Secure digital communications

US 10,505,743 B1
Filed: 08/07/2018
Issued: 12/10/2019
Est. Priority Date: 09/13/2016
Status: Active Grant

First Claim

Patent Images

1. A method for secure mobile wallet communications, the method comprising:

using one or more processors;

executing a first mobile wallet application;

authenticating a message received from a second mobile wallet application by;

comparing a calculated hash of the message to a hash value contained in the message, the hash value contained in the message being in an encrypted form;

responsive to determining that the calculated hash of the message matches the hash value contained in the message;

sending a challenge to the second mobile wallet application, the challenge requesting financial account information from the second mobile wallet application about a user of the first mobile wallet application;

receiving a challenge-response;

determining whether the challenge-response includes a correct answer to the challenge;

responsive to determining that the challenge-response includes the correct answer, marking the message from the second mobile wallet application as authenticated; and

responsive to authenticating the message, engaging in a financial transaction with the second mobile wallet application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed in some examples are methods, systems, and machine readable mediums for secure end-to-end digital communications involving mobile wallets. The result is direct, secure, in-band messaging using mobile wallets that may be used to send messages such as payments, requests for money, financial information, or messages to authorize a debit or credit.

92 Citations

View as Search Results

17 Claims

1. A method for secure mobile wallet communications, the method comprising:
- using one or more processors;
  
  executing a first mobile wallet application;
  
  authenticating a message received from a second mobile wallet application by;
  
  comparing a calculated hash of the message to a hash value contained in the message, the hash value contained in the message being in an encrypted form;
  
  responsive to determining that the calculated hash of the message matches the hash value contained in the message;
  
  sending a challenge to the second mobile wallet application, the challenge requesting financial account information from the second mobile wallet application about a user of the first mobile wallet application;
  
  receiving a challenge-response;
  
  determining whether the challenge-response includes a correct answer to the challenge;
  
  responsive to determining that the challenge-response includes the correct answer, marking the message from the second mobile wallet application as authenticated; and
  
  responsive to authenticating the message, engaging in a financial transaction with the second mobile wallet application.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - contacting a public key server of a domain of the second mobile wallet application;
      
      obtaining a public key of the second mobile wallet application from the public key server; and
      
      wherein comparing the calculated hash of the message to the hash value contained in the message comprises decrypting the hash value contained in the message using the public key of the second mobile wallet application.
  - 3. The method of claim 1, comprising:
    - receiving a second message from a third mobile wallet application;
      
      determining that a hash of the second message does not match a hash in a decrypted portion of the second message; and
      
      responsive to determining that the hash of the second message does not match the hash in the decrypted portion of the second message, marking the second message as unverified.
  - 4. The method of claim 1, comprising:
    - receiving a second message from a third mobile wallet application;
      
      sending a second challenge to the third mobile wallet application;
      
      receiving a second challenge response from the third mobile wallet application;
      
      determining whether the second challenge response includes a second correct answer to the challenge; and
      
      responsive to determining that the second challenge-response does not include the second correct answer, marking the message from the second mobile wallet application as unverified.
  - 5. The method of claim 1, wherein the authentication is automatically done in response to receiving the message from the second mobile wallet application.
  - 6. The method of claim 1, wherein the authentication is done responsive to a request from a user of the first mobile wallet application.

7. A device for secure mobile wallet communications, the device comprising:
- one or more processors executing a first mobile wallet application, the first mobile wallet application configured to perform operations comprising;
  
  authenticating a message received from a second mobile wallet application by;
  
  comparing a calculated hash of the message to a hash value contained in the message, the hash value contained in the message being in an encrypted form;
  
  responsive to determining that the calculated hash of the message matches the hash value contained in the message;
  
  sending a challenge to the second mobile wallet application, the challenge requesting financial account information from the second mobile wallet application about a user of the first mobile wallet application;
  
  receiving a challenge-response;
  
  determining whether the challenge-response includes a correct answer to the challenge;
  
  responsive to determining that the challenge-response includes the correct answer, marking the message from the second mobile wallet application as authenticated; and
  
  responsive to authenticating the message, engaging in a financial transaction with the second mobile wallet application.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The device of claim 7, further comprising:
    - contacting a public key server of a domain of the second mobile wallet application;
      
      obtaining a public key of the second mobile wallet application from the public key server; and
      
      wherein comparing the calculated hash of the message to the hash value contained in the message comprises decrypting the hash value contained in the message using the public key of the second mobile wallet application.
  - 9. The device of claim 7, comprising:
    - receiving a second message from a third mobile wallet application;
      
      determining that a hash of the second message does not match a hash in a decrypted portion of the second message; and
      
      responsive to determining that the hash of the second message does not match the hash in the decrypted portion of the second message, marking the second message as unverified.
  - 10. The device of claim 7, comprising:
    - receiving a second message from a third mobile wallet application;
      
      sending a second challenge to the third mobile wallet application;
      
      receiving a second challenge response from the third mobile wallet application;
      
      determining whether the second challenge response includes a second correct answer to the challenge; and
      
      responsive to determining that the second challenge-response does not include the second correct answer, marking the message from the second mobile wallet application as unverified.
  - 11. The device of claim 7, wherein the authentication is automatically done in response to receiving the message from the second mobile wallet application.
  - 12. The device of claim 7, wherein the authentication is done responsive to a request from a user of the first mobile wallet application.

13. A non-transitory machine-readable medium storing instructions of a first mobile wallet application, the instructions when executed by a machine, causes the machine to perform operations comprising:
- authenticating a message received from a second mobile wallet application by;
  
  comparing a calculated hash of the message to a hash value contained in the message, the hash value contained in the message being in an encrypted form;
  
  responsive to determining that the calculated hash of the message matches the hash value contained in the message;
  
  sending a challenge to the second mobile wallet application, the challenge requesting financial account information from the second mobile wallet application about a user of the first mobile wallet application;
  
  receiving a challenge-response;
  
  determining whether the challenge-response includes a correct answer to the challenge;
  
  responsive to determining that the challenge-response includes the correct answer, marking the message from the second mobile wallet application as authenticated; and
  
  responsive to authenticating the message, engaging in a financial transaction with the second mobile wallet application.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The machine-readable medium of claim 13, wherein the operations further comprise:
    - contacting a public key server of a domain of the second mobile wallet application;
      
      obtaining a public key of the second mobile wallet application from the public key server; and
      
      wherein comparing the calculated hash of the message to the hash value contained in the message comprises decrypting the hash value contained in the message using the public key of the second mobile wallet application.
  - 15. The machine-readable medium of claim 13, wherein the operations further comprise:
    - receiving a second message from a third mobile wallet application;
      
      determining that a hash of the second message does not match a hash in a decrypted portion of the second message; and
      
      responsive to determining that the hash of the second message does not match the hash in the decrypted portion of the second message, marking the second message as unverified.
  - 16. The machine-readable medium of claim 13, wherein the operations further comprise:
    - receiving a second message from a third mobile wallet application;
      
      sending a second challenge to the third mobile wallet application;
      
      receiving a second challenge response from the third mobile wallet application;
      
      determining whether the second challenge response includes a second correct answer to the challenge; and
      
      responsive determining that the second challenge-response does not include the second correct answer, marking the message from the second mobile wallet application as unverified.
  - 17. The machine-readable medium of claim 13, wherein the authentication is automatically done in response to receiving the message from the second mobile wallet application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Original Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Inventors
Maeng, Joon, Ramanathan, Ramanathan, Hayes, Thomas
Primary Examiner(s)
Holder, Bradley W

Application Number

US16/057,067
Time in Patent Office

490 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/36   using electronic wallets or...

G06Q 20/3829   involving key management

G06Q 20/4012   Verifying personal identifi...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 9/083   involving central third par...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3249   using RSA or related signat...

H04L 9/3271   using challenge-response

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 12/06   Authentication

H04W 12/10   Integrity

Secure digital communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

92 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Secure digital communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links