Systems and methods for authenticating mobile devices

US 8,880,886 B2
Filed: 05/25/2012
Issued: 11/04/2014
Est. Priority Date: 05/26/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for authenticating mobile devices, the method comprising:

receiving, by a service manager computer comprising one or more processors, from a mobile device, a registration request and identifying information for the mobile device, the identifying information comprising information for a secure element associated with the mobile device, wherein the service manager computer is in communication with a plurality of network operators and a plurality of service provider computers;

determining, by the service manager computer based upon the received identifying information and a base level key, a rotated key for the mobile device;

providing, by the service manager computer, the determined rotated key to the mobile device;

receiving, by the service manager computer, from the mobile device after providing the rotated key to the mobile device, a subsequent provisioning request to provision an application to the mobile device, wherein the subsequent provisioning request is encrypted with the rotated key, and the application is provided by a service provider;

authenticating, by the service manager computer in response to the subsequent provisioning request, the mobile device based at least in part on the rotated key; and

provisioning, by the service manager computer upon authentication of the mobile device, the application to the mobile device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide systems and methods for authenticating mobile devices. A registration request and identifying information for a mobile device or a secure element associated with the mobile device may be received. Based upon the received identifying information and a base level key, a rotated key for the mobile device may be determined. The determined rotated key may then be provided to the mobile device, and the rotated key may be utilized for subsequent authentication of the mobile device.

54 Citations

View as Search Results

18 Claims

1. A computer-implemented method for authenticating mobile devices, the method comprising:
- receiving, by a service manager computer comprising one or more processors, from a mobile device, a registration request and identifying information for the mobile device, the identifying information comprising information for a secure element associated with the mobile device, wherein the service manager computer is in communication with a plurality of network operators and a plurality of service provider computers;
  
  determining, by the service manager computer based upon the received identifying information and a base level key, a rotated key for the mobile device;
  
  providing, by the service manager computer, the determined rotated key to the mobile device;
  
  receiving, by the service manager computer, from the mobile device after providing the rotated key to the mobile device, a subsequent provisioning request to provision an application to the mobile device, wherein the subsequent provisioning request is encrypted with the rotated key, and the application is provided by a service provider;
  
  authenticating, by the service manager computer in response to the subsequent provisioning request, the mobile device based at least in part on the rotated key; and
  
  provisioning, by the service manager computer upon authentication of the mobile device, the application to the mobile device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, further comprising:
    - establishing, prior to determining the rotated key, a secure communications channel with the secure element; and
      
      authenticating, via the secure communications channel, the secure element.
  - 3. The computer-implemented method of claim 1, wherein receiving identifying information comprises receiving card production life cycle (CPLC) information.
  - 4. The computer-implemented method of claim 1, further comprising:
    - updating the identifying information; and
      
      associating the rotated key with the updated identifying information.
  - 5. The computer-implemented method of claim 4, wherein updating the identifying information comprises updating a card production life cycle (CPLC) for the mobile device or the secure element.
  - 6. The computer-implemented method of claim 4, further comprising:
    - communicating the updated identifying information and information associated with the rotated key to the service provider for subsequent authentication of the mobile device.
  - 7. The computer-implemented method of claim 6, further comprising:
    - receiving, from the service provider, a request to provision the mobile device; and
      
      provisioning the mobile device in response to the received request,wherein the request is received following the authentication of the mobile device by the service provider based at least in part upon the rotated key.
  - 8. The computer-implemented method of claim 7, wherein the service provider authenticates the mobile device by reconstructing the rotated key utilizing the updated identifying information.
  - 9. The computer-implemented method of claim 7, wherein provisioning the mobile device comprises provisioning the secure element of the mobile device with a financial account.

10. A system, comprising:
- at least one memory operable to store computer-executable instructions; and
  
  at least one processor configured to access the at least one memory and execute the computer-executable instructions to;
  
  receive communication from a plurality of network operators and a plurality of service provider computers;
  
  receive, from a mobile device, a registration request and identifying information for the mobile device, the identifying information comprising information for a secure element associated with the mobile device;
  
  determine, based upon the received identifying information and a base level key, a rotated key for the device;
  
  provide the determined rotated key to the mobile device;
  
  receive, from the mobile device after providing the rotated key to the mobile device, a subsequent provisioning request to provision an application to the mobile device, wherein the subsequent provisioning request is encrypted with the rotated key, and the application is provided by a service provider;
  
  authenticate, in response to the subsequent provisioning request, the mobile device based at least in part on the rotated key; and
  
  provision, upon authentication of the mobile device, the application to the mobile device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - establish, prior to determining the rotated key, a secure communications channel with the secure element; and
      
      authenticate, via the secure communications channel, the secure element.
  - 12. The system of claim 10, wherein the received identifying information comprises card production life cycle (CPLC) information.
  - 13. The system of claim 10, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - update the identifying information; and
      
      associate the rotated key with the updated identifying information.
  - 14. The system of claim 13, wherein the updated identifying information comprises an updated card production life cycle (CPLC) for the mobile device or the secure element.
  - 15. The system of claim 13, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - direct communication of the updated identifying information and information associated with the rotated key to the service provider for subsequent authentication of the mobile device.
  - 16. The system of claim 15, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - receive, from the service provider, a request to provision the mobile device; and
      
      direct provisioning of the mobile device in response to the received request,wherein the request is received following the authentication of the mobile device by the service provider based at least in part upon the rotated key.
  - 17. The system of claim 16, wherein the service provider authenticates the mobile device by reconstructing the rotated key utilizing the updated identifying information.
  - 18. The system of claim 16, wherein a financial account is provisioned to the secure element of the mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Kean, Brian, Cambridge, Devin Michael, Meyers, Stephen M., Musfeldt, Roger Lynn, Adkisson, Brent Dewayne, Davis, Norman Theodore Jr.
Primary Examiner(s)
Le, Chau
Assistant Examiner(s)
ZHAO, DON GORDON

Application Number

US13/481,433
Publication Number

US 20120303961A1
Time in Patent Office

893 Days
Field of Search

713150-181, 713/310
US Class Current

713/171
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2209/80   Wireless network architectu...

H04L 2463/061   applying further key deriva...

H04L 2463/062   applying encryption of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 9/3234   involving additional secure...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

Systems and methods for authenticating mobile devices

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for authenticating mobile devices

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links