1. Field of the Invention
This invention pertains to a secure wireless authorization system. More specifically, this invention relates to a wireless application in which a user can utilize a wireless device to authorize a request sent by an authorization server and initiated by a third party entity. In particular, this invention provides a secure encryption algorithm and digital signature to ensure the security of the wireless channel during the authorization process.
2. Background Art
The popularity of wireless communication has increased exponentially over the past few years. Cellular phones, Personal Digital Assistants (PDA), and other wirelessly enabled devices have successfully penetrated and been adopted by the general consumer market. Individuals enjoy the convenience, flexibility and mobility of wireless devices as a means to facilitate communications when a conventional telephone line is not within reach or the individual is in an automobile, on foot, or in any other type of mobile environment.
Individuals also enjoy the benefits and convenience of having financial accounts, electronic money accounts, general services accounts, or any private or public services account entities, which facilitates their purchasing goods/services, saving money and accessing personal records.
In the case of personal accounts and records, such as an individual's credit record, current practices do not include provisions that allow the individual to control access or receive real-time notice that his records are being accessed and updated. A secure authorization notice would be helpful in preventing not only unauthorized access but would give the individual control over who is updating the account or record and the information that is updated. Mistakes and incorrect information on an individual's credit record would have dire consequences, since an individual's credit record is used to approve loan and credit applications. An individual can be prevented from buying a house, a car, obtaining a credit card, phone service, cellular service and/or other essential services due to the information on the individual's credit record. Minimizing unauthorized use and/or information wrongly updated and/or added to the individual's record would help prevent these undesired consequences as well as save both the time and resources needed to correct these mistakes.
In case of personal accounts and records such as an individual's health or government record, current practices do not include provisions that allow the individual to control access or receive real-time notice that the record is being accessed and updated. A secure authorization notice would be helpful in preventing unauthorized access and giving the individual control over who is updating the account or record and the information that is updated. Mistakes and incorrect information on an individual health or government record can have dire consequences. An individual may have benefits denied or have an inaccurate medical record leading to higher health insurance rates or leaving his privacy unprotected. Minimizing unauthorized use and/or information wrongly updated and/or added to the individual's record would help prevent these undesired consequences as well as save both the time and resources needed to correct these mistakes.
In the case of brokerage accounts, a secure authorization notice would inform the user that a particular stock transaction has taken place or advise that the price of a particular security has entered into a favorable range and query if the individual wants to take a specific action. This would give the individual greater flexibility and allow the individual to take advantage of trading opportunities that were not available without using a wireless device with a secure wireless connection.
In the case of services accounts such as a checking account, savings account, and/or cellular services account, allowing access and/or operations on the account through a secure wireless connection would allow an individual to initiate a balance inquiry, transfer value, and/or transfer time-units from one account to another. This would give the individual greater flexibility and find new uses for these accounts while allowing individuals and service providers to reap greater benefits from the increase in account usage.
Other uses, such as initiating the transfer of currency in real time from one financial account to another financial account allows the individual to draw funds against his own financial account and pay for goods and services by depositing the funds into an account of an individual or company that has provided the product or service immediately without having to undergo the inconvenience of first going to a specific institution or electronic banking facility to withdraw funds and/or use credit cards, charge cards, debit cards and/or write a check to settle a transaction.
In each case, the foregoing allows the individual to avoid having to undergo the inconvenience of going to a specific institution to access, authorize, and/or settle an account. In this regard, the ability of having a secure and highly encrypted wireless channel to enter into a transaction and/or access a personal record is crucial and critical.
Unfortunately, with the convenience and flexibility of each of the above services come opportunities for theft, fraud and/or abuse resulting in financial, identity, information and/or productivity loss. The information and/or account holder only becomes aware of the unauthorized access and/or usage of the information and/or account after the fact when a monthly account summary or notice is given. As a result, financial and identity information and/or productivity are lost directly and indirectly as the information and/or account holder tries to correct the theft, fraud and/or abuse.
In the case of credit cards, charge cards, and/or debit cards, theft, fraud and/or unauthorized usage has been estimated to be in the billions of dollars globally. Although the end user is not held responsible for any financial loss once the theft, fraud and/or unauthorized usage has been reported, this financial burden falls on the shoulders of merchants who pass on these extra costs ultimately in the form of higher prices to the consumer. Moreover, the reputation of the card issuer will be impacted if it is perceived that a particular type of card can be stolen and/or accessed more easily than others. A secure wireless authorization notice would be helpful in preventing theft, fraud and/or unauthorized usage of these cards by giving greater control to the individual, reducing theft and/or fraud costs to the merchants and enhancing the card issuer's card security reputation. It would also open new uses for these cards, allowing individuals, merchants and card issuers to reap greater benefits from their card usage.
Although current practices exist to prevent and deter fraud, such practices do not keep up with the pace of technology change. In addition, new channels are being created from this technology change that allows individuals to respond wirelessly to a request using secure/high encryption from an entity to access information and transfer currency that was not possible before. Therefore, there is an urgent need for a secure transaction environment to thwart the fraudulent activities in each of the above services.
U.S. Patent Application Publication No. 2002/0082995 to Christie describes a payment authorization system for credit card use. It describes an additional authorization process by sending an authorization request from a processing center to a device upon receiving the request. However, the system only applies to real-time processing but does not address the operation procedure when there is no response from the user. Moreover, there is no detailed description on security schemes such as encryption of the transaction data, and/or a requirement of the user to enter a personal identification number (PIN) or a personal digital signature. Without secure/high encryption, the system becomes very vulnerable to fraud and could potentially result in uncountable financial loss. Also, the system is designed for credit transactions and does not consider other potential uses for wireless authorization system.
Other methods for authorization have been proposed. For example, U.S. Patent Application Publication No. 2001/0051920 to Joao, et al. describes an authorization/notification system for financial transactions. U.S. Patent Application Publication No. 2003/0061163 to Durfield describes a transaction verification system, where a transaction with a credit/debit card is authorized by both the user and the credit card company concurrently. The system described by Joao, et al. is similar to that described in U.S. Patent Publication No. 2003/0061163 listed above, except that the scope of the system is tapered towards credit/debit card transactions. However, both systems fail to incorporate secure transaction schemes, thus making the system prone to fraud and identity theft.
In addition, U.S. Pat. No. 6,052,675 to Cheechio describes a pre-authorization scheme for credit card or bank card transactions. However, this scheme is limited to pre-authorized transactions and thus thwarts the benefits of a real-time transaction. Also, the pre-authorization details are stored in the credit-card network. It would be better for the pre-authorization details to be stored with the credit card issuers as they have better visibility into the user's account limits and constraints. Also, it is impractical to request a user to enter the exact amount of a transaction cost as required in the patent disclosure.