Token security on a communication device

US 10,404,461 B2
Filed: 02/26/2018
Issued: 09/03/2019
Est. Priority Date: 04/23/2014
Status: Active Grant

First Claim

Patent Images

1. A communication device comprising:

a processor; and

a non-transitory computer readable medium coupled to the processor and implementing an application that performs operations for enhancing security of storing a token on the communication device, the operations including;

receiving user authentication data on a user interface of the communication device to initiate a transaction via the application;

computing a hash value from the received user authentication data;

decrypting an encrypted session key stored on the communication device using the hash value;

decrypting an encrypted token stored on the communication device using the decrypted session key;

temporarily storing the decrypted token on the communication device;

initiating the transaction using the decrypted token; and

removing the decrypted token from the communication device upon detecting that the application is no longer active.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for enhancing the security of storing sensitive information or a token on a communication device may include sending a request for the sensitive information or token. The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.

513 Citations

20 Claims

1. A communication device comprising:
- a processor; and
  
  a non-transitory computer readable medium coupled to the processor and implementing an application that performs operations for enhancing security of storing a token on the communication device, the operations including;
  
  receiving user authentication data on a user interface of the communication device to initiate a transaction via the application;
  
  computing a hash value from the received user authentication data;
  
  decrypting an encrypted session key stored on the communication device using the hash value;
  
  decrypting an encrypted token stored on the communication device using the decrypted session key;
  
  temporarily storing the decrypted token on the communication device;
  
  initiating the transaction using the decrypted token; and
  
  removing the decrypted token from the communication device upon detecting that the application is no longer active.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The communication device of claim 1, wherein the encrypted session key and the encrypted token are automatically deleted from the communication device when power to the communication device is interrupted.
  - 3. The communication device of claim 1, wherein the application is detected as being no longer active when:
    - a user of the communication device logs off the application;
      
      the application is suspended into a background operating environment of the communication device;
      
      orthe application is closed or exited.
  - 4. The communication device of claim 1, wherein the operations further include:
    - detecting that the communication device has rebooted; and
      
      sending a request for a new token.
  - 5. The communication device of claim 1, wherein the token is associated with a token expiration date and a token assurance level.
  - 6. The communication device of claim 1, wherein the token is a format preserving token that has the same format as an account identifier being represented by the token.
  - 7. The communication device of claim 1, wherein the token is provided to the communication device in an encrypted form by a token request computer.
  - 8. The communication device of claim 7, wherein the token is provided to the token request computer in the encrypted form by a token server.
  - 9. The communication device of claim 8, wherein the token server maintains a mapping of tokens to account identifiers.
  - 10. The communication device of claim 1, wherein an account identifier being represented by the token is not computationally derivable from the token.

11. A method for enhancing security of storing a token on a communication device comprising:
- receiving user authentication data on a user interface of the communication device to initiate a transaction via an application installed on the communication device;
  
  computing a hash value from the received user authentication data;
  
  decrypting an encrypted session key stored on the communication device using the hash value;
  
  decrypting an encrypted token stored on the communication device using the decrypted session key;
  
  temporarily storing the decrypted token on the communication device;
  
  initiating the transaction using the decrypted token; and
  
  removing the decrypted token from the communication device upon detecting that the application is no longer active.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the encrypted session key and the encrypted token are automatically deleted from the communication device when power to the communication device is interrupted.
  - 13. The method of claim 11, wherein the application is detected as being no longer active when:
    - a user of the communication device logs off the application;
      
      the application is suspended into a background operating environment of the communication device;
      
      orthe application is closed or exited.
  - 14. The method of claim 11, further comprising:
    - detecting that the communication device has rebooted; and
      
      sending a request for a new token.
  - 15. The method of claim 11, wherein the token is associated with a token expiration date and a token assurance level.
  - 16. The method of claim 11, wherein the token is a format preserving token that has the same format as an account identifier being represented by the token.
  - 17. The method of claim 11, wherein the token is provided to the communication device in an encrypted form by a token request computer.
  - 18. The method of claim 17, wherein the token is provided to the token request computer in the encrypted form by a token server.
  - 19. The method of claim 18, wherein the token server maintains a mapping of tokens to account identifiers.
  - 20. The method of claim 11, wherein an account identifier being represented by the token is not computationally derivable from the token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Palanisamy, Karthikeyan
Primary Examiner(s)
Waliullah, Mohammed

Application Number

US15/905,518
Publication Number

US 20180183594A1
Time in Patent Office

554 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/33   using certificates

G06F 21/44   Program or device authentic...

G06Q 20/385   using an alias or single-us...

H04L 63/0428   wherein the data content is...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3242   involving keyed hash functi...

Token security on a communication device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

513 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Token security on a communication device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

513 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links