Search

US-12625940-B2 - Multi factor authentication using different devices

US12625940B2US 12625940 B2US12625940 B2US 12625940B2US-12625940-B2

Abstract

Customizing an application on a mobile device includes storing at least a portion of customization data in a customization server that is independent of the mobile device, a user of the mobile device accessing the customization server independently of the mobile device, receiving authorization data from the customization server that enables the mobile device to securely receive customization data from the customization server, and the mobile device using the authorization data to cause the customization server to provide the customization data to the mobile device. The authorization data may be provided by postal message, email message, an SMS text message, and/or a visual code provided on a screen of a computer used to access the customization server. The user may use a computer to provide credential information to access the customization server. Customizing the application may allow the mobile device to access a user service on behalf of the user.

Inventors

  • François-Eric Michel Guyomarc'h
  • James William Holland
  • Milan Khan
  • Caleb Wattles

Assignees

  • ASSA ABLOY AB

Dates

Publication Date
20260512
Application Date
20230830

Claims (20)

  1. 1 . A method for customizing an application on a mobile device, the application being generic to at least one of a plurality of service providers or a plurality of users, the method comprising: storing customization data in a customization server that is independent of the mobile device, wherein the customization data, when used to modify the application, changes the application to a customized application that is specific to at least one of a given service provider of the plurality of service providers or a user of the mobile device; in response to the user of the mobile device initiating customization of the application by contacting the customization server through an access channel other than the application, providing authorization data to the user from the customization server, wherein the authorization data enables the mobile device to securely receive the customization data from the customization server; and receiving the authorization data from the mobile device and causing the customization server to provide the customization data to the mobile device, wherein the customization data enables the mobile device to change the application to the customized application.
  2. 2 . The method, according to claim 1 , wherein the authorization data is provided by at least one of: postal message, email message, an SMS text message, or a visual code provided on a screen of a computer used to contact the customization server.
  3. 3 . The method, according to claim 2 , wherein the user uses a computer separate from the mobile device to contact the customization server to initiate customization of the application.
  4. 4 . The method, according to claim 2 , wherein the authorization data is provided by the visual code on the screen of the computer and the mobile device receives the visual code using a camera of the mobile device.
  5. 5 . The method, according to claim 1 , wherein customizing the application enables the mobile device to access a user service on behalf of the user.
  6. 6 . The method, according to claim 1 , wherein the user of the mobile device initiating customization of the application by contacting the customization server through an access channel other than the application comprises the user of the mobile device contacting the customization server without using the mobile device.
  7. 7 . The method, according to claim 5 , wherein the user service is banking.
  8. 8 . The method, according to claim 1 , wherein certificate pinning is used to require that the mobile device only communicate with predetermined customization servers.
  9. 9 . A non-transitory computer-readable medium containing executable code for customizing an application on a mobile device, the application being generic to at least one of a plurality of service providers or a plurality of users, the executable code, when executed by at least one processor, causing the processor to: store customization data in a customization server that is independent of the mobile device, wherein the customization data, when used to modify the application, changes the application to a customized application that is specific to at least one of a given service provider of the plurality of service providers or a user of the mobile device; in response to the user of the mobile device initiating customization of the application by contacting the customization server through an access channel other than the application, providing authorization data to the user from the customization server, wherein the authorization data enables the mobile device to securely receive customization data from the customization server; and receive the authorization data from the mobile device and cause the customization server to provide the customization data to the mobile device, wherein the customization data enables the mobile device to change the application to the customized application.
  10. 10 . The non-transitory computer-readable medium, according to claim 9 , wherein the authorization data is provided by at least one of: postal message, email message, an SMS text message, or a visual code provided on a screen of a computer used to contact the customization server.
  11. 11 . The non-transitory computer-readable medium, according to claim 10 , wherein the access channel comprises a computer separate from the mobile device.
  12. 12 . The non-transitory computer-readable medium, according to claim 9 , wherein changing the application to the customized application enables the mobile device to access a user service on behalf of the user.
  13. 13 . The non-transitory computer-readable medium, according to claim 9 , wherein the user of the mobile device initiating customization of the application by contacting the customization server through an access channel other than the application comprises the user of the mobile device contacting the customization server without using the mobile device.
  14. 14 . The non-transitory computer-readable medium, according to claim 12 , wherein the customization data includes a secret key that enables the mobile device to access the user service.
  15. 15 . The non-transitory computer-readable medium, according to claim 12 , wherein the user service is banking.
  16. 16 . A method for customizing an application on a mobile device, the method comprising: downloading the application to the mobile device, the application being generic to at least one of a plurality of service providers or a plurality of users; initiating customization of the application by contacting a customization server through an access channel other than the application, the customization server being independent of the mobile device and storing customization data, wherein the customization data, when used to modify the application, changes the application to a customized application that is specific to at least one of a given service provider of the plurality of service providers or a user of the mobile device; in response to contacting the customization server, receiving authorization data from the customization server, wherein the authorization data enables the mobile device to securely receive the customization data from the customization server; and providing the authorization data from the mobile device to the customization server and, in response, receiving the customization data from the customization server, wherein the customization data enables the mobile device to change the application to the customized application.
  17. 17 . The method, according to claim 16 , wherein initiating customization of the application by contacting the customization server through an access channel other than the application comprises the user of the mobile device contacting the customization server without using the mobile device.
  18. 18 . The method, according to claim 16 , wherein receiving the authorization data from the customization server comprises receiving the authorization data by at least one of: postal message, email message, an SMS text message, or a visual code provided on a screen of a computer used to contact the customization server.
  19. 19 . The method, according to claim 16 , wherein the authorization data is received via a visual code on a screen of a computer used to contact the customization server and the method further comprises receiving the visual code using a camera of the mobile device.
  20. 20 . The method, according to claim 16 , wherein customizing the application enables the mobile device to access a user service on behalf of the user.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation of U.S. patent application Ser. No. 16/339,309, filed Apr. 3, 2019, which application is a U.S. national stage filing under 35 U.S.C. § 371 from International PCT Patent Application No. PCT/IB2017/001362 filed Oct. 4, 2017 titled “MULTIFACTOR AUTHENTICATION USING DIFFERENT DEVICES,” and published as WO2018/065820, which claims priority to U.S. Provisional Patent Application No. 62/404,130 filed on Oct. 4, 2016 titled “CUSTOMIZING MOBILE APPLICATIONS” and to U.S. Provisional Patent Application No. 62/411,107 filed on Oct. 21, 2016 titled “CUSTOMIZING MOBILE APPLICATIONS,” each of which are incorporated by reference herein. TECHNICAL FIELD This application relates to the field of customizing applications and more particularly to the field of customizing mobile applications to facilitate security, use and appearance. BACKGROUND OF THE INVENTION In many areas of today's mobile oriented, modern life, consumers interact with service providers through the use of mobile applications running on mobile devices (e.g. smart phones). These service providers include organizations such as banks and other financial institutions, retailers, healthcare providers and media content providers etc. These providers may deliver their services through a custom corporate mobile application that is branded with their corporate identity and personalized/customized for their users (device owners). In many cases, it is desirable to personalize a custom corporate mobile application running on a mobile device of a user. For example, a user may have a mobile banking application that displays account balances and transactions, transfers money, etc. For security reasons, the bank may not want to allow any mobile device to access any account or to enable all transactions for a given account via mobile applications. In some cases, a banking organization may have two or more versions of a custom corporate application. Premium bank customers, or business banking customers may have their own custom mobile application that provides features above and beyond their standard offering. Many service providers within the same industry have similar needs on their mobile applications, e.g. show bank account information; capture user registration details etc. One common identified need that service providers have is the need to be able to identify and verify their users and to let the users approve actions within the mobile applications, connected to the services offered by the service providers. Every service provider could implement a custom process for approving an action within their mobile application, e.g. “Are you sure you wish to complete the checkout?” A service provider can spend considerable efforts in the design and building of such workflows into their mobile applications. A mechanism for securely personalizing/customizing each instance of a mobile application, for each user, may require physical access to each mobile device. For example, each user of a mobile banking application may need to visit a branch of the bank to obtain customization. This may be a secure process, but in many cases, it may be impractical or, at the very least, relatively expensive for the bank to implement (because of extra banking personnel needed) and likely to be very inconvenient for the customers (waiting for someone to be available to help, having access only during certain hours, etc.). An alternative way to get personalized/customized information onto a users mobile devices is to point end users to an appropriate custom corporate mobile application for their needs, and allow the users to personalize/customize the mobile application remotely, over-the-air. This mechanism could remotely provide users with personalization/customization data, e.g. through wireless networks. However, providing personalization/customization data remotely can raise security issues (i.e. user B intercepts and loads remote personalization/customization information meant for user A) and can cause difficulties for users, such as when a user incorrectly loads personalization/customization information for one device on to another device. Thus custom corporate mobile applications may be difficult to write and may require significant expertise in the security field. Accordingly, it is desirable to provide a mechanism for allowing a user to personalize/customize a mobile application remotely in a way that is secure and does not involve participation by personnel at a corresponding organization and/or does not require development of corporate custom applications. SUMMARY OF THE INVENTION According to the system described herein, customizing an application on a mobile device includes storing at least a portion of customization data in a customization server that is independent of the mobile device, a user of the mobile device accessing the customization server independently of the mobile device, receiving authorization da