US010102510B2

(12) United States Patent ( 10) Patent No.: US 10 , 102,510 B2

Yau et al. (45) Date of Patent: Oct. 16 , 2018
(54 ) METHOD AND SYSTEM OF CONDUCTING (58 ) Field of Classification Search
A CRYPTOCURRENCY PAYMENT VIA A CPC ............. GO6Q 20/ 065 ; G06Q 20 / 3821; G06Q
MOBILE DEVICE USING A CONTACTLESS 20 /3829; GO6Q 20 /3278 ; G06Q 20 /3678 ;
TOKEN TO STORE AND PROTECT A (Continued )
USER ' S SECRET KEY
(56 ) References Cited
(71) Applicant: HOVERKEY LTD ., London (GB )
U . S. PATENT DOCUMENTS
(72 ) Inventors : Arnold Yau , London (GB ) ; Steve Ives, 8 ,539 ,233 B2 9 /2013 Dubhashi et al.
London (GB ); Chris Porter , Bury St 8 ,788 ,418 B2 7 / 2014 Spodak
Edmunds (GB ) (Continued )
( 73 ) Assignee : Hoverkey Ltd ., London (GB ) FOREIGN PATENT DOCUMENTS
( * ) Notice: Subject to any disclaimer, the term of this GB 2 423 396 A 8 / 2006
patent is extended or adjusted under 35 GB 2 476 989 A 7 /2011
U .S .C . 154 (b ) by 229 days . WO WO 2012 / 103584 AL 8 / 2012
( 21) Appl. No.: 15 / 156 , 072 OTHER PUBLICATIONS
(22 ) Filed : May 16 , 2016 The International Bureau of WIPO , “ International Preliminary
Report on Patentability ” in application No. PCT/GB2013 /053138 ,
(65) Prior Publication Data dated Jun. 2 , 2015 , 7 pages.
US 2016 /0261411 A1 Sep . 8 , 2016 (Continued )
Primary Examiner — Catherine Thiaw
Related U .S . Application Data Assistant Examiner — Thomas Ho
(63 ) Continuation -in -part of application No. 14 /855, 186 , ( 74 ) Attorney , Agent, or Firm — Hickman Palermo
filed on Sep . 15 , 2015, which is a continuation of Becker Bingham LLP
(Continued ) ABSTRACT
(57)
(30 ) Foreign Application Priority Data A method and system of conducting a cryptocurrency pay
ment via a mobile device , using a contactless token to store
Nov . 28, 2012 (GB ) ................................... 1221433 . 4 and protect a user' s secret key . A cryptocurrency wallet
Mar. 1 , 2013 (GB ) .................................. 1303677 .7 encrypted with the secret key is received by the mobile
device from the token . A cryptocurrency payment instruc
(51) Int. CI. tion is received by the mobile device , prompting for a user
H04L 9 / 32 ( 2006 .01) credential to approve the instruction . In response the mobile
G06Q 20 / 06 ( 2012 .01) device sends to the token a message comprising the
(Continued ) encrypted wallet together with the payment instruction and
( 52 ) U .S . Cl. the user credential. Using the secret key, the token then
CPC ........... G060 20 / 065 (2013 .01); G06F 21/34 decrypts the cryptocurrency wallet from the encrypted wal
(2013 .01); G06F 21/445 (2013 .01); let and creates a payment transaction by digitally signing the
(Continued ) ( Continued )

App Registration
(Private Apps Web Apps)

App Hoverkey Applet

For WebApps : Native Apps : Service
RegisterWebApp (URL , Policy, Register (OrgID , Regkey;
UserID , Password ) AppID , Policy, Check activated , validate
UserID . Password ) Regkey, OrgID .
Mutual Auth Validate DeviceID
ReqEncrypt (Password :
Policy. PIN ) Validate PIN , Encrypt + MAC
Encrypted Password Password , Policy with PEK
ReqDecrypt
Session PEKs,
Encrypted Password , PIN ). Decrypt Encrypted PW
Validate , Wipe , Password > with PEK + verify MAC ,
Derive APIKey Re -encryptwith Session PEK
Store (AP Key) APIKey
Store ( App D , Policy
Encrypted Password ,
APIKey )
 US 10 ,Page
102,2510 B2

payment instruction , and transmitting the payment transac 2008/0289030 AL

2009/0092253 A1
11/2008 Poplett
4 /2009 Asipov et al.
tion to a cryptocurrency network or exchange . Confirmation 2010 /0211507 A1 8 /2010 Aabye et al.
of the transaction requires either a PIN , biometric or finger 2010 /0241867 A1 9/2010 Brown et al.
print on the mobile device , or authentication via button 2011/0117966 Al 5 / 2011 Coppinger
press , PIN or fingerprint on the token . 2011/0142234 Al 6 /2011 Rogers
2011 /0320802 Al 12 / 2011 Wang et al .
24 Claims, 13 Drawing Sheets 2012 /0117636 A1 5 / 2012 Adams
2012 /0265596 A1 10 /2012 Mazed
2012 /0272307 Al 10 / 2012 Buer
2013 / 0024424 Al 1 /2013 Prahlad et al.
2013 /0198826 AL 8 /2013 Waldron
Related U . S . Application Data 2013 /0214902 A1 8 /2013 Pineau et al.
2014 /0149746 A1 5 /2014 Yau
application No. 14 /174 ,727, filed on Feb . 6 , 2014 , 2014 / 0372319 A112/ 2014 Wolovitz
2015 /0261948 A1 * 9 /2015 Marra .. . . . . ... ... ... . G06F 21 /34
now Pat. No. 9 ,210 , 133 , which is a continuation of
application No . 14 /091 , 183 , filed on Nov . 26 , 2013 , 726 /4
now abandoned , which is a continuation - in -part of 2015/0262176 A1 * 9/2015 Langschaedel ...... G06Q 20 /065
705/71
application No. 13 / 706 , 307 , filed on Dec. 5 , 2012 , 2015 /0324787 A1 * 11/2015 Schaffner .............. GO6Q70520//6706
now Pat. No . 9 , 135 ,425 .
2015/0324789 A1 * 11 /2015 Dvorak .............. G06Q 20 /3823
(51) Int. Ci. 705/67
H04L 29 /06 ( 2006 .01) 2015/0332224 Al* 11/2015 Melika . ............. GO6Q 20 /3678
G06F 21/34 ( 2013 .01 ) 705 /71
G06F 21/44 (2013.01) 2016 /0085955 Al* 3/2016 Lerner .................... GO6F 21/31
G060 20 /32 (2012 .01 ) 726 /20
2016 /0098723 A1 * 4 /2016 Feeney .............. G06Q 20 /4016
G060 20 / 36 ( 2012 . 01) 705 /75
G06Q 20 / 38 ( 2012 . 01) 2016 /0162897 A1 * 6 /2016 Feeney .............. G06Q 20 /4014
H04W 12 /06 ( 2009. 01) 705/ 71
G060 20 /40 (2012.01) 2016 /0260091 A1 * 9/2016 Tobias ................ G06Q 20 /3678
H04W 4 /80 (2018.01)
HO4L 9 /06 (2006 .01) OTHER PUBLICATIONS
(52) U .S . CI. Menezes, Vanstone , Oorschot: “ Handbook of Applied Cryptogra
CPC ... G06Q 20 /3278 ( 2013 .01) ; G06Q 20 /3678 phy” , dated 1997 , CRC Press LLC , USA , 794 pages.
(2013 .01 ); G06Q 20 /3821 (2013 .01 ); G06Q European Patent Office , “ Search Report” in application No. 13 801
20/ 3829 ( 2013.01) ; G06Q 20 /38215 (2013 .01 ); 699 .3 - 1870 , dated Nov . 8 , 2017 , 6 pages.
G06Q 20/4097 (2013.01); H04L 9 /3213 U .S . Appl. No. 14 / 174 ,727, filed Feb . 6 , 2014 , Office Action , dated
( 2013.01); H04L 9 /3226 ( 2013 . 01) ; H04L Apr. 9 , 2014
63/0428 (2013 .01 ) ; H04L 63 /0492 ( 2013 .01) ; U .S . Appl. No. 14/ 174 ,727 , filed Feb . 6 , 2014 , Final Office Action ,
H04L 63/ 083 ( 2013 .01) ; H04L 63/ 0807 dated Sep . 18, 2014 .
(2013 .01); H04L 63 /0853 ( 2013 .01); H04L U .S . Appl. No . 14 / 174 ,727 , filed Feb . 6 , 2014 , Office Action , dated
63/0869 (2013 .01) ; H04L 63/ 105 (2013 .01) ; Jan . 21, 2015 .
H04L 63/ 18 ( 2013 .01); H04W 4 /80 ( 2018 .02 ); U .S . Appl. No. 14 / 174 ,727 , filed Feb . 6 , 2014 , Notice of Allowance,
H04W 12 /06 (2013 .01) ; G060 2220 / 00 dated Jun . 10 , 2012 .
U . S . Appl. No. 13 /706 ,307, filed Dec. 5 , 2012 , Office Action , dated
(2013 .01 ); H04L 9 / 0637 ( 2013 .01); H04L Apr. 14 , 2014 .
63 /0861 (2013 .01 ); H04L 2209/56 (2013 .01); U . S . Appl. No. 13/ 706 ,307 , filed Dec . 5 , 2012 , Notice of Allowance ,
H04L 2209 /80 (2013 .01) ; H04L 2463/082 dated Mar. 26 , 2015 .
(2013.01) U . S . Appl. No. 13 /706 , 307 , filed Dec. 5 , 2012 , Final Office Action ,
(58 ) Field of Classification Search dated Oct. 15 , 2014 .
CPC ......... G06Q 20 /38215 ; G06Q 2220 /00 ; G06Q U .S . Appl. No. 13 /706 , 307 , filed Dec . 5 , 2012, Advisory Action ,
20 /4097; HO4W 4 / 80 ; H04W 12 /06 ; dated Feb . 26 , 2015
HO4L 63/ 0807 ; H04L 63/ 105 ; HO4L U . S . Appl. No. 13 /706 , 307 , filed Dec. 5, 2012 , Corrected Notice of
Allowance , dated Aug. 11, 2015 .
63/ 18 ; HO4L 9 /3226 ; H04L 63/ 0869 ; Aloul et al., “ Two factor Authentication Using Mobile Phones” ,
HO4L 63 /083 ; H04L 9 /3213 ; HO4L Computer Systems and Applications , dated 2009 , AICCSA , IEEE ,
63 /0428 : H04L 63 /0492 ; H04L 2209 /80 ; pp . 641-644.
HO4L 2209/ 56 ; HO4L 63 /0861; H04L Liou et al. “ A Feasible and Cost Effective Two Factor Authentica
9 /0637 ; H04L 2463/ 082 ; G06F 21/445 ; tion for Online Transactions” , Software Engineering and Data
GO6F 21/34 Mining , dated 2010 , pp . 47 -51.
See application file for complete search history. A Nicholson , “ A Mobile Device Security Using Transient Authen
tication” , IEEE Trans. On Mobile Computing 5 :11 , dated Nov .
(56 ) References Cited 2006 , at 1489 , published in the US, 14 pages .
Menezes et al., “ Handbook of Applied Cryptography ” , dated 1998 ,
U . S . PATENT DOCUMENTS CRC Press LLC , USA , 32 pages .
European Patent Office , “ Search Report” in application No. PCT/
9 ,672 ,499 B2 * 6 / 2017 Yang ................... G06Q 20 /065 GB2013 /053138 , dated Apr. 23 , 2015 , 12 pages.
2003/0028653 A1 2 / 2003 New et al. Yau , U .S . Appl. No . 14 /855 , 186 , filed Sep . 15 , 2015 , Office Action ,
2005/ 0044398 AL 2 / 2005 Ballinger et al. dated Apr. 23 , 2018.
2007/0125840 AL 6 / 2007 Law
2008 /0209225 AL 8/2008 Lord et al. * cited by examiner
 atent Oct . 16 , 2018 Sheet 1 of 13 US 10 ,102 ,510 B2

App 1 App 2 App 3

Mobile Inter- process
Device Comms
Hoverkey
Service
APDUs over
ISO 14443 (NFC - A )
NFC Java Card
Token Applet

Figure 1
atent Oct . 16 , 2018 Sheet 2 of 13 US 10 ,102 ,510 B2

MIFARE Ap s MIFARE mulation

A
2p let
)M(AGlaopnb gPleamtfonr OSNative 2
Figure
3rdParty

3rdParty A
1p let ERCJnuvairtovnmedat
HoverkyAp let
atent Oct . 16 , 2018 Sheet 3 of 13 US 10 ,102 ,510 B2

DeviceID
PIN
(
Store
,
)
RfPdaernEdiovKme
toSetState

(
8
)
Activaed
~

Ap let

TGokentID Mutual
AuthAMut ahl
?
(PIN,ARcetqivuaetisotn),DReavnicdeoImD TokenID
OrgID
,
MasterAPIKy OK 3Figure

Hoverky Service ?

,ADuetchrStore
Ky)
( ept
AuthKey Ma,
) OrgID
sterApiKey
TokenID)M,OastregAPIKeDy
(
Store
,

(
7
)
atent Oct . 16 , 2018 Sheet 4 of 13 US 10 ,102 ,510 B2

5
(
) Devin
(
Store
Validate
PIN
,

Ap let
,
PAPIKey
1GetTokenID 3
MAuthutual
DAddevicecIeD
,
PIN
(
) ,M©OasrtegAPIKDey TokenID 4Figure

HoverkyService
,MasterAPIKey
S

TokenID
<
)
ADuetchrKyept AuthKey
(
Store
2
)
,
OrgID
(
Store

©
 atent Oct . 16 , 2018 Sheet 5 of 13 US 10 ,102 ,510 B2

App Registration
(Private Apps Web Apps)

App Hoverkey Applet

Service
For WebApps : Native Apps :
RegisterWebApp (URL , Policy, Register (OrgID , Regkey,
UserID , Password ) AppiD , Policy , CheckRegKey
activated , validate
, OrgID .
UserID , Password )

> Mutual Auth Validate Devices

ReqEncrypt ( Password ,
Policy , PIN ) Validate PIN , Encrypt + MAC
Encrypted Password Password , Policy with PEK
ReqDecrypt
(SessionPEKS,
Encrypted Password , PIN ) o Decrypt Encrypted PW
Validate , Wipe, Password with PEK + Verify MAC ,
Derive APIKey * Re- encrypt with Session PEK
Store (APIKey) APIKey
Store ( AppID , Policy,
Encrypted Password ,
APIKey )

Figure 5a
 atent Oct . 16 , 2018 Sheet 6 of 13 US 10 ,102 ,510 B2

App Registration
(Public Apps )
App Hoverkey Applet
Service
Register (Regkey,
OrgID . Appl . Policy. 12 If not activated , invoke
URL , UserID , Password ) activation . Else validate
Regkey, OrgiD .
? MutualAuth Validate Deviceld
D
ReqEncrypt (Password ,
Policy , PIN ) Validate PIN , Encrypt + MAC
Encrypted Password Password , Policy with PEK
ReqDecrypt
Session PEKS,
Encrypted Password , PIN ) . o Decrypt Encrypted PW
Decrypt, Validate, Wipe , Password with PEK + verify MAC ,
Derive APIKey Re - encrypt with SessionPEK
Store (APIKey ) APIKey G Store (ApplD , Policy,
Encrypted Password ,
APIKey)

Figure 5b
 atent Oct . 16 , 2018 Sheet 7 of 13 US 10 , 102, 510 B2

App Hoverkey Applet

Service
Web App Native App :
RequestPW (APIKey RequestPW (APIKey,
Appid ) Validate APIKey,
URL ) against Appld .
© Retrieve App 's
Encrypted Password ,
(Request PIN )
© MutualAuth Validate DeviceID
© ReqDecrypt
(SessionPEKS,
Encrypted Password , (PIN )) © Decrypt Encrypted PW
Password with PEK , (Validate PIN ),
(UserID ,) Password Re-encrypt with SeesionPEK

Figure 6
U.S. Patent atent Oct . 16 , 2018 Sheet 8 of 13 US 10 ,102 ,510 B2

MAC
Pad
ENC
PEK
-

PEK)(wSEPnacsirhyeptwomihredn
P+Lenaoslwiocrdy
CBCEncrypt
Ciphertx fMunActiCon
Figure
7
MAC
_
PEK

IV

EPEK_nNcCrEyCpBt
 atent Oct . 16 , 2018 Sheet 9 of 13 US 10 , 102 ,510 B2

MAC
Ses ion ENC
_
PEK

PEK)S(wEPnaecsirhywpetomirhend
Pas word
Len
Pad CBCEncrypt Ciphertx .

.
fMunAcTMtURiCoLnU Figure
8
.

.
Ses ionPEK_MAC
v
ECBEncrypt
Ses ion ENC
_
PEK
 atent Oct . 16 , 2018 Sheet 10 of 13 US 10 ,102 ,510 B2

lTooaded aipntleot
be

Is uer Org
App

APIKey
KeyMIas tuer MOasrte gK y MasterAPlKy 9Figure

Regkey
-

w
Code
App
in
Tobeembed ed
U . S . Patent Oct. 16, 2018 Sheet 11 of 13 US 10, 102 ,510 B2

Hoverkey L1 Applet States Legend

State
Installed Hoverkey Hoverkey or Partner Principal -PPISFFrrOPIAIP

Set TokenID Set ProductName Action One

Action Two
Set PartnerName Set Org data

Selectable Pre - Formatted Formatted User

Activate Set PIN
Generate PEK
Sys Admin Get OrgID , Master
Wipe, APIKey , TokenID }
Get Status
User
Wrap Password
Activated
Activated Unwrap Password
Change PIN
Add Device
User User Remove Device
Unblock PIN PIN Tries reaches o GenStatus
PUK available
User
Destroy Token PUK Tries User
or return to
issuer
Blocked reaches 0 PIN Blocked Get Status
User
User PIN Tries reaches o
Get Status PUK exhausted

Figure 10
U . S . Patent Oct. 16 , 2018 Sheet 12 of 13 US 10 , 102 ,510 B2

Crypto cur ency Network 1150 - 444

Cryptocueny
1Exch2an0ge ofSPMeoracihlnaet
Computer
)
POS
(
1130 1CPoemrps4uotn0earl
NFC .

11
.
Fig 1114Secret N.ETWOR.PKERIF
1108
App Steocruage1110Library 1Wal1e2t CMDoempvbuitclneg1106
NFC SWIPE

1SCoymsp0tuemr
1105
PIN
|
1104
Secret 1103Keypad 1102CardDTeovkiecn
 atent Oct . 16 , 2018 Sheet 13 of 13 US 10 , 102 ,510 B2

1228
-
(
1226
1224
1230 INTER T ISP LOCAL NETWORK 1222 HOST
SERVER
NETWORK 1200
LINK 1220
1210 1202
STORAGE DEVICE 1218
10

12
.
Fig ROM
1208
BUS
COMUNIAT INTERFAC
1204 ?
MAIN ME ORY
1206
PROCESR ?
1212 1214 1216
DISPLAY DIENVPIUCTE CURSOR CONTROL
 US 10 , 102 ,510 B2
METHOD AND SYSTEM OF CONDUCTING and complex . However using a long and complex password
A CRYPTOCURRENCY PAYMENT VIA A as the password to unlock the lock screen is extremely
MOBILE DEVICE USING A CONTACTLESS inconvenient for the user.
TOKEN TO STORE AND PROTECT A Because of this, most users are reluctant to use any
USER ' S SECRET KEY 5 password more complicated than a 4 digit PIN code to
unlock the lock screen . A skilled attacker will be able to
BENEFIT CLAIM decrypt any files stored on a stolen device with brute force
attack methods.Moreover, the confidential data is decrypted
This application claims the benefit under 35 U .S .C . § 1205 10 whenever
is not
the device has been unlocked , even when the user
using the data , which increases the risk of a data
as a Continuation -in -Part of application Ser. No. 14 /855 , breach unnecessarily .
186 , filed Sep . 5 , 2015 , which is a Continuation -in -part of Another possible approach to data encryption is for the
application Ser. No. 14 /174 ,727, filed Feb . 6 , 2014 , which is app to generate its own encryption key . The problem with
a Continuation ofapplication Ser. No. 14 /091 ,183 , filed Nov . this approach is that the key would either have to be
26 , 2013 , now U .S . Pat. No . 9, 210 , 133 , which is a Continu
ninu- 15 protected by or derived from a password for security , or has
ation - in -part of application Ser. No. 13 /706 ,307, filed Dec . to be stored within the app in plaintext form for usability .
5 , 2012 , now U . S . Pat. No . 9 , 135 , 425 , and which claims the The former approach inherits the same password complexity
benefit under 35 U . S .C . $ 119 of Great Britain application issue as the device encryption method above, while the latter
GB 1221433 .4 , filed Nov. 28 , 2012 , and Great Britain offers little security as the attacker who could compromise
application GB 1303677 .7 , filed Mar. 1, 2013 and granted as 20 the plaintext data could just as easily read the plaintext key
GB 2496354. and decrypt the data . One way to provide an additional level
of security to users of mobile devices is by requiring that the
1. INTRODUCTION user also carries a wearable physical token that communi
cates with the device using a wireless communication sys
The present application relates to a method and system of 25 tem e .g. Bluetooth or Bluetooth Low Energy (BLE). The
authenticating a user to a computer resource accessed via a mobile device constantly checks for the presence of the
mobile device using a portable security token (for example token . This token , when present within a range of several
a contactless smart card or bracelet), together with a secret metres of the mobile device , constantly verifies that the user
that the user can easily remember (for example a PIN code ). is indeed present. When the user departs the token and the
This secret provides a second, separate preferably indepen - 30 device lose contact and the device secures itself against any
dent security factor that can safeguard the computer resource accessAn
until communication with the token is regained .
example of such a system is described by Nicholson ,
even if the portable security token and the mobile device are
both lost or stolen together. A preferred embodiment relates puting, Vol 5 No 11 inNovember
Corner and Noble IEEE Transactions on Mobile Com
2006 . There are a number of
to providing data protection and secure access to applica
tions and stored data accessed via a mobile device (such as munications channel between .theThetoken
35 disadvantages of such a system broadcast based com
and the mobile
a phone or tablet ) using a near- field communication (NFC ) device is subject to eavesdropping to an attacker who is
hardware token or a short range Bluetooth token . within close range of the token and the device . Despite being
Secure authentication of a user via a mobile device is encrypted , because of the numerous transient authentication
becoming important in two different situations , firstly for 40 events that take place between the token and the device , the
authentication of user access to a computer resource on the attacker is presented with many opportunities to cryptanal
mobile device and secondly on a remote server. yse the authentication messages , as well as to perform traffic
Most existing systems employ the use of a simple pass- analysis without even having to attempt an cryptanalytic
word or PIN to authenticate the user. Despite the ubiquity of attack A thief who steals the mobile device but still remains
password-based systems, it has many problems. An ideal 45 within range of the security token worn by the device owner
password needs to be easily remembered by the user. How will be able to access the resources on the device . Theft of
ever, in order for passwords to be secure, they should be long the mobile device and the token together renders the security
and hard to predict, contradictory to the former requirement system useless .
This is further exacerbated by the proliferation of passwords In some other existing systems an additional level of
for the multitude of applications a user typically uses , for 50 security has been provided by requiring that an NFC or
which security best practice recommends different pass - Bluetooth capable mobile phone be first authenticated to the
words should be used . mobile network prior to an application being executed . An
In addition to application access , somemobile users wish NFC /Bluetooth token then provides an asymmetric key to
to ensure a high level of security for data ( including entire the phonewhich in turn authenticates to a third -party service
files and data contained within a file or a data structure ) on 55 by performing digital signature within the phone itself.
their device , against a number of external threat scenarios . A generic example of such a system is shown in US - A
For example, a user may use an app on a tablet or other 2011/ 0212707. This , however , displays a number of disad
portable device that synchronizes files with their desktop PC vantages. In particular changing of the application credential
via an online storage service ( e. g . DROPBOX , BOX .COM ) . requires re -programming or replacement of the token ; the
Some of the downloaded files may contain confidential 60 number of user credentials secured by the system is limited
information such as business documents . The user wishes to by the ( small) storage capacity of the token ; and the loss of
safeguard himself against the possibility of a data breach in the token poses a direct risk of exposure of the user ' s
the event of theft of the device . credentials . In addition , applications running on the mobile
A practical way to achieve this today is to enable device device and the server are capable of making use of the
encryption on the mobile operating system , which uses an 65 described security system only if they have been specifically
encryption key derived from the device lock screen pass - programmed to do so . The system described cannot be used
word. For maximum security, this password should be long with pre-existing applications.
 US 10 , 102,510 B2
Another approach to multi - factor identification is also may provide a method and system of authentication an
described in US- A -2008/0289030 . Here , a contactless token application running on a mobile device .
is , upon validation , used to allow access to the authentica According to a first aspect of the present invention , a
tion credentials secured on the mobile device itself . method of authenticating a computer resource on a mobile
This has a number of serious disadvantages , including the 5 device comprises :
necessity of using secure storage on the device . This is storing an encrypted resource authorization ;
normally not available to application developers as it is transmitting the encrypted authorization to a separate
maintained and controlled by the manufacturer of the device portable security token ; on the token , decrypting the
( e.g . mobile phone ) or the supplier of the underlying oper encrypted authorization and generating at least partially
ating system or a mobile network operator. Also ,making use 10 therefrom an unlock response ;
solely of a token identifier as a means of validating the token securely transmitting the unlock response to the mobile
is likely to be insecure . RFID tokens can typically be read device ;
by any compatible reader, and can easily be cloned . requiring a user to authenticate separately on the mobile
Yet a further approach is described in WO - A - 2011 / device ; and
089423 . This describes a system where the presence of a 15 unlocking the resource if the required unlock response
contactless token is used to authorize execution of a secure and the separate authentication are both valid .
function or application , and is aimed primarily at mobile In an embodiment, the encrypted resource authorization
wallet uses. may be on the device . In an embodiment, the requiring step
Again , the system described has a number of disadvan - is omitted , and the unlocking is performed without consid
tages, primarily that it uses a form of logical control that is 20 eration of separate authentication .
relatively easy to circumvent. The unlock response may comprise a plain authorization ,
More generally , in the enterprise environment there exists obtained by decrypting the encrypted authorization .
significant security risk from allowing users to connect The unlock response may alternatively comprise a func
mobile devices into the network due to increased likelihood tion ( such as a digital signature ) of a plain authorization and ,
of unauthorized data access (leading to loss of data confi- 25 optionally, one or more additional parameters, where the
dentiality and/or integrity ) resulting from : plain authorisation is obtained by decrypting the encrypted
Inadvertently disclosed passcodes such as PINs or alpha authorization . Thus, in one usage mode , the token may
numeric codes, e . g . from shoulder surfing verify and decrypt the encrypted authorization . Then ,
Easily guessed passcodes instead of returning a plain authorization to the device ,
Lost or stolen devices that are inadequately protected 30 protected by a session or other encryption key , the token
Unsupervized use of devices by a third party may perform some computation on the plain authorization
The Hoverkey system aimsto provide solutions for appli- and possibly some other information ( typically session
cations to counter these threats . specific parameters ), and return the result to the device .
With the present invention , the user may store a master Examples include the following:
key of high cryptographic strength (128 bits or above 35 Example 1: Digital Signature : function = digital signing
presently ) on the portable security token , and this key can be function , plain authorization = private signing key ;
used to either directly protect an app 's data encryption key parameter = hash of message ; output = digital signature
or a long and complex password , from which a sufficiently on message hash
long and secure encryption key can be derived . This allows Example 2 : Key Derivation : function = HMAC -based key
the user to protect any data stored on the device with a very 40 derivation function ; plain authorization = key derivation
strong encryption key . If the device is stolen, it is then master secret ; parameters= session random numbers ,
infeasible for any potential attacker to decrypt the encrypted output length ; output = key derived from master secret
data on it without the associated token . Example 3 : Re-encryption : function = encryption function ;
Credentials may be stored either on the mobile device or, plain authorization = encryption key ; parameter = an
remotely , in the cloud. Cloud storage preferably has the 45 other) encryption key ; output = the plain authorization
following features: encrypted with a different key
Protected credentials are always stored in the cloud and Example 4 : One - Time Passcode (OTP ) : function = hash
retrieved from the cloud before use based passcode generation function; plain
Transparent local caching is possible but not meant as authorization =OTP secret key ; parameter current
permanent storage should be wiped after a specified 50 counter value ; output = passcode computed from coun
time-out period ter
If device or token is lost, credentials may be removed simply The authorization may comprise a password , PIN or
by removing the relevant files from the cloud storage cryptographic key .
service to avoid potential misuse The unlock response may be transmitted to the mobile
Credential synchronisation is possible across devices for the 55 device under the protection of an encryption key, such as a
same user, obviating the need for manual entry of the session key .
same credentials multiple times . The token may store user./token ownership credentials ,
the decryption on the token being based on the user creden
2 . BACKGROUND tials .
60 The method provides two -factor (or multi- factor ) authen
2 . 1 THE INVENTION AND PREFERABLE tication by requiring a user in addition to authenticate
FEATURES THEREOF separately on the mobile device , for example by the authen
tication on the mobile device being validated on the token
According to the present invention there is provided a before the unlock code is sent . Preferably , the method
method and system of authenticating access to computer 65 requires a proof of knowledge ( eg a PIN ) from the device
resource in a mobile device as set out in the pre -character - ( and ultimately from the user ) before decrypting the autho
ising portions of the independent claims. An embodiment rization . The proof may be provided after mutual authenti
 US 10 , 102 ,510 B2
cation . Alternatively, the device authentication may be on receipt by the token communications system of an
entirely independent of the token authentication . encrypted authorization , the token processor verifies the
In an embodiment, the token may operate in single factor integrity and decrypts the encrypted authorization and
mode, which decrypts authorization after mutual authenti generates at least partially therefrom an unlock response ,
cation with the device . and wherein the token communications system securely
A service may be run on themobile device which controls transmits the unlock response for use by a mobile device.
device cryptographic functions and access to the resource . The preferred system of the present invention preferably
An applet may be run on the token which provides token comprises:
cryptographic functions. 1 . One or more mobile devices
The user credentials may be generated by the token and 10 2 . An NFC , Bluetooth or BLE token programmed to :
never leave the token (or the app running on the token ). a ) Be able to mutually authenticate with any of the
Preferably, the encrypted authorization stored on the user 's devices
mobile device can be decrypted solely with the correspond b ) Respond only the commands issued by any of the
ing user credentials stored on the token . 15 user's devices
The method may include verifying integrity on the token c ) Perform encryption and integrity protection of data
by a message authentication code (MAC ) received from the provided by the device
device . d ) Return the cryptographically protected data
The method may include verifying the integrity of the e ) Perform the decryption and integrity verification on
encrypted authorization on the token prior to decryption. 20 previously protected data
The device and the token may perform cryptographic f) Optionally require validation of a user PIN prior to
mutual authentication before transmission of the encrypted performing decryption operations
authorization . 3 . A password manager application installed each the
tina
The encryption , decryption and /or the mutual authentica mobile device
tion may be provided by symmetric key cryptography 25 4 . Any number of third - party applications secured by the
A user secret may be passed from the device to the token system
and may be validated by the token before the decryption The mobile device may comprise any mobile or portable
operation takes place . The resource may comprise data , or an hardware device which is capable of running user applica
application running or stored on the mobile device . tions and handling communication and cryptographic func
According to another aspect of the invention there is 30 tions. Typicaldevices include mobile phones , tablets , laptop
provided : computers and the like. The token may be any portable or
a mobile device;
a token including token storage for storing private user mobile hardware token which is capable of communication
credentials, a token communications system , and a token (preferably contactless communication ) with a mobile
processor providing cryptographic functions; device and which includes storage and an executable system
and wherein in use an encrypted authorization is transmitted which is capable of handling communications and crypto
by the device communications system to the token ; is graphic functions.
decrypted on the token using the user credentials ; the The protected computer resource may be held in a device
token generating at least partially therefrom an unlock memory or store or (where an application ) may be held
response , the unlock response being securely transmitted 40 ready for execution or may be actually running in an
by the token communications system to the mobile execution environment. To that end , the device may include
device; requiring a user to authenticate separately on the a store , a memory, and a processor.
mobile device ; and unlocking the resource if the required Typically, the token will be a contactless smart card ,
unlock response and the separate authentication are both although other tokens held by or carried on the person would
valid . 45 be equally possible . Suitable tokens might include a ring to
The device communications system and the token com - be worn on the user 's finger, a device incorporated into a
munications system may communicate over the air, eg by watch , belt, spectacles , clothing or anything else normally
Near Field Communication (NFC ), Bluetooth or BLE . Alter - worn by the user, or even a device embedded under the
natively , the device communications system and the token user 's skin . The token may have button (s ), touch -sensitive
communications system may communicate only when the 50 area ( s ) or other means to allow manual or other user
token is in contact with the device via a physical interface . feedback / input via the token .
The device communications system may send a user The application authentication stored on the device may
secret to the token which is validated by the token before the comprise an application password or PIN . The user creden
decryption operation takes place . tials stored on the token may comprise a private crypto
The device communications system may send a message 55 graphic key .
authentication code (MAC ) to the token , which is validated It is preferred that communication between the token and
by the token before the decryption operation takes place . the mobile device makes use of NFC , although other chan
According to a further aspect of the invention , there is nels could equally well be used including Bluetooth , Blu
provided : etooth Low Energy (BLE ), or other types of radio frequency
a hardware token for authenticating access to a computer 60 communication . Tokens requiring contact with the mobile
resource via a mobile device , the token comprising : device , including swipe cards and electrical contactcards are
token storage for the storage of a plurality of user creden - also envisaged . According to another aspect of the invention ,
tials ; a system of authenticating access to a computer resource on
a token communications system for communicating with a a mobile device with a portable security token comprises :
mobile device ; 65 a device including a computer resource to be protected , a
a token processor providing cryptographic functions; and device communications system , and device storage for
wherein , in use : storing encrypted resource authorization ;
 US 10 , 102,510 B2
a token including token storage for storing private user Eliminates the need for entering alphanumeric passwords
credentials , a token communications system , and a on an onscreen keyboard , especially when symbols are
token processor providing cryptographic functions ; included , which is slow and error- prone and subject to
and wherein in use the encrypted authorization stored on shoulder -surfing attacks .
the device is transmitted by the device communications 5
system to the token , is decrypted on the token using the 3. OVERVIEW
user credentials , the token generating at least partially
therefrom an unlock response , the unlock response The invention may be carried into practice in a number of
being securely transmitted by the token communica - ways and one specific embodiment will now be described ,
tions system to the mobile device, and 10 by way of example, with reference to the accompanying
the device being arranged to unlock the resource if the drawings, in which :
received unlock response is valid . FIG . 1 shows the Hoverkey L1 high level architecture ;
According to a further aspectof the invention , a hardware FIG . 2 shows the organization of the Java card and the
token for authenticating a computer resource on a mobile
device, the token comprises: 15 FIG . 3 shows the activation protocol;
token storage for the storage of a plurality of user cre FIG . 4 shows the method of adding a new device to an
dentials ; activated card ;
a token communications system for communicating with webFIGapp. 5a; shows the registration protocol for a private app
a mobile device ; 20 FIG . 5b shows the registration protocol for a public app ;
a token processor providing cryptographic functions; and FIG . 6 shows the password access protocol;
wherein , in use: FIG . 7 shows the password encryption process ;
on receipt by the token communications system of an FIG . 8 shows password retrieval encryption ;
encrypted authorization , the token processor verifies FIG . 9 shows the key hierarchy;
the integrity and decrypts the encrypted authoriza - 25 FIG . 10 shows the applet states, and their sequencing ;
tion and generates at least partially therefrom an FIG . 11 illustrates a computer system that is programmed
unlock response , and wherein the token communi to provide secure storage of cryptocurrencies ; and
cations system securely transmits the unlock FIG . 12 is a block diagram that illustrates a computer
response for use by a mobile device . system upon which an embodiment of the invention may be
30 implemented.
2 .2 HOVERKEY LEVEL 1 3 .1 DEPLOYMENT MODEL
In the preferred embodiment the present invention is At a high level, the preferred Hoverkey deployment
preferably embodied within a product called Hoverkey.
Hoverkey 's design is optimised for ease of integration with 35 model is summarised below :
existing mobile apps and web apps, as well as ease of use . Each User has one or more NFC - enabled mobile device,
It implements a secure user credential (e .g . password ) stor which may be provided by company or owned by User.
age and retrieval system , secured using NFC tokens. Each User is issued with a unique NFC security token .
Each NFC token may be paired with all devices belonging
The present application is particularly concerned with an 40 to the same User.
embodiment that uses a specific security design , referred to The following steps are taken in deploying a Hoverkey :
in this description as “ level 1 ” . References to Hoverkey level Hoverkey purchases blank NFC tokens from resellers
1 ( or Hoverkey L1) should be understood accordingly . Upon receipt of trial or purchase order, Hoverkey formats
NFC tokens for the Customer or a partner issuer
2 .2 .1 Security Concept 45 Upon receipt of the NFC token , the User invokes the
activation function
The concept behind Hoverkey L1 is designed to work The User then configure their Hoverkey -enabled apps
with all existing applications which authenticate the user with their credentials
using a user name and password combination , although
authentication methods other than passwords may be used . 50 3 .2 ARCHITECTURE
Typically , without any changes to the application to be
accessed , the technology simply replaces manual entry of The high level architecture of Hoverkey L1 is illustrated
the user ' s password with a touch of an NFC token . This in FIG . 1 . Each Developer App (App 1 , App 2 and App 3 in
embodiment offers the following advantages : the diagram ) are embedded with the Hoverkey Li Compo
No changes required for the application server which 55 nent, which allows it to communicate with the Hoverkey
allows easy integration Service via an inter-process communication ( IPC ) protocol.
Changes to any existing application clients can be easily On each mobile device , there is a single instance of
implemented through the use of a Hoverkey Compo Hoverkey Service which accepts requests from an App and
nent. when a password is required. Hoverkey Service retrieves the
60 password on behalf of the App through a series of exchanges
Better security by letting technology to “ remember" pass with the Java Card applet via the NFC interface .
words for the user, which means The advantages of using a service include:
The user can choose passwords that are more secure Removes the need share authentication keys (for Applet
( longer and more " random ” ) access ) between Apps
The user can choose different password for different 65 No need for Apps to require NFC permissions
accounts without the fear or inconvenience of for Centralised , mediated access to Applet which makes it
gotten passwords possible to prevent concurrent access.
 US 10 , 102 ,510 B2
10
On the Android platform , possible IPC mechanisms 9 . User starts to use Hoverkey -enabled mobile Apps
include the Intent method for simple , coarse grained inte 10 .User may pair additional devices to the token up to
gration , or the Remote Service method using Android inter four devices .
face Definition Language ( AIDL ) for fine -grained , lower a ) If a Hoverkey server is used , App data may be
level integration. synchronized from the server
Hoverkey -protected passwords are encrypted by the card b ) All Hoverkey -enabled Appsmust be re - registered on
Applet at registration and stored on the mobile device within the new device (as per Step 8).
the Hoverkey App . When access is required , the registered
App requests the password via the Hoverkey App , which in 10
4 . SYSTEM COMPONENTS
turns requests the password be decrypted by the Applet.
4 . 1 MOBILE DEVICE
3.3 MAIN SECURITY DESIGN FEATURES
Hoverkey L1 is preferably supported on NFC - enabled
Activation and Pairing: A Hoverkey token can only be Android smartphones , although other platforms are of
device with
used with a device with which
which itit has been paired
has been paired ((atato
I course equally possible .
activation ). Each mobile device many only be paired
with one token . Each token may be paired with up to 4 .2 HOVERKEY L1 APP
four devices. The following subsections summaries the functions pro
Registration : To defend against malicious apps, third -| 20 20 vided by the Hoverkey L1 App . Token activation
party apps may only use Hoverkey services after a
secure on -device registration process . Subsequent pass a ) Pairing of NFC token with mobile device
b ) PIN settingToken management
word access requires proof of previous registration . c) PIN changing
Two-Factor : Each password may additionally protected d ) PIN unblocking
with a user chosen PIN to provide a form of two -factor 25 e ) Revoking a token
authentication . Three or more levels of authentication 2 . App registration setting user name and password
may optionally be provided . 3 . App management
Cryptographic security : Hoverkey uses industry - standard a ) Changing password
cryptographic algorithms and modes for protection of b ) De-register an App
user passwords, supported by best practices in secure 30
key management. 4 . 3 THIRD -PARTY MOBILE APPS
Token Security : Hoverkey token are security -managed
throughout their lifecycle to ensure the risks are mini Embed Hoverkey Li Component according to implemen
mized at all stages . tation
llon guidelines
35
3.4 USING HOVERKEY L1 4 .4 NFC TOKEN
To use Hoverkey L1, the following steps are followed : FIG . 2 shows the organization of the Java cord and the
1. New Customer organization orders Hoverkey L1 Cards - 40 The NFC token is a contactless token which supports Java
for their mobile users Card and GlobalPlatform specifications. The token prefer
2 . Hoverkey (or Partner) generates an OrgID for the ably has a high level of security approval under the Common
customer. Criteria and /or FIPS schemes . The initial product is imple
a ) Optionally, a RegKey is generated for the customer mented in the ISO 7810 (credit card ) form factor.
if they intend to develop their own private Apps , 45 The token is designed to support multiple Java Card
which is delivered the Customer or Developer for applets . The Hoverkey system require one applet to be
embedding into their Apps . installed , leaving space on the card for third -party applets .
3 . Hoverkey formats the required number of cards with
OrgID , MasterAPIKey, Admin Key, User Authentica 4 .5 CLOUD -BASED DATA STORAGE SERVICE
tion Key and PUKs, and send them to Customer or 50
Developer. Hoverkey supports on -demand credential retrieval and
4 . Customer development team embeds Hoverkey Com - synchronisation using a cloud base storage service . There
ponent into their own App ( s ) and configure them with are many possible implementations of a cloud service using
their OrgID and RegKey during development a variety of protocols and indeed many already exist . At the
5 . User installs Customer or Developer App (s ) and Hover - 55 minimum , a suitable service preferably supports the follow
key App ( from Google Play Store) ing functions:
6 . User receives (formatted ) token from Sys Admin and 1. Identifying a user with a unique identifier
activation email (containing an activation URL ) 2 . Storage of arbitrary data on the server in an arbitrarily
7 . User activates token from within Hoverkey App and named file and directory
sets a PIN 60 3 . Retrieval of previously stored data
a ) The Hoverkey App downloads a configuration pro - A more preferable implementation of a Hoverkey creden
file file tial storage service also provides :
b ) User is reminded to delete activation email when 1. Strong authentication of the user
activation completes 2 . Communication with the user device over a secure
8 . Third -party Apps register themselves with Hoverkey 65 channel
App (typically with a user name and password - once 3 . High availability measures
for each Customer or Developer App ) 4 . Secure facilities management
 US 10 , 102 ,510 B2
11
In practice , Hoverkey can support popular cloud services NFC tokens are formatted by Hoverk
such as DropBox or may provide its own bespoke service for loading of Customer data . Upon activation , this data is
Hoverkey users . transferred across to the Hoverkey L1 App to allow Devel
oper Apps to be registered .
4 .5 . 1 Hoverkey L1 Applet 5 Developer Apps need to be registered with the Hoverkey
Service (part of the Hoverkey L1 App ) prior to becoming
The applet implements : NFC - enabled . Registration involves securing the user 's
The activation process (also known as “personalization ” password with his (activated ) NFC token .
in common smart card terminology) which includes : 5.2 PASSWORD ENCRYPTION
Device /token pairing 10
Password Encryption Key (PEK ) generation The core function of Hoverkey L1 is to provide secure
Initial User PIN setting password storage and retrieval. The password is encrypted
Password encryption /decryption functions and integrity protected alongside its metadata . When the
The cryptographic mutual authentication protocol password is required , the PEK stored in the NFC token is
The Hoverkey Applet stores and manages the following used to verify decrypt the protected passwords.
data objects : 5 .3 SECURE MESSAGING OVER NFC
Name/Label The Global Platform (GP) specification supports secure
TokenID A unique identifier for each applet installation
- 20 exchange of APDU messages between the card and the
DeviceIDs A list of (up to 4 ) DeviceIDs associated with this
terminal. GP supports three levels of messaging security :
card - the ID should support ASCII text e. g . “ GalaxyS3 1. Entity authentication only
894579 " , " Daves Tablet - 9792234 " ( so that when the 2 . ( 1 ) above plus integrity protection
IDs are listed , user can tell which ID corresponds to 3 . ( 2 ) above plus confidentiality protection .
Password
which device).
Derived from random values, the keys for encrypting
25 Hoverkey L1 supports at secure level 3 messaging using
Encryption and decrypting User 's App passwords, as well as their the GP Secure Channel Protocol version 2 (SCP02 ).
Key (PEK ) integrity protection and verification
User PIN The User 's PIN used for accessing passwords. It is 5 .4 PIN
always set during activation , but each App may decide
whether if a PIN is required . The PIN has an associated
lated 3030 InIn order
order to
to support
support an
an enhanced leve of security , Hover
enhanced level
PIN Tries Remaining counter.
User PUKS The User 's PIN Unblock Keys. There is also a single key L1 supports the additional use of a PIN which is shared
Unlock Tries Remaining counter. by all third - party Apps (as it is a PIN validated within token
Logs Activity logs for recent auditable events applet).
OrgID A unique identifier for Customer or Developer The user is required to set up a PIN at activation, but each
organization
MasterAPIKey A unique key associated with the OrgID for 35 third - party App may have their own policy on where a PIN
authentication of private third -party Apps is required for access.
The Sys Admin can enforce the requirement for a user
PIN code ( for all Apps) at activation via the configuration
4 .5 .2 Token Lifecycle process.
40
6 . SECURITY PROTOCOLS AND
The following outlines the lifecycle of an NFC token : PROCEDURES
1 . Reseller supplies cards to Hoverkey
2 . Card formatting 6 . 1 ACTIVATION
a ) Low - volume deployments : Hoverkey formats cards 45
and supplies to Customer or Developer. FIG . 3 shows the activation protocol
b ) High -volume deployments: Hoverkey provides to a Pre -conditions
trusted third party card printer.: AuthKey (plain or obfuscated ) obtained from activation
Card overlay graphics URL
OrgID , MasterAPIKey and AdminKey 50 Configuration data downloaded to Hoverkey Service via
Set of Authentication keys and PUKS activation URL including:PIN requirement policies
3 . User activates card Co -branding data
4 . Activated token is : Report configuration
a ) Revoked and replaced when lost or stolen Applet is formatted with OrgID and MasterAPIKey and
b ) Returned and replaced if becomes defective 55 has not been activated Goals
c ) Returned when User leaves Customer organization Establish a shared authentication (pairing ) key between
d ) Updated or replaced when a new applet or a new Applet and Hoverkey Service
version of the existing applet are available for the Generate and store Password Encryption Key (PEK ) on
User token
60 Initialize User PIN
5 . HIGH LEVEL SECURITY DESIGN Transfer OrgID and MasterAPIKey to Hoverkey Service
( for validation of Developer Apps )
5 . 1 OVERVIEW Steps (referring to the corresponding numbers set out in
FIG . 3 ).
The Hoverkey L1 App may be downloaded by the User 65 1. Hoverkey Service queries token for TokenID
from the Google Play Store and therefore does not have any 2 . The AuthKey may be supplied in plaintext, or, for
Customer specific information at installation . enhanced security, obfuscated with the TokenID .
 US 10 , 102 ,510 B2
13
a ) If obfuscated , Hoverkey Service de -obfuscates (de verification of the app certificate . The idea is that the
crypts ) AuthKey with TokenID (as shown in FIG . 3) certificate attests to various attributes of the app (which need
b ) If in plaintext, Step 1 is omitted and Step 2 will only to be independently obtainable from the OS), thereby mak
need to store the (plaintext) AuthKey ing it difficult for a malicious app to masquerade as genuine .
3 . Service and Applet perform mutual authentication 5 Attributes to be certified include (for Android app ):
4 . Service sends activation request , supplying a random Its unique AppID (Package Name on Android whose
number, PIN and DeviceID uniqueness is guaranteed if downloaded from Play
5. Applet stores PIN and DevicelD , and derives PEK from Store )
Random
6 . Applet returns TokenID , OrgID and MasterAPIKey . 10 Symmetric Key Method
These are stored by Hoverkey Service , along with A private app , i.e. one not deployed through the public
RegKey after deriving from MasterAPIKey . app store will employ a different registration scheme. Since
7 . Service returns OK the app developer may want to deploy their apps privately
8 . Applet updates its status to Activated without Hoverkey involvement, we employ an alternative
9. Upon activation success, if the user has no more 15 method which allows the developer to generate their own
devices to pair with his token , he should delete the RegKey (based on symmetric keys).
activation email ( and any copies) from his mail FIG . 5 shows the registration protocol. FIG . 5a illustrates
account. registration for a private app web app , and FIG . 5b illustrates
6 .2 ADDING A NEW DEVICE 20 registration for a public app . The same reference number
apply to each .
FIG . 4 shows the method of adding a new device to an Precondition
activated token . NFC Token has been successfully activated (if not acti
Pre -conditions vation will be invoked at Step 2 )
Applet has already been activated (by another device ) 25 Goals
Goal
Transfer OrgID and APIKey to Hoverkey Service Set up Hoverkey Service for use with this App
Steps (referring to the corresponding numbers set out in Create NFC -token -protected password with for use with
FIG . 4 ) Hoverkey Service
1 . Hoverkey Service retrieves AuthKey from link pro - 30 Steps (referring to the numbers set out in FIGS. 5a and 5b )
vided by activation email
2 . Servicemutually authenticates with (already activated ) 1 . App registers itself with OrgID (private app only ),
Applet APIKey , AppID , Policy and the User ' s password . In the
3 . Service supplies a PIN to authenticate to Applet, along case of a public app , the RegKey will be a digitally
with its own DeviceID to be added 35 signed certificate . For a private app, the RegKey will be
4 . Applet validates PIN , stores DeviceID a pseudorandom byte string . Currently supported poli
5 . Applet returns OrgID , MasterAPIKey and TokenID 6 . cies include :
Service stores OrgID and APIKey, along with RegKey a) Whether PIN required for this App
after deriving from MasterAPIKey. 2. Hoverkey Service checkswhether it has been activated .
7 . Upon activation success, if the user has no more 40 If activated , it validates the
devices to add to (pair with ) his token , he should delete
the activation email ( and any copies ) from his mail RegKey supplied by the app . For a public app , the
account. RegKey is validated by the Hovkery App Reg Public
Key. For a private app , the provided OrgID is checked
6 .3 APP REGISTRATION 45 and RegKey validated against that derived from Mas
terAPIKey.
The purpose of registration is for the third -party app to 3 . Service performs mutual authentication with Applet. In
authenticate itself to the Hoverkey App , and at the same time addition, Applet validates the DeviceID supplied by
to provide Hoverkey App with the user credentials for their Service .
secure storage. 50 A4 . Service sends rerequest for password to be encrypted ,
Upon successful registration , Hoverkey issues the third along with policy and PIN for validation .
party app with its unique random APIKey for its subsequent
Hoverkey API access (i.e. an APIKey even if compromised 5 . Applet validates PIN and encrypts the password and
will be invalid on a different device ). policy with the PEK
There are two methods for app registration : 55 6 . In order to validate successful encryption , Service
1. Asymmetric key method , primarily for public apps, i.e . sends a decryption request with the encrypted pass
those available from the App stores . word , supplying a the Session PEKS (Session
2 . Symmetric key method , primarily for private apps, i.e. PEK _ ENC and Session PEK _MAC ) and optionally a
those developed in -house and distributed by non - public PIN (as per policy).
means. 60 7 . Applet decrypts and returns the plaintext password ,
Asymmetric Key Method encrypted under the SessionPEK .
A public app developer wishing to integrate Hoverkey
into their app must obtain a Registration Key (RegKey ) in 8 . Service decrypts and verifies the plaintext password
the form a certificate , which is embedded into the app prior returned and returns success to the App.
to its public release. The certificate is issued by Hoverkey 65 9 . Service saves the UserID , Policy and the encrypted
and signed with the Hoverkey private key . The correspond password on the cloud storage server as AppID /Devi
ing public key is embedded in the Hoverkey App for celD /credentials .dat.
 US 10 , 102 ,510 B2
15 16
6 .4 PASSWORD RETRIEVAL The Hoverkey App also downloads a list of revoked
Token IDs periodically, which allows it to revoke the token
FIG . 6 shows the password access protocol. if an entry matches the one that it is paired with .
Precondition
App has registered itself with the Hoverkey Service and 5 6 . 9 LIST DEVICES
set up an encrypted password
The Applet is in Activated state Can be performed
Goal by any paired device
Retrieves the specified password that has been protected
by the NFC token 10
mutual auth , Applet validates DeviceID , or mutual
Optionally, retrieves user ID (if stored ) auth with Admin Key
Steps (referring to the number set out in FIG . 6 ) Or after mutual auth with Admin Key
1 . App sends request password command , supplying No PIN required
APIKey, AppID . Applet returns list of associated Device IDs
2 . Hoverkey Service validates the request
3 . Service obtains the App 's UserID , Policy and encrypted 15 6 . 10 REVOKING A DEVICE
password by retrieving the file AppID /DeviceID / cre
dentials. dat from the cloud storage , then requests a PIN Usually takes place after List Devices — as Hoverkey App
from user if required by Policy . is not expected to remember the device ID list
4 . Servicemutually authenticates with Applet. In addition, Can be performed from any paired device
Applet validates the DeviceID supplied by Service . 20 Mutual auth , Applet validates DeviceID
5 . Service sends the encrypted password to Applet for Requires PIN
decryption , supplying session keys (Session PEK _ ENC Removes DeviceID from Applet
and Session PEK _ MAC ), and optionally a PIN (as per
policy ). 6 . 11 PIN BLOCKING
6 . Applet authenticates and decrypts the input, and vali - 25
dates the PIN if required . Within the Applet, the User PIN has an associated PIN
7 . Applet returns the plaintext password encrypted under Tries Remaining (PTR ) value, initialized to a specified
the Session PEK and integrity protected with Session
PEK MAC number.
8 . The password is decrypted and returned to the App . 30 The Applet also has a fixed number (5 ) Personal Unblock
ing Keys (PUK ) of 8 digits , labelled PUK1, PUK2 etc ,
6 .5 CHANGING PASSWORD FOR APP which are randomly generated and loaded at format
ting . A copy of the PUKs for each token is provided to
To change the password for an App , Hoverkey services the Sys Admin . The Applet maintains a single Unblock
simply replaces the existing encrypted password with a new 35 ing Tries Remaining (UTR ) value, initialized to a
one, with the following steps : specified number.
1 . Mutual authentication , Applet validates DeviceID Each time the PIN is successfully validated , PTR is reset
2 . Requires PIN to its initial value .
3 . Service sends new password and policy Each time an incorrect PIN is detected , PTR is decre
4 . Applet returns encrypted password 40 mented by one.
If PTR reaches zero , the User PIN is blocked . The Applet
6 .6 CHANGING PIN also returns to the Service which PUK the user should
use to unblock the PIN , and tries remaining for that
To change the token PIN , the following steps are fol PUK .
lowed : 45 In order to unblock and reset the PIN , the user must
1. Mutual authentication , Applet validates DeviceID request his PUK code from SysAdmin as indicated by
2 . Requires old PIN , within PIN blocked UI or by retrieving applet status
3. User enters new PIN (twice ) ( see Section 0 ) . If this is the first time the User unblocks
the PIN , he will request the PUK1 code; the second
4 . Applet stores new PIN 50 time will require PUK2 etc ., i.e . each PUK code can
6 .7 DEREGISTER APP only be used once .
If the User 's PUK codes are exhausted , as soon as PTR
Remove the following information for the App : reaches zero again , the Applet is blocked . The NFC
(Hoverkey token not required ) token must be replaced .
1. AppID 55 Each time a PUK is entered incorrectly, the UTR is
2 . Any encrypted password ( s) decremented . If UTR reaches zero , the Applet is
3 . Any saved user name(s ) blocked . The NFC token must be replaced .
4 . Policy
6 . 12 GET APPLET STATUS
6 .8 REVOKING NFC TOKEN 60
Can be performed from any device
If the token is lost, perform once by each associated If not authenticated
device : Applet returns TokenID , Applet State
( The Hoverkey token not required ) If authenticated (with Auth Key or Admin Key )
Wipe authentication key from Hoverkey App 65 If in Formatted State: returns TokenID , Applet State,
Wipe all encrypted passwords PIN Tries Remaining Counter = Max , current PUK
Reset Hoverkey app to pre -activated state index , current PUK Tries Remaining counter. ( this
 US 10 , 102,510 B2
17 18
may not be max since applet may have been reset to The user has registered an app with an ID AppX on
formatted , which does not reset PUK status, i.e . used Device
PUKs remains used ). The current PUK index is the AppX has not been registered on DeviceB Goal:
index of the PUK code the use should ask for if the AppX credentials for the user becomes available for use
current PIN becomes blocked . on DeviceB Steps
If in Activated State: returns TokenID , Applet State , 1 . On DeviceB , AppX registers itself with Hoverkey
Service using either the symmetric key or asymmetric
PIN Tries Remaining Counter , current PUK index , key method , but without supplying the user's creden
PUK Tries Remaining counter =Max tials.
If in PIN Blocked State : returns TokenID , Applet State , 2 . Service retrieves the file AppX /Device A /credentials.dat
PIN Tries Remaining Counter = 0 , current PUK 10 from the cloud storage
index , PUK Tries Remaining counter 3 . Service uploads the same file , unaltered , as AppX/
If in Blocked State : returns TokenID = 0 , Applet State DeviceB /credentials .dat
4 . The credentials are now ready for use on DeviceB
6 . 13 ADMIN FUNCTIONS 15 7 . CRYPTOGRAPHIC SPECIFICATION
All functions within this section require mutual authen 7. 1 KEY MANAGEMENT
tication with Admin Key.
6 . 13 . 1 Reformat Token For security purposes, keys used for encrypting and
20 integrity -protecting user passwords for storage ( generated
In order to re- format the token ( e.g. for issuing to a new by the applet at activation ) never leave the applet ( nor the
physical token ). Session keys are also used ( generated by the
user ) Hoverkey App ) for encrypting and integrity -protecting pass
Mutual auth with Admin Key words over NFC after decryption . These are wiped imme
Send reformat command to :
Remove existing User PIN (and reset retry counter) 2325 diately after use .
Remove existing password protection keys PEK _ ENC , 7.2 PASSWORD STORAGE ENCRYPTION
PEK _MAC PROCESS
Reset applet to FORMATTED state
(Does not reset PUKsused PUKs remains used ) FIG . 7 shows the password encryption process.
30
Encrypting password for storage , to be performed by the
6 .13 .2 PIN Reset applet.
a ) Combine policy , length of password and password
In order for the Sys Admin to reset the PIN , itself received from device, apply padding to align with
Mutual auth with Admin Key encryption block length
Send PIN reset command with the user's new PIN 35 22 .Generate
Generate a random Initialization Vector (IV ) of encryp
(Does not require PUK ) tion cipher block length
3 . Encrypt block generated in Step 1 in CBC mode using
6 . 14 EMERGENCY ACCESS IV from Step 2 , using Key PEK _ ENC
4 . Encrypt the IV with PEK ENC in ECB mode
6 . 14 . 1 Lost /Defective NFC Token 40 5. Calculate a MAC on (output from Step 4 + output from
Step 3 ) using a hash based MAC (HMAC ) with the key
For emergency online access, the user may simply login PEK _MAC
manually with his password . If the user does not know / 6 . (Output from Step 5 + output from Step 3 +MAC from
remember his password (due to the use of a complex step 4 ) is returned to device for storage
password , for example ), the application 's password reset 45
facility may be used to set a new password (and also change 7 . 3 PASSWORD RETRIEVAL (SESSION )
the Hoverkey protected password ). ENCRYPTION PROCESS
6 .14 .2 Forgotten /Blocked PIN FIG . 8 shows password retrieval encryption .
50 To be performed by applet, after verification of the MAC ,
If an App 's policy requires a PIN which the User does not decryption of the encrypted object supplied by device, and
remember, he could : validation of the policy field .
Try different PINs until PIN Blocked ( if not already ) and 1. The plaintext password is left padded with a two- byte
request a PUK from the Sys Admin to Unblock and length field , and right padded with random bytes to
reset the PIN , 55 make the largest allowable block ( fits within an
Log in manually if he remembers the user ID and pass R -APDU ) whose size is a multiple of the cipher block
word ( although he will have to either recall or reset the length
PIN eventually to continue using Hoverkey Li). 2 . Steps 2 -5 as per the Password Storage Encryption
Process, except that Session _ PEK _ ENC and Session _
6 . 15 SYNCHRONISING CREDENTIALS 60 PEK _MAC are used for encryption and integrity pro
BETWEEN DEVICES tection instead .
Preconditions: 7 . 4 APP REGISTRATION KEY DERIVATION
User has devices with IDs DeviceA and DeviceB respec HIERARCHY (SYMMETRIC KEY )
tively 65
The user 's token has been activated and ready for use for FIG . 9 shows the key hierarchy . Keys are derived using
both devices the HMAC -Based KDF with as described in NIST Special
 US 10 , 102 ,510 B2
19
Publication 800 - 108 , [: L . Chen , Recommendation for Key
20
- continued
Derivation Using Pseudorandom Functions (Revised ),
NIST SP 800 - 108 , October 2009 , available from http :// State Description
csrc.nist.gov/publications/nistpubs/800 - 108/ sp800 - 108 .pdf. Formatted Personalization step 1 : Hoverkey (or a trusted third -party )
This document is incorporated by reference . has generated and loaded OrgID , APIKey, Auth Key , Admin
Issuer Keys Key and PUKs. Admin may reset activated cards to this state.
IssuerMasterKey = Random bytes generated by secure All data objects are reset except for any PUKs that have
been used
RNG Activated Personalization step 2 : Token delivered to User who has also
Org Keys received his personalized activation email . He has followed
OrgID = Assigned unique OrgID 10 the instructions to activate the token and set the PIN . The
AppID = ( globally ) unique app identifier Applet is now ready to be used operationally . Additional
devices may be added at this point.
8 . HOVERKEY APPLET STATUS PIN If the User 's PIN tries remaining counter reaches zero (with
Blocked at least one unused PUK remaining ), the Applet enters this
state and will not perform the core functions until it 's
FIG . 10 illustrates example applet status values, and their 15 unblocked with a PUK
sequencing Blocked If PUK tries counter reaches zero or PIN tries counter reaches
zero with no more PUK remaining, the Applet becomes
locked . The token must be revoked , then it may be destroyed
or sent back to Hoverkey
State Description
Installed Applet is installed but not yet selectable 20
Selectable Applet is now selectable and now ready to be personalized.
9 . GLOSSARY
Term Definition
Applet Software program running on a smart card supporting Global
Platform and card ( e. g . Java Card ) specifications
Application Protocol Data Basic communication messages between a smart card and the
Unit ( APDU ) terminal ( reader )
App Registration Validation of a third party app by Hoverkey at first use and
issuance of API key for subsequent access
Bluetooth / BLE A set of wireless communication standards designed for short
range data exchange between devices. Typically used by small
personal devices to create a Personal Area Network . Bluetooth
Low Energy (BLE ) is a Bluetooth standard which allows low
power devices which only communicate intermittently to
consume a fraction of the power required by normal Bluetooth .
Customers The person or organization responsible for day-to - day
management of Hoverkey tokens. In particular, they are
responsible for sending out activation emails and, when a user
requires PIN unblocking, authenticating the user and issuing
PUK codes.
When selling directly to End Users, Hoverkey will in effect play
the role of the Customer.
Developers Developers of mobile applications , especially those who embed
Hoverkey functions into their apps
DeviceID A unique identifier for a mobile device (or one that is highly
likely to be unique )
Developer Apps Developers may enhance the security of their existing mobile
applications by creating a Developer App , using the Hoverkey
iOS and Android or other types of code libraries .
End User (or User ) A members of a Customer organization who uses Hoverkey
enabled applications
Emergency Access An optional service which allows access to Hoverkey -protected
services without a functioning NFC token using a pre -specified
back -up authentication method .
Global Platform An organization responsible for specifying standards for smart
card application (i.e. applet) management
Hoverkey Li App An application installed and run on the User's mobile device
providing Hoverkey Service and management functions
Hoverkey Component Software component provided by Hoverkey for integration into
third -party Apps
Issuer Partner An organization with an established relationship with Hoverkey
to issue Hoverkey tokens to their Customer
Personal Identification A sequence of digits which is kept secret by the user for
Number (PIN ) authentication to the NFC Token
System Administrator (Sys Typically the person in the Customer organization who is
Admin ) responsible for implementing IT security policies and will have
influence over any security product that may be selected by the
organization . They have a technical skillset. They may also take
the role of User Administrator ( see below ) in small deployments .
Token Activation The process by which an End User sets up the first use of his
NFC token
Token Formatting The process by which blank smart cards are prepared for the
Customer
 US 10 , 102 ,510 B2
21
- continued
Term Definition
User Admins This is the person in the Customer organization who is
responsible for the operating the IT security systems.

10 . OPERATIONS USING creation . There are also concerns that private keys generated
CRYPTO -CURRENCIES with these services can be also stored and captured by
companies.
Cryptocurrencies such as BITCOIN are now widely used An alternative solution is a combination multi-signature
for commercial transactions, especially in the online setting. paper and electronic wallet, exemplified by the ARMORY
User authorization keys for cryptocurrencies such as BIT system . This is secure against malware, as long as the keys
COIN typically are stored in a wallet, which is a digital file 15 are generated with secure equipment, and secure against
that stores private signing keys so that they can be used to online theft. Once set up , it is easy to maintain . It offers the
authorize a transaction with a seller. When a consumer uses advantage of low cost, and is secure against physical theft so
BITCOIN as a payment mechanism , there is a need to secure long as only one of the private keys is physical and the other
the consumer' s BITCOIN wallet. There are several different two are encrypted and stored independently . However, they
ways that a BITCOIN wallet can be implemented , each with 20 are initially difficult to securely generate with an audited and
different advantages and disadvantages. clean computer.
Paper wallets , which involve printing the user's BIT The technology disclosed herein offers several advantages
COIN address and private keys on a piece of paper , are when used to secure BITCOIN wallets. Firstly , it offers a
convenient and familiar user experience , similar to the chip
secure againstmalware including viruses, Trojan horses, anded 25 and PIN system that is in widespread use with traditional,
key loggers , as long as the BITCOIN keys are generated 4 centralized card payment systems, or to biometric authen
with secure equipment. They are secure against online theft tication methods found on recent mobile devices. Second, it
initiated by hackers or unscrupulous employees and owners is easy to set up for the consumer. Third , it is easy to back
of online wallets . However, they are difficult to set up , and up to the cloud , whilst retaining a high level of security .
are not secure against physical theft . 30 Finally, because users ' BITCOIN private keys are stored on
An offline computer or device can be used as a BITCOIN a dedicated hardware security device, which can be a
wallet. These are somewhat secure against malware , as long smartcard , or a wearable device , and which is often not
as the BITCOIN keys are generated with secure equipment. connected to the internet, it is relatively secure against
They are secure against online theft initiated by hackers . malware including viruses , Trojan horses and key loggers .
Once set up, they are easy to maintain . However, it is 35 In all embodiments of this disclosure , the term BITCOIN
initially difficult to securely generate the keys with an is used for convenience to refer to a particular cryptocur
audited or clean computer that is free of security threats . rency that may be familiar to the reader. However, the
Further, this is a more expensive and less reliable solution techniques herein may be used with any cryptocurrency that
than a paper wallet, since it needs a separate computer or relies on secure management of the user's private key .
device . As a result, the wallet will need to be backed up . 40 Therefore , all use of the term BITCOIN in this disclosure are
Additionally , there are risks of infection by malware , arising intended to refer broadly to any cryptocurrency .
via communication through USB ports or network ports, if FIG . 11 illustrates a computer system that is programmed
the device is not properly secure . to provide secure storage of cryptocurrencies. In general, the
Dedicated hardware wallets , such as the TREZOR wallet. system of FIG . 11 is programmed to set up , on a mobile
offer another possible solution . They are secure againstsí 4545 been
computing device such as a smartphone, a wallet that has
encrypted with a secret known only to a separate token
malware , so long as the device has not been tampered with .
They are secure against online theft . Once set up , they are card device , but that can be verified by both the token card
easy to maintain . Secure transactions that are more highly and a smartphone app if the PIN entered on the token card
assured can be completed with private keys generated on the device is correct. Consequently , the smartphone storing the
hardware wallet itself rather than imported from a less 50 encrypted
smartphone
wallet is useless if it is stolen alone . To use the
, a user or thief must have the token card device ,
trusted computer. However, they require manual backup and
are relatively expensive compared to other solutions. The provided the emulate
or be able to its algorithms and message protocol
secret on the token card device also was
limited memory of some dedicated hardware makes it infea known, and also know the PIN .
sible to store a large amount of transaction - related informa- 55 In one embodiment, the system is programmed to provide
tion in the wallet. Moreover, products such as TREZOR a method of conducting a cryptocurrency payment via a
typically are single- purpose devices , i.e . they are not readily mobile computing device comprising , using the mobile
provisionable with additional credentials for non -BITCOIN computing device, storing an encrypted wallet received from
uses such as online banking or email account login . a portable security token that is separate from the mobile
Multi - signature hot wallets and services make it easier to 60 device , wherein the encrypted wallet comprises a crypto
carry out secure transactions without needing to import currency wallet encrypted with a secret key that is restricted
private keys , offering added features such as strong two to the portable security token ; using the mobile computing
factor authentication and online access. Some services of device , receiving a cryptocurrency payment instruction ;
this type, such as COINBASE , offer insurance against theft using the mobile computing device , prompting for a user
of users ' BITCOINs. They are relatively easy to set up and 65 credential to approve the cryptocurrency payment instruc
maintain , but are vulnerable to malware such as Trojan horse tion ; using the mobile computing device , sending, to the
programs that are present within the browser at the time of portable security token , a message in response to receiving
 US 10 , 102 ,510 B2
23 24
the user credential, wherein the message comprises the may be a display, such as an embedded LCD display,
encrypted wallet, the cryptocurrency payment instruction , with appropriate display driver circuitry and/or firm
and the user credential; and wherein the sending of the ware .
message causes the portable security token to : decrypt, using A mobile computing device 1106 that is programmed with
the secret key , the cryptocurrency wallet from the encrypted 5 an app 1108 that contains a secure storage library 1110
wallet; in response to confirming that the user credential ( or Hoverkey library ) . In various embodiments , the
matches an authentication identifier registered with the mobile computing device 1106 may comprise a smart
portable security token , create a cryptocurrency payment phone, smart watch , bracelet, badge or other wearable
transaction by digitally signing the cryptocurrency payment apparatus, card , tablet computer, phablet computer or
instruction using the cryptocurrency wallet; transmit the other mobile computing device . For purposes of con
cryptocurrency payment transaction to a cryptocurrency venience in this disclosure the term " phone " or " smart
network or cryptocurrency bank or exchange ; and erase the phone” may be used but that label is not required in any
cryptocurrency wallet. The intermediary may be a merchant embodiment .
Payment instructions are generated by one of the follow
or bank , or communications may be directly via a home PC .
In various embodiments , confirming that the user credential Mobile phone app 1108;
matches an authentication identifier registered with the Home user personal computer 1140 ;
portable security token comprises using any of PIN , bio - Merchant point of sale (POS) system 1130 .
metric or fingerprint on the mobile device , or authentication The mobile phone app 1108 is connected to a cryptocur
via button press confirmation , PIN or fingerprint on the 20 rency network 1150 , such as the BITCOIN network (“ block
portable security token . The wallet can have integrity pro - chain " ), via the home user PC 1140 , or via a cryptocurrency
tection as well as encryption . exchange 1120 or BITCOIN “ bank ” (e . g . COINBASE ).
In one embodiment, the encrypted wallet is stored on a The merchant POS 1130 can be directly connected to the
remote cloud storage location . In an embodiment, the cryptocurrency network 1150 , or via the cryptocurrency
authentication identifier is one of a personal identification 25 exchange 1120 .
number ( PIN ), a biometric identifier such as a fingerprint. In The system of FIG . 11 is programmed to use the infra
an embodiment. receiving the encrypted wallet is in structure described in previous sections, with smartcard
response to sending, to the portable security token , an software that is programmed to support generation of cryp
encryption request that embeds the cryptocurrency wallet. In tocurrency wallets and signing of transactions . In one
an embodiment, receiving the encrypted wallet is inin 3030 passphrases
embodiment, secure fingerprint support uses longer PINS or
. The system of FIG . 11 is programmed to
response to sending, to the portable security token , an support the following functions.
encryption request to create the cryptocurrency wallet as a 1 . The token card device 1102 can sign transactions (such
new wallet. as those used by BITCOIN ) using ECDSA .
In an embodiment, the cryptocurrency payment instruc - 35 2 . The token card device 1102 can securely store user
tion is received from one of: an application executing on the secrets
mobile device, an application executing on a separate com 3 . The token card device 1102 has a mechanism to verify
puting device owned by a user of the mobile device , and a the user ( e .g . PIN )
merchant terminal. In an embodiment, the cryptocurrency 4 . The token card device 1102 can generate random bytes
payment instruction is received using one of: a cryptocur - 40 securely .
rency exchange application program interface (API), one or As seen in FIG . 11, elements of the system are pro
more near field communication (NFC ) messages, and cel- grammed to store keys and secrets in different locations in
lular or wireless Internet access. non - volatile storage such as electronic digital computer
In an embodiment, receiving the encrypted wallet from memory.
the portable security token and the sending of the message 45 In one embodiment, a secret value 1104 is stored inter
to the portable security token utilize near field communica nally in the token card device 1102 and used to encrypt
tion (NFC ) . blob stores such as a cryptocurrency wallet 1112 of
In an embodiment, the prompting is by outputting, on a mobile computing device 1106 .
display , a price, a product, and a merchant associated with In an embodiment, an encrypted cryptocurrency wallet
the cryptocurrency payment instruction . 50 1112 is stored in memory of the mobile computing
In an embodiment, the cryptocurrency payment transac device 1106 under control of the mobile phone app
tion is transmitted to the cryptocurrency network by com 1108 . Alternatively, the encrypted cryptocurrency wal
municating with one of: a separate computing device owned let 1120 is stored in cloud storage at a location that is
by a user of the mobile device, a merchant terminal, and a configured with the app 1108 . In an embodiment, the
cryptographic currency exchange . In various embodiments , 55 encrypted cryptocurrency wallet 1120 is not left “ at
the portable security token is one of: a wearable device , a rest” in unencrypted form , and is only ever decrypted
watch , a card , and a ring. In one embodiment, the crypto by the token card device 1102 , used to sign a single
currency wallet is a BITCOIN wallet . transaction, then cleared from memory .
In one embodiment, a computer system 1100 comprises : In an embodiment, a fingerprint secret 1114 is stored in a
A token card device 1102 comprising memory pro - 60 secure enclave of the mobile phone . The fingerprint
grammed to store a secret value 1104 ; for convenience secret 1114 is transmitted to the token card device 1102
in this disclosure the token card also may be termed a on initial setup and subsequently on authentication . The
Hoverkey card but the label “ Hoverkey ” is not required token card device 1102 also stores a copy of the secret
in any embodiment. The token card device 1102 also 1114 , or a hashed derivative of it, to allow verification .
features a keypad 1103 , such as a numeric or alphanu - 65 In an embodiment, a personal identification number (PIN )
meric keypad , and a PIN 1105 stored in memory . Some 1105 is stored only in the token card device 1102 , in
embodiments may omit the keypad 1103. There also hashed form or other secure format. As described
 US 10 , 102,510 B2
25 26
below , the PIN 1105 is transmitted to the token card 1. User selects “ import wallet” instruction on the app
device 1102 on initial setup and subsequently on 1108, and is instructed to swipe their token card device
authentication . 1102 .
Embodiments are programmed to execute authentication 2 . The token card device 1102 receives an “ import wallet”
methods as stated in the following algorithms. Each of the 5 instruction which includes the unencrypted wallet 1112,
algorithms described herein may be programmed using a encrypts the wallet with the internal secret 1104 , and
human -readable programming language such as JAVA , transmits the encrypted wallet ( e. g ., as a “ blob " ) to the
OBJECTIVE -C , C + +, C and the like to produce machine mobile computing device 1106 .
executable instructions that may be downloaded and 3 . The mobile computing device 1106 stores the blob and
installed into the mobile computing device 1106 or installed 10 the public key , and displays the public key to the user.
in firmware of the token card device 1102. The mobile computing device 1106 instructs the user
1 . PIN 1105 that they can now destroy unencrypted wallets .
The PIN is requested directly from the user initially on 4 . The can sync the blob to the cloud if required or useful.
pairing , then subsequently when authentication is An example merchant POS transaction may be executed
required . 15 using programs that implement the following algorithm .
The PIN is transmitted to the token card device 1102 1 . Merchant instructs the POS computer 1130 to charge
and verified internally . the user a particular amount denominated in cryptocur
The PIN locks out after a fixed number of attempts. rency for a particular product or service .
2 . Fingerprint secret 1114 2 . The POS computer 1130 instructs the user to wave their
In an embodiment, the fingerprint secret 1114 may be 20 mobile computing device 1106 at an NFC terminal
implemented internally using PIN mode ; an internal coupled to the POS computer.
PIN is generated on pairing, then secured using 3 . The mobile computing device 1106 receives an NFC
device specific API, such as the iPhone keychain . In instruction , and in response , opens the app 1108 or
an embodiment, the internal PIN is much longer than another payments app that can perform the functions
a traditional PIN . 25 described herein .
The fingerprint secret 1114 is transmitted to the token 4 . The app 1108 displays: Merchant name (+ public key );
card device 1102 in the same way as an ordinary Product; Amount
PIN . 5 . The user authorises the transaction . The user is asked
Losing the mobile computing device 1106 results in to enter a PIN value. Biometric authorisation also could
losing the fingerprint secret. Therefore , users may be 30 be used rather than a PIN , and thus all references to
advised to pair more than one device to the token using a PIN herein are intended to permit use of
card device 1102 . biometric authorisation as an alternative .
Pairing of the token card device 1102 may be executed 6 . The user enters the PIN value, which is stored tran
using programs that implement the following algo siently by app 1108, and is instructed to swipe the token
rithm . 35 card device 1102 .
1 . The user installs the app 1108 on the mobile com 7 . The mobile computing device 1106 transmits the
puting device 1106 and selects one or more authen encrypted wallet 1112 , payment instruction and PIN to
tication methods ( fingerprint, PIN , etc ). A setup the token card device 1102.
process for those authentication methods is per 8 . The token card device 1102 authenticates the user by
formed as described above . 40 comparing the entered PIN to the stored PIN 1105 ,
2 . The user is prompted to swipe the token card device decrypts the wallet 1112 using the internal secret 1104 ,
1102 using a near field communication (NFC ) swipe signs the payment instruction using the decrypted wal
operation . let, producing a cryptocurrency transaction . The token
3 . The token card device 1102 is now paired to phone. card device 1102 then transmits the signed payment
4 . User can pair additional mobile computing devices, 45 instruction to the mobile computing device 1106 and
if required , by repeating the procedure . discards the wallet 1112 .
Generating the wallet 1112 may be executed using pro - 9 . The mobile computing device 1106 can transmit the
grams that implement the following algorithm . transaction to the merchant via NFC , or directly to the
1 . The user selects a " generate wallet” option on their merchant' s bank using a networked data connection .
mobile phone app 1108 , and is instructed to swipe their 50 10 . The merchant verifies that the transaction has been
token card device 1102 ; the app 1108 generates a received .
" generate wallet” instruction which is emitted using the An example secured direct mobile transaction may be
NFC interface . executed using programs that implement the following algo
2 . The token card device 1102 receives a " generate rithm . This algorithm is appropriate for web sites that offer
wallet” instruction , generates an ECDSA wallet 1112, 55 products or services for sale and accept cryptocurrency
encrypts the wallet 1112 with the internal secret 1104 , transactions as a form of payment.
and transmits the encrypted wallet (as a "blob " ) with a 1. User clicks " pay via cryptocurrency " button on a
public key to the mobile computing device 1106 . In webpage that contains a cryptocurrency wallet address .
some embodiments , the wallet 1112 may be any form Alternatively user can input transaction parameters
of cryptocurrency wallet or cryptocurrency keypain . 60 manually directly in app 1108 .
3 . The mobile computing device 1106 stores the blob and 2 . The mobile computing device 1106 displays the trans
public key , and displays the public key to user. action as in the previous example ( items 3 , 4 , 5 , 6 , 7 ,
4 . The user can sync the blob to the cloud if required or 8).
useful. 3 . The mobile computing device 1106 forwards the trans
Importing the wallet 1112 from another location may be 65 action to the cryptocurrency network 1150 via the
executed using programs that implement the following algo cryptocurrency exchange 1120 or directly via the per
rithm . sonal computer 1140 .
 US 10 , 102 ,510 B2
27 28
In some embodiments , the token card device may com source code means it can be widely distributed , making it
prise a small display screen and a numeric keypad . The highly decentralised and difficult to change .
security of the cryptocurrency transaction could be enhanced Banks and exchanges see a ledger updated in minutes as
by displaying key details of the transaction on the screen saving millions in collateral and settlement costs to third
before the user gives the final authentication, so that the user 5 parties . New post-financial crisis rules have forced more
can verify how much is being paid and to whom it is being tralised over-the -counter derivatives to be processed through cen
paid , right there on the token device . clearing houses. That has increased demand for
collateral to be sent around the financial system rapidly in
11 . OPERATIONS USING BLOCK CHAIN order to be used as insurance for cleared derivatives trades .
SYSTEMS 10 The new NASDAQ private share trading market is a
system which runs across the public internet and so is
Although certain embodiments herein have been user vulnerable to hackers who may seek to impersonate a real
described in connection with use of the BITCOIN system , . Although the blockchain itself is secure , a user name
the technology underlying BITCOIN is the block chain . The 15 Thepassword
and is still needed to access the NASDAQ system .
system disclosed herein uses a decentralised security
block chain can be used not just for implementing crypto
currencies but also for creating secure , distributed transac architecture which fits very well with the decentralized
tion ledgers for other kinds of transactions in addition to server. It could the
architecture of blockchain , needing no central security
provide a very convenient and secure two
cryptocurrency transactions . For example , certain develop factor authentication system to ensure that users who log in
ing nations are investigating creating land rights registries 20 and use the NASDAQ system are indeed who they say they
and other kinds of legal registry using the block chain . In one are .
embodiment, the system herein can interoperate with any 3 . Land Title Registry
type of distributed transaction ledger that uses the block Honduras, one of the poorest countries in the Americas,
chain , not just BITCOIN . Examples of such distributed has agreed to use a Texas -based company to build a perma
transaction ledger systems include SCP from Stellar, Hyper- 25 nent and secure land title record system using the underlying
ledger and Ethereum , which provide developer APIs that technology behind bitcoin , a company official said late
allow a multitude of secure ledger applications to be created . Thursday. Factom , a U .S . blockchain technology company
A description of five examples of the application of based in Austin , Tex ., will provide the service to the gov
blockchain technology to the embodiments herein is now ernment of Honduras , according to the firm 's president,
provided . 30 Peter Kirby.
1 . Certified Custody of Files The blockchain is a ledger of all of a digital currency 's
Created by Manuel Araoz , a 25 -year -old developer in transactions and is viewed as BITCOIN ' s main technologi
Argentina , a Proof of Existence site allows you to upload a cal innovation . The technology is evolving beyond the
file to certify that you had custody of it at a given time. digital currency , though , to applications like title databases
Neither its contents nor your own personal information are 35 and data verification systems.
ever revealed ; rather, all the data in the document is digested “ In the past , Honduras has struggled with land title fraud ,”
into an encrypted number. Proof of Existence is built on top said Kirby. " The country 's database was basically hacked .
of the Bitcoin blockchain (there 's a 0 .005 BTC fee ), so the So bureaucrats could get in there and they could get them
thousands of computers on that network have now collec - selves beachfront properties.” . . . “ This also gives owners of
tively verified your file . 40 the nearly 60 percent of undocumented land , an incentive to
Proof of Existence is a system which runs across the register their property officially .”
public internet and so is vulnerable to hackers who may seek The Factom system runs across the public internet and so
to impersonate a real user. Although the blockchain itself is is vulnerable to hackers who may seek to impersonate a real
secure , a user name and password is still needed to access user. Although the blockchain itself is secure , a user name
the Proof of Existence system . The system disclosed herein 45 and password is still needed to access the Factom system .
uses a decentralised security architecture which fits very The present disclosure uses a decentralised security archi
well with the decentralized architecture of the blockchain , tecture which fits very well with the decentralized architec
needing no central security server. It could provide a very ture of the blockchain , needing no central security server . It
convenient and secure two factor authentication system to could provide a very convenient and secure two factor
ensure that users who log in and use the Proof of Existence 50 authentication system to ensure that users who log in and use
system are indeed who they say they are . the Factom system are indeed who they say they are.
2 . Share Trading 4 . Proof of Ownership of Diamonds
Nasdaq has said it would use blockchain technology from Diamond fraud is a big issue . In April , a London gang was
US start-up Chain to underpin its new private share - trading convicted of “ running boiler rooms that sold dozens of
market, in one of its most high profile applications to date . 55 coloured diamonds to investors at up to 30 times their true
Former New York Stock Exchange chief Duncan Niederauer value," the City of London announced at the time. The gang
and JPMorgan banker Blythe Masters have also lent their promised exorbitant potential for profit on the stones , and
support to start- ups exploring its use . The blockchain and the netted more than £1.5 million from dozens of victims.
bitcoin assets it tracks set out a way to create an unforgeable , Everledger thinks its technology can tackle this: It makes it
unchangeable ledger of asset ownership . 60 possible to check the provenance of diamonds by cross
Transactions between bitcoin users are broadcast to a referencing them against the ledger, preventing buyers from
network of computers . The latter, known as “ miners " , gather being ripped off. Likewise , Everledger hopes to drastically
together blocks of transactions and compete to verify them reduce diamond theft . The existence of a ledger recording
and receive monetary incentives in return for being “ first” . the ownership and origin of the jewels will make them far
The blocks are secured by cryptography and other comput- 65 harder to sell on without recutting to obscure their identi
ers can verify the work . The “ cost” of running the network fying features or serial code and lowering their value in the
is borne by the anonymous owners of servers . The open process .
 US 10 , 102 ,510 B2
29 30
Everledger 's ledger is built on the blockchain — the same secure two factor authentication system to ensure that users
decentralised record book that underpins BITCOIN . It who log in and use the Empowered Law system are indeed
means there ' s no one centralised server running things — who they say they are .
instead , data is distributed across the network . Everledger
uses the blockchain as its basis because of its immutability. 5 12 . IMPLEMENTATION
When a bitcoin transaction is written into the blockchain it EXAMPLE - HARDWARE OVERVIEW
cannot be altered ; similarly , it is impossible to change an
entry on Everledger's ledger once it has been written . This According to one embodiment, the techniques described
permanence is vital in tackling fraud , meaning the ledger 10 herein are implemented by one or more special- purpose
computing devices . The special- purpose computing devices
cannotbe amended later to disguise criminal activity . (Paper may be hard
certificates for diamonds certifying provenance do already include digital-wired to perform the techniques , or may
electronic devices such as one or more
exist, but there ' s nothing like Everledger ' s ledger, which is
continually updateable and accessible from anywhere in the grammable gate arrays (FPGAscircuits
application - specific integrated
) that
( ASICs) or field pro
are persistently pro
world .) 15 grammed to perform the techniques, or may include one or
Since March , 830 ,000 diamonds have been added to the more general purpose hardware processors programmed to
ledger, CEO Leanne Kemp says. Everledger began with perform the techniques pursuant to program instructions in
diamonds, but Kemp has far larger ambitions. The startup is firmware, memory, other storage , or a combination . Such
looking to move into other luxury goods, she says , and is special- purpose computing devices may also combine cus
speaking with select retailers with an eye to including 20 tom hard -wired logic , ASICs, or FPGAs with custom pro
high - end watches in the next 100 days. Again , the benefits gramming to accomplish the techniques. The special- pur
are obvious: proof of ownership , tackling fraud , and a pose computing devices may be desktop computer systems,
deterrent to theft. An API could also be offered to online portable computer systems, handheld devices, networking
retailers like Amazon or eBay to help prevent stolen goods devices or any other device that incorporates hard -wired
being resold through their platform . 25 and /or program logic to implement the techniques .
Everledger is a system which runs across the public For example , FIG . 12 is a block diagram that illustrates a
internet and so is vulnerable to hackers who may seek to computer system 1200 upon which an embodiment of the
impersonate a real user . Although the blockchain itself is invention may be implemented . Computer system 1200
includes a bus 1202 or other communication mechanism for
secure , a user name and password is still needed to access
the Everledger system . The present disclosure uses a decen 30 communicating information , and a hardware processor 1204
coupled with bus 1202 for processing information . Hard
tralised security architecture which fits very well with the ware processor 1204 may be, for example, a general purpose
decentralized architecture of the blockchain , needing no microprocessor .
central security server. It could provide a very convenient Computer system 1200 also includes a main memory
and secure two factor authentication system to ensure
asure that
that 35 1206 , such as a random access memory (RAM ) or other
users who log in and use the Everledger system are indeed dynamic storage device , coupled to bus 1202 for storing
who they say they are . information and instructions to be executed by processor
5 . Smart Contracts 1204 . Main memory 1206 also may be used for storing
This relatively new concept involves the development of temporary variables or other intermediate information dur
programs that can be entrusted with money. Smart contracts 40 ing execution of instructions to be executed by processor
are programs that encode certain conditions and outcomes. 1204 . Such instructions, when stored in non -transitory stor
When a transaction between 2 parties occurs , the program age media accessible to processor 1204 , render computer
can verify if the product/ service has been sent by the system 1200 into a special-purpose machine that is custom
supplier. Only after verification is the sum transmitted to the i zed to perform the operations specified in the instructions.
suppliers account. By developing ready to use programs that 45 Computer system 1200 further includes a read only
function on predetermined conditions between the supplier memory (ROM ) 1208 or other static storage device coupled
and the client, smart programs ensure a secure escrow to bus 1202 for storing static information and instructions
service in real time at near zero marginal cost. One company for processor 1204 . A storage device 1210 , such as a
that is making dramatic foray here is Codius which offers an magnetic disk , optical disk , or solid - state drive is provided
ecosystem for Smart Contracts . 50 and coupled to bus 1202 for storing information and instruc
Apart from financial transactions , smart contracts are now tions .
entering the legal system . Companies like Empowered Law Computer system 1200 may be coupled via bus 1202 to a
use the public distributed ledger of transactions that makes display 1212 , such as a cathode ray tube (CRT ), for dis
up the block chain to provide multi-signature account ser - playing information to a computer user. An input device
vices for asset protection , estate planning , dispute resolu - 55 1214 , including alphanumeric and other keys, is coupled to
tion , leasing and corporate governance . A prime example of bus 1202 for communicating information and command
this transition is seen ins a procedure referred to as 'Color selections to processor 1204 . Another type of user input
ing ' a Coin , in which a house can be sold in the form of a device is cursor control 1216 , such as a mouse , a trackball ,
Bitcoin payment with the same ease and speed . or cursor direction keys for communicating direction infor
Empowered Law ' s system runs across the public internet 60 mation and command selections to processor 1204 and for
and so is vulnerable to hackers who may seek to impersonate controlling cursor movement on display 1212 . This input
a real user. Although the blockchain itself is secure, a user device typically has two degrees of freedom in two axes, a
name and password is still needed to access the Empowered first axis (e .g., x ) and a second axis ( e.g ., y ), that allows the
Law system . The present disclosure uses a decentralised device to specify positions in a plane .
security architecture which fits very well with the decen - 65 Computer system 1200 may implement the techniques
tralized architecture of the blockchain , needing no central described herein using customized hard -wired logic , one or
security server. It could provide a very convenient and more ASICs or FPGAs , firmware and/or program logic
 US 10 , 102 ,510 B2
31 32
which in combination with the computer system causes or Network link 1220 typically provides data communica
programs computer system 1200 to be a special-purpose tion through one or more networks to other data devices . For
machine. According to one embodiment , the techniques example , network link 1220 may provide a connection
herein are performed by computer system 1200 in response through local network 1222 to a host computer 1224 or to
to processor 1204 executing one or more sequences of one 5 data equipment operated by an Internet Service Provider
ormore instructions contained in main memory 1206 . Such (ISP ) 1226 . ISP 1226 in turn provides data communication
instructions may be read into main memory 1206 from services through the world wide packet data communication
another storage medium , such as storage device 1210 . network now commonly referred to as the “ Internet” 1228 .
Execution of the sequences of instructions contained in main Local network 1222 and Internet 1228 both use electrical,
memory 1206 causes processor 1204 to perform the process 10 electromagnetic or optical signals that carry digital data
steps described herein . In alternative embodiments , hard - streams. The signals through the various networks and the
wired circuitry may be used in place of or in combination signals on network link 1220 and through communication
with software instructions. interface 1218 , which carry the digital data to and from
The term “ storage media ” as used herein refers to any computer system 1200 , are example forms of transmission
non - transitory media that store data and /or instructions that 15 media .
cause a machine to operate in a specific fashion . Such Computer system 1200 can send messages and receive
storage media may comprise non -volatile media and/or data , including program code, through the network (s), net
volatile media . Non - volatile media includes , for example , work link 1220 and communication interface 1218 . In the
optical disks, magnetic disks, or solid -state drives, such as Internet example , a server 1230 might transmit a requested
storage device 1210 . Volatile media includes dynamic 20 code for an application program through Internet 1228 , ISP
memory, such as main memory 1206 . Common forms of 1226 , local network 1222 and communication interface
storage media include , for example , a floppy disk , a flexible 1218 .
disk , hard disk , solid -state drive ,magnetic tape, or any other The received code may be executed by processor 1204 as
magnetic data storage medium , a CD -ROM , any other it is received , and/ or stored in storage device 1210 , or other
optical data storage medium , any physical medium with 25 non - volatile storage for later execution .
patterns of holes, a RAM , a PROM , and EPROM , a FLASH - In the foregoing specification , embodiments of the inven
EPROM , NVRAM , any other memory chip or cartridge . tion have been described with reference to numerous spe
Storage media is distinct from but may be used in con - cific details that may vary from implementation to imple
junction with transmission media . Transmission media par - mentation . The specification and drawings are , accordingly ,
ticipates in transferring information between storage media . 30 to be regarded in an illustrative rather than a restrictive
For example , transmission media includes coaxial cables, sense . The sole and exclusive indicator of the scope of the
copper wire and fiber optics, including the wires that com - invention , and what is intended by the applicants to be the
prise bus 1202 . Transmission media can also take the form scope of the invention , is the literal and equivalent scope of
of acoustic or light waves, such as those generated during the set of claims that issue from this application , in the
radio -wave and infra - red data communications. 35 specific form in which such claims issue, including any
Various forms ofmedia may be involved in carrying one subsequent correction .
or more sequences of one or more instructions to processor
1204 for execution . For example , the instructions may What is claimed is :
initially be carried on a magnetic disk or solid - state drive of 1. A method of conducting a cryptocurrency payment via
a remote computer. The remote computer can load the 40 a mobile computing device comprising:
instructions into its dynamic memory and send the instruc using the mobile computing device, storing an encrypted
tions over a telephone line using a modem . A modem local wallet received from a portable security token that is
to computer system 1200 can receive the data on the separate from the mobile device, wherein the encrypted
telephone line and use an infra -red transmitter to convert the wallet comprises a cryptocurrency wallet encrypted
data to an infra - red signal. An infra -red detector can receive 45 with a secret key that is restricted to the portable
the data carried in the infra - red signal and appropriate security token ;
circuitry can place the data on bus 1202 . Bus 1202 carries using the mobile computing device , receiving a crypto
the data to main memory 1206 , from which processor 1204 currency payment instruction ;
retrieves and executes the instructions. The instructions using the mobile computing device , prompting for a user
UST
received by main memory 1206 may optionally be stored on 50 credential to approve the cryptocurrency payment
storage device 1210 either before or after execution by instruction ;
processor 1204 . using the mobile computing device, sending, to the por
Computer system 1200 also includes a communication table security token , a message in response to receiving
interface 1218 coupled to bus 1202 . Communication inter the user credential, wherein themessage comprises the
face 1218 provides a two-way data communication coupling 55 encrypted wallet, the cryptocurrency payment instruc
to a network link 1220 that is connected to a local network tion , and the user credential; and
1222. For example , communication interface 1218 may be wherein the sending of the message causes the portable
an integrated services digital network ( ISDN ) card , cable security token to : decrypt, using the secret key, the
modem , satellite modem , or a modem to provide a data cryptocurrency wallet from the encrypted wallet ; in
communication connection to a corresponding type of tele - 60 response to confirming that the user credentialmatches
phone line. As another example , communication interface an authentication identifier registered with the portable
1218 may be a local area network (LAN ) card to provide a security token , create a cryptocurrency payment trans
data communication connection to a compatible LAN . Wire action by digitally signing the cryptocurrency payment
less links may also be implemented . In any such implemen instruction using the cryptocurrency wallet; transmit
tation , communication interface 1218 sends and receives 65 the cryptocurrency payment transaction to a cryptocur
electrical, electromagnetic or optical signals that carry digi rency network or cryptocurrency bank or exchange;
tal data streams representing various types of information . and erase the cryptocurrency wallet ;
 US 10 , 102 ,510 B2
33 34
wherein the confirming the user credential matches an response to confirming that the user credential matches
authentication identifier registered with the portable an authentication identifier registered with the portable
security token comprises using any of PIN , biometric security token , create a cryptocurrency payment trans
or fingerprint on the mobile device, or authentication action by digitally signing the cryptocurrency payment
via button press confirmation , PIN or fingerprint on the 5 instruction using the cryptocurrency wallet; transmit
portable security token . the cryptocurrency payment transaction to a cryptocur
2 . The method of claim 1 , wherein the encrypted wallet is rency network or cryptocurrency bank or exchange;
stored on a remote cloud storage location . and erase the cryptocurrency wallet;
3 . The method of claim 1 , wherein the receiving of the wherein the confirming the user credential matches an
encrypted wallet is in response to sending, to the portable 10 authentication identifier registered with the portable
security token , an encryption request that embeds the cryp security token comprises using any of PIN , biometric
tocurrency wallet. or fingerprint on the mobile device , or authentication
4 . The method of claim 1 , wherein the receiving of the via button press confirmation, PIN or fingerprint on the
encrypted wallet is in response to sending, to the portable portable security token .
security token , an encryption request to create the crypto - 15 11 . The system of claim 10 , further comprising stored
currency wallet as a new wallet. program instructions that are programmed to cause , when
5 . The method of claim 1, wherein the cryptocurrency executed by the mobile computing device , storing the
payment instruction is received from one of: an application encrypted wallet on a remote cloud storage location .
executing on the mobile device, an application executing on 12 . The system of claim 10 , wherein the authentication
a separate computing device owned by a user of the mobile 20 identifier is one ofa personal identification number (PIN ),or
device , and a merchant terminal. a biometric identifier such as a fingerprint.
6 . The method of claim 1 , wherein the cryptocurrency 13 . The system of claim 10 , further comprising stored
payment instruction is received using one of: a cryptocur - program instructions that are programmed to cause , when
rency exchange application program interface (API), one or executed by the mobile computing device , receiving the
more near field communication (NFC ) messages, and cel- 25 encrypted wallet in response to sending, to the portable
lular or wireless Internet access. security token , an encryption request that embeds the cryp
7 . The method of claim 1 , wherein the receiving of the tocurrency wallet.
encrypted wallet from the portable security token and the 14 . The system of claim 10 , further comprising stored
sending of the message to the portable security token utilize program instructions that are programmed to cause , when
near field communication (NFC ) . 30 executed by the mobile computing device , receiving the
8. The method of claim 1, wherein the cryptocurrency encrypted wallet is in response to sending, to the portable
payment transaction is transmitted to the cryptocurrency security token , an encryption request to create the crypto
network by communicating with one of: a separate comput currency wallet as a new wallet.
ing device owned by a user ofthe mobile device , a merchant 15 . The system of claim 10 , further comprising stored
terminal, and a cryptographic currency exchange . 35 program instructions that are programmed to cause, when
9 . The method of claim 1 , wherein the portable security executed by the mobile computing device , receiving the
token is one of: a wearable device , a watch , a card , and a cryptocurrency payment instruction from one of: an appli
ring; wherein the cryptocurrency wallet is a BITCOIN cation executing on the mobile device , an application
wallet. executing on a separate computing device owned by a user
10 . A data processing system that is programmed to 40 of the mobile device , and a merchant terminal .
conduct a cryptocurrency payment via a mobile computing 1 6 . The system of claim 10 , further comprising stored
device , the system comprising: program instructions that are programmed to cause , when
the mobile computing device comprising stored program executed by the mobile computing device , receiving the
instructions that are programmed to cause, when cryptocurrency payment instruction using one of: a crypto
executed by the mobile computing device , storing an 45 currency exchange application program interface (API) , one
encrypted wallet received from a portable security or more near field communication (NFC ) messages , and
token that is separate from the mobile device , wherein cellular or wireless Internet access.
the encrypted wallet comprises a cryptocurrency wallet 17 . The system of claim 10 , further comprising stored
encrypted with a secret key that is restricted to the program instructions that are programmed to cause, when
portable security token ; 50 executed by the mobile computing device , receiving the
stored program instructions that are programmed to cause , encrypted wallet from the portable security token and send
when executed by the mobile computing device , ing of the message to the portable security token using near
receiving a cryptocurrency payment instruction ; field communication (NFC ).
stored program instructions that are programmed to cause , 18 . The system of claim 10 , further comprising stored
when executed by the mobile computing device , 55 program instructions that are programmed to cause , when
prompting for a user credential to approve the crypto executed by the mobile computing device , transmitting the
currency payment instruction ; and cryptocurrency payment transaction to the cryptocurrency
stored program instructions that are programmed to cause , network by communicating with one of: a separate comput
when executed by the mobile computing device , send - ing device owned by a user of the mobile device, a merchant
ing, to the portable security token , a message in 60 terminal, and a cryptographic currency exchange .
response to receiving the user credential, wherein the 19 . The system of claim 10 , wherein the portable security
message comprises the encrypted wallet , the crypto - token is one of: a wearable device , a watch , a card , and a
currency payment instruction, and the user credential; ring ; wherein the cryptocurrency wallet is a BITCOIN
and wallet.
wherein the sending of the message causes the portable 65 20 . A method of providing two- factor authenticated login
security token to : decrypt, using the secret key, the to a server computer via a mobile computing device com
cryptocurrency wallet from the encrypted wallet; in prising:
 US 10 , 102,510 B2
35 36
using the mobile computing device, storing an encrypted the transaction wallet; transmit the login transaction to
wallet received from a portable security token that is the secure application program that uses the block
separate from themobile device ,wherein the encrypted chain ; and erase the transaction wallet;
wallet comprises a transaction wallet encrypted with a wherein the confirming the user credential matches an
secret key that is restricted to the portable security 5 authentication identifier registered with the portable
token ; security token comprises using any of PIN , biometric
using the mobile computing device , receiving an instruc or fingerprint on the mobile device , or authentication
tion relating to logging in to a server computer that is via button press confirmation , PIN or fingerprint on the
portable
associated with a secure application program that uses 10 21 . The method security token .
a block chain ; of claim 20 , wherein the encrypted wallet
using the mobile computing device , prompting for a user is 22 stored on a remote cloud storage location .
. The method of claim 20 , wherein the instruction is
credential to approve the instruction ; received from one of: an application executing on the mobile
using the mobile computing device, sending, to the por
device, an application executing on a separate computing
table security token , a message in response to receivinge 15 device
the user credential, wherein the message comprises the server computer associated with a user of the mobile device ; and a
encrypted wallet, the instruction , and the user creden .
tial ; and 23 . The method of claim 20 , wherein the instruction is
wherein the sending of the message causes the portable server received using an application program interface (API) of a
security token to : decrypt, using the secret key , the computer application that uses the block chain .
transaction wallet from the encrypted wallet; in encrypted method
in 2024 . The of claim 21 , wherein the receiving of the
response to confirming that the user credentialmatches sending of the message the
wallet from
to
portable security token and the
the portable security token utilize
an authentication identifier registered with the portable
security token , create a login transaction by digitally near field communication (NFC ).
signing the cryptocurrency payment instruction using * * * * *