DESC:FORM 2

THE PATENTS ACT, 1970
(39 OF 1970)
&
PATENT RULES, 2003

COMPLETE SPECIFICATION
(Section 10 and Rule 13)

AN IMPROVED AUTHENTICATION METHOD AND SYSTEM FOR SECURE DIGITAL TRANSACTIONS

Vishal Kumar
Dr. Sukriti Bhalla
789, Shree Awas Apartment,
Dwarka 18B, Delhi – 110078, India.

The following specification particularly describes the invention and the manner in which it is to be performed.
AN IMPROVED AUTHENTICATION METHOD AND SYSTEM FOR SECURE DIGITAL TRANSACTIONS
FIELD OF INVENTION
[001] The present invention relates to the field of digital payment infrastructure/ technology, relating particularly to a secure digital payment infrastructure which reduces the risk of cybercrime, fraudulent activities, and unauthorised access. The present invention specifically discloses an improved authentication method to ensure secure digital transactions, and the system thereof.

BACKGROUND OF THE INVENTION
[002] In the ever-evolving landscape of digital transactions, ensuring secure and seamless payment processes has become paramount. With the growing popularity of digital payment infrastructures and increased use of digital payment platforms, cyber criminals are also on the rise and current authentication methods and systems are not successful in tracking cyber criminals.
[003] Considering the spectrum of law enforcement, biometric authentication can play a key role to stop and track cyber criminals. This solution enables law enforcement agencies to identify cyber criminals through their physical or behavioural characteristically biometric data. Moreover, fingerprint sensors, face recognition, Iris scan are also significantly emerging as the latest trends in providing civil identity, voter registration and population registration.
[004] Aadhaar Authentication provides a digital, online identity platform so that the identity of Aadhaar number holders can be validated instantly anywhere at any point of time. Aadhaar-based authentication as a service can be utilized by the requesting entities to authenticate the identity of the users based on the match of their personal identity information before providing them access to their services or business functions. Providing services through information technology infrastructure creates a great impact in organizations. To expand the reach of these organizations, verifying an individual’s identity fulfils an important aspect of security.
[005] The National Payments Corporation of India has developed the Aadhaar Enabled Payment System (AePS) which is a bank-led model which allows online transactions at Micro ATM/Kiosk/mobile devices through the authorized Business Correspondent (BC) or Agents of any bank using Aadhaar authentication. NPCI has designed this solution to handle various kinds of service requests effectively by enabling an authentication gateway for all Aadhaar-linked account holders. However, the AePS suffers from various drawbacks such as using only biometric authentication, requiring only sender authentication, working only through bank accounts or business correspondents and therefore cannot be integrated with digital wallets or websites, among others. Therefore, the AePS can easily be tampered with and lacks in addressing risks associated with fraudulent transactions.
[006] US patent application no. 14/071,637 discloses a method of authentication/authorization, comprising sending a permission request to at least one mobile device associated with a user to grant or deny permission to perform an action and enabling said user to select a feature to automate a grant/deny response for said permission request, eliminating the need for said user to manually respond to future permission requests for said action, wherein said future permission requests meet at least one automation criterion. The patent application further discloses that such automation criterion is based on biometric information associated with the said user such as a retinal scan, digital fingerprint or voice profile. However, the cited patent application does not disclose on how such biometric information is collected, accessed or stored, or is integrated with a digital payment system. Moreover, the method of authentication does not extend to both the sender and receiver, thereby falling short on identity verification and increasing the risk of fraudulent transactions.
[007] US patent application no. 13/762,335 discloses a system and method for the execution of third-party services transaction over financial networks through a virtual integrated automated teller machine on an electronic terminal device. The working example of the system and method claimed by the said patent is that when a Financial Instrument Holder: 1) Initiates a financial transaction on an electronic device, 2) the iATM system identifies and authenticates the Financial Instrument Holder, 3) the Compliance and Fraud Management System collects the required biometric and record keeping data, 4) the Non-Depository Virtual Account Management System identifies and authorizes access to the Third Party Services Management System, 5) the Third Party Services Provider denies or authorizes the requested transaction, 6) if authorized, the Third Party Services Management System communicates to the Financial Instrument Holder through the screen interface, the terms and conditions of the transaction and any fees associated with completing the transaction, 7) if required, the Financial Instrument Holder is given the option to accept or refuse the transaction; 8) if the Financial Instrument Holder accepts the transaction, the iATM System authorizes the transaction and 9) the Non-Depository Virtual Account Management System initiates through the Acquiring Processor the settlement process for the transaction via the use of various Virtual Service Accounts (Non-Depository), Operating Accounts (Depository) and Settlement Accounts which settles the amount of the authorized transaction. However, the claimed system is similar to AePS whereby it requires only sender authentication and works only through bank accounts or business correspondents and therefore cannot be integrated with digital wallets or websites, among others. The claimed system further lacks in addressing risks associated with fraudulent transactions as the receiver is not verified.
[008] Therefore, there is a need in the art to provide an improved authentication method and system for performing secure digital transactions, the said method and system being capable of integration with existing digital wallets and websites while at the same time eliminating risks associated with fraudulent transactions by ensuring verification of both sender and receiver.

OBJECTIVES OF THE INVENTION
[009] The primary objective of the present invention is to provide an improved authentication method for performing secure digital transactions.
[0010] Another objective of the present invention is to provide an improved authentication method which will reduce the risks of fraudulent digital transactions.
[0011] Yet another objective of the present invention is to provide an improved authentication method which can be easily integrated with digital wallets and websites.
[0012] Still another objective of the present invention is to provide an improved system for the secure transaction of money.

BRIEF DESCRIPTION OF DRAWINGS
[0013] Figure 1 provides the process flow of the improved authentication method for performing secure digital transactions disclosed herein and the system claimed thereof.

SUMMARY OF THE INVENTION
[0014] The improved authentication method for performing secure digital transactions disclosed by this invention can be summarised as follows:
(i) A sender initiating a transaction through a digital wallet by entering a PIN;
(ii) The sender performing 2nd level of authentication by Aadhaar-based biometric authentication to verify the sender’s identity before processing the transaction;
(iii) A receiver verifying the transaction request using their PIN;
(iv) The receiver completing Aadhaar-based biometric authentication to receive and utilise the received funds;
(v) Ensuring that both the sender and receiver complete biometric authentication to enhance transaction security and prevent fraud.
[0015] The improved authentication system for performing secure digital transactions disclosed by this invention can be summarised to include the following:
(i) A multi-factor authentication mechanism that combines traditional authentication methods (PINs) with Aadhaar-based biometric authentication (e.g., fingerprints, facial recognition, iris scans);
(ii) Integration of the Aadhaar API with digital wallets for sender and receiver authentication requests;
(iii) A time-based one-time password (TOTP) mechanism for generating secure, time-sensitive codes.

DETAILED DESCRIPTION OF THE INVENTION
[0016] Throughout this specification, the use of the word “comprise” and variations such as “comprises” and “comprising” may imply the inclusion of an element or elements not specifically recited.
[0017] As summarised above, the present invention discloses an improved authentication method and system for performing secure digital transactions.
[0018] The present invention relates to an improved authentication method for performing secure digital transactions, the said method comprising the steps of:
(a) initiation of digital payment transaction by a sender using their mart electronic device wherein the sender enters the payment details in a digital wallet;
(b) verification of sender credentials through a two-step authentication process wherein the sender first enters a PIN followed by providing their biometric information;
(c) transmission of a notification relating to payment by the sender to the receiver’s smart electronic device;
(d) verification of receiver credentials through a two-step authentication process wherein the receiver first enters a PIN followed by providing their biometric information;
(e) secure receipt of payment by the receiver in their digital wallet; and,
(f) transmission of confirmation message of completed transaction to sender and receiver.
[0019] The PIN entered by the sender and receiver can either be a manually set PIN which is configured during the initial wallet setup or a time-based one-time password (TOTP) mechanism for additional security. This approach eliminates the need for SMS-based OTPs, which are vulnerable to interception.
[0020] In a preferred embodiment of this invention, the TOTP is generated using a shared secret and the current time, and it is valid for a limited period (e.g., 30 seconds) thereby reducing the risk of unauthorized access and fraud..
[0021] The TOTP can either be an alternative to, or can be in addition to the manually set PIN.
[0022] The present invention also provides an improved system for facilitating secure digital transactions, the said system comprising of:
(a) a digital wallet and banking integration module using API whereby the said API connects with digital wallets and bank accounts for secure transactions;
(b) an Aadhaar based biometric authentication module which integrates the Aadhaar API into the digital wallet to facilitate secure sender and receiver authentication requests, whereby the said module is also linked to a user’s smart electronic device such that it can access the device’s fingerprint scanner or camera in order to obtain the user’s fingerprint or iris during initiation of a digital transaction;
(c) a manual PIN or time-based one-time password (TOTP) generator;
(d) a multi-factor authentication (MFA) controller whereby the said controller authenticates both biometric and the manual PIN or TOTP information to authorise transactions;
(e) a transaction logging and tracking system which tracks and records every transaction made using the improved authentication system; and,
(f) a receiver authentication mechanism which verifies the identity of the receiver before completion of the transaction.
[0023] The improved system disclosed herein comprises of common components i.e., components used by both the sender and receiver:
a. Time-Based One-Time Password (TOTP) Generator:
i. Generates a unique, time-sensitive password for each transaction.
ii. Validates the TOTP entered by the user.
b. Aadhaar Biometric Authentication Module:
i. Integrates Digital Wallet/Bank Apps with the Aadhaar API to verify biometric data (fingerprint/iris) for sender & receiver.
ii. Ensures secure authentication for both sender and receiver.
c. Multi-Factor Authentication (MFA) Controller:
i. Combines Manually configured PIN or TOTP and biometric authentication for secure authorisation.
ii. Ensures only authorised users can initiate or receive payments.
[0024] The improved system disclosed herein integrates Aadhaar-based biometric authentication with digital payment infrastructure. It uses a multi-factor authentication mechanism that includes:
(i) A First Factor Authentication: Traditional authentication methods such as PINs or passwords.
(ii) A Second Factor Authentication: Biometric authentication using Aadhaar-linked biometric data (e.g., fingerprints, facial recognition, iris scans).
[0025] The improved system of the present invention integrates the Aadhaar API into digital wallets to facilitate secure sender and receiver authentication requests. The integration works as follows:
(i) Sender Authentication Request: When a sender initiates a transaction, the digital wallet sends an authentication request to the Aadhaar API. The sender is required to provide biometric data linked to their Aadhaar number. The Aadhaar API verifies the biometric data and confirms the sender's identity before allowing the transaction to proceed.
(ii) Receiver Authentication Request: Similarly, when the receiver attempts to access the transferred funds, the digital wallet sends an authentication request to the Aadhaar API. The receiver must provide biometric data linked to their Aadhaar number. The Aadhaar API verifies the receiver's identity before granting access to the funds.
EXAMPLE OF THE INVENTION:
[0026] In a specific example of the present invention, the system is designed to facilitate secure digital transactions between two parties (e.g., Paytm User A and Paytm User B). The workflow is as follows:
Step 1: User A initiates a digital money transfer to User B.
Step 2: User A undergoes a two-step authentication process:
a. First, User A enters a PIN.
b. Second, User A provides biometric authentication via Aadhaar API integration.
Step 3: User B receives the funds but must also undergo a two-step authentication process to access the money:
c. First, User B enters a PIN.
d. Second, User B provides biometric authentication via Aadhaar API integration.
Step 4: The transaction is completed only after both parties have successfully authenticated themselves using biometric data.
[0027] The system also incorporates a time-based one-time password (TOTP) mechanism for additional security in some cases. The TOTP is generated using a shared secret and the current time, and it is valid for a limited period (e.g., 30 seconds). This approach eliminates the need for SMS-based OTPs, which are vulnerable to interception.
[0028] The Process Flow of the improved authentication method and system disclosed by the present invention can be summarised as below:
a. Sender Initiates Payment: Enters transaction details in the digital wallet/Mobile Banking App.
b. Sender Authentication:
i. Enters PIN/TOTP.
ii. Provides biometric authentication (fingerprint/iris scan).
c. Transaction Notification Sent to Receiver.
d. Receiver Verifies Transaction:
i. Enters PIN/TOTP.
ii. Provides biometric authentication (fingerprint/iris scan).
e. Funds Transferred & Payment Completed.
f. Confirmation Notification Sent to Both Users.
[0029] The authentication method and system disclosed by the present invention for implementing secure digital transactions are an improvement from the current state of the art digital transaction platforms due to the following technical advancements:
(i) The Aadhaar based biometric authentication module ensures strong identity verification and prevents fraud;
(ii) The TOTP generator protects against SMS OTP fraud and works even without internet;
(iii) The digital wallet & banking integration module using API allows secure payments across different platforms;
(iv) The MFA controller provides extra security by verifying the user in two ways;
(v) The transaction logging & tracking system helps with fraud detection and keeping records;
(vi) The receiver authentication mechanism reduces fraud by ensuring both parties are authenticated;
(vii) Real-time tracking of digital transactions.
[0030] This patent application delves into the assertion that both senders and receivers utilizing any digital payment infrastructure will invariably rely on Aadhaar or biometric authentication. At its core, Aadhaar-based authentication serves as a robust mechanism for verifying the identity of individuals engaging in digital transactions. Coupled with biometric authentication, it forms a formidable shield against fraudulent activities and unauthorised access.
[0031] The sender, initiating a monetary transfer, engages in biometric authentication to authorise the transaction securely. Similarly, the receiver adopts biometric authentication protocols to confirm receipt of funds, thereby completing the secure loop of digital payment transactions.
[0032] This paradigm ensures not only the authenticity of the sender and receiver but also bolsters the trust and reliability of digital payment infrastructures. It mitigates the risks associated with identity theft, cyber fraud, and unauthorised access, fostering a safer digital ecosystem.
[0033] By mandating Aadhaar or biometric authentication for both senders and receivers, regulatory bodies and financial institutions can elevate the security standards of digital payment systems, fostering greater confidence among users and stakeholders alike.
[0034] In conclusion, the integration of Aadhaar and biometric authentication heralds a new era of digital payment security, where every transaction is safeguarded by the unique biological markers of individuals. The method and system disclosed herein underscore the inevitability and efficacy of Aadhaar and biometric authentication in fortifying the foundations of digital financial ecosystems.
[0035] It will be apparent to a person skilled in the art that the above description is for illustrative purposes only and should not be considered as limiting. Various modifications, additions, alterations, and improvements without deviating from the spirit and the scope of the invention which may be made by a person skilled in the art, shall still fall within the scope and purview of the present invention.
,CLAIMS:We claim:
1. An improved authentication method for performing secure digital transactions, the said method comprising the steps of:
(a) initiation of digital payment transaction by a sender using their smart electronic device wherein the sender enters the payment details in a digital wallet;
(b) verification of sender credentials through a two-step authentication process wherein the sender first enters a PIN followed by providing their biometric information;
(c) transmission of a notification relating to payment by the sender to the receiver’s smart electronic device;
(d) verification of receiver credentials through a two-step authentication process wherein the receiver first enters a PIN followed by providing their biometric information;
(e) secure receipt of payment by the receiver in their digital wallet; and,
(f) transmission of confirmation message of completed transaction to sender and receiver.
2. The improved authentication method for performing secure digital transactions claimed in Claim 1, wherein the PIN entered by the sender and receiver is a manually set PIN which is configured during the initial wallet setup.
3. The improved authentication method for performing secure digital transactions claimed in Claim 1, wherein the PIN entered by the sender and receiver is a time-based one-time password (TOTP) generated using a shared secret and the current time, thereby being valid only for a limited period, reducing the risk of unauthorized access and fraud.
4. An improved system for facilitating secure digital transactions, the said system comprising of:
(a) a digital wallet and banking integration module using API whereby the said API connects with digital wallets and bank accounts for secure transactions;
(b) an Aadhaar based biometric authentication module which integrates the Aadhaar API into the digital wallet to facilitate secure sender and receiver authentication requests, whereby the said module is also linked to a user’s smart electronic device such that it can access the device’s fingerprint scanner or camera in order to obtain the user’s fingerprint or iris during initiation of a digital transaction;
(c) a manual PIN or a time-based one-time password (TOTP) generator;
(d) a multi-factor authentication (MFA) controller whereby the said controller authenticates both biometric and manul PIN or TOTP information to authorize transactions;
(e) a transaction logging and tracking system which tracks and records every transaction made using the improved authentication system; and,
(f) a receiver authentication mechanism which verifies the identity of the receiver before completion of the transaction.

Dated this the 27th day of February 2025.

Saravanan Gopalan
Registered Patent Agent
(INPA – 3249)