Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Hardware-Based Zero-Knowledge Strong Authentication (H0KSA)

a technology of strong authentication and zero-knowledge, applied in the field of secure financial transactions, to achieve the effect of reducing the risk of fraudulent purchases

Inactive Publication Date: 2010-12-02
PAYPAL INC
View PDF19 Cites 97 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0012]In another embodiment, a consumer electronic device—for example but not limited to: a personal computer (PC), a laptop, a mobile phone, an NFC-enabled mobile device, a NetTop or NetTV—determines whether a proper SIM card (or UICC, for example, or other uniquely identifiable available network communication element appropriate to the device) is present, whether a connection to the mobile network operator is present, whether data has been changed in the device's embedded SE, and whether an actual SIM card is present. Based on these conditions, the user is allowed, e.g., by a Trusted Remote Attestation Agent (TRAA), specific use of the device for NFC payments, for example, or other OTA or wirelessly conducted transactions. More specifically, for example, an NFC-enabled mobile device may have TRAA software running on an embedded SE in the device. The embedded SE is in communication with the device SIM card. The TRAA software runs to check whether data in the secure element has been changed. If so, and there has been no confirmation from the TSM or TIM through the mobile network, the device is locked and cannot be used until confirmation of the change can be made, such as through the TSM or a call to the FSP. TRAA also checks whether the SIM card present is actually the SIM card used to provision the phone (the provisioning SIM), such as by matching the SIM card unique ID with what is expected. If the SIM card is not the provisioning SIM or if a SIM card is not present, the device is held until the provisioning SIM is available. The TRAA also checks whether there is a connection to the network and TSM. Such a situation may arise, for example, when the device is in a foreign country, underground, or in a tunnel. If the provisioning SIM is not available, a predetermined transaction cap is imposed, such as $50, and transactions more than the predetermined transaction cap (or a total amount) are denied until the network becomes available again for communication with the TSM. This conditional denial reduces risk of fraudulent purchases.

Problems solved by technology

When registering a mobile device or conducting a financial transaction via any kind of consumer electronic device (CED), security is generally an issue in that data transferred wirelessly may typically include credit card and financial instrument information such as a user name, account number, a PIN, and a password, for example, that are susceptible to theft or malicious attack.
Another central issue with consumer electronic devices—such as a personal computer (PC), a laptop, mobile phone, NFC enabled mobile device, for example, or other CEDs—is the need for cooperation between the many involved parties, in addition to financial institutions, to meet the needs of the customer via a secure over-the-air link.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Hardware-Based Zero-Knowledge Strong Authentication (H0KSA)
  • Hardware-Based Zero-Knowledge Strong Authentication (H0KSA)
  • Hardware-Based Zero-Knowledge Strong Authentication (H0KSA)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030]Embodiments of the present invention relate to mobile embedded payment (MEP) systems and methods for providing secure financial transactions over a network using a Trusted Service Manager. In one embodiment, a Trusted Integrity Manager (TIM)—which may also be referred to as a Trusted Authentication Provider (TAP)—is provided in addition to a Trusted Service Manager (TSM) that manages financial-related communication between carriers, consumers, retailers, and financial institutions. The TIM (acting, e.g., as MEP system server and providing various service processes) and the ability to use the phone function (acting, e.g., as MEP client) to feed data back to the TIM are novel concepts in the financial industry. By coupling the TIM server functions to an embedded secure element (eSE) client inside the handset, a new level of verification and security may be introduced into the financial industry.

[0031]The functioning of the TIM may be considered the “trust foundation” of the TSM ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Systems and methods are provided for a device to engage in a zero-knowledge proof with an entity requiring authentication either of secret material or of the device itself. The device may provide protection of the secret material or its private key for device authentication using a hardware security module (HSM) of the device, which may include, for example, a read-only memory (ROM) accessible or programmable only by the device manufacturer. In the case of authenticating the device itself a zero-knowledge proof of knowledge may be used. The zero-knowledge proof or zero-knowledge proof of knowledge may be conducted via a communication channel on which an end-to-end (e.g., the device at one end and entity requiring authentication at the other end) unbroken chain of trust is established, unbroken chain of trust referring to a communication channel for which endpoints of each link in the communication channel mutually authenticate each other prior to conducting the zero-knowledge proof of knowledge and for which each link of the communication channel is protected by at least one of hardware protection and encryption.

Description

CROSS REFERENCE TO RELATED APPLICATIONS[0001]This application is a continuation-in-part of U.S. patent application Ser. No. 12 / 643,972, filed Dec. 21, 2009, which claims the benefit of U.S. Provisional Application No. 61 / 182,623, filed May 29, 2009, and both of which are hereby incorporated by reference.BACKGROUND[0002]1. Technical Field[0003]Embodiments of the present invention generally relate to secure financial transactions initiated from an electronic device and, more particularly, to the ability to use the phone function (e.g., of a mobile handset) to feed data back to a Trusted Integrity Manager as part of a Mobile Embedded Payment program in the financial industry to authenticate users (e.g., a consumer).[0004]2. Related Art[0005]In direct (face-to-face) or online financial transactions customers may search for and purchase products and / or services from a merchant. In the case of online shopping, transactions are conducted through electronic communications with online mercha...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/32
CPCH04L9/3218H04L9/3231H04L9/3234H04L2209/56H04L2209/805H04L63/0853G06F21/34H04L9/3271
Inventor NAHARI, HADI
Owner PAYPAL INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products