Systems and methods for authenticating mobile devices

US 9,059,980 B2
Filed: 05/25/2012
Issued: 06/16/2015
Est. Priority Date: 05/26/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for authenticating mobile devices, the method comprising:

receiving, from a mobile device, device identifying information stored in a secure element included in a memory of the mobile device;

provisioning the mobile device with a near field communication (NFC) payment application configured to derive unique transaction specific keys, the provisioning comprising;

receiving a provisioning request from the mobile device to provision the NFC payment application on the mobile device;

determining the mobile device is capable of receiving the NFC payment application based on determining an amount of memory required for provisioning the NFC payment application and additional space for key storage is available in the secure element included in the memory of the mobile device; and

installing the NFC payment application in the secure element included in the memory of the mobile device;

communicating, to the mobile device during the provisioning of the NFC payment application, a base level key utilized by the NFC payment application to derive unique transaction specific keys to encrypt subsequent communications output by the mobile device;

receiving, from the mobile device, a communication encrypted with a unique transaction specific key;

generating, based at least in part upon the device identifying information and the base level key, a derived key by combining the base level key with at least a portion of the device identifying information to derive an intermediary key used to generate the derived key; and

utilizing the derived key to decrypt the received communication and authenticate the mobile device,wherein the above operations are performed by one or more computers associated with a service provider.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide systems and methods for authenticating mobile devices. Device identifying information may be received for a mobile device. A base level key may also be communicated to the mobile device. The base level key may be utilized by the mobile device to derive unique transaction specific keys to encrypt subsequent communications output by the mobile device. A communication encrypted with a unique transaction specific key may be received from the mobile device. Based at least in part upon the device identifying information and the base level key, a derived key may be generated, and the derived key may be utilized to decrypt the received communication and authenticate the mobile device. In certain embodiments, the above operations may be performed by one or more computers associated with a service provider.

154 Citations

21 Claims

1. A computer-implemented method for authenticating mobile devices, the method comprising:
- receiving, from a mobile device, device identifying information stored in a secure element included in a memory of the mobile device;
  
  provisioning the mobile device with a near field communication (NFC) payment application configured to derive unique transaction specific keys, the provisioning comprising;
  
  receiving a provisioning request from the mobile device to provision the NFC payment application on the mobile device;
  
  determining the mobile device is capable of receiving the NFC payment application based on determining an amount of memory required for provisioning the NFC payment application and additional space for key storage is available in the secure element included in the memory of the mobile device; and
  
  installing the NFC payment application in the secure element included in the memory of the mobile device;
  
  communicating, to the mobile device during the provisioning of the NFC payment application, a base level key utilized by the NFC payment application to derive unique transaction specific keys to encrypt subsequent communications output by the mobile device;
  
  receiving, from the mobile device, a communication encrypted with a unique transaction specific key;
  
  generating, based at least in part upon the device identifying information and the base level key, a derived key by combining the base level key with at least a portion of the device identifying information to derive an intermediary key used to generate the derived key; and
  
  utilizing the derived key to decrypt the received communication and authenticate the mobile device,wherein the above operations are performed by one or more computers associated with a service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, further comprising:
    - receiving, from the mobile device, an identifier associated with the unique transaction specific key; and
      
      utilizing the received identifier to identify the derived key.
  - 3. The computer-implemented method of claim 1, wherein generating a derived key comprises generating a derived key utilizing a derived unique key per transaction (DUKPT) process.
  - 4. The computer-implemented method of claim 3, wherein generating a derived key comprises:
    - providing the intermediary key to the DUKPT process to generate the derived key.
  - 5. The computer-implemented method of claim 1, wherein receiving device identifying information comprises receiving a card product life cycle (CPLC) for the device.
  - 6. The computer-implemented method of claim 1, further comprising:
    - storing the received device identifying information.
  - 7. The computer-implemented method of claim 1, wherein receiving a communicationencrypted with a unique transaction specific key comprises receiving a communication during a secure socket layer (SSL) handshake with the mobile device.

8. A system for authenticating mobile devices, the system comprising:
- at least one memory configured to store computer-executable instructions; and
  
  at least one processor configured to access the at least one memory and execute the computer-executable instructions to;
  
  receive, from a mobile device, device identifying information stored in a secure element included in a memory of the mobile device;
  
  provision the mobile device with a near field communication (NFC) payment application configured to derive unique transaction specific keys, the provisioning comprising;
  
  receiving a provisioning request from the mobile device to provision the NFC payment application on the mobile device;
  
  determining the mobile device is capable of receiving the NFC payment application based on determining an amount of memory required for provisioning the NFC payment application and additional space for key storage is available in the secure element included in the memory of the mobile device; and
  
  installing the NFC payment application in the secure element included in the memory of the mobile device;
  
  direct communication, to the mobile device during the provisioning of the NFC payment application, of a base level key utilized by the NFC payment application to derive unique transaction specific keys to encrypt subsequent communications output by the mobile device;
  
  receive, from the mobile device, a communication encrypted with a unique transaction specific key;
  
  generate, based at least in part upon the device identifying information and the base level key, a derived key by combining the base level key with at least a portion of the device identifying information to derive an intermediary key used to generate the derived key; and
  
  utilize the derived key to decrypt the received communication and authenticate the mobile device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - receive, from the mobile device, an identifier associated with the unique transaction specific key; and
      
      utilize the received identifier to identify the derived key.
  - 10. The system of claim 8, wherein the derived key is generated utilizing a derived unique key per transaction (DUKPT) process.
  - 11. The system of claim 10, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - provide the intermediary key to the DUKPT process to generate the derived key.
  - 12. The system of claim 8, wherein the received device identifying information comprises a card product life cycle (CPLC) for the device.
  - 13. The system of claim 8, wherein the at least one processor is further configured to execute the computer-executable instructions to:
    - direct storage of the received device identifying information.
  - 14. The system of claim 8, wherein the communication encrypted with a unique transaction specific key is received during a secure socket layer (SSL) handshake with the mobile device.

15. A computer-implemented method for authenticating a mobile device, the method comprising:
- communicating, by a mobile device to a service provider, device identifying information stored in a secure element included in a memory of the mobile device;
  
  provisioning, by the service provider, the mobile device with a near field communication (NFC) payment application configured to derive unique transaction specific keys, the provisioning comprising;
  
  receiving a provisioning request from the mobile device to provision the NFC payment application on the mobile device;
  
  determining the mobile device is capable of receiving the NFC payment application based on determining an amount of memory required for provisioning the NFC payment application and additional space for key storage is available in the secure element included in the memory of the mobile device; and
  
  installing the NFC payment application in the secure element included in the memory of the mobile device;
  
  receiving, by the mobile device from the service provider during the provisioning of the NFC payment application, a base level key;
  
  utilizing, by the NFC payment application, the base level key to derive a unique transaction specifickey by combining the base level key with at least a portion of the device identifying information to derive an intermediary key used to generate the unique transaction specific key;
  
  encrypting, by the mobile device utilizing the unique transaction specific key, a communication; and
  
  outputting, by the mobile device to the service provider, the encrypted communication,wherein the service provider utilizes the device identifying information and the base level key to generate a key to decrypt the communication and authenticate the mobile device.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer-implemented method of claim 15, further comprising:
    - communicating, from the mobile device to the service provider, an identifier associated with the unique transaction specific key,wherein the service provider utilizes the received identifier to identify the generated key utilized to decrypt the communication.
  - 17. The computer-implemented method of claim 15, wherein deriving a unique transaction specific key comprises generating a unique transaction specific key utilizing a derived unique key per transaction (DUKPT) process.
  - 18. The computer-implemented method of claim 17, wherein generating a unique transaction specific key comprises:
    - providing, by the mobile device, the intermediary key to the DUKPT process to generate the unique transaction specific key.
  - 19. The computer-implemented method of claim 18, wherein combining the base level key with at least a portion of the device identifying information comprises combining the base level key with at least a portion of a card product life cycle (CPLC) for the device.
  - 20. The computer-implemented method of claim 15, further comprising:
    - storing, by the mobile device, the base level key in a secure element associated with the mobile device.
  - 21. The computer-implemented method of claim 15, wherein outputting the encrypted communication comprises outputting the encrypted communication during a secure socket layer (SSL) handshake between the mobile device and the service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Kean, Brian, Cambridge, Devin Michael
Primary Examiner(s)
THIAW, CATHERINE B

Application Number

US13/481,356
Publication Number

US 20120300938A1
Time in Patent Office

1,117 Days
Field of Search

380277-279
US Class Current

1/1
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2209/80   Wireless network architectu...

H04L 2463/061   applying further key deriva...

H04L 2463/062   applying encryption of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 9/3234   involving additional secure...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

Systems and methods for authenticating mobile devices

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

154 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for authenticating mobile devices

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

154 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others