AUTHENTICATION SYSTEM USING PAIRED, ROLE REVERSING PERSONAL DEVICES

Abstract

An authentication system is provided for authenticating users in accordance with an encryption/decryption algorithm using first and second separately unique encryption keys that are time variable and are uniquely associated with each user, having a first user controlled computing device under the control of the user for generating said first encryption key using an encryption key generating algorithm. The first user controlled computing device includes a key transmitter for transmitting wirelessly within the immediate vicinity of the user the first encryption key, a second user controlled computing device, operating as a coordinating device under the control of the user, for generating the second encryption key using the encryption key generating algorithm. The second user controlled computing device includes a key receiver for receiving the first encryption key.

Claims

1-30. (canceled)

31. An encryption system operating in accordance with an encryption/decryption algorithm using first and second separately unique encryption keys, comprising A. a first user controlled computing device under the control of the user for generating said first encryption key using an encryption key generating algorithm, said first user controlled computing device including a key transmitter for transmitting wirelessly said first encryption key; B. a second user controlled computing device, operating as a coordinating device under the control of the user, for generating said second encryption key using the encryption key generating algorithm, said second user controlled computing device including i. a key receiver for receiving the first encryption key, and ii. a message transmitter for transmitting said encrypted message; and C. an encrypting signal processor for forming said encrypted message using said first and second encryption keys in accordance with said encryption/decryption algorithm, whereby said encrypted message may be transmitted wirelessly and decrypted securely using said first and second keys in accordance with the encryption/decryption algorithm.

32. An encryption system as defined by claim 1, wherein said encrypting signal processor is located within one of said user controlled computing devices.

33. An encryption system as defined by claim 1, wherein said encrypting signal processor is located in a remote computer.

34. An encryption system as defined by claim 1, wherein said first user controlled computing device includes said encrypting signal processor and said second personal device includes a second encrypting signal processor.

35. An encryption system as defined by claim 1, wherein one of said first and second user controlled computing devices includes a user interface for forming a user coordination device allowing wireless transmission of the encrypted message securely without requiring the user to employ viewable security data.

36. An encryption system as defined by claim 1, wherein both of said first and second user controlled computing devices includes a user interface for enabling user interaction with the encryption system whereby the user may elect to use either device as a user coordination device and allowing wireless transmission of the encrypted message securely without requiring the user to employ viewable security data.

37. An encryption system as defined by claim 1, wherein one or both of said first and second controlled computing devices has an external configuration suitable to be mounted or worn on a user's body.

38. An encryption system as defined by claim 1, wherein one or both of said first and second user controlled computing devices has an external configuration suitable to be held in the user's hand.

39. An encryption system as defined by claim 1, wherein one of said first and second user controlled computing devices has an external configuration suitable to be mounted on a user's body and the other user controlled computing device has an external configuration suitable to be held in a user's hand.

40. An encryption system as defined by claim 1, wherein one of said user controlled computing devices has an external configuration suitable for being implanted in the user subcutaneously.

41. An encryption system as defined in claim 1, wherein said encrypting signal processor is located in a remote computer.

42. A user controlled handheld computing device for use in an encryption system operating in accordance with an encryption/decryption algorithm requiring first and second encryption keys and wirelessly connected to a body mounted user controlled computing device operating to generate and wirelessly broadcast a first encryption key, comprising A. a key receiver for receiving wirelessly the first encryption key from the body mounted user controlled computing device, B. an encryption key generator for generating the second encryption key, C. an encrypting signal processor for forming an encrypted message using the first and second encryption keys in accordance with an encryption/decryption algorithm, and D. a wireless transmitter for transmitting wirelessly said encrypted message securely without requiring the user to employ viewable security data.

43. A user controlled handheld computing device as defined by claim 12, wherein said encrypting signal processor is located within said user controlled handheld computing device.

44. A user controlled handheld computing device as defined by claim 12, wherein said encrypting signal processor is located in a remote computer.

45. A user controlled handheld computing device as defined by claim 12, wherein a second encrypting signal processor is located within the body mounted user controlled computer.

46. A user controlled handheld computing device as defined by claim 12, further including a first user interface for forming a user coordination device.

47. A user controlled handheld computing device as defined by claim 16 adapted to wirelessly communicate with a body mounted user controlled computing device having a second user interface whereby the user may elect to use either computing device as a coordination device.

48. A body mountable user controlled computing device for use in an encryption system operating in accordance with an encryption/decryption algorithm requiring first and second encryption keys and wirelessly connected to a handheld user controlled computing device operating to generate and wirelessly broadcast a first encryption key, comprising A. a key receiver for receiving wirelessly the first encryption key from the handheld user controlled computing device, B. an encryption key generator for generating the second encryption key, C. an encrypting signal processor for encrypting an encrypted message using the first and second encryption keys in accordance with an encryption/decryption algorithm, and D. a wireless transmitter for transmitting wirelessly said encrypted message securely without requiring the user to employ viewable security data.

49. A body mountable user controlled computing device as defined by claim 18, further including a first user interface for enabling user interaction with the user controlled handheld computing device.

50. A body mountable user controlled computing device as defined by claim 19 adapted to wirelessly communicate with a handheld user controlled computing device having a second user interface whereby the user may elect to use either computing device as a coordination device.

Description

DESCRIPTION OF THE DRAWINGS

[0034] FIG. 1 is a diagram of an embodiment of the subject invention suitable for use in a point of sale retail environment wherein the user has first and second personal devices (e.g. a Key device and a Coordinating Device) within a retailer's establishment equipped with a Retailer Device adapted to communicate with the user's Coordinating Device.

[0035] FIG. 2 is a diagram of the system disclosed in FIG. 1 in which transaction details have been transmitted from the Retail Device to the Coordinating Device for display to the user.

[0036] FIG. 3 is a diagram of the system disclosed in FIG. 1 in which the Coordinating Device is communicating with the Key Device and the Retail Device to allow generation of an encrypted message using key 1 supplied by the Key Device and key 2 generated locally by the Coordinating Device and the user ID generated in accordance with the encryption algorithm being implemented by the system (Userid).

[0037] FIG. 4 is a diagram of the system disclosed in FIG. 1 in which the encrypted message has been sent to the Authentication Authority for decryption and authentication that is communicated to the Coordinating Device.

[0038] FIG. 5 is a diagram of the system disclosed in FIG. 1 in which the AA 7 is taking necessary actions to complete the financial transaction and to report the result.

[0039] FIG. 6 is a diagram of an alternative use of the subject invention to effect a transaction with a Retail Device in which the pair of personal devices operate to forward an encrypted “begin Transaction” message to the Authentication Authority which, in turn, forwards an encrypted message to a Retail Device including a Transactionid.

[0040] FIG. 7 is a diagram of the system disclosed in FIG. 5 in which transactionsDetails are sent to the Authentication Authority by the Retail Device for transmission to the Coordinating Device for display of the Transaction Details for the User.

[0041] FIG. 8 is a diagram of the system disclosed in FIG. 5 in which the Coordinating Device returns an encrypted message to the Authentication Authority to indicate user acceptance of the terms of the transaction.

[0042] FIG. 9 is a diagram of the system disclosed in FIG. 5 in which the Authentication authority forwards an encrypted message to both the Coordinating Device and the Retail Device indicating that the transaction has been successfully completed.

DETAILED DESCRIPTION

[0043] With reference to FIG. 1, an embodiment of the subject invention is illustrated wherein a pair of user controlled computing devices, such as personal devices 2 and 4, designed in accordance with the subject invention, are illustrated. User controlled computing devices may take a variety of forms provided each such device is capable of (1) generating a time variable encryption key, and (2) communicating that time variable encryption key to a second user controlled computing device. Desirably, the user controlled computing devices should be under the exclusive control of the user, at least during the time that each device is used to implement the encrypted communication contemplated by this invention. At least one of the user controlled computing devices (and desirably both) includes (or communicates with) a user interface UI. Such UI may be incorporated into the user controlled computing device or may be separate therefrom. For example the user interface may take the form of a holographic display, a display screen, a connector for interfacing with a monitor or any other form that allows a user to interact with either or both of the user controlled computing devices to implement the encrypted communication which is the purpose of this invention. In a more specific embodiment of this invention illustrated in FIG. 1, the user controlled computing devices may take the form of personal devices 2 and 4 such as a wearable (e.g. smart watch, bracelet, ring, patch, necklace, or other type device whose exterior configuration makes it suitable to be semi-permanently or permanently mounted on or in the user's body) or as a handheld (e.g. smartphone, cellular phone, micro-computer, tablet PC or other type device whose exterior makes its suitable to be handheld). Alternatively, each (or both) of the personal devices 2 and 4 may also take the form of a subcutaneous chip suitable to be implanted in the user's body or even take the form of a “virtual” personal device located in a remote computer (i.e. in the “cloud”) so long as the user is able to exercise, for all practical purposes, exclusive access to (and operation of) the personal device, at least during the time that the device is used to perform encrypted communication using the method of this invention. A virtual device would satisfy the requirements of this invention provided the computing function of the virtual device was only available to the user in all practical and normal-use situations. The fact that a systems administrator might have some type of supervisory access and/or control over the virtual device would not preclude such virtual device from performing as a personal device for purposes of this invention provided the end user can exercise control and access to the exclusion of all unauthorized individuals.

[0044] A personal device may be a static component (such as a desk top computer) that is controlled by the user such as being located in a facility to which access may be controlled by the user (such as the user's home or private office). A personal device may be available to another but only if that person is required to present authenticating information that distinguishes that person from the authorized end user or that person is given physical control by the end user. In other words, a smartphone remains a personal device even if its owner should give possession of the smartphone to another person.

[0045] Control of the device means that the user has the ability to activate and deactivate the device, to the exclusion of others at least during the time that a device is used to perform this invention, by virtue of physical proximity or entering user codes (e.g. user name and password) or by biometric scans (e.g. fingerprint, facial or iris scan or other DNA dependent scans) or by proximity of the user to the paired devices.

[0046] As will be described in greater detail below, each or both of the personal devices may be equipped with a processor suitable to implement an encryption/decryption algorithm for implementing the features of this invention that will be described in more detail below. A suitable algorithm will be generically referred to hereafter as a Syferex algorithm or Syferex programs (e.g. Syferex mobile apps or Syferex retail apps) for shorthand purposes so long as the respective algorithm/program causes the personal device/Retail Device or other component to perform the functions described below.

[0047] Specifically with respect to retail transactions, a characteristic of the subject invention when applied to the retail environment, is that the user employs his pair of computing devices, while under his control, to form an encrypted transaction message, for transfer to the certification authority, that always includes at minimum: [0048] 1. the two time variable encryption keys generated respectively by the user controlled computing devices, [0049] 2. an identification of the retailer providing the services and/or products to the user, and [0050] 3. an identifier that can be linked to the details (or include the details) of the transaction involving the services and/or products including for example [0051] a. date and time of the transaction, and [0052] b. the specific services and/or products being supplied to the user by the retailer,

[0053] whereby the certification authority can validate and record the transaction in association with the retailer and the user.

[0054] Different steps and procedures may be employed to allow communication between the user and the retailer directly or via parties, including but not limited to, the AA, to identify the details of the transaction such that in the end the user is able to approve the transaction with accurate knowledge of the substance of the transaction.

[0055] FIG. 1, a User (not shown) having control of the personal devices 2 and 4 selects goods to be purchased and provides them to a retailer end point such as a retail device 6 programmed to perform the steps described below. The retailer device 6 and personal device 4, functioning as a coordinating device create a connection that ensures that data transmitted between the user and the retailer is accurate (and ideally private). This can be achieved in a number of was, including sharing a secret via an out of band communication path or using a chain of trust system.

[0056] In FIG. 2 the retail device 6 provides details of the transaction and the retailerId to coordinating device 4 via the previously established connection. Summary data such as a hash of these details can be used to confirm the accuracy of the provided data (optionally provided via an out of band side channel).

[0057] FIG. 3 illustrates how the user's coordinating device 4 receives a key generated by, and communicated by, the personal device 2 operating as a key generating device in accordance with the protocol described herein (Syferex protocol). If after review of the transaction details, the user decides to continue with the transaction, his or her assent entered into the coordinating device (personal device 4) causes the software to prepare a message containing the transaction details mentioned above and the user's userId (Syferex userId).

[0058] FIG. 4 shows the message generated above being encrypted using the 2 keys provided by the key generating device (personal device 2) and the coordinating device (personal device 4) and sending it to a certification authority 7 operating as an authentication authority AA. Because only the AA can decrypt the message and only the encryption keys specific to that user will successfully decrypt the message, the message is secure and can self identify the user who has sent it. At this point the AA can initiate any financial transaction required secure in the knowledge that the user was indeed to person authorizing the transaction.

[0059] FIG. 5 shows the AA 7 taking necessary actions to complete the financial transaction and reporting the result of that transaction to both the user and the retailer

DESCRIPTION OF THE EMBODIMENT OF THE INVENTION ILLUSTRATED IN FIGS. 6-8

[0060] Reference will now be made to an additional embodiment of the invention. Referring more specifically to the system illustrated in FIG. 6, a User (not shown) having control of a pair of personal devices selects goods to be purchased and determines the retailerId. The retailerId can be provided to the User in a variety of ways including based on geographical location, broadcast of retailers id on a local wireless network, entry of the retailerId manually or through Off the Record OTR means (such as a qr code or optical scan). One of the personal devices is equipped with a a user interface UI (including for example a touch screen, not illustrated). This personal device may be used as a Coordinating Device 10 by the User. Through the UI, the User indicates he or she wants to initiate the transaction with the retailer. The Coordinating Device 10 includes a transceiver (not shown) for receiving a time variable encryption key provided by the other personal device (which may be referred to as a Key Device 8 since, in this embodiment, the other personal device functions primarily to provide a time variable encryption key, which may be generated using a pseudo random number). The key is generated and transmitted wirelessly over an encrypted channel to the Coordinating Device 10 provided the devices are sufficiently close in proximity to allow the transmission signal to reach the Coordinating Device 10. In addition, a a mobile app is installed in the personal device 10 and includes instructions causing a processor in the Coordinating Device 10 to perform the functions described herein. In particular, the mobile app causes the processor of Coordinating Device 10 to generate locally a second time variable encryption key which may also be based on a different pseudo random number. Thereafter, the Coordinating Device 10 uses the two encryption keys to encrypt a beginTransaction message which contains the retailerId.

[0061] It should be noted that the user could potentially supply a temporary username that it would like to use for this transaction. Alternatively, an authenticating authority (AA) 12 (which is a certification authority functioning to authenticate users) could obtain the userId from the retailer via linkage with a Retail Device 14 (i.e. a device under the control of the retailer for supplying the retailerId and other functions as described below). The AA 12 is programmed to link the userId to the temp username for recording purposes. Also the user could supply a unique or rare “secret” that would be passed to the retailer so the retailer could show this to the user so the user could verify the retailead supplied resulted in the transaction beginning with the correct retailer.

[0062] The AA 12 receives a beginTransaction message and decrypts it using symmetric keys generated by the AA 12 that are identical to the encryption keys generated by the Key Device 8 and the Coordinating Device 10. The process of generating identical (or corresponding) symmetric keys is understood and can be effected by key generation algorithms that start with identical seeds but which produce a series of identical keys that (even if intercepted) cannot be used to predict the next encryption key generated by the key generation algorithm. This allows the AA 12 to authenticate the user provided the AA 12 is previously informed of the identity of the user (including sensitive user information) and the seed for the encryption key generator. Using the retailerId provided to the AA 12 determines how to contact the retailer and potentially carries out sanity checks. The AA 12 generates a unique transactionId and sends a transactionBegin request to the Retailer Device 14 residing at the retailer's location or at a location under the control of the retailer. The retailer receives the transaction begin message and confirms with the user that the transaction has begun.

[0063] In FIG. 7 the embodiment of FIG. 6 is now operating through the Retailer Device 14 to collect the transaction details and sends these to the Coordinating Device 10 which sends these details, in encrypted form to the AA 12 in a transactionDetails encrypted message. The AA 12 then authenticates and decrypts the message and then sends a transactionDetails message containing the same data to the user's Coordinating Device 10 after encrypting the message with the appropriate encryption keys. The Coordinating Device 10 can decrypt this message, thus authenticating that the message came from the AA 12, and display the transaction details in non-encrypted form on the screen (not shown) of the Coordinating Device 10. The Coordinating Device 10 optionally compares the transaction details to similar transaction details displayed by the Retail Device 14 if such is available to the User.

[0064] In FIG. 8, the embodiment of FIGS. 6 and 7 is now operating to allow the user to review the transaction being displayed and to indicate an acceptance of its terms. To facilitate this, the Coordinating Device 10 will create a transactionAck message with an accept value and the transactionId as payload and encrypt the message with the dual encryption keys (generated in the Key Device 8 and Coordinating Device 10) and send the message to the AA 12. The AA 12 will then take what action is required to execute the financial transaction with the appropriate parties as necessary.

[0065] In FIG. 9, the AA 12 of the embodiment illustrated in FIGS. 6-8, is now sending the transactionComplete messages to the user and retailer using appropriate respective authentication and encryption methodologies indicating if the transaction has succeeded or not. It may supply a reason if the transaction fails.

[0066] The system never requires the user to actually enter or view any security data in such a way that it can be recorded. This is a very important advantage of the disclosed invention. Anytime a user is required to display keys (such as an RSA token or QR code) or enter data (such as a password), the displayed information can be recorded. This advantage of the disclosed invention will become more important in the future given the hugely expanding amount of video surveillance in use worldwide.

[0067] A very important addition advantage in certain embodiments of the disclosed invention is that one of the personal devices (such as the device that takes the form of a wearable or implantable chip) could be used to store encrypted personal data (generated in the other personal device—e.g. the user's smartphone). In particular, sensitive data could be sent wirelessly to the first personal device (e.g. the wearable) for storage therein where it can be held in encrypted form available only to the user and unavailable to third parties having no direct physical possession of the body mounted computer. Since the data would be stored outside of the smartphone it would not be compromised upon the loss or theft of the user's smartphone. At the same time, the personal information would only exist within the memory of the wearable and would be encrypted so that it could not be retrieved by anyone without the cooperation and knowledge of the user.

[0068] An important advantage of the disclosed invention derives from the ability of both personal devices to serve as a coordinating device by providing both devices with a user interface UI In particular, if the two devices take the form of a paired smartwatch and smartphone, the smartwatch can serve to display relatively common, simple transaction details such as the purchase of a cup of coffee. In such circumstances, the smartwatch display could be used to display the simple transaction details requiring the user to merely touch the smartwatch screen to indicate approval thereby obviating the need to remove the user's smartphone from his/her pocket or purse. Where a more complicated transaction is being considered, the larger display of a smartphone, tablet, laptop or even desktop would be better suited.

[0069] Another important advantage of the present invention over the invention disclosed in the '397 patent is that the handheld device of the '397 invention can be replaced by second wearable device, physically separated from the wearable key generating device, having an external configuration suitable to be mounted or worn on (or implanted in) a user's body. This second wearable device includes a wireless receiver for receiving the key signal transmitted by the wearable key generating device for use in forming an encrypted signal in accordance with a predetermined encryption/decryption algorithm including information relating to the user's identity all as disclosed more fully in the '397 patent.

[0070] The pair of devices used in this improved authentication system would permit greatly expanded functionality over the functions disclosed in the '397 patent. In particular, the first device could take the form of a permanently mounted device (such as a subcutaneous chip) and could operate a display that is generated by an implant in the eye of the user or as part of a pair of eyeglasses that is capable of creating a virtual image in the view of the user. In this configuration, the eyeglasses could form the second wearable device. The second device could also take the form of a semi-permanently mounted device (such as a smartwatch) that includes a user interface allowing the user to enter commands/information on the touch sensitive surface of a display. The touch sensitive surface to also respond to finger movements to control the location of a cursor movable throughout the image created by the eyeglass or eye implanted chip for generating a viewable image in the field of view of the user.

POSSIBLE ALTERNATIVE IMPLEMENTATIONS

[0071] Phase 1 locd and authenticated session is established between the coordinating device and the retail endpoint. Care must be taken to reduce the opportunity for a man the middle attack. In particular, care must be taken to ensure that the client is connected to the actual retail endpoint, instead of a man in the middle or impostor. The danger here is that some entity could masquerade as the retail outlet. Such an entity could appear o be the retailer to the customer, and the customer to the retailer. Such an entity could then intercept the retailer's data, discard it, and replace it with a transaction of its own, substituting itself as the retail party.

[0072] Well known methods for avoiding this problem include Chain of trust certificates. While not full proof, two available solutions are: [0073] 1. Use the AA as an intermediary, that can authenticate both parties and decrypt and re-encrypt data meant for the counterparty. [0074] 2. Use public keys for each—the challenge here is where to retain these public keys. The AA presents a logical repositor [0075] 3. Use chain of trust [0076] 4. Retailer and Consumer share a secret Tia an off the record (OTR) channel. This could be the retailerID, or some other secret key that allows authentication of the these parties in future communications. [0077] 5. The AA can be promoted to to provide encryption keys or the retailer id to the interested parties. This can be done dynamically or in a cached manner on the syferex applications. [0078] 6. The AA can be used as an intermediary [0079] 7. Retail terminal and the user device display a representation of the transaction details including all of the required details above (most importantly the retailerId). This representation (visual hash, hash code, qr code etc or other Off The Record (OTR) channel would be compared by the user and if they match, the user would submit to the authentication authority. [0080] 8. The retailer provides a code to represent the transaction and sends an encrypted copy to the AA. The user could then get the transaction id from the retailer using OTR and request a copy of the transaction from the AA via an encrypted request. The AA can send a transaction summary to the user encrypting it using the user's Syferex keys. The user can review the transaction, then approve by sending an ack message to the AA encrypted with the user keys.

[0081] Phase 2: transaction details are presented to client

[0082] the retail endpoint provides transaction details to the client.

[0083] required components of transaction details: [0084] unique (to the retail+user pair) id of transaction [0085] retailer Syferex Id [0086] amount charged

[0087] options components: [0088] list of items being purchased [0089] other details the retailer wants to display to user at time of purchase (company logo, advertisements, etc)

[0090] Phase 3: Encryption of transaction record and submission to authentication authority.

[0091] User can review details of the transaction and accept or decline the purchase. For ease of use, all interaction on the user's part needs to be done through a single device (though it should also be possible for either Consumer device to be used as the coordinating device). Upon accepting the transaction the Syferex software on the coordinating device will generate its own key and request a paired key from the key device. The coordinating device would then use the 2 keys to encrypt the message with the required transaction information listed above provided by the retailer in a manner such that only the authenticating authority can decrypt it. This package can then be forwarded either to the retailer or to the authentication authority directly from the user device. The implementation must ensure that the user need not take any action (input no password or details) for the authentication information to be created and forwarded. The Syferex software handles this seamlessly when prompted by the accepting of the transaction.

[0092] Phase 4: Authentication by authentication authority:

[0093] Upon receipt of the transaction package from the user device the Authentication Authority will decrypt the package and using the consumeriD in the package compare the 2 keys provided with its local key store to determine if the Consumer is indeed who she claims to be. It will then examine the transaction details to ensure this is a unique transaction that has not been previously approved. If approved the authentication authority will either contact the financial institution with the transaction details and identification of the user, or possibly release these kinds itself. At this point, the AA can execute the financial transaction by, for example, authorizing a Financial institution to undertake to complete the transaction and by accepting conditional legal and financial responsibility (in exchange for a modest fee) for the consequences should the identity of the consumer prove to be incorrect. All parties to the transaction will benefit by elimination of significant opportunities for fraudulent actions that exist in most financial transactions that take place in the retail environment where credit is extended to the user or even cash is now used by the purchaser.

[0094] Instead of the user collecting the transaction details and retailerid and submitting the transaction to the AA to be forwarded to the retailer and matched to a pending transaction on the retailer's local system (the checkout counter for example), the user could supply their UserID (via broadcast or OOB channel) to the retailer. Since the retailer already has the other components of the the transaction (the products, cost and retailerID) the retailer can add the usead to the pending transaction information and send it securely to the AA. The AA then can ensure that the transaction summary is forwarded to the specified user for approval. The advantage here is two fold: existing retail hardware used for retail transactions (product scanner, inventory verification, receipt generator) etc can be leveraged. Additionally, the human motivation to inject erroneous userids into the transaction are limited. Such a compromised transaction would result in the AA sending the transaction to the injected user, who would then have the option to reject the transaction or accept it. In the case this transaction is accepted the actual user would not lose money. The retailer would receive the funds expected and the true user should be able to identify the fraud (i e. the transaction would never be forwarded to the true user for approval). Such a scenario would of course be undesirable and systems and policies would and can be instituted to eliminate or reduce the possibility of this type of fraud happening,

[0095] Secure area access control will be enhanced by the increased accuracy and convenience of the present invention over prior art access control devices.

[0096] It should be further noted that the User device could create a complex key and encode userId with said key to the retailer. Then the retailer could receive the encrypted user id and provide inventory of the purchase to the user along with a selection of random data options (colors, icons, numbers) via a line of sight interaction (displayed on a screen for instance). Thereafter, the user selects one of these options and this selection is included in the transaction summary that is encoded by the retailer and sent to the AA. This message therefore includes [0097] The userid encoded by the users syferex complex key (only AA can decrypt) [0098] The transaction details (items and price) [0099] The secret selected by the user [0100] The retailer id [0101] The entire message is encrypted (possibly using the public key of the AA or maybe the syferex key of the retailer)

[0102] The AA decrypts the package and authenticates the user by proving that it can only decrypt the users id with the user's syferex key. It confirms that the transaction is valid (user has sufficient funds) and then encrypts a summary of the transaction and the secret selected by the user with the users syferex key and send it to the user. The user can confirm that the transaction is valid and ack the transaction back to the AA who will the process the transaction. This ack must contain a copy of the transaction details to ensure that it is only usable for the current transaction (otherwise nefarious actors could replay this ack for multiple copies of the same transaction (transaction ID should accomplish this)

[0103] To “man in the middle” MIM attack this transaction, the MIM will need to fake the inventory of the transaction (can be done, for instance, at Starbuck's most transactions are a large coffee) and the secret chosen by the user [not easy to fake by the MIM, though possible by observing the OTR channel (watching the user select the secret)].

[0104] Additionally, other combinations, admissions, substitutions and modifications will be apparent to the skilled artisan in view of the disclosure herein. Accordingly, the present invention is not intended to be limited by the description of the various embodiments but is to be defined by a reference to the appended claims.

AUTHENTICATION SYSTEM USING PAIRED, ROLE REVERSING PERSONAL DEVICES

Assignee

Inventors

Cpc classification

Classification Explorer

G06Q20/201

PHYSICS

Classification Explorer

H04L9/321

ELECTRICITY

Classification Explorer

G06Q20/3829

PHYSICS

Classification Explorer

H04L9/0861

ELECTRICITY

Classification Explorer

G06Q20/403

PHYSICS

Classification Explorer

H04L2209/12

ELECTRICITY

Classification Explorer

H04L2209/80

ELECTRICITY

Classification Explorer

H04L63/0478

ELECTRICITY

Classification Explorer

H04L63/08

ELECTRICITY

Classification Explorer

G06Q20/401

PHYSICS

Classification Explorer

H04W12/041

ELECTRICITY

Classification Explorer

H04L2209/56

ELECTRICITY

Classification Explorer

H04L9/0872

ELECTRICITY

Classification Explorer

G06Q20/32

PHYSICS

Classification Explorer

G06F9/451

PHYSICS

Classification Explorer

H04W12/069

ELECTRICITY

Classification Explorer

H04L9/16

ELECTRICITY

Classification Explorer

G06F1/163

PHYSICS

Classification Explorer

G06Q20/405

PHYSICS

Classification Explorer

H04L9/3263

ELECTRICITY

International classification

Classification Explorer

H04L9/32

ELECTRICITY

Classification Explorer

G06F1/16

PHYSICS

Classification Explorer

G06F9/451

PHYSICS

Classification Explorer

G06Q20/40

PHYSICS

Classification Explorer

H04L9/08

ELECTRICITY