Token security on a communication device
First Claim
Patent Images
1. A communication device comprising:
- a processor; and
a non-transitory computer readable medium coupled to the processor and implementing an application that performs operations for enhancing security of storing a token on the communication device, the operations including;
receiving user authentication data on a user interface of the communication device to initiate a transaction via the application;
computing a hash value from the received user authentication data;
decrypting an encrypted session key stored on the communication device using the hash value;
decrypting an encrypted token stored on the communication device using the decrypted session key;
temporarily storing the decrypted token on the communication device;
initiating the transaction using the decrypted token; and
removing the decrypted token from the communication device upon detecting that the application is no longer active.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques for enhancing the security of storing sensitive information or a token on a communication device may include sending a request for the sensitive information or token. The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.
513 Citations
20 Claims
-
1. A communication device comprising:
-
a processor; and a non-transitory computer readable medium coupled to the processor and implementing an application that performs operations for enhancing security of storing a token on the communication device, the operations including; receiving user authentication data on a user interface of the communication device to initiate a transaction via the application; computing a hash value from the received user authentication data; decrypting an encrypted session key stored on the communication device using the hash value; decrypting an encrypted token stored on the communication device using the decrypted session key; temporarily storing the decrypted token on the communication device; initiating the transaction using the decrypted token; and removing the decrypted token from the communication device upon detecting that the application is no longer active. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for enhancing security of storing a token on a communication device comprising:
-
receiving user authentication data on a user interface of the communication device to initiate a transaction via an application installed on the communication device; computing a hash value from the received user authentication data; decrypting an encrypted session key stored on the communication device using the hash value; decrypting an encrypted token stored on the communication device using the decrypted session key; temporarily storing the decrypted token on the communication device; initiating the transaction using the decrypted token; and removing the decrypted token from the communication device upon detecting that the application is no longer active. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification