View All Documents & Correspondence
A Method And System For Secure Password Less Authentication Of A User
Abstract: The application provides a method and system for secure password-less authentication of a user. The application provides a method and system for secure password-less authentication of a user and managing user identity for performing secure electronic transactions by way of exchanging encrypted asymmetric and symmetric keys.
Notices, Deadlines & Correspondence
Patent Information
Applicants
TATA CONSULTANCY SERVICES LIMITED
Inventors
1. KABRA, PRIYANKA
2. DOKE, PANKAJ
3. KIMBAHUNE, SANJAY
4. LOBO, SYLVAN
5. CHITTUR, RAVICHANDER KARTHIK
6. GORE, KUSHAL
7. WARUDKAR, DIPTEE
8. IYER, VINAYAK
9. GOKARN, PRABHATH
10. NIGAM, APURV
11. SUNKA, PRAVEEN
Specification
FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See Section 10 and Rule 13)
Title of application:
A METHOD AND SYSTEM FOR SECURE PASSWORD-LESS AUTHENTICATION OF A USER
Applicant:
TATA Consultancy Services Limited A company Incorporated in India under The Companies Act, 1956
Having address:
Nirmal Building, 9th Floor,
Nariman Point, Mumbai 400021,
Maharashtra, India
The following specification particularly describes the application and the manner in which it is to be performed.
FIELD OF THE APPLICATION
The present application relates to the field of user authentication. Particularly, the application relates to a method and system for secure password-less authentication of a user and managing user identity for performing secure electronic transactions.
DEFINITIONS
Client Application: The component (mobile application) performing the operations selected by the user and interacting with the backend server. SMSC: The SMS gateway.
Application Directed SMS: Push SMS sent to a particular port on which application is listening.
BACKGROUND OF THE INVENTION
Tremendous growth of Internet has made the electronic transaction, present and the future of every institution across the globe, benefitting both the user and service provider. Considering the fact that today almost every institution providing or willing to provide with its user the electronic transaction facility, user authentication, secure transaction and user identity management are the major challenges. Thus it becomes extremely necessary to provide a way to securely identify and authenticate a user while managing user identity for secure electronic transaction.
A typical user authentication method involves inputting user credentials every time a user wants to transact electronically. A user is always forced to provide input of its credential information. A standard user authentication protocol may not be relevant in the scenario for users who are not comfortable with remembering the authentication information details and managing authentication credentials and also not comfortable in using the compact keypad of mobile phone
for typing credentials like, username and password, such as people from rural background, people with weak memory, old people who wish to do electronic transactions but are not comfortable with text based user authentication. Hence it becomes inevitable to formulate a method which shall help the user to use the electronic transaction applications without the hassle of remembering and typing the user credentials while maintaining the equal level of security. Additionally, a user has to be provided with a solution with mobility provisions for electronic transaction.
In the current scenario. lots of efforts have been made to develop various approaches to solve the said problem; most of the generic methods for secure password-less authentication of a user are insufficient. Most of the prior art technologies talk about methods describing image based authentication, CAPTCHA or MSChap.
In order to authenticate a user with secure password-less authentication a method and system is required, which could manage user identity in secure manner for authentication and performing secure electronic transactions with mobility provisions.
However, the existing methods and systems are not capable of providing an approach for secure password-less authentication of a user. The existing methods and systems particularly are not capable of providing a solution for managing user identity in secure manner for performing secure electronic transactions with mobility provisions. Some of above mentioned methods known to us are as follows:
US2008003980 to Vosset et al. teaches about a handset device enabled for subsidy control via a SIM card which includes memory operative to store an activation file and a public key and a controller operatively coupled to the memory. The patent does not teach about secure password-less authentication of a user without
remembering the user credentials and managing user identity in secure manner for performing secure electronic transactions with mobility provisions.
US7673141 to Kehr et al. teaches about a system for providing secured access to an application service includes a challenge provider that uses a first cryptographic technique to provide a challenge to a client seeking access to an application service. The patent does not teach about secure password-less authentication of a user without remembering the user credentials and managing user identity in secure manner for performing secure electronic transactions with mobility provisions.
US20110131640 to Robles etal. teaches about a method of secure transfer of data between entities. The patent does not teach about secure password-less authentication of a user without remembering the user credentials and managing user identity in secure manner for performing secure electronic transactions with mobility provisions.
US20080091614 to Bayod et al. teaches about to carry out safe transactions using programmable mobile telephones. The patent does not teach about secure password-less authentication of a user without remembering the user credentials and managing user identity in secure manner for performing secure electronic transactions with mobility provisions.
WO200504I608 to Samuli et al. teaches about a method of user authentication in a network comprising a mobile terminal, a service provider and an authentication server, wherein the mobile terminal has a smart card with security functions and user/equipment specific information. The patent does not teach about secure password-less authentication of a user without remembering the user credentials and managing user identity in secure manner for performing secure electronic transactions with mobility provisions.
Rongyu et al. in "A PK-SIM card based end-to-end security framework for SMS" teaches about designing and realization of a secure SIM card, named PK-SIM card, which is a standard SIM card with additional PKI functionality and a security framework offering solutions for the development of secure mobile business applications using SMS as bearer.
Grillo et al. in "Transaction Oriented Text Messaging with Trusted-SMS" teaches about a trusted-SMS system, which allows users to exchange non-repudiable SMS's, digitally signed with the Elliptic Curve Digital Signature Algorithm (ECDSA).
Halonen in "Authentication and authorization in mobile environment" teaches about a public key infrastructure (PKI) based solutions for validating the identity of a user.
Kalman et al. in "SIM as Secure Key Storage in Communication Networks" teaches about the possible use of the subscriber identity module (SIM) as authenticator in the online world. The paper proposes near field communication (NFC) technology as a transfer technology between the mobile handset and other devices.
The above mentioned prior arts fail to disclose an efficient method and system for secure password-less authentication of a user. The prior art also fail to disclose about a method and system which could manage user identity in secure manner for performing secure electronic transactions with mobility provisions.
Thus, in the light of the above mentioned background art, it is evident that, there is a long felt need for such a solution that can provide an effective method and system for secure password-less authentication of a user. There is also a need for such a solution which could manage user identity in secure manner for performing secure electronic transactions with mobility provisions.
OBJECTIVES OF THE APPLICATION
The primary objective of the present application is to provide a method and system for secure password-less authentication of a user.
Another objective of the application is to enable a method and system for managing user identity in secure manner for performing secure electronic transactions with mobility provisions.
Another objective of the application is to enable a method and system for authentication of a user by exchange of encrypted asymmetric and symmetric keys.
Another objective of the application is to enable a method and system for auto-authentication of a user without forcing the user to key-in any credential information.
Another objective of the application is to enable a method and system for encrypting user credentials and storing the same in the SIM card or memory card of the user's mobile communication devices.
Yet another objective of the application is to enable a method and system for utilizing encrypted user credentials for authenticating user in the background while using any online electronic transactions.
Still another objective of the application is to enable a method and system for enabling the user to use the application without remembering the credentials with the certain level of security.
SUMMARY OF THE APPLICATION
Before the present methods, systems,, and hardware enablement are described, it is to be understood that this application is not limited to the particular systems, and methodologies described, as there can be multiple possible embodiments of the present application which are not expressly illustrated in the present disclosure. It is also to be understood that the terminology used in the description is for the purpose of describing the particular versions or embodiments only, and is not intended to limit the scope of the present application which will be limited only by the appended claims.
The present application provides a method and system for secure password-less authentication of a user, by exchange of encrypted asymmetric and symmetric keys. A method and system is provided for managing user identity in secure manner for performing secure electronic transactions with mobility provisions.
In an aspect of the application a method and system is provided for secure password-less authentication of a user while managing user identity in secure manner for performing secure electronic transactions, by way of exchanging encrypted asymmetric and symmetric keys.
In an aspect of the application, a user registers for a client application by providing its mobile communication device service number. A unique activation code and secure URL of the client application for the user is generated and sent by a backend server upon user registration. The client application is downloaded and installed on user's mobile communication device along with a public key of backend server. The public key embedded in the server's certificate is verifiable based on the trusted CA certificates pre-installed on the handset by the manufacturer. The unique activation code is requested by the client application upon launching for the first time. The user enters said unique activation code, and said unique activation code is sent to a SMSC at the backend server by client
application. The unique activation code is forwarded by SMSC aiong with the user's detected mobile communication device service number to the backend server for validation. The backend server validates the unique activation code and user's mobile communication device service number upon receiving from SMSC. The SMSC been in a secure network with the server, is a trusted entity. The backend server encrypts and generates a unique cryptographic userlD upon validation of unique activation code and user's mobile communication device service number. The backend server sends a client application directed message along with generated cryptographic userlD to the client application running on user's mobile communication device, which will activate the application. The client application stores the received cryptographic userlD either on the SIM card or memory of mobile device for subsequent secure password-less authentication of the user.
The above said method and system are preferably a method and system for secure password-less authentication of a user but also can be used for many other applications, which may be obvious to a person skilled in the art.
BRIEF DESCRIPTION OF DRAWINGS
The foregoing summary, as well as the following detailed description of preferred embodiments, are better understood when read in conjunction with the appended drawings. For the purpose of illustrating the application, there is shown in the drawings exemplary constructions of the application; however, the application is not limited to the specific methods and system disclosed. In the drawings:
Figure 1 shows flow diagram of the process for user registration and installing the client application for secure password-less authentication of a user Figure 2 shows flow diagram of the process for activa:ion of application and secure password-less authentication of a user for using a client application Figure 3 shows a block diagram of the process for validation of the user
Figure 4 shows block diagram of the process for sharing Keys
Figure 5 shows block diagram of the process for authenticating a client
application request
DETAILED DESCRIPTION OF THE APPLICATION
Some embodiments of this application, illustrating all its features, will now be discussed in detail.
The words "comprising," "having," "containing," and "including," and other forms thereof, are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items.
It must also be noted that as used herein and in the appended claims, the singular forms "a," "an." and "the" include plural references uniess the context clearly dictates otherwise. Although any systems and methods similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present application, the preferred, systems and methods are now described.
The disclosed embodiments are merely exemplary of the application, which may be embodied in various forms.
The present application provides a method for secure password-less authentication of a user while managing user identity in secure manner for performing secure electronic transactions, characterized by exchange of encrypted asymmetric and symmetric keys, the method comprising processor implemented steps of:
a. registering for a client application (318) by a user (302) by providing its mobile communication device (316) service number;
b. generating and sending a unique activation code and secure URL of the
client application (318) for the user (302) by a backend server (310)
upon user registration;
c. receiving, downloading and installing the client application (318) on
user's mobile communication device (316);
d. downloading a public key of backend server (310) onto user's mobile
communication device (316);
e. requesting for said unique activation code by the locked client
application (318) upon launching for the first time;
f. entering said unique activation code by the user (302);
g. sending said unique activation code to a SMSC (312) at the backend
server (310) by client application (318);
h. forwarding said unique activation code along wit'i the user's mobile communication device (316) service number by SMSC (312) to the backend server (310) for validation upon receiving from SMSC (312);
i. validating unique activation code and user's mobile communication device (316) service number by the backend server (310) upon receiving from SMSC (312);
j. encrypting user credentials and generating a unique cryptographic userlD by the backend server (310) upon validation of unique activation code and user's mobile communication device (316) service number;
k. sending a client application directed message along with generated cryptographic userlD to the client application (318) running on user's mobile communication device (316); and
I. activating the client application (318) and storing the received cryptographic userlD by the client application (318) either on the SIM card or memory of mobile device for subsequent secure password-less authentication of the user (302).
The present application provides a system for secure password-Jess authentication of a user while managing user identity in secure manner for performing secure electronic transactions, the system comprising of:
a. a backend server (310), configured to process the communication
received from a user (302), a SMSC (312), a data storage (314) and a
client application (318);
b. a SMSC (312), communicatively and electronically coupled with the
backend server (310), acting as a short messaging service gateway;
c. a data storage (314), communicatively and electronically coupled with
the backend server (310), adapted to store user credentials, keys related
to the backend server (310) and client application (318);
d. a user mobile communication device (316);
e. a client application (318), communicatively and electronically coupled
with the user mobile communication device (316) adapted to perform
user selected operations and interacting with the backend server (310):
f. an internal memory component (320) and SIM (322), communicatively
and electronically coupled with the user mobile communication device
(316), adapted to store the cryptographic userlD received by the client
application (318) for subsequent secure password-less authentication
of the user (302).
Referring to the Figure 1 is a flow diagram of the process for user registration and installing the client application for secure password-less authentication of a user
The process starts at the step 102,- a client application is registered by a user by providing its mobile communication device service numoer. At the step 104, a unique activation code and secure URL of the client application is generated and sent by a backend server for the user upon registration for the client application. The process ends at the step 106,
The unique activation code and secure URL of the client application is received. the client application is downloaded and installed on user's mobile communication device.
Referring to the Figure 2 is a flow diagram of the process for activation of application and secure passwordless authentication of a user for using a client application.
The process starts at the step 202; a unique activation code is requested by the client application upon launching for the first time. At the step 204, said unique activation code is entered by the user. At the step 206, said unique activation code is sent to a SMSC at the backend server by client application. At the step 208, said unique activation code is forwarded along with the user's mobile communication device service number by SMSC to the backend server for validation upon receiving from SMSC. At the step 210, unique activation code and user's mobile communication device service number is validated by the backend server upon receiving from SMSC. At the step 212, user credentials are encrypted and a unique cryptographic userlD is generated by the backend server upon validation of unique activation code and user's mobile communication device service number. At the step 214, a client application directed message is sent along with generated cryptographic userlD to the client application running on user's mobile communication device, which will activate the application. The process ends at the step 216, the received cryptographic userlD is stored on the SIM card or internal memory component of the user's mobile commrnication device by the client application for subsequent secure password-less authentication of the user.
Referring to the Figure 3 is a block diagram of the process for validation of the user.
In an embodiment of the present application, a user (302) installs the component of the system and server will activates it on successful validation of activation
code and device service number, on successful activation of application, the authentication component of the system authenticates the user to the system.
The user (302) registers for the client application (318) by providing its mobile number on which the component of the system is to be activated and other details such as name, address, etc with the application (304).
On receiving the registration details of the user, backend server (310) generates a unique Activation Code for the user. This activation code would be unique and has one time usage with the limited life span. The backend server (310) sends this activation code to client application (318) or application via SMS/messages to the provided mobile phone number of user. Along with the activation code message, backend server (310) sends one more message with the secure URL of the application to be downloaded by the user (324).
The user downloads and installs the client application (318) (326) and this will also download the public key of backend server (310) onto client application (318) (328). The downloaded and installed client application (318) is locked for user as user (302) is not validated yet.
The downloaded client application (318) has no active properties, and is in a lock state. On first launch of the application, it requests for the activation code. This is the same code that user has received via SMS from backend server (310). To avoid access to the malicious user we made the validation operation atomic. For atomicity the application waits until it receive the validation and activation message from backend server (310). The user enters the activation code, wherein the application sends SMS to the SMSC (312) backend server (310) component with the activation code (330) which is setup at the backend server (310) infrastructure and is accessible to backend server (310). Further, after receiving the SMS, SMSC (312) forwards the incoming mobile phone number and received activation code to the backend server (310) for validation.
After receiving the phone number and activation code from SMSC (312), backend server (310) validates the combination with the stored information in the data storage (314). On successful match of the combination, backend server (310) generates a unique 'userid' or 'user name'. Further, the backend server (310) sends the application directed message along with cryptographic 'user name' to the application running on user's mobile phone (332). On receiving the application directed SMS, the application activates and is state is unlocked; it stores the user name either on the SIM card or internal memory of the user's mobile communication device (316). A SMS message is also sent, informing the user (302) about the successful activation of the user on the system. On further launching of the client application (318) the user (302) is automatically authenticated with the cryptographic 'user name' stored in the SIM or memory of the user's mobile communication device.
During first time access to application after activation, the client application (318) pings the backend server (310) with received userid and phone number. The backend server (310) generates a token known as 'Requestld', which will be sent back to the client application (318) along with the authentication confirmation. The client application (318) sends this Requestld with each subsequent request and receives the same from the backend server (310) along with requested data. The generated RequestID expires after specified predefined idle time. This idle time is computed based on the computing properties of the time and can be changed any time.
Referring to the Figure 4 is a block diagram of the process for sharing Keys.
In an embodiment of the present application, the client application (318) of the user's mobile communication device (316) generates asymmetric key by after receiving the userlD from the backend server (310). The client application (318) encrypts the private key with a pass phrase and encrypts its public key along with
user name and pass phrase with the downloaded public key of backend server (310). The biometric devices on handset would be used as the pass phrase for private key encryption. The other factor is that the backend server (310) is a custodian of the user's pass phrase and also a central repository for the client application's (318) public key just like a pseudo-CA. The backend server (310) then decrypts the received payload with its private key and store client application's (318) public key and pass phrase in data store (314). The backend server (310) generates a string (STR) and retrieves the public key/certificate of client application (318) from data storage (314). The backend server (310) encrypts the generated string (STR) with client application's (318) public key and send encrypted string to the client application (318). The client application (318) decrypts received payload with its private key and retrieving the string (STR). Further the client application (318) encrypts the string with backend server's (310) public key and send the encrypted string back to the backend server (310). The backend server (310) decrypts payload with its private key and retrieves encrypted string (STR). The backend server (310) compares the received string (STR) with the sent string (STR), and if the string (STR) sent by the backend server (310) is matches positively with the string (STR) received from the client application (318) the client application (318) is authenticated.
Following these steps backend server (310) has public kev, pass phrase and user name of all validated client applications (318) /handset. Further the client application (318) may destroy its public key to make transactions more secure by avoiding any chance of fraudulent access of the public key of client application (318) and encrypt data.
Referring to the Figure 5 is a block diagram of the process for authenticating a client application (318) request.
In an embodiment of the present application, user authentication is done in two ways, once after activation of the client application (318) and authentication for
each session. After validation and key sharing, backend server (310) has the public key of client application (318), user's phone number and other details and client application (318) has backend server's (310) public key, its user name, private key, pass phrase of private key and phone number, which is stored in either SIM or memory of mobile device. For first authentication, the client application (318) is still in the session of validation and activation. The client application (318) encrypts the user name of the user with the public key of backend server (310) and sends to the backend server (310) along with the phone number (502).
The backend server (310) on receiving the request decrypts the user name with its private key and check if the sent user name is present in the database with the sent mobile number. If it is there, client application (318) is authenticated. For maintaining a session between client application (318) and backend server (310), backend server (310) generates a token known as Requestld. For sending response the backend server (310) encrypts the generated Requestld and requested data with client application's (318) public key and sends back to the client application (318) (504).
On each subsequent requests client application (318) and backend server (310) keep on exchanging encrypted Requestld and backend server (310) is storing the context path which says whether the client application (318) is authenticated or not. On each request from client application (318) server decrypts the Requestld and checks if the context present with the Requestld is authenticated. If it is authenticated then the backend server (310) process the request, and again encrypt the Requestld with client's public key and send back to the client application (318) with response data (506).
The methodology and techniques described with respect to the exemplary embodiments can be performed using a machine or other computing device within which a set of instructions, when executed, may cause the machine to perform any
one or more of the methodologies discussed above. In some embodiments, the machine operates as a standalone device. In some embodiments, the machine may be connected (e.g., using a network) to other machines. In a networked deployment, the machine may operate in the capacity of a server or a client user machine in a server-client user network environment, or as a peer machine in a peer-to-peer (or distributed) network environment.
The machine may comprise a server computer, a client user computer, a personal computer (PC), a tablet PC, a laptop computer, a desktop computer, a control system, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while a single machine is illustrated, the term "machine" shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
The machine may include a processor (e.g., a central processing unit (CPU), a graphics processing unit (GPU, or both), a main memory and a static memory, which communicate with each other via a bus. The machine may further include a video display unit (e.g.. a liquid crystal displays (LCD), a flat panel, a solid state display, or a cathode ray tube (CRT)). The machine may include an input device (e.g., a keyboard) or touch-sensitive screen, a cursor "ontrol device (e.g., a mouse), a disk drive unit, a signal generation device (e.g., a speaker or remote control) and a network interface device.
Dedicated hardware implementations including, but not limited to, application specific integrated circuits, programmable logic arrays and other hardware devices can likewise be constructed to implement the methods described herein. Applications that may include the apparatus and systems of various embodiments broadly include a variety of electronic and computer systems. Some embodiments implement functions in two or more specific interconnected hardware modules or
devices with related control and data signals communicated between and through the modules, or as portions of an application-specific integrated circuit. Thus, the example system is applicable to software, firmware, and hardware implementations.
In accordance with various embodiments of the present disclosure, the methods described herein are intended for operation as software programs running on a computer processor. Furthermore, software implementations can include, but not limited to, distributed processing or component/object distributed processing, parallel processing, or virtual machine processing can also be constructed to implement the methods described herein.
The illustrations of arrangements described herein are intended to provide a general understanding of the structure of various embodiments, and they are not intended to serve as a complete description of all the elements and features of apparatus and systems that might make use of the structures described herein. Many other arrangements will be apparent to those of skill in the art upon reviewing the above description. Other arrangements may be utilized and derived therefrom, such that structural and logical substitutions and changes may be made without departing from the scope of this disclosure. Figures are also merely representational and may not be drawn to scale. Certain proportions thereof may be exaggerated, while others may be minimized. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense.
The preceding description has been presented with reference to various embodiments. Persons skilled in the art and technology to which this application pertains will appreciate that alterations and changes in the described structures and methods of operation can be practiced without meaningfully departing from the principle, spirit and scope.
ADVANTAGES OF THE INVENTION;
• In the present application a user is not required to remember any of the authentication credentials.
• In the present application a user is not required to text in the user name and password.
• In the present application user's involvement is only once in the entire authentication interaction which is for typing the activation code; there after application manages the authentication process by itself.
WE CLAIM:
1. A method for secure password-less authentication of a user while managing user identity in secure manner for performing secure electronic transactions, characterized by exchange of encrypted asymmetric and symmetric keys, the method comprising processor implemented steps of:
a. registering for a client application (318) by a user (302) by providing
its mobile communication device (316) service number:
b. generating and sending a unique activation code and secure URL of the
client application (318) for the user (302) by a backend server (310)
upon user registration;
c. receiving, downloading and installing the client application (318) on
user's mobile communication device (316);
d. downloading a public key of backend server (310) onto user's mobile
communication device (316);
e. requesting for said unique activation code by the locked client
application (318) upon launching for the first time;
f. entering said unique activation code by the user (302);
g. sending said unique activation code to a SMSC (312) at the backend
server (310) by client application (318);
h. forwarding said unique activation code along with the user's mobile communication device (316) service number by SMSC (312) to the backend server (310) for validation upon receiving from SMSC (312):
i. validating unique activation code and user's mobile communication device (316) service number by the backend server (310) upon receiving from SMSC (312); •
j. encrypting user credentials and generating a unique cryptographic userlD by the backend server (310) upon validation of unique activation code and user's mobile communication device (316) service number;
k, sending a client application directed message along with generated cryptographic userlD to the client application (318) running on user's mobile communication device (316); and
1. activating the client application (318) and storing the received client application directed message and cryptographic userlD by the client application (318) for subsequent secure password-less authentication of the user (302).
2. The method as claimed in claim 1, wherein the exchange of encrypted asymmetric and symmetric keys for secure password-less authentication comprising processor implemented steps of:
a. generating asymmetric key by the client application (318) of the
user's mobile communication device (316) after receiving the
userlD from the backend server (310);
b. encrypting the private key with a pass phrase by the client
application (318), encrypt its public key along with user name and
pass phrase with the downloaded public key of backend sener
(310);
c. sending said encrypted data to the backend server (310) for
validation by the client application (318);
d. decrypting the received payload with its private key and store client
application's (318) public key and pass phrase in data storage (314)
by the backend server (310);
e. generating a string (STR) by the backend server (310);
f. retrieving the public key/certificate of client application (318) from
data storage (314) by the backend server (310);
g. encrypting the generated string (STR) with client application's
(318) public key and send encrypted string to the client application
(318) by the backend server (310);
h. decrypting received payload client application (318) with its
private key and retrieving the string (STR); i. encrypting the string with backend server's (310) public key by the
client application (318) and sending back the encrypted string back
to backend server(310); j, decrypting payload by the backend server (310) with its private key
and retrieving encrypted string (STR); k. matching the string (STR) sent by the backend server (310) with
the string (STR) received from the client application (318) for
authenticating the client application (318) if string (STR) matches.
3. The method as claimed in claim 1, wherein the user (302) registers for the client application (318) by providing its mobile communication device service number on which the component of the client application (318) is to be activated.
4. The method as claimed in claim 1. wherein the user credentials are selected from group comprising of user name, address, mobile communication device service number and userlD.
5. The method as claimed in claim 1, wherein the unique activation code has one time usage with the certain life span.
6. The method as claimed in claim 1, wherein said generated unique activation code and secure URL of the client application (318) is sent to the user's mobile communication device via short messaging service.
7. The method as claimed in claim 1, wherein said downloaded client application (318) is inactive and is in a lock state until it receive the validation and activation message from the backend server (310).
8. The method as claimed in claim 1, wherein c'ient application (318) requests for the unique activation code upon first time launching which is the same unique activation code that user (302) has received via short messaging service from the backend server (310).
9. The method as claimed in claim 1, wherein the SMSC (312) is localized at the backend server (310) providing the access to the backend server (310).
10. The method as cJaimed in claim 1, wherein the validation operation is atomic for avoiding access to the malicious user, wherein the client application (318) waits until it receive the validation and activation message from the backend server (310).
11. The method as claimed in claim 1, wherein the backend server (310) validates the unique activation code and user's mobile communication device (316) service number with the stored information in the data storage (314) upon receiving from SMSC (312).
12. The method as claimed in claim 1, wherein the received client application (318) directed message and cryptographic userlD by the client application (318) is stored on the SIM (322) or internal memory component (320) of the user's mobile communication device (316) for managing user identity in secure manner.
13. The method as claimed in claim 1, further the backend server (310) sends a message informing the user (302) about the successful secure password-less authentication of a user.
J 4. The method as claimed in claim 1, wherein the encrypted user credentials are further utilized for auto-authentication of a user without forcing the user to key-in any credential information, in the background while using any online electronic transactions.
15. The method as claimed in claim 1, wherein upon subsequent launching of the client application (318) the user (302) is automatically authenticated with the cryptographic userlD stored in the SIM (322) or internal memory component (320) of the user's mobile communication device (316).
16. The method as claimed in claim 2, wherein the asymmetric key is generated by the client application (318) of the user's mobile communication device (316) only once for a secure transaction session.
17. The method as claimed in claim 2, wherein the said biometric devices on users mobile communication device (316) is used as the pass phrase for device.
18. The method as claimed in claim 2, wherein the backend server (310) is having public key, passphrase, phone number and user name of all validated client applications.
19. The method as claimed in claim 2, wherein the client application (318) may destroy its public key to make transactions more secure by avoiding any chance of fraudulent access of the public key of client application (318) and encrypted data.
20. A system for secure password-less authentication of a user while managing user identity in secure manner for performing secure electronic transactions, the system comprising of:
a. a backend server (310), configured to process the communication received from a user (302), a SMSC (312), a data storage (314) and a client application (318);
b. a SMSC (312). communicatively and electronically coupled with the backend server (310). acting as a short messaging service gateway;
a. a data storage (314), communicatively and electronically coupled with
the backend server (310), adapted to store user credentials, keys related
to the backend server (310) and client application (318);
b. a user mobile communication device (316);
c. a client application (318), communicatively and electronically coupled
with the user mobile communication device (316) adapted to perform
user selected operations and interacting with the backend server (310);
d. an internal memory component (320) and SIM {322), communicatively
and electronically coupled with the user mobile communication device
(316), adapted to store the client application directed message and
cryptographic userlD received by the client application (318) for
subsequent secure password-less authentication of the user (302).
Documents
Orders
| Section | Controller | Decision Date |
|---|---|---|
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 2770-MUM-2011-POWER OF ATTORNEY(12-10-2011).pdf | 2011-10-12 |
| 1 | 2770-MUM-2011-RELEVANT DOCUMENTS [28-09-2023(online)].pdf | 2023-09-28 |
| 2 | 2770-MUM-2011-CORRESPONDENCE(12-10-2011).pdf | 2011-10-12 |
| 2 | 2770-MUM-2011-RELEVANT DOCUMENTS [30-09-2022(online)].pdf | 2022-09-30 |
| 3 | ABSTRACT1.jpg | 2018-08-10 |
| 3 | 2770-MUM-2011-RELEVANT DOCUMENTS [25-09-2021(online)].pdf | 2021-09-25 |
| 4 | 2770-MUM-2011-RELEVANT DOCUMENTS [30-03-2020(online)].pdf | 2020-03-30 |
| 4 | 2770-MUM-2011-FORM 3.pdf | 2018-08-10 |
| 5 | 2770-MUM-2011-IntimationOfGrant03-10-2019.pdf | 2019-10-03 |
| 5 | 2770-MUM-2011-FORM 2.pdf | 2018-08-10 |
| 6 | 2770-MUM-2011-PatentCertificate03-10-2019.pdf | 2019-10-03 |
| 6 | 2770-MUM-2011-FORM 2(TITLE PAGE).pdf | 2018-08-10 |
| 7 | 2770-MUM-2011-Written submissions and relevant documents (MANDATORY) [25-06-2019(online)].pdf | 2019-06-25 |
| 7 | 2770-MUM-2011-FORM 18.pdf | 2018-08-10 |
| 8 | 2770-MUM-2011-FORM 1.pdf | 2018-08-10 |
| 8 | 2770-MUM-2011-Correspondence to notify the Controller (Mandatory) [22-05-2019(online)].pdf | 2019-05-22 |
| 9 | 2770-MUM-2011-FORM 1(12-1-2012).pdf | 2018-08-10 |
| 9 | 2770-MUM-2011-HearingNoticeLetter.pdf | 2019-04-23 |
| 10 | 2770-MUM-2011-ABSTRACT [15-12-2018(online)].pdf | 2018-12-15 |
| 10 | 2770-MUM-2011-FER.pdf | 2018-08-10 |
| 11 | 2770-MUM-2011-CLAIMS [15-12-2018(online)].pdf | 2018-12-15 |
| 11 | 2770-MUM-2011-DRAWING.pdf | 2018-08-10 |
| 12 | 2770-MUM-2011-COMPLETE SPECIFICATION [15-12-2018(online)].pdf | 2018-12-15 |
| 12 | 2770-MUM-2011-DESCRIPTION(COMPLETE).pdf | 2018-08-10 |
| 13 | 2770-MUM-2011-CORRESPONDENCE.pdf | 2018-08-10 |
| 13 | 2770-MUM-2011-FER_SER_REPLY [15-12-2018(online)].pdf | 2018-12-15 |
| 14 | 2770-MUM-2011-CORRESPONDENCE(12-1-2012).pdf | 2018-08-10 |
| 14 | 2770-MUM-2011-OTHERS [15-12-2018(online)].pdf | 2018-12-15 |
| 15 | 2770-MUM-2011-ABSTRACT.pdf | 2018-08-10 |
| 15 | 2770-MUM-2011-CLAIMS.pdf | 2018-08-10 |
| 16 | 2770-MUM-2011-ABSTRACT.pdf | 2018-08-10 |
| 16 | 2770-MUM-2011-CLAIMS.pdf | 2018-08-10 |
| 17 | 2770-MUM-2011-OTHERS [15-12-2018(online)].pdf | 2018-12-15 |
| 17 | 2770-MUM-2011-CORRESPONDENCE(12-1-2012).pdf | 2018-08-10 |
| 18 | 2770-MUM-2011-CORRESPONDENCE.pdf | 2018-08-10 |
| 18 | 2770-MUM-2011-FER_SER_REPLY [15-12-2018(online)].pdf | 2018-12-15 |
| 19 | 2770-MUM-2011-COMPLETE SPECIFICATION [15-12-2018(online)].pdf | 2018-12-15 |
| 19 | 2770-MUM-2011-DESCRIPTION(COMPLETE).pdf | 2018-08-10 |
| 20 | 2770-MUM-2011-CLAIMS [15-12-2018(online)].pdf | 2018-12-15 |
| 20 | 2770-MUM-2011-DRAWING.pdf | 2018-08-10 |
| 21 | 2770-MUM-2011-ABSTRACT [15-12-2018(online)].pdf | 2018-12-15 |
| 21 | 2770-MUM-2011-FER.pdf | 2018-08-10 |
| 22 | 2770-MUM-2011-FORM 1(12-1-2012).pdf | 2018-08-10 |
| 22 | 2770-MUM-2011-HearingNoticeLetter.pdf | 2019-04-23 |
| 23 | 2770-MUM-2011-Correspondence to notify the Controller (Mandatory) [22-05-2019(online)].pdf | 2019-05-22 |
| 23 | 2770-MUM-2011-FORM 1.pdf | 2018-08-10 |
| 24 | 2770-MUM-2011-Written submissions and relevant documents (MANDATORY) [25-06-2019(online)].pdf | 2019-06-25 |
| 24 | 2770-MUM-2011-FORM 18.pdf | 2018-08-10 |
| 25 | 2770-MUM-2011-PatentCertificate03-10-2019.pdf | 2019-10-03 |
| 25 | 2770-MUM-2011-FORM 2(TITLE PAGE).pdf | 2018-08-10 |
| 26 | 2770-MUM-2011-IntimationOfGrant03-10-2019.pdf | 2019-10-03 |
| 26 | 2770-MUM-2011-FORM 2.pdf | 2018-08-10 |
| 27 | 2770-MUM-2011-RELEVANT DOCUMENTS [30-03-2020(online)].pdf | 2020-03-30 |
| 27 | 2770-MUM-2011-FORM 3.pdf | 2018-08-10 |
| 28 | ABSTRACT1.jpg | 2018-08-10 |
| 28 | 2770-MUM-2011-RELEVANT DOCUMENTS [25-09-2021(online)].pdf | 2021-09-25 |
| 29 | 2770-MUM-2011-RELEVANT DOCUMENTS [30-09-2022(online)].pdf | 2022-09-30 |
| 29 | 2770-MUM-2011-CORRESPONDENCE(12-10-2011).pdf | 2011-10-12 |
| 30 | 2770-MUM-2011-RELEVANT DOCUMENTS [28-09-2023(online)].pdf | 2023-09-28 |
| 30 | 2770-MUM-2011-POWER OF ATTORNEY(12-10-2011).pdf | 2011-10-12 |
Search Strategy
| 1 | 2770mum2011_21-09-2017.pdf |
| 1 | search_14-06-2018.pdf |
| 2 | 2770mum2011_21-09-2017.pdf |
| 2 | search_14-06-2018.pdf |