| CPC G06Q 20/3829 (2013.01) [G06Q 20/02 (2013.01); G06Q 20/3226 (2013.01); G06Q 20/3823 (2013.01)] | 27 Claims |
|
1. A method, implemented on a mobile device, for authorizing a transaction with payment information, comprising:
generating a random private-public key pair including an asymmetric private key and an asymmetric public key;
providing to a secure payment system the asymmetric public key;
receiving an authenticating input from a user;
generating, by a one-way hashing function, a symmetric encryption key from the authenticating input;
encrypting the asymmetric private key using the symmetric encryption key to produce an encrypted private key;
storing, in a memory of the mobile device, the encrypted private key;
deleting the asymmetric private key, the asymmetric public key, the authenticating input, and the symmetric encryption key from the memory of the mobile device;
receiving a request to initiate a transaction and a subsequent authenticating input from the user; and
responsive to receiving the request to initiate the transaction:
re-generating, by the one-way hashing function, the symmetric encryption key from the subsequent authenticating input;
decrypting the encrypted private key with the symmetric encryption key to obtain the asymmetric private key;
generating a cryptographically signed message using the asymmetric private key, wherein the cryptographically signed message authorizes the transaction; and
providing, to the secure payment system, the cryptographically signed message.
|