Patent Application Titled “Passcode Authentication Using A Wallet Card” Published Online (USPTO 20240121236): Patent Application

2024 MAY 01 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Washington, D.C., by NewsRx journalists, a patent application by the inventor Buchler, David (Boca Raton, FL, US), filed on October 7, 2022, was made available online on April 11, 2024.

No assignee for this patent application has been made.

Reporters obtained the following quote from the background information supplied by the inventors: “A mobile wallet is a virtual wallet that can be used with a mobile computing device such as a smartphone. Depending on the mobile computing device manufacturer, the mobile wallet can be installable or pre-installed on the device and may utilize a dedicated chip (secure element) on the device to store encrypted tokens for secure transactions. The mobile wallet may connect to a user’s bank account via the mobile computing device as a convenient way for a user to pay for goods and services with merchants listed with the mobile wallet service provider. Mobile wallets can typically store payment card information associated with a credit card, debit card, coupon, and/or reward card information. Certain mobile wallets can also be used to store a driver’s license, a Social Security card, health insurance cards, loyalty cards, hotel key cards, bus or train tickets, concert tickets, etc.

“Certain smartphone manufactures use proprietary mobile wallets. Apple Pay, for example, can currently be used only on iOS devices, while Google Pay, PayPal, or Venmo can be downloaded and used with certain iOS and/or Android operating systems.

“The term “digital wallet” is often used interchangeably with the term “mobile wallet” in that both digital wallets and mobile wallets can store payment information. However, digital wallets are mostly used for online transactions and do not necessarily require a mobile computing device for operation. Mobile wallets, on the other hand, are typically used in place of a physical wallet or credit card when making in-store purchases and therefore, are usually implemented on easy-to-carry smartphone devices.

“As illustrated in FIG. 1, a typical payment authentication process 100 using a mobile wallet installed on a user’s smartphone may include (1) adding or linking a credit card (or other payment information) to the mobile wallet on the user’s smartphone. The mobile wallet may be linked to the user’s personal identification, which can include a code (such as a smartphone lock screen passcode) and/or biometric information such as facial recognition or a fingerprint. To authorize a payment to a vendor using the mobile wallet, a primary account number (PAN) may be (2) submitted to pay servers, which may then request (3) a token from a card network. The card network may request (4) validation of the PAN at the issuing bank. If the PAN information submitted by the mobile wallet matches the account at the bank issuer, a validation may be sent back (5) to the card network, which may generate an associated token (6) that can be returned (7) to the user’s mobile wallet, for example, via the pay servers. The token returned to the mobile wallet on the smartphone may then be utilized to complete a transaction with a vendor.

“The use of the mobile wallet may provide some additional security for purchases, and while a user’s credit card can easily be stolen or duplicated, information stored in a stolen smartphone may be hard to access if the smartphone requires a passcode, fingerprint, etc. Therefore, fraudulent activities can be harder to initiate with mobile wallets. However, mobile computing devices are not immune to viruses, attacks, or other exploits that can take advantage of security vulnerabilities.

“While smartphone manufacturers and software engineers continue to plug known security holes, malicious code can bypass permissions or policies and allow an attacker to control the device. Mobile viruses, for example, are typically spread by downloading infected programs or files. Some viruses only become active if the recipient chooses to accept the virus file and run it on the mobile device. Other viruses, when combined with exploits, can be self-propagating worms that may not need user intervention to spread, potentially creating a severe security problem.

“In addition to being able to propagate viruses, exploits may be able to directly perform malicious actions on vulnerable devices. Such exploits may be used by attackers to steal information, charge money to the target device’s phone bill, or prevent a device from functioning properly. Although vulnerabilities that take advantage of exploits may be fixed if the software vendor responsible for the vulnerability provides a patch or firmware upgrade, such fixes are often costly and time-consuming to release and difficult for users or IT organizations to apply.

“A need exists for a secure way of authenticating a user for accessing their online accounts, and certain features associated with a mobile wallet could potentially provide a secure way for such authentication. However, there are several security-related challenges that still need to be overcome for the wide adoption of general multifactor or one-time-passcode authentication using a mobile wallet.”

In addition to obtaining background information on this patent application, NewsRx editors also obtained the inventor’s summary information for this patent application: “The disclosed technology provides systems and methods that may enable the secure utilization of a mobile wallet for one-time-passcode authentication by conducting mobile computing device pre-screening security checks and/or device health checks before the authentication process using the mobile wallet. Certain exemplary implementations of the disclosed technology may further provide an enhanced level of convenience and security associated with user authentication by the use of a mobile wallet.

“Certain exemplary implementations of the disclosed technology may provide a method to pre-screen and authenticate a mobile computing device for passcode authentication using a virtual wallet. The method can include receiving, at a security server, and from an enterprise server, a request to pre-screen a user device for passcode authentication using a virtual wallet on the user device. Responsive to receiving the request, the method can include generating, at the security server, a pre-screening communication channel link for establishing communication with the user device and sending the pre-screening communication channel link to the enterprise server for transmission to the user device. Responsive to activation of the pre-screening communication channel link by the user device, the method can include probing, by a device screener of the security server, the user device to detect one or more security issue conditions, which can include probing for a SIM swap on the user device within a selectable period, and/or probing for a porting of the user device to a new carrier within a selectable period. Responsive to a determination that no security issue conditions are detected at the user device, the method can include sending to the enterprise server an indication of a clear pre-screening result, and receiving, at the security server, and from the enterprise server, a wallet card request to push a wallet card to the user device. Responsive to receiving a wallet card request to push a wallet card to the user device, the method can include generating, by a wallet card generator of the security server, a wallet card, and pushing the generated wallet card to the user device. The method can include receiving, at the security server, and from the enterprise server, a request to push a passcode to the user device wallet. Responsive to the request to push the passcode to the user device wallet, the method can include generating, by a code generator of the security server, a code; and pushing the generated code to the user device. Responsive to confirming, at the security server, that a passcode received from the user device wallet matches the generated code pushed to the user device, the method can include transmitting a match indication to the enterprise server to initiate authentication of the user device for accessing the enterprise server.

“Another computer-implemented method is provided for passcode authentication using a virtual wallet. The method can include receiving, at an enterprise server and from a pre-screened user device, a request to access an account on the enterprise server, and sending, to a security server from an enterprise server, a wallet card request to push a wallet card to the pre-screened user device. Responsive to the wallet card request, the method can include determining by the security server, a valid screening condition of the pre-screened user device. Responsive a determination of the valid screening condition, the method can include generating, by a wallet card generator of the security server, a wallet card, and pushing the generated wallet card to the pre-screened user device. The method can include receiving, at the security server, and from the pre-screened user device, a confirmation that the generated wallet card was written to the pre-screened user device. Responsive to a request to push the passcode to the pre-screened user device wallet, the method can include generating, by a code generator of the security server, a code; and pushing the generated code to the pre-screened user device wallet. Responsive to confirming, at the security server, that a passcode received from the pre-screened user device wallet matches the generated code pushed to the pre-screened user device, the method can include transmitting a match indication to the enterprise server to initiate authentication of the pre-screened user device for accessing the enterprise server.

“Other implementations, features, and aspects of the disclosed technology are described in detail herein and are considered a part of the claimed disclosed technology. Other implementations, features, and aspects can be understood with reference to the following detailed description, accompanying drawings, and claims.”

The claims supplied by the inventors are:

“1. A computer-implemented method for pre-screening and authenticating a mobile computing device for passcode authentication using a virtual wallet, the method comprising: receiving, at a security server, and from an enterprise server, a request to pre-screen a user device for passcode authentication using a virtual wallet on the user device; responsive to receiving the request, generating, at the security server, a pre-screening communication channel link for establishing communication with the user device; sending the pre-screening communication channel link to the enterprise server for transmission to the user device; responsive to activation of the pre-screening communication channel link by the user device, probing, by a device screener of the security server, the user device to detect one or more security issue conditions, comprising: a SIM swap on the user device within a selectable period; and a porting of the user device to a new carrier within a selectable period; responsive to a determination that no security issue conditions are detected at the user device: sending, to the enterprise server an indication of a clear pre-screening result; receiving, at the security server, and from the enterprise server, a wallet card request to push a wallet card to the user device; responsive to receiving a wallet card request to push a wallet card to the user device: generating, by a wallet card generator of the security server, a wallet card; and pushing the generated wallet card to the user device; receiving, at the security server, and from the enterprise server, a request to push a passcode to the user device wallet; responsive to the request to push the passcode to the user device wallet: generating, by a code generator of the security server, a code; and pushing the generated code to the user device; responsive to confirming, at the security server, that a passcode received from the user device wallet matches the generated code pushed to the user device, transmitting a match indication to the enterprise server to initiate authentication of the user device for accessing the enterprise server.

“2. The method of claim 1, further comprising: responsive to a determination that one or more security issue conditions are detected at the user device: sending, to the enterprise server, an indication of a failed pre-screening result; and preventing a code from being pushed to the user device.

“3. The method of claim 1, wherein the code is a one-time-passcode (OTP).

“4. The method of claim 1, wherein the code is valid for a selectable period.

“5. The method of claim 1, wherein the one or more security issue conditions further comprise an indication that the user device is jailbroken.

“6. The method of claim 1, wherein the one or more security issue conditions further comprise an indication that the user device is located in a geographic region that differs by more than a selectable distance from a determined residence region associated with the user device.

“7. The method of claim 1, further receiving at the security server, a confirmation that the wallet card was written to the user device.

“8. The method of claim 1, wherein the request to pre-screen a user device for passcode authentication using a virtual wallet on the user device is responsive to a request by the user device to access an account on the enterprise server.

“9. The method of claim 1, further comprising performing, by the security server, a process to enroll the enterprise server for passcode authentication using a virtual wallet.

“10. A computer-implemented method for passcode authentication using a virtual wallet, the method comprising: receiving, at an enterprise server and from a pre-screened user device, a request to access an account on the enterprise server; sending, to a security server from an enterprise server, a wallet card request to push a wallet card to the pre-screened user device; responsive to the wallet card request, determining by the security server, a valid screening condition of the pre-screened user device; responsive a determination of the valid screening condition: generating, by a wallet card generator of the security server, a wallet card; and pushing the generated wallet card to the pre-screened user device; receiving, at the security server, and from the pre-screened user device, a confirmation that the generated wallet card was written to the pre-screened user device; responsive to a request to push a passcode to the pre-screened user device wallet: generating, by a code generator of the security server, a code; and pushing the generated code to the pre-screened user device wallet; responsive to confirming, at the security server, that a passcode received from the pre-screened user device wallet matches the generated code pushed to the pre-screened user device, transmitting a match indication to the enterprise server to initiate authentication of the pre-screened user device for accessing the enterprise server.

“11. The method of claim 10, further comprising receiving, at the security server, and from the enterprise server, a request to pre-screen a user device for passcode authentication using a virtual wallet on the user device; responsive to receiving the request, generating, at the security server, a pre-screening communication channel link for establishing communication with the user device; sending the pre-screening communication channel link to the enterprise server for transmission to the user device; responsive to activation of the pre-screening communication channel link by the user device, probing, by a device screener of the security server, the user device to detect one or more security issue conditions, comprising: a SIM swap on the user device within a selectable period; and a porting of the user device to a new carrier within a selectable period; responsive to a determination that no security issue conditions are detected at the user device, sending, to the enterprise server, an indication of a clear pre-screening result.

“12. The method of claim 11, further comprising: responsive to a determination that one or more security issue conditions are detected at the user device: sending, to the enterprise server, an indication of a failed pre-screening result; and preventing a code from being pushed to the user device.

“13. The method of claim 11, wherein the one or more security issue conditions further comprise an indication that the user device is jailbroken.

“14. The method of claim 11, wherein the one or more security issue conditions further comprise an indication that the user device is located in a geographic region that differs by more than a selectable distance from a determined residence region associated with the user device.

“15. The method of claim 11, wherein the request to pre-screen a user device for passcode authentication using a virtual wallet on the user device is responsive to a request by the user device to access an account on the enterprise server.

“16. The method of claim 11, further comprising performing, by the security server, a process to enroll the enterprise server for passcode authentication using a virtual wallet.

“17. The method of claim 10, further comprising sending, to the enterprise server, and from the security server a confirmation that a generated wallet card was written to the pre-screened user device.

“18. The method of claim 10, further comprising receiving, at the security server, and from the enterprise server, a request to push a passcode to the pre-screened user device wallet.

“19. The method of claim 10, wherein the code is a one-time-passcode (OTP).

“20. The method of claim 10, wherein the code is valid for a selectable period.”

For more information, see this patent application: Buchler, David. Passcode Authentication Using A Wallet Card. U.S. Patent Application Number 20240121236, filed October 7, 2022 and posted April 11, 2024. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(20240121236)&db=US-PGPUB&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)