" character on the "6" key.
  • An improved transaction system that is performed between a user and a sever over an electronic communications network.
  • the human user's ID, password are associated with a cellular phone number, and during registration of the user, the user would have to be present at the point of access, further allowing the remote server to poll and obtain GPS location information of the user's current GPS information.
  • This associated information is then stored in the remote server, and during subsequent log-on by the user, the user's ID and password is transmitted from the user to the remote server prior to gaining access to the remote server by the user.
  • the remote server will, prior to granting access to the user, poll and request from an operationally connected GPS assistance server for GPS information transmitted from the cellular phone device of the user to the assistance server, and subsequently make use of the current GPS location data of the user and compare against the stored GPS location data first associated during initial registration between the user and the remote server, and such comparison is further measured against a standard deviation variance to allow for some user range flexibility.
  • the remote server Upon successful matching of the user's ID, password, cellular phone and related GPS location data, the remote server will then grant access to the user.
  • the preferred embodiment of the present invention is designed to ensure that the user is attempting to gain access to a remote server or its contents such as stored computer files is polled of the user's location by obtaining the user's GPS related information from user's registered cellular phone number.
  • This preferred embodiment is easier, since there is no requirement for the user to enter any character on the phone, and the assistance server obtains GPS related information and compares it to a location authorization list (location authentication data).
  • the computer file itself has a program that "dials" to the remote server each time human wants to decrypt and access file contents.
  • the file asks human for ID and password, which it sends to the remote server.
  • the remote server looks up the ID and associates with the human's cellular phone number. If the human's ID and password submitted is correct, the remote server proceeds further.
  • the remote server asks another assistance server where the human is by getting GPS data of the human's cell phone number.
  • the file receives the "hashed data" from the server, it decrypts itself and the human can access the file's contents.
  • SRS Secure File Remote System
  • a specified computer file may be a binary file, a disk image file, a database file, or another file with a specified file format.
  • the specified computer file is encrypted and password protected, and a typical file password registration, set-up is as follows:
  • Human user wishes to password protect a computer file by encrypting the file and protecting access by means of a password
  • the computer file is encrypted and password protected by a remote executing server
  • Remote executing server may reside within same memory space of the computer processor of the computer file to be encrypted and password protected, be residing in a separate computer processor of a separate memory space and both computer processors are operationally connected by means of a suitably adapted electronic communications network,
  • the human user is requested to enter a preferred ID and password for implementing encryption and password protection to the computer file, and the ID and password is stored in encrypted form in the computer file in a similar manner such as below (and may vary depending on the file encryption and scheme of password file format for each individual file type and operating system utilized);
  • the (PWD) file that stores the user ID and password is stored on the remote server and this file (PWD) may contain instead a redirector to cause the file to remotely connect and access to the remote server
  • the human user's ID 1 password are associated with a cellular phone number, and during registration of the user, the user would have to be present at the point of access, further allowing the remote server to poll and obtain GPS location information of the user's current GPS information.
  • This associated information is then stored in the remote server, and during subsequent log-on by the user, the user's ID and password is transmitted from the user to the remote server prior to gaining access to the remote server by the user.
  • the remote server will, prior to granting access to the user, poll and request from an operationally connected GPS assistance server for GPS information transmitted from the cellular phone device of the user to the assistance server, and subsequently make use of the current GPS location data of the user and compare against the stored GPS location data first associated during initial registration between the user and the remote server, and such comparison is further measured against a standard deviation variance to allow for some user range flexibility.
  • the remote server Upon successful matching of the user's ID, password, cellular phone and related GPS location data, the remote server will then grant file access to the user.
  • the file (PWD) may further, in one embodiment of the present invention, store a encrypted hashed local password that is principally operated by the remote server upon server performing grant of access between the user and the computer file being protected.
  • the invention provides a method of registering, authenticating, and granting registration access between a human user, an encrypted computer file and a remote server on an electronic communications network for the purpose of executing a subsequent transaction between the user, wherein the encrypted computer file and the remote server, including the steps of;
  • remote server requesting from human user the cellular phone number belonging to the user
  • remote server polling and requesting GPS related information from an operationally connected a. GPS assistance server and associating said information to that of the user's ID and password for subsequent authentication and grant of access between the user, the computer file and the remote server,
  • remote server polling and requesting location authentication data from an operationally connected processor storing allowed GPS related information for point of file access
  • remote server associating the user's cellular phone number to that of the user's ID and password for subsequent authentication and grant of access between the user, the computer file and the remote server,
  • remote server performing encrypted and password protection of the computer file further containing information in relation to remote server.
  • a computer file is the target of protection, and is protecting by encrypting the computer file with a suitable encryption method and code routine, this encryption is performed by the remote server that is suitably connected to the computer file.
  • the computer file may, in addition to its file contents, contain binary code routine allowing:
  • the computer file to initiate and maintain connection via an electronic communications network, to the remote server, and
  • the remote server When the file is to be encrypted by the remote server, the remote server will cause the computer file to first encrypt the file with a remote server generated ID and password,
  • the remote server subsequently allows the human user to amend the password to the user's preferred password, and at the same time, request from the human user the cellular phone number,
  • the human user inputs ID, password and cellular phone number via a login dialogue box that is activated by the computer file, which maintains a connection between the computer file, the remote server, and the human user,
  • the remote server is further connected to a processor containing location authentication data in relation to the file: that is, the GPS location of where such a file may be accessed.
  • a database file containing sensitive records of staff and equipment details of an army unit should only be access within a military facility, therefore, when such a database file is created, its location authentication data is stored on the processor, which shall govern where these files are to be accessed, in relation to their GPS related data.
  • the remote server will request the user's cellular phone number and thereby gain access to the phone's GPS related data, and polls the processor to compare and match against the stored location authentication data to ensure that the file accessed by the user is in the authorized access point (authorized facility during user's attempted access of the database file).
  • the remote server may initiate a voice- over-IP session to request for user to enter input such as the last character of the user's password.
  • the remote server may initiate a encrypted SMS session to request for user to enter input such as the last character of the user's password.
  • This added step ensures that the user is in procession of the cellular phone device, and that the cellular phone device is also within location range of the authorized access point of where the database file is to be accessed and or used by the human user.
  • the remote server proceeds to perform file encryption of the computer file (database file).
  • it provides a method as per the above, including authenticating and granting access between a human user, an encrypted computer file, and a remote server on an electronic communications network for the purpose of executing a transaction between the user, the encrypted computer file and the remote server, including the steps of;
  • remote server polling and requesting from assistance server current GPS related information belonging to cellular phone number of the human user
  • remote server performing comparison and matching of previously associated GPS information and current GPS information relative to a stored reference deviation standard, remote server computing and writing a successful or non-successful match result for said current GPS information,
  • remote server adapted to request for user password via computer file
  • remote server authenticating user input password to remote server stored password and writes result
  • the remote server will grant access between the human user and the computer file if write result for current GPS information is successful, and user ID and password, and associated cellular phone number are correct,
  • remote server further adapted to send a hashed authentication grant to the computer file to allow user access to the said computer file
  • the computer file adapted to receive hashed authentication grant and further adapted to decrypt file to allow user access, wherein the cellular phone device associated with the user's cellular phone number is a compatible device equipped with an assisted GPS receiver.

Abstract

A method of authenticating and granting log-on access between a user and a merchant on an online electronic communications network for the purpose of executing a financial transaction between the merchant and the user, including the steps of: receiving a log-on request from a user including unique information relating to the user; authenticating the log-on request, and if authenticated, providing the user with log-on access to the merchant server, which the user uses in order to effect the financial transaction has been disclosed. Authentication is administered via user ID and password. Additionally, GPS data of a user's mobile phone may be polled or/and the user may be requested to enter a certain sound or tone in a VIOP call.

Description

IMPROVED TRANSACTION SYSTEM AND METHOD
TECHNICAL FIELD
The present invention relates to a system and/or method in the field of commercial transactions, specifically to the field of electronic transactions in an on-line environment.
The present invention particularly applies to a method of authenticating a human user when such a user is attempting to gain access to a remote computer system, or its contents, such as a database, or a number of electronic files associated with such a database or computer system.
Both scenarios may be referred to as a transaction between a human user and a system.
BACKGROUND & PRIOR ART
With the advent of on-line networks, such as the Internet, commercial transactions in an on-line environment have become increasingly prevalent. Innumerable on-line sites now exist offering users a multitude of products and services that may be purchased via electronic transactions. However, one may encounter the following problems with the available options:
1. Transaction security problem
Prevalent problem associated with online transactions, from simple scenario where a human user may simply wishes to gain access to a web-based content hosted by a computer system, such as gaining access to an email account, to financially sensitive transactions where a human user may wish to gain access to a remote server for performing a diverse range of financial related transactions where exchange of value is performed between the operator of the remote server (sometimes called the merchant) and the human user, is security. There are now many instances where a user's identify is stolen and an unauthorized person may make use of the legitimate user's password to gain access to otherwise inaccessible data. The term merchant refers to any entity that operates a web site or related electronic content, or goods and services provider that is accessible using an electronic communications network, for example, the Internet. Merchant usually hosts such material on a server. The term includes any other third party that may be directly or indirectly performing or providing partial components relating to the performance of a transaction between the merchant and the user. 2. Database security problem
In many databases present today, there is an option of having a database stored on a computer server either encrypted or unencrypted. Encrypted databases, especially large databases, sometimes in sizes of several gigabytes or even several hundred gigabytes, will have I/O performance bottlenecks.
Dedicated encryption cards are sometimes deployed on computer systems hosting such encrypted databases to improve performance, at a significant cost.
For unencrypted databases, depending on the security set-up of the computer system storing the database and the general network security policies implemented to which the computer system is connected to, these databases present a clear vulnerability for misuse.
3. Server security problem In one instance a web-site containing and hosting data belonging to several human users may be prone to vulnerabilities where (1) the human user's password is compromised and an unauthorized person has gained access to the user's data, or (2) an unauthorized person has gain access to the computer system hosting such data and have therefore gain access to data related to all human user's associated with data contained within such a computer system.
In some cases, where the computer system concerned stores credit card numbers of a database, or where a database containing financially sensitive or even governmental-related information, the consequence of a security breach can be quite problematic.
This problem is now spreading to portable storage devices such as USB thumbdrives, for example.
PCT application no. PCT/SG2001/000102 belonging to the applicant of the subject invention, and its subsequent national phase patent applications/patents disclose an authentication system wherein the user's password is divided into two portions and each portion authenticated over two channel, and one channel being deployed involves the user of a mobile cellular phone.
The overall authentication time is considerably lengthens due to the requirement for the user to input several characters on a phone keypad. Further, in various usability studies conducted, the log-on times associated are lengthen by a variance of 10-25%, and this may increase server load (due to hosting several simultaneous VOIP sessions).
Extended studies further indicate that the users have difficulty remembering the point where each character would be "separated" into its respective portions for authentication on either channels (one on the internet channel and second on the "phone" channel).
This has the effect of further extending the overall error rate and VOIP session times.
The term "internet channel" refers to the exchange of TCP/IP data packets between an internet- capable computer browser application and an Internet access gateway.
The term "internet access gateway" refers to a server having means to connect a plurality of computer users to the Internet or equivalent electronic communications network.
There is therefore a need for a transaction system and/or method that provides users with an improved degree of anonymity, privacy and/or security.
SUMMARY OF THE INVENTION
The present invention seeks to overcome or alleviate at least one of the problems of the prior art. According to one embodiment of the present invention, the invention provides an improved transaction method and system requiring an initial registration of the human user. Upon registration a human user is provided with a user ID and password, or submits to a computer system a preferred computer user ID and password. The computer system further requests for submission of the user's cellular phone number for associating the phone number to the human user. Once the user submits the cellular phone number, the computer server will initiate a VOIP (voice over IP) session to request for the user to input the last character of the user's password to complete user registration. When the user attempts to perform a transaction with the remote server, the user will first access a user log-on page that is available via the internet or some other electronic communications network, where such a page will request for the user to enter the following information for log-on:
User's ID, and User's password When the user has successfully entered log-on information to the remote server, the remote server will look-up the associated cellular phone number of the user and initiate a VOIP session to request for the user to enter the last character or digit of the user's password.
Upon the remote server receiving the correct entered last character of the user's password, the remote server will then allow the user access to the contents associated with the user that is stored on the remote server.
It should be noted that the improvement of the present invention is designed to ensure transaction security while at the same time reduce or minimize the length of time for the overall log-on process, since the user is only required to enter the last digit or character of the user's password which will also reduce or minimize VOIP session time for the remote server.
Most cellular phones have alpha-numeric keypads and the remote server is further adapted to allow for the human user to input key tone that can correspond to the correct character of the password.
For example;
Example "A"
If the user's password is <PASSWORD1234>,
During VOIP session authentication, the user will simply input once on the number "4" key of the cellular phone's keypad.
Example "B"
If the user's password is <MANGOMAN>,
During VOIP session authetication, the user will simply input on the number "6" key of the cellular phone's keypad three times, corresponding to the "N" character on the "6" key.
The present invention is designed such that the human user does not have to make any changes to the habit of log-on for gaining access to a remote computer system (or a web-site remote server for example), but at the same time, the responsibility of the second tier authentication (further authenticating the identity of the user) falls on the remote server, and minimizing the VOIP session time required for the overall authentication process. DETAILED DESCRIPTION QF THE PREFERRED EMBODIMENTS OF THE INVENTION
Commercial Transaction System - (CMS)
An improved transaction system that is performed between a user and a sever, over an electronic communications network requiring an initial registration of the human user.
A human user is provided with a user ID and password, or submits to a computer system a preferred computer user ID and password.
The computer system further requests for submission of the user's cellular phone number for associating the phone number to the human user.
Once the user submits the cellular phone number, the computer server will initiate a VOIP (voice over IP) session to request for the user to input the last character of the user's password to complete user registration.
Transaction between user and the computer server.
When the user attempts to perform a transaction with the remote server, the user will first access a user log-on page that is available via the internet or some other electronic communications network, where such a page will request for the user to enter the following information for log-on:
User's ID, and User's password
When the user has successfully entered log-on information to the remote server, the remote server will look-up the associated cellular phone number of the user and initiate a VOIP session to request for the user to enter the last character or digit of the user's password.
The term "user" refers to any entity that wishes or has a business or transactional relationship/transaction with the merchant. Also refers to a human user on a computer network or computer system.
The term server" refers to any computational host machine with an electronic processor device.
The term "transaction" refers to any actions made between the merchant and user wherein the actions may involve the exchange of value between the merchant and user. The term includes internet-based financial transactions, electronic commerce, mobile-based commerce, sale/purchase contracts. It may also refer to a exchange of data between a human user and a data source, which may be a database, or database file on a server.
Upon the remote server receiving the correct entered last character of the user's password, the remote server will then allow the user access to the contents associated with the user that is stored on the remote server.
It should be noted that the improvement of the present invention is designed to ensure transaction security while at the same time reduce or minimize the length of time for the overall log-on process, since the user is only required to enter the last digit or character of the user's password.
This will also reduce or minimize VOIP session time for the remote server.
Most cellular phones have alpha-numeric keypads and the remote server is further adapted to allow for the human user to input key tone that can correspond to the correct character of the password.
For example; Example "A" If the user's password is <PASSWORD1234>,
During VOIP session authentication, the user will simply input once on the number "4" key of the cellular phone's keypad.
Example "B"
If the user's password is <MANGOMAN>,
During VOIP session authetication, the user will simply input on the number "6" key of the cellular phone's keypad three times, corresponding to the "N" character on the "6" key.
The present invention is designed so that the human user does not have to make any changes to the habit of log-on for gaining access to a remote computer system (or a web-site remote server for example), but at the same time, the responsibility of the second tier authentication (further authenticating the identity of the user) falls on the remote server, and minimizing the VOIP session time required for the overall authentication process. User Tracing Transaction System -(UTS)
This preferred embodiment is similar to the one above, but makes use of GPS co-ordinates of where the human user is each time a log-in attempt is made.
This preferred embodiment the user must have an aGPS (also called assisted GPS) cellular phone.
Basically, it will ask the human user for ID and password by the remote server, and when the human user enters the last character of user's password on cellular phone, the remote server will also check for the GPS information of where the user is, and compares such current GPS information to where a pre-stored or authorized GPS information for deviation.
If the deviation is large or outside of a permitted variance, then the remote server may deny access to the human.
Highly useful when user should only be gaining access to a server or its contents within a certain facility location - like government military records.
An improved transaction system that is performed between a user and a sever, over an electronic communications network.
This preferred embodiment of the present invention is identical to that of the preferred embodiment "CMS", except that;
1 ) The human user is required to make use of only assisted GPS (A.GPS) assisted cellular devices, that is, cellular devices equipped with a GPS receiver that is capable of sending GPS data to a remote a.GPS "assistance server". The term "cellular device/telecommunications device" refers to any device that is portable, and is capable of transmitting and receiving voice transmissions and performance of data exchange between the device and a service provider or telecommunications service provider.
2) The human user upon input of user ID and password to the remote server, server will poll and request for GPS data of the user's current location at point of access request and compare current GPS data to a stored GPS data (captured during initial user registration), if the difference between current and stored GPS data is within a standard variance, the remote server will grant access provided that user ID and password input by user also matches. Usage environment:
In usage environments where sensitive data is to be accessed by a human user, for instance, a database file or encrypted file (which can also be a database file), the server, or file itself may be protected with a ID and password.
In military and government environment where normally such data needs to be accessed within a secure or designated facility, the server, or file itself, or both, are protected with a ID and password of a human user, during initial registration, which is identical to the preferred embodiment "CMS", will require the use of an "assisted GPS" capable cell phone.
Initial registration of the human user.
A human user is provided with a user ID and password, or submits to a computer system a preferred computer user ID and password.
The computer system further requests for submission of the user's cellular phone number for associating the phone number to the human user.
The user's cellular phone is then set up to point towards a specified assistance server and related reference a. GPS network location.
Once the user submits the cellular phone number, the computer server will initiate a VOIP (voice over IP) session to request for the user to input the last character of the user's password to complete user registration.
Further, the assistance server (which may be operationally connected to the computer system or is part of the computer system performing initial and subsequent authentication of the human user) will compute and store the location data of the human user's point of registration, and in some cases, the point of registration may be also the point of access for subsequent authentication request by the user.
The remote server will obtain from assistance server GPS related data such as the following, but not limited to the following:
Network atomic time,
Phone approximate location by reference to cell site ID on cellular network, GPS orbital data of the cellular phone's location, MMEA 0183 protocol data, MMEA 2000 protocol data, GPSD data, Other proprietary GPS data such as MTK
Once such data is matched and stored on the remote server, the remote server will make use of this reference location GPS data during future user log-on authentication sessions:
Transaction between user and the computer server
When the user attempts to perform a transaction with the remote server, the user will first access a user log-on page, or via a suitable software application, or soft code routine that is available via the internet or some other electronic communications network, where such a page will request for the user to enter the following information for log-on:
User's ID, and User's password
When the user has successfully entered log-on information to the remote server, the remote server will look-up the associated cellular phone number of the user and initiate a VOIP session to request for the user to enter the last character or digit of the user's password.
At the same time, the remote server, now being initiated and made aware of a log-on attempt by a specific user, will request for GPS data from its connected assistance server, and may obtain any of the following data types:
Network atomic time,
Phone approximate location by reference to cell site ID on cellular network, GPS orbital data of the cellular phone's location, NMEA 0183 protocol data, MMEA 2000 protocol data, GPSD data, Other proprietary GPS data such as MTK
The remote server will compare and match the GPS data from the assistance server against the reference GPS data stored during initial user registration and if GPS data matches within a predetermined variance, the remote server proceeds with the remaining steps of the user log-on authentication, however, if such GPS data is outside of the variance, the remote server will terminate the log-on authentication request and store the latest GPS data in an event log.
Upon the remote server receiving the correct entered last character of the user's password, the remote server will then allow the user access to the contents associated with the user that is stored on the remote server.
It should be noted that the improvement of the present invention is designed to ensure transaction security while at the same time reduce or minimize the length of time for the overall log-on process, since the user is only required to enter the last digit or character of the user's password. This will also reduce or minimize VOIP session time for the remote server.
Most cellular phones have alpha-numeric keypads and the remote server is further adapted to allow for the human user to input key tone that can correspond to the correct character of the password.
For example;
Example "A" If the user's password is <PASSWORD1234>,
During VOIP session authentication, the user will simply input once on the number "4" key of the cellular phone's keypad.
Example "B"
If the user's password is <MANGOMAN>,
During VOIP session authetication, the user will simply input on the number "6" key of the cellular phone's keypad three times, corresponding to the "N" character on the "6" key.
Normalized Secure Transaction System(NTS)
An improved transaction system that is performed between a user and a sever over an electronic communications network.
In this preferred embodiment of the present invention, the human user's ID, password are associated with a cellular phone number, and during registration of the user, the user would have to be present at the point of access, further allowing the remote server to poll and obtain GPS location information of the user's current GPS information.
This associated information is then stored in the remote server, and during subsequent log-on by the user, the user's ID and password is transmitted from the user to the remote server prior to gaining access to the remote server by the user.
The remote server will, prior to granting access to the user, poll and request from an operationally connected GPS assistance server for GPS information transmitted from the cellular phone device of the user to the assistance server, and subsequently make use of the current GPS location data of the user and compare against the stored GPS location data first associated during initial registration between the user and the remote server, and such comparison is further measured against a standard deviation variance to allow for some user range flexibility.
Upon successful matching of the user's ID, password, cellular phone and related GPS location data, the remote server will then grant access to the user.
The preferred embodiment of the present invention is designed to ensure that the user is attempting to gain access to a remote server or its contents such as stored computer files is polled of the user's location by obtaining the user's GPS related information from user's registered cellular phone number.
This preferred embodiment is easier, since there is no requirement for the user to enter any character on the phone, and the assistance server obtains GPS related information and compares it to a location authorization list (location authentication data).
There is no attempt by the remote server to initiate any VOIP session.
This is the most complicated, but basically, it encrypts a computer file, the encryption is done by a remote server.
The computer file itself has a program that "dials" to the remote server each time human wants to decrypt and access file contents.
The file asks human for ID and password, which it sends to the remote server. The remote server looks up the ID and associates with the human's cellular phone number. If the human's ID and password submitted is correct, the remote server proceeds further.
The remote server asks another assistance server where the human is by getting GPS data of the human's cell phone number.
It then checks if the location where the file is, is within an acceptable location deviation (e.g. the office), if it does, then the remote server will say OK to the file (by sending the correct information called a hashed data)
Once the file receives the "hashed data" from the server, it decrypts itself and the human can access the file's contents.
Secure File Remote System (SRS) In another preferred embodiment of the present invention, a method is disclosed wherein a computer file may be suitably encrypted and protected in a similar fashion to the preferred embodiment "CMS".
In this preferred embodiment, a specified computer file may be a binary file, a disk image file, a database file, or another file with a specified file format.
The specified computer file is encrypted and password protected, and a typical file password registration, set-up is as follows:
Human user wishes to password protect a computer file by encrypting the file and protecting access by means of a password,
The computer file is encrypted and password protected by a remote executing server,
Remote executing server may reside within same memory space of the computer processor of the computer file to be encrypted and password protected, be residing in a separate computer processor of a separate memory space and both computer processors are operationally connected by means of a suitably adapted electronic communications network,
The human user is requested to enter a preferred ID and password for implementing encryption and password protection to the computer file, and the ID and password is stored in encrypted form in the computer file in a similar manner such as below (and may vary depending on the file encryption and scheme of password file format for each individual file type and operating system utilized);
In one embodiment, the (PWD) file that stores the user ID and password is stored on the remote server and this file (PWD) may contain instead a redirector to cause the file to remotely connect and access to the remote server
AuthName "file name" AuthType encryption AESD AuthUserFile /BASEDIR/.htpasswdD require valid-user
In this preferred embodiment of the present invention, the human user's ID1 password are associated with a cellular phone number, and during registration of the user, the user would have to be present at the point of access, further allowing the remote server to poll and obtain GPS location information of the user's current GPS information.
This associated information is then stored in the remote server, and during subsequent log-on by the user, the user's ID and password is transmitted from the user to the remote server prior to gaining access to the remote server by the user.
The remote server will, prior to granting access to the user, poll and request from an operationally connected GPS assistance server for GPS information transmitted from the cellular phone device of the user to the assistance server, and subsequently make use of the current GPS location data of the user and compare against the stored GPS location data first associated during initial registration between the user and the remote server, and such comparison is further measured against a standard deviation variance to allow for some user range flexibility.
Upon successful matching of the user's ID, password, cellular phone and related GPS location data, the remote server will then grant file access to the user.
The file (PWD) may further, in one embodiment of the present invention, store a encrypted hashed local password that is principally operated by the remote server upon server performing grant of access between the user and the computer file being protected. Example of the above with notes:
In another preferred embodiment of the present invention; the invention provides a method of registering, authenticating, and granting registration access between a human user, an encrypted computer file and a remote server on an electronic communications network for the purpose of executing a subsequent transaction between the user, wherein the encrypted computer file and the remote server, including the steps of;
first registering the human user in relation to the computer file to be encrypted and password protected by issuance of a user ID and user password from the remote server to the user, user amends issued password from remote server to user's preferred password,
user submitting user ID and server accepted, user preferred password to remote server via an electronic communications network,
remote server requesting from human user the cellular phone number belonging to the user,
user submitting requested cellular phone number to remote server,
remote server polling and requesting GPS related information from an operationally connected a. GPS assistance server and associating said information to that of the user's ID and password for subsequent authentication and grant of access between the user, the computer file and the remote server,
remote server polling and requesting location authentication data from an operationally connected processor storing allowed GPS related information for point of file access,
remote server associating the user's cellular phone number to that of the user's ID and password for subsequent authentication and grant of access between the user, the computer file and the remote server,
remote server performing encrypted and password protection of the computer file further containing information in relation to remote server. In the above, a computer file is the target of protection, and is protecting by encrypting the computer file with a suitable encryption method and code routine, this encryption is performed by the remote server that is suitably connected to the computer file.
The computer file may, in addition to its file contents, contain binary code routine allowing:
the computer file to initiate and maintain connection via an electronic communications network, to the remote server, and
perform or complete data encryption of its own contents, and Perform or complete data decryption of its own contents.
When the file is to be encrypted by the remote server, the remote server will cause the computer file to first encrypt the file with a remote server generated ID and password,
The remote server subsequently allows the human user to amend the password to the user's preferred password, and at the same time, request from the human user the cellular phone number,
It should be noted that the human user inputs ID, password and cellular phone number via a login dialogue box that is activated by the computer file, which maintains a connection between the computer file, the remote server, and the human user,
The remote server is further connected to a processor containing location authentication data in relation to the file: that is, the GPS location of where such a file may be accessed.
For example, a database file containing sensitive records of staff and equipment details of an army unit should only be access within a military facility, therefore, when such a database file is created, its location authentication data is stored on the processor, which shall govern where these files are to be accessed, in relation to their GPS related data.
The remote server will request the user's cellular phone number and thereby gain access to the phone's GPS related data, and polls the processor to compare and match against the stored location authentication data to ensure that the file accessed by the user is in the authorized access point (authorized facility during user's attempted access of the database file). In another preferred embodiment of the present invention, the remote server may initiate a voice- over-IP session to request for user to enter input such as the last character of the user's password.
In another preferred embodiment of the present invention, the remote server may initiate a encrypted SMS session to request for user to enter input such as the last character of the user's password.
This added step ensures that the user is in procession of the cellular phone device, and that the cellular phone device is also within location range of the authorized access point of where the database file is to be accessed and or used by the human user.
Once the human user is properly registered, the user's current GPS information, ID, password and cellular phone number are associated with the remote server, the remote server proceeds to perform file encryption of the computer file (database file).
According to an another preferred embodiment of the invention it provides a method as per the above, including authenticating and granting access between a human user, an encrypted computer file, and a remote server on an electronic communications network for the purpose of executing a transaction between the user, the encrypted computer file and the remote server, including the steps of;
user performing decryption by activating computer file and computer file adapted to request from user ID information,
user submitting user ID to computer file and computer file adapted to connect to remote server via an electronic communications network,
computer file adapted to submit user ID to remote server,
remote server retrieving associated cellular phone number belonging to the user,
remote server polling and requesting from assistance server current GPS related information belonging to cellular phone number of the human user,
remote server performing comparison and matching of previously associated GPS information and current GPS information relative to a stored reference deviation standard, remote server computing and writing a successful or non-successful match result for said current GPS information,
remote server adapted to request for user password via computer file,
user inputs password and computer file is adapted to forward user input password to remote server,
remote server authenticating user input password to remote server stored password and writes result,
the remote server will grant access between the human user and the computer file if write result for current GPS information is successful, and user ID and password, and associated cellular phone number are correct,
remote server further adapted to send a hashed authentication grant to the computer file to allow user access to the said computer file,
computer file adapted to receive hashed authentication grant and further adapted to decrypt file to allow user access, wherein the cellular phone device associated with the user's cellular phone number is a compatible device equipped with an assisted GPS receiver.
Modifications within the spirit and scope of the invention may readily be effected by persons skilled in the art. It is to be understood, therefore, that this invention is not limited to the particular and preferred embodiments described by way of example hereinabove.

Claims

Claims
1. A method of registering, authenticating, and granting registration access between a human user and a remote server on an electronic communications network for the purpose of executing a subsequent transaction between the user and the remote server, including the steps of; registering a human user by issuance of a user ID and user password from a remote server to the user, the user submitting the user ID and password to the remote server via an electronic com mu nications network, the remote server requesting from the human user a cellular phone number belonging to the user, the user submitting the requested cellular phone number to the remote server, the remote server initiating a voice-over-IP session between the server and the user by server initiating session to the user's cellular phone number, the remote server requesting the user to input last or final character of the user's password via the same voice-over-IP session, the user performing input of requested last or final character of the user's password by means of activating appropriate key tone during voice-over-IP session, the remote server receiving and interpreting key tone input of the user during voice-over-
IP session, the remote server comparing and matching interpreted key tone to last or final character of the user's password and further allowing authentication and registration to succeed and complete if a match is found, the remote server associating the user's cellular phone number to that of the user's ID and password for subsequent authentication and grant of access between the user and the remote server.
2. A method as claimed in claim 1 , including authenticating and granting access between a human user and a remote server on an electronic communications network for the purpose of executing a transaction between the user and the remote server, including the steps of; a user submitting a user ID and password to a remote server via an electronic communications network, the remote server retrieving a associated cellular phone number belonging to the user, the remote server initiating a voice-over-IP session between the server and the user by server initiating session to the user's cellular phone number, the remote server requesting the user to input last or final character of the user's password via the same voice-over-IP session, the user performing input of requested last or final character of the user's password by means of activating appropriate key tone during voice-over-IP session, the remote server receiving and interpreting key tone input of the user during voice-over-
IP session, the remote server comparing and matching interpreted key tone to last or final character of the user's password for a successful match, upon a successful match, the remote server will grant access between the human user and the remote server, if the match is not successful, the remote server will deny access between the human user and the remote server.
3. A method as claimed in claim 1 , the remote server first registering the human user by requesting the user to input a preferred ID and the remote server performing issuance of a password to the human user after the human user's preferred ID is accepted by the remote server.
4. A method as claimed in claim 1 and claim 2, the remote server allowing the same key tone to be input by the user multiple times within the same voice-over-IP session to represent the user's alpha-numeric character or digit on the user's cellular phone device, further allowing the user to input the correct last or final character of the user's password to the remote server.
5. A method as claimed in claims 1 to 4, wherein the keypad and key tone refers to the ITU standard alphanumeric keypad in accordance to ITU-T recommendation E.161.
6. A method of registering, authenticating, and granting registration access between a human user and a remote server on an electronic communications network for the purpose of executing a subsequent transaction between the user and the remote server, including the steps of; registering a human user by issuance of a user ID and user password from a remote server to the user, the user submitting the user ID and password to the remote server via an electronic communications network, the remote server requesting from the human user a cellular phone number belonging to the user, the user submitting the requested cellular phone number to the remote server, the remote server initiating a voice-over-IP session between the server and the user by server initiating session to the user's cellular phone number, the remote server requesting the user to input last or final character of the user's password via the same voice-over-IP session, the user performing input of requested last or final character of user's password by means of activating appropriate key tone during voice-over-IP session, the remote server receiving and interpreting key tone input of user during voice-over-IP session, the remote server comparing and matching the interpreted key tone to last or final character of the user's password and, the remote server polling and requesting GPS related information from an operationally connected a. GPS assistance server and associating said information to that of the user's ID and password for subsequent authentication and grant of access between the user and the remote server, the remote server associating the user's cellular phone number to that of the user's ID and password for subsequent authentication and grant of access between the user and the remote server.
7. A method as claimed in claim 6, including authenticating and granting access between a human user and a remote server on an electronic communications network for the purpose of executing a transaction between the user and the remote server, including the steps of; a user submitting user ID and password to a remote server via an electronic communications network, the remote server retrieving associated cellular phone number belonging to the user, the remote server initiating a voice-over-IP session between the server and the user by server initiating session to the user's cellular phone number, the remote server requesting the user to input last or final character of the user's password via the same voice-over-IP session, the user performing input of requested last or final character of the user's password by means of activating appropriate key tone during voice-over-IP session, the remote server receiving and interpreting key tone input of the user during voice-over- IP session, the remote server polling and requesting from assistance server current GPS related information belonging to the cellular phone number of the human user, the remote server performing comparison and matching of previously associated GPS information and current GPS information relative to a stored reference deviation standard, the remote server computing and writing a successful or non-successful match result for said current GPS information, the remote server comparing and matching the interpreted key tone to last or final character user password for a successful match, writing a successful or non-successful match result for said password information, the remote server granting access between the human user and the remote server if write result for both current GPS information and password information are both successful.
8. A method as claimed in claim 6, the remote server first registering human user by requesting user to input a preferred ID and the remote server performing issuance of a password to the human user after the human user's preferred ID is accepted by the remote server.
9. A method as claimed in claim 6 and claim 7, the remote server allowing the same key tone to be input by user multiple times within the same voice-over-IP session to represent the user's alpha-numeric character or digit on the user's cellular phone device, further allowing the user to input the correct last or final character of the user's password to the remote server.
10. A method as claimed in claims 6 to 9, wherein the keypad and key tone refers to the ITU standard alphanumeric keypad in accordance to ITU-T recommendation E.161.
11. A method as claimed in claims 6 to 9, wherein the cellular phone device associated with the user's cellular phone number is a compatible device equipped with an assisted GPS receiver.
12. A method of registering, authenticating, and granting registration access between a human user and a remote server on an electronic communications network for the purpose of executing a subsequent transaction between the user and the remote server, including the steps of; registering a human user by issuance of a user ID and user password from a remote server to the user, the user submitting the user ID and password to the remote server via an electronic communications network, the remote server requesting from the human user a cellular phone number belonging to the user, the user submitting requested cellular phone number to the remote server, the remote server polling and requesting GPS related information from an operationally connected a. GPS assistance server and associating said information to that of the user's ID and password for subsequent authentication and grant of access between the user and the remote server, the remote server associating the user's cellular phone number to that of the user's ID and password for subsequent authentication and grant of access between the user and the remote server.
13. A method as claimed in claim 12, including authenticating and granting access between a human user and a remote server on an electronic communications network for the purpose of executing a transaction between the user and the remote server, including the steps of; a user submitting a user ID and password to a remote server via an electronic communications network, a remote server retrieving associated a cellular phone number belonging to the user, the remote server polling and requesting from assistance server current GPS related information belonging to the cellular phone number of the human user, the remote server performing comparison and matching of previously associated GPS information and current GPS information relative to a stored reference deviation standard, the remote server computing and writing a successful or non-successful match result for said current GPS information, the remote server granting access between the human user and the remote server if write result for current GPS information is successful, and the user ID and password, and associated cellular phone number are correct.
14. A method as claimed in claim 12, the remote server first registering the human user by requesting the user to input a preferred ID and remote server performing issuance of a password to the human user after the human user's preferred ID is accepted by the remote server.
15. A method as claimed in claims 12 to 13, wherein the cellular phone device associated with the user's cellular phone number is a compatible device equipped with an assisted GPS receiver.
16. A method of registering, authenticating, and granting registration access between a human user, an encrypted computer file and a remote server on an electronic communications network for the purpose of executing a subsequent transaction between the user, the encrypted computer file and the remote server, including the steps of; registering a human user in relation to a computer file to be encrypted and password protected by issuance of a user ID and user password from a remote server to the user, the user amends the issued password from the remote server to user's preferred password, the user submitting the user ID and server accepted, the user's preferred password to the remote server via an electronic communications network, the remote server requesting from the human user a cellular phone number belonging to the user, the user submitting the requested cellular phone number to the remote server, the remote server polling and requesting GPS related information from an operationally connected a. GPS assistance server and associating said information to that of the user's ID and password for subsequent authentication and grant of access between the user, the computer file and the remote server, the remote server polling and requesting location authentication data from an operationally connected processor storing allowed GPS related information for point of file access, the remote server associating the user's cellular phone number to that of the user's ID and password for subsequent authentication and grant of access between the user, the computer file and the remote server, the remote server performing encrypted and password protection of the computer file further containing information in relation to the remote server.
17. A method as claimed in claim 16, including authenticating, and granting access between a human user, an encrypted computer file, and a remote server on an electronic communications network for the purpose of executing a transaction between the user, the encrypted computer file and the remote server, including the steps of; a user performing decryption by activating a computer file and the computer file adapted to request user ID information, the user submitting a user ID to the computer file and the computer file adapted to connect to a remote server via an electronic communications network, the computer file adapted to submit the user ID to the remote server, the remote server retrieving a associated cellular phone number belonging to the user, the remote server polling and requesting from assistance server current GPS related information belonging to the cellular phone number of a human user, the remote server performing comparison and matching of previously associated GPS information and current GPS information relative to a stored reference deviation standard, the remote server computing and writing a successful or non-successful match result for said current GPS information, the remote server adapted to request for a user password via the computer file, the user inputs password and computer file is adapted to forward the user input password to the remote server, the remote server authenticating the user input password to the remote server stored password and writes result, the remote server granting access between the human user and the computer file if write result for current GPS information is successful, and the user ID and password, and the associated cellular phone number are correct, the remote server further adapted to send a hashed authentication grant to the computer file to allow the user access to the said computer file, the computer file adapted to receive the hashed authentication grant and further adapted to decrypt file to allow user access.
18. A method as claimed in claims 16 and 17, wherein the cellular phone device associated with the user's cellular phone number is a compatible device equipped with an assisted GPS receiver.
PCT/SG2009/000069 2008-02-29 2009-02-27 Improved transaction system and method WO2009108129A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG200801758-4 2008-02-29
SG200801758-4A SG155090A1 (en) 2008-02-29 2008-02-29 Improved transaction system and method

Publications (2)

Publication Number Publication Date
WO2009108129A2 true WO2009108129A2 (en) 2009-09-03
WO2009108129A3 WO2009108129A3 (en) 2011-09-22

Family

ID=41016626

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SG2009/000069 WO2009108129A2 (en) 2008-02-29 2009-02-27 Improved transaction system and method

Country Status (2)

Country Link
SG (1) SG155090A1 (en)
WO (1) WO2009108129A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120144470A1 (en) * 2010-11-29 2012-06-07 Electronics And Telecommunications Research Institute User authentication method using location information
CN111478844A (en) * 2019-01-24 2020-07-31 苏州触达信息技术有限公司 Ultrasound-based VPN communication system, method and computer-readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003032126A2 (en) * 2001-10-09 2003-04-17 Wireless Key Identification Systems, Inc. Multi-factor authentication system
EP1580641A2 (en) * 2004-03-24 2005-09-28 Broadcom Corporation Global positioning system (GPS) based secure access
WO2007079595A1 (en) * 2006-01-13 2007-07-19 Authenticor Identity Protection Services Inc. Et Al. Multi-mode credential authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003032126A2 (en) * 2001-10-09 2003-04-17 Wireless Key Identification Systems, Inc. Multi-factor authentication system
EP1580641A2 (en) * 2004-03-24 2005-09-28 Broadcom Corporation Global positioning system (GPS) based secure access
WO2007079595A1 (en) * 2006-01-13 2007-07-19 Authenticor Identity Protection Services Inc. Et Al. Multi-mode credential authentication

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120144470A1 (en) * 2010-11-29 2012-06-07 Electronics And Telecommunications Research Institute User authentication method using location information
CN111478844A (en) * 2019-01-24 2020-07-31 苏州触达信息技术有限公司 Ultrasound-based VPN communication system, method and computer-readable storage medium
CN111478844B (en) * 2019-01-24 2021-12-17 苏州触达信息技术有限公司 Ultrasound-based VPN communication system, method and computer-readable storage medium

Also Published As

Publication number Publication date
SG155090A1 (en) 2009-09-30
WO2009108129A3 (en) 2011-09-22

Similar Documents

Publication Publication Date Title
US10904234B2 (en) Systems and methods of device based customer authentication and authorization
US9621344B2 (en) Method and system for recovering a security credential
US20100250937A1 (en) Method And System For Securely Caching Authentication Elements
US10924289B2 (en) Public-private key pair account login and key manager
US20210234850A1 (en) System and method for accessing encrypted data remotely
CN109981665B (en) Resource providing method and device, and resource access method, device and system
US20180130056A1 (en) Method and system for transaction security
KR20220086580A (en) Non-custodial tool for building decentralized computer applications
US20180262471A1 (en) Identity verification and authentication method and system
US20090220075A1 (en) Multifactor authentication system and methodology
EP2414983B1 (en) Secure Data System
US10348496B2 (en) Method for leveraging a secure telecommunication session
US20050125698A1 (en) Methods and systems for enabling secure storage of sensitive data
EP2775658A2 (en) A password based security method, systems and devices
US20230362018A1 (en) System and Method for Secure Internet Communications
US11245684B2 (en) User enrollment and authentication across providers having trusted authentication and identity management services
AU2020296853A1 (en) Method and chip for authenticating to a device and corresponding authentication device and system
JP7079528B2 (en) Service provision system and service provision method
WO2009108129A2 (en) Improved transaction system and method
KR20200067987A (en) Method of login control
EP4044499A1 (en) Simple authentication method and system using web storage of browser
KR20140023085A (en) A method for user authentication, a authentication server and a user authentication system
TWI778319B (en) Method for cross-platform authorizing access to resources and authorization system thereof
US20220245629A1 (en) A computer implemented method of authorizing a user of a communication device access to restricted content on a server.
JP2023023804A (en) Authentication system, authentication apparatus, and authentication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09713950

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09713950

Country of ref document: EP

Kind code of ref document: A2