Browse Prior Art Database

System and Method to provide additional authentication on Smartphones when communicating with a registed financial institution

IP.com Disclosure Number: IPCOM000243880D
Publication Date: 2015-Oct-26
Document File: 6 page(s) / 101K

Publishing Venue

The IP.com Prior Art Database

Abstract

An approach to use a unique value on a digital device coupled with a registration value from a financial institution combined with the date and time to form a seed to create a random number that can be created both on the digital device and within the financial institution as a means to prove that the registered digital device is indeed the device that is making the financial transaction. The random number is supplied with the financial transaction and is checked along with user ID and password to approve the financial transaction.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 6

System and Method to provide additional authentication on Smartphones when communicating with a registed financial institution

Currently when a mobile device starts a financial transaction it may require the user to supply a password, or for a higher value transaction may require the user to be sent a short life password sent via short message service (SMS) to start the financial transaction. In some cases usually for low value financial transactions, the user may not even need to be logged onto their mobile device, in this case the mobile device (e.g. smartphone) which is Near Field Communication (NFC) enabled can be placed near a contactless payment terminal. The issue here is how strong are the authentication processes to prevent some unauthorised entity simulating the user and their digital device from information illegally obtained from retail outlets the user has has interaction(s) with.

This invention provides additional authentication information. At the time of the transaction is made using the mobile device, an additional value is created as a random number and is also supplied. At the financial institution, they can use the transaction time and other data supplied at an original registration time to recreate the random number. Should they not match it will imply that someone has commenced a financial transaction but is not using the same mobile device that was registered with it. The idea of using time is to provide another component of the random number seed that is used to create the random number, is to enable both ends of the transaction to generate the same random number to be used as an authentication method.

Description

Description:

::

Definitions

Mobile Device - is any device enabled for NFC ( e.g. smart phone) and or capable of communicating on a phone system (mobile phone)

Near Field Communication - a contactless short-range low power wireless link

Seed - this is a number supplied to a pseudo random number generator to generate a random number

Operation

There are two phases


1. Registration

For each mobile device a user wants to use for a financial transaction, they need to register it with the financial institution.

1



Page 02 of 6

Step

Description

Description

110 The user uses his mobile to connect to the financial institution, it is assumed that the user already has an account with online access to this Financial Institution

120 The user downloads from the Financial Institution their registration software

130 The user requests a seed portion from the Financial Institution. This is a number generated by the

Financial Institution and would be unique to this user's account.

140 The user using the registration software supplies a hardware unique identifier for his mobile device e.g.

the Android_ID from ANDROID smartphones.

2



Page 03 of 6

150 The registration software will combi...