Authentication for a commercial transaction using a mobile module
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/00
G06Q-020/02
G06Q-020/40
G06Q-030/06
G06Q-020/32
G06Q-020/12
G06Q-020/42
G06Q-020/38
G06Q-030/02
출원번호
US-0379143
(2006-04-18)
등록번호
US-8996423
(2015-03-31)
발명자
/ 주소
Johnson, Bruce E.
Webster-Lam, Chung
출원인 / 주소
Microsoft Corporation
대리인 / 주소
Sullivan, Kevin
인용정보
피인용 횟수 :
22인용 특허 :
19
초록▼
Current embodiments provide for authorization and payment of an online commercial transaction between a purchaser and a merchant including verification of an identity of the purchaser and verification of an ability of the purchaser to pay for the transaction, where the identity provider and the paym
Current embodiments provide for authorization and payment of an online commercial transaction between a purchaser and a merchant including verification of an identity of the purchaser and verification of an ability of the purchaser to pay for the transaction, where the identity provider and the payment provider are often different network entities. Other embodiments also provide for protocols, computing systems, and other mechanisms that allow for identity and payment authentication using a mobile module, which establishes single or multilevel security over an untrusted network (e.g., the Internet). Still other embodiments also provide for a three-way secure communication between a merchant, consumer, and payment provider such that sensitive account information is opaque to the merchant, yet the merchant is sufficiently confident of the consumer's ability to pay for requested purchases. In yet another embodiment, electronic billing information is used for authorization, auditing, payment federation, and other purposes.
대표청구항▼
1. At a first computing device in a distributed network environment, a method of authenticating the first computing device to a second computing device using a mobile module of a third computing device which is connected to the first computing device, the method, which is performed by the first comp
1. At a first computing device in a distributed network environment, a method of authenticating the first computing device to a second computing device using a mobile module of a third computing device which is connected to the first computing device, the method, which is performed by the first computing device, comprising: obtaining a network security token to establish transport level secure communication between a first computing device and a second computing device by performing the following:sending a request for the network security token to the mobile infrastructure via the second computing device over the network other than the radio network of the mobile infrastructure;receiving at the first computing device a network level challenge response from the mobile module;in response to the network level challenge, creating at the first computing device a response;sending the response from the first computing device to the mobile infrastructure;receiving at the first computer a network security token;sending from the first computer encrypted session keys to the mobile module;receiving at the first computer unencrypted session keys from the mobile module; andestablishing with the network security token a multilevel secure communication between the first computing device and the second computing device by performing the following:sending a request for a user token to the mobile infrastructure via the second computing device over the network other than the radio network of the mobile infrastructure;receiving at the first computing device a challenge from the mobile infrastructure;sending from the first computing device the received challenge to a mobile module of the third computing device;receiving at the first computing device a request for user credentials from the mobile module;at the first computing device prompting the user for and receiving the credentials;sending from the first computing device the credentials to the mobile module;receiving at the first computing device a challenge response sent from the mobile module;in response to the challenge, creating at the first computing device a response, and signing or encrypting the response with the network security token;sending the response from the first computing device to the mobile infrastructure;receiving at the first computing device a user token from the mobile infrastructure that includes encrypted user keys;sending from the first computing device the encrypted user keys to the mobile module;receiving at the first computing device unencrypted user keys from the mobile module; andat the first computing device, signing or encrypting one or more requests with the unencrypted user keys;sending from the first computing device to the second computing device the one or more requests;in response to the one or more requests, the first computing device receiving from the second computing device one or more service tokens. 2. The method of claim 1 wherein the mobile module is a subscriber identity module (SIM) card. 3. The method of claim 1 wherein the third computing device is connected to the first computing device via one of a wired or wireless connection. 4. The method of claim 3 wherein the wired connection is a USB connection and the wireless connection is a Bluetooth connection. 5. The method of claim 1 wherein the network is the internet. 6. The method of claim 1 wherein the credentials are encrypted using the session keys that were received in the network security token. 7. The method of claim 1, further comprising: receiving one or more service tokens from the second computing device. 8. The method of claim 7, wherein at least one of the one or more service tokens includes information that identifies the mobile module. 9. The method of claim 7, wherein at least one of the one or more service tokens includes information regarding the identity of the user. 10. The method of claim 7, wherein at least one of the one or more service tokens includes information that verifies the ability of the user to pay for services provided by a third party server. 11. The method of claim 7, further comprising: sending at least one of the one or more service tokens to a third party server to authenticate the identity of the user in a request to access a service provided on the third party server. 12. One or more computer storage media, each comprising hardware storing computer executable instructions which when executed by a processor perform a method, on a first computing device in a distributed network environment, for authenticating the first computing device to a second computing device using a mobile module of a third computing device which is connected to the first computing device, the method comprising: obtaining a network security token to establish transport level secure communication between a first computing device and a second computing device by performing the following:sending a request for the network security token to the mobile infrastructure via the second computing device over the network other than the radio network of the mobile infrastructure;receiving at the first computing device a network level challenge response from the mobile module;in response to the network level challenge, creating at the first computing device a response;sending the response from the first computing device to the mobile infrastructure;receiving at the first computer a network security token;sending from the first computer encrypted session keys to the mobile module;receiving at the first computer unencrypted session keys from the mobile module; andestablishing with the network security token a multilevel secure communication between the first computing device and the second computing device by performing the following:sending a request for a user token to the mobile infrastructure via the second computing device over the network other than the radio network of the mobile infrastructure;receiving at the first computing device a challenge from the mobile infrastructure;sending from the first computing device the received challenge to a mobile module of the third computing device;receiving at the first computing device a request for user credentials from the mobile module;at the first computing device prompting the user for and receiving the credentials;sending from the first computing device the credentials to the mobile module;receiving at the first computing device a challenge response sent from the mobile module;in response to the challenge, creating at the first computing device a response, and signing or encrypting the response with the network security token ;sending the response from the first computing device to the mobile infrastructure;receiving at the first computing device a user token from the mobile infrastructure that includes encrypted user keys;sending from the first computing device the encrypted user keys to the mobile module;receiving at the first computing device unencrypted user keys from the mobile module; andat the first computing device, signing or encrypting one or more requests with the unencrypted user keys;sending from the first computing device to the second computing device the one or more requests;in response to the one or more requests, the first computing device receiving from the second computing device one or more service tokens. 13. The one or more computer storage media of claim 12 wherein the mobile module is a subscriber identity module (SIM) card. 14. The one or more computer storage media of claim 12 wherein the third computing device is connected to the first computing device via one of a wired or wireless connection. 15. The one or more computer storage media of claim 14 wherein the wired connection is a USB connection and the wireless connection is a Bluetooth connection. 16. The one or more computer storage media of claim 12 wherein the network is the internet. 17. The one or more computer storage media of claim 12 wherein the credentials are encrypted using the session keys that were received in the network security token. 18. The one or more computer storage media of claim 12, wherein the stored computer executable instructions when executed by the processor further perform the following: receiving one or more service tokens from the second computing device. 19. The one or more computer storage media of claim 18, wherein at least one of the one or more service tokens includes information that identifies the mobile module. 20. The one or more computer storage media of claim 18, wherein at least one of the one or more service tokens includes information regarding the identity of the user. 21. The one or more computer storage media of claim 18, wherein at least one of the one or more service tokens includes information that verifies the ability of the user to pay for services provided by a third party server. 22. The one or more computer storage media of claim 18, wherein the stored computer executable instructions when executed by the processor further perform the following: sending at least one of the one or more service tokens to a third party server to authenticate the identity of the user in a request to access a service provided on the third party server.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (19)
Haverinen,Henry; Honkanen,Jukka Pekka; Kuikka,Antti; Asokan,Nadarajah; Flykt,Patrik; Ala Laurila,Juha; Rinnemaa,Jyri; Takam채ki,Timo; Vuonnala,Raimo; Ekberg,Jan Erik; Mikkonen,Tommi; Aalto,Petri; Hon, Authentication in a packet data network.
Lindemann, Brian; Barbour, Daniel R., Replacement of externally mounted user interface modules with software emulation of user interface module functions in embedded processor applications.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Grigg, David M.; Johansen, Joseph Neil; Toth, Michael E.; Carpenter, Daniel Lynn; Qaim-Maqami, Hood; Hanson, Carrie Anne; Votaw, Elizabeth S., Authentication level of function bucket based on circumstances.
Abe, Hiroshi; Sato, Hideo, Biological information storing apparatus, biological authentication apparatus, data structure for biological authentication, and biological authentication method.
Votaw, Elizabeth S.; Jones-McFadden, Alicia C.; Grigg, David M.; Bertanzetti, Peter John; Toth, Michael E.; Hanson, Carrie Anne, Determining user authentication based on user/device interaction.
Grigg, David M.; Bertanzetti, Peter John; Burrell, Charles Jason; Hanson, Carrie Anne; Johansen, Joseph Neil; Toth, Michael E., Determining user authentication requirements along a continuum based on a current state of the user and/or the attributes related to the function requiring authentication.
Grigg, David M.; Bertanzetti, Peter John; Burrell, Charles Jason; Hanson, Carrie Anne; Johansen, Joseph Neil; Toth, Michael E., Determining user authentication requirements based on the current location of the user in comparison to the users's normal boundary of location.
Bondesen, Laura Corinne; Blackhurst, Jason P.; Harkey, Scott Lee; Belchee, William Blakely; Brunswig, Tammy L., Formation and funding of a shared token.
Bondesen, Laura Corinne; Blackhurst, Jason P.; Harkey, Scott Lee; Belchee, William Blakely; Brunswig, Tammy L., Online banking digital wallet management.
Bondesen, Laura Corinne; Blackhurst, Jason P.; Harkey, Scott Lee; Belchee, William Blakely; Brunswig, Tammy L., Online banking digital wallet management.
Bondesen, Laura Corinne; Blackhurst, Jason P.; Harkey, Scott Lee; Belchee, William Blakely; Brunswig, Tammy L., Online banking digital wallet management.
Bondesen, Laura Corinne; Blackhurst, Jason P.; Harkey, Scott Lee; Belchee, William Blakely; Brunswig, Tammy L., Providing offers associated with payment credentials authenticated in a specific digital wallet.
Grigg, David M.; Johansen, Joseph Neil; Hanson, Carrie Anne; Burrell, Charles Jason; Votaw, Elizabeth S., Self-selected user access based on specific authentication types.
Chambers, Ryan; Martin, Anthony; Guild, Dana R., Token generation in providing a secure credit card payment service without storing credit card data on merchant servers.
Grigg, David M.; Bertanzetti, Peter John; Burrell, Charles Jason; Hanson, Carrie Anne; Johansen, Joseph Neil; Toth, Michael E.; Votaw, Elizabeth S., User authentication based on other applications.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.