Embedding cloud-based functionalities in a communication device

US 10,049,353 B2
Filed: 08/21/2017
Issued: 08/14/2018
Est. Priority Date: 08/22/2014
Status: Active Grant

First Claim

Patent Images

1. A portable communication device comprising:

a processor device;

a contactless transceiver coupled to the processor device;

a memory including multiple memory regions and storing a first application and an application agent, wherein the multiple memory regions comprising a first memory region and a second memory region,wherein the application agent receives, from the application executing in the first memory region, a cryptogram key generated by a remote computer, stores the cryptogram key in the second memory region, receives a request to conduct a transaction from the application, generates a transaction cryptogram using the cryptogram key, accesses the contactless transceiver, and transmits the transaction cryptogram to an access device via the contactless transceiver, andwherein the application agent sends a replenishment request for a second cryptogram key to the first application, the replenishment request including transaction log information derived from a transaction log stored in the second memory region, receives the second cryptogram key from the first application when the transaction log information in the replenishment request matches transaction log information at the remote computer, and stores the second cryptogram key in the second memory region.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for enhancing the security of a communication device may include providing an application agent and a transaction application that executes on a communication device. The application agent may receive, from the application, a cryptogram key generated by a remote computer, and store the cryptogram key on the communication device. When the application agent receives a request to conduct a transaction from the application, the application agent may generate a transaction cryptogram using the cryptogram key, and provides the transaction cryptogram to an access device.

Citations

20 Claims

1. A portable communication device comprising:
- a processor device;
  
  a contactless transceiver coupled to the processor device;
  
  a memory including multiple memory regions and storing a first application and an application agent, wherein the multiple memory regions comprising a first memory region and a second memory region,wherein the application agent receives, from the application executing in the first memory region, a cryptogram key generated by a remote computer, stores the cryptogram key in the second memory region, receives a request to conduct a transaction from the application, generates a transaction cryptogram using the cryptogram key, accesses the contactless transceiver, and transmits the transaction cryptogram to an access device via the contactless transceiver, andwherein the application agent sends a replenishment request for a second cryptogram key to the first application, the replenishment request including transaction log information derived from a transaction log stored in the second memory region, receives the second cryptogram key from the first application when the transaction log information in the replenishment request matches transaction log information at the remote computer, and stores the second cryptogram key in the second memory region.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The portable communication device of claim 1, wherein the application agent stores the transaction log on the portable communication device.
  - 3. The portable communication device of claim 1, wherein the multiple memory regions include a memory region implementing a trusted execution environment.
  - 4. The portable communication device of claim 3, wherein the trusted execution environment is implemented as a virtual machine or as a secure operating mode of the processor device.
  - 5. The portable communication device of claim 1, wherein the contactless transceiver of the portable communication device is not accessible by the first application except via the application agent.
  - 6. The portable communication device of claim 1, wherein the application agent does not communicate with the remote computer except via the first application.

7. A method for enhancing security of a portable communication device, the method comprising:
- receiving, from a remote computer by an application installed on a first memory region of the portable communication device, a cryptogram key;
  
  sending, by the application, the cryptogram key to an application agent installed on a second memory region of the portable communication device;
  
  receiving, by the application, a request to conduct a transaction;
  
  sending, by, the application, the request to conduct the transaction to the application agent, wherein the application agent generates a transaction cryptogram using the cryptogram key, and accesses a contactless interface of the portable communication device to transmit the transaction cryptogram to an access device to conduct the transaction;
  
  receiving, from the application agent, a replenishment request for a second cryptogram key, the replenishment request including transaction log information derived from a transaction log stored in second memory region;
  
  sending, by, the application, the replenish request to the remote computer;
  
  receiving, by the application, the second cryptogram key from the remote computer when the transaction log information in the replenishment request matches transaction log information at the remote computer;
  
  sending, by, the application, the second cryptogram key to the application agent for storage.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the application agent stores the transaction log on the portable communication device.
  - 9. The method of claim 7, wherein the application agent executes in a trusted execution environment.
  - 10. The method of claim 9, wherein the trusted execution environment is implemented in a virtual machine.
  - 11. The method of claim 9, wherein the trusted execution environment is implemented as a secure operating mode in a processor of the portable communication device.
  - 12. The method of claim 7, wherein the contactless interface of the portable communication device is not accessible by the application except via the application agent.
  - 13. The method of claim 7, wherein the application agent does not communicate with the remote computer except via the application.

14. A method for enhancing security of a portable communication device, the method comprising:
- receiving, by an application agent installed on a second memory region of the portable communication device, a cryptogram key from an application installed on a first memory region of the portable communication device, the cryptogram key provided to the application from a remote computer;
  
  storing, by the application agent, the cryptogram key;
  
  receiving, by the application agent, a request to conduct a transaction from the application;
  
  generating, by the application agent executing in the second memory region, a transaction cryptogram using the cryptogram key;
  
  accessing a contactless interface of the portable communication device to transmit the transaction cryptogram to an access device to conduct the transaction;
  
  sending a replenishment request for a second cryptogram key, the replenishment request including transaction log information derived from a transaction log stored in second memory region;
  
  receiving the second cryptogram key when the transaction log information in the replenishment request matches transaction log information at the remote computer; and
  
  storing the second cryptogram key in the second memory region.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, further comprising:
    - storing, by the application agent, the transaction log on the portable communication device.
  - 16. The method of claim 15, wherein the application agent executes in a trusted execution environment.
  - 17. The method of claim 16, wherein the trusted execution environment is implemented in a virtual machine.
  - 18. The method of claim 16, wherein the trusted execution environment is implemented as a secure operating mode in a processor of the portable communication device.
  - 19. The method of claim 14, wherein the contactless interface of the portable communication device is not accessible to the application except via the application agent.
  - 20. The method of claim 14, wherein the application agent does not communicate with the remote computer except via application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Lopez, Eduardo
Primary Examiner(s)
Chai, Longbit

Application Number

US15/682,348
Publication Number

US 20170364903A1
Time in Patent Office

358 Days
Field of Search

726 26
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/606   by securing the transmissio...

G06F 9/455   Emulation; Interpretation; ...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3227   using secure elements embed...

G06Q 20/326   Payment applications instal...

G06Q 20/327   Short range or proximity pa...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/382   insuring higher security of...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

H04L 63/068   using time-dependent keys, ...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 4/80   Services using short range ...

H04W 88/02   Terminal devices

Embedding cloud-based functionalities in a communication device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Embedding cloud-based functionalities in a communication device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links