Enhanced authentication based on secondary device interactions

US 10,601,818 B2
Filed: 04/13/2016
Issued: 03/24/2020
Est. Priority Date: 04/13/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a primary device, credential data of a secondary device;

generating, by the primary device, a cryptogram using the credential data of the secondary device; and

transmitting, by the primary device, the cryptogram to an access device to request for authorization to use an account associated with a user of the primary device, wherein the primary device interacts with the access device without presence of the secondary device, and wherein the authorization is granted based on verification of the cryptogram and an interaction activity pattern of interactions between the primary device and a set of communication devices including the secondary device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Enhance authentication techniques may include receiving credential data of a secondary device by a primary device, generating a cryptogram using the credential data of the secondary device, and transmitting the cryptogram to an access device to request for authorization to use an account associated with a user of the primary device. The authorization can be granted based on verification of the cryptogram and an interaction activity pattern of interactions between the primary device and a set of communication devices including the secondary device.

21 Citations

View as Search Results

19 Claims

1. A method comprising:
- receiving, by a primary device, credential data of a secondary device;
  
  generating, by the primary device, a cryptogram using the credential data of the secondary device; and
  
  transmitting, by the primary device, the cryptogram to an access device to request for authorization to use an account associated with a user of the primary device, wherein the primary device interacts with the access device without presence of the secondary device, and wherein the authorization is granted based on verification of the cryptogram and an interaction activity pattern of interactions between the primary device and a set of communication devices including the secondary device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising:
    - for each communication device in the set of communication devices;
      
      establishing, by the primary device, a communication channel between the primary device and the communication device;
      
      receiving, by the primary device, device data from the communication device including at least one of a device identifier identifying the communication device, sensor data sensed by the communication device, or user data captured by the communication device; and
      
      sending, by the primary device, the device data received from the communication device to an authorization server, wherein the device data is used for establishing the interaction activity pattern.
  - 3. The method of claim 2, wherein the interaction activity pattern is established further based on a time of day of when the primary device interacted with each communication device.
  - 4. The method of claim 2, wherein the authorization is granted based on a comparison of the interaction activity pattern with recent interactions between the primary device and one or more of the communication devices.
  - 5. The method of claim 1, wherein the credential data of the secondary device includes a device identifier of the secondary device, and the method further comprises:
    - deriving, by the primary device, a key-encryption key using the device identifier of the secondary device and a shared key stored on the primary device; and
      
      decrypting, by the primary device, an encrypted cryptogram key using the derived key-encryption key,wherein generating the cryptogam includes encrypting data pertaining to the request for authorization using the decrypted cryptogram key.
  - 6. The method of claim 5, further comprising:
    - prior to receiving the credential data of the secondary device;
      
      sending the device identifier of the secondary device to an authorization server to register the secondary device;
      
      in response to registering the secondary device, receiving the shared key and the encrypted cryptogram key from the authorization server; and
      
      storing the shared key on the primary device.
  - 7. The method of claim 6, further comprising storing the encrypted cryptogram key on the primary device.
  - 8. The method of claim 6, further comprising:
    - forwarding the encrypted cryptogram key to the secondary device for storage on the secondary device; and
      
      receiving the encrypted cryptogram key from the secondary device as part of the credential data of the secondary device.
  - 9. The method of claim 1, wherein the credential data of the secondary device is deleted from the primary device when a predetermined time period from receiving the credential data has elapsed.
  - 10. The method of claim 1, further comprising:
    - determining, by the primary device, that the secondary device is not in presence of the primary device; and
      
      sending, by the primary device, a request to a remote server for the credential data of the secondary device, wherein the credential data of the secondary device is received by the primary device from the remote server.
  - 11. The method of claim 1, further comprising:
    - generating, by the primary device, a first intermediate cryptogram using a first portion of a cryptogram key stored on the primary device; and
      
      transmitting, by the primary device, the first intermediate cryptogram to the secondary device,wherein the credential data of the secondary device received by the primary device is a second intermediate cryptogram generated by the secondary device using the first intermediate cryptogram and a second portion of the cryptogram key stored on the secondary device.
  - 12. The method of claim 11, wherein the cryptogram is generated by the primary device using the second intermediate cryptogram and the first portion of the cryptogram key stored on the primary device.
  - 13. The method of claim 11 wherein the first intermediate cryptogram is generated by encrypting data pertaining to the request for authorization using the first portion of the cryptogram key, decrypting the encrypted data using a first intermediate key, and re-encrypting the decrypted data using a second intermediate key.
  - 14. The method of claim 13, wherein the second intermediate cryptogram is generated by decrypting the first intermediate cryptogram using the second intermediate key, re-encrypting the decrypted first intermediate cryptogram using the first intermediate key, decrypting the re-encrypted first intermediate cryptogram using the second portion of the cryptogram key.
  - 15. The method of claim 14, wherein the second intermediate cryptogram is generated by further encrypting a result of decrypting the re-encrypted first intermediate cryptogram using the second intermediate key, and decrypting the encrypted result using first intermediate key.
  - 16. The method of claim 15, wherein the cryptogram is generated by encrypting the second intermediate cryptogram using the first intermediate key, decrypting the encrypted second intermediate cryptogram using the second intermediate key, and re-encrypting the decrypted second intermediate cryptogram using the first portion of the cryptogram key.
  - 17. The method of claim 1, wherein the request for authorization is initiated from a tertiary device acting as a user interface device that is communicatively coupled to the primary device.

18. A communication device comprising:
- a processor; and
  
  a memory storing computer readable instructions, which when executed by the processor, cause the communication device to perform operations including;
  
  receiving credential data of a secondary device;
  
  generating a cryptogram using the credential data of the secondary device; and
  
  transmitting the cryptogram to an access device to request for authorization to use an account associated with a user of the communication device, wherein the communication device interacts with the access device without presence of the secondary device, and wherein the authorization is granted based on verification of the cryptogram and an interaction activity pattern of interactions between the communication device and a set of user devices including the secondary device.
- View Dependent Claims (19)
- - 19. The communication device of claim 18, wherein the communication device is a portable communication device or a network-connected communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Le Saint, Eric, Fedronic, Dominique, Aabye, Christian
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Saadoun, Hassan

Application Number

US15/551,499
Publication Number

US 20180026973A1
Time in Patent Office

1,441 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/6218   to a system of files or obj...

G06Q 20/00   Payment architectures, sche...

G06Q 20/18   involving self-service term...

G06Q 20/28   Pre-payment schemes, e.g. "...

G06Q 20/308   using the Internet of Things

G06Q 20/32   using wireless devices

G06Q 20/321   using wearable devices

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/38215   Use of certificates or encr...

G06Q 20/40   Authorisation, e.g. identif...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 9/0822   using key encryption key

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/32 : including means for verifyi...

H04L 9/321 : involving a third party or ...

H04L 9/3231 : Biological data, e.g. finge...

H04W 12/06 : Authentication

H04W 12/065 : Continuous authentication

H04W 12/068 : using credential vaults, e....

H04W 12/069 : using certificates or pre-s...

H04W 12/33 : using wearable devices, e.g...

View All

Enhanced authentication based on secondary device interactions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Enhanced authentication based on secondary device interactions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others