US 12,217,258 B2
Secure authentication and transaction system and method
Raymond J. Gallagher, Colo De Caza, CA (US)
Assigned to Multiple Shift Key, Inc., Rancho Cucamonga, CA (US)
Filed by Multiple Shift Key, Inc., Rancho Cucamonga, CA (US)
Filed on Feb. 28, 2024, as Appl. No. 18/590,198.
Application 18/590,198 is a continuation of application No. 15/967,377, filed on Apr. 30, 2018.
Application 15/967,377 is a continuation of application No. 14/797,160, filed on Jul. 12, 2015, abandoned.
Application 14/797,160 is a continuation of application No. 12/978,105, filed on Dec. 23, 2010, granted, now 9,112,842, issued on Aug. 18, 2015.
Application 12/978,105 is a continuation of application No. 11/544,302, filed on Oct. 6, 2006, granted, now 7,861,077, issued on Dec. 28, 2010.
Claims priority of provisional application 60/724,691, filed on Oct. 7, 2005.
Prior Publication US 2024/0202722 A1, Jun. 20, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06Q 20/40 (2012.01); G06Q 20/38 (2012.01); H04L 9/30 (2006.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01)
CPC G06Q 20/401 (2013.01) [G06Q 20/3829 (2013.01); G06Q 20/385 (2013.01); H04L 9/30 (2013.01); H04L 63/083 (2013.01); H04L 63/0853 (2013.01)] 18 Claims
OG exemplary drawing
 
1. An authentication server comprising a non-transitory memory for storing machine instructions that are to be executed by a processor, the machine instructions when executed implement the following instructions:
registering a web-based application server for secure transacting using a merchant ID;
receiving a client account identifier from an issuing bank;
providing a token software for download by a client device from an implementer of the authentication server, the token software operating from a secure element on the client device wherein the client account identifier is stored for the token software
connecting with the client device through a secure connection between the client device and the authentication server to authenticate the client device over the secure connection such that the web-based application server is not an intermediary between the client device and the authentication server, and the secure connection is formed with the client device upon the token software on the client device automatically initiating the secure connection, upon actuation of the token software by a user for a payment transaction, with unique connection information for the authentication server included in the token software;
receiving a token output representative of the client account identifier and authentication-enabling data from the token software on the client device over the secure connection;
authenticating the client device by comparing the token output representative of the client account identifier and authentication-enabling data received from the token software on the client device with information and authentication-enabling data stored in the authentication server;
authenticating the web-based application server with the merchant ID and merchant information stored by the authentication server during registration; and
executing a secure transaction between the client device and the web-based application server responsive to authentication of the client device and the web-based application server.