System and method for identity verification across mobile applications

Description

BACKGROUND

Advances in the capabilities of mobile devices have allowed mobile devices to be used as payment instruments to conduct payment transactions. For example, a mobile device can include mobile payment applications that can be used to conduct a payment transaction. A user having multiple payment applications on a mobile device may need to validate their identity for each one of the mobile applications. For example, the user may wish to use a payment account with multiple applications. Currently, the user needs to validate their identity for each mobile application separately to mitigate the possibility of the payment account being used by an imposter or fraudster.

Embodiments of the present invention address these and other problems individually and collectively.

SUMMARY

Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for authenticating a user on a user device across multiple mobile applications. The identity of the user is validated by encoding and subsequently validating cryptographically encrypted data in a shared data store accessible by the mobile applications tied to the same entity. Specifically, the application leverages the authentication process of a trusted mobile application (e.g. a banking mobile application) to authenticate the same user on a untrusted mobile application (e.g. a merchant mobile application).

According to some embodiments, a method includes receiving, at a server computer, user data associated with a user from a first mobile application. The method also includes determining, by the server computer, that the first mobile application is trusted. The server computer authenticates the user based on the user data. The server computer sends a cryptographic key to the mobile application after authenticating the user. An identity verification cryptogram is generated using the cryptographic key. The server computer receives the user data associated with the user and the identity verification cryptogram from a second mobile application. The server computer validates that the identity verification cryptogram is generated using the user data and the cryptographic key sent to the first mobile application. The method further comprises sending a payment token to the second mobile application upon validating the verification cryptogram.

In some embodiments, a server computer comprises a processor and a computer readable medium coupled to the processor. The computer readable medium comprises code, executable by the processor, to implement a method comprising receiving user data associated with a user from a first mobile application. The method also includes determining that the first mobile application is trusted. The method includes authenticating the user based on the user data. The method further includes sending a cryptographic key to the first mobile application after authenticating the user. An identity verification cryptogram is generated using the cryptographic key. The method further includes receiving the user data associated with the user and the identity verification cryptogram from a second mobile application. The method includes validating that the identity verification cryptogram is generated using the user data and the cryptographic key and sending a token to the second mobile application upon validating the verification cryptogram.

According to various embodiments, a method includes authenticating, by a first mobile application on a user device, a user on the user device. The method further includes sending, by the first mobile application on the user device, user data associated with the user to a server computer. The method includes receiving, by the first mobile application on the user device, a cryptographic key from the server computer. The first mobile application on the user device generates an identity verification cryptogram using the cryptographic key and stores the cryptographic key on a cloud storage system of an operating system provider of the user device. The method includes retrieving, by a second mobile application on the user device, the identity verification cryptogram from the cloud storage system. The method further includes sending, by the second mobile application on the user device, the user data associated with the user and the identity verification cryptogram to the server computer. The second mobile application on the user device receives a token from the server computer and completes a transaction with the token.

Another embodiment is directed to apparatuses, systems, and computer-readable media configured to perform the methods described above.

These and other embodiments are described in further detail below.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A shows an identity verification system according to various embodiments.

FIG. 1B shoes a flow diagram of steps performed by various entities of the identity verification system illustrated in FIG. 1A according to various embodiments.

FIG. 2 shows a flow diagram of a method performed by a server computer cloud service for authenticating a user on multiple mobile applications provided on a user device according to various embodiments.

FIG. 3 shows a flow diagram of a method performed by multiple mobile applications on a user device for authenticating a user on the multiple mobile applications according to various embodiments.

FIG. 4 is a block diagram of a portable communication device that may be used to implement the mobile banking and transaction matching operations disclosed herein, according to various embodiments.

FIG. 5 shows an exemplary computer system according to embodiments of the present invention.

DETAILED DESCRIPTION

Embodiments of the present invention provides methods, devices, and systems for authenticating a user on a user device across multiple mobile applications. The identity of the user may be validated by encoding and subsequently validating cryptographically encrypted data in a shared data store accessible by the mobile applications tied to the same entity. Specifically, the application leverages the authentication process of a trusted mobile application (e.g. a banking mobile application) on a user device to authenticate the same user on a untrusted mobile application (e.g. a merchant mobile application) on the same user device.

The present invention may include a two-level authentication process. At a first level, a first mobile application on a user device may provide user data (e.g. credentials) including, but not limited to, primary account number (PAN), expiration date of a payment account, user name, billing address and a device identifier to a server computer. According to various embodiments, the server computer may provide and/or support payment network cloud service system. The server computer may verify the information provided by the first mobile application, for example, after checking data in a database. The server computer may also verify that the first mobile application is a trusted mobile application by confirming that the first mobile application and/or the entity provisioning the first mobile application is on a trusted entities list or database. Upon verification, the server computer may send a first cryptographic key and a first payment token to the first (e.g. trusted) mobile application. The trusted mobile application may create an identity verification cryptogram using the first cryptographic key provided by the server computer. The identity verification cryptogram may be stored on a storage accessible by the user device hosting the first mobile application. For example, the identity verification cryptogram may be stored on a cloud storage system of the mobile operating system (OS) provider. In some embodiments, the first mobile application may conduct a transaction with a merchant using the first payment token.

At a second level, a second (e.g. a untrusted) mobile application may retrieve the identity verification cryptogram from the storage. The second mobile application may be provisioned on the same user device. Alternatively, the second mobile application may be provisioned on a different user device tied to the same user account. For example, the first mobile application may be provisioned on a mobile phone of the user and the second mobile application may be provisioned on a tablet of the user, wherein the mobile phone and the tablet may be associated with the same user account. The second mobile application may send the identity verification cryptogram along with the user data to the server computer. The user data sent by the second mobile application may be the same as the user data sent by the first mobile application. As provided above, the user data may include one or more of primary account number (PAN), expiration date of a payment account, user name, billing address and a device identifier. The server computer may validate the identity verification cryptogram using the received user data. That is, the server computer may verify that the received identity verification cryptogram is in fact generated using the received user data. The server computer may provide a second payment token and a second cryptographic key (e.g. a limited use cryptographic key) to the second mobile application. The second mobile application may generate a payment cryptogram using the second cryptographic key. The second mobile application may complete a payment transaction using the second payment token and the payment cryptogram.

Prior to discussing embodiments of the invention, description of some terms may be helpful in understanding embodiments of the invention.

A “user device” is an electronic device that may be transported and/or operated by a user. A user device may provide remote communication capabilities to a network. The user device may be configured to transmit and receive data or communications to and from other devices. In some embodiments, the user device may be portable. Examples of user devices may include mobile phones (e.g., smart phones, cellular phones, etc.), PDAs, portable media players, wearable electronic devices (e.g. smart watches, fitness bands, ankle bracelets, rings, earrings, etc.), electronic reader devices, and portable computing devices (e.g., laptops, netbooks, ultrabooks, etc.). Examples of user devices may also include automobiles with remote communication capabilities.

The term “server computer” may include a powerful computer or cluster of computers. For example, the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. In one example, the server computer may be a database server coupled to a Web server. The server computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers. The server computer may comprise one or more computational apparatuses and may use any of a variety of computing structures, arrangements, and compilations for servicing the requests from one or more client computers. In some embodiments, the server computer may provide and/or support payment network cloud service system.

An “issuer” may typically refer to a business entity (e.g., a bank) that maintains an account for a user that is associated with a portable user device such as an account enrolled in a mobile wallet application installed on a portable user device. An issuer may also issue a token associated with the account to a portable user device.

A “merchant” is typically an entity that engages in transactions and can sell goods or services, or provide access to goods or services.

The term “authentication” and its derivatives may refer to a process by which the credential of an endpoint (including but not limited to applications, people, devices, processes, and systems) can be verified to ensure that the endpoint is who they are declared to be.

The term “verification” and its derivatives may refer to a process that utilizes information to determine whether an underlying subject is valid under a given set of circumstances. Verification may include any comparison of information to ensure some data or information is correct, valid, accurate, legitimate, and/or in good standing.

A “key” may refer to a cryptographic key generated by an entity. A key may be part of a key pair that includes a public key and a private key. The public key may be used for public functions such as encrypting a message to send to the entity or for verifying a digital signature which was supposedly made by the entity. The private key, on the other hand may be used for private functions such as decrypting a received message or applying a digital signature. The public key will usually be authorized by a body known as a Certification Authority (CA) which stores the public key in a database and distributes it to any other entity which requests it. The private key will typically be kept in a secure storage medium and will usually only be known to the entity. However, the cryptographic systems described herein may feature key recovery mechanisms for recovering lost keys and avoiding data loss. Public and private keys may be in any suitable format, including those based on Triple Data Encryption Standard (TDES), Advanced Encryption Standard (AES), Rivest-Shamir-Adlema encryption (RSA), Elliptic Curve Cryptography (ECC), or Secure Hash Algorithm (SHA).

A “cryptogram” may refer to an encrypted representation of some information. A cryptogram can be generated using an encryption key and an encryption processes such as Data Encryption Standard (DES), TDES, or AES. A cryptogram can be used by a recipient to determine if the generator of the cryptogram is in possession of a proper key, for example, by encrypting the underlying information with a valid key, and comparing the result to the received cryptogram.

A “limited-use threshold” may refer to a condition that limits the usage of a piece of information. A limited-use threshold may be exceeded or exhausted when the underlying condition is met. For example, a limited-use threshold may include a time-to-live that indicates an amount of time for which a piece of information is valid, and once that amount of time has elapsed, the limited-use threshold is exceeded or exhausted, and the piece of information may become invalid and may no longer be used. As another example, a limited-use threshold may include a number of times that a piece of information can be used, and once the piece of information has been used for that number of times, the limited-use threshold is exceeded or exhausted, and the piece of information may become invalid and may no longer be used.

A “token” may include a number, string, bit sequence, and/or other data value intended to substitute for or represent account information associated with a user. In some embodiments, there may not be a need to substitute account information such as a primary account number (PAN) with a token—in which case, the account information or PAN can be used as the token. In some embodiments, the token may be derived from or directly related to a PAN or other payment account information (e.g., pseudo PAN, dynamic PAN, obfuscated PAN, partially encrypted PAN, etc.). In some embodiments, the token may include a randomly generated identifier that is associated with the user account.

An “application” may include any software module configured to perform a specific function or functions when executed by a processor of a computer. For example, a “mobile application” may include a software module that is configured to be operated by a mobile device. Applications may be configured to perform many different functions. For instance, a “payment application” may include a software module that is configured to store and provide account credentials for a transaction. A “wallet application” may include a software module with similar functionality to a payment application that has multiple accounts provisioned or enrolled such that they are usable through the wallet application.

A “payment application” or “wallet application” may store credentials (e.g., account identifier, expiration date, card verification value (CVV), etc.) for accounts provisioned onto the user device. The account credentials may be stored in general memory on the mobile device or on a secure trusted execution environment (e.g., a secure element) of the user device. Further, in some embodiments, the account credentials may be stored by a remote computer and the payment/wallet application may retrieve the credentials (or a portion thereof) from the remote computer before/during a transaction. Any number of different commands or communication protocols may be used to interface with the payment application and/or wallet application in order to obtain and use stored credentials associated with each application.

The payment application or wallet application may be configured to provide credentials to an authorized software application or module on a user device. For example, a payment application may be configured to interface with a master applet in order to provide credentials to a mobile application for a transaction. For instance, the payment application may provide a software development kit (SDK) or application programming interface (API) that the master wallet applet may use to interface with the payment application and/or wallet application. The payment application and/or wallet application may be configured to provide the sensitive information in encrypted form using stored encryption keys. Thus, each payment application and/or wallet application may have different commands and/or instructions for accessing the associated credentials stored by the payment/wallet application. For instance, each payment application and/or wallet application may have a different application programming interface (API) with different commands, data requirements, authentication processes, etc., for interacting with other applications operating on the user device. Accordingly, a master wallet applet may include a number of different APIs, one for each of the different payment applications and/or wallet applications that the master wallet applet is configured to interface with.

A “trusted application” may include trusted credentials that have a higher level of confidence than other applications. For example, an account application where the consumer or the consumer account was verified by the issuer during enrollment of the account may be a trusted application. Further, an issuer system was involved or participated in the account provision process of the trusted application. For example, a trusted application may be similar to a traditional payment application that is provisioned into a secure element or other trusted execution environment where multiple parties (including an issuer) are involved in the provisioning process before approval is provided for enrollment, delivery, or provisioning of the payment application. Thus, a trusted application may be provisioned with credentials in which an issuer of the credentials participated during the provisioning of the account.

An “untrusted application” may include credentials that have a lower level of confidence than a trusted application. For example, an account applet where account credentials have been enrolled by a merchant associated with the mobile application without issuer participation or verification of the consumer or the consumer account during provisioning of the account credentials may be an untrusted application. For example, some mobile applications may allow a consumer to add payment credentials of a consumer account without authenticating or contacting an issuer associated with the account of the consumer during enrollment, provisioning, or delivery of the application. Note that an application may be trusted by the user device and the name, “untrusted application” does not indicate that the application is untrusted by the device. Instead, the untrusted application may be trusted by the mobile device but may include information that cannot be confirmed as being trusted because an issuer was not involved in the enrollment or provisioning process of credentials stored by the application.

“Credentials” may include any information that identifies and/or validates the authenticity of a particular entity, article, access right, and/or item. For example, “account credentials” may include any information that identifies an account and allows a processor to verify that a device, person, or entity has permission to access the account. For example, account credentials may include an account identifier (e.g., a PAN), a token (e.g., account identifier substitute), an expiration date, a verification cryptogram, a verification value (e.g., card verification value (CVV)), personal information associated with an account (e.g., address, etc.), an account alias, or any combination thereof. Account credentials may be static or dynamic such that they change over time. Further, in some embodiments, the account credentials may include information that is both static and dynamic. For example, an account identifier and expiration date may be static but an identity verification cryptogram may be dynamic and change for each transaction. Further, in some embodiments, some or all of the account credentials may be stored in a secure memory of a mobile device. The secure memory of the mobile device may be configured such that the data stored in the secure memory may not be directly accessible by outside applications and a payment application associated with the secure memory may be accessed to obtain the credentials stored on the secure memory. Accordingly, a mobile application may interface with a payment application in order to gain access to payment credentials stored on the secure memory.

“Encrypted credentials” may include credentials which have been made unintelligible using a cryptographic key. In some embodiments, encrypted credentials may be generated by a payment application and/or wallet application of a user device using encryption keys (e.g., application public keys) that are used to encrypt stored or received credentials and/or other transaction information for a transaction. For example, a payment application may store a public encryption key (i.e., application public key) that may be paired with a private encryption key (i.e., application private key) that may be securely stored at a secure transaction processing system configured to process a payment transaction. The application private key may be used to decrypt the encrypted credentials and process a transaction using the decrypted account credentials. Additionally, in some embodiments, the application encryption key may include a symmetric encryption key, and thus the keys are not limited to public/private key pairs.

“Decrypted credentials” may include credentials that have been converted from an unintelligible state to an understandable state. For example, decrypted credentials may include the result of applying an application-specific decryption key to encrypted credentials received at a secure transaction processing system to obtain the original comprehensible credentials. Thus, by storing and sending account credentials as encrypted credentials, and decrypting the account credentials at a transaction processing system, the account credential are protected from interception by a malicious third party.

A “merchant application” may include any application associated with a relying party to a transaction. For example, a merchant application may be associated with a particular merchant or may be associated with a number of different merchants and may be capable of identifying a particular merchant (or multiple merchants) which are a party to a transaction. For instance, the merchant application may store information identifying a particular merchant server computer that is configured to provide a sales environment in which the merchant server computer is capable of processing remote transactions initiated by the merchant application. Further, the merchant application may also include a general purpose browser or other software designed to interact with multiple merchant server computers as long as the browser is configured to identify the merchant server computer and process a remote transaction. The merchant application may be installed on general purpose memory of a user device and thus, may be susceptible to malicious attacks, cracks, etc. Accordingly, the merchant application may be treated as an untrusted or unknown application by some payment and/or wallet application within the mobile device.

Embodiments of the present invention described herein include multiple different embodiments that may be combined in any suitable manner, as one of ordinary skill in the art would recognize. For example, in the various embodiments described below, various different parties, merchant applications, mobile payment applications, and transaction processors are described and specific flow diagrams are provided as examples. These examples are provided for illustration of the concepts of the present invention and are meant to be non-limiting. Accordingly, features from the various embodiments may be combined in any suitable manner including using cryptographic keys and verification cryptograms in different configurations than are provided explicitly in each illustrative system described herein.

For example, instead of the untrusted mobile application retrieving the identity verification cryptogram from the mobile OS provider cloud storage system (as described in relation to FIGS. 1 and 4), the payment network cloud service system software development kit (SDK) embedded within the untrusted mobile application may contact the mobile OS provider cloud storage system and/or the payment network cloud service system on behalf of the untrusted mobile application. Similarly, instead of the trusted mobile application providing user data directly to the payment network cloud service system (as described in relation to FIGS. 1-4), the payment network cloud service system SDK embedded within the trusted mobile application may contact the payment network cloud service system on behalf of the trusted mobile application. Accordingly, this is just one example of the various combinations that could be provided according to some embodiments of the present invention which may be described in more detail below.

I. Identity Verification System

FIGS. 1A and 1B will be discussed next in connection with each other. FIG. 1A illustrates an identity verification system 100 and FIG. 1B illustrates a sequence of steps performed by various entities of the identity verification system.

An identity verification system 100 according to various embodiments may include a user device 102, a payment network cloud service system 104 and a shared data store such as a mobile OS provider cloud storage system 106. The user device 102 may have a plurality of mobile applications installed thereon. For example, the user device 102 may include a trusted mobile application 108, such as a banking mobile application, and a untrusted mobile application 110, such as a merchant mobile application. The trusted mobile application 108 and/or the untrusted mobile application 110 may be in communication with a merchant computer 116 to conduct a transaction.

The user of the user device 102 may authenticate himself/herself to the trusted mobile application 108 by, for example, entering a pin code to the user device 102 or any other authentication means. The trusted mobile application 108 may provide the account credentials (i.e. user data) such as the primary account number (PAN), the expiration date, the name on the account, the billing address, the device identifier and the like to the payment network cloud service system 104 (step S150 in FIG. 1B). A verification engine 120 of the payment network cloud service system 104 may verify the information provided by the trusted mobile application 108 and ensure that the trusted mobile application 108 is in fact a trusted application (step S152 in FIG. 1B). For example, the payment network cloud service system 104 may consult a database 118, such as a database or a list of trusted entities, to find the trusted mobile application 108 and/or an entity that provisioned the trusted mobile application 108 on the user device 102. Upon verification, the payment network cloud service system 104 may send a first payment token and a first cryptographic key to the trusted mobile application 108 (step S154 in FIG. 1B). The first payment token may include a substitute account number used to identify the PAN without incorporating the actual PAN in the message. In some embodiments, the trusted mobile application 108 may conduct a payment transaction with the merchant computer 116 using the first token.

Using the first cryptographic key, the trusted mobile application 108 may create an identity verification cryptogram (step S156 in FIG. 1B). That is, the trusted mobile application 108 may encrypt the user data (i.e. account credentials) using the first cryptographic key. Any suitable encryption process may be used including DES, triple DES, AES, etc. The trusted mobile application 108 may send the identity verification cryptogram to a storage accessible by both the trusted mobile application 108 and the untrusted mobile application 110 (step S158 in FIG. 1B). For example, the trusted mobile application 108 may send the identity verification cryptogram to the mobile OS provider cloud storage system 106. The mobile OS provider cloud storage system 106 may be accessible by the particular user device 102 and an account username associated with the user device 102. Thus, access to the mobile OS provider cloud storage system 106 may be restricted to the user of the user device 102 according to the security systems of the mobile OS. For example, the mobile OS provider cloud storage system 106 may be accessible by the particular user device 102 (e.g. a mobile phone of the user) and any other device (e.g. a tablet or a laptop of the user) by providing a specific account username and corresponding passcode. The mobile OS provider cloud storage system 106 may store the identity verification cryptogram (step S160 in FIG. 1B).

One of ordinary skill in the art will appreciate that foregoing features from the various embodiments may be combined in any suitable manner including using cryptographic keys and verification cryptograms in different configurations than are provided explicitly in each illustrative system described herein. For example, instead of the trusted mobile application 108 providing the account credentials directly to the payment network cloud service system 104, the trusted mobile application 108 may include a payment network cloud service system software development kit (SDK) to contact the payment network cloud service system 104.

In some embodiments, instead of the trusted mobile application 108 providing data directly to the payment network cloud service system 104, the trusted mobile application 108 may contact a trusted cloud service (e.g. a mobile banking cloud service), which in turn may contact the payment network cloud service system 104 on behalf of the trusted mobile application 108.

Yet in other embodiments, instead of providing the first token directly to the trusted mobile application 108, the payment network cloud service system 104 may provide the first token to the mobile banking cloud service, which in turn may provide the first token to the trusted mobile application 108 on behalf of the payment network cloud service system 104.

Referring back to FIGS. 1A and 1B, the user may wish to use the untrusted mobile application 110 to conduct a transaction. The user may activate the untrusted mobile application 110 and make a request to share account credentials (e.g. user data) with a untrusted entity, such as a merchant operating the merchant computer 116. If the user wishes to use the payment account issued by the issuer computer 112, the user may be required to authenticate the untrusted mobile application 110 with the payment network cloud service system. To that end, the untrusted mobile application 110 may submit the identity verification cryptogram generated by the trusted mobile application 108 hosted on the same user device 102 along with account credentials of the user.

Using the user device 102, the user may authenticate himself to the mobile OS provider cloud storage system 106 by providing the information required by the mobile OS security such as an account username and password. One of ordinary skill in the art will appreciate that the user may authenticate himself using other techniques, such as biometrics, voice recognition, and the like. When the user is authenticated at the mobile OS provider cloud storage system 106, the untrusted mobile application 110 may request the identity verification cryptogram from the mobile OS provider cloud storage system 106 (step S162 in FIG. 1B). The untrusted mobile application 110 may generate and send a request to the mobile OS provider cloud storage system 106. The mobile OS provider cloud storage system 106 may then send the identity verification cryptogram stored in connection with the user (i.e. associated with the account username) back to the untrusted mobile application 110 (step S164 in FIG. 1B).

The untrusted mobile application 110 may provide the retrieved identity verification cryptogram along with account credentials such as PAN, the expiration date, the name on the account, the billing address, the device identifier and the like to the payment network cloud service system 104 (step S166 in FIG. 1B). The payment network cloud service system 104 may decrypt the identity verification cryptogram to obtain decrypted credentials, may compare the decrypted credentials to the user data received from the untrusted mobile application 110 (step S168 in FIG. 1B). If the decrypted credentials match the user data received from the untrusted mobile application 110, the payment network cloud service system 104 may validate that the identity verification cryptogram is generated using the account credentials received from the untrusted mobile application 110. In some embodiments, the account credentials may be stored in a database 118. Upon receiving the identity verification cryptogram and the account credentials from the untrusted mobile application 110, the payment network cloud service system 104 may access the database 118 to retrieve the information stored in connection with the user device 102 and/or the user. The payment network cloud service system 104 may then compare the information retrieved from the database 118 with the account credentials and the identity verification cryptogram received from the untrusted mobile application 110. If there is a match, the payment network cloud service system 104 may verify that the identity verification cryptogram is created using the account credentials received from the untrusted mobile application 110. Upon verification, the payment network cloud service system 104 may send a second payment token and a second cryptographic key to the untrusted mobile application 110 (step S170 in FIG. 1B). The untrusted mobile application 110 may complete the transaction with the merchant computer 116 using the second payment token and a payment cryptogram generated using the second cryptographic key provided by the payment network cloud service system 104 (step S172 in FIG. 1B). The merchant computer 116 may process the payment transaction using the second payment token and the payment cryptogram (step S174 in FIG. 1B).

In some embodiments, step S172 in FIG. 1B may further include generating a transaction cryptogram using the second cryptographic key. The second cryptographic key may be a limited-use key (LUK) associated with a set of one or more limited-use thresholds that limits the usage of the LUK. Once the usage of the LUK has exhausted or exceeded the set of one or more limited-use thresholds, a further transaction conducted using that LUK will be declined even if the underlying account is still in good standing. The set of one or more limited-use thresholds to enforce can be determined, for example, by an issuer of the account or by the payment network cloud service system.

The set of one or more limited-use thresholds may include at least one of a time-to-live indicating the duration of time for which the LUK is valid, a predetermined number of transactions for which the LUK is valid, and/or a cumulative transaction amount indicating the total transaction amount summed across one or more transactions for which the LUK is valid, or any combination thereof. For example, a LUK may be valid for a time-to-live of five days, and a transaction conducted using that LUK after five days have elapsed since the LUK was generated may be declined. As another example, a LUK may be valid for a predetermined number of five transactions, and a sixth transaction (and any subsequent transaction) conducted using that LUK may be declined. As a further example, a LUK may be valid for a cumulative transaction amount of five hundred dollars, and a transaction conducted using the LUK after that LUK has already been used for transactions totaling more than five hundred dollars may be declined.

It should be understood that the limited usage values described above are just examples, and that other usage limits can be used. For example, the number of transactions usage limit can be set to a number in the range of 2 to 10 transactions, or a number in the range of 5 to 50 transactions, etc., and the cumulative transaction amount can be set to a value in the range of $100 to $5,000, or a value in the range of $10 to $1000, etc.

It should also be noted that in some embodiments, the number of transactions limited-use threshold can be set to one transaction such each LUK is valid for only one transaction. However, in some embodiments, the network bandwidth available to a user device may be limited, or the user device may not always have uninterrupted network connectivity. As such, the number of transactions limited-use threshold can be set to more than one transaction (e.g., five transactions) in some embodiments, for example, to reduce the frequency and amount of LUK replenishments over time, and hence reduce the amount of network traffic used by the user device over time.

Generation of the payment cryptogram is described next. The untrusted application 110 on the user device 102 may receive the second cryptographic key (e.g. a limited-use key (LUK)) that is associated with a set of one or more limited-use thresholds that limits the usage of the LUK. The LUK may be received from a remote computer (e.g., the payment network cloud service system 104). In some embodiments, the set of one or more limited-use thresholds may include at least one of a time-to-live indicating a time duration that the LUK is valid for, a predetermined number of transactions that the LUK is valid for, and/or a cumulative transaction amount indicating the total transaction amount that the LUK is valid for. In some embodiments, the set of one or more limited-use thresholds may include an international usage threshold and a domestic usage threshold.

According to some embodiments, the untrusted application 110 may also receive, with the LUK, a key index that includes information pertaining to generation of the LUK. For example, the key index may include time information indicating when the LUK is generated, a replenishment counter value indicating the number of times the LUK has been replenished, a pseudo-random number that is used as a seed to generate the LUK, a transaction counter value indicating the number of transactions that has been previously conducted by a mobile application of the communication device at the time the LUK is generated, and/or any combination thereof.

A transaction (e.g., a payment transaction, access transaction, or other transaction that is performed using an account) can be initiated with the merchant 116 through the untrusted application 110. The untrusted application 110 on the user device 102 may generate a transaction cryptogram using the LUK. This can be done in any suitable manner. For example, the LUK may be used to encrypt data that is specific to the user, the payment token, and/or the device that is being used to conduct the payment transaction. Such data might include the payment token, an expiration date, a payment account number, a current time, etc.

The untrusted application 110 may send the transaction cryptogram to an access device of the merchant 116 to conduct the transaction. In some embodiments, the untrusted application 110 may also send the second payment token to the access device to conduct the transaction. The transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds and/or verification of the transaction cryptogram.

After conducting the transaction, if the set of one or more limited-use thresholds associated with the LUK has not been exhausted or exceeded (or is not about to be exhausted or exceeded), other transactions may be conducted using the transaction cryptogram. If the set of one or more limited-use thresholds associated with the LUK has been exhausted or exceeded (or is not about to be exhausted or exceeded), the untrusted application 110 may send a replenishment request for a new LUK to the payment network cloud service system 104. The replenishment request may be sent in response determining that the set of one or more limited-use thresholds associated with the LUK has been exhausted, or in response to determining that a next transaction conducted with the LUK will exhaust the set of one or more limited-use thresholds. In some embodiments, the replenishment request may be sent in response to receiving a push message requesting the communication device to replenish the LUK.

The replenishment request may include transaction log information derived from a transaction log (e.g., a transaction verification log) stored on the user device 102. In some embodiments, the transaction log stored on the user device 102 may include, for each transaction conducted using the LUK, a transaction timestamp indicating the time of the corresponding transaction, and/or an application transaction counter value associated with the corresponding transaction. In some embodiments, the transaction log information sent to the remote server may include an authentication code computed over at least the transaction log using the LUK. If the transaction log information in the replenishment request matches the transaction log information at the remote computer, a new LUK and a new key index associated with the new LUK may be sent to the untrusted application 110.

In some embodiments, the first cryptographic key used to generate the identification verification cryptogram may also be a LUK.

One of ordinary skill in the art will appreciate that foregoing features from the various embodiments may be combined in any suitable manner including using cryptographic keys and identity verification cryptograms in different configurations than are provided explicitly in each illustrative system described herein. For example, instead of the untrusted mobile application 110 retrieving the identity verification cryptogram from the mobile OS provider cloud storage system 106 and sending the identity verification cryptogram to the payment network cloud service system 104, the untrusted mobile application 110 may include a payment network cloud service system SDK that may contact the mobile OS provider cloud storage system 106 and/or the payment network cloud service system 104 on behalf of the untrusted mobile application 110.

In some embodiments, instead of the untrusted mobile application 110 providing data directly to the payment network cloud service system 104, the untrusted mobile application 110 may contact a mobile merchant/wallet cloud service, which in turn may contact the payment network cloud service system 104 on behalf of the untrusted mobile application 110.

Yet in other embodiments, instead of providing the second token direct to the untrusted mobile application 110, the payment network cloud service system 104 may provide the second token to a mobile merchant/wallet cloud service, which in turn may provide the second token to the untrusted mobile application 110 on behalf of the payment network cloud service system 104.

II. Identity Verification Method

According to various embodiments, the identity of a user may be established through a trusted mobile application and encrypted verification and/or identification data may be placed in a shared data store, such as a mobile OS provider cloud storage system. The encrypted data may be retrieved from the shared data store and used to verify the user identity through a untrusted mobile application.

Referring now to FIG. 2, a flow diagram 200 of a method performed by a server computer providing a payment network cloud service system is provided. The payment network cloud service system receives user data (e.g. account credentials) from a first mobile application installed on a user device (step 202). As provided above, the user data may include one or more of the PAN, the expiration date, the name on the account, the billing address, the device identifier and the like. One of ordinary skill in the art will appreciate that the user data is not limited to the foregoing items and other type of data may be provided to help to verify the user. The payment network cloud service system may verify the identity of the user and may verify that the first mobile application is a trusted mobile application based on the user data provided by the first mobile application (step 204). Upon verification, the payment network cloud service system may send a first payment token and a first cryptographic key to the trusted mobile application (step 206).

The trusted mobile application may generate an identity verification cryptogram using the first cryptographic key and store the identity verification cryptogram at a storage accessible by the user device. For example, the identity verification cryptogram may be stored at the mobile OS provider cloud storage system. Storing the identity verification cryptogram at the mobile OS provider cloud storage system may provide an added level of security as the access to the mobile OS provider cloud storage system is generally restricted to an account username associated with the particular user and/or user device. In some embodiments, the user may access the mobile OS provider cloud storage system using the same account username on different user devices, such a mobile phone and a tablet of the user. This may conclude a first level of authentication where the payment network cloud service system verifies the user on the trusted mobile application.

For subsequent user verification/authentication purposes, the payment network cloud service system may leverage the authentication previously granted to the trusted mobile application for other mobile applications. Specifically, the payment network cloud service system may receive user data along with the identity verification cryptogram from a second mobile application, i.e. a untrusted mobile application (step 208). The untrusted mobile application may be stored on the same user device. The received user data may include one or more of the PAN, the expiration date, the name on the account, the billing address, the device identifier and the like. The identity verification cryptogram may be retrieved from the mobile OS provider cloud storage system by the untrusted application and provided to the payment network cloud service system. The payment network cloud service system may validate that the identity verification cryptogram is generated with the user data provided by the untrusted mobile application (step 210). Upon verification, the payment network cloud service system may send a second payment token and a second cryptographic key to the untrusted mobile application (step 212). The untrusted mobile application may generate a payment cryptogram using the second cryptographic key, and use the second payment token and the payment cryptogram to conduct a transaction with a merchant.

Turning now to FIG. 3, a flow diagram 300 of a method performed by multiple mobile applications on a user device is provided. A first mobile application, e.g. a trusted mobile application, and a second mobile application, e.g. a untrusted mobile application, may be provided on a user device. The first mobile application may send user data associated with a user to a payment network cloud service system (step 302). The user data may include one or more of the PAN, the expiration date, the name on the account, the billing address, the device identifier and the like. The payment network cloud service system may authenticate the user using the user data and send confirmation results to the first mobile application. The first mobile application may receive a first payment token and a first cryptographic key from the payment network cloud service system (step 304). Using the first limited use cryptographic key and user data, the first mobile application generates an identity verification cryptogram (step 306). The first mobile application sends the identity verification cryptogram to be stored at a mobile OS provider cloud storage system (step 308).

When the user launches the second mobile application on the same user device, the second mobile application may need authorization from the payment network cloud service system prior to conducting a transaction. The previously generated identity verification cryptogram may be leveraged by the second mobile application for authentication. The second mobile application may retrieve the identity verification cryptogram from the mobile OS provider cloud storage system (step 310). The second mobile application may provide the identity verification cryptogram along with the user data to the payment network cloud service system (step 312). The user data may include one or more of the PAN, the expiration date, the name on the account, the billing address, the device identifier and the like. The payment network cloud service system may authenticate the user using the identity verification cryptogram and the user data. The payment network cloud service system may send confirmation results to the second mobile application. The second mobile application may receive a second payment token and a second cryptographic key from the payment network cloud service system (step 314). The second mobile application may generate a payment cryptogram using the second cryptographic key. Using the second payment token and the payment cryptogram, the second mobile application may complete a payment transaction with a merchant (step 316).

III. System Devices

The various participants and elements described herein with reference to FIGS. 1-3 may operate one or more computer apparatuses to facilitate the functions described herein.

FIG. 4 is a functional block diagram illustrating a user device in the form of a portable communication device that may be used to perform mobile banking operations, such as initiating transactions and receiving and displaying transaction alerts, in accordance with some embodiments of the present invention. Portable consumer device 402 may include circuitry that is used to enable certain device functions, such as telephony. The functional elements responsible for enabling those functions may include a processor 404 that is programmed to execute instructions that implement the functions and operations of the device. Processor 404 may access data storage 412 (or another suitable memory region or element) to retrieve instructions or data used in executing the instructions. Data input/output elements 408 may be used to enable a user to input data (via a microphone or keyboard, for example) or receive output data (via a speaker, for example). Display 406 may also be used to output data to a user. Communications element 410 may be used to enable data transfer between device 402 and a wireless network (via antenna 418, for example) to assist in enabling telephony and data transfer functions. Device 402 may also include contactless element interface 414 to enable data transfer between contactless element 416 and other elements of the device, where contactless element 416 may include a secure memory and a near field communications data transfer element (or another form of short range communications technology).

As noted, a mobile phone or similar device is an example of a portable communication device that may be used to display alerts as described with reference to embodiments of the present invention. However, other forms or types of user devices may be used without departing from the underlying concepts of the invention. Further, devices that are used to display alerts may not require the capability to communicate using a cellular network in order to be suitable for use with embodiments of the present invention.

Any of the elements in FIGS. 1-3, including any servers or databases, may use any suitable number of subsystems to facilitate the functions described herein.

Examples of such subsystems or components are shown in FIG. 5. The subsystems shown in FIG. 5 are interconnected via a system bus 500. Additional subsystems such as a printer 502, keyboard 504, fixed disk 506 (or other memory comprising computer readable media), monitor 508, which is coupled to display adapter 510, and others are shown. Peripherals and input/output (I/O) devices, which couple to I/O controller 512 (which can be a processor or other suitable controller), can be connected to the computer system by any number of means known in the art, such as serial port 514. For example, serial port 514 or external interface 516 can be used to connect the computer apparatus to a wide area network such as the Internet, a mouse input device, or a scanner. The interconnection via system bus allows the central processor 518 to communicate with each subsystem and to control the execution of instructions from system memory 520 or the fixed disk 506, as well as the exchange of information between subsystems. The system memory 520 and/or the fixed disk 506 may embody a computer readable medium.

Embodiments of the invention are not limited to the above-described embodiments. For example, although separate functional blocks are shown for an issuer, payment processing network, and acquirer, some entities perform all of these functions and may be included in embodiments of invention.

Specific details regarding some of the above-described aspects are provided above. The specific details of the specific aspects may be combined in any suitable manner without departing from the spirit and scope of embodiments of the invention. For example, back end processing, data analysis, data collection, and other transactions may all be combined in some embodiments of the invention. However, other embodiments of the invention may be directed to specific embodiments relating to each individual aspect, or specific combinations of these individual aspects.

It should be understood that the present invention as described above can be implemented in the form of control logic using computer software (stored in a tangible physical medium) in a modular or integrated manner. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will know and appreciate other ways and/or methods to implement the present invention using hardware and a combination of hardware and software.

Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer readable medium, such as a random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.

The above description is illustrative and is not restrictive. Many variations of the invention will become apparent to those skilled in the art upon review of the disclosure. The scope of the invention should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the pending claims along with their full scope or equivalents.

One or more features from any embodiment may be combined with one or more features of any other embodiment without departing from the scope of the invention.

A recitation of “a”, “an” or “the” is intended to mean “one or more” unless specifically indicated to the contrary.

All patents, patent applications, publications, and descriptions mentioned above are herein incorporated by reference in their entirety for all purposes. None is admitted to be prior art.

Claims

1. A method comprising: sending, by a server computer, a first cryptographic key to a first mobile application provisioned on a user device of a user by an issuer of an account of the user after authenticating the user;receiving, at the server computer, an identity verification cryptogram generated by the first mobile application using the first cryptographic key from a second mobile application, wherein the first mobile application and the second mobile application are associated with the user;validating, by the server computer, that the identity verification cryptogram was generated using the first cryptographic key previously sent by the server computer to the first mobile application; andsending, by the server computer, a token and a second cryptographic key to the second mobile application upon validating the identity verification cryptogram, wherein the token represents account information of the account issued by the issuer, and wherein the second mobile application is programmed to complete a transaction using the token and a transaction cryptogram generated by the second mobile application using the second cryptographic key.
2. The method of claim 1, further comprising: receiving, by the server computer, a first set of user data including a first device identifier from the first mobile application; andreceiving, by the server computer, a second set of user data including a second device identifier from the second mobile application.
3. The method of claim 2, further comprising: determining, using the first device identifier and the second device identifier, that the first mobile application and the second mobile application are stored on the user device.
4. The method of claim 2, further comprising: determining, using the first device identifier and the second device identifier, that the second mobile application is stored on another user device of the user.
5. The method of claim 1, wherein the identity verification cryptogram is stored at a cloud storage system accessible by the first mobile application and the second mobile application.
6. The method of claim 1, wherein the identity verification cryptogram is stored on a cloud storage system of an operating system provider of the user device.
7. The method of claim 1, further comprising: sending another token to the first mobile application along with the first cryptographic key.
8. A system comprising: a mobile device storing a first mobile application;a computer readable medium storing a second mobile application; anda server computer including: a processor; anda server-side computer readable medium coupled to the processor, the server-side computer readable medium comprising code which, when executed by the processor, causes the processor to: send a first cryptographic key to the first mobile application provisioned on a user device of a user by an issuer of an account of the user after authenticating the user;receive an identity verification cryptogram generated by the first mobile application using the first cryptographic key from the second mobile application, wherein the first mobile application and the second mobile application are associated with the user;validate that the identity verification cryptogram is generated using the first cryptographic key previously sent by the server computer to the first mobile application; andsend a token and a second cryptographic key to the second mobile application upon validating the identity verification cryptogram, wherein the token represents account information of the account issued by the issuer,wherein the second mobile application is programmed to complete a transaction using the token and a transaction cryptogram generated by the second mobile application using the second cryptographic key.
9. The system of claim 8, wherein the first mobile application is programmed to store the identity verification cryptogram at a cloud storage system accessible by the user device.
10. The system of claim 9, wherein the cloud storage system is managed by an operating system provider of the mobile device.
11. The system of claim 9, wherein the second mobile application is programmed to retrieve the identity verification cryptogram generated by the first mobile application from the cloud storage system.
12. The system of claim 8, wherein the code, when executed by the processor, further causes the processor to: send a first token to the first mobile application along with the first cryptographic key, wherein the first token represents the account issued by the issuer,wherein the first mobile application is programmed to complete a first transaction using the first token and a first transaction cryptogram generated by the first mobile application using the first cryptographic key.
13. The system of claim 8, wherein the first mobile application and the second mobile application are programmed to interface via an application programming interface.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a continuation application of U.S. application Ser. No. 14/813,997, filed Jul. 30, 2015, which claims benefit under 35 U.S.C. § 119(e) to U.S. Provisional Patent Application No. 62/031,490 filed Jul. 31, 2014 and entitled “System and Method for Identity Verification Across Mobile Applications”, the disclosure of which is incorporated by reference herein in their entirety for all purposes.

US Referenced Citations (558)

Number	Name	Date	Kind
5280527	Gullman et al.	Jan 1994	A
5613012	Hoffman et al.	Mar 1997	A
5781438	Lee et al.	Jul 1998	A
5883810	Franklin et al.	Mar 1999	A
5930767	Reber et al.	Jul 1999	A
5953710	Fleming	Sep 1999	A
5956699	Wong et al.	Sep 1999	A
6000832	Franklin et al.	Dec 1999	A
6014635	Harris et al.	Jan 2000	A
6044360	Picciallo	Mar 2000	A
6163771	Walker et al.	Dec 2000	A
6227447	Campisano	May 2001	B1
6236981	Hill	May 2001	B1
6267292	Walker et al.	Jul 2001	B1
6341724	Campisano	Jan 2002	B2
6385596	Wiser et al.	May 2002	B1
6422462	Cohen	Jul 2002	B1
6425523	Shem-Ur et al.	Jul 2002	B1
6453301	Niwa	Sep 2002	B1
6592044	Wong et al.	Jul 2003	B1
6636833	Flitcroft et al.	Oct 2003	B1
6748367	Lee	Jun 2004	B1
6805287	Bishop et al.	Oct 2004	B2
6879965	Fung et al.	Apr 2005	B2
6891953	DeMello et al.	May 2005	B1
6901387	Wells et al.	May 2005	B2
6931382	Laage et al.	Aug 2005	B2
6938019	Uzo	Aug 2005	B1
6941285	Sarcanin	Sep 2005	B2
6980670	Hoffman et al.	Dec 2005	B1
6990470	Hogan et al.	Jan 2006	B2
6991157	Bishop et al.	Jan 2006	B2
7051929	Li	May 2006	B2
7069249	Stolfo et al.	Jun 2006	B2
7103576	Mann, III et al.	Sep 2006	B2
7113930	Eccles et al.	Sep 2006	B2
7136835	Flitcroft et al.	Nov 2006	B1
7177835	Walker et al.	Feb 2007	B1
7177848	Hogan et al.	Feb 2007	B2
7194437	Britto et al.	Mar 2007	B1
7209561	Shankar et al.	Apr 2007	B1
7264154	Harris	Sep 2007	B2
7287692	Patel et al.	Oct 2007	B1
7292999	Hobson et al.	Nov 2007	B2
7350230	Forrest	Mar 2008	B2
7353382	Labrou et al.	Apr 2008	B2
7379919	Hogan et al.	May 2008	B2
RE40444	Linehan	Jul 2008	E
7415443	Hobson et al.	Aug 2008	B2
7444676	Asghari-Kamrani et al.	Oct 2008	B1
7469151	Khan et al.	Dec 2008	B2
7548889	Bhambri et al.	Jun 2009	B2
7567934	Flitcroft et al.	Jul 2009	B2
7567936	Peckover et al.	Jul 2009	B1
7571139	Giordano et al.	Aug 2009	B1
7571142	Flitcroft et al.	Aug 2009	B1
7580898	Brown et al.	Aug 2009	B2
7584153	Brown et al.	Sep 2009	B2
7593896	Flitcroft et al.	Sep 2009	B1
7606560	Labrou et al.	Oct 2009	B2
7627531	Breck et al.	Dec 2009	B2
7627895	Gifford et al.	Dec 2009	B2
7650314	Saunders	Jan 2010	B1
7685037	Reiners et al.	Mar 2010	B2
7702578	Fung et al.	Apr 2010	B2
7707120	Dominguez et al.	Apr 2010	B2
7712655	Wong	May 2010	B2
7734527	Uzo	Jun 2010	B2
7753265	Harris	Jul 2010	B2
7770789	Oder, II et al.	Aug 2010	B2
7784685	Hopkins, III	Aug 2010	B1
7793851	Mullen	Sep 2010	B2
7801826	Labrou et al.	Sep 2010	B2
7805376	Smith	Sep 2010	B2
7805378	Berardi et al.	Sep 2010	B2
7818264	Hammad	Oct 2010	B2
7828220	Mullen	Nov 2010	B2
7835960	Breck et al.	Nov 2010	B2
7841523	Oder, II et al.	Nov 2010	B2
7841539	Hewton	Nov 2010	B2
7844550	Walker et al.	Nov 2010	B2
7848980	Carlson	Dec 2010	B2
7849020	Johnson	Dec 2010	B2
7853529	Walker et al.	Dec 2010	B1
7853995	Chow et al.	Dec 2010	B2
7865414	Fung et al.	Jan 2011	B2
7873579	Hobson et al.	Jan 2011	B2
7873580	Hobson et al.	Jan 2011	B2
7890393	Talbert et al.	Feb 2011	B2
7891563	Oder, II et al.	Feb 2011	B2
7896238	Fein et al.	Mar 2011	B2
7908216	Davis et al.	Mar 2011	B1
7922082	Muscato	Apr 2011	B2
7931195	Mullen	Apr 2011	B2
7937324	Patterson	May 2011	B2
7938318	Fein et al.	May 2011	B2
7954705	Mullen	Jun 2011	B2
7959076	Hopkins, III	Jun 2011	B1
7996288	Stolfo	Aug 2011	B1
8025223	Saunders et al.	Sep 2011	B2
8046256	Chien et al.	Oct 2011	B2
8060448	Jones	Nov 2011	B2
8060449	Zhu	Nov 2011	B1
8074877	Mullen et al.	Dec 2011	B2
8074879	Harris	Dec 2011	B2
8082210	Hansen et al.	Dec 2011	B2
8095113	Kean et al.	Jan 2012	B2
8104679	Brown	Jan 2012	B2
RE43157	Bishop et al.	Feb 2012	E
8109436	Hopkins, III	Feb 2012	B1
8121942	Carlson et al.	Feb 2012	B2
8121956	Carlson et al.	Feb 2012	B2
8126449	Beenau et al.	Feb 2012	B2
8171525	Pelly et al.	May 2012	B1
8175973	Davis et al.	May 2012	B2
8190523	Patterson	May 2012	B2
8196813	Vadhri	Jun 2012	B2
8205791	Randazza et al.	Jun 2012	B2
8219489	Patterson	Jul 2012	B2
8224702	Mengerink et al.	Jul 2012	B2
8225385	Chow et al.	Jul 2012	B2
8229852	Carlson	Jul 2012	B2
8265993	Chien et al.	Sep 2012	B2
8280777	Mengerink et al.	Oct 2012	B2
8281991	Wentker et al.	Oct 2012	B2
8328095	Oder, II et al.	Dec 2012	B2
8336088	Raj et al.	Dec 2012	B2
8346666	Lindelsee et al.	Jan 2013	B2
8376225	Hopkins, III	Feb 2013	B1
8380177	Laracey	Feb 2013	B2
8387873	Saunders et al.	Mar 2013	B2
8401539	Beenau et al.	Mar 2013	B2
8401898	Chien et al.	Mar 2013	B2
8402555	Grecia	Mar 2013	B2
8403211	Brooks et al.	Mar 2013	B2
8412623	Moon et al.	Apr 2013	B2
8412837	Emigh et al.	Apr 2013	B1
8417642	Oren	Apr 2013	B2
8433116	Butler et al.	Apr 2013	B2
8447699	Batada et al.	May 2013	B2
8453223	Svigals et al.	May 2013	B2
8453925	Fisher et al.	Jun 2013	B2
8458487	Palgon et al.	Jun 2013	B1
8484134	Hobson et al.	Jul 2013	B2
8485437	Mullen et al.	Jul 2013	B2
8494959	Hathaway et al.	Jul 2013	B2
8498908	Mengerink et al.	Jul 2013	B2
8504475	Brand et al.	Aug 2013	B2
8504478	Saunders et al.	Aug 2013	B2
8510816	Quach et al.	Aug 2013	B2
8528067	Hurry et al.	Sep 2013	B2
8533860	Grecia	Sep 2013	B1
8538845	Liberty	Sep 2013	B2
8555079	Shablygin et al.	Oct 2013	B2
8566168	Bierbaum et al.	Oct 2013	B1
8567670	Stanfield et al.	Oct 2013	B2
8571939	Lindsey et al.	Oct 2013	B2
8577336	Mechaley, Jr.	Nov 2013	B2
8577803	Chatterjee et al.	Nov 2013	B2
8577813	Weiss	Nov 2013	B2
8578176	Mattsson	Nov 2013	B2
8583494	Fisher	Nov 2013	B2
8584251	McGuire et al.	Nov 2013	B2
8589237	Fisher	Nov 2013	B2
8589271	Evans	Nov 2013	B2
8589291	Carlson et al.	Nov 2013	B2
8595098	Starai et al.	Nov 2013	B2
8595812	Bomar et al.	Nov 2013	B2
8595850	Spies et al.	Nov 2013	B2
8606638	Dragt	Dec 2013	B2
8606700	Carlson et al.	Dec 2013	B2
8606720	Baker et al.	Dec 2013	B1
8615468	Varadarajan	Dec 2013	B2
8620754	Fisher	Dec 2013	B2
8635157	Smith et al.	Jan 2014	B2
8646059	von Behren et al.	Feb 2014	B1
8651374	Brabson et al.	Feb 2014	B2
8656180	Shablygin et al.	Feb 2014	B2
8751391	Freund	Jun 2014	B2
8762263	Gauthier et al.	Jun 2014	B2
8793186	Patterson	Jul 2014	B2
8838982	Carlson et al.	Sep 2014	B2
8856539	Weiss	Oct 2014	B2
8887308	Grecia	Nov 2014	B2
9065643	Hurry et al.	Jun 2015	B2
9070129	Sheets et al.	Jun 2015	B2
9100826	Weiss	Aug 2015	B2
9160741	Wentker et al.	Oct 2015	B2
9229964	Stevelinck	Jan 2016	B2
9245267	Singh	Jan 2016	B2
9249241	Dai et al.	Feb 2016	B2
9256871	Anderson et al.	Feb 2016	B2
9280765	Hammad	Mar 2016	B2
9530137	Weiss	Dec 2016	B2
9680942	Dimmick	Jun 2017	B2
20010029485	Brody et al.	Oct 2001	A1
20010034720	Armes	Oct 2001	A1
20010054003	Chien et al.	Dec 2001	A1
20020007320	Hogan et al.	Jan 2002	A1
20020016749	Borecki et al.	Feb 2002	A1
20020029193	Ranjan et al.	Mar 2002	A1
20020035548	Hogan et al.	Mar 2002	A1
20020073045	Rubin et al.	Jun 2002	A1
20020116341	Hogan et al.	Aug 2002	A1
20020133467	Hobson et al.	Sep 2002	A1
20020147913	Yip	Oct 2002	A1
20030028481	Flitcroft et al.	Feb 2003	A1
20030130955	Hawthorne	Jul 2003	A1
20030191709	Elston et al.	Oct 2003	A1
20030191945	Keech	Oct 2003	A1
20040010462	Moon et al.	Jan 2004	A1
20040050928	Bishop et al.	Mar 2004	A1
20040059682	Hasumi et al.	Mar 2004	A1
20040093281	Silverstein et al.	May 2004	A1
20040139008	Mascavage, III	Jul 2004	A1
20040143532	Lee	Jul 2004	A1
20040158532	Breck et al.	Aug 2004	A1
20040210449	Breck et al.	Oct 2004	A1
20040210498	Freund	Oct 2004	A1
20040232225	Bishop et al.	Nov 2004	A1
20040236632	Maritzen et al.	Nov 2004	A1
20040260646	Berardi et al.	Dec 2004	A1
20050037735	Coutts	Feb 2005	A1
20050080730	Sorrentino	Apr 2005	A1
20050108178	York	May 2005	A1
20050199709	Linlor	Sep 2005	A1
20050246293	Ong	Nov 2005	A1
20050269401	Spitzer et al.	Dec 2005	A1
20050269402	Spitzer et al.	Dec 2005	A1
20060235795	Johnson et al.	Oct 2006	A1
20060237528	Bishop et al.	Oct 2006	A1
20060278704	Saunders et al.	Dec 2006	A1
20070107044	Yuen et al.	May 2007	A1
20070129955	Dalmia et al.	Jun 2007	A1
20070136193	Starr	Jun 2007	A1
20070136211	Brown et al.	Jun 2007	A1
20070170247	Friedman	Jul 2007	A1
20070179885	Bird et al.	Aug 2007	A1
20070208671	Brown et al.	Sep 2007	A1
20070245414	Chan et al.	Oct 2007	A1
20070288377	Shaked	Dec 2007	A1
20070291995	Rivera	Dec 2007	A1
20080015988	Brown et al.	Jan 2008	A1
20080029607	Mullen	Feb 2008	A1
20080035738	Mullen	Feb 2008	A1
20080052226	Agarwal et al.	Feb 2008	A1
20080054068	Mullen	Mar 2008	A1
20080054079	Mullen	Mar 2008	A1
20080054081	Mullen	Mar 2008	A1
20080065554	Hogan et al.	Mar 2008	A1
20080065555	Mullen	Mar 2008	A1
20080201264	Brown et al.	Aug 2008	A1
20080201265	Hewton	Aug 2008	A1
20080228646	Myers et al.	Sep 2008	A1
20080243702	Hart et al.	Oct 2008	A1
20080245855	Fein et al.	Oct 2008	A1
20080245861	Fein et al.	Oct 2008	A1
20080283591	Oder, II et al.	Nov 2008	A1
20080302869	Mullen	Dec 2008	A1
20080302876	Mullen	Dec 2008	A1
20080313264	Pestoni	Dec 2008	A1
20090006262	Brown et al.	Jan 2009	A1
20090010488	Matsuoka et al.	Jan 2009	A1
20090037333	Flitcroft et al.	Feb 2009	A1
20090037388	Cooper et al.	Feb 2009	A1
20090043702	Bennett	Feb 2009	A1
20090048971	Hathaway et al.	Feb 2009	A1
20090106112	Dalmia et al.	Apr 2009	A1
20090106160	Skowronek	Apr 2009	A1
20090134217	Flitcroft et al.	May 2009	A1
20090157555	Biffle et al.	Jun 2009	A1
20090159673	Mullen et al.	Jun 2009	A1
20090159700	Mullen et al.	Jun 2009	A1
20090159707	Mullen et al.	Jun 2009	A1
20090173782	Muscato	Jul 2009	A1
20090200371	Kean et al.	Aug 2009	A1
20090248583	Chhabra	Oct 2009	A1
20090276347	Kargman	Nov 2009	A1
20090281948	Carlson	Nov 2009	A1
20090294527	Brabson et al.	Dec 2009	A1
20090307139	Mardikar et al.	Dec 2009	A1
20090308921	Mullen	Dec 2009	A1
20090327131	Beenau et al.	Dec 2009	A1
20100008535	Abulafia et al.	Jan 2010	A1
20100088237	Wankmueller	Apr 2010	A1
20100094755	Kloster	Apr 2010	A1
20100106644	Annan et al.	Apr 2010	A1
20100120408	Beenau et al.	May 2010	A1
20100133334	Vadhri	Jun 2010	A1
20100138347	Chen	Jun 2010	A1
20100145860	Pelegero	Jun 2010	A1
20100161433	White	Jun 2010	A1
20100185545	Royyuru et al.	Jul 2010	A1
20100211505	Saunders et al.	Aug 2010	A1
20100223186	Hogan et al.	Sep 2010	A1
20100228668	Hogan et al.	Sep 2010	A1
20100235284	Moore	Sep 2010	A1
20100258620	Torreyson et al.	Oct 2010	A1
20100291904	Musfeldt et al.	Nov 2010	A1
20100299267	Faith et al.	Nov 2010	A1
20100306076	Taveau et al.	Dec 2010	A1
20100325041	Berardi et al.	Dec 2010	A1
20110010292	Giordano et al.	Jan 2011	A1
20110016047	Wu et al.	Jan 2011	A1
20110016320	Bergsten et al.	Jan 2011	A1
20110040640	Erikson	Feb 2011	A1
20110047076	Carlson et al.	Feb 2011	A1
20110083018	Kesanupalli et al.	Apr 2011	A1
20110087596	Dorsey	Apr 2011	A1
20110093397	Carlson et al.	Apr 2011	A1
20110125597	Oder, II et al.	May 2011	A1
20110153437	Archer et al.	Jun 2011	A1
20110153498	Makhotin et al.	Jun 2011	A1
20110154466	Harper et al.	Jun 2011	A1
20110161233	Tieken	Jun 2011	A1
20110178926	Lindelsee et al.	Jul 2011	A1
20110191244	Dai	Aug 2011	A1
20110238511	Park et al.	Sep 2011	A1
20110238573	Varadarajan	Sep 2011	A1
20110246317	Coppinger	Oct 2011	A1
20110258111	Raj et al.	Oct 2011	A1
20110272471	Mullen	Nov 2011	A1
20110272478	Mullen	Nov 2011	A1
20110276380	Mullen et al.	Nov 2011	A1
20110276381	Mullen et al.	Nov 2011	A1
20110276424	Mullen	Nov 2011	A1
20110276425	Mullen	Nov 2011	A1
20110295745	White et al.	Dec 2011	A1
20110302081	Saunders et al.	Dec 2011	A1
20120023567	Hammad	Jan 2012	A1
20120028609	Hruska	Feb 2012	A1
20120030047	Fuentes et al.	Feb 2012	A1
20120035998	Chien et al.	Feb 2012	A1
20120041881	Basu et al.	Feb 2012	A1
20120047237	Arvidsson et al.	Feb 2012	A1
20120066078	Kingston et al.	Mar 2012	A1
20120072350	Goldthwaite et al.	Mar 2012	A1
20120078735	Bauer et al.	Mar 2012	A1
20120078798	Downing et al.	Mar 2012	A1
20120078799	Jackson et al.	Mar 2012	A1
20120095852	Bauer et al.	Apr 2012	A1
20120095865	Doherty et al.	Apr 2012	A1
20120116902	Cardina et al.	May 2012	A1
20120123882	Carlson et al.	May 2012	A1
20120123940	Killian et al.	May 2012	A1
20120129514	Beenau et al.	May 2012	A1
20120143754	Patel	Jun 2012	A1
20120143767	Abadir	Jun 2012	A1
20120143772	Abadir	Jun 2012	A1
20120158580	Eram et al.	Jun 2012	A1
20120158593	Garfinkle et al.	Jun 2012	A1
20120173431	Ritchie et al.	Jul 2012	A1
20120185386	Salama et al.	Jul 2012	A1
20120197807	Schlesser et al.	Aug 2012	A1
20120203664	Torossian et al.	Aug 2012	A1
20120203666	Torossian et al.	Aug 2012	A1
20120215688	Musser et al.	Aug 2012	A1
20120215696	Salonen	Aug 2012	A1
20120221421	Hammad	Aug 2012	A1
20120226582	Hammad	Sep 2012	A1
20120231844	Coppinger	Sep 2012	A1
20120233004	Bercaw	Sep 2012	A1
20120246070	Vadhri	Sep 2012	A1
20120246071	Jain et al.	Sep 2012	A1
20120246079	Wilson et al.	Sep 2012	A1
20120265631	Cronic et al.	Oct 2012	A1
20120271770	Harris et al.	Oct 2012	A1
20120290376	Dryer et al.	Nov 2012	A1
20120297446	Webb et al.	Nov 2012	A1
20120300932	Cambridge et al.	Nov 2012	A1
20120300938	Kean et al.	Nov 2012	A1
20120303503	Cambridge et al.	Nov 2012	A1
20120303961	Kean et al.	Nov 2012	A1
20120304273	Bailey et al.	Nov 2012	A1
20120310725	Chien et al.	Dec 2012	A1
20120310831	Harris et al.	Dec 2012	A1
20120316992	Oborne	Dec 2012	A1
20120317035	Royyuru et al.	Dec 2012	A1
20120317036	Bower et al.	Dec 2012	A1
20130017784	Fisher	Jan 2013	A1
20130018757	Anderson et al.	Jan 2013	A1
20130019098	Gupta et al.	Jan 2013	A1
20130031006	McCullagh et al.	Jan 2013	A1
20130054337	Brendell et al.	Feb 2013	A1
20130054466	Muscato	Feb 2013	A1
20130081122	Svigals et al.	Mar 2013	A1
20130091028	Oder, II et al.	Apr 2013	A1
20130110658	Lyman et al.	May 2013	A1
20130111599	Gargiulo	May 2013	A1
20130117185	Collison et al.	May 2013	A1
20130124290	Fisher	May 2013	A1
20130124291	Fisher	May 2013	A1
20130124364	Mittal	May 2013	A1
20130138525	Bercaw	May 2013	A1
20130144888	Faith et al.	Jun 2013	A1
20130145148	Shablygin et al.	Jun 2013	A1
20130145172	Shablygin et al.	Jun 2013	A1
20130159178	Colon et al.	Jun 2013	A1
20130159184	Thaw	Jun 2013	A1
20130166402	Parento et al.	Jun 2013	A1
20130166456	Zhang et al.	Jun 2013	A1
20130173736	Krzeminski et al.	Jul 2013	A1
20130185202	Goldthwaite et al.	Jul 2013	A1
20130191286	Cronic et al.	Jul 2013	A1
20130191289	Cronic et al.	Jul 2013	A1
20130198071	Jurss	Aug 2013	A1
20130198080	Anderson et al.	Aug 2013	A1
20130200146	Moghadam	Aug 2013	A1
20130204787	Dubois	Aug 2013	A1
20130204793	Kerridge et al.	Aug 2013	A1
20130212007	Mattsson et al.	Aug 2013	A1
20130212017	Bangia	Aug 2013	A1
20130212019	Mattsson et al.	Aug 2013	A1
20130212024	Mattsson et al.	Aug 2013	A1
20130212026	Powell et al.	Aug 2013	A1
20130212666	Mattsson et al.	Aug 2013	A1
20130218698	Moon et al.	Aug 2013	A1
20130218769	Pourfallah et al.	Aug 2013	A1
20130226799	Raj	Aug 2013	A1
20130226813	Voltz	Aug 2013	A1
20130226815	Ibasco et al.	Aug 2013	A1
20130246199	Carlson	Sep 2013	A1
20130246202	Tobin	Sep 2013	A1
20130246203	Laracey	Sep 2013	A1
20130246258	Dessert	Sep 2013	A1
20130246259	Dessert	Sep 2013	A1
20130246261	Purves et al.	Sep 2013	A1
20130246267	Tobin	Sep 2013	A1
20130254028	Salci	Sep 2013	A1
20130254052	Royyuru et al.	Sep 2013	A1
20130254102	Royyuru	Sep 2013	A1
20130254117	von Mueller et al.	Sep 2013	A1
20130262296	Thomas et al.	Oct 2013	A1
20130262302	Lettow et al.	Oct 2013	A1
20130262315	Hruska	Oct 2013	A1
20130262316	Hruska	Oct 2013	A1
20130262317	Collinge et al.	Oct 2013	A1
20130275300	Killian et al.	Oct 2013	A1
20130275307	Khan	Oct 2013	A1
20130275308	Paraskeva et al.	Oct 2013	A1
20130282502	Jooste	Oct 2013	A1
20130282575	Mullen et al.	Oct 2013	A1
20130282588	Hruska	Oct 2013	A1
20130297501	Monk et al.	Nov 2013	A1
20130297504	Nwokolo et al.	Nov 2013	A1
20130297508	Belamant	Nov 2013	A1
20130304649	Cronic et al.	Nov 2013	A1
20130308778	Fosmark et al.	Nov 2013	A1
20130311382	Fosmark et al.	Nov 2013	A1
20130317982	Mengerink et al.	Nov 2013	A1
20130332344	Weber	Dec 2013	A1
20130339253	Sincai	Dec 2013	A1
20130346314	Mogollon et al.	Dec 2013	A1
20140007213	Sanin et al.	Jan 2014	A1
20140013106	Redpath	Jan 2014	A1
20140013114	Redpath	Jan 2014	A1
20140013452	Aissi et al.	Jan 2014	A1
20140019352	Shrivastava	Jan 2014	A1
20140025581	Calman	Jan 2014	A1
20140025585	Calman	Jan 2014	A1
20140025958	Calman	Jan 2014	A1
20140032417	Mattsson	Jan 2014	A1
20140032418	Weber	Jan 2014	A1
20140040137	Carlson et al.	Feb 2014	A1
20140040139	Brudnicki et al.	Feb 2014	A1
20140040144	Plomske et al.	Feb 2014	A1
20140040145	Ozvat et al.	Feb 2014	A1
20140040628	Fort et al.	Feb 2014	A1
20140041018	Bomar et al.	Feb 2014	A1
20140046853	Spies et al.	Feb 2014	A1
20140047551	Nagasundaram et al.	Feb 2014	A1
20140052532	Tsai et al.	Feb 2014	A1
20140052620	Rogers et al.	Feb 2014	A1
20140052637	Jooste et al.	Feb 2014	A1
20140068706	Aissi	Mar 2014	A1
20140074637	Hammad	Mar 2014	A1
20140108172	Weber et al.	Apr 2014	A1
20140114857	Griggs et al.	Apr 2014	A1
20140143137	Carlson	May 2014	A1
20140164243	Aabye et al.	Jun 2014	A1
20140164254	Dimmick	Jun 2014	A1
20140188586	Carpenter et al.	Jul 2014	A1
20140249945	Gauthier et al.	Sep 2014	A1
20140282983	Ju et al.	Sep 2014	A1
20140294701	Dai et al.	Oct 2014	A1
20140297534	Patterson	Oct 2014	A1
20140310183	Weber	Oct 2014	A1
20140330721	Wang	Nov 2014	A1
20140330722	Laxminarayanan et al.	Nov 2014	A1
20140331265	Mozell et al.	Nov 2014	A1
20140337236	Wong et al.	Nov 2014	A1
20140344153	Raj et al.	Nov 2014	A1
20140372308	Sheets	Dec 2014	A1
20150012990	Copsey	Jan 2015	A1
20150019443	Sheets et al.	Jan 2015	A1
20150032625	Dill et al.	Jan 2015	A1
20150032626	Dill et al.	Jan 2015	A1
20150032627	Dill et al.	Jan 2015	A1
20150046338	Laxminarayanan et al.	Feb 2015	A1
20150046339	Wong et al.	Feb 2015	A1
20150052064	Karpenko et al.	Feb 2015	A1
20150088756	Makhotin et al.	Mar 2015	A1
20150106239	Gaddam et al.	Apr 2015	A1
20150112870	Nagasundaram et al.	Apr 2015	A1
20150112871	Kumnick	Apr 2015	A1
20150120472	Aabye et al.	Apr 2015	A1
20150127529	Makhotin et al.	May 2015	A1
20150127547	Powell et al.	May 2015	A1
20150140960	Powell et al.	May 2015	A1
20150142673	Nelsen et al.	May 2015	A1
20150161597	Subramanian et al.	Jun 2015	A1
20150178724	Ngo et al.	Jun 2015	A1
20150180836	Wong et al.	Jun 2015	A1
20150186864	Jones et al.	Jul 2015	A1
20150193222	Pirzadeh et al.	Jul 2015	A1
20150195133	Sheets et al.	Jul 2015	A1
20150199679	Palanisamy et al.	Jul 2015	A1
20150199689	Kumnick et al.	Jul 2015	A1
20150220917	Aabye et al.	Aug 2015	A1
20150269566	Gaddam et al.	Sep 2015	A1
20150278799	Palanisamy	Oct 2015	A1
20150287037	Salmon et al.	Oct 2015	A1
20150312038	Palanisamy	Oct 2015	A1
20150319158	Kumnick	Nov 2015	A1
20150332262	Lingappa	Nov 2015	A1
20150339663	Lopreiato et al.	Nov 2015	A1
20150356560	Shastry et al.	Dec 2015	A1
20150363781	Badenhorst	Dec 2015	A1
20160028550	Gaddam et al.	Jan 2016	A1
20160036790	Shastry et al.	Feb 2016	A1
20160042263	Gaddam et al.	Feb 2016	A1
20160065370	Le Saint et al.	Mar 2016	A1
20160092696	Guglani et al.	Mar 2016	A1
20160092872	Prakash et al.	Mar 2016	A1
20160092874	O'Regan et al.	Mar 2016	A1
20160103675	Aabye et al.	Apr 2016	A1
20160119296	Laxminarayanan et al.	Apr 2016	A1
20160132878	O'Regan et al.	May 2016	A1
20160140545	Flurscheim et al.	May 2016	A1
20160148197	Dimmick	May 2016	A1
20160148212	Dimmick	May 2016	A1
20160171479	Prakash et al.	Jun 2016	A1
20160173483	Wong et al.	Jun 2016	A1
20160197725	Hammad	Jul 2016	A1
20160217461	Gaddam et al.	Jul 2016	A1
20160224976	Basu et al.	Aug 2016	A1
20160269391	Gaddam et al.	Sep 2016	A1
20160301683	Laxminarayanan et al.	Oct 2016	A1
20160308995	Youdale et al.	Oct 2016	A1
20170046696	Powell et al.	Feb 2017	A1
20170103387	Weber	Apr 2017	A1
20170109745	Al-Bedaiwi et al.	Apr 2017	A1
20170186001	Reed et al.	Jun 2017	A1
20170201520	Chandoor et al.	Jul 2017	A1
20170220818	Nagasundaram et al.	Aug 2017	A1
20170228723	Taylor et al.	Aug 2017	A1
20170295155	Wong	Oct 2017	A1
20170364903	Lopez	Dec 2017	A1

Foreign Referenced Citations (16)

Number	Date	Country
1028401	Aug 2000	EP
2156397	Feb 2010	EP
2004042536	May 2004	WO
2004051585	Jun 2004	WO
2005001751	Jan 2005	WO
2006113834	Oct 2006	WO
2009032523	Mar 2009	WO
2010078522	Jul 2010	WO
2012068078	May 2012	WO
2012098556	Jul 2012	WO
2012142370	Oct 2012	WO
2012167941	Dec 2012	WO
2013048538	Apr 2013	WO
2013056104	Apr 2013	WO
2013119914	Aug 2013	WO
2013179271	Dec 2013	WO

Non-Patent Literature Citations (30)

Entry
“Petition for Inter Partes Review of U.S. Pat. No. 8,533,860 Challenging Claims 1-30 Under 35 U.S.C. § 312 and 37 C.F.R. § 42.104”, USPTO Patent Trial and Appeal Board, IPR 2016-00600, Feb. 17, 2016, 65 pages.
U.S. Appl. No. 14/600,523 , “U.S. Patent Application No.”, Secure Payment Processing Using Authorization Request, filed Jan. 20, 2015, 42 pages.
U.S. Appl. No. 15/008,388 , “U.S. Patent Application No.”, Methods for Secure Credential Provisioning, filed Jan. 27, 2016, 90 pages.
U.S. Appl. No. 15/011,366 , “U.S. Patent Application No.”, Token Check Offline, filed Jan. 29, 2016, 60 pages.
U.S. Appl. No. 15/019,157 , “U.S. Patent Application No.”, Token Processing Utilizing Multiple Authorizations, filed Feb. 9, 2016, 62 pages.
U.S. Appl. No. 15/041,495 , “U.S. Patent Application No.”, Peer Forward Authorization of Digital Requests, filed Feb. 11, 2016, 63 pages.
U.S. Appl. No. 15/265,282 , “U.S. Patent Application No.”, Self-Cleaning Token Valut, filed Sep. 14, 2016, 52 pages.
U.S. Appl. No. 15/462,658 , “U.S. Patent Application No.”, Replacing Token On a Multi-Token User Device, filed Mar. 17, 2017, 58 pages.
U.S. Appl. No. 15/585,077 , “U.S. Patent Application No.”, System and Method Using Interaction Token, filed May 2, 2017, 36 pages.
U.S. Appl. No. 15/977,921 , “U.S. Patent Application No.”, Integration of Verification Tokens With Mobile Communication Devices, filed May 11, 2018, 112 pages.
U.S. Appl. No. 16/020,796 , “U.S. Patent Application No.”, Embedding Cloud-Based Functionalities Ina Communication Device, filed Jun. 27, 2018, 153 pages.
U.S. Appl. No. 61/738,832 , “U.S. Provisional Application No.”, Management of Sensitive Data, filed Dec. 18, 2012, 22 pages.
U.S. Appl. No. 61/751,763 , “U.S. Provisional Application No.”, Payments Bridge, filed Jan. 11, 2013, 64 pages.
U.S. Appl. No. 61/879,632 , “U.S. Provisional Application No.”, Systems and Methods for Managing Mobile Cardholder Verification Methods, filed Sep. 18, 2013, 24 pages.
U.S. Appl. No. 61/892,407 , “U.S. Provisional Application No.”, Issuer Over-The-Air Update Method and System, filed Oct. 17, 2013, 28 pages.
U.S. Appl. No. 61/894,749 , “U.S. Provisional Application No.”, Methods and Systems for Authentication and Issuance of Tokens in a Secure Environment, filed Oct. 23, 2013, 67 pages.
U.S. Appl. No. 61/926,236 , “U.S. Provisional Application No.”, Methods and Systems for Provisioning Mobile Devices With Payment Credentials and Payment Token Identifiers, filed Jan. 10, 2014, 51 pages.
U.S. Appl. No. 62/000,288 , “U.S. Provisional Application No.”, Payment System Canonical Address Format, filed May 19, 2014, 58 pages.
U.S. Appl. No. 62/003,717 , “U.S. Provisional Application No.”, Mobile Merchant Application, filed May 28, 2014, 58 pages.
U.S. Appl. No. 62/024,426 , “U.S. Provisional Application No.”, Secure Transactions Using Mobile Devices, filed Jul. 14, 2014, 102 pages.
U.S. Appl. No. 62/037,033 , “U.S. Provisional Application No.”, Sharing Payment Token, filed Aug. 13, 2014, 36 pages.
U.S. Appl. No. 62/038,174 , “U.S. Provisional Application No.”, Customized Payment Gateway, filed Aug. 15, 2014, 42 pages.
U.S. Appl. No. 62/042,050 , “U.S. Provisional Application No.”, Payment Device Authentication and Authorization System, filed Aug. 26, 2014, 120 pages.
U.S. Appl. No. 62/053,736 , “U.S. Provisional Application No.”, Completing Transactions Without a User Payment Device, filed Sep. 22, 2014, 31 pages.
U.S. Appl. No. 62/054,346 , “U.S. Provisional Application No.”, Mirrored Token Vault, filed Sep. 23, 2014, 38 pages.
U.S. Appl. No. 62/103,522 , “U.S. Provisional Application No.”, Methods and Systems for Wallet Provider Provisioning, filed Jan. 14, 2015, 39 pages.
U.S. Appl. No. 62/108,403 , “U.S. Provisional Application No.”, Wearables With NFC HCE, filed Jan. 27, 2015, 32 pages.
U.S. Appl. No. 62/117,291 , “U.S. Provisional Application No.”, Token and Cryptogram Using Transaction Specific Information, filed Feb. 17, 2015, 25 pages.
U.S. Appl. No. 62/128,709 , “U.S. Provisional Application No.”, Tokenizing Transaction Amounts, filed Mar. 5, 2015, 30 pages.
Burgess , “What is Apple's iCioud Keychain and how do I use it”, Retreived from Internet: https://newatlas.com/apple-icloud-keychain-ios7/30301/, Jan. 14, 2014, pp. 1-6.

Related Publications (1)

	Number	Date	Country
	20200045027 A1	Feb 2020	US

Provisional Applications (1)

	Number	Date	Country
	62031490	Jul 2014	US

Continuations (1)

	Number	Date	Country
Parent	14813997	Jul 2015	US
Child	16596467		US

System and method for identity verification across mobile applications

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

CPC

International Classifications

Disclaimer

Term Extension

Abstract