Device profile data usage for state management in mobile device authentication

US 10,362,136 B2
Filed: 08/19/2015
Issued: 07/23/2019
Est. Priority Date: 08/20/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

creating, by a processor, a user profile;

determining, by the processor, state information for a user device based on authentication process used to authenticate the user device, wherein the state information indicates whether the user device has one of a trusted state, a suspended state and an untrusted state;

creating, by the processor, a dynamic device profile associated with the user device, the dynamic device profile including the state information for the user device;

binding, by the processor, the user profile to the dynamic device profile, wherein the binding prepares the user device to conduct one or more transactions;

in response to a request to perform a transaction with the user device, checking, by the processor, the state information in the dynamic device profile;

preventing, by the processor, the transaction with the user device when the state information indicates the untrusted state;

unbinding, by the processor, the user profile from the dynamic device profile when the state information indicates the untrusted state, wherein the unbinding revokes authorization to conduct the one or more transactions using the user device;

wherein the user device transitions among the trusted state, the suspended state and the untrusted state when a predetermined set of actions associated with each respective transition are completed, wherein a first subset of actions are associated with a transition from the trusted state to the suspended state and a second subset of actions are associated with a transition from the untrusted state to the trusted state;

continuously performing the second subset of actions to determine whether the user device qualifies to transition to the trusted state; and

re-binding, by the processor, the user profile to the dynamic device profile when the second subset of actions are successfully completed, wherein the re-binding the user profile to the dynamic device profile transitions the user device from the untrusted state to the trusted state and reinstates the authorization to conduct the one or more transactions with the user device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments create and manage a device profile on a mobile device for continued authentication of the mobile device. The device profile includes a state assigned to a mobile device. The state of the device can be managed through the device profile. The mobile device is allowed to conduct payments based on the current state assigned to the mobile device. In response to a request to conduct a payment transaction using the mobile device, the state information in the mobile device profile is checked. The payment transaction using the mobile device is allowed when the state information indicates a trusted state. The payment transaction using the mobile device is limited when the state information indicates a suspended state. The payment transaction using the mobile device is prevented when the state information indicates an untrusted state.

25 Citations

21 Claims

1. A method comprising:
- creating, by a processor, a user profile;
  
  determining, by the processor, state information for a user device based on authentication process used to authenticate the user device, wherein the state information indicates whether the user device has one of a trusted state, a suspended state and an untrusted state;
  
  creating, by the processor, a dynamic device profile associated with the user device, the dynamic device profile including the state information for the user device;
  
  binding, by the processor, the user profile to the dynamic device profile, wherein the binding prepares the user device to conduct one or more transactions;
  
  in response to a request to perform a transaction with the user device, checking, by the processor, the state information in the dynamic device profile;
  
  preventing, by the processor, the transaction with the user device when the state information indicates the untrusted state;
  
  unbinding, by the processor, the user profile from the dynamic device profile when the state information indicates the untrusted state, wherein the unbinding revokes authorization to conduct the one or more transactions using the user device;
  
  wherein the user device transitions among the trusted state, the suspended state and the untrusted state when a predetermined set of actions associated with each respective transition are completed, wherein a first subset of actions are associated with a transition from the trusted state to the suspended state and a second subset of actions are associated with a transition from the untrusted state to the trusted state;
  
  continuously performing the second subset of actions to determine whether the user device qualifies to transition to the trusted state; and
  
  re-binding, by the processor, the user profile to the dynamic device profile when the second subset of actions are successfully completed, wherein the re-binding the user profile to the dynamic device profile transitions the user device from the untrusted state to the trusted state and reinstates the authorization to conduct the one or more transactions with the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 18, 19, 20, 21)
- - 2. The method of claim 1, further comprising:
    - performing one or more security tests on the user device, wherein the predetermined set of actions include the one or more security tests; and
      
      modifying the state information based on the one or more security tests.
  - 3. The method of claim 1, further comprising:
    - associating a warning flag with the dynamic device profile when the state information indicates the suspended state.
  - 4. The method of claim 1, wherein, when the user device is in the trusted state, the user device remains in the trusted state when a set of trusted state actions are completed.
  - 5. The method of claim 4, further comprising:
    - continuously performing the set of trusted state actions to ensure that the user device qualifies to remain in the trusted state.
  - 6. The method of claim 1, wherein, when the user device is in the untrusted state, the user device remains in the untrusted state when a set of untrusted state actions are completed.
  - 7. The method of claim 6, further comprising:
    - continuously performing the set of untrusted state actions to ensure that the user device qualifies to remain in the untrusted state.
  - 8. The method of claim 1, wherein the dynamic device profile further includes one or more of device identification information, device behavioral history, a risk score associated with the user device, a software configuration of the user device and a hardware configuration of the user device.
  - 9. The method of claim 1, wherein the predetermined set of actions include one or more of authentication of user, verification of user device security, identification of user device, creation of the dynamic device profile, binding of the dynamic device profile to the user profile, and management of user device state and the dynamic device profile.
  - 18. The method of claim 1, further comprising:
    - allowing, by the processor, the transaction with the user device when the state information indicates the trusted state.
  - 19. The method of claim 1, further comprising:
    - limiting, by the processor, the transaction with the user device when the state information indicates the suspended state.
  - 20. The method of claim 1, further comprising:
    - determining that the first subset of actions occurred in connection with the user device;
      
      updating, by the processor, the state information in the dynamic device profile of the user device from the trusted state to the suspended state.
  - 21. The method of claim 20, further comprising:
    - restricting, by the processor, the transaction with the user device based on a predetermined criteria when the state information indicates the suspended state;
      
      performing, by the processor, a security test with the user device upon determining that the state information indicates the suspended state;
      
      updating, by the processor, the state information in the dynamic device profile of the user device to the trusted state if the security test is successful; and
      
      updating, by the processor, the state information in the dynamic device profile of the user device to the untrusted state if the security test is unsuccessful.

10. A method comprising:
- determining, by a processor, state information for a user device based on authentication process used to authenticate a user device, wherein the state information indicates whether the user device has one of a trusted state, a suspended state and an untrusted state;
  
  creating, by the processor, a dynamic device profile including the state information for the user device;
  
  determining that the user device is in the trusted state, wherein the user device is authorized to conduct one or more transactions while in the trusted state;
  
  continuously performing, by the processor, actions on a list of actions one by one, wherein an action on the list is performed if a current action is completed;
  
  transitioning, by the processor, the user device to the suspended state if a first subset of actions of the list is completed, wherein the first subset of actions are associated with a transition from the trusted state to the suspended state, wherein transitioning into the suspended state restricts the one or more transactions conducted with the user device based on a predetermined criteria;
  
  transitioning, by the processor, the user device to the untrusted state if a second subset of actions of the list is completed, wherein the second subset of actions are associated with a transition from the trusted state to the untrusted state, wherein transitioning into the untrusted state revokes authorization to conduct the one or more transactions using the user device; and
  
  keeping the user device in the trusted state if a third subset of actions of the list is completed.
- View Dependent Claims (11)
- - 11. The method of claim 10, wherein the list of actions include one or more of authentication of user, verification of user device security, identification of user device, creation of the dynamic device profile, creation of a user profile, binding of the dynamic device profile to the user profile, and management of user device state and the dynamic device profile.

12. A server computer comprising:
- a processor; and
  
  a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, to implement a method comprising;
  
  creating a user profile;
  
  determining state information for a user device based on authentication process used to authenticate the user device, wherein the state information indicates whether the user device has one of a trusted state, a suspended state and an untrusted state;
  
  creating a dynamic device profile associated with the user device, the dynamic device profile including the state information for the user device;
  
  binding the user profile to the dynamic device profile, wherein the binding prepares the user device to conduct one or more transactions;
  
  in response to a request to perform a transaction with the user device, checking the state information in the dynamic device profile;
  
  preventing the transaction with the user device when the state information indicates the untrusted state;
  
  unbinding the user profile from the dynamic device profile when the state information indicates the untrusted state, wherein the unbinding revokes authorization to conduct the one or more transactions using the user device;
  
  wherein the user device transitions among the trusted state, the suspended state and the untrusted state when a predetermined set of actions associated with each respective transition are completed, wherein a first subset of actions are associated with a transition from the trusted state to the suspended state and a second subset of actions are associated with a transition from the untrusted state to the trusted state;
  
  continuously performing the second subset of actions to determine whether the user device qualifies to transition to the trusted state; and
  
  re-binding the user profile to the dynamic device profile when the second subset of actions are successfully completed, wherein the re-binding the user profile to the dynamic device profile transitions the user device from the untrusted state to the trusted state and reinstates the authorization to conduct the one or more transactions with the user device.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The server computer of claim 12, wherein the method further comprises:
    - associating a warning flag with the dynamic device profile when the state information indicates the suspended state.
  - 14. The server computer of claim 12, wherein, when the user device is in the trusted state, the user device remains in the trusted state when a set of trusted state actions are completed, wherein the method further comprises:
    - continuously performing the set of trusted state actions to ensure that the user device qualifies to remain in the trusted state.
  - 15. The server computer of claim 12, wherein, when the user device is in the untrusted state, the user device remains in the untrusted state when a set of untrusted state actions are completed, wherein the method further comprises:
    - continuously performing the set of untrusted state actions to ensure that the user device qualifies to remain in the untrusted state.
  - 16. The server computer of claim 12, wherein the dynamic device profile further includes one or more of device identification information, device behavioral history, a risk score associated with the user device, a software configuration of the user device and a hardware configuration of the user device.
  - 17. The server computer of claim 12, wherein the predetermined set of actions include one or more of authentication of user, verification of user device security, identification of user device, creation of the dynamic device profile, binding of the dynamic device profile to the user profile, and management of user device state and the dynamic device profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Tankha, Gautam
Primary Examiner(s)
Wright, Bryan F

Application Number

US14/830,562
Publication Number

US 20160057248A1
Time in Patent Office

1,434 Days
Field of Search

726 6
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06Q 20/3265   characterised by personalis...

G06Q 20/382   insuring higher security of...

H04L 63/102   Entity profiles

H04L 67/303   Terminal profiles

H04L 67/306   User profiles

H04W 12/08   Access security

H04W 12/67   Risk-dependent, e.g. select...

Device profile data usage for state management in mobile device authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Device profile data usage for state management in mobile device authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links