System and method for identity verification across mobile applications
First Claim
Patent Images
1. A method comprising:
- receiving, at a server computer, user data associated with a user from a first mobile application;
determining, by the server computer, that the first mobile application is a trusted application provisioned in a secure execution environment of a mobile device by an issuer of an account;
authenticating, by the server computer, the user based on the user data;
sending, by the server computer, a first cryptographic key to the first mobile application after authenticating the user, wherein an identity verification cryptogram is generated by the first mobile application using the first cryptographic key;
receiving, at the server computer, the user data associated with the user and the identity verification cryptogram generated by the first mobile application from a second mobile application, wherein the first mobile application and the second mobile application are stored on the same mobile device of the user;
validating, by the server computer, that the identity verification cryptogram is generated using the user data and the first cryptographic key previously sent by the server computer to the first mobile application; and
sending, by the server computer, a token and a second cryptographic key to the second mobile application upon validating the identity verification cryptogram generated by the first mobile application, wherein the token represents account information of the account issued by the issuer, and wherein the second mobile application completes a transaction using the token and a transaction cryptogram generated by the second mobile application using the second cryptographic key.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments are directed to methods, apparatuses, computer readable media and systems for authenticating a user on a user device across multiple mobile applications. The identity of the user is validated by encoding and subsequently validating cryptographically encrypted data in a shared data store accessible by the mobile applications tied to the same entity. Specifically, the application leverages the authentication process of a trusted mobile application (e.g. a banking mobile application) to authenticate the same user on a untrusted mobile application (e.g. a merchant mobile application).
562 Citations
17 Claims
-
1. A method comprising:
-
receiving, at a server computer, user data associated with a user from a first mobile application; determining, by the server computer, that the first mobile application is a trusted application provisioned in a secure execution environment of a mobile device by an issuer of an account; authenticating, by the server computer, the user based on the user data; sending, by the server computer, a first cryptographic key to the first mobile application after authenticating the user, wherein an identity verification cryptogram is generated by the first mobile application using the first cryptographic key; receiving, at the server computer, the user data associated with the user and the identity verification cryptogram generated by the first mobile application from a second mobile application, wherein the first mobile application and the second mobile application are stored on the same mobile device of the user; validating, by the server computer, that the identity verification cryptogram is generated using the user data and the first cryptographic key previously sent by the server computer to the first mobile application; and sending, by the server computer, a token and a second cryptographic key to the second mobile application upon validating the identity verification cryptogram generated by the first mobile application, wherein the token represents account information of the account issued by the issuer, and wherein the second mobile application completes a transaction using the token and a transaction cryptogram generated by the second mobile application using the second cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a mobile device storing a first mobile application and a second mobile application; and a server computer including; a processor; and a computer readable medium coupled to the processor, the computer readable medium comprising code, when executed by the processor, causes the processor to; receive user data associated with a user from the first mobile application; determine that the first mobile application is a trusted application provisioned in a secure execution environment of the mobile device by an issuer of an account; authenticate the user based on the user data; send a first cryptographic key to the first mobile application after authenticating the user, wherein an identity verification cryptogram is generated by the first mobile application using the first cryptographic key; receive the user data associated with the user and the identity verification cryptogram generated by the first mobile application from the second mobile application; validate that the identity verification cryptogram is generated using the user data and the first cryptographic key previously sent by the server computer to the first mobile application; and send a token and a second cryptographic key to the second mobile application upon validating the identity verification cryptogram generated by the first mobile application, wherein the token represents account information of the account issued by the issuer, wherein the second mobile application completes a transaction using the token and a transaction cryptogram generated by the second mobile application using the second cryptographic key. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
authenticating, by a first mobile application on a user device, a user on the user device; sending, by the first mobile application on the user device, user data associated with the user to a server computer, wherein the first mobile application is a trusted application provisioned in a secure execution environment of the user device by an issuer of an account; receiving, by the first mobile application on the user device, a cryptographic key from the server computer; generating, by the first mobile application on the user device, an identity verification cryptogram using the cryptographic key; storing, by the first mobile application on the user device, the identity verification cryptogram on a cloud storage system of an operating system provider of the user device; retrieving, by a second mobile application on the user device, the identity verification cryptogram generated by the first mobile application from the cloud storage system; sending, by the second mobile application on the user device, the user data associated with the user and the identity verification cryptogram generated by the first mobile application to the server computer; receiving, by the second mobile application on the user device, a token from the server computer, wherein the token represents account information of the account issued by the issuer; and completing, by the second mobile application on the user device, a transaction with the token. - View Dependent Claims (14, 15, 16, 17)
-
Specification