US 12,105,789 B2
Enhanced consumer device validation
Sanjeev Sharma, Sunnyvale, CA (US); Manjush Menon, San Ramon, CA (US); and Dmitri Bannikov, Mountain View, CA (US)
Assigned to Visa International Service Association, San Francisco, CA (US)
Filed by VISA INTERNATIONAL SERVICE ASSOCIATION, San Francisco, CA (US)
Filed on Mar. 23, 2020, as Appl. No. 16/826,872.
Claims priority of provisional application 62/824,796, filed on Mar. 27, 2019.
Prior Publication US 2020/0311246 A1, Oct. 1, 2020
Int. Cl. G06F 21/44 (2013.01); G06Q 20/36 (2012.01); G06Q 20/40 (2012.01)
CPC G06F 21/44 (2013.01) [G06Q 20/363 (2013.01); G06Q 20/4012 (2013.01); G06Q 2220/00 (2013.01)] 10 Claims
OG exemplary drawing
 
1. A method of binding a computing device to an identity, the method comprising:
receiving, by a wallet server, a device identifier and a keypair from the computing device, wherein the keypair comprises a public key and secret key that is generated by the computing device;
sending, by the wallet server, an enrollment request to a token service provider, wherein the enrollment request comprises the device identifier and the keypair;
sending, by the wallet server, a token request to the token service provider, wherein the token request comprises a personal account number (PAN) associated with a user of the computing device;
receiving, by the wallet server, a token ID in response to the token request, from the token service provider, wherein the token service provider maintains an association between a generated token and the PAN;
receiving, by the wallet server, an identity binding request from the computing device;
sending, by the wallet server, the identity binding request to an issuer server;
receiving, by the wallet server, a channel request associated with a communication channel for use by the issuer server to send a challenge request directly to the computer device;
forwarding, by the wallet server, the channel request to the computing device;
receiving, by the wallet server, a channel response from the computing device, wherein the channel response is responsive to the channel request being provided by the issuer server to the computing device, and wherein an authentication of the channel response is based on the channel request and the keypair;
forwarding, by the wallet server, the channel response to the issuer server via the token service provider, wherein the channel response is validated allowing the issuer server to respond directly to the computing device; and
receiving, by the wallet server, a encrypted and signed payload from the computing device, wherein a signature of the encrypted and signed payload is verified with the public key, to bind the device identifier to the token ID, at the token service provider, and wherein the encrypted and signed payload comprises a one-time passcode (OTP) and a portion of the public key that is encrypted with the public key and signed with the secret key.