Systems and Methods for Authenticating Mobile Device Communications

US 20120304255A1
Filed: 05/25/2012
Published: 11/29/2012
Est. Priority Date: 05/26/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for authenticating communications, the method comprising:

identifying a mobile device to which a message will be communicated;

generating, based upon a shared secret between a service provider and the mobile device, a payload authentication code (PAC);

associating the generated PAC with a payload for the message; and

communicating the message and the generated PAC to the mobile device, wherein the mobile device is configured to utilize the shared secret to verify the PAC and authenticate the message,wherein the above operations are performed by one or more computers associated with the service provider.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide systems and methods for authenticating mobile device communications. A mobile device to which a message will be communicated may be identified. Based upon a shared secret between a service provider and the mobile device, a payload authentication code (“PAC”) may be generated, and the generated PAC may be associated with a payload for the message. The message and the generated PAC may then be communicated to the mobile device, and the mobile device may be configured to utilize the shared secret to verify the PAC and authenticate the message. In certain embodiments, the operations of the method may be performed by one or more computers associated with the service provider.

Citations

21 Claims

1. A computer-implemented method for authenticating communications, the method comprising:
- identifying a mobile device to which a message will be communicated;
  
  generating, based upon a shared secret between a service provider and the mobile device, a payload authentication code (PAC);
  
  associating the generated PAC with a payload for the message; and
  
  communicating the message and the generated PAC to the mobile device, wherein the mobile device is configured to utilize the shared secret to verify the PAC and authenticate the message,wherein the above operations are performed by one or more computers associated with the service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 21)
- - 2. The computer-implemented method of claim 1, wherein communicating the message and the generated PAC to the mobile device comprises communicating the message and the generated PAC to the mobile device via an intermediary.
  - 3. The computer-implemented method of claim 1, further comprising:
    - encrypting the payload of the message.
  - 4. The computer-implemented method of claim 1, further comprising:
    - provisioning the mobile device with an application configured to verify the PAC and decrypt the payload.
  - 5. The computer-implemented method of claim 1, wherein generating a PAC based upon a shared secret comprises generating a PAC based upon at least one of (i) a public key associated with a private key stored by the mobile device, (ii) a dynamic passcode authentication, or (iii) a derived unique key per transaction (DUKPT).
  - 6. The computer-implemented method of claim 1, wherein the shared secret is established during an initial registration of the mobile device with the service provider.
  - 7. The computer-implemented method of claim 1, wherein the message comprises a first message, the PAC comprises a first PAC, and further comprising:
    - receiving, from the mobile device, a second message comprising a second PAC generated by the mobile device based upon the shared secret;
      
      determining, based at least in part upon the shared secret, whether the second PAC is valid; and
      
      authenticating the second message if it is determined that the second PAC is valid;
      
      or identifying the second message as an invalid message if it is determined that the second PAC is invalid.
  - 21. The computer-implemented method of claim 1, wherein the message comprises a first message, the PAC comprises a first PAC, and further comprising:
    - generating, by the mobile device, a second message comprising a second PAC generated by the mobile device based upon the shared secret; and
      
      outputting, by the mobile device, the second message for communication to the service provider,wherein the service provider utilizes the shared secret to determine whether the second PAC is valid.

8. A system for authenticating communications, the system comprising:
- at least one memory configured to store computer-executable instructions; and
  
  at least one processor configured to access the at least one memory and execute the computer-executable instructions to;
  
  identify a mobile device to which a message will be communicated;
  
  generate, based upon a shared secret between a service provider and the mobile device, a payload authentication code (PAC);
  
  associate the generated PAC with a payload for the message; and
  
  direct communication of the message and the generated PAC to the mobile device, wherein the mobile device is configured to utilize the shared secret to verify the PAC and authenticate the message.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the message and the generated PAC are communicated to the mobile device via an intermediary.
  - 10. The system of claim 8, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - encrypt the payload of the message.
  - 11. The system of claim 8, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - provision the mobile device with an application configured to verify the PAC and decrypt the payload.
  - 12. The system of claim 8, wherein the shared secret comprises at least one of (i) a public key associated with a private key stored by the mobile device, (ii) a dynamic passcode authentication, or (iii) a derived unique key per transaction (DUKPT).
  - 13. The system of claim 12, wherein the shared secret is established during an initial registration of the mobile device with the service provider.
  - 14. The system of claim 8, wherein:
    - the message comprises a first message;
      
      the PAC comprises a first PAC; and
      
      the at least one processor is further configured to execute the computer-executable instructions to;
      
      receive, from the mobile device, a second message comprising a second PAC generated by the mobile device based upon the shared secret;
      
      determine, based at least in part upon the shared secret, whether the second PAC is valid; and
      
      authenticate the second message if it is determined that the second PAC is valid;
      
      oridentify the second message as an invalid message if it is determined that the second PAC is invalid.

15. A computer-implemented method for authenticating communications, the method comprising:
- receiving, by a mobile device comprising one or more computer processors, a message output by a service provider;
  
  identifying, by the mobile device based upon an analysis of the received message, a payload authentication code (PAC);
  
  verifying, by the mobile device based at least in part upon a shared secret between the mobile device and the service provider, the PAC; and
  
  authenticating, by the mobile device based at least in part upon the verification, a payload of the received message.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-implemented method of claim 15, wherein receiving a message comprises receiving a message via an intermediary that receives the message output by the service provider and communicates the message to the mobile device.
  - 17. The computer-implemented method of claim 15, further comprising:
    - receiving, by the mobile device from the service provider during a provisioning of the mobile device, an application that is executed by a secure element associated with the mobile device to verify the PAC.
  - 18. The computer-implemented method of claim 15, further comprising:
    - decrypting, by the application, the payload of the message.
  - 19. The computer-implemented method of claim 15, wherein verifying the PAC based at least in part upon a shared secret comprises verifying the PAC based upon at least one of (i) a private key associated with a public key utilized by the service provider to generate the PAC, (ii) a dynamic passcode authentication, or (iii) a derived unique key per transaction (DUKPT).
  - 20. The computer-implemented method of claim 15, wherein the shared secret is established during an initial registration of the mobile device with the service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Carnes, Daniel Wilson

Granted Patent

US 9,106,633 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2209/80   Wireless

H04L 2463/061   applying further key deriva...

H04L 2463/062   applying encryption of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 9/3234   involving additional secure...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

Systems and Methods for Authenticating Mobile Device Communications

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Authenticating Mobile Device Communications

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links