Mobile peer-to-peer authenticated transfers

Abstract

A peer-to-peer transaction security method includes authentication and identification steps for pushing an encrypted colorgram from a transaction server to a first personal trusted device. Such provides a visual key for user authentication. Persona descriptors may be included for user identification. A decryption of the colorgram is displayed on the first personal trusted device to be optically captured by a second personal trusted device. The image captured from the second personal trusted device is encrypted and uploaded to the transaction server. In some cases, the persona descriptors alone are used to build a composite rendering for identification of the first user by the second user. The second user clicks and returns an acceptance if they recognize the composite drawing as a reasonable persona of the first user.

Description

COPENDING APPLICATION[0001]This application is a Divisional of U.S. patent application Ser. No. 13 / 932,588, filed Jul. 1, 2013, and titled, CHARACTERISTICALLY SHAPED COLORGRAM TOKENS IN MOBILE TRANSACTIONS. Such application was itself a Divisional and a Continuation-In-Part of U.S. patent application Ser. No. 13 / 151,397, filed Jun. 2, 2011, and titled MOBILE TRANSACTION METHODS AND DEVICES WITH THREE-DIMENSIONAL COLORGRAM TOKENS. Such issued as U.S. Pat. No. 8,478,990 on Jul. 2, 2013.BACKGROUND OF THE INVENTION[0002]1. Field of the Invention[0003]The present invention relates generally to devices for identifying and authenticating users to other users by shaped-outline colorgram tokens. For example, a matrix of colorgram cells arranged inside a trademark recognizable outline of Pegasus, the winged flying horse, to identify products and services for a particular chain of gas stations.[0004]2. Description of Related Art[0005]So-called QR-code icons are starting to appear everywhere an...

AI Technical Summary

Problems solved by technology

The typical QR-code is black and white, square, unattractive and not particularly identified to any one company or product.

They are not the type of thing that would ordinarily catch the discerning eye of the average American consumer, because while it provides function, it lacks aesthetics.

Marketing and branding groups develop beautiful media to attract the consumer, and may then add a blocky unattractive barcode for the increasingly ubiquitous smartphones that are capable of reading a barcode.

The usual methods commonly employed to identify and authenticate users of mobile electronic appliances have generally not risen to the security levels required for non-trivial financial transactions.

Even the common two-factor authentications that require a payment card and a personal-identification-number (PIN) as what-you-have and what-you-know factors have been subject to fraud and other abuses.

On-line, card-not-present transactions have been even more difficult to secure.

But a high degree of complexity is needed to support derivations of cryptographic keys for use to secure transactions and authenticate users, such typically have a 112 bit minimum entropy requirement.

Such users are also overly challenged when required to have a different passcode for every secure website they visit.

Most users simply repeat the use of a few favorite passcodes and then don't change them often enough.

Such passcodes are thus easily compromised via brute force or by carrying over an attack on one website to another.

Barcodes and conventional one or two dimensional (1D, 2D) codes do not have the data storage capacity needed to make an effective what-you-know security factor out of them.

Such traditional devices are so limited that they could not be expected to carry much information.

When smartphones and other personal mobile electronic devices are used for secure access and to make consumer financial transactions, the loss of the device can be devastating and costly unless appropriate measures are taken.

Such a system may be appropriate for on-line transactions and desktop computer-based transactions, but has not been applied to peer-to-peer transactions using mobile devices.

But the screens on smartphones have a limited color gamut and smaller displays.

Highly secure user identification and authentication remains a problem with this fledgling bump technology where phone numbers are the only passcode, in addition to unique, but easily accessed, mobile device-related data from SIM cards, UUID / UDID, MAC address, etc.

Images