Secure remote payment transaction processing
First Claim
1. A method of processing a remote transaction initiated by a mobile device, the method comprising:
- receiving, by a server computer from a transaction processor in the form of a merchant application on the mobile device via a mobile communications network, a payment request including encrypted payment information including a payment credential associated with an issuer, and a transaction processor certificate, wherein the encrypted payment information including the payment credential was obtained from a mobile payment application on the mobile device after encrypting payment information using a third party key, wherein the transaction processor certificate was obtained from the transaction processor, and wherein the transaction processor is different than the mobile payment application;
decrypting, by the server computer, the encrypted payment information using the third party key;
determining, by the server computer, a transaction processor public key associated with the payment information;
re-encrypting, by the server computer, the payment information using the transaction processor public key;
sending, by the server computer, a payment response including the re-encrypted payment information to the transaction processor via the mobile communications network, wherein the transaction processor decrypts the re-encrypted payment information using a transaction processor private key and initiates a payment transaction using the decrypted payment information;
receiving, by a processing network computer from the transaction processor, an authorization request message comprising the decrypted payment information; and
transmitting, by the processing network computer, the authorization request message to an issuer computer associated with the issuer for authorization,wherein determining the transaction processor public key further comprises;
validating that the transaction processor certificate is authentic;
verifying that the transaction processor certificate is currently valid with a certificate authority; and
extracting the transaction processor public key from the transaction processor certificate, andwherein the transaction processor public key is a merchant application public key, and the transaction processor private key is a merchant application private key.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device comprising a server computer receiving a payment request including encrypted payment information. The encrypted payment information being generated by a mobile payment application of the mobile device and being encrypted using a third party key. The method further comprises decrypting the encrypted payment information using the third party key, determining a transaction processor public key associated with the payment information, and re-encrypting the payment information using the transaction processor public key. The method further comprises sending a payment response including the re-encrypted payment information to a transaction processor. The transaction processor decrypts the re-encrypted payment information using a transaction processor private key and initiates a payment transaction.
-
Citations
17 Claims
-
1. A method of processing a remote transaction initiated by a mobile device, the method comprising:
-
receiving, by a server computer from a transaction processor in the form of a merchant application on the mobile device via a mobile communications network, a payment request including encrypted payment information including a payment credential associated with an issuer, and a transaction processor certificate, wherein the encrypted payment information including the payment credential was obtained from a mobile payment application on the mobile device after encrypting payment information using a third party key, wherein the transaction processor certificate was obtained from the transaction processor, and wherein the transaction processor is different than the mobile payment application; decrypting, by the server computer, the encrypted payment information using the third party key; determining, by the server computer, a transaction processor public key associated with the payment information; re-encrypting, by the server computer, the payment information using the transaction processor public key; sending, by the server computer, a payment response including the re-encrypted payment information to the transaction processor via the mobile communications network, wherein the transaction processor decrypts the re-encrypted payment information using a transaction processor private key and initiates a payment transaction using the decrypted payment information; receiving, by a processing network computer from the transaction processor, an authorization request message comprising the decrypted payment information; and transmitting, by the processing network computer, the authorization request message to an issuer computer associated with the issuer for authorization, wherein determining the transaction processor public key further comprises; validating that the transaction processor certificate is authentic; verifying that the transaction processor certificate is currently valid with a certificate authority; and extracting the transaction processor public key from the transaction processor certificate, and wherein the transaction processor public key is a merchant application public key, and the transaction processor private key is a merchant application private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a processor; and a non-transitory computer-readable medium coupled to the processor, the computer-readable medium comprising code, executable by the processor, for performing a method of processing a remote transaction, the method comprising; receiving, from a transaction processor in the form of a merchant application on a mobile device via a mobile communications network, a payment request including encrypted payment information including a payment credential associated with an issuer, and a transaction processor certificate, wherein the encrypted payment information including the payment credential was obtained from a mobile payment application on the mobile device after encrypting payment information using a third party key, wherein the transaction processor certificate was obtained from the transaction processor, and wherein the transaction processor is different than the mobile payment application; decrypting the encrypted payment information using the third party key; determining a transaction processor public key associated with the payment information; re-encrypting the payment information using the transaction processor public key; sending a payment response including the re-encrypted payment information to the transaction processor via the mobile communications network, wherein the transaction processor decrypts the re-encrypted payment information using a transaction processor private key and initiates a payment transaction using the decrypted payment information; receiving, from the transaction processor, an authorization request message comprising the decrypted payment information; and transmitting the authorization request message to an issuer computer associated with the issuer for authorization, wherein determining the transaction processor public key further comprises; validating that the transaction processor certificate is authentic; verifying the transaction processor certificate is currently valid with a certificate authority; and extracting the transaction processor public key from the transaction processor certificate, and wherein the transaction processor public key is a merchant application public key, and the transaction processor private key is a merchant application private key. - View Dependent Claims (14, 15)
-
-
16. A system comprising:
-
a mobile device comprising a transaction processor and a mobile payment application; and a server computer comprising a processor, and a non-transitory computer-readable medium coupled to the processor, the computer-readable medium comprising code, executable by the processor, for performing a method of processing a remote transaction with the mobile device, the method comprising, receiving, from the transaction processor in the form of a merchant application on the mobile device via a mobile communications network, a payment request including encrypted payment information including a payment credential associated with an issuer, and a transaction processor certificate, wherein the encrypted payment information including the payment credential was obtained from the mobile payment application on the mobile device after encrypting payment information using a third party key, wherein the transaction processor certificate was obtained from the transaction processor, and wherein the transaction processor is different than the mobile payment application, decrypting the encrypted payment information using the third party key, determining a transaction processor public key associated with the payment information, re-encrypting the payment information using the transaction processor public key, sending a payment response including the re-encrypted payment information to the transaction processor via the mobile communications network, wherein the transaction processor decrypts the re-encrypted payment information using a transaction processor private key and initiates a payment transaction using the decrypted payment information, and receiving, from the transaction processor, the authorization request message comprising the decrypted payment information, and transmitting an authorization request message to an issuer computer associated with the issuer for authorization, wherein determining the transaction processor public key further comprises; validating that the transaction processor certificate is authentic, verifying that the transaction processor certificate is currently valid with a certificate authority, and extracting the transaction processor public key from the transaction processor certificate, and wherein the transaction processor public key is a merchant application public key, and the transaction processor private key is a merchant application private key, wherein the mobile device is in communication with the server computer. - View Dependent Claims (17)
-
Specification