System and method for identity verification across mobile applications

US 10,484,345 B2
Filed: 07/30/2015
Issued: 11/19/2019
Est. Priority Date: 07/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a server computer, user data associated with a user from a first mobile application;

determining, by the server computer, that the first mobile application is a trusted application provisioned in a secure execution environment of a mobile device by an issuer of an account;

authenticating, by the server computer, the user based on the user data;

sending, by the server computer, a first cryptographic key to the first mobile application after authenticating the user, wherein an identity verification cryptogram is generated by the first mobile application using the first cryptographic key;

receiving, at the server computer, the user data associated with the user and the identity verification cryptogram generated by the first mobile application from a second mobile application, wherein the first mobile application and the second mobile application are stored on the same mobile device of the user;

validating, by the server computer, that the identity verification cryptogram is generated using the user data and the first cryptographic key previously sent by the server computer to the first mobile application; and

sending, by the server computer, a token and a second cryptographic key to the second mobile application upon validating the identity verification cryptogram generated by the first mobile application, wherein the token represents account information of the account issued by the issuer, and wherein the second mobile application completes a transaction using the token and a transaction cryptogram generated by the second mobile application using the second cryptographic key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to methods, apparatuses, computer readable media and systems for authenticating a user on a user device across multiple mobile applications. The identity of the user is validated by encoding and subsequently validating cryptographically encrypted data in a shared data store accessible by the mobile applications tied to the same entity. Specifically, the application leverages the authentication process of a trusted mobile application (e.g. a banking mobile application) to authenticate the same user on a untrusted mobile application (e.g. a merchant mobile application).

562 Citations

17 Claims

1. A method comprising:
- receiving, at a server computer, user data associated with a user from a first mobile application;
  
  determining, by the server computer, that the first mobile application is a trusted application provisioned in a secure execution environment of a mobile device by an issuer of an account;
  
  authenticating, by the server computer, the user based on the user data;
  
  sending, by the server computer, a first cryptographic key to the first mobile application after authenticating the user, wherein an identity verification cryptogram is generated by the first mobile application using the first cryptographic key;
  
  receiving, at the server computer, the user data associated with the user and the identity verification cryptogram generated by the first mobile application from a second mobile application, wherein the first mobile application and the second mobile application are stored on the same mobile device of the user;
  
  validating, by the server computer, that the identity verification cryptogram is generated using the user data and the first cryptographic key previously sent by the server computer to the first mobile application; and
  
  sending, by the server computer, a token and a second cryptographic key to the second mobile application upon validating the identity verification cryptogram generated by the first mobile application, wherein the token represents account information of the account issued by the issuer, and wherein the second mobile application completes a transaction using the token and a transaction cryptogram generated by the second mobile application using the second cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the user data includes a device identifier.
  - 3. The method of claim 2, further comprising:
    - determining, using the device identifier, that the first mobile application and the second mobile application are stored on the same mobile device.
  - 4. The method of claim 1, wherein the identity verification cryptogram is stored at a cloud storage system.
  - 5. The method of claim 1, wherein the identity verification cryptogram is stored on a cloud storage system of an operating system provider of the mobile device.
  - 6. The method of claim 1, further comprising:
    - sending another token to the first mobile application along with the first cryptographic key.

7. A system comprising:
- a mobile device storing a first mobile application and a second mobile application; and
  
  a server computer including;
  
  a processor; and
  
  a computer readable medium coupled to the processor, the computer readable medium comprising code, when executed by the processor, causes the processor to;
  
  receive user data associated with a user from the first mobile application;
  
  determine that the first mobile application is a trusted application provisioned in a secure execution environment of the mobile device by an issuer of an account;
  
  authenticate the user based on the user data;
  
  send a first cryptographic key to the first mobile application after authenticating the user, wherein an identity verification cryptogram is generated by the first mobile application using the first cryptographic key;
  
  receive the user data associated with the user and the identity verification cryptogram generated by the first mobile application from the second mobile application;
  
  validate that the identity verification cryptogram is generated using the user data and the first cryptographic key previously sent by the server computer to the first mobile application; and
  
  send a token and a second cryptographic key to the second mobile application upon validating the identity verification cryptogram generated by the first mobile application, wherein the token represents account information of the account issued by the issuer,wherein the second mobile application completes a transaction using the token and a transaction cryptogram generated by the second mobile application using the second cryptographic key.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the user data includes a device identifier.
  - 9. The system of claim 8, wherein the code, when executed by the processor of the server computer, further causes the processor of the server computer to:
    - determine, using the device identifier, that the first mobile application and the second mobile application are stored on the same mobile device.
  - 10. The system of claim 7, wherein the identity verification cryptogram is stored at a cloud storage system.
  - 11. The system of claim 7, wherein the identity verification cryptogram is stored on a cloud storage system of an operating system provider of the mobile device.
  - 12. The system of claim 7, wherein the code, when executed by the processor of the server computer, further causes the processor of the server computer to:
    - send another token to the first mobile application along with the first cryptographic key.

13. A method comprising:
- authenticating, by a first mobile application on a user device, a user on the user device;
  
  sending, by the first mobile application on the user device, user data associated with the user to a server computer, wherein the first mobile application is a trusted application provisioned in a secure execution environment of the user device by an issuer of an account;
  
  receiving, by the first mobile application on the user device, a cryptographic key from the server computer;
  
  generating, by the first mobile application on the user device, an identity verification cryptogram using the cryptographic key;
  
  storing, by the first mobile application on the user device, the identity verification cryptogram on a cloud storage system of an operating system provider of the user device;
  
  retrieving, by a second mobile application on the user device, the identity verification cryptogram generated by the first mobile application from the cloud storage system;
  
  sending, by the second mobile application on the user device, the user data associated with the user and the identity verification cryptogram generated by the first mobile application to the server computer;
  
  receiving, by the second mobile application on the user device, a token from the server computer, wherein the token represents account information of the account issued by the issuer; and
  
  completing, by the second mobile application on the user device, a transaction with the token.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein the user data includes a device identifier.
  - 15. The method of claim 13, further comprising:
    - receiving, by the first mobile application on the user device, another token along with the cryptographic key.
  - 16. The method of claim 13, further comprising:
    - receiving, by the second mobile application on the user device, another cryptographic key along with the token, wherein the transaction is completed with the token and the another cryptographic key.
  - 17. The method of claim 16, further comprising:
    - generating, by the second mobile application on the user device, a transaction cryptogram using the another cryptographic key; and
      
      sending, by the second mobile application on the user device, the token and the transaction cryptogram to an access device to complete the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Shastry, Vishwanath, Mayor, Shalini
Primary Examiner(s)
Patel, Ashokkumar B
Assistant Examiner(s)
Carey, Forrest L

Application Number

US14/813,997
Publication Number

US 20160036790A1
Time in Patent Office

1,573 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/102   Bill distribution or payments

G06Q 20/32   using wireless devices

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3263   characterised by activation...

G06Q 20/36   using electronic wallets or...

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/385   using an alias or single-us...

G06Q 20/4014   Identity check for transact...

H04L 63/0435   wherein the sending and rec...

H04L 63/068   using time-dependent keys, ...

H04L 63/0815   providing single-sign-on or...

H04L 63/0876   based on the identity of th...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/37   Managing security policies ...

System and method for identity verification across mobile applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

562 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

System and method for identity verification across mobile applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

562 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others