Methods and systems for provisioning mobile devices with payment credentials

US 10,510,073 B2
Filed: 08/08/2014
Issued: 12/17/2019
Est. Priority Date: 08/08/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, at a server computer, a first provisioning request from a first mobile device to provision a first payment credential associated with a first account of a first user to the first mobile device;

determining, by the server computer, a first risk level associated with the first provisioning request;

determining, by the server computer, that the first risk level is within a predetermined risk threshold range;

based on the first risk level being within the predetermined risk threshold range;

setting, by the server computer, a first token representing the first payment credential to an inactive state;

transmitting, by the server computer to the first mobile device, a first set of provisioning scripts and the first token in the inactive state;

executing, by the first mobile device, the first set of provisioning scripts;

storing, by the first mobile device, the first token and a protection flag associated with the first token in a memory of the first mobile device based on executing the first set of provisioning scripts, the protection flag representing the inactive state of the first token;

performing, by the server computer, an authentication process with the first user based on direct or indirect communication with the first mobile device;

determining, by the server computer, that the authentication process is successfully performed;

based on a successful performance of the authentication process, transmitting, by the server computer to the first mobile device, an activation script that, when executed on the first mobile device, modifies a status of the first token from the inactive state to an active state;

executing, by the first mobile device, the activation script;

disabling, by the first mobile device, the protection flag associated with the first token based on executing the activation script;

storing, by the first mobile device, the first token in the active state based on disabling the protection flag thereby configuring a first digital wallet application stored on the first mobile device with the first token;

transmitting, by the first mobile device, the first token in the active state to a first transacting entity during a first financial transaction with the first transacting entity;

receiving, at the server computer, a second provisioning request from a second mobile device to provision a second payment credential associated with a second account of a second user to the second mobile device;

determining, by the server computer, a second risk level associated with the second provisioning request;

determining, by the server computer, that the second risk level is below the predetermined risk threshold range;

based on the second risk level being below the predetermined risk threshold range;

setting, by the server computer, a second token representing the second payment credential to the active state without requiring the authentication process with the second user;

transmitting a second set of provisioning scripts and the second token in the active state to the second mobile device without requiring the authentication process with the second user;

executing, by the second mobile device, the second set of provisioning scripts on the second mobile device;

storing, by the second mobile device, the second token in the active state based on executing the second set of provisioning scripts and without requiring the authentication process with the second user, thereby configuring a second digital wallet application stored on the second mobile device with the second token, andtransmitting, by the second mobile device, the second token in the active state to a second transacting entity during a second financial transaction with the second transacting entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are described that are directed to optimizing the provisioning of payment account credentials to mobile devices utilizing mobile wallets. In some embodiments, one of multiple provisioning schemes may be selectively chosen for payment account credential provisioning based upon a determined risk involved with a particular provisioning request. A low risk provisioning request leads to an immediate provisioning of a payment credential, whereas a provisioning request of high risk results in the provisioning request being denied. In some embodiments, medium risk provisioning requests will cause an additional user authentication to be performed before the payment account provisioning is finalized. The additional user authentication may occur using a separate communication channel than the channel in which the provisioning request was received.

551 Citations

12 Claims

1. A method, comprising:
- receiving, at a server computer, a first provisioning request from a first mobile device to provision a first payment credential associated with a first account of a first user to the first mobile device;
  
  determining, by the server computer, a first risk level associated with the first provisioning request;
  
  determining, by the server computer, that the first risk level is within a predetermined risk threshold range;
  
  based on the first risk level being within the predetermined risk threshold range;
  
  setting, by the server computer, a first token representing the first payment credential to an inactive state;
  
  transmitting, by the server computer to the first mobile device, a first set of provisioning scripts and the first token in the inactive state;
  
  executing, by the first mobile device, the first set of provisioning scripts;
  
  storing, by the first mobile device, the first token and a protection flag associated with the first token in a memory of the first mobile device based on executing the first set of provisioning scripts, the protection flag representing the inactive state of the first token;
  
  performing, by the server computer, an authentication process with the first user based on direct or indirect communication with the first mobile device;
  
  determining, by the server computer, that the authentication process is successfully performed;
  
  based on a successful performance of the authentication process, transmitting, by the server computer to the first mobile device, an activation script that, when executed on the first mobile device, modifies a status of the first token from the inactive state to an active state;
  
  executing, by the first mobile device, the activation script;
  
  disabling, by the first mobile device, the protection flag associated with the first token based on executing the activation script;
  
  storing, by the first mobile device, the first token in the active state based on disabling the protection flag thereby configuring a first digital wallet application stored on the first mobile device with the first token;
  
  transmitting, by the first mobile device, the first token in the active state to a first transacting entity during a first financial transaction with the first transacting entity;
  
  receiving, at the server computer, a second provisioning request from a second mobile device to provision a second payment credential associated with a second account of a second user to the second mobile device;
  
  determining, by the server computer, a second risk level associated with the second provisioning request;
  
  determining, by the server computer, that the second risk level is below the predetermined risk threshold range;
  
  based on the second risk level being below the predetermined risk threshold range;
  
  setting, by the server computer, a second token representing the second payment credential to the active state without requiring the authentication process with the second user;
  
  transmitting a second set of provisioning scripts and the second token in the active state to the second mobile device without requiring the authentication process with the second user;
  
  executing, by the second mobile device, the second set of provisioning scripts on the second mobile device;
  
  storing, by the second mobile device, the second token in the active state based on executing the second set of provisioning scripts and without requiring the authentication process with the second user, thereby configuring a second digital wallet application stored on the second mobile device with the second token, andtransmitting, by the second mobile device, the second token in the active state to a second transacting entity during a second financial transaction with the second transacting entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - receiving, at the server computer, a third provisioning request to provision a third payment credential to a third mobile device, wherein the third payment credential is associated with a third account of a third user;
      
      determining a third risk level associated with the third provisioning request;
      
      determining that the third risk level meets or exceeds the predetermined risk threshold range;
      
      based on the third risk level being meeting or exceeding the predetermined risk threshold range,determining, by the server computer, that the third provisioning request is denied; and
      
      transmitting, by the server computer to the third mobile device, a provisioning request denial message indicating that the third provisioning request is denied.
  - 3. The method of claim 1, wherein:
    - said performing the authentication process with the first user comprises providing a dynamic verification value to the first user; and
      
      said successful performance of the authentication process comprises receiving, at the server computer, a consumer verification response that includes the dynamic verification value.
  - 4. The method of claim 3, wherein said providing the dynamic verification value to the first user comprises:
    - providing the dynamic verification value to the first user through an issuer of the first account by;
      
      generating, by the server computer, the dynamic verification value; and
      
      transmitting, by the server computer, the dynamic verification value to an issuer computer of the issuer to cause the issuer to provide the dynamic verification value to the first user.
  - 5. The method of claim 3, further comprising:
    - receiving, at the server computer, a message transmitted by an issuer computer of an issuer of the first account, wherein the message includes the dynamic verification value; and
      
      comparing, by the server computer, the received dynamic verification value of the consumer verification response with a stored copy of the dynamic verification value received from the issuer computer,wherein said providing the dynamic verification value to the first user comprises transmitting, by the server computer to the issuer computer, a request for the dynamic verification value.
  - 6. The method of claim 3, further comprising:
    - determining, by the server computer, whether the received dynamic verification value of the consumer verification response has a same value as an output of a validation algorithm utilizing at least two input values, wherein the at least two input values comprise an account identifier of the first account and a time value,wherein said providing the dynamic verification value to the first user comprises transmitting, by the server computer, a request to an issuer computer of an issuer of the first account for the dynamic verification value to be generated and provided to the first user.
  - 7. The method of claim 1, further comprising:
    - generating a set of one or more consumer-specific encryption keys;
      
      providing at least one of the set of consumer-specific encryption keys to the first mobile device;
      
      encrypting a communication message using one of the set of consumer-specific encryption keys to yield an encrypted communication message; and
      
      transmitting the encrypted communication message to a wallet application provider, wherein the wallet application provider provides the encrypted communication message to the first mobile device and does not have any of the set of consumer-specific encryption keys.
  - 8. The method of claim 1, further comprising:
    - receiving, at the server computer, an authorization request message for the first financial transaction;
      
      generating, by the server computer, a unique transaction identifier for the first financial transaction; and
      
      transmitting, by the server computer, the unique transaction identifier and additional transaction information for the first financial transaction, wherein the first mobile device, upon receipt of the unique transaction identifier and the additional transaction information;
      
      identifies a record of a transaction log based upon the unique transaction identifier, andupdates the record based upon the additional transaction information.
  - 9. The method of claim 1, wherein the first provisioning request excludes a primary account number (PAN) of the first account, and includes a reference identifier of the PAN, and wherein the method further comprises identifying, by the server computer, the first account using the reference identifier.

10. A system, comprising:
- a mobile device including one or more processors, and a first non-transitory computer readable storage medium communicatively coupled with the one or more processors of the mobile device; and
  
  a server computer including one or more processors, and a second non-transitory computer readable storage medium communicatively coupled with the one or more processors of the server computer and storing instructions which, when executed by the one or more processors of the server computer, cause the server computer to perform operations comprising;
  
  receiving a provisioning request from the mobile device to provision a payment credential associated with an account of a user to the mobile device;
  
  determining a risk level associated with the provisioning request;
  
  comparing the risk level to a predetermined risk threshold range;
  
  based on the risk level being within the predetermined risk threshold range;
  
  setting a token representing the payment credential to an inactive state;
  
  transmitting a set of provisioning scripts and the token in the inactive state to the mobile device;
  
  performing an authentication process with the user based on direct or indirect communication with the mobile device;
  
  determining that the authentication process is successfully performed;
  
  based on a successful performance of the authentication process, transmitting, to the mobile device, an activation script that, when executed on the mobile device, modifies a status of the token to an active state;
  
  the first non-transitory computer readable storage medium storing instructions which, when executed by the one or more processors of the mobile device, cause the mobile device to execute the activation script to provision the token in the active state on the mobile device thereby configuring a digital wallet application stored on the mobile device with first token;
  
  based on the risk level being below the predetermined risk threshold range;
  
  setting the token representing the payment credential to the active state without requiring the authentication process with the user;
  
  transmitting the set of provisioning scripts and the token in the active state to the mobile device without requiring the authentication process with the user when the risk level is below the predetermined risk threshold range;
  
  the first non-transitory computer readable storage medium storing instructions which, when executed by the one or more processors of the mobile device, cause the mobile device to;
  
  execute the set of provisioning scripts;
  
  based on the risk level being within the predetermined risk threshold range;
  
  store the token and a protection flag associated with the token in a memory of the mobile device based on executing the set of provisioning scripts, the protection flag representing the inactive state of the token;
  
  execute the activation script;
  
  disable the protection flag associated with the first token based on executing the activation script;
  
  store the token in the active state based on disabling the protection flag thereby configuring the digital wallet application stored on the mobile device with the token;
  
  based on the risk level being within the predetermined risk threshold range;
  
  store the token in the active state based on executing the set of provisioning scripts and without requiring the authentication process with the user, thereby configuring the digital wallet application stored on the mobile device with the token;
  
  transmit the token in the active state to a transacting entity during a financial transaction with the transacting entity.
- View Dependent Claims (11, 12)
- - 11. The system of claim 10, wherein the second non-transitory computer readable storage medium storing further instructions which, when executed by the one or more processors of the server computer, cause the server computer to perform operations comprising:
    - after comparing, by the server computer, the risk level to the predetermined risk threshold range, determining that the risk level meets or exceeds the predetermined risk threshold range;
      
      based on the risk level meeting or exceeding the predetermined risk threshold range;
      
      determining that the provisioning request is denied; and
      
      transmitting, to the mobile device, a provisioning request denial message indicating that the provisioning request is denied.
  - 12. The server computer of claim 10, wherein:
    - said performing the authentication process with the user comprises providing a dynamic verification value to the user; and
      
      said successful performance of the authentication process comprises receiving a consumer verification response that includes the dynamic verification value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Wong, Erick, Pirzadeh, Kiushan, Makhotin, Oleg, Powell, Glenn, Karpenko, Igor, Sheets, John, Liu, Frederick
Primary Examiner(s)
Kim, Steven S
Assistant Examiner(s)
Sax, Timothy Paul

Application Number

US14/455,600
Publication Number

US 20150046339A1
Time in Patent Office

1,957 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/4016   involving fraud or risk lev...

Methods and systems for provisioning mobile devices with payment credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

551 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems for provisioning mobile devices with payment credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

551 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others