SECURING PERSONAL IDENTIFICATION NUMBERS FOR MOBILE PAYMENT APPLICATIONS BY COMBINING WITH RANDOM COMPONENTS

US 20140089196A1
Filed: 09/25/2013
Published: 03/27/2014
Est. Priority Date: 09/25/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for securing personal identification numbers, the method comprising:

receiving, by a computing device and from a user of the computing device, a user personal identification number (PIN) for a secure memory associated with the computing device;

generating, by the computing device, at least one random PIN component;

storing, by the computing device, the at least one random PIN component in at least one distinct location, wherein the at least one distinct location comprises a host memory of the computing device.determining, by the computing device, a secure memory PIN based at least in part on the user PIN and the at least one random PIN component; and

configuring, by the computing device, the secure memory associated with the computing device using the secure memory PIN.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods can secure personal identification numbers associated with secure elements within mobile devices. A host application of the mobile device can receive a personal identification number (PIN) or user PIN from a user. The application can generate one or more random PIN components. The application can compute a PIN for the secure element based upon the user PIN and each of the one or more random components. The SE can be configured using the PIN computed for the secure element. Each of the one or more random components may be stored in one or more distinct, diverse locations. In addition to entering the correct user PIN, each of the one or more random components must be retrieved from the diverse locations in order to reconstruct the PIN for the secure element whenever performing a transaction using the secure element.

94 Citations

View as Search Results

20 Claims

1. A computer-implemented method for securing personal identification numbers, the method comprising:
- receiving, by a computing device and from a user of the computing device, a user personal identification number (PIN) for a secure memory associated with the computing device;
  
  generating, by the computing device, at least one random PIN component;
  
  storing, by the computing device, the at least one random PIN component in at least one distinct location, wherein the at least one distinct location comprises a host memory of the computing device.determining, by the computing device, a secure memory PIN based at least in part on the user PIN and the at least one random PIN component; and
  
  configuring, by the computing device, the secure memory associated with the computing device using the secure memory PIN.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, further comprising:
    - receiving, by the computing device, a second user PIN in association with a request to access the secure memory associated with the computing device;
      
      retrieving, by the computing device, the at least one random PIN component from the at least one distinct location;
      
      determining, by the computing device, a second secure memory PIN based at least in part on the second user PIN and the at least one random PIN component retrieved from the at least one distinct location;
      
      comparing, by the computing device, the secure memory PIN and the second secure memory PIN; and
      
      providing, by the computing device, access to the secure memory, wherein access is provided based at least in part on the comparison of the secure memory PIN and the second secure memory PIN.
  - 3. The computer-implemented method of claim 1, wherein one or more of the at least one random PIN component is generated by a random number generator.
  - 4. The computer-implemented method of claim 1, wherein the at least one distinct location comprises a second computing device accessible through a network by the computing device.
  - 5. The computer-implemented method of claim 4, wherein the second computing device makes the at least one random PIN component accessible for deletion by the user.
  - 6. The computer-implemented method of claim 4, further comprising, in response to an attempt to access the at least one PIN component stored on the second computing device, generating, by the second computing device, a use audit trail entry, wherein the use audit trail comprises a catalogue of recorded attempts to access the at least one random PIN component stored on the second computing device.
  - 7. The computer-implemented method of claim 1, wherein determining the secure memory PIN further comprises increasing the entropy over the user PIN.
  - 8. The computer-implemented method of claim 1, wherein determining the secure memory PIN further comprises a numerical space reduction functionality, wherein the numerical space reduction functionality reduces the range of outputs of the derivation function to match the numerical space allowance for an acceptable secure memory PIN.
  - 9. The computer-implemented method of claim 1, further comprising, in response to a factory reset of the computing device, deleting, by the computing device, one or more of the at least one random PIN components stored by the computing device.
  - 10. The computer-implemented method of claim 1, wherein if the user PIN is received is not received from the user of the computing device, the computing device denies access to the secure memory.

11. A computer program product, comprising:
- a non-transitory computer-readable medium having computer-readable program instructions embodied therein that when executed by a computing device cause the computing device to secure personal identification numbers, the computer-readable instructions comprising;
  
  computer-readable program instructions for generating at least one random user personal identification number (PIN) components;
  
  computer-readable program instructions for storing the at least one random PIN components in at least one distinct location, wherein the at least one distinct location comprises a host memory.computer-readable program instructions for determining a secure memory PIN based at least in part on a user PIN and the at least one random PIN component; and
  
  computer-readable program instructions for configuring a secure memory using the secure memory PIN.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computer program product of claim 11, further comprising computer-readable program instructions for receiving the user PIN from a user.
  - 13. The computer program product of claim 12, further comprising, wherein if the user PIN is received is not received from the user of the computing device, the computing device denies access to the secure memory.
  - 14. The computer program product of claim 11, further comprising:
    - computer-readable program instructions for receiving a second user PIN in association with a request to access the secure memory;
      
      computer-readable program instructions for retrieving the at least one random PIN component from the at least one distinct location;
      
      computer-readable program instructions for determining a second secure memory PIN based at least in part on the second user PIN and the at least one random PIN component retrieved from the at least one distinct location;
      
      computer-readable program instructions for comparing the secure memory PIN and the second secure memory PIN; and
      
      computer-readable program instructions for providing access to the secure memory, wherein access is provided based at least in part on the comparison of the secure memory PIN and the second secure memory PIN.
  - 15. The computer program product of claim 11, wherein the at least one distinct location further comprises a second computing device accessible via a network.
  - 16. The computer program product of claim 11, further comprising, in response to receiving a factory reset, computer-readable program instructions for deleting one or more of the at least one random PIN components.

17. A system for securing personal identification numbers, the system comprising:
- a storage medium; and
  
  a processor communicatively coupled to the storage medium, wherein the processor executes application code instructions that are stored in the storage medium and that cause the system to;
  
  generate at least one random personal identification number (PIN) components;
  
  store the at least one random PIN components in at least one distinct location;
  
  determine a secure memory PIN based at least in part on a user PIN and the at least one random PIN component; and
  
  configure a secure memory using the secure memory PIN.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the processor is further configured to execute computer-executable instructions stored in the storage medium to cause the system to:
    - receive a user PIN in association with a request to access the secure memory;
      
      retrieve the at least one random PIN component from the at least one distinct location;
      
      determine a second secure memory PIN based at least in part on the user PIN and the at least one random PIN components retrieved from the at least one distinct location;
      
      compare the secure memory PIN and the second secure memory PIN; and
      
      provide access to the secure memory, wherein access is provided based at least in part on the comparison of the secure memory PIN and the second secure memory PIN.
  - 19. The system of claim 17, wherein the at least one distinct location comprises a host memory.
  - 20. The system of claim 19, wherein the at least one distinct location further comprises a second computing device accessible through a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Paya, Ismail Cem, Tsai, Robert Lieh-Yuan

Granted Patent

US 9,684,898 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/44
CPC Class Codes

G06F 21/31   User authentication

G06Q 20/204   comprising interface for re...

G06Q 20/3227   using secure elements embed...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/3821   Electronic credentials

G06Q 20/3827   Use of message hashing

G06Q 20/385   using an alias or single-us...

G06Q 20/4012   Verifying personal identifi...

H04W 12/06   Authentication

SECURING PERSONAL IDENTIFICATION NUMBERS FOR MOBILE PAYMENT APPLICATIONS BY COMBINING WITH RANDOM COMPONENTS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURING PERSONAL IDENTIFICATION NUMBERS FOR MOBILE PAYMENT APPLICATIONS BY COMBINING WITH RANDOM COMPONENTS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links