Token and cryptogram using transaction specific information
US-2018006821-A1 · Jan 4, 2018 · US
Secure authentication of user and mobile device
US10116447B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10116447-B2 |
| Application number | US-201615046341-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 17, 2016 |
| Priority date | Feb 17, 2015 |
| Publication date | Oct 30, 2018 |
| Grant date | Oct 30, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An authentication method is disclosed. To authenticate a user, a mobile device may request identification and verification from the user. Upon receiving a positive identification and verification response from the user, the mobile device may generate a cryptogram using a user identification (ID) associated with the user, a timestamp, a device ID associated with the mobile device, a service provider application ID associated with the service provider application, and a service provider device ID. The mobile device may transmit the generated cryptogram, the user ID, the timestamp, the device ID, the service provider application ID, and the service provider device ID, to a service provider computer associated with the service provider application. The service provider computer may decrypt the cryptogram and compare the decrypted data elements to the received data elements to validate and authenticate the user.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for authentication, comprising: receiving, by a mobile device, a user request to access a service provider application; in response to the user request to access the service provider application, requesting, by the mobile device, using the service provider application and via an operating system on the mobile device, identification and verification from the user via an identification and verification application residing within the mobile device; receiving, by the identification and verification application on the mobile device, a positive identification and verification response; generating, by a cryptogram generation module in the mobile device, a cryptogram using a user identification (ID) associated with the user, a timestamp, a device ID associated with the mobile device, a service provider device ID, and a service provider application ID, wherein the service provider device ID uniquely identifies the mobile device used at a time of registration with the service provider application, and the user that registered with the service provider application; and transmitting, by the mobile device, the generated cryptogram, the user ID, the timestamp, the device ID, the service provider device ID, and the service provider application ID, to a service provider computer associated with the service provider application, wherein the service provider computer verifies the cryptogram using the timestamp, the device ID, the service provider application ID, and the service provider device ID. 2. The method of claim 1 , wherein the cryptogram is generated within a secure element (SE) of the mobile device. 3. The method of claim 1 , wherein the service provider computer verifies the cryptogram by determining a plurality of data elements encoded within the cryptogram, and then comparing the determined plurality of data elements to the user ID, the timestamp, the device ID, the service provider application ID, and the service provider device ID received by the service provider computer. 4. The method of claim 3 , wherein the user and the mobile device are authenticated based on the comparing. 5. The method of claim 1 , wherein the cryptogram is also generated using the positive identification and verification response. 6. The method of claim 1 , wherein the identification and verification services comprises at least one of fingerprint identification and verification, iris identification and verification, or voice identification and verification. 7. The method of claim 1 , wherein the cryptogram is transmitted to the service provider computer over the Internet. 8. The method of claim 1 , wherein the service provider computer is a digital wallet provider computer and the service provider application is a digital wallet application. 9. A mobile device, comprising: a processor; and a non-transitory computer readable medium, the non-transitory computer readable medium comprising code, executable by the processor, for implementing a method: receiving a user request to access a service provider application; in response to the user request to access the service provider application, requesting, using the service provider application and via an operating system on the mobile device, identification and verification from the user via an identification and verification application residing within the mobile device; receiving, by the identification and verification application on the mobile device, a positive identification and verification response; generating, by a cryptogram generation module on the mobile device, a cryptogram using a user identification (ID) associated with the user, a timestamp, a device ID associated with the mobile device, a service provider device ID, and a service provider application ID, wherein the service provider device ID uniquely identifies the mobile device used at a time of registration with the service provider application, and the user that registered with the service provider application; and transmitting the generated cryptogram, the user ID, the timestamp, the device ID, the service provider device ID, and the service provider application ID, to a service provider computer associated with the service provider application, wherein the service provider computer verifies the cryptogram, using the timestamp, the device ID, the service provider application ID, and the service provider device ID. 10. The mobile device of claim 9 , wherein the cryptogram is generated within a secure element (SE) of the mobile device. 11. The mobile device of claim 9 , wherein the service provider computer verifies the cryptogram by determining a plurality of data elements encoded within the cryptogram, and then comparing the determined plurality of data elements to the user ID, the timestamp, the device ID, the service provider application ID, and the service provider device ID received by the service provider computer. 12. The mobile device of claim 11 , wherein the user and the mobile device are authenticated based on the comparing. 13. The mobile device of claim 9 , wherein the cryptogram is also generated using the positive identification and verification response. 14. The mobile device of claim 9 , wherein the identification and verification services comprises at least one of fingerprint identification and verification, iris identification and verification, or voice identification and verification. 15. The mobile device of claim 9 , wherein the cryptogram is transmitted to the service provider computer over the Internet. 16. The mobile device of claim 9 , wherein the cryptogram is matched to a transaction ID by the service provider computer. 17. A method for authentication, comprising: receiving, by a service provider computer associated with a service provider application, a generated cryptogram, a user ID, a timestamp, a device ID, a service provider device ID, and a service provider application ID from a mobile device, wherein the generated cryptogram was generated by a cryptogram generation module on the mobile device, by encrypting the user ID, the timestamp, the device ID, the service provider device ID, and the service provider application ID using a cryptogram generation module on the mobile device, wherein the service provider device ID uniquely identifies the mobile device used at a time of registration with the service provider application, and the user that registered with the service provider application; decrypting, by the service provider, the received generated cryptogram; and verifying, by the service provider computer, the cryptogram by determining a plurality of data elements encoded within the cryptogram, and then comparing the determined plurality of data elements to the user ID, the timestamp, the device ID, the service provider application ID, and the service provider device ID received by the service provider computer. 18. The method of claim 17 , further comprising authenticating a user of the mobile device based on the verifying. 19. The method of claim 17 , wherein the cryptogram was generated by the mobile device in response to receiving by a service provider application on the mobile device, a positive identification and verification response, the positive identification and verification response received in response to an identification and verification request, to a user of the mobile device, initiated by an identification and verification application on the mobile device. 20. The method of claim 19 , wherein the identification and verification application
Assignees
Inventors
Classifications
Wireless · CPC title
Timestamp · CPC title
- H04L63/0861Primary
using biometrical features, e.g. fingerprint, retina-scan (cryptographic mechanisms or cryptographic arrangements for entity authentication using biological data H04L9/3231) · CPC title
Financial cryptography, e.g. electronic payment or e-cash · CPC title
- H04L9/3228Primary
One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10116447B2 cover?
- An authentication method is disclosed. To authenticate a user, a mobile device may request identification and verification from the user. Upon receiving a positive identification and verification response from the user, the mobile device may generate a cryptogram using a user identification (ID) associated with the user, a timestamp, a device ID associated with the mobile device, a service prov…
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0861. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 30 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).