SECURE AUTHENTICATION OF USER AND MOBILE DEVICE
First Claim
1. A method for authentication, comprising:
- .receiving, by a mobile device, a user request to access a service provider application;
in response to the user request to access the service provider application, requesting, by the mobile device, identification and verification from the user via an identification and verification application residing within the mobile device;
receiving, by the mobile device, a positive identification and verification response;
generating, by the mobile device, a cryptogram using a user identification (ID) associated with the user, a timestamp, a device ID associated with the mobile device, and a service provider application ID; and
transmitting, by the mobile device, the generated cryptogram, the user ID, the timestamp, the device ID, and the service provider application ID, to a service provider computer associated with the service provider application,wherein the service provider computer verifies the cryptogram.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication method is disclosed. To authenticate a user, a mobile device may request identification and verification from the user. Upon receiving a positive identification and verification response from the user, the mobile device may generate a cryptogram using a user identification (ID) associated with the user, a timestamp, a device ID associated with the mobile device, a service provider application ID associated with the service provider application, and a service provider device ID. The mobile device may transmit the generated cryptogram, the user ID, the timestamp, the device ID, the service provider application ID, and the service provider device ID, to a service provider computer associated with the service provider application. The service provider computer may decrypt the cryptogram and compare the decrypted data elements to the received data elements to validate and authenticate the user.
84 Citations
20 Claims
-
1. A method for authentication, comprising:
- .
receiving, by a mobile device, a user request to access a service provider application; in response to the user request to access the service provider application, requesting, by the mobile device, identification and verification from the user via an identification and verification application residing within the mobile device; receiving, by the mobile device, a positive identification and verification response; generating, by the mobile device, a cryptogram using a user identification (ID) associated with the user, a timestamp, a device ID associated with the mobile device, and a service provider application ID; and transmitting, by the mobile device, the generated cryptogram, the user ID, the timestamp, the device ID, and the service provider application ID, to a service provider computer associated with the service provider application, wherein the service provider computer verifies the cryptogram. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- .
-
9. A mobile device, comprising:
-
a processor; and a non-transitory computer readable medium, the non-transitory computer readable medium comprising code, executable by the processor, for implementing a method; receiving a user request to access a service provider application; in response to the user request to access the service provider application, requesting identification and verification from the user via an identification and verification application residing within the mobile device; receiving a positive identification and verification response; generating a cryptogram using a user identification (ID) associated with the user, a timestamp, a device ID associated with the mobile device, and a service provider application ID; and transmitting the generated cryptogram, the user ID, the timestamp, the device ID, and the service provider application ID, to a service provider computer associated with the service provider application, wherein the service provider computer verifies the cryptogram. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for authentication, comprising:
-
receiving, by a service provider computer associated with a service provider application, a generated cryptogram, a user ID, a timestamp, a device ID, and a service provider application ID, wherein the generated cryptogram was generated by a mobile device and encrypts the user ID, the timestamp, the device ID, and the service provider application ID; decrypting, by the service provider, the received generated cryptogram; and verifying, by the service provider computer, the cryptogram by determining a plurality of data elements encoded within the cryptogram, and then comparing the determined plurality of data elements to the user ID, the timestamp, the device ID, the service provider application ID, and the service provider device ID received by the service provider computer. - View Dependent Claims (18, 19, 20)
-
Specification