Description:FIELD OF INVENTION
[0001] Embodiments of the present disclosure relate to the field of mobile communication and more particularly, a system and a method for Loopback short-message authentication of mobile numbers for onboarding validation.
BACKGROUND
[0002] In the contemporary landscape of digital services and online platforms, the verification of user identities and the authenticity of provided information stand as critical prerequisites for secure and trustworthy interactions. One of the pivotal elements in this verification process is the validation of ownership associated with mobile phone numbers, which serve as Pervasive identifiers in the realm of mobile communication.
[0003] Traditional methods for verifying phone number ownership often rely on sending a one-time password (OTP) via short message service (SMS) or voice call to the provided number, requiring users to input the received code to authenticate their ownership. However, these methods are susceptible to various vulnerabilities, including subscriber identity module (SIM) swapping attacks, phishing attempts, and interception of SMS messages, leading to potential security breaches and unauthorized access to sensitive information. Additionally, Voice over IP (VoIP) or virtual numbers can circumvent these processes.
[0004] Several methods are employed for authentication of mobile numbers and facilitate onboarding. One primary approach involves multifactor authentication, requiring users to provide multiple forms of verification like passwords, biometrics, or one-time passcodes. Additionally with advancements in AI technology, facial recognition has become a widely used method for authentication.
[0005] However, these existing methods are often limited by several factors. Firstly, reliance on traditional security measures such as passwords, biometrics, and one time passcode can be insufficient in the face of increasingly sophisticated cyber threats. Additionally in industries such as finance, where stringent regulations govern customer onboarding and identity verification, the current methods may prove inadequate, leading to potential compliance challenges. Particularly, the variability in mobile number verification processes worldwide poses a significant hurdle, as certain solutions may not be available in specific regions or may involve exorbitant international SMS delivery expenses. Moreover, the existing methods often involve complex procedures, such as manual code input or validation calls, which not only inconveniences users but also contribute to delays in the onboarding process.

[0006] In response to these challenges, there exists a need for a more robust and secure mechanism for validating the ownership of mobile phone numbers while ensuring a seamless onboarding process for users accessing digital platforms and services.

[0007] Hence, there is a need for an improved system and method for secure loop authentication, verifying mobile number ownership, and facilitating onboarding which addresses the aforementioned issue(s).

OBJECTIVES OF THE INVENTION
[0008] The primary objective of the invention is to provide a solution for disconnected validation of mobile number ownership by locally verifying mobile numbers, thereby reducing susceptibility to human error and social engineering attacks.
[0009] Another objective of the invention is to provide a zero-trust device & subscriber identity module (SIM) binding for essential mobile applications, ensuring the authentication of both the mobile device and the mobile number of users. The principle of zero trust establishes an individualized digital identity for each customer utilizing mobile applications.
BRIEF DESCRIPTION
[0010] In accordance with an embodiment of the present disclosure, a system for loopback short-message authentication of mobile numbers for onboarding validation is provided. The system includes a processing subsystem hosted on a server. The processing subsystem is configured to execute on a network to control bidirectional communications among a plurality of modules. The processing subsystem includes an input module configured to a receive a mobile number from at least one of a user and a third-party source, along with retrieving the presence of the corresponding subscriber identity module card in the mobile device undergoing authentication. The input module is also configured to validate the mobile number locally by utilizing a loopback short-message authentication technique. The processing subsystem includes a binding module operatively coupled to the input module wherein the binding module is configured to combine a mobile device, a sim card and the mobile number, wherein the mobile device and mobile number is combined upon successful validation of the loopback short-message authentication technique. The processing subsystem includes a hashing module operatively coupled to the binding module wherein the hashing module is configured to generate a device hash using the combined configuration and transmit the said device hash to the server.
The hashing module is also configured to send a first hash and a second hash to the mobile device, wherein the second hash is sent via a short message service. The hashing module is also configured to receive a confirmation of the mobile number's existence in response to the server comparing the device hash with a database, thereby ensuring accuracy. The processing subsystem includes a validation module operatively coupled to the hashing module wherein the validation module is configured to receive a validation of the server and the second hash locally in response to the mobile device automatically reading the short message service. The validation module is also configured to send a mapping hash via a gateway to the mobile device in response to successful validation of the first hash. The validation module is also configured to validate the short message service with the mobile device. The validation module is also configured to generate a token for a session in response to the mobile device confirming the device binding.
[0011] In accordance with another embodiment of the present disclosure, a method for loopback short-message authentication of mobile numbers for onboarding validation is provided. The method includes receiving, by an input module, a mobile number from at least one of a user and a third-party source, along with retrieving the presence of the corresponding subscriber identity module card in the mobile device undergoing authentication. The method includes validating, by the input module, the mobile number locally by utilizing a loopback short-message authentication technique. The method includes combining, by a binding module, a mobile device, a sim card and the mobile number, wherein the mobile device and mobile number is combined upon successful validation of the loopback short-message authentication technique. The method includes generating, by a hashing module, a device hash using the combined configuration and transmitting the said device hash to the server. The method includes sending, by the hashing module, a first hash and a second hash to the mobile device, wherein the second hash is sent via a short message service. The method includes receiving, by the hashing module, a confirmation of the mobile number's existence in response to the server comparing the device hash with a database, thereby ensuring accuracy. The method includes receiving, by a validation module, a validation of the server and the second hash locally in response to the mobile device automatically reading the short message service. The method includes sending, by the validation module, a mapping hash via a gateway to the mobile device in response to successful validation of the first hash. The method includes validating, by the validation module, the short message service with the mobile device. The method includes generating, by the validation module, a token for a session in response to the mobile device confirming the device binding.
[0012] To further clarify the advantages and features of the present disclosure, a more particular description of the disclosure will follow by reference to specific embodiments thereof, which are illustrated in the appended figures. It is to be appreciated that these figures depict only typical embodiments of the disclosure and are therefore not to be considered limiting in scope. The disclosure will be described and explained with additional specificity and detail with the appended figures.
BRIEF DESCRIPTION OF THE DRAWINGS
[0013] The disclosure will be described and explained with additional specificity and detail with the accompanying figures in which:
[0014] FIG. 1 is a block diagram representation of a system for loopback short-message authentication of mobile numbers for onboarding validation in accordance with an embodiment of the present disclosure;
[0015] FIG. 2 is a block diagram representation of an exemplary embodiment for loopback short-message authentication of mobile numbers for onboarding validation of FIG. 1, in accordance with an embodiment of the present disclosure;
[0016] FIG. 3 is a block diagram of a computer or a server in accordance with an embodiment of the present disclosure;
[0017] FIG. 4(a) illustrates a flow chart representing the steps involved in a method for loopback short-message authentication of mobile numbers for onboarding validation in accordance with an embodiment of the present disclosure; and
[0018] FIG. 4(b) illustrates continued steps of the method of FIG. 4(a) in accordance with an embodiment of the present disclosure;
[0019] Further, those skilled in the art will appreciate that elements in the figures are illustrated for simplicity and may not have necessarily been drawn to scale. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the figures by conventional symbols, and the figures may show only those specific details that are pertinent to understanding the embodiments of the present disclosure so as not to obscure the figures with details that will be readily apparent to those skilled in the art having the benefit of the description herein.
DETAILED DESCRIPTION
[0020] For the purpose of promoting an understanding of the principles of the disclosure, reference will now be made to the embodiment illustrated in the figures and specific language will be used to describe them. It will nevertheless be understood that no limitation of the scope of the disclosure is thereby intended. Such alterations and further modifications in the illustrated system, and such further applications of the principles of the disclosure as would normally occur to those skilled in the art are to be construed as being within the scope of the present disclosure.
[0021] The terms “comprises”, “comprising”, or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such a process or method. Similarly, one or more devices or subsystems or elements or structures or components preceded by "comprises... a" does not, without more constraints, preclude the existence of other devices, sub-systems, elements, structures, components, additional devices, additional sub-systems, additional elements, additional structures or additional components. Appearances of the phrase "in an embodiment", "in another embodiment" and similar language throughout this specification may, but not necessarily do, all refer to the same embodiment.
[0022] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by those skilled in the art to which this disclosure belongs. The system, methods, and examples provided herein are only illustrative and not intended to be limiting.
[0023] In the following specification and the claims, reference will be made to a number of terms, which shall be defined to have the following meanings. The singular forms “a”, “an”, and “the” include plural references unless the context clearly dictates otherwise.
[0024] In accordance with an embodiment of the present disclosure, a system for loopback short-message authentication of mobile numbers for onboarding validation is provided. The system includes a processing subsystem hosted on a server. The processing subsystem is configured to execute on a network to control bidirectional communications among a plurality of modules. The processing subsystem includes an input module configured to receive a mobile number from at least one of a user and a third-party source, along with retrieving the presence of the corresponding subscriber identity module card in the mobile device undergoing authentication. The input module is also configured to validate the mobile number locally by utilizing a loopback short-message authentication technique. The processing subsystem includes a binding module operatively coupled to the input module wherein the binding module is configured to combine a mobile device, a sim card and the mobile number, wherein the mobile device and mobile number is combined upon successful validation of the loopback short-message authentication technique. The processing subsystem includes a hashing module operatively coupled to the binding module wherein the hashing module is configured to generate a device hash using the combined configuration and transmit the said device hash to the server. The hashing module is also configured to send a first hash and a second hash to the mobile device, wherein the second hash is sent via a short message service. The hashing module is also configured to receive a confirmation of the mobile number's existence in response to the server comparing the device hash with a database, thereby ensuring accuracy. The processing subsystem includes a validation module operatively coupled to the hashing module wherein the validation module is configured to receive a validation of the server and the second hash locally in response to the mobile device automatically reading the short message service. The validation module is also configured to send a mapping hash via a gateway to the mobile device in response to successful validation of the first hash. The validation module is also configured to validate the short message service with the mobile device. The validation module is also configured to generate a token for a session in response to the mobile device confirming the device binding.
[0025] FIG. 1 is a block diagram representation of a system for loopback short-message authentication of mobile numbers for onboarding validation in accordance with an embodiment of the present disclosure. The system (100) includes a processing subsystem (105) hosted on a server (108), wherein the processing subsystem (105) is configured to execute on a network (130) to control bidirectional communications among a plurality of modules. In one embodiment, the server (108) may include a cloud-based server. In another embodiment, parts of the server (108) may be a local server coupled to a mobile device (150). The processing subsystem (105) is configured to execute on a network (130) to control bidirectional communications among a plurality of modules. In one example, the network (130) may be a private or public local area network (LAN) or Wide Area Network (WAN), such as the Internet. In another embodiment, the network (130) may include both wired and wireless communications according to one or more standards and/or via one or more transport mediums. In one example, the network (130) may include wireless communications according to one of the 802.11 or Bluetooth specification sets, or another standard or proprietary wireless communication protocol. In yet another embodiment, the network (130) may also include communications over a terrestrial cellular network, including, a global system for mobile communications (GSM), code division multiple access (CDMA), and/or enhanced data for global evolution (EDGE) network.
[0026] The plurality of modules includes an input module (110), a binding module (115), a hashing module (120) and a validation module (125).
[0027] The input module (110) is configured to receive a mobile number from at least one of a user and a third-party source, along with retrieving the presence of the corresponding subscriber identity module card in the mobile device (150) undergoing authentication. Typically, the user is an individual who wishes to initiate a session with the mobile device (150) and requires validation for the said session. The third-party source typically refers to the information obtained from a party not directly involved in a situation but indirectly resembles. The third-party sources include financial institutions like banks wherein banks incorporate all nationalized, rural, cooperatives, private, banks and the same, non-banking financial company (NBFC), insurance company and the same. The session refers to a period of communication between two or more mobile devices, including the exchange of data. The session includes the establishment, maintenance, and termination of a connection between the two or more mobile devices. For example, a session involves a client (such as a web browser) communicating with a server (such as web server) and the like. The Subscriber Identity Module (SIM) is a smart card that is used in GSM (Global System for Mobile communications) and LTE (Long-Term Evolution) networks to store subscriber data, such as identification information, authentication keys, and personal data. The SIM allows the mobile device (150) to connect to the network (130) and communicate securely.
[0028] The input module (110) performs several functions in the authentication process. Firstly, the input module (110) receives a mobile number from at least one of a user and a third-party source, wherein at least one of the user and the third-party source are primary identifier for authentication purposes. Additionally, the input module (110) checks and determines whether the corresponding Subscriber Identity Module (SIM) card is present within the mobile device (150). Furthermore, the input module (110) is configured to verify the information provided at least one of a user and a third-party source and physical presence of the SIM card to establish the authenticity of the mobile device (150) and at least one of the user and the third-party source information, thereby ensuring security and reliability in verifying user access to system (100) based on a mobile communication technology. Typically, the mobile communication technology enables wireless transmission of voice, data, and multimedia over cellular networks, allowing portable devices like smartphones and tablets to connect globally. It encompasses technologies such as GSM, Fourth Generation Wireless communication (4G), LTE, and Fifth Generation Wireless communication (5G), facilitating real-time communication, internet access, and mobile applications.
[0029] Additionally, the input module (110) is configured to validate the mobile number locally by utilizing a loopback short-message authentication technique. A local validation includes authentication of data within the system (100) locally, without relying on the network (130). Typically, the local validation of the mobile device (150) reduces the need to rely on outside sources and improves security by validating the data internally before allowing further network (130) interaction. For example, the outside sources include External servers, Internet, Cloud services and the like. Additionally, the local validation ensures that credentials are validated locally before authentication initiated. For example, local validation includes verifying the format and validity of user credentials (like usernames and passwords) against a local database stored on the device and the like.
[0030] The loopback short-message authentication phone number (LSAP) technique is configured to detect the presence of the SIM in the mobile device (150). Typically, in the loopback Short-message authentication phone number technique, the mobile number is first sourced from at least one of a user and a third-party source input or retrieved from outgoing short message services (SMS). Additionally, the mobile number is obtained from a payment service provider like bank for confirmation and undergoes local validation. Furthermore, if the validation is successful the authentication goes to binding module (115) and if the validation is not successful the communication stops in this stage as the authentication is failed.
[0031] The binding module (115) is operatively coupled to the input module (110). The binding module (115) is configured to combine the mobile device (150), the SIM card and the mobile number. As discussed earlier the mobile device (150) and the mobile number is combined upon successful validation of the loopback short-message authentication technique. A secure connection is initiated through a device binding so that data is transmitted to the server (108) using a unique hash. The device binding creates a unique identity for individual mobile user, utilizing unique hash that integrates a combination of information from the mobile device (150), subscriber identity module (SIM) card, and mobile phone number and validates the user information on mobile device (150) every time.
[0032] In one embodiment, the binding module (115) is configured to validate the detected mobile device (150). The server (108) verifies the mobile number's presence by cross-referencing its database (140) and validating the same. A database (140) is a structured collection of data organized for efficient retrieval, storage, and management, which allows users to interact with the data and perform operations like querying, updating, and deleting information. This validation occurs concurrently between the mobile device (150) and the server (108), ensuring seamless transaction processing and safeguards against unauthorized access between the mobile device (150) and the server (108).
[0033] In one embodiment, the binding module (115) is configured to store the hash for the combined configuration, wherein the combined configuration represents elements like the mobile device (150), SIM card, and mobile phone number, into the database (140). The stored hash in the database (140) serves as a unique identifier for the mobile device (150) within the system (100). The system (100) can retrieve and reference the stored hash from the database (140) when needed for verification and authentication purposes. The authentication using the stored hash ensures that the mobile device (150) identity is securely recorded and accessible for future validation, enhancing the system (100) overall security and reliability.
[0034] In one embodiment the binding module (115) is configured to update the stored hash in real-time, based on changes in the detected configurations. The binding module (115) updates the stored hash instantly, responding to changes in detected configurations. The binding module (115) ensures quick synchronization, adapting promptly to changes in configurations, and maintaining the accuracy of the stored hash.
[0035] The hashing module (120) is operatively coupled to the binding module (115). The hashing module (120) is configured to generate a mobile device (150) hash using the combined configuration and transmit the said mobile device (150) hash to the server (108). The hashing module (120) includes utilizing a hash during each validation phase. As discussed earlier, a unique identifier is generated for the mobile device (150) and transmitted to the server (108) to validate LSAP completion. Following this, the server (108) issues an automatically readable one-time password (OTP). Progression to the subsequent stage depends on the successful automatic reading of the OTP. If any validation step receives a negative response, the entire process ceases immediately. The OTP is a temporary and unique password generated for a single login session. OTPs are typically used as an additional layer of security to verify a user's identity and prevent unauthorized access. Typically, OTPs are usually sent to the user via SMS, email, or generated by an authenticator app, and are valid only for a short period of time, usually a few minutes.
[0036] Additionally, hashing module (120) is configured to send a first hash and a second hash to the mobile device (150), wherein the second hash is sent via a short message service (SMS) and receive a confirmation of the mobile number's existence in response to the server (108) comparing the device hash with a database (140), thereby ensuring accuracy. As discussed earlier, upon successful auto-reading of the OTP by the mobile device (150), the mobile device (150) transmits the hash to the server (108) for revalidation. Subsequently, the server (108) sends the corresponding mapped hash to the mobile device (150) upon successful authentication. This exchange occurs through SMS, encompassing both incoming and outgoing messages. The mapped hash includes transformation of a hash value into another form or representation that facilitates comparison.
[0037] The validation module (125) is operatively coupled to the hashing module (120). The validation module (125) is configured to receive a validation of the server (108) and the second hash locally in response to the mobile device (150) automatically reading the short message service (SMS). Typically, the mobile device (150) reads the short message service (SMS), and automatically triggers a process where the server (108) validates the received data. The server (108) then sends back a confirmation of this validation. Simultaneously, the mobile device (150) locally determines a second hash based on the received data and responds to this second hash. This dual verification process ensures the integrity and authenticity of the communication and significantly enhances security by making it harder for unauthorized users to gain access between the mobile device (150) and the server (108). This dual verification is also known as Two factor authentication.
[0038] Additionally, the validation module (125) is configured to send a mapping hash via a gateway to the mobile device (150) in response to successful validation of the first hash. As discussed earlier, the server (108) acknowledges the validation of first hash, hence in response to this acknowledgement a corresponding mapping hash is to be sent to the mobile device (150). Furthermore, the validation module (125) validates the short message service (SMS) with the mobile device (150) and generates a token for a session in response to the mobile device (150) confirming the successful completion of device binding. The token refers to a piece of data that serves as proof of authentication.
[0039] In one embodiment, the validation module (125) comprises a communication medium configured to securely transmit the detected hash to the server. The validation module (125) includes a communication channel which securely send the identified hash to the server (108). This ensures that the hash, once detected locally, is transmitted without compromise. The communication channel ensures the integrity of data transmission between the validation module (125) and the server (108). The communication medium refers to the channel through which data is transmitted from one location to another. The communication medium can be physical, like cables or fibre optics, or wireless, such as radio waves or infrared signals. Typically, communication mediums facilitate the exchange of information between devices, ensuring effective and reliable data transmission.
[0040] In one embodiment, the validation module (125) generates a unique token based on the detected configuration and user authentication data, wherein generated unique token allow the user to access the application and perform tasks within the session. This step of generating a token, transmitting it, and verifying it is repeated at every stage. Once successfully generated, it is relayed to the backend of the server (108), which subsequently forwards it to the mobile device (150). At each stage, the token serves as an acknowledgment of the completion of that stage (a three-way Handshake methodology), and confirmation is received for each stage accordingly. The three-way handshake methodology includes Synchronization, Synchronization and acknowledgement, and acknowledgement as 3 stages of communication.
[0041] In one embodiment, the validation module (125) is configured to alert the user of any suspicious authentication activities detected during the validation. If any validation step receives a negative response, the entire process ceases immediately which in turn notifies the user about detected suspicious authentication activities during the validation process. This also indicates user promptly to potential security threats or unauthorized access attempts. Such alerts help users take immediate action to safeguard their accounts or systems from potential risks identified by the validation module (125).
[0042] In one embodiment, the validation module (125) is configured to ensure that the authentication adheres to regulatory standards. The validation module (125) is designed to verify that authentication processes comply with regulatory standards and requirements. This ensures that all authentication activities meet legal guidelines and industry regulations, maintaining compliance throughout the authentication process. By adhering to these standards, the module helps organizations avoid penalties and ensures secure and trustworthy user authentication practices.
[0043] FIG. 2 is a block diagram representation of an exemplary embodiment of a system (100) for loopback short-message authentication of mobile numbers for onboarding Validation of FIG. 1 in accordance with an embodiment of the present disclosure. The system (100) includes a comparison module (135) operatively coupled to the binding module (115). The comparison module (135) facilitates evaluating equality, inequality, and comparison between the stored and gathered identity. Additionally, comparison module (135) includes error handling for type mismatches. Furthermore, comparison module (135) is coupled with the binding module (115) and ensures security against potential vulnerabilities like phishing attacks, promoting reliable and accurate comparisons in input identity.
[0044] In one embodiment the comparison module (135) is configured to verify the detected SIM cards by comparing it with a list of approved SIM cards. The comparison module (135) includes handling the task of verifying the identity and legitimacy of a detected SIM card. The comparison module (135) is designed to compare SIM card identifiers. It includes International Mobile Subscriber identity (IMSI), which is a 15-digit number that recognizes the carrier technology such as GSM, LTE and the like used by the user. Each IMSI code is unique which is securely stored and during authentication same code is sent by the mobile device (150) to the network (130) for identification. The comparison module (135) also includes Integrated Circuit Card Identification (ICCID) number which is a 18-22-digit number typically printed on the back of a SIM card, which is also unique for a particular SIM card. Additionally other characteristics that uniquely identify approved and authorized SIM cards are also included. Hence, by comparing the detected SIM card with an approved list, the system (100) ensures that only authorized SIM cards can access specific services, networks (130), and functionalities. This verification process is essential for ensuring security and proper access control in systems (100) that rely on SIM card authentication.
[0045] For example, consider a scenario in which the user ‘X’ is using the system. As a prerequisite, at least one of the user X and the third-party source is asked to enter a mobile number. As soon as at least one of the user X and the third-party source confirms mobile number and enter the same, a request for mobile number validation using LSAP starts. The input module (110) starts validation process using LSAP and authenticate the number by validating the presence of corresponding subscriber identity module card in the mobile device (150) undergoing authentication. The binding module performs (115) device binding to combine a mobile device (150), a sim card and the mobile number, wherein the mobile device (150) and mobile number are combined upon successful validation of the LSAP. Once the authentication is successful, further validation is performed by the comparison module (135), hashing module (120) and validation module (125). If at least one of the user X and the third-party source inputs any suspicious mobile number other than registered mobile number, the mobile device (150) authentication fails immediately at local level after LSAP verification displaying ‘Device verification Fails’. The key advantage in this authentication is that the validation is done locally without any outside network interference, hence it is less prone to social engineering attacks like phishing, Hacking and the same like.
[0046] FIG. 3 is a block diagram of a computer or a server in accordance with an embodiment of the present disclosure. The server (300) includes processor(s) (330), and memory (310) operatively coupled to the bus (320). The processor(s) (330), as used herein, means any type of computational circuit, such as, but not limited to, a microprocessor, a microcontroller, a complex instruction set computing microprocessor, a reduced instruction set computing microprocessor, a very long instruction word microprocessor, an explicitly parallel instruction computing microprocessor, a digital signal processor, or any other type of processing circuit, or a combination thereof.
[0047] The memory (310) includes several subsystems stored in the form of executable program which instructs the processor (330) to perform the method steps illustrated in FIG. 1. The memory (310) includes a processing subsystem (105) of FIG.1. The processing subsystem (105) further has following modules: an input module (110), a binding module (115), a hashing module (120) and a validation module (125).
[0048] In accordance with an embodiment of the present disclosure, a system (100) for loopback short-message authentication of mobile numbers for onboarding Validation is provided. The system (100) includes a processing subsystem (105) hosted on a server (108). The processing subsystem (105) is configured to execute on a network (130) to control bidirectional communications among a plurality of modules. The processing subsystem (105) includes an input module (110) configured to receive a mobile number from at least one of the user and the third-party source, along with retrieving the presence of the corresponding subscriber identity module card in the mobile device (150) undergoing authentication. The input module (110) is also configured to validate the mobile number locally by utilizing a loopback short-message authentication technique. The processing subsystem (105) includes a binding module (115) operatively coupled to the input module (110) wherein the binding module (115) is configured to combine the mobile device (150), a sim card and the mobile number, wherein the mobile device (150) and mobile number is combined upon successful validation of the loopback short-message authentication technique. The processing subsystem (105) includes a hashing module (120) operatively coupled to the binding module (115) wherein the hashing module (120) is configured to generate a device hash using the combined configuration and transmit the said device hash to the server (108). The hashing module (120) is also configured to send a first hash and a second hash to the mobile device (150), wherein the second hash is sent via a short message service. The hashing module (120) is also configured to receive a confirmation of the mobile number's existence in response to the server (108) comparing the device hash with a database (140), thereby ensuring accuracy. The processing subsystem (108) includes a validation module (125) operatively coupled to the hashing module (120) wherein the validation module (125) is configured to receive a validation of the server (108) and the second hash locally in response to the mobile device (150) automatically reading the short message service. The validation module (125) is also configured to send a mapping hash via a gateway to the mobile device (150) in response to successful validation of the first hash. The validation module (125) is also configured to validate the short message service with the mobile device (150). The validation module (125) is also configured to generate a token for a session in response to the mobile device (150) confirming the device binding.
[0049] The bus (320) as used herein refers to internal memory channels or a computer network that is used to connect computer components and transfer data between them. The bus (320) includes a serial bus or a parallel bus, wherein the serial bus transmits data in bit-serial format and the parallel bus transmits data across multiple wires. The bus (320), as used herein, may include but not limited to, a system bus, an internal bus, an external bus, an expansion bus, a frontside bus, a backside bus and the like.
[0050] FIG. 4(a) illustrates a flow chart representing the steps involved in a method for loopback short-message authentication of mobile numbers for onboarding validation in accordance with an embodiment of the present disclosure. FIG. 4(b) illustrates continued steps of the method of FIG. 4(a) in accordance with an embodiment of the present disclosure. The method (200) includes receiving a mobile number from at least one of the user and the third-party source, along with retrieving the presence of the corresponding subscriber identity module card in the mobile device undergoing authentication, by the input module in step (205). This step involves first receiving a mobile number from at least one of the user and the third-party source, then checking for the presence of the subscriber identity module (SIM) card in the mobile device being authenticated, utilizing the input module. Additionally, this step is pivotal for verifying the device's identity before proceeding with further authentication processes. The input module aims to ensure the legitimacy of the mobile device associated with the provided mobile number during authentication procedures.
[0051] The method (200) includes validating the mobile number locally by utilizing a loopback short-message authentication technique by the input module in step (210). The loopback short-message authentication technique includes sending a verification code in form of a message to the same mobile number and confirming its correctness within the system. This technique ensures that the mobile number can receive and respond to messages, thereby verifying its operational status. This technique is efficient for validating mobile numbers without relying on external services or networks, enhancing security and reliability during authentication processes.
[0052] The method (200) includes combining, a mobile device, a sim card and the mobile number, wherein the mobile device and mobile number is combined upon successful validation of the loopback short-message authentication technique; by the binding module in step (215). The binding module incorporates a mobile device, SIM card, and mobile number through a validation process using loopback short-message authentication. The binding module ensures the mobile device and number are successfully paired after authentication. Additionally binding module securely combines the mobile device and mobile number for operational use, ensuring reliable connectivity.
[0053] In one embodiment, the binding module validates the detected mobile device. The binding module verifies the identity and authenticity of the identified mobile device. This process ensures that the device is recognized and authorized for use within the system for which the validation is being carried out.
[0054] In one embodiment, the comparison module is configured to verify the detected SIM card by comparing it with a list of approved SIM cards. The Comparison module, operatively coupled to the binding module confirms the authenticity and validity of the identified SIM card. It does this by checking the SIM card against a predefined list of approved SIM cards. This verification process ensures that only recognized and permitted SIM cards can access within the system.
[0055] In one embodiment, the binding module is configured to store the hash for the combined configuration in a database which includes saving a unique hash, generated from the combined configuration of mobile device, SIM card and Mobile number, into the database. This hash acts as a digital identity, ensuring the integrity and security of the combined configuration. Additionally, by storing this hash, the system can later verify if any unauthorized changes have been made to the configuration, providing a reliable method for inconsistencies.
[0056] In one embodiment, the binding module is configured to update the stored hash in real-time, based on changes in the detected configurations, wherein the binding module continuously updates a stored hash, and reflecting to the changes identified in the configurations it manages. This ensures that the stored hash always represents the current state of combined configurations, enabling quick authentication of identity. Real-time updating allows the system to promptly identify any modifications or discrepancies, which is crucial for maintaining configuration accuracy and security.
[0057] The method (200) includes generating, a device hash using the combined configuration and transmitting the said device hash to the server by the hashing module in step (220). The method is initiated by hashing module by creating a unique hash using the combined configuration data. This hash serves as a digital identification of the device and represents the configuration's current state. The hashing module then sends this hash to a server, for verification and storage purposes. This approach ensures that the server can confirm the integrity of the configuration and detect any unauthorized changes efficiently.
[0058] The method (200) includes sending a first hash and a second hash to the mobile device, wherein the second hash is sent via a short message service by the hashing module in step (225). The server cross-checks the information to verify the presence of the mobile number in its database and receives confirmation of the mobile number's existence in response to the server.
[0059] The method (200) includes receiving a confirmation of the mobile number's existence by the hashing module in response to the server comparing the device hash with a database, thereby ensuring accuracy disclosed in step (230). This confirmation is based on comparing the device hash with data stored in a database. This step ensures the accuracy of the process by confirming the validity of the mobile number within the system's records, as disclosed in the method.
[0060] The method (200) includes receiving, a validation of the server and the second hash locally in response to the mobile device and automatically reading the short message service by the validation module in step (235). The validation module receives confirmation from the server and locally verify the second hash on the mobile device. This validation occurs automatically upon the module reading the short message service (SMS). This ensures that both the server's confirmation and the local verification of the second hash are securely processed.
[0061] The method (200) includes sending a mapping hash via a gateway to the mobile device in response to successful validation of the first hash by the validation module in step (240). The server confirms the validation of the first hash received from the mobile device, it then sends a corresponding mapping hash back to the same mobile device. This mapping hash likely serves as a confirmation or response that completes a transaction or verification process initiated by the mobile device. It ensures that both sides are synchronized and acknowledge the successful validation of the initial hash.
[0062] The method (200) includes validating, the short message service with the mobile device; by the validation module in the step (245). This validates the short message service (SMS) with the mobile device confirming the authenticity and integrity of the received SMS. This ensures that the message was sent from a trusted source and has not been tampered with during transmission.
[0063] The method (200) includes generating a token for a session in response to the mobile device confirming the device binding by the validation module in step (250). Generating a token for a session includes the validation module and creating a unique identifier in response to the mobile device confirming its binding. This token serves as a key that authenticates the mobile device for subsequent interactions within the session. It ensures secure access and establishes a trusted connection between the device and the system, to prevent unauthorized access and tampering.
[0064] In one embodiment, the validation module comprises a communication medium configured to securely transmit the detected hash to the server. This includes a communication medium designed to securely send the detected hash to the server. This ensures that the hash, typically used for authentication purposes, is transmitted in a manner that prevents interception and maintains Secure transmission between the validation module and the server. This ensures that the hash, once detected locally, is transmitted without compromise.
[0065] In one embodiment, the validation module generates a unique token based on the detected configuration and user authentication data, wherein generated unique token allow the user to access the application and perform tasks within the session. This token serves as a credential that allows the user access to the application and enables them to perform tasks during the session. The validity of token within the session makes it more secure for authorized access as for each iteration a new token is generated and the token window is also for a very short period, thereby making it difficult to decipher for an unauthorized user.
[0066] In one embodiment, the validation module (125) is configured to alert the user of any suspicious authentication activities detected during the validation. The module is configured to notify the user about any suspicious authentication activities identified during the validation process. This notification to users about any suspicious activities is in the form of negative acknowledgement at any step where suspicious activities are found and cancel the authentication process immediately. This alert helps users stay informed of potential security threats or unauthorized access attempts in real-time.
[0067] In one embodiment, the validation module (125) is configured to ensure that the authentication adheres to regulatory standards. The validation module is configured to assure that the authentication process complies with relevant regulatory standards and requirements. This ensures that the authentication methods used meet legal and industry-specific guidelines, promoting security and trustworthiness in the system. Adherence to regulatory standards helps mitigate risks associated with non-compliance and maintains credibility with regulatory authorities.
[0068] Various embodiments of the system and method for loopback short-message authentication of mobile numbers for onboarding validation described above enable various advantages. LSAP enhances security and fraud prevention by prioritizing the SMS channel over vulnerable methods like manual entry or Voice over IP (VoIP) numbers, which are prone to human error and social engineering. The input module (100) restricts the validation to be initiated at local level without any outside interconnection and the binding module (115) incorporates a mobile device, SIM card, and mobile number through a validation process using loopback short-message authentication. The binding module (115) ensures the mobile device (150) and number are successfully paired after authentication. Therefore, by relying on SMS, LSAP ensures robust verification that mitigates the risk of fraudulent activities, safeguarding the onboarding process for legitimate users with verified mobile numbers. Additionally, LSAP addresses regulatory compliance challenges in industries like finance by providing a reliable solution that meets stringent onboarding and identity verification requirements. Utilizing SMS authentication with the help of validation module as disclosed in one of the embodiments, LSAP helps businesses adhere to global regulatory standards, ensuring a compliant approach throughout the customer onboarding journey. Furthermore, LSAP prioritizes simplicity and user experience by streamlining the mobile number verification process. Unlike complex methods involving manual input or voice calls, LSAP delivers verification codes via SMS, offering a straightforward and familiar experience for users. The hashing module (120) enables auto-reading of the OTP by the device and transmits the acknowledgement to the server for revalidation. This user-friendly approach reduces friction during onboarding, enhancing overall efficiency and satisfaction for both businesses and customers alike. Moreover, in terms of global coverage, LSAP leverages SMS as a universally accessible communication channel, supporting seamless mobile number validation across different regions and countries. This approach eliminates barriers related to regional variations in verification methods and minimizes costs associated with international SMS delivery, thereby extending its reach without geographical limitations.
[0069] The techniques described in this disclosure may be implemented, at least in part, in hardware, software, firmware, or any combination thereof. For example, various aspects of the described techniques may be implemented within one or more processors, including one or more microprocessors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or any other equivalent integrated or discrete logic circuitry, as well as any combinations of such components. The term “processor” or “processing subsystem” may generally refer to any of the foregoing logic circuitry, alone or in combination with other logic circuitry, or any other equivalent circuitry. A control unit including hardware may also perform one or more of the techniques of this disclosure.
[0070] Such hardware, software, and firmware may be implemented within the same device or within separate devices to support the various techniques described in this disclosure. In addition, any of the described units, modules, or components may be implemented together or separately as discrete but interoperable logic devices. Depiction of different features as modules or units is intended to highlight different functional aspects and does not necessarily imply that such modules or units must be realized by separate hardware, firmware, or software components. Rather, functionality associated with one or more modules or units may be performed by separate hardware, firmware, or software components, or integrated within common or separate hardware, firmware, or software components.
[0071] It will be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of the disclosure and are not intended to be restrictive thereof.
[0072] While specific language has been used to describe the disclosure, any limitations arising on account of the same are not intended. As would be apparent to a person skilled in the art, various working modifications may be made to the method in order to implement the inventive concept as taught herein.
[0073] The figures and the foregoing description give examples of embodiments. Those skilled in the art will appreciate that one or more of the described elements may well be combined into a single functional element. Alternatively, certain elements may be split into multiple functional elements. Elements from one embodiment may be added to another embodiment. For example, the order of processes described herein may be changed and are not limited to the manner described herein. Moreover, the actions of any flow diagram need not be implemented in the order shown; nor do all of the acts need to be necessarily performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. The scope of embodiments is by no means limited by these specific examples.
, Claims:1. A system (100) for loopback short-message authentication of mobile numbers for onboarding validation comprising:
a processing subsystem (105) hosted on a server (108), wherein the processing subsystem (105) is configured to execute on a network (130) to control bidirectional communications among a plurality of modules comprising:
an input module (110) configured to:
receive a mobile number from at least one of a user and a third-party source, along with retrieving the presence of the corresponding subscriber identity module card in the mobile device (150) undergoing authentication; and
validate the mobile number locally by utilizing a loopback short-message authentication technique;
characterized in that
a binding module (115) operatively coupled to the input module (110) wherein the binding module (115) is configured to combine a mobile device (150), a sim card and the mobile number, wherein the mobile device (150) and mobile number is combined upon successful validation of the loopback short-message authentication technique;
a hashing module (120) operatively coupled to the binding module (115) wherein the hashing module (120) is configured to:
generate a device hash using the combined configuration and transmit the said device hash to the server (108);
send a first hash and a second hash to the mobile device (150), wherein the second hash is sent via a short message service; and
receive a confirmation of the mobile number's existence in response to the server (108) comparing the device hash with a database (140), thereby ensuring accuracy; and
a validation module (125) operatively coupled to the hashing module (120) wherein the validation module (125) is configured to:
receive a validation of the server (108) and the second hash locally in response to the mobile device (150) automatically reading the short message service;
send a mapping hash via a gateway to the mobile device (150) in response to successful validation of the first hash;
validate the short message service with the mobile device (150); and
generate a token for a session in response to the mobile device (150) confirming the device binding.

2. The system (100) as claimed in claim 1, wherein the binding module (115) validates the detected mobile device (150).

3. The system (100) as claimed in claim 1, comprising a comparison module (135) operatively coupled to the binding module (115) wherein the comparison module (135) is configured to verify the detected SIM card by comparing it with a list of approved SIM cards.

4. The system (100) as claimed in claim 1, wherein the binding module (115) is configured to store the hash for the combined configuration in a database (140).

5. The system (100) as claimed in claim 1, wherein the binding module (115) is configured to update the stored hash in real-time, based on changes in the detected configurations.

6. The system (100) as claimed in claim 1, wherein the validation module (125) comprises a communication medium configured to securely transmit the detected hash to the server (108).

7. The system (100) as claimed in claim 1, wherein the validation module (125) generates a unique token based on the detected configuration and user authentication data, wherein generated unique token allow the user to access the application and perform tasks within the session.

8. The system (100) as claimed in claim 1, wherein the validation module (125) is configured to alert the user of any suspicious authentication activities detected during the validation.

9. The system (100) as claimed in claim 1, wherein the validation module (125) is configured to ensure that the authentication adheres to regulatory standards.

10. A method (200) for loopback short-message authentication of mobile numbers for onboarding validation comprising:
receiving, by an input module, a mobile number from at least one of the user and the third-party source, along with retrieving the presence of the corresponding subscriber identity module card in the mobile device undergoing authentication; (205)
validating, by the input module, the mobile number locally by utilizing a loopback short-message authentication technique; (210)
characterized in that
combining, by a binding module, a mobile device, a sim card and the mobile number, wherein the mobile device and mobile number is combined upon successful validation of the loopback short-message authentication technique; (215)
generating, by a hashing module, a device hash using the combined configuration and transmit the said device hash to the server; (220)
sending, by the hashing module, a first hash and a second hash to the mobile device, wherein the second hash is sent via a short message service; (225)
receiving, by the hashing module, a confirmation of the mobile number's existence in response to the server comparing the device hash with a database, thereby ensuring accuracy; (230)
receiving, by a validation module, a validation of the server and the second hash locally in response to the mobile device automatically reading the short message service; (235)
sending, by the validation module, a mapping hash via a gateway to the mobile device in response to successful validation of the first hash; (240)
validating, by the validation module, the short message service with the mobile device; (245) and
generating, by the validation module, a token for a session in response to the mobile device confirming the device binding. (250)

Dated this 08th day of August 2024

Signature

Jinsu Abraham
Patent Agent (IN/PA-3267)
Agent for the Applicant