US20220311610A1 - Authentication system using paired, role reversing personal devices - Google Patents
Authentication system using paired, role reversing personal devices Download PDFInfo
- Publication number
- US20220311610A1 US20220311610A1 US17/717,650 US202217717650A US2022311610A1 US 20220311610 A1 US20220311610 A1 US 20220311610A1 US 202217717650 A US202217717650 A US 202217717650A US 2022311610 A1 US2022311610 A1 US 2022311610A1
- Authority
- US
- United States
- Prior art keywords
- user
- encryption
- computing device
- user controlled
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
- G06F1/16—Constructional details or arrangements
- G06F1/1613—Constructional details or arrangements for portable computers
- G06F1/163—Wearable computers, e.g. on a belt
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/201—Price look-up processing, e.g. updating
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/403—Solvency checks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/405—Establishing or using transaction specific rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0872—Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- This invention relates to authentication of individuals using encrypted communications employing a Certification Authority.
- X.509 certificate chains is a widely used standard for digital certificates for use in chain of trust systems, https://tools.ietf.org/html/rfc4158.
- X.509 certificate chains See for example Ellison, Carl and Schneier, Bruce, “Top 10 PKI risks” (PDF), Computer Security Journal (Volume XVI, Number 1, 2000); Gutmann, Peter.
- PKI it's not dead, just resting
- PDF IEEE Computer
- Gutmann, Peter. Everything you None Wanted to Know about PKI but were Forced to Find Out” (PDF). Retrieved 14 Nov. 2011.
- Hybrid solutions can solve one problem but they retain or even compound other issues. For example, see NymiTM authentication system, https://nymi.com/solutions#individual_workstations which allows authentication through proximity detection of an authenticating wearable. While this system provides a significant advance in ease of use, this approach suffers from a number of drawbacks including its reliance on biometric sensing (see above) that inherently involves a fixed seed and requires the expense and bother of creating, distributing and operating a dedicated proprietary wearable in the form of a wrist mounted device.
- Retail transactions using credit cards require the retailer to facilitate the transaction between the customer and the credit card company. As a by-product of these transactions the retail party comes in contact with confidential information (credit card numbers and client names) for which it must then be responsible. Data breaches of retail transaction data can cause a huge financial liability to retailers. There are several examples of this outcome when such 3rd parties do not meet their custodial responsibility and customer's sensitive information is compromised by an unauthorized access, 11 of the Largest Data Breaches of All Time , https://www.opswat.com/blog/11-largest-data-breaches-all-time-updated.
- the '397 technology does not disclose an embodiment that is well adapted to on-site “retail” purchases without the requirement of an optical bar code link and associated equipment. This requirement constitutes an impediment to widespread adoption of the technology in the retail environment.
- the '397 technology requires the use of a handheld device, such as a smartphone, but does not teach how to achieve a high level of security should a consumer choose a set of devices that does not include a handheld device.
- the '397 technology also fails to teach the advantages of having multiple personal devices, under the control of the user, wherein each device participates in the generation of multiple encryption keys for use in forming encrypted messages and can operate as a coordinating device as desired by the user.
- Kirovski et al '890 protects the user in case the user's trusted device is lost or stolen because the finder (or thief) will not have the required user login credentials. Should a user's credentials become known to a malicious party, the user's trusted device will not typically be available to the malicious party. While this system avoids the requirement for a specialized token device and reduces the vulnerabilities associated with certain types of malware, the Kirovski et al '890 disclosed invention fails to eliminate the need for input of user names and passwords. Moreover, Kirovski et al '890 fails to envision the client and trusted devices reversing roles or how the trusted device could be rendered ineffective if it comes into the possession of a malicious party who also has obtained the user's login credentials.
- the invention described herein is designed to achieve the high security benefits of the '397 technology in cooperation with a Certification Authority (CA) which among other functions operates as an authenticating authority AA without requiring the user to employ a handheld device such as a smartphone.
- a minimum of two user controlled computing personal devices (PDs) defined as a computer resource (virtual or physical) under the control of the user that is capable of running a key generating algorithm and (ideally encrypted) wireless communication with the other PD, and at least one of these devices must be capable of assuming the role of a Coordinating Device CD defined as a device that has the capabilities of a PD and further includes a user interface UI which allows the user to interact with the CD and to communicate with a Certification Authority CA which can operate to authenticate the user.
- the CA can operate to implement either an asymmetric (e.g. PKI) or symmetric key encryption/decryption algorithm.
- the PDs can function such that either device can become the coordinating device (provided it includes a UT and associated circuitry) This feature permits the PDs to reverse roles with respect to transmission or reception of an encryption key and other duties of the coordinating device. Lastly by both PDs adding unique keys into the final encryption, the discovery of one of the keys does not compromise the system and is particularly advantageous in avoiding the negative consequences associated with interception of the wirelessly transmitted key by a third party. Reliance on dual key generation is consistent with best practices known as “defense in depth”.
- the CA generates two separate, independent, time variable encryption keys in association with each user wherein the CA generated keys correspond (i.e. identical or correlated uniquely) to the keys generated by the first and second personal devices under the control of the user.
- the CA generated keys correspond (i.e. identical or correlated uniquely) to the keys generated by the first and second personal devices under the control of the user.
- an authentication system for authenticating users in accordance with an encryption/decryption algorithm (which may be either a symmetrical or asymmetrical key algorithm using first and second separately unique encryption keys that are time variable and are uniquely associated with each user).
- two personal devices are provided including a first personal device under the control of the user for generating the first time variable encryption key using a time variable key generating algorithm wherein the first personal device includes a key transmitter for transmitting wirelessly within the immediate vicinity of the user the first encryption key.
- the second personal device operates as a coordinating device under the control of the user for generating the second time variable encryption key using the encryption key generating algorithm wherein the second personal device includes a key receiver (e.g.
- This embodiment provides an encrypting signal processor for encrypting a message using the first and second encryption keys in accordance with the encryption/decryption algorithm wherein the signal processor may be located in one of the personal devices or may be located in a remote (e.g. cloud) computer.
- This embodiment further provides a certification authority for authenticating a user upon receipt of the encrypted message transmitted from the second device, wherein the certification authority includes a key generator for generating the first and second encryption keys uniquely identifying each user and a decrypting signal processor for decrypting the message using the first and second encryption keys in accordance with the encryption/decryption algorithm to verify the identity of the user having control of the first and second personal devices.
- the certification authority includes a key generator for generating the first and second encryption keys uniquely identifying each user and a decrypting signal processor for decrypting the message using the first and second encryption keys in accordance with the encryption/decryption algorithm to verify the identity of the user having control of the first and second personal devices.
- the present invention contemplates an authentication system that includes a key generating device having an external configuration suitable to be mounted or worn on a user's body for wirelessly transmitting within the immediate proximity of the user's body a key signal comprising secret or private key information corresponding to the time variable encryption key and a second device, physically separated from the wearable personal device including (1) a wireless receiver for receiving the key signal transmitted by the wearable key generating device and (2) a local signal processor for use in forming an encrypted signal in accordance with a predetermined encryption/decryption algorithm including information relating to the user's identity and for forwarding the encrypted signal to the AA without the use of an optical link that would require specialized optical imaging and optical scanners at a retailer's point of sale.
- Either or both personal devices can serve as a coordinating device provided each includes, or has access to, a user interface for interacting with the user.
- the subject invention also allows secure authentication of end users, suchas consumers involved in a proposed financial transaction with a retailer, without revealing any sensitive information to the retail participant. This is an important feature as it removes any responsibility by the retail participant for keeping the transaction data safe from unauthorized disclosure.
- a further objective of the present invention is to leverage the '397 technology to provide a highly secure and unobtrusive method to allow on-site “retail” purchases.
- the subject invention can also be used to achieve enhanced security and simplicity when used to undertake online transactions.
- the present invention allows all sensitive information to be entirely encrypted and therefore even if the retailer or other party handles or witnesses the encrypted information, the underlying sensitive info ration is not easily discoverable. Furthermore the sensitive data is only valid for short periods of time. Even it if is somehow stolen and decrypted, it can only be used while the keys are valid which can be configured to be extremely short periods of time or limited to a single use.
- FIG. 1 is a diagram of an embodiment of the subject invention suitable for use in a point of sale retail environment wherein the user has first and second personal devices (e.g. a Key device and a Coordinating Device) within a retailer's establishment equipped with a Retailer Device adapted to communicate with the user's Coordinating Device.
- first and second personal devices e.g. a Key device and a Coordinating Device
- a Retailer Device adapted to communicate with the user's Coordinating Device.
- FIG. 2 is a diagram of the system disclosed in FIG. 1 in which transaction details have been transmitted from the Retail Device to the Coordinating Device for display to the user.
- FIG. 3 is a diagram of the system disclosed in FIG. 1 in which the Coordinating Device is communicating with the Key Device and the Retail Device to allow generation of an encrypted message using key 1 supplied by the Key Device and key 2 generated locally by the Coordinating Device and the user ID generated in accordance with the encryption algorithm being implemented by the system (Userid).
- FIG. 4 is a diagram of the system disclosed in FIG. 1 in which the encrypted message has been sent to the Authentication Authority for decryption and authentication that is communicated to the Coordinating Device.
- FIG. 5 is a diagram of the system disclosed in FIG. 1 in which the AA 7 is taking necessary actions to complete the financial transaction and to report the result.
- FIG. 6 is a diagram of an alternative use of the subject invention to effect a transaction with a Retail Device in which the pair of personal devices operate to forward an encrypted “begin Transaction” message to the Authentication Authority which, in turn, forwards an encrypted message to a Retail Device including a Transactionid.
- FIG. 7 is a diagram of the system disclosed in FIG. 5 in which transactionsDetails are sent to the Authentication Authority by the Retail Device for transmission to the Coordinating Device for display of the Transaction Details for the User.
- FIG. 8 is a diagram of the system disclosed in FIG. 5 in which the Coordinating Device returns an encrypted message to the Authentication Authority to indicate user acceptance of the terms of the transaction.
- FIG. 9 is a diagram of the system disclosed in FIG. 5 in which the Authentication authority forwards an encrypted message to both the Coordinating Device and the Retail Device indicating that the transaction has been successfully completed.
- a pair of user controlled computing devices such as personal devices 2 and 4 , designed in accordance with the subject invention, are illustrated.
- User controlled computing devices may take a variety of forms provided each such device is capable of (1) generating a time variable encryption key, and (2) communicating that time variable encryption key to a second user controlled computing device.
- the user controlled computing devices should be under the exclusive control of the user, at least during the time that each device is used to implement the encrypted communication contemplated by this invention.
- At least one of the user controlled computing devices includes (or communicates with) a user interface UI.
- Such UI may be incorporated into the user controlled computing device or may be separate therefrom.
- the user interface may take the form of a holographic display, a display screen, a connector for interfacing with a monitor or any other form that allows a user to interact with either or both of the user controlled computing devices to implement the encrypted communication which is the purpose of this invention.
- the user controlled computing devices may take the form of personal devices 2 and 4 such as a wearable (e.g. smart watch, bracelet, ring, patch, necklace, or other type device whose exterior configuration makes it suitable to be semi-permanently or permanently mounted on or in the user's body) or as a handheld (e.g. smartphone, cellular phone, micro-computer, tablet PC or other type device whose exterior makes its suitable to be handheld).
- a wearable e.g. smart watch, bracelet, ring, patch, necklace, or other type device whose exterior configuration makes it suitable to be semi-permanently or permanently mounted on or in the user's body
- a handheld e.g. smartphone, cellular phone, micro-computer, tablet PC or other type device whose exterior makes
- each (or both) of the personal devices 2 and 4 may also take the form of a subcutaneous chip suitable to be implanted in the user's body or even take the form of a “virtual” personal device located in a remote computer (i.e. in the “cloud”) so long as the user is able to exercise, for all practical purposes, exclusive access to (and operation of) the personal device, at least during the time that the device is used to perform encrypted communication using the method of this invention.
- a virtual device would satisfy the requirements of this invention provided the computing function of the virtual device was only available to the user in all practical and normal-use situations. The fact that a systems administrator might have some type of supervisory access and/or control over the virtual device would not preclude such virtual device from performing as a personal device for purposes of this invention provided the end user can exercise control and access to the exclusion of all unauthorized individuals.
- a personal device may be a static component (such as a desk top computer) that is controlled by the user such as being located in a facility to which access may be controlled by the user (such as the user's home or private office).
- a personal device may be available to another but only if that person is required to present authenticating information that distinguishes that person from the authorized end user or that person is given physical control by the end user. In other words, a smartphone remains a personal device even if its owner should give possession of the smartphone to another person.
- Control of the device means that the user has the ability to activate and deactivate the device, to the exclusion of others at least during the time that a device is used to perform this invention, by virtue of physical proximity or entering user codes (e.g. user name and password) or by biometric scans (e.g. fingerprint, facial or iris scan or other DNA dependent scans) or by proximity of the user to the paired devices.
- user codes e.g. user name and password
- biometric scans e.g. fingerprint, facial or iris scan or other DNA dependent scans
- each or both of the personal devices may be equipped with a processor suitable to implement an encryption/decryption algorithm for implementing the features of this invention that will be described in more detail below.
- a suitable algorithm will be generically referred to hereafter as a Syferex algorithm or Syferex programs (e.g. Syferex mobile apps or Syferex retail apps) for shorthand purposes so long as the respective algorithm/program causes the personal device/Retail Device or other component to perform the functions described below.
- a characteristic of the subject invention when applied to the retail environment is that the user employs his pair of computing devices, while under his control, to form an encrypted transaction message, for transfer to the certification authority, that always includes at minimum:
- the certification authority can validate and record the transaction in association with the retailer and the user.
- Different steps and procedures may be employed to allow communication between the user and the retailer directly or via parties, including but not limited to, the AA, to identify the details of the transaction such that in the end the user is able to approve the transaction with accurate knowledge of the substance of the transaction.
- FIG. 1 a User (not shown) having control of the personal devices 2 and 4 selects goods to be purchased and provides them to a retailer end point such as a retail device 6 programmed to perform the steps described below.
- the retailer device 6 and personal device 4 functioning as a coordinating device create a connection that ensures that data transmitted between the user and the retailer is accurate (and ideally private). This can be achieved in a number of was, including sharing a secret via an out of band communication path or using a chain of trust system.
- the retail device 6 provides details of the transaction and the retailerId to coordinating device 4 via the previously established connection. Summary data such as a hash of these details can be used to confirm the accuracy of the provided data (optionally provided via an out of band side channel).
- FIG. 3 illustrates how the user's coordinating device 4 receives a key generated by, and communicated by, the personal device 2 operating as a key generating device in accordance with the protocol described herein (Syferex protocol). If after review of the transaction details, the user decides to continue with the transaction, his or her assent entered into the coordinating device (personal device 4 ) causes the software to prepare a message containing the transaction details mentioned above and the user's userId (Syferex userId).
- Syferex protocol protocol described herein
- FIG. 4 shows the message generated above being encrypted using the 2 keys provided by the key generating device (personal device 2 ) and the coordinating device (personal device 4 ) and sending it to a certification authority 7 operating as an authentication authority AA. Because only the AA can decrypt the message and only the encryption keys specific to that user will successfully decrypt the message, the message is secure and can self identify the user who has sent it. At this point the AA can initiate any financial transaction required secure in the knowledge that the user was indeed to person authorizing the transaction.
- FIG. 5 shows the AA 7 taking necessary actions to complete the financial transaction and reporting the result of that transaction to both the user and the retailer
- a User having control of a pair of personal devices selects goods to be purchased and determines the retailerId.
- the retailerId can be provided to the User in a variety of ways including based on geographical location, broadcast of retailers id on a local wireless network, entry of the retailerId manually or through Off the Record OTR means (such as a qr code or optical scan).
- One of the personal devices is equipped with a a user interface UI (including for example a touch screen, not illustrated). This personal device may be used as a Coordinating Device 10 by the User. Through the UI, the User indicates he or she wants to initiate the transaction with the retailer.
- the Coordinating Device 10 includes a transceiver (not shown) for receiving a time variable encryption key provided by the other personal device (which may be referred to as a Key Device 8 since, in this embodiment, the other personal device functions primarily to provide a time variable encryption key, which may be generated using a pseudo random number).
- the key is generated and transmitted wirelessly over an encrypted channel to the Coordinating Device 10 provided the devices are sufficiently close in proximity to allow the transmission signal to reach the Coordinating Device 10 .
- a a mobile app is installed in the personal device 10 and includes instructions causing a processor in the Coordinating Device 10 to perform the functions described herein.
- the mobile app causes the processor of Coordinating Device 10 to generate locally a second time variable encryption key which may also be based on a different pseudo random number. Thereafter, the Coordinating Device 10 uses the two encryption keys to encrypt a beginTransaction message which contains the retailerId.
- an authenticating authority (AA) 12 (which is a certification authority functioning to authenticate users) could obtain the userId from the retailer via linkage with a Retail Device 14 (i.e. a device under the control of the retailer for supplying the retailerId and other functions as described below).
- the AA 12 is programmed to link the userId to the temp username for recording purposes.
- the user could supply a unique or rare “secret” that would be passed to the retailer so the retailer could show this to the user so the user could verify the retailead supplied resulted in the transaction beginning with the correct retailer.
- the AA 12 receives a beginTransaction message and decrypts it using symmetric keys generated by the AA 12 that are identical to the encryption keys generated by the Key Device 8 and the Coordinating Device 10 .
- the process of generating identical (or corresponding) symmetric keys is understood and can be effected by key generation algorithms that start with identical seeds but which produce a series of identical keys that (even if intercepted) cannot be used to predict the next encryption key generated by the key generation algorithm.
- This allows the AA 12 to authenticate the user provided the AA 12 is previously informed of the identity of the user (including sensitive user information) and the seed for the encryption key generator.
- Using the retailerId provided to the AA 12 determines how to contact the retailer and potentially carries out sanity checks.
- the AA 12 generates a unique transactionId and sends a transactionBegin request to the Retailer Device 14 residing at the retailer's location or at a location under the control of the retailer.
- the retailer receives the transaction begin message and confirms with the user that the transaction has begun.
- FIG. 7 the embodiment of FIG. 6 is now operating through the Retailer Device 14 to collect the transaction details and sends these to the Coordinating Device 10 which sends these details, in encrypted form to the AA 12 in a transactionDetails encrypted message.
- the AA 12 then authenticates and decrypts the message and then sends a transactionDetails message containing the same data to the user's Coordinating Device 10 after encrypting the message with the appropriate encryption keys.
- the Coordinating Device 10 can decrypt this message, thus authenticating that the message came from the AA 12 , and display the transaction details in non-encrypted form on the screen (not shown) of the Coordinating Device 10 .
- the Coordinating Device 10 optionally compares the transaction details to similar transaction details displayed by the Retail Device 14 if such is available to the User.
- FIG. 8 the embodiment of FIGS. 6 and 7 is now operating to allow the user to review the transaction being displayed and to indicate an acceptance of its terms.
- the Coordinating Device 10 will create a transactionAck message with an accept value and the transactionId as payload and encrypt the message with the dual encryption keys (generated in the Key Device 8 and Coordinating Device 10 ) and send the message to the AA 12 .
- the AA 12 will then take what action is required to execute the financial transaction with the appropriate parties as necessary.
- the AA 12 of the embodiment illustrated in FIGS. 6-8 is now sending the transactionComplete messages to the user and retailer using appropriate respective authentication and encryption methodologies indicating if the transaction has succeeded or not. It may supply a reason if the transaction fails.
- one of the personal devices could be used to store encrypted personal data (generated in the other personal device—e.g. the user's smartphone).
- sensitive data could be sent wirelessly to the first personal device (e.g. the wearable) for storage therein where it can be held in encrypted form available only to the user and unavailable to third parties having no direct physical possession of the body mounted computer. Since the data would be stored outside of the smartphone it would not be compromised upon the loss or theft of the user's smartphone. At the same time, the personal information would only exist within the memory of the wearable and would be encrypted so that it could not be retrieved by anyone without the cooperation and knowledge of the user.
- An important advantage of the disclosed invention derives from the ability of both personal devices to serve as a coordinating device by providing both devices with a user interface UI
- the smartwatch can serve to display relatively common, simple transaction details such as the purchase of a cup of coffee.
- the smartwatch display could be used to display the simple transaction details requiring the user to merely touch the smartwatch screen to indicate approval thereby obviating the need to remove the user's smartphone from his/her pocket or purse.
- the larger display of a smartphone, tablet, laptop or even desktop would be better suited.
- the handheld device of the '397 invention can be replaced by second wearable device, physically separated from the wearable key generating device, having an external configuration suitable to be mounted or worn on (or implanted in) a user's body.
- This second wearable device includes a wireless receiver for receiving the key signal transmitted by the wearable key generating device for use in forming an encrypted signal in accordance with a predetermined encryption/decryption algorithm including information relating to the user's identity all as disclosed more fully in the '397 patent.
- the first device could take the form of a permanently mounted device (such as a subcutaneous chip) and could operate a display that is generated by an implant in the eye of the user or as part of a pair of eyeglasses that is capable of creating a virtual image in the view of the user.
- the eyeglasses could form the second wearable device.
- the second device could also take the form of a semi-permanently mounted device (such as a smartwatch) that includes a user interface allowing the user to enter commands/information on the touch sensitive surface of a display. The touch sensitive surface to also respond to finger movements to control the location of a cursor movable throughout the image created by the eyeglass or eye implanted chip for generating a viewable image in the field of view of the user.
- Phase 1 locd and authenticated session is established between the coordinating device and the retail endpoint. Care must be taken to reduce the opportunity for a man the middle attack. In particular, care must be taken to ensure that the client is connected to the actual retail endpoint, instead of a man in the middle or impostor. The danger here is that some entity could masquerade as the retail outlet. Such an entity could appear o be the retailer to the customer, and the customer to the retailer. Such an entity could then intercept the retailer's data, discard it, and replace it with a transaction of its own, substituting itself as the retail party.
- the retail endpoint provides transaction details to the client.
- Phase 3 Encryption of transaction record and submission to authentication authority.
- the Syferex software on the coordinating device will generate its own key and request a paired key from the key device.
- the coordinating device would then use the 2 keys to encrypt the message with the required transaction information listed above provided by the retailer in a manner such that only the authenticating authority can decrypt it.
- This package can then be forwarded either to the retailer or to the authentication authority directly from the user device.
- the implementation must ensure that the user need not take any action (input no password or details) for the authentication information to be created and forwarded.
- the Syferex software handles this seamlessly when prompted by the accepting of the transaction.
- Phase 4 Authentication by authentication authority:
- the Authentication Authority Upon receipt of the transaction package from the user device the Authentication Authority will decrypt the package and using the consumeriD in the package compare the 2 keys provided with its local key store to determine if the Consumer is indeed who she claims to be. It will then examine the transaction details to ensure this is a unique transaction that has not been previously approved. If approved the authentication authority will either contact the financial institution with the transaction details and identification of the user, or possibly release these kinds itself. At this point, the AA can execute the financial transaction by, for example, authorizing a Financial institution to undertake to complete the transaction and by accepting conditional legal and financial responsibility (in exchange for a modest fee) for the consequences should the identity of the consumer prove to be incorrect. All parties to the transaction will benefit by elimination of significant opportunities for fraudulent actions that exist in most financial transactions that take place in the retail environment where credit is extended to the user or even cash is now used by the purchaser.
- the user could supply their UserID (via broadcast or OOB channel) to the retailer. Since the retailer already has the other components of the the transaction (the products, cost and retailerID) the retailer can add the usead to the pending transaction information and send it securely to the AA. The AA then can ensure that the transaction summary is forwarded to the specified user for approval.
- the advantage here is two fold: existing retail hardware used for retail transactions (product scanner, inventory verification, receipt generator) etc can be leveraged. Additionally, the human motivation to inject erroneous userids into the transaction are limited.
- Secure area access control will be enhanced by the increased accuracy and convenience of the present invention over prior art access control devices.
- the User device could create a complex key and encode userId with said key to the retailer. Then the retailer could receive the encrypted user id and provide inventory of the purchase to the user along with a selection of random data options (colors, icons, numbers) via a line of sight interaction (displayed on a screen for instance). Thereafter, the user selects one of these options and this selection is included in the transaction summary that is encoded by the retailer and sent to the AA.
- This message therefore includes
- the AA decrypts the package and authenticates the user by proving that it can only decrypt the users id with the user's syferex key. It confirms that the transaction is valid (user has sufficient funds) and then encrypts a summary of the transaction and the secret selected by the user with the users syferex key and send it to the user. The user can confirm that the transaction is valid and ack the transaction back to the AA who will the process the transaction. This ack must contain a copy of the transaction details to ensure that it is only usable for the current transaction (otherwise nefarious actors could replay this ack for multiple copies of the same transaction (transaction ID should accomplish this)
- the MIM will need to fake the inventory of the transaction (can be done, for instance, at Starbuck's most transactions are a large coffee) and the secret chosen by the user [not easy to fake by the MIM, though possible by observing the OTR channel (watching the user select the secret)].
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Finance (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Human Computer Interaction (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
An authentication system is provided for authenticating users in accordance with an encryption/decryption algorithm using first and second separately unique encryption keys that are time variable and are uniquely associated with each user, having a first user controlled computing device under the control of the user for generating said first encryption key using an encryption key generating algorithm. The first user controlled computing device includes a key transmitter for transmitting wirelessly within the immediate vicinity of the user the first encryption key, a second user controlled computing device, operating as a coordinating device under the control of the user, for generating the second encryption key using the encryption key generating algorithm. The second user controlled computing device includes a key receiver for receiving the first encryption key.
Description
- This application claims priority to U.S. Provisional Application No. 62/670,363, filed May 11, 2018, the content of which is hereby incorporated by reference in its entirety.
- This invention relates to authentication of individuals using encrypted communications employing a Certification Authority.
- The migration of data to digital and, more recently, cloud based storage solutions presents a fundamental and existential security risk to individuals and organizations. The need to ensure that access is only granted to the appropriate entities is critical to ensure that the benefits of this migration are not outweighed by the dangers. This means the ability to authenticate an entity as who or what it claims to be are becoming increasingly important. Many methodologies have been proposed and implemented but most are flawed, either because they offer poor reliability or are too cumbersome and obtrusive for wide adoption.
- One important attempt to provide digital security is known as a chain of trust which is established by validating each component of hardware and software from the end entity up to a root certificate. It is intended to ensure that only trusted software and hardware can be used while still retaining flexibility and ease of use. X.509 certificate chains is a widely used standard for digital certificates for use in chain of trust systems, https://tools.ietf.org/html/rfc4158. However, there are a number of notable publications which describe problems associated with X.509 certificate chains. See for example Ellison, Carl and Schneier, Bruce, “Top 10 PKI risks” (PDF), Computer Security Journal (Volume XVI,
Number 1, 2000); Gutmann, Peter. “PKI: it's not dead, just resting” (PDF), IEEE Computer (Volume: 35, Issue: 8); and Gutmann, Peter. “Everything you Never Wanted to Know about PKI but were Forced to Find Out” (PDF). Retrieved 14 Nov. 2011. These problems relate to architectural weaknesses (including aggregation, delegation and federation problems) and other weaknesses that do not avoid Man-In-the-Middle attacks including problems with certification authorities and other implementation issues. - Other methodologies for providing data security rely on a user remembering a unique passcode, phrase or pin. Such passcodes must be complex and difficult enough to avoid discovery by guessing or brute force but also easy enough to remember that the user will be able to recall and input them when needed. Moreover, due to their nature, they can be observed and copied without the user being aware they have been compromised.
- In an attempt to overcome the ease with which security can be breached, it has become more common to require two factor authentication. This approach achieves greater security but requires the user to input two pieces of data or interact with two different components of the system (for instance a password and a previously authenticated contact point (a phone number that is know to the the users phone number), thus increasing the complexity and intrusiveness to the user.
- Attempts have been made to improve upon two factor authentication by increasing the complexity of the data by deriving it from some highly unique but repeatable source such as a fingerprint, voiceprint, facial features or other biometric or environmental seed. Here again the passkey is static and if the source can be copied, or the key that is generated by the source reproduced or copied, the system is compromised. This has been discussed extensively in the prior art. For example, Adrian Bridgwater has described biometrics as a third factor in authentication technology and noted “ . . . [f]ingerprint images can be scanned and copied, voice can be recorded and facial image recognition techniques can potentially be circumvented via the use of simple pictures. . . . [These] third-factor[s] are . . . far from secure,” Biometrically Challenged: Tree factor Authentication Systems too Weak for Web Banking, Haymarket Media, Inc., Mar. 22, 2016, https://www.scmagazine.com/biometrically-challenged-three-factor-authentication-systems-too-weak-for-web-banking/article/529016/?DCMP=EMC-SCUS_Newswire&%253BspMailingID=14047225&%253BspUserID=MjMyMDAwMzMzMjk4S0&%253BspJobID=741814899&%253BspReportId=NzQxODE0ODk5S0,.
- The introduction of randomized symmetric key generation technologies such as RSA's SecureID, Authentication Your Way with RSA SecureID®Access, https://information.rsa.com/rsa-securid-authentication-your-way.html?gclid=CjwKCAiAlL_UBRBoEiwAXKgW59fPzjmiIFUILNZJDiVrMJTJ-h13ofEoqWUjV-gn9uoxvJ6t6_BF4xoCBngQAvD_BwE, reduce the effectiveness of obtaining a key and increase the difficulty in guessing or deducing it by changing the key regularly. To ensure that the device generating the key has not fallen into compromised hands, the standard application of this technology still requires the user to input some sort of password which can be compromised. Additionally some implementations require a dedicated hardware device such as a token that is an encumbrance, adds cost and difficult for the end user to implement and use.
- Hybrid solutions can solve one problem but they retain or even compound other issues. For example, see Nymi™ authentication system, https://nymi.com/solutions#individual_workstations which allows authentication through proximity detection of an authenticating wearable. While this system provides a significant advance in ease of use, this approach suffers from a number of drawbacks including its reliance on biometric sensing (see above) that inherently involves a fixed seed and requires the expense and bother of creating, distributing and operating a dedicated proprietary wearable in the form of a wrist mounted device.
- Retail transactions using credit cards require the retailer to facilitate the transaction between the customer and the credit card company. As a by-product of these transactions the retail party comes in contact with confidential information (credit card numbers and client names) for which it must then be responsible. Data breaches of retail transaction data can cause a huge financial liability to retailers. There are several examples of this outcome when such 3rd parties do not meet their custodial responsibility and customer's sensitive information is compromised by an unauthorized access, 11 of the Largest Data Breaches of All Time, https://www.opswat.com/blog/11-largest-data-breaches-all-time-updated.
- Some of the deficiencies of the prior art are addressed by a technology disclosed in U.S. Pat. No. 8,341,397 (assigned to MLRLLC, LLC a Virginia limited liability company) where specialized software is downloaded into wirelessly linked handheld and wearable devices such as a conventional smartphone and off-the-shelf smartwatch. The '397 technology minimized the amount of dedicated, proprietary hardware required for implementation and the secret encryption key is constantly changed so it cannot be copied and reused. Moreover, the user is not required to provide any remembered data. In the retail environment, a useful implementation of the '397 technology relies upon a line of sight barcode link between the handheld and the retailer's point of sale equipment.
- While useful for the purposes disclosed, the '397 technology does not disclose an embodiment that is well adapted to on-site “retail” purchases without the requirement of an optical bar code link and associated equipment. This requirement constitutes an impediment to widespread adoption of the technology in the retail environment. Moreover, the '397 technology requires the use of a handheld device, such as a smartphone, but does not teach how to achieve a high level of security should a consumer choose a set of devices that does not include a handheld device. The '397 technology also fails to teach the advantages of having multiple personal devices, under the control of the user, wherein each device participates in the generation of multiple encryption keys for use in forming encrypted messages and can operate as a coordinating device as desired by the user.
- Other advances in the field have suggested multiple separate computer devices under the control of the user such as U.S. Pat. No. 8,214,890 to Kirovski et al (Microsoft) which discloses a login authentication from a client computer to a remote server using a separate “trusted” device which is under the user's control to establish a communication channel between the trusted device and the client. A second communication channel is established between the trusted device and the client where the second channel is not part of the network. The second secure connection is “tunneled” within the first secure connection to allow the user to “login” to the server over the second connection using the trusted device. Moreover, Kirovski et al '890 protects the user in case the user's trusted device is lost or stolen because the finder (or thief) will not have the required user login credentials. Should a user's credentials become known to a malicious party, the user's trusted device will not typically be available to the malicious party. While this system avoids the requirement for a specialized token device and reduces the vulnerabilities associated with certain types of malware, the Kirovski et al '890 disclosed invention fails to eliminate the need for input of user names and passwords. Moreover, Kirovski et al '890 fails to envision the client and trusted devices reversing roles or how the trusted device could be rendered ineffective if it comes into the possession of a malicious party who also has obtained the user's login credentials.
- Canadian published application (CN104125068A) and world patent application (WO2016028752A1) both disclose wearable devices that allow for wireless data storage and retrieval from the wearable device upon appropriate authentication but do not disclose authentication using a remote certification authority or other important features of this invention.
- This Summary is provided to introduce a selection of concepts (including various objectives, advantages and benefits) in a simplified form, which are further described hereafter in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
- The invention described herein is designed to achieve the high security benefits of the '397 technology in cooperation with a Certification Authority (CA) which among other functions operates as an authenticating authority AA without requiring the user to employ a handheld device such as a smartphone. Instead, a minimum of two user controlled computing personal devices (PDs) defined as a computer resource (virtual or physical) under the control of the user that is capable of running a key generating algorithm and (ideally encrypted) wireless communication with the other PD, and at least one of these devices must be capable of assuming the role of a Coordinating Device CD defined as a device that has the capabilities of a PD and further includes a user interface UI which allows the user to interact with the CD and to communicate with a Certification Authority CA which can operate to authenticate the user. The CA can operate to implement either an asymmetric (e.g. PKI) or symmetric key encryption/decryption algorithm.
- By meeting these minimum requirements the PDs can function such that either device can become the coordinating device (provided it includes a UT and associated circuitry) This feature permits the PDs to reverse roles with respect to transmission or reception of an encryption key and other duties of the coordinating device. Lastly by both PDs adding unique keys into the final encryption, the discovery of one of the keys does not compromise the system and is particularly advantageous in avoiding the negative consequences associated with interception of the wirelessly transmitted key by a third party. Reliance on dual key generation is consistent with best practices known as “defense in depth”.
- In one embodiment of the invention, the CA, generates two separate, independent, time variable encryption keys in association with each user wherein the CA generated keys correspond (i.e. identical or correlated uniquely) to the keys generated by the first and second personal devices under the control of the user. By using both a first key transmitted from one device to the other, as well as a second key generated locally in the device receiving the transmitted key (the coordinating device), no harm can come from an unauthorized interception of the first key transmitted wirelessly from the first to the second device. Should the user lose control of either device, such as by misplacement or theft of one of the devices, successful authentication of the user by a third party who comes into possession of the misplaced or stolen device would be virtually impossible.
- In a more specific embodiment of the invention, an authentication system is provided for authenticating users in accordance with an encryption/decryption algorithm (which may be either a symmetrical or asymmetrical key algorithm using first and second separately unique encryption keys that are time variable and are uniquely associated with each user). In this embodiment, two personal devices are provided including a first personal device under the control of the user for generating the first time variable encryption key using a time variable key generating algorithm wherein the first personal device includes a key transmitter for transmitting wirelessly within the immediate vicinity of the user the first encryption key. The second personal device operates as a coordinating device under the control of the user for generating the second time variable encryption key using the encryption key generating algorithm wherein the second personal device includes a key receiver (e.g. wireless receiver) for receiving the first encryption key, and a message transmitter (e.g. wireless transmitter) for transmitting the encrypted message. This embodiment provides an encrypting signal processor for encrypting a message using the first and second encryption keys in accordance with the encryption/decryption algorithm wherein the signal processor may be located in one of the personal devices or may be located in a remote (e.g. cloud) computer. This embodiment further provides a certification authority for authenticating a user upon receipt of the encrypted message transmitted from the second device, wherein the certification authority includes a key generator for generating the first and second encryption keys uniquely identifying each user and a decrypting signal processor for decrypting the message using the first and second encryption keys in accordance with the encryption/decryption algorithm to verify the identity of the user having control of the first and second personal devices.
- More particularly, the present invention contemplates an authentication system that includes a key generating device having an external configuration suitable to be mounted or worn on a user's body for wirelessly transmitting within the immediate proximity of the user's body a key signal comprising secret or private key information corresponding to the time variable encryption key and a second device, physically separated from the wearable personal device including (1) a wireless receiver for receiving the key signal transmitted by the wearable key generating device and (2) a local signal processor for use in forming an encrypted signal in accordance with a predetermined encryption/decryption algorithm including information relating to the user's identity and for forwarding the encrypted signal to the AA without the use of an optical link that would require specialized optical imaging and optical scanners at a retailer's point of sale. Either or both personal devices can serve as a coordinating device provided each includes, or has access to, a user interface for interacting with the user.
- The subject invention also allows secure authentication of end users, suchas consumers involved in a proposed financial transaction with a retailer, without revealing any sensitive information to the retail participant. This is an important feature as it removes any responsibility by the retail participant for keeping the transaction data safe from unauthorized disclosure.
- A further objective of the present invention is to leverage the '397 technology to provide a highly secure and unobtrusive method to allow on-site “retail” purchases. The subject invention can also be used to achieve enhanced security and simplicity when used to undertake online transactions.
- The present invention allows all sensitive information to be entirely encrypted and therefore even if the retailer or other party handles or witnesses the encrypted information, the underlying sensitive info ration is not easily discoverable. Furthermore the sensitive data is only valid for short periods of time. Even it if is somehow stolen and decrypted, it can only be used while the keys are valid which can be configured to be extremely short periods of time or limited to a single use.
- Other objectives, advantages and benefits are provided by different embodiments of the invention (individually and in various combinations and permutations) including the following:
-
- a. The end user will experience the same security and ease of use within the retail purchasing environment that is discussed more generally in the '397 patent.
- b. No chain of trust certificate is required to ensure authentication of transacting parties. However use of one is not precluded if such use is expedient or convenient in certain applications
- c. The subject invention does not rely on the use of public keys for any User or Retail party to ensure authentication of a counter-party.
- d. The subject invention does not require or permit the access of any party to unencrypted sensitive transaction information except for the client and the Authentication Authority.
- e. No party requires proprietary hardware (all parties can run software on generic computer devices including the retail device).
- f. The subject invention relies on a Certification Authority entity that possesses symmetric key data allowing it to authenticate and decrypt transaction information from the retail and user parties. This Authority may take the form of a centralized service or a diverse consensus driven, cloud based, distributed computing system employing block chains using a cryptographic hash of the successive blocks, a timestamp and transaction data for each transaction.
- g. Every transaction will be identified by a unique transaction ID that can be used to confirm the authenticity of the transaction details when sought by the client or the retailer or requested by another party permitted by the rules of the AA.
- h. The highly versatile paired personal devices will further facilitate more reliable protected area access by improving the reliability of individual authentication.
- As a result of the inventive configuration, numerous technical improvements are provided over the prior art. The embodiments of the invention include combinations of features that, prior to this disclosure, were not well-understood, routine or conventions combinations.
- Other objectives, benefits and advantages can be appreciated from the following Description of the Drawings and Detailed Description.
-
FIG. 1 is a diagram of an embodiment of the subject invention suitable for use in a point of sale retail environment wherein the user has first and second personal devices (e.g. a Key device and a Coordinating Device) within a retailer's establishment equipped with a Retailer Device adapted to communicate with the user's Coordinating Device. -
FIG. 2 is a diagram of the system disclosed inFIG. 1 in which transaction details have been transmitted from the Retail Device to the Coordinating Device for display to the user. -
FIG. 3 is a diagram of the system disclosed inFIG. 1 in which the Coordinating Device is communicating with the Key Device and the Retail Device to allow generation of an encrypted message using key 1 supplied by the Key Device and key 2 generated locally by the Coordinating Device and the user ID generated in accordance with the encryption algorithm being implemented by the system (Userid). -
FIG. 4 is a diagram of the system disclosed inFIG. 1 in which the encrypted message has been sent to the Authentication Authority for decryption and authentication that is communicated to the Coordinating Device. -
FIG. 5 is a diagram of the system disclosed inFIG. 1 in which theAA 7 is taking necessary actions to complete the financial transaction and to report the result. -
FIG. 6 is a diagram of an alternative use of the subject invention to effect a transaction with a Retail Device in which the pair of personal devices operate to forward an encrypted “begin Transaction” message to the Authentication Authority which, in turn, forwards an encrypted message to a Retail Device including a Transactionid. -
FIG. 7 is a diagram of the system disclosed inFIG. 5 in which transactionsDetails are sent to the Authentication Authority by the Retail Device for transmission to the Coordinating Device for display of the Transaction Details for the User. -
FIG. 8 is a diagram of the system disclosed inFIG. 5 in which the Coordinating Device returns an encrypted message to the Authentication Authority to indicate user acceptance of the terms of the transaction. -
FIG. 9 is a diagram of the system disclosed inFIG. 5 in which the Authentication authority forwards an encrypted message to both the Coordinating Device and the Retail Device indicating that the transaction has been successfully completed. - With reference to
FIG. 1 , an embodiment of the subject invention is illustrated wherein a pair of user controlled computing devices, such aspersonal devices FIG. 1 , the user controlled computing devices may take the form ofpersonal devices personal devices - A personal device may be a static component (such as a desk top computer) that is controlled by the user such as being located in a facility to which access may be controlled by the user (such as the user's home or private office). A personal device may be available to another but only if that person is required to present authenticating information that distinguishes that person from the authorized end user or that person is given physical control by the end user. In other words, a smartphone remains a personal device even if its owner should give possession of the smartphone to another person.
- Control of the device means that the user has the ability to activate and deactivate the device, to the exclusion of others at least during the time that a device is used to perform this invention, by virtue of physical proximity or entering user codes (e.g. user name and password) or by biometric scans (e.g. fingerprint, facial or iris scan or other DNA dependent scans) or by proximity of the user to the paired devices.
- As will be described in greater detail below, each or both of the personal devices may be equipped with a processor suitable to implement an encryption/decryption algorithm for implementing the features of this invention that will be described in more detail below. A suitable algorithm will be generically referred to hereafter as a Syferex algorithm or Syferex programs (e.g. Syferex mobile apps or Syferex retail apps) for shorthand purposes so long as the respective algorithm/program causes the personal device/Retail Device or other component to perform the functions described below.
- Specifically with respect to retail transactions, a characteristic of the subject invention when applied to the retail environment, is that the user employs his pair of computing devices, while under his control, to form an encrypted transaction message, for transfer to the certification authority, that always includes at minimum:
-
- 1. the two time variable encryption keys generated respectively by the user controlled computing devices,
- 2. an identification of the retailer providing the services and/or products to the user, and
- 3. an identifier that can be linked to the details (or include the details) of the transaction involving the services and/or products including for example
- a. date and time of the transaction, and
- b. the specific services and/or products being supplied to the user by the retailer,
- whereby the certification authority can validate and record the transaction in association with the retailer and the user.
- Different steps and procedures may be employed to allow communication between the user and the retailer directly or via parties, including but not limited to, the AA, to identify the details of the transaction such that in the end the user is able to approve the transaction with accurate knowledge of the substance of the transaction.
-
FIG. 1 , a User (not shown) having control of thepersonal devices retail device 6 programmed to perform the steps described below. Theretailer device 6 andpersonal device 4, functioning as a coordinating device create a connection that ensures that data transmitted between the user and the retailer is accurate (and ideally private). This can be achieved in a number of was, including sharing a secret via an out of band communication path or using a chain of trust system. - In
FIG. 2 theretail device 6 provides details of the transaction and the retailerId to coordinatingdevice 4 via the previously established connection. Summary data such as a hash of these details can be used to confirm the accuracy of the provided data (optionally provided via an out of band side channel). -
FIG. 3 illustrates how the user'scoordinating device 4 receives a key generated by, and communicated by, thepersonal device 2 operating as a key generating device in accordance with the protocol described herein (Syferex protocol). If after review of the transaction details, the user decides to continue with the transaction, his or her assent entered into the coordinating device (personal device 4) causes the software to prepare a message containing the transaction details mentioned above and the user's userId (Syferex userId). -
FIG. 4 shows the message generated above being encrypted using the 2 keys provided by the key generating device (personal device 2) and the coordinating device (personal device 4) and sending it to acertification authority 7 operating as an authentication authority AA. Because only the AA can decrypt the message and only the encryption keys specific to that user will successfully decrypt the message, the message is secure and can self identify the user who has sent it. At this point the AA can initiate any financial transaction required secure in the knowledge that the user was indeed to person authorizing the transaction. -
FIG. 5 shows theAA 7 taking necessary actions to complete the financial transaction and reporting the result of that transaction to both the user and the retailer - Reference will now be made to an additional embodiment of the invention. Referring more specifically to the system illustrated in
FIG. 6 , a User (not shown) having control of a pair of personal devices selects goods to be purchased and determines the retailerId. The retailerId can be provided to the User in a variety of ways including based on geographical location, broadcast of retailers id on a local wireless network, entry of the retailerId manually or through Off the Record OTR means (such as a qr code or optical scan). One of the personal devices is equipped with a a user interface UI (including for example a touch screen, not illustrated). This personal device may be used as aCoordinating Device 10 by the User. Through the UI, the User indicates he or she wants to initiate the transaction with the retailer. TheCoordinating Device 10 includes a transceiver (not shown) for receiving a time variable encryption key provided by the other personal device (which may be referred to as aKey Device 8 since, in this embodiment, the other personal device functions primarily to provide a time variable encryption key, which may be generated using a pseudo random number). The key is generated and transmitted wirelessly over an encrypted channel to theCoordinating Device 10 provided the devices are sufficiently close in proximity to allow the transmission signal to reach theCoordinating Device 10. In addition, a a mobile app is installed in thepersonal device 10 and includes instructions causing a processor in theCoordinating Device 10 to perform the functions described herein. In particular, the mobile app causes the processor ofCoordinating Device 10 to generate locally a second time variable encryption key which may also be based on a different pseudo random number. Thereafter, theCoordinating Device 10 uses the two encryption keys to encrypt a beginTransaction message which contains the retailerId. - It should be noted that the user could potentially supply a temporary username that it would like to use for this transaction. Alternatively, an authenticating authority (AA) 12 (which is a certification authority functioning to authenticate users) could obtain the userId from the retailer via linkage with a Retail Device 14 (i.e. a device under the control of the retailer for supplying the retailerId and other functions as described below). The
AA 12 is programmed to link the userId to the temp username for recording purposes. Also the user could supply a unique or rare “secret” that would be passed to the retailer so the retailer could show this to the user so the user could verify the retailead supplied resulted in the transaction beginning with the correct retailer. - The
AA 12 receives a beginTransaction message and decrypts it using symmetric keys generated by theAA 12 that are identical to the encryption keys generated by theKey Device 8 and theCoordinating Device 10. The process of generating identical (or corresponding) symmetric keys is understood and can be effected by key generation algorithms that start with identical seeds but which produce a series of identical keys that (even if intercepted) cannot be used to predict the next encryption key generated by the key generation algorithm. This allows theAA 12 to authenticate the user provided theAA 12 is previously informed of the identity of the user (including sensitive user information) and the seed for the encryption key generator. Using the retailerId provided to theAA 12 determines how to contact the retailer and potentially carries out sanity checks. TheAA 12 generates a unique transactionId and sends a transactionBegin request to theRetailer Device 14 residing at the retailer's location or at a location under the control of the retailer. The retailer receives the transaction begin message and confirms with the user that the transaction has begun. - In
FIG. 7 the embodiment ofFIG. 6 is now operating through theRetailer Device 14 to collect the transaction details and sends these to theCoordinating Device 10 which sends these details, in encrypted form to theAA 12 in a transactionDetails encrypted message. TheAA 12 then authenticates and decrypts the message and then sends a transactionDetails message containing the same data to the user'sCoordinating Device 10 after encrypting the message with the appropriate encryption keys. TheCoordinating Device 10 can decrypt this message, thus authenticating that the message came from theAA 12, and display the transaction details in non-encrypted form on the screen (not shown) of theCoordinating Device 10. TheCoordinating Device 10 optionally compares the transaction details to similar transaction details displayed by theRetail Device 14 if such is available to the User. - In
FIG. 8 , the embodiment ofFIGS. 6 and 7 is now operating to allow the user to review the transaction being displayed and to indicate an acceptance of its terms. To facilitate this, theCoordinating Device 10 will create a transactionAck message with an accept value and the transactionId as payload and encrypt the message with the dual encryption keys (generated in theKey Device 8 and Coordinating Device 10) and send the message to theAA 12. TheAA 12 will then take what action is required to execute the financial transaction with the appropriate parties as necessary. - In
FIG. 9 , theAA 12 of the embodiment illustrated inFIGS. 6-8 , is now sending the transactionComplete messages to the user and retailer using appropriate respective authentication and encryption methodologies indicating if the transaction has succeeded or not. It may supply a reason if the transaction fails. - The system never requires the user to actually enter or view any security data in such a way that it can be recorded. This is a very important advantage of the disclosed invention. Anytime a user is required to display keys (such as an RSA token or QR code) or enter data (such as a password), the displayed information can be recorded. This advantage of the disclosed invention will become more important in the future given the hugely expanding amount of video surveillance in use worldwide.
- A very important addition advantage in certain embodiments of the disclosed invention is that one of the personal devices (such as the device that takes the form of a wearable or implantable chip) could be used to store encrypted personal data (generated in the other personal device—e.g. the user's smartphone). In particular, sensitive data could be sent wirelessly to the first personal device (e.g. the wearable) for storage therein where it can be held in encrypted form available only to the user and unavailable to third parties having no direct physical possession of the body mounted computer. Since the data would be stored outside of the smartphone it would not be compromised upon the loss or theft of the user's smartphone. At the same time, the personal information would only exist within the memory of the wearable and would be encrypted so that it could not be retrieved by anyone without the cooperation and knowledge of the user.
- An important advantage of the disclosed invention derives from the ability of both personal devices to serve as a coordinating device by providing both devices with a user interface UI In particular, if the two devices take the form of a paired smartwatch and smartphone, the smartwatch can serve to display relatively common, simple transaction details such as the purchase of a cup of coffee. In such circumstances, the smartwatch display could be used to display the simple transaction details requiring the user to merely touch the smartwatch screen to indicate approval thereby obviating the need to remove the user's smartphone from his/her pocket or purse. Where a more complicated transaction is being considered, the larger display of a smartphone, tablet, laptop or even desktop would be better suited.
- Another important advantage of the present invention over the invention disclosed in the '397 patent is that the handheld device of the '397 invention can be replaced by second wearable device, physically separated from the wearable key generating device, having an external configuration suitable to be mounted or worn on (or implanted in) a user's body. This second wearable device includes a wireless receiver for receiving the key signal transmitted by the wearable key generating device for use in forming an encrypted signal in accordance with a predetermined encryption/decryption algorithm including information relating to the user's identity all as disclosed more fully in the '397 patent.
- The pair of devices used in this improved authentication system would permit greatly expanded functionality over the functions disclosed in the '397 patent. In particular, the first device could take the form of a permanently mounted device (such as a subcutaneous chip) and could operate a display that is generated by an implant in the eye of the user or as part of a pair of eyeglasses that is capable of creating a virtual image in the view of the user. In this configuration, the eyeglasses could form the second wearable device. The second device could also take the form of a semi-permanently mounted device (such as a smartwatch) that includes a user interface allowing the user to enter commands/information on the touch sensitive surface of a display. The touch sensitive surface to also respond to finger movements to control the location of a cursor movable throughout the image created by the eyeglass or eye implanted chip for generating a viewable image in the field of view of the user.
-
Phase 1 locd and authenticated session is established between the coordinating device and the retail endpoint. Care must be taken to reduce the opportunity for a man the middle attack. In particular, care must be taken to ensure that the client is connected to the actual retail endpoint, instead of a man in the middle or impostor. The danger here is that some entity could masquerade as the retail outlet. Such an entity could appear o be the retailer to the customer, and the customer to the retailer. Such an entity could then intercept the retailer's data, discard it, and replace it with a transaction of its own, substituting itself as the retail party. - Well known methods for avoiding this problem include Chain of trust certificates. While not full proof, two available solutions are:
-
- 1. Use the AA as an intermediary, that can authenticate both parties and decrypt and re-encrypt data meant for the counterparty.
- 2. Use public keys for each—the challenge here is where to retain these public keys. The AA presents a logical repositor
- 3. Use chain of trust
- 4. Retailer and Consumer share a secret Tia an off the record (OTR) channel. This could be the retailerID, or some other secret key that allows authentication of the these parties in future communications.
- 5. The AA can be promoted to to provide encryption keys or the retailer id to the interested parties. This can be done dynamically or in a cached manner on the syferex applications.
- 6. The AA can be used as an intermediary
- 7. Retail terminal and the user device display a representation of the transaction details including all of the required details above (most importantly the retailerId). This representation (visual hash, hash code, qr code etc or other Off The Record (OTR) channel would be compared by the user and if they match, the user would submit to the authentication authority.
- 8. The retailer provides a code to represent the transaction and sends an encrypted copy to the AA. The user could then get the transaction id from the retailer using OTR and request a copy of the transaction from the AA via an encrypted request. The AA can send a transaction summary to the user encrypting it using the user's Syferex keys. The user can review the transaction, then approve by sending an ack message to the AA encrypted with the user keys.
- Phase 2: transaction details are presented to client
- the retail endpoint provides transaction details to the client.
- required components of transaction details:
-
- unique (to the retail+user pair) id of transaction
- retailer Syferex Id
- amount charged
- options components:
-
- list of items being purchased
- other details the retailer wants to display to user at time of purchase (company logo, advertisements, etc)
- Phase 3: Encryption of transaction record and submission to authentication authority.
- User can review details of the transaction and accept or decline the purchase. For ease of use, all interaction on the user's part needs to be done through a single device (though it should also be possible for either Consumer device to be used as the coordinating device). Upon accepting the transaction the Syferex software on the coordinating device will generate its own key and request a paired key from the key device. The coordinating device would then use the 2 keys to encrypt the message with the required transaction information listed above provided by the retailer in a manner such that only the authenticating authority can decrypt it. This package can then be forwarded either to the retailer or to the authentication authority directly from the user device. The implementation must ensure that the user need not take any action (input no password or details) for the authentication information to be created and forwarded. The Syferex software handles this seamlessly when prompted by the accepting of the transaction.
- Phase 4: Authentication by authentication authority:
- Upon receipt of the transaction package from the user device the Authentication Authority will decrypt the package and using the consumeriD in the package compare the 2 keys provided with its local key store to determine if the Consumer is indeed who she claims to be. It will then examine the transaction details to ensure this is a unique transaction that has not been previously approved. If approved the authentication authority will either contact the financial institution with the transaction details and identification of the user, or possibly release these kinds itself. At this point, the AA can execute the financial transaction by, for example, authorizing a Financial institution to undertake to complete the transaction and by accepting conditional legal and financial responsibility (in exchange for a modest fee) for the consequences should the identity of the consumer prove to be incorrect. All parties to the transaction will benefit by elimination of significant opportunities for fraudulent actions that exist in most financial transactions that take place in the retail environment where credit is extended to the user or even cash is now used by the purchaser.
- Instead of the user collecting the transaction details and retailerid and submitting the transaction to the AA to be forwarded to the retailer and matched to a pending transaction on the retailer's local system (the checkout counter for example), the user could supply their UserID (via broadcast or OOB channel) to the retailer. Since the retailer already has the other components of the the transaction (the products, cost and retailerID) the retailer can add the usead to the pending transaction information and send it securely to the AA. The AA then can ensure that the transaction summary is forwarded to the specified user for approval. The advantage here is two fold: existing retail hardware used for retail transactions (product scanner, inventory verification, receipt generator) etc can be leveraged. Additionally, the human motivation to inject erroneous userids into the transaction are limited. Such a compromised transaction would result in the AA sending the transaction to the injected user, who would then have the option to reject the transaction or accept it. In the case this transaction is accepted the actual user would not lose money. The retailer would receive the funds expected and the true user should be able to identify the fraud (i e. the transaction would never be forwarded to the true user for approval). Such a scenario would of course be undesirable and systems and policies would and can be instituted to eliminate or reduce the possibility of this type of fraud happening,
- Secure area access control will be enhanced by the increased accuracy and convenience of the present invention over prior art access control devices.
- It should be further noted that the User device could create a complex key and encode userId with said key to the retailer. Then the retailer could receive the encrypted user id and provide inventory of the purchase to the user along with a selection of random data options (colors, icons, numbers) via a line of sight interaction (displayed on a screen for instance). Thereafter, the user selects one of these options and this selection is included in the transaction summary that is encoded by the retailer and sent to the AA. This message therefore includes
-
- The userid encoded by the users syferex complex key (only AA can decrypt)
- The transaction details (items and price)
- The secret selected by the user
- The retailer id
- The entire message is encrypted (possibly using the public key of the AA or maybe the syferex key of the retailer)
- The AA decrypts the package and authenticates the user by proving that it can only decrypt the users id with the user's syferex key. It confirms that the transaction is valid (user has sufficient funds) and then encrypts a summary of the transaction and the secret selected by the user with the users syferex key and send it to the user. The user can confirm that the transaction is valid and ack the transaction back to the AA who will the process the transaction. This ack must contain a copy of the transaction details to ensure that it is only usable for the current transaction (otherwise nefarious actors could replay this ack for multiple copies of the same transaction (transaction ID should accomplish this)
- To “man in the middle” MIM attack this transaction, the MIM will need to fake the inventory of the transaction (can be done, for instance, at Starbuck's most transactions are a large coffee) and the secret chosen by the user [not easy to fake by the MIM, though possible by observing the OTR channel (watching the user select the secret)].
- Additionally, other combinations, admissions, substitutions and modifications will be apparent to the skilled artisan in view of the disclosure herein. Accordingly, the present invention is not intended to be limited by the description of the various embodiments but is to be defined by a reference to the appended claims.
Claims (21)
1-30. (canceled)
31. An encryption system operating in accordance with an encryption/decryption algorithm using first and second separately unique encryption keys, comprising
A. a first user controlled computing device under the control of the user for generating said first encryption key using an encryption key generating algorithm, said first user controlled computing device including a key transmitter for transmitting wirelessly said first encryption key;
B. a second user controlled computing device, operating as a coordinating device under the control of the user, for generating said second encryption key using the encryption key generating algorithm, said second user controlled computing device including
i. a key receiver for receiving the first encryption key, and
ii. a message transmitter for transmitting said encrypted message; and
C. an encrypting signal processor for forming said encrypted message using said first and second encryption keys in accordance with said encryption/decryption algorithm, whereby said encrypted message may be transmitted wirelessly and decrypted securely using said first and second keys in accordance with the encryption/decryption algorithm.
32. An encryption system as defined by claim 1, wherein said encrypting signal processor is located within one of said user controlled computing devices.
33. An encryption system as defined by claim 1, wherein said encrypting signal processor is located in a remote computer.
34. An encryption system as defined by claim 1, wherein said first user controlled computing device includes said encrypting signal processor and said second personal device includes a second encrypting signal processor.
35. An encryption system as defined by claim 1, wherein one of said first and second user controlled computing devices includes a user interface for forming a user coordination device allowing wireless transmission of the encrypted message securely without requiring the user to employ viewable security data.
36. An encryption system as defined by claim 1, wherein both of said first and second user controlled computing devices includes a user interface for enabling user interaction with the encryption system whereby the user may elect to use either device as a user coordination device and allowing wireless transmission of the encrypted message securely without requiring the user to employ viewable security data.
37. An encryption system as defined by claim 1, wherein one or both of said first and second controlled computing devices has an external configuration suitable to be mounted or worn on a user's body.
38. An encryption system as defined by claim 1, wherein one or both of said first and second user controlled computing devices has an external configuration suitable to be held in the user's hand.
39. An encryption system as defined by claim 1, wherein one of said first and second user controlled computing devices has an external configuration suitable to be mounted on a user's body and the other user controlled computing device has an external configuration suitable to be held in a user's hand.
40. An encryption system as defined by claim 1, wherein one of said user controlled computing devices has an external configuration suitable for being implanted in the user subcutaneously.
41. An encryption system as defined in claim 1, wherein said encrypting signal processor is located in a remote computer.
42. A user controlled handheld computing device for use in an encryption system operating in accordance with an encryption/decryption algorithm requiring first and second encryption keys and wirelessly connected to a body mounted user controlled computing device operating to generate and wirelessly broadcast a first encryption key, comprising
A. a key receiver for receiving wirelessly the first encryption key from the body mounted user controlled computing device,
B. an encryption key generator for generating the second encryption key,
C. an encrypting signal processor for forming an encrypted message using the first and second encryption keys in accordance with an encryption/decryption algorithm, and
D. a wireless transmitter for transmitting wirelessly said encrypted message securely without requiring the user to employ viewable security data.
43. A user controlled handheld computing device as defined by claim 12, wherein said encrypting signal processor is located within said user controlled handheld computing device.
44. A user controlled handheld computing device as defined by claim 12, wherein said encrypting signal processor is located in a remote computer.
45. A user controlled handheld computing device as defined by claim 12, wherein a second encrypting signal processor is located within the body mounted user controlled computer.
46. A user controlled handheld computing device as defined by claim 12, further including a first user interface for forming a user coordination device.
47. A user controlled handheld computing device as defined by claim 16 adapted to wirelessly communicate with a body mounted user controlled computing device having a second user interface whereby the user may elect to use either computing device as a coordination device.
48. A body mountable user controlled computing device for use in an encryption system operating in accordance with an encryption/decryption algorithm requiring first and second encryption keys and wirelessly connected to a handheld user controlled computing device operating to generate and wirelessly broadcast a first encryption key, comprising
A. a key receiver for receiving wirelessly the first encryption key from the handheld user controlled computing device,
B. an encryption key generator for generating the second encryption key,
C. an encrypting signal processor for encrypting an encrypted message using the first and second encryption keys in accordance with an encryption/decryption algorithm, and
D. a wireless transmitter for transmitting wirelessly said encrypted message securely without requiring the user to employ viewable security data.
49. A body mountable user controlled computing device as defined by claim 18, further including a first user interface for enabling user interaction with the user controlled handheld computing device.
50. A body mountable user controlled computing device as defined by claim 19 adapted to wirelessly communicate with a handheld user controlled computing device having a second user interface whereby the user may elect to use either computing device as a coordination device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/717,650 US20220311610A1 (en) | 2018-05-11 | 2022-04-11 | Authentication system using paired, role reversing personal devices |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201862670363P | 2018-05-11 | 2018-05-11 | |
US16/409,552 US11303447B2 (en) | 2018-05-11 | 2019-05-10 | Authentication system using paired, role reversing personal devices |
US17/717,650 US20220311610A1 (en) | 2018-05-11 | 2022-04-11 | Authentication system using paired, role reversing personal devices |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/409,552 Continuation US11303447B2 (en) | 2018-05-11 | 2019-05-10 | Authentication system using paired, role reversing personal devices |
Publications (1)
Publication Number | Publication Date |
---|---|
US20220311610A1 true US20220311610A1 (en) | 2022-09-29 |
Family
ID=68463397
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/409,552 Active 2040-10-07 US11303447B2 (en) | 2018-05-11 | 2019-05-10 | Authentication system using paired, role reversing personal devices |
US17/717,650 Abandoned US20220311610A1 (en) | 2018-05-11 | 2022-04-11 | Authentication system using paired, role reversing personal devices |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/409,552 Active 2040-10-07 US11303447B2 (en) | 2018-05-11 | 2019-05-10 | Authentication system using paired, role reversing personal devices |
Country Status (1)
Country | Link |
---|---|
US (2) | US11303447B2 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8341397B2 (en) * | 2006-06-26 | 2012-12-25 | Mlr, Llc | Security system for handheld wireless devices using-time variable encryption keys |
KR101840013B1 (en) * | 2017-10-20 | 2018-03-19 | 주식회사 단솔플러스 | Proximity payment system using inaudible sound wave technology |
US11610012B1 (en) * | 2019-11-26 | 2023-03-21 | Gobeep, Inc. | Systems and processes for providing secure client controlled and managed exchange of data between parties |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5029207A (en) * | 1990-02-01 | 1991-07-02 | Scientific-Atlanta, Inc. | External security module for a television signal decoder |
US5124117A (en) * | 1989-08-07 | 1992-06-23 | Matsushita Electric Industrial Co., Ltd. | Cryptographic key distribution method and system |
US7590238B2 (en) * | 2006-09-21 | 2009-09-15 | International Business Machines Corporation | Managing device keys in cryptographic communication |
US7594114B2 (en) * | 2002-09-16 | 2009-09-22 | General Electric Company | Authentication apparatus and method for universal appliance communication controller |
US7661001B2 (en) * | 2003-09-26 | 2010-02-09 | Victor Company Of Japan, Ltd. | Information-signal encrypting apparatus and information-signal decrypting apparatus |
US10693626B2 (en) * | 2014-04-23 | 2020-06-23 | Agency For Science, Technology And Research | Method and system for generating/decrypting ciphertext, and method and system for searching ciphertexts in a database |
US11080414B2 (en) * | 2015-05-22 | 2021-08-03 | Huawei Device Co., Ltd. | Cryptographic unit for public key infrastructure (PKI) operations |
US11153287B2 (en) * | 2015-07-06 | 2021-10-19 | Samsung Electronics Co., Ltd | Method, apparatus, and system for monitoring encrypted communication session |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7707420B1 (en) * | 1999-06-23 | 2010-04-27 | Research In Motion Limited | Public key encryption with digital signature scheme |
CN103119976B (en) * | 2010-09-15 | 2016-11-02 | 瑞典爱立信有限公司 | Communication network sends protected data via temporary location |
US10129211B2 (en) * | 2011-09-15 | 2018-11-13 | Stephan HEATH | Methods and/or systems for an online and/or mobile privacy and/or security encryption technologies used in cloud computing with the combination of data mining and/or encryption of user's personal data and/or location data for marketing of internet posted promotions, social messaging or offers using multiple devices, browsers, operating systems, networks, fiber optic communications, multichannel platforms |
US8935769B2 (en) * | 2012-09-28 | 2015-01-13 | Liveensure, Inc. | Method for mobile security via multi-factor context authentication |
US9215075B1 (en) * | 2013-03-15 | 2015-12-15 | Poltorak Technologies Llc | System and method for secure relayed communications from an implantable medical device |
US9270448B2 (en) * | 2014-03-11 | 2016-02-23 | The Texas A&M University System | Encryption key distribution system and method |
KR102117028B1 (en) * | 2014-10-07 | 2020-06-09 | 삼성전자주식회사 | Method and apparatus for pairing in a wireless communication system |
WO2016118131A1 (en) * | 2015-01-22 | 2016-07-28 | Hewlett Packard Enterprise Development Lp | Session key repository |
US10079674B2 (en) * | 2015-02-26 | 2018-09-18 | New York University | Systems and methods for privacy-preserving functional IP verification utilizing fully homomorphic encryption |
US9913137B2 (en) * | 2015-09-02 | 2018-03-06 | Huawei Technologies Co., Ltd. | System and method for channel security |
US11004125B2 (en) * | 2016-04-01 | 2021-05-11 | OneTrust, LLC | Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design |
US10559049B2 (en) * | 2016-04-19 | 2020-02-11 | International Business Machines Corporation | Digital passport country entry stamp |
US10592692B2 (en) * | 2016-06-10 | 2020-03-17 | OneTrust, LLC | Data processing systems for central consent repository and related methods |
US10909488B2 (en) * | 2016-06-10 | 2021-02-02 | OneTrust, LLC | Data processing systems for assessing readiness for responding to privacy-related incidents |
US10708305B2 (en) * | 2016-06-10 | 2020-07-07 | OneTrust, LLC | Automated data processing systems and methods for automatically processing requests for privacy-related information |
US10572686B2 (en) * | 2016-06-10 | 2020-02-25 | OneTrust, LLC | Consent receipt management systems and related methods |
US11057356B2 (en) * | 2016-06-10 | 2021-07-06 | OneTrust, LLC | Automated data processing systems and methods for automatically processing data subject access requests using a chatbot |
WO2018035228A1 (en) * | 2016-08-16 | 2018-02-22 | iDevices, LLC | Secure authentication of devices without server assistance or pre-shared credentials |
FR3058604B1 (en) * | 2016-11-09 | 2022-12-16 | Sigfox | METHOD AND DEVICE FOR TRANSMITTING ENCRYPTED DATA, METHOD AND DEVICE FOR DATA EXTRACTION |
US10594668B1 (en) * | 2016-12-01 | 2020-03-17 | Thales Esecurity, Inc. | Crypto Cloudlets |
US10819512B2 (en) * | 2017-11-16 | 2020-10-27 | Simmonds Precision Products, Inc. | Multiple transceivers for wireless key update |
CN109728910A (en) * | 2018-12-27 | 2019-05-07 | 北京永恒纪元科技有限公司 | A kind of efficient thresholding distribution elliptic curve key generates and endorsement method and system |
-
2019
- 2019-05-10 US US16/409,552 patent/US11303447B2/en active Active
-
2022
- 2022-04-11 US US17/717,650 patent/US20220311610A1/en not_active Abandoned
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5124117A (en) * | 1989-08-07 | 1992-06-23 | Matsushita Electric Industrial Co., Ltd. | Cryptographic key distribution method and system |
US5029207A (en) * | 1990-02-01 | 1991-07-02 | Scientific-Atlanta, Inc. | External security module for a television signal decoder |
US7594114B2 (en) * | 2002-09-16 | 2009-09-22 | General Electric Company | Authentication apparatus and method for universal appliance communication controller |
US7661001B2 (en) * | 2003-09-26 | 2010-02-09 | Victor Company Of Japan, Ltd. | Information-signal encrypting apparatus and information-signal decrypting apparatus |
US7590238B2 (en) * | 2006-09-21 | 2009-09-15 | International Business Machines Corporation | Managing device keys in cryptographic communication |
US10693626B2 (en) * | 2014-04-23 | 2020-06-23 | Agency For Science, Technology And Research | Method and system for generating/decrypting ciphertext, and method and system for searching ciphertexts in a database |
US11080414B2 (en) * | 2015-05-22 | 2021-08-03 | Huawei Device Co., Ltd. | Cryptographic unit for public key infrastructure (PKI) operations |
US11153287B2 (en) * | 2015-07-06 | 2021-10-19 | Samsung Electronics Co., Ltd | Method, apparatus, and system for monitoring encrypted communication session |
Non-Patent Citations (1)
Title |
---|
Rene Mayrhofer; Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices; IEEE:2009; pages:792-806 * |
Also Published As
Publication number | Publication date |
---|---|
US20190349196A1 (en) | 2019-11-14 |
US11303447B2 (en) | 2022-04-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US12015913B2 (en) | Security system for handheld wireless devices using time-variable encryption keys | |
US10595201B2 (en) | Secure short message service (SMS) communications | |
US10560444B2 (en) | Methods, apparatuses and systems for providing user authentication | |
US20180144114A1 (en) | Securing Blockchain Transactions Against Cyberattacks | |
US9338163B2 (en) | Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method | |
US8850218B2 (en) | OTP generation using a camouflaged key | |
US20220311610A1 (en) | Authentication system using paired, role reversing personal devices | |
US20150324789A1 (en) | Cryptocurrency Virtual Wallet System and Method | |
US20140258718A1 (en) | Method and system for secure transmission of biometric data | |
WO2013044192A2 (en) | Securing transactions against cyberattacks | |
CN108401494B (en) | Method and system for transmitting data | |
US10771970B2 (en) | Method of authenticating communication of an authentication device and at least one authentication server using local factor | |
US20220407693A1 (en) | Method and device for secure communication | |
TW202006604A (en) | System and method of financial services certification | |
KR101394147B1 (en) | How to use Certificate safely at Mobile Terminal | |
JP2017534961A (en) | User authentication method, corresponding terminal and authentication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |