US 12,261,957 B2
Systems and methods for enhanced mobile device authentication
Cedric Ken Wimberley, San Rafael, CA (US); Andrew Sloper, Surry (GB); Ta-Wei Chen, Princeton Junction, NJ (US); and Gautam Chhawchharia, Mendham, NJ (US)
Assigned to JPMORGAN CHASE BANK, N.A., New York, NY (US)
Filed by JPMORGAN CHASE BANK, N.A., New York, NY (US)
Filed on Oct. 30, 2023, as Appl. No. 18/497,549.
Application 18/497,549 is a continuation of application No. 16/994,205, filed on Aug. 14, 2020, granted, now 11,838,421.
Application 16/994,205 is a continuation of application No. 15/393,836, filed on Dec. 29, 2016, granted, now 10,778,435.
Claims priority of provisional application 62/321,060, filed on Apr. 11, 2016.
Claims priority of provisional application 62/273,003, filed on Dec. 30, 2015.
Prior Publication US 2024/0080201 A1, Mar. 7, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/32 (2006.01); H04L 9/06 (2006.01); H04L 9/08 (2006.01); H04L 9/14 (2006.01); H04L 9/30 (2006.01)
CPC H04L 9/3228 (2013.01) [H04L 9/0643 (2013.01); H04L 9/0863 (2013.01); H04L 9/14 (2013.01); H04L 9/30 (2013.01); H04L 9/3231 (2013.01); H04L 9/0825 (2013.01); H04L 2209/56 (2013.01)] 14 Claims
OG exemplary drawing
 
1. A method for electronic device authentication, comprising:
receiving, at an authentication server and from a computer application executed by an electronic device, a public key, wherein the public key corresponds to a private key as a cryptographic keyset, wherein the cryptographic keyset is generated by the computer application, wherein the cryptographic keyset is generated from input that comprises a unique combination of the computer application, the electronic device, and a user of the electronic device, and wherein the public key is stored by the authentication server for decryption and verification of data encrypted by the computer application using the private key from the cryptographic keyset;
generating, by the authentication server comprising at least one computer processor, a one-time passcode;
communicating, by the authentication server over an out-of-band communication channel, the one-time passcode to the computer application, wherein the out-of-band communication channel is an SMS channel;
receiving, by the authentication server, from the computer application and over an in-band communication channel the one-time passcode encrypted with the private key;
receiving, by the authentication server, from the computer application over the in-band communication channel, an application specific verification key;
receiving, by the authentication server from the computer application over the in-band communication channel, device fingerprint data for the electronic device;
decrypting, by the authentication server, the application specific verification key to verify a source of the computer application;
decrypting, by the authentication server, the encrypted one-time passcode using the public key;
validating, by the authentication server, the one-time passcode;
generating, by the authentication server, a device identifier for the electronic device;
binding, by the authentication server, the device identifier and the electronic device to each other, including storing an indication that the application specific verification key was valid; and
communicating, by the authentication server and over the in-band communication channel, the device identifier for the electronic device to the computer application, wherein the computer application stores the device identifier.