Systems and methods for device push provisoning

US 10,243,958 B2
Filed: 01/09/2017
Issued: 03/26/2019
Est. Priority Date: 01/07/2016
Status: Active Grant

First Claim

Patent Images

1. A communication device comprising:

a processor; and

a non-transitory computer readable medium coupled to the processor, wherein the non-transitory computer readable medium comprises code executable by the processor for implementing a method comprising;

receiving, by a first application installed on the communication device, user input selecting an account to provision to a second application installed on the communication device;

in response to receiving the selection of the account to provision, invoking, by the first application, the second application and sending a session identifier (ID) to the second application;

sending, by the second application, a user ID associated with the second application, a device ID, and the session ID to the first application;

generating, by the first application, encrypted provisioning request data including an account ID of the account to provision, the user ID, and the device ID;

sending, by the first application, the encrypted provisioning request data to the second application;

sending, by the second application, the encrypted provisioning request data to a remote server computer;

receiving, by the second application, access data provided by the remote server computer based on validation of the encrypted provisioning request data; and

provisioning, by the second application, the access data onto the second application, wherein the first application is trusted, thereby allowing the second application to be provisioned with the access data without requiring the second application to perform a step-up authentication process, and wherein the device ID allows the access data to be bound to the communication device, andwherein the encrypted provisioning request data includes a timestamp, and the validation of the encrypted provisioning request data includes determining whether a difference between a time at which the encrypted provision request data was received by the remote server computer and the time indicated in the timestamp is within a predefined time threshold.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for provisioning access data may include receiving, by a first application installed on a communication device, user input selecting an account to provision to a second application installed on the communication device. The first application may invoke the second application and send a session identifier (ID) to the second application. The second application may send a user ID associated with the second application, a device ID, and the session ID to the first application. The first application may then generate encrypted provisioning request data and send the encrypted provisioning request data to the second application. The second application may send the encrypted provisioning request data to a remote server computer to request access data that can be used to access a resource. The second application may receive the access data provided by the remote server computer based on validation of the encrypted provisioning request data.

583 Citations

18 Claims

1. A communication device comprising:
- a processor; and
  
  a non-transitory computer readable medium coupled to the processor, wherein the non-transitory computer readable medium comprises code executable by the processor for implementing a method comprising;
  
  receiving, by a first application installed on the communication device, user input selecting an account to provision to a second application installed on the communication device;
  
  in response to receiving the selection of the account to provision, invoking, by the first application, the second application and sending a session identifier (ID) to the second application;
  
  sending, by the second application, a user ID associated with the second application, a device ID, and the session ID to the first application;
  
  generating, by the first application, encrypted provisioning request data including an account ID of the account to provision, the user ID, and the device ID;
  
  sending, by the first application, the encrypted provisioning request data to the second application;
  
  sending, by the second application, the encrypted provisioning request data to a remote server computer;
  
  receiving, by the second application, access data provided by the remote server computer based on validation of the encrypted provisioning request data; and
  
  provisioning, by the second application, the access data onto the second application, wherein the first application is trusted, thereby allowing the second application to be provisioned with the access data without requiring the second application to perform a step-up authentication process, and wherein the device ID allows the access data to be bound to the communication device, andwherein the encrypted provisioning request data includes a timestamp, and the validation of the encrypted provisioning request data includes determining whether a difference between a time at which the encrypted provision request data was received by the remote server computer and the time indicated in the timestamp is within a predefined time threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The communication device of claim 1, wherein the validation of the encrypted provisioning request data includes decrypting the received encrypted provisioning request data using a key associated with the first application to determine that the encrypted provisioning request data was generated by the first application.
  - 3. The communication device of claim 1, wherein the validation of the encrypted provisioning request data includes determining that the account ID is a valid account ID associated with first application.
  - 4. The communication device of claim 1, wherein the access data includes user credential data that the second application uses to access a service associated with the first application.
  - 5. The communication device of claim 1, wherein the access data is a token that is a substitute for the account ID.
  - 6. The communication device of claim 1, wherein the first application is an issuer application and the second application is an digital wallet application.
  - 7. The communication device of claim 1, wherein the account ID is a primary account number (PAN).
  - 8. The communication device of claim 1, wherein the access data allows a user of the communication device to access a building.
  - 9. The communication device of claim 1, wherein the access data comprises a payment token.

10. A method comprising:
- receiving, by a first application installed on a communication device, user input selecting an account to provision to a second application installed on the communication device;
  
  in response to receiving the selection of the account to provision, invoking, by the first application, the second application and sending a session identifier (ID) to the second application;
  
  sending, by the second application, a user ID associated with the second application, a device ID, and the session ID to the first application;
  
  generating, by the first application, encrypted provisioning request data including an account ID of the account to provision, the user ID, and the device ID;
  
  sending, by the first application, the encrypted provisioning request data to the second application;
  
  sending, by the second application, the encrypted provisioning request data to a remote server computer;
  
  receiving, by the second application, access data provided by the remote server computer based on validation of the encrypted provisioning request data; and
  
  provisioning, by the second application, the access data onto the second application,wherein the first application is trusted, thereby allowing the second application to be provisioned with the access data without requiring the second application to perform a step-up authentication process, and wherein the device ID allows the access data to be bound to the communication device, andwherein the encrypted provisioning request data includes a timestamp, and the validation of the encrypted provisioning request data includes determining whether a difference between a time at which the encrypted provision request data was received by the remote server computer and the time indicated in the timestamp is within a predefined time threshold.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein the validation of the encrypted provisioning request data includes decrypting the received encrypted provisioning request data using a key associated with the first application to determine that the encrypted provisioning request data was generated by the first application.
  - 12. The method of claim 10, wherein the validation of the encrypted provisioning request data includes determining that the account ID is a valid account ID associated with first application.
  - 13. The method of claim 10, wherein the access data includes user credential data that the second application uses to access a service associated with the first application.
  - 14. The method of claim 10, wherein the access data is a token that is a substitute for the account ID.
  - 15. The method of claim 10, wherein the first application is an issuer application and the second application is an digital wallet application.
  - 16. The method of claim 10, wherein the account ID is a primary account number (PAN).
  - 17. The method of claim 10, wherein the access data allows a user of the communication device to access a building.
  - 18. The method of claim 10, wherein the access data comprises a payment token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Chandoor, Madhuri, Chitalia, Jalpesh, Petkov, Gueorgui, Nosseir, Mohamed, Bansal, Parveen, Bellenger, Thomas, Law, Simon
Primary Examiner(s)
Le, Khoi V

Application Number

US15/402,095
Publication Number

US 20170201520A1
Time in Patent Office

806 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/108   when the policy decisions a...

H04W 12/04   Key management, e.g. using ...

H04W 12/35   Protecting application or s...

H04W 88/02   Terminal devices

Systems and methods for device push provisoning

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

583 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for device push provisoning

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

583 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links