Systems and methods for authenticating mobile devices
First Claim
1. A computer-implemented method for authenticating mobile devices, the method comprising:
- receiving, from a mobile device, device identifying information stored in a secure element included in a memory of the mobile device;
provisioning the mobile device with a near field communication (NFC) payment application configured to derive unique transaction specific keys, the provisioning comprising;
receiving a provisioning request from the mobile device to provision the NFC payment application on the mobile device;
determining the mobile device is capable of receiving the NFC payment application based on determining an amount of memory required for provisioning the NFC payment application and additional space for key storage is available in the secure element included in the memory of the mobile device; and
installing the NFC payment application in the secure element included in the memory of the mobile device;
communicating, to the mobile device during the provisioning of the NFC payment application, a base level key utilized by the NFC payment application to derive unique transaction specific keys to encrypt subsequent communications output by the mobile device;
receiving, from the mobile device, a communication encrypted with a unique transaction specific key;
generating, based at least in part upon the device identifying information and the base level key, a derived key by combining the base level key with at least a portion of the device identifying information to derive an intermediary key used to generate the derived key; and
utilizing the derived key to decrypt the received communication and authenticate the mobile device,wherein the above operations are performed by one or more computers associated with a service provider.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention provide systems and methods for authenticating mobile devices. Device identifying information may be received for a mobile device. A base level key may also be communicated to the mobile device. The base level key may be utilized by the mobile device to derive unique transaction specific keys to encrypt subsequent communications output by the mobile device. A communication encrypted with a unique transaction specific key may be received from the mobile device. Based at least in part upon the device identifying information and the base level key, a derived key may be generated, and the derived key may be utilized to decrypt the received communication and authenticate the mobile device. In certain embodiments, the above operations may be performed by one or more computers associated with a service provider.
154 Citations
21 Claims
-
1. A computer-implemented method for authenticating mobile devices, the method comprising:
-
receiving, from a mobile device, device identifying information stored in a secure element included in a memory of the mobile device; provisioning the mobile device with a near field communication (NFC) payment application configured to derive unique transaction specific keys, the provisioning comprising; receiving a provisioning request from the mobile device to provision the NFC payment application on the mobile device; determining the mobile device is capable of receiving the NFC payment application based on determining an amount of memory required for provisioning the NFC payment application and additional space for key storage is available in the secure element included in the memory of the mobile device; and installing the NFC payment application in the secure element included in the memory of the mobile device; communicating, to the mobile device during the provisioning of the NFC payment application, a base level key utilized by the NFC payment application to derive unique transaction specific keys to encrypt subsequent communications output by the mobile device; receiving, from the mobile device, a communication encrypted with a unique transaction specific key; generating, based at least in part upon the device identifying information and the base level key, a derived key by combining the base level key with at least a portion of the device identifying information to derive an intermediary key used to generate the derived key; and utilizing the derived key to decrypt the received communication and authenticate the mobile device, wherein the above operations are performed by one or more computers associated with a service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for authenticating mobile devices, the system comprising:
-
at least one memory configured to store computer-executable instructions; and at least one processor configured to access the at least one memory and execute the computer-executable instructions to; receive, from a mobile device, device identifying information stored in a secure element included in a memory of the mobile device; provision the mobile device with a near field communication (NFC) payment application configured to derive unique transaction specific keys, the provisioning comprising; receiving a provisioning request from the mobile device to provision the NFC payment application on the mobile device; determining the mobile device is capable of receiving the NFC payment application based on determining an amount of memory required for provisioning the NFC payment application and additional space for key storage is available in the secure element included in the memory of the mobile device; and installing the NFC payment application in the secure element included in the memory of the mobile device; direct communication, to the mobile device during the provisioning of the NFC payment application, of a base level key utilized by the NFC payment application to derive unique transaction specific keys to encrypt subsequent communications output by the mobile device; receive, from the mobile device, a communication encrypted with a unique transaction specific key; generate, based at least in part upon the device identifying information and the base level key, a derived key by combining the base level key with at least a portion of the device identifying information to derive an intermediary key used to generate the derived key; and utilize the derived key to decrypt the received communication and authenticate the mobile device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented method for authenticating a mobile device, the method comprising:
-
communicating, by a mobile device to a service provider, device identifying information stored in a secure element included in a memory of the mobile device; provisioning, by the service provider, the mobile device with a near field communication (NFC) payment application configured to derive unique transaction specific keys, the provisioning comprising; receiving a provisioning request from the mobile device to provision the NFC payment application on the mobile device; determining the mobile device is capable of receiving the NFC payment application based on determining an amount of memory required for provisioning the NFC payment application and additional space for key storage is available in the secure element included in the memory of the mobile device; and installing the NFC payment application in the secure element included in the memory of the mobile device; receiving, by the mobile device from the service provider during the provisioning of the NFC payment application, a base level key; utilizing, by the NFC payment application, the base level key to derive a unique transaction specific key by combining the base level key with at least a portion of the device identifying information to derive an intermediary key used to generate the unique transaction specific key; encrypting, by the mobile device utilizing the unique transaction specific key, a communication; and outputting, by the mobile device to the service provider, the encrypted communication, wherein the service provider utilizes the device identifying information and the base level key to generate a key to decrypt the communication and authenticate the mobile device. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification