Secure mobile device credential provisioning using risk decision non-overrides

US 10,140,615 B2
Filed: 09/22/2015
Issued: 11/27/2018
Est. Priority Date: 09/22/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, at a server computer, a provisioning request to provision a credential to a user device, wherein the credential is associated with an account of a user, and wherein the provisioning request includes a first risk level indicating a first perceived risk of provisioning the credential to the user device, wherein the first risk level is determined based on a first set of information;

determining, by the server computer, that the provisioning request includes a non-override condition, wherein the non-override condition recommends setting the first risk level as a final risk decision value;

determining, by the server computer, additional information associated with the user device or the account of the user available to the server computer, wherein the additional information is different than the first set of information;

generating, by the server computer, a second risk level associated with the provisioning request based on the additional information, wherein the second risk level indicates a second perceived risk of provisioning the credential to the user device different than the first perceived risk;

comparing, at the server computer, the first risk level to the second risk level;

when the first risk level is lower than the second risk level;

setting, by the server computer, the second risk level as the final risk decision value even when the non-override condition exists; and

preventing, by the server computer, the credential from being provisioned onto the user device without further authentication, wherein the user device is not capable of initiating a transaction using the account when the credential is prevented from being provisioned onto the user device;

when the first risk level is higher than the second risk level;

setting, by the server computer, the first risk level as the final risk decision value;

causing, by the server computer, one or more scripts to be executed on the user device thereby provisioning the credential onto the user device; and

converting, by the server computer, the user device into a payment device capable of initiating the transaction using the account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to optimizing the secure provisioning of credentials to mobile devices through use of risk decision non-overrides. In some embodiments, a service provider receives a request from a wallet provider to provision a credential associated with an account to a mobile device. The request includes a first risk level associated with the provisioning. The service provider receives a second risk level associated with the provisioning request from an issuer of the account. Based upon determining that a non-override condition exists, the service provider uses the first risk level from the wallet provider and accordingly causes a user authentication to occur. A non-override condition may be determined based upon scenario indicators received within the provisioning request. In some embodiments, the non-override condition may be ignored when the first risk level indicates medium risk and the second risk level indicates high risk.

569 Citations

20 Claims

1. A method, comprising:
- receiving, at a server computer, a provisioning request to provision a credential to a user device, wherein the credential is associated with an account of a user, and wherein the provisioning request includes a first risk level indicating a first perceived risk of provisioning the credential to the user device, wherein the first risk level is determined based on a first set of information;
  
  determining, by the server computer, that the provisioning request includes a non-override condition, wherein the non-override condition recommends setting the first risk level as a final risk decision value;
  
  determining, by the server computer, additional information associated with the user device or the account of the user available to the server computer, wherein the additional information is different than the first set of information;
  
  generating, by the server computer, a second risk level associated with the provisioning request based on the additional information, wherein the second risk level indicates a second perceived risk of provisioning the credential to the user device different than the first perceived risk;
  
  comparing, at the server computer, the first risk level to the second risk level;
  
  when the first risk level is lower than the second risk level;
  
  setting, by the server computer, the second risk level as the final risk decision value even when the non-override condition exists; and
  
  preventing, by the server computer, the credential from being provisioned onto the user device without further authentication, wherein the user device is not capable of initiating a transaction using the account when the credential is prevented from being provisioned onto the user device;
  
  when the first risk level is higher than the second risk level;
  
  setting, by the server computer, the first risk level as the final risk decision value;
  
  causing, by the server computer, one or more scripts to be executed on the user device thereby provisioning the credential onto the user device; and
  
  converting, by the server computer, the user device into a payment device capable of initiating the transaction using the account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first risk level includes a first risk level range and the second risk level includes a second risk level range.
  - 3. The method of claim 1, wherein the first risk level includes a first discrete value and the second risk level includes a second discrete value.
  - 4. The method of claim 1, further comprising:
    - when the first risk level is lower than the second risk level;
      
      determining, at the server computer, that an authentication process is to be performed with the user; and
      
      causing, by the server computer, the authentication process to be performed with the user.
  - 5. The method of claim 1, wherein said determining the second risk level associated with the provisioning request comprises:
    - receiving, at the server computer from an issuer computer of an issuer of the account, a token activation response message that includes the second risk level.
  - 6. The method of claim 1, wherein said determining the second risk level associated with the provisioning request comprises:
    - generating, by the server computer, the second risk level based in part upon a previously stored address of the user and a received address of the user from the provisioning request.
  - 7. The method of claim 6, wherein the second risk level is higher than the first risk level if the previously stored address of the user is different than a received address of the user from the provisioning request.
  - 8. The method of claim 1, wherein the provisioning request further comprises a scenario identifier, and the non-override condition is identified based upon the scenario identifier.
  - 9. The method of claim 8, further comprises:
    - determining, by the server computer, that the scenario identifier exists within a set of one or more scenario identifiers stored by the server computer.
  - 10. The method of claim 1, wherein the first risk level indicates the first perceived risk of provisioning the credential to the user device as perceived by an entity other than the server computer or an issuer computer of an issuer of the account.

11. A server computer, comprising:
- one or more processors; and
  
  a non-transitory computer readable storage medium communicatively coupled with the one or more processors and storing instructions which, when executed by the one or more processors, cause the server computer to;
  
  receive a provisioning request to provision a credential to a user device, wherein the credential is associated with an account of a user, and wherein the provisioning request includes a first risk level indicating a first perceived risk of provisioning the credential to the user device, wherein the first risk level is determined based on a first set of information;
  
  determine that the provisioning request includes a non-override condition, wherein the non-override condition recommends setting the first risk level as a final risk decision value;
  
  determine additional information associated with the user device or the account of the user available to the server computer, wherein the additional information is different than the first set of information;
  
  generate a second risk level associated with the provisioning request based on the additional information, wherein the second risk level indicates a second perceived risk of provisioning the credential to the user device different than the first perceived risk;
  
  compare the first risk level to the second risk level;
  
  when the first risk level is lower than the second risk level;
  
  set the second risk level as the final risk decision value even when the non-override condition exists; and
  
  prevent the credential from being provisioned onto the user device without further authentication, wherein the user device is not capable of initiating a transaction using the account when the credential is prevented from being provisioned onto the user device;
  
  when the first risk level is higher than the second risk level;
  
  set the first risk level as the final risk decision value;
  
  cause one or more scripts to be executed on the user device thereby provisioning the credential onto the user device; and
  
  convert the user device into a payment device capable of initiating the transaction using the account.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The server computer of claim 11, wherein the first risk level includes a first risk level range and the second risk level includes a second risk level range.
  - 13. The server computer of claim 11, wherein the first risk level includes a first discrete value and the second risk level includes a second discrete value.
  - 14. The server computer of claim 11, wherein the instructions, when executed by the one or more processors, further cause the server computer to:
    - when the first risk level is lower than the second risk level;
      
      determine that an authentication process is to be performed with the user; and
      
      cause the authentication process to be performed with the user.
  - 15. The server computer of claim 11, wherein said determining the second risk level associated with the provisioning request comprises:
    - receiving, at the server computer from an issuer computer of an issuer of the account, a token activation response message that includes the second risk level.
  - 16. The server computer of claim 11, wherein said determining the second risk level associated with the provisioning request comprises:
    - generating, by the server computer, the second risk level based in part upon a previously stored address of the user and a received address of the user from the provisioning request.
  - 17. The server computer of claim 16, wherein the second risk level is higher than the first risk level if the previously stored address of the user is different than a received address of the user from the provisioning request.
  - 18. The server computer of claim 11, wherein the provisioning request further comprises a scenario identifier and the non-override condition is identified based upon the scenario identifier.
  - 19. The server computer of claim 18, wherein the instructions, when executed by the one or more processors, further cause the server computer to:
    - determine that the scenario identifier exists within a set of one or more scenario identifiers stored by the server computer.
  - 20. The server computer of claim 11, wherein the first risk level indicates the first perceived risk of provisioning the credential to the user device as perceived by an entity other than the server computer or an issuer computer of an issuer of the account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Carpenter, Andrew, Powell, Glen Leon
Primary Examiner(s)
Milef, Elda G
Assistant Examiner(s)
Cunningham, II, Gregory S

Application Number

US14/861,916
Publication Number

US 20160086184A1
Time in Patent Office

1,162 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3821   Electronic credentials

G06Q 20/4016   involving fraud or risk lev...

Secure mobile device credential provisioning using risk decision non-overrides

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

569 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure mobile device credential provisioning using risk decision non-overrides

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

569 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links