SYSTEM AND METHOD FOR IDENTITY VERIFICATION ACROSS MOBILE APPLICATIONS

US 20160036790A1
Filed: 07/30/2015
Published: 02/04/2016
Est. Priority Date: 07/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a server computer, user data associated with a user from a first mobile application;

determining, by the server computer, that the first mobile application is trusted;

authenticating, by the server computer, the user based on the user data;

sending, by the server computer, a cryptographic key to the first mobile application after authenticating the user, wherein an identity verification cryptogram is generated using the cryptographic key;

receiving, at the server computer, the user data associated with the user and the identity verification cryptogram from a second mobile application;

validating that the identity verification cryptogram is generated using the user data and the cryptographic key sent to the first mobile application; and

sending a token to the second mobile application upon validating the verification cryptogram.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to methods, apparatuses, computer readable media and systems for authenticating a user on a user device across multiple mobile applications. The identity of the user is validated by encoding and subsequently validating cryptographically encrypted data in a shared data store accessible by the mobile applications tied to the same entity. Specifically, the application leverages the authentication process of a trusted mobile application (e.g. a banking mobile application) to authenticate the same user on a untrusted mobile application (e.g. a merchant mobile application).

154 Citations

18 Claims

1. A method comprising:
- receiving, at a server computer, user data associated with a user from a first mobile application;
  
  determining, by the server computer, that the first mobile application is trusted;
  
  authenticating, by the server computer, the user based on the user data;
  
  sending, by the server computer, a cryptographic key to the first mobile application after authenticating the user, wherein an identity verification cryptogram is generated using the cryptographic key;
  
  receiving, at the server computer, the user data associated with the user and the identity verification cryptogram from a second mobile application;
  
  validating that the identity verification cryptogram is generated using the user data and the cryptographic key sent to the first mobile application; and
  
  sending a token to the second mobile application upon validating the verification cryptogram.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the user data includes a device identifier.
  - 3. The method of claim 2, further comprising:
    - determining, using the device identifier, that the first mobile application and the second mobile application are stored on a same user device.
  - 4. The method of claim 1, wherein the identity verification cryptogram is stored at a cloud storage system.
  - 5. The method of claim 1, wherein the first mobile application and the second mobile application are stored on a user device of the user and the identity verification cryptogram is stored on a cloud storage system of an operating system provider of the user device.
  - 6. The method of claim 1, further comprising:
    - sending another token to the first mobile application along with the cryptographic key.
  - 7. The method of claim 1, further comprising:
    - sending another cryptographic key to the second mobile application along with the token.

8. A server computer comprising:
- a processor; and
  
  a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, to implement a method comprising;
  
  receiving user data associated with a user from a first mobile application;
  
  determining that the first mobile application is trusted;
  
  authenticating the user based on the user data;
  
  sending a cryptographic key to the first mobile application after authenticating the user, wherein an identity verification cryptogram is generated using the cryptographic key;
  
  receiving the user data associated with the user and the identity verification cryptogram from a second mobile application;
  
  validating that the identity verification cryptogram is generated using the user data and the cryptographic key; and
  
  sending a token to the second mobile application upon validating the verification cryptogram.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The server computer of claim 8, wherein the user data includes a device identifier.
  - 10. The server computer of claim 9, wherein the method further comprises:
    - determining, using the device identifier, that the first mobile application and the second mobile application are stored on a same user device.
  - 11. The server computer of claim 8, wherein the identity verification cryptogram is stored at a cloud storage system.
  - 12. The server computer of claim 8, wherein the first mobile application and the second mobile application are stored on a user device of the user and the identity verification cryptogram is stored on a cloud storage system of an operating system provider of the user device.
  - 13. The server computer of claim 8, wherein the method further comprises:
    - sending another token to the first mobile application along with the cryptographic key.
  - 14. The server computer of claim 8, wherein the method further comprises:
    - sending another cryptographic key to the second mobile application along with the token.

15. A method comprising:
- authenticating, by a first mobile application on a user device, a user on the user device;
  
  sending, by the first mobile application on the user device, user data associated with the user to a server computer;
  
  receiving, by the first mobile application on the user device, a cryptographic key from the server computer;
  
  generating, by the first mobile application on the user device, an identity verification cryptogram using the cryptographic key;
  
  storing, by the first mobile application on the user device, the cryptographic key on a cloud storage system of an operating system provider of the user device;
  
  retrieving, by a second mobile application on the user device, the identity verification cryptogram from the cloud storage system;
  
  sending, by the second mobile application on the user device, the user data associated with the user and the identity verification cryptogram to the server computer;
  
  receiving, by the second mobile application on the user device, a token from the server computer; and
  
  completing, by the second mobile application on the user device, a transaction with the token.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein the user data includes a device identifier.
  - 17. The method of claim 15, further comprising:
    - receiving, by the first mobile application on the user device, another token along with the cryptographic key.
  - 18. The method of claim 15, further comprising:
    - receiving, by the second mobile application on the user device, another cryptographic key along with the token, wherein the transaction is completed with the token and the another cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Shastry, Vishwanath, Mayor, Shalini

Granted Patent

US 10,484,345 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/102   Bill distribution or payments

G06Q 20/32   using wireless devices

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3263   characterised by activation...

G06Q 20/36   using electronic wallets or...

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/385   using an alias or single-us...

G06Q 20/4014   Identity check for transact...

H04L 63/0435   wherein the sending and rec...

H04L 63/068   using time-dependent keys, ...

H04L 63/0815   providing single-sign-on or...

H04L 63/0876   based on the identity of th...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/37   Managing security policies ...

SYSTEM AND METHOD FOR IDENTITY VERIFICATION ACROSS MOBILE APPLICATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

154 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR IDENTITY VERIFICATION ACROSS MOBILE APPLICATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

154 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links