Systems and methods for device push provisoning
First Claim
1. A communication device comprising:
- a processor; and
a non-transitory computer readable medium coupled to the processor, wherein the non-transitory computer readable medium comprises code executable by the processor for implementing a method comprising;
receiving, by a first application installed on the communication device, user input selecting an account to provision to a second application installed on the communication device;
in response to receiving the selection of the account to provision, invoking, by the first application, the second application and sending a session identifier (ID) to the second application;
sending, by the second application, a user ID associated with the second application, a device ID, and the session ID to the first application;
generating, by the first application, encrypted provisioning request data including an account ID of the account to provision, the user ID, and the device ID;
sending, by the first application, the encrypted provisioning request data to the second application;
sending, by the second application, the encrypted provisioning request data to a remote server computer;
receiving, by the second application, access data provided by the remote server computer based on validation of the encrypted provisioning request data; and
provisioning, by the second application, the access data onto the second application, wherein the first application is trusted, thereby allowing the second application to be provisioned with the access data without requiring the second application to perform a step-up authentication process, and wherein the device ID allows the access data to be bound to the communication device, andwherein the encrypted provisioning request data includes a timestamp, and the validation of the encrypted provisioning request data includes determining whether a difference between a time at which the encrypted provision request data was received by the remote server computer and the time indicated in the timestamp is within a predefined time threshold.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for provisioning access data may include receiving, by a first application installed on a communication device, user input selecting an account to provision to a second application installed on the communication device. The first application may invoke the second application and send a session identifier (ID) to the second application. The second application may send a user ID associated with the second application, a device ID, and the session ID to the first application. The first application may then generate encrypted provisioning request data and send the encrypted provisioning request data to the second application. The second application may send the encrypted provisioning request data to a remote server computer to request access data that can be used to access a resource. The second application may receive the access data provided by the remote server computer based on validation of the encrypted provisioning request data.
583 Citations
18 Claims
-
1. A communication device comprising:
-
a processor; and a non-transitory computer readable medium coupled to the processor, wherein the non-transitory computer readable medium comprises code executable by the processor for implementing a method comprising; receiving, by a first application installed on the communication device, user input selecting an account to provision to a second application installed on the communication device; in response to receiving the selection of the account to provision, invoking, by the first application, the second application and sending a session identifier (ID) to the second application; sending, by the second application, a user ID associated with the second application, a device ID, and the session ID to the first application; generating, by the first application, encrypted provisioning request data including an account ID of the account to provision, the user ID, and the device ID; sending, by the first application, the encrypted provisioning request data to the second application; sending, by the second application, the encrypted provisioning request data to a remote server computer; receiving, by the second application, access data provided by the remote server computer based on validation of the encrypted provisioning request data; and provisioning, by the second application, the access data onto the second application, wherein the first application is trusted, thereby allowing the second application to be provisioned with the access data without requiring the second application to perform a step-up authentication process, and wherein the device ID allows the access data to be bound to the communication device, and wherein the encrypted provisioning request data includes a timestamp, and the validation of the encrypted provisioning request data includes determining whether a difference between a time at which the encrypted provision request data was received by the remote server computer and the time indicated in the timestamp is within a predefined time threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
receiving, by a first application installed on a communication device, user input selecting an account to provision to a second application installed on the communication device; in response to receiving the selection of the account to provision, invoking, by the first application, the second application and sending a session identifier (ID) to the second application; sending, by the second application, a user ID associated with the second application, a device ID, and the session ID to the first application; generating, by the first application, encrypted provisioning request data including an account ID of the account to provision, the user ID, and the device ID; sending, by the first application, the encrypted provisioning request data to the second application; sending, by the second application, the encrypted provisioning request data to a remote server computer; receiving, by the second application, access data provided by the remote server computer based on validation of the encrypted provisioning request data; and provisioning, by the second application, the access data onto the second application, wherein the first application is trusted, thereby allowing the second application to be provisioned with the access data without requiring the second application to perform a step-up authentication process, and wherein the device ID allows the access data to be bound to the communication device, and wherein the encrypted provisioning request data includes a timestamp, and the validation of the encrypted provisioning request data includes determining whether a difference between a time at which the encrypted provision request data was received by the remote server computer and the time indicated in the timestamp is within a predefined time threshold. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification