Cloud-based transactions methods and systems

US 10,664,824 B2
Filed: 04/10/2018
Issued: 05/26/2020
Est. Priority Date: 12/19/2013
Status: Active Grant

First Claim

Patent Images

1. A method for enhancing security of a communication device when conducting a transaction using the communication device, the method comprising:

providing, by a remote computer, a first transaction cryptogram generation key to the communication device, wherein the first transaction cryptogram generation key is associated with a set of one or more limited-use thresholds that limits usage of the first transaction cryptogram generation key and the first transaction cryptogram generation key is usable for more than one transaction;

receiving, by the remote computer, transaction information for each transaction conducted by the communication device using the first transaction cryptogram generation key;

receiving, by the remote computer, a replenishment request for a second transaction cryptogram generation key, the replenishment request including transaction log information derived from transaction data stored in a transaction log on the communication device, the transaction data being unique for each transaction conducted by the communication device using the first transaction cryptogram generation key;

verifying, by the remote computer, that the transaction log information in the replenishment request is consistent with the previously received transaction information; and

providing, by the remote computer, the second transaction cryptogram generation key to the communication device in response to verifying the transaction log information in the replenishment request,wherein providing the second transaction cryptogram generation key to the communication device includes providing, to the communication device, a key index that includes information pertaining to generation of the second transaction cryptogram generation key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include receiving a cryptogram generation key replenishment request that includes transaction log information derived from transaction data stored in a transaction log on a communication device, verifying that the transaction log information in the replenishment request is consistent with the previously received transaction information, and providing a new cryptogram generation key to the communication device in response to verifying the transaction log information in the replenishment request.

898 Citations

18 Claims

1. A method for enhancing security of a communication device when conducting a transaction using the communication device, the method comprising:
- providing, by a remote computer, a first transaction cryptogram generation key to the communication device, wherein the first transaction cryptogram generation key is associated with a set of one or more limited-use thresholds that limits usage of the first transaction cryptogram generation key and the first transaction cryptogram generation key is usable for more than one transaction;
  
  receiving, by the remote computer, transaction information for each transaction conducted by the communication device using the first transaction cryptogram generation key;
  
  receiving, by the remote computer, a replenishment request for a second transaction cryptogram generation key, the replenishment request including transaction log information derived from transaction data stored in a transaction log on the communication device, the transaction data being unique for each transaction conducted by the communication device using the first transaction cryptogram generation key;
  
  verifying, by the remote computer, that the transaction log information in the replenishment request is consistent with the previously received transaction information; and
  
  providing, by the remote computer, the second transaction cryptogram generation key to the communication device in response to verifying the transaction log information in the replenishment request,wherein providing the second transaction cryptogram generation key to the communication device includes providing, to the communication device, a key index that includes information pertaining to generation of the second transaction cryptogram generation key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the key index includes at least one of:
    - time information indicating when the second transaction cryptogram generation key is generated; and
      
      a replenishment counter value indicating a number of times that the communication device has been replenished with a transaction cryptogram generation key.
  - 3. The method of claim 1, wherein the key index includes:
    - a pseudo-random number that is used as a seed to generate the second transaction cryptogram generation key;
      
      ora transaction counter value indicating a number of transactions that has been previously conducted by a mobile application of the communication device at the time the second transaction cryptogram generation key is generated.
  - 4. The method of claim 1, wherein the set of one or more limited-use thresholds includes at least one of:
    - a time-to-live indicating a time duration that the first transaction cryptogram generation key is valid for;
      
      a predetermined number of transactions that the first transaction cryptogram generation key is valid for; and
      
      a cumulative transaction amount indicating a total transaction amount that the first transaction cryptogram generation key is valid for.
  - 5. The method of claim 4, wherein the set of one or more limited-use thresholds includes an international usage threshold and a domestic usage threshold.
  - 6. The method of claim 1, wherein the transaction log stored on the communication device includes:
    - for each transaction conducted using the first transaction cryptogram generation key;
      
      a transaction timestamp indicating the time of the corresponding transaction; and
      
      an application transaction counter value associated with the corresponding transaction.
  - 7. The method of claim 1, wherein the transaction log information in the replenishment request includes an authentication code computed over at least the transaction log using the first transaction cryptogram generation key.
  - 8. The method of claim 1, wherein the replenishment request is received by the remote computer in response to:
    - the communication device determining that a next transaction conducted with the first transaction cryptogram generation key will exhaust the one or more limited-use thresholds of the first transaction cryptogram generation key;
      
      the communication device determining that the one or more limited-use thresholds associated with the first transaction cryptogram generation key has been exhausted;
      
      orthe communication device receiving a push message requesting the communication device to replenish the first transaction cryptogram generation key.
  - 9. The method of claim 1, wherein the second transaction cryptogram generation key has a usage limit that is different than a usage limit of the first transaction cryptogram generation key.

10. A server computer comprising:
- a hardware processor; and
  
  a memory coupled to the hardware processor and storing code implementing operations for enhancing security of a communication device when conducting transactions using the communication device, the operations including;
  
  providing a first transaction cryptogram generation key to the communication device, wherein the first transaction cryptogram generation key is associated with a set of one or more limited-use thresholds that limits usage of the first transaction cryptogram generation key and the first transaction cryptogram generation key is usable for more than one transaction;
  
  receiving transaction information for each transaction conducted by the communication device using the first transaction cryptogram generation key;
  
  receiving a replenishment request for a second transaction cryptogram generation key, the replenishment request including transaction log information derived from transaction data stored in a transaction log on the communication device, the transaction data being unique for each transaction conducted by the communication device using the first transaction cryptogram generation key;
  
  verifying that the transaction log information in the replenishment request is consistent with the previously received transaction information; and
  
  providing the second transaction cryptogram generation key to the communication device in response to verifying the transaction log information in the replenishment request,wherein providing the second transaction cryptogram generation key to the communication device includes providing, to the communication device, a key index that includes information pertaining to generation of the second transaction cryptogram generation key.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The server computer of claim 10, wherein the key index includes at least one of:
    - time information indicating when the second transaction cryptogram generation key is generated; and
      
      a replenishment counter value indicating a number of times that the communication device has been replenished with a transaction cryptogram generation key.
  - 12. The server computer of claim 10, wherein the key index includes:
    - a pseudo-random number that is used as a seed to generate the second transaction cryptogram generation key;
      
      ora transaction counter value indicating a number of transactions that has been previously conducted by a mobile application of the communication device at the time the second transaction cryptogram generation key is generated.
  - 13. The server computer of claim 10, wherein the set of one or more limited-use thresholds includes at least one of:
    - a time-to-live indicating a time duration that the first transaction cryptogram generation key is valid for;
      
      a predetermined number of transactions that the first transaction cryptogram generation key is valid for; and
      
      a cumulative transaction amount indicating a total transaction amount that the first transaction cryptogram generation key is valid for.
  - 14. The server computer of claim 13, wherein the set of one or more limited-use thresholds includes an international usage threshold and a domestic usage threshold.
  - 15. The server computer of claim 10, wherein the transaction log stored on the communication device includes:
    - for each transaction conducted using the first transaction cryptogram generation key;
      
      a transaction timestamp indicating the time of the corresponding transaction; and
      
      an application transaction counter value associated with the corresponding transaction.
  - 16. The server computer of claim 10, wherein the transaction log information in the replenishment request includes an authentication code computed over at least the transaction log using the first transaction cryptogram generation key.
  - 17. The server computer of claim 10, wherein the replenishment request is received by the server computer in response to:
    - the communication device determining that a next transaction conducted with the first transaction cryptogram generation key will exhaust the one or more limited-use thresholds of the first transaction cryptogram generation key;
      
      the communication device determining that the one or more limited-use thresholds associated with the first transaction cryptogram generation key has been exhausted;
      
      orthe communication device receiving a push message requesting the communication device to replenish the first transaction cryptogram generation key.
  - 18. The server computer of claim 10, wherein the second transaction cryptogram generation key has a usage limit that is different than a usage limit of the first transaction cryptogram generation key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Wong, Erick, Flurscheim, Christian, Makhotin, Oleg, Lopez, Eduardo, Sharma, Sanjeev, Jones, Christopher, Guglani, Abhishek, Sevanto, Jarkko Oskari, Patel, Bharatkumar, Burnnet Or, Tai Lung, Aabye, Christian, Ngo, Hao, Sheets, John F.
Primary Examiner(s)
King, John B
Assistant Examiner(s)
Cruz-Franqui, Richard W

Application Number

US15/949,790
Publication Number

US 20180232722A1
Time in Patent Office

777 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/322   Aspects of commerce using m...

G06Q 20/326   Payment applications instal...

G06Q 20/327   Short range or proximity pa...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/389   Keeping log of transactions...

G06Q 2220/00   Business processing using c...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0428   wherein the data content is...

H04L 9/0869   involving random numbers or...

Cloud-based transactions methods and systems

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

898 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Cloud-based transactions methods and systems

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

898 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others