Device provisioning using partial personalization scripts

US 10,235,670 B2
Filed: 07/25/2017
Issued: 03/19/2019
Est. Priority Date: 05/10/2013
Status: Active Grant

First Claim

Patent Images

1. A computing device comprising:

a processor; and

a non-transitory computer-readable medium comprising code executable by the processor for implementing operations including;

sending a request for provisioning the computing device to a service provider computer, the request including device information for the computing device and user authentication information for a user of the computing device, the user authentication information being used for authentication of the user;

receiving, a partial personalization script and an activation script generated by the service provider computer based on the device information, and a deletion script that is executed to delete personalization data from the computing device in response to the user being not successfully authenticated;

executing the partial personalization script to store personalization data onto the computing device in a secured form, wherein the execution of the partial personalization script and the authentication of the user are performed in parallel;

receiving a message indicating whether the user is successfully authenticated;

in response to the received message indicating that the user is successfully authenticated, executing the activation script to enable access to the personalization data; and

provisioning the personalization data onto the computing device prior to initiating a transaction using the personalization data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention relate to systems and methods for efficiently provisioning mobile devices with personalization data. For some embodiments, a method is disclosed comprising receiving a request for provisioning comprising device information for a mobile device and user authentication information for a user, generating a partial personalization script, an activation script, and a deletion script using the device information, sending the partial personalization script, the activation script, and the deletion script to an application provider computer, wherein the application provider computer initiates execution of the partial personalization script on the mobile device, authenticating the user authentication information, and sending an activation message to the application provider computer, wherein the application provider computer initiates execution of the activation script.

8 Citations

17 Claims

1. A computing device comprising:
- a processor; and
  
  a non-transitory computer-readable medium comprising code executable by the processor for implementing operations including;
  
  sending a request for provisioning the computing device to a service provider computer, the request including device information for the computing device and user authentication information for a user of the computing device, the user authentication information being used for authentication of the user;
  
  receiving, a partial personalization script and an activation script generated by the service provider computer based on the device information, and a deletion script that is executed to delete personalization data from the computing device in response to the user being not successfully authenticated;
  
  executing the partial personalization script to store personalization data onto the computing device in a secured form, wherein the execution of the partial personalization script and the authentication of the user are performed in parallel;
  
  receiving a message indicating whether the user is successfully authenticated;
  
  in response to the received message indicating that the user is successfully authenticated, executing the activation script to enable access to the personalization data; and
  
  provisioning the personalization data onto the computing device prior to initiating a transaction using the personalization data.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computing device of claim 1,wherein the device information includes a device cryptogram, andwherein the authentication of the user includes retrieval of a personalization master key, generation of a personalization session key using the device information and the personalization master key, and validation of the device cryptogram using the personalization session key.
  - 3. The computing device of claim 2,wherein at least one of the activation script or the deletion script is encrypted using the personalization session key.
  - 4. The computing device of claim 2,wherein the personalization session key is associated with a time out period.
  - 5. The computing device of claim 1,wherein the operations further includes sending a provisioning confirmation message after provisioning the personalization data onto the computing device.

6. A computer-implemented method comprising:
- receiving, by a processor of a service provider computer, a request for provisioning a computing device, the request including device information for the computing device and user authentication information for a user of the computing device;
  
  generating, by the processor, a partial personalization script and an activation script using the device information;
  
  generating, by the processor, a deletion script, wherein the deletion script is executed to delete the personalization data from the computing device in response to the user being unsuccessfully authenticated;
  
  sending, by the processor, the partial personalization script, the deletion script and the activation script for execution on the computing device, wherein execution of the partial personalization script stores personalization data onto the computing device in a secured form;
  
  authenticating, by the processor, the user using the user authentication information, wherein authenticating the user and execution of the partial personalization script are performed in parallel; and
  
  in response to successfully authenticating the user, sending, by the processor, an activation message that causes the activation script to be executed on the computing device, wherein execution of the activation script enables the computing device with access to the personalization data and provisions the personalization data onto the computing device prior to initiating a transaction using the personalization data.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The computer-implemented method of claim 6, wherein generating the partial personalization script includes:
    - retrieving, by the processor, a personalization master key;
      
      generating, by the processor, a personalization session key using the device information and the personalization master key;
      
      generating, by the processor, store data commands comprising the personalization data; and
      
      encrypting, by the processor, the store data commands using the personalization session key.
  - 8. The computer-implemented method of claim 7, further comprising:
    - determining, by the processor, that the personalization session key is expired;
      
      establishing, by the processor, a new session associated with a new personalization session key;
      
      generating, by the processor, a new activation script using the new personalization session key; and
      
      sending, by the processor, the new activation script.
  - 9. The computer-implemented method of claim 6, wherein the device information includes a device cryptogram.
  - 10. The computer-implemented method of claim 9, wherein authenticating the user includes:
    - retrieving, by the processor, a personalization master key;
      
      generating, by the processor, a personalization session key using the device information and the personalization master key; and
      
      validating, by the processor, the device cryptogram using the personalization session key.
  - 11. The computer-implemented method of claim 6, wherein the user authentication information includes an account identifier, and wherein the personalization data includes a token that represents the account identifier.

12. A service provider computer comprising:
- a processor; and
  
  a non-transitory computer-readable medium comprising code executable by the processor for implementing operations including;
  
  receiving a request for provisioning a computing device, the request including device information for the computing device and user authentication information for a user of the computing device;
  
  generating a partial personalization script and an activation script using the device information;
  
  generating a deletion script, wherein the deletion script is executed to delete personalization data from the computing device in response to the user being unsuccessfully authenticated;
  
  sending the partial personalization script, the deletion script and the activation script for execution on the computing device, wherein execution of the partial personalization script stores personalization data onto the computing device in a secured form;
  
  authenticating the user using the user authentication information, wherein authenticating the user and execution of the partial personalization script are performed in parallel; and
  
  in response to successfully authenticating the user, sending an activation message that causes the activation script to be executed on the computing device, wherein execution of the activation script enables the computing device with access to the personalization data and provisions the personalization data onto the computing device prior to initiating a transaction using the personalization data.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The service provider computer of claim 12, wherein generating the partial personalization script includes:
    - retrieving a personalization master key;
      
      generating a personalization session key using the device information and the personalization master key;
      
      generating store data commands comprising the personalization data; and
      
      encrypting the store data commands using the personalization session key.
  - 14. The service provider computer of claim 13, wherein the operations further include:
    - determining that the personalization session key is expired;
      
      establishing a new session associated with a new personalization session key;
      
      generating a new activation script using the new personalization session key; and
      
      sending the new activation script.
  - 15. The service provider computer of claim 12, wherein the device information includes a device cryptogram.
  - 16. The service provider computer of claim 15, wherein authenticating the user includes:
    - retrieving a personalization master key;
      
      generating a personalization session key using the device information and the personalization master key; and
      
      validating the device cryptogram using the personalization session key.
  - 17. The service provider computer of claim 12, wherein the user authentication information includes an account identifier, and wherein the personalization data includes a token that represents the account identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Wong, Erick, Makhotin, Oleg
Primary Examiner(s)
Zoubair, Noura

Application Number

US15/658,897
Publication Number

US 20170323290A1
Time in Patent Office

602 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/3227   using secure elements embed...

G06Q 20/3265   characterised by personalis...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/354   Card activation or deactiva...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/363   with the personal data of a...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3829   involving key management

Device provisioning using partial personalization scripts

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Device provisioning using partial personalization scripts

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links