Cloud card application platform

US 10,440,012 B2
Filed: 11/03/2014
Issued: 10/08/2019
Est. Priority Date: 07/15/2014
Status: Active Grant

First Claim

Patent Images

1. A cloud card application platform hosted at a network server, comprising:

a processor; and

computer memory comprising instructions that are configured for execution by the processor, wherein the instructions comprise;

a credential authentication set of instructions that, when executed, enable the processor to authenticate a hardware credential read by a user device and authenticate that a unique interaction has occurred between the hardware credential and the user device, wherein the authentication is based on information provided from the hardware credential to the user device, and wherein the user device is one of a plurality of user devices that use the network server;

an application/service selection set of instructions that, when executed, enable the processor to provide a user of the user device with an option of selecting one or more applications for use with the hardware credential read by the user device, wherein the option of selecting one or more applications is provided to the user in response to authenticating the hardware credential and in response to authenticating that the unique interaction has occurred between the hardware credential and the user device; and

a federation set of instructions that, when executed, enable the processor to receive an identification of a selected application from the application/service selection module and, in response thereto, federate at least one of a browser and application running on the user device to a Service Provider that is associated with the selected application,wherein the information provided from the hardware credential to the user device comprises a Universal Resource Locator (URL) and a Tag Authentication Cryptogram (TAC) appended to the URL that indicates a unique read transaction occurred between the hardware credential and the user device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud card application platform is provided. The cloud card application platform enables one or more card applications to be virtualized on at least one server that is available to mobile devices via a communication network, such as the Internet. The one or more card applications virtualized on the cloud card application platform are capable of being managed remotely by service providers that have deployed and developed the one or more applications.

66 Citations

View as Search Results

18 Claims

1. A cloud card application platform hosted at a network server, comprising:
- a processor; and
  
  computer memory comprising instructions that are configured for execution by the processor, wherein the instructions comprise;
  
  a credential authentication set of instructions that, when executed, enable the processor to authenticate a hardware credential read by a user device and authenticate that a unique interaction has occurred between the hardware credential and the user device, wherein the authentication is based on information provided from the hardware credential to the user device, and wherein the user device is one of a plurality of user devices that use the network server;
  
  an application/service selection set of instructions that, when executed, enable the processor to provide a user of the user device with an option of selecting one or more applications for use with the hardware credential read by the user device, wherein the option of selecting one or more applications is provided to the user in response to authenticating the hardware credential and in response to authenticating that the unique interaction has occurred between the hardware credential and the user device; and
  
  a federation set of instructions that, when executed, enable the processor to receive an identification of a selected application from the application/service selection module and, in response thereto, federate at least one of a browser and application running on the user device to a Service Provider that is associated with the selected application,wherein the information provided from the hardware credential to the user device comprises a Universal Resource Locator (URL) and a Tag Authentication Cryptogram (TAC) appended to the URL that indicates a unique read transaction occurred between the hardware credential and the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The cloud card application platform of claim 1, wherein the instructions further comprise:
    - a management set of instructions that, when executed, enable the processor to enforce access permissions to one or more applications stored in the cloud card application platform for at least one of;
      
      (i) a credential number, (ii) a group of credential numbers, (iii) a user identity, and (iv) a group of users.
  - 3. The cloud card application platform of claim 1, further comprising a network interface that enables packet-based communications with the user device.
  - 4. The cloud card application platform of claim 3, wherein the user device communicates with the cloud card application platform via at least one of HTTP and IP-based network protocols.
  - 5. The cloud card application platform of claim 1, wherein the federation set of instructions further enable the processor to generate a federation token in response to receiving the identification of the selected application, wherein the federation token federates via a browser of the user device to the Service Provider, and wherein the federation token provides a proof of authenticity as determined by the card authentication module to the Service Provider, thereby enabling the Service Provider to trust that the hardware credential read by the user device has been authenticated.
  - 6. The cloud card application platform of claim 5, wherein the federation token also provides data stored on the cloud card application platform that is associated with the selected application or the selected application for the specific credential that has been authenticated.
  - 7. The cloud card application platform of claim 1, wherein the application is selected automatically by an application selector.
  - 8. The cloud card application platform of claim 1, wherein the application is selected based on a user input received at the user device in response to the user of the user device being presented with an application selection dashboard by the application/service selection set of instructions.
  - 9. The cloud card application platform of claim 1, further comprising:
    - an Application Programming Interface (API) that enables a Service Provider to manage an application stored on the computer memory.
  - 10. The cloud card application platform of claim 1, wherein the credential authentication set of instructions further enable the processor to authenticate one or both of the user device and the user of the user device.

11. A server, comprising:
- at least one processor; and
  
  memory comprising instructions that are configured for execution by the at least one processor, wherein the instructions comprise;
  
  a plurality of virtualized card applications each comprising one or more related files; and
  
  a card application selector set of instructions that cause the at least one processor to deliver one or more files associated with a card application to a mobile device in response to a selection of the card application from among the plurality of virtualized card applications, wherein the selection of the card application is either;
  
  (i) automatically selected by the at least one processor from among the plurality of virtualized card applications in the event that the card application is dedicated to the mobile device;
  
  or(ii) selected based on a user selection from a list of applications available to the mobile device,wherein the mobile device is to authenticate a hardware credential based on information provided from the hardware credential to the mobile device, wherein the information provided from the hardware credential to the mobile device comprises a Universal Resource Locator (URL) and a Tag Authentication Cryptogram (TAC) appended to the URL that indicates a unique read transaction occurred between the hardware credential and the mobile device.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The server of claim 11, wherein the at least one processor is enabled to provide the one or more files to the mobile device in response to the mobile device providing the server with at least one of a card and user identifier that is associated with the card application.
  - 13. The server of claim 12, wherein the server further comprises a web interface that enables communications with the mobile device and delivery of the one or more files associated with the card application.
  - 14. The server of claim 11, wherein the instructions further comprise an authentication set of instructions that enable the at least one processor to:
    - (i) authenticate at least one of the mobile device and a card that is associated with the card application and (ii) authenticate that a unique interaction has occurred between the card and the mobile device.
  - 15. The server of claim 11, wherein the card application selector set of instructions cause the at least one processor to generate and send the list of applications available to the mobile device via a selection dashboard.

16. A method, comprising:
- receiving, at a server implementing a cloud card application platform, at least one message from a browser of a mobile device, the at least one message comprising a Universal Resource Locator (URL) provided to the mobile device by a card read by the mobile device, wherein the at least one message further comprises a Tag Authentication Cryptogram (TAC) that indicates a unique read transaction occurred between the card and the mobile device;
  
  authenticating, at the server implementing the cloud card application platform, a card number included in the URL and/or the TAC;
  
  authenticating the mobile device that read the card;
  
  authenticating the TAC to ensure that the received URL corresponds to the unique read transaction;
  
  in response to authenticating the card number, authenticating the mobile device, and authenticating the TAC, determining a number of applications available to the mobile device, wherein the number of applications are stored on the cloud card application platform as virtualized card applications;
  
  performing one of the following;
  
  (i) in the event that the number of applications comprise a single application, automatically selecting the single application as a selected application; and
  
  (ii) in the event that the number of applications comprise multiple applications, providing a user of the mobile device with an option to select one of the multiple applications as the selected application;
  
  identifying a service provider associated with the selected application;
  
  federating the service provider by creating a federation token that includes an assertion to the service provider that proves authentication of the card by the cloud card application; and
  
  directing the mobile device to a URL hosted by the service provider.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the user is provided with a selection dashboard that includes the multiple applications.
  - 18. The method of claim 16, wherein the number of applications comprise the single application and wherein the method further comprises:
    - notifying the user of the mobile device that the selected application was automatically selected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Hoyer, Philip, Robinton, Mark, Lovelock, Julian Eric
Primary Examiner(s)
Ullah, Sharif E

Application Number

US15/308,978
Publication Number

US 20170118201A1
Time in Patent Office

1,800 Days
Field of Search

726 7, 726 2, 726 21, 726 36, 713150, 713163, 713181, 380255, 380264, 380276
US Class Current
CPC Class Codes

G06K 19/0723   the record carrier comprisi...

H04L 63/0815   providing single-sign-on or...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04W 12/068   using credential vaults, e....

Cloud card application platform

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

66 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud card application platform

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links