APPARATUS AND METHOD FOR USING A DEVICE CONFORMING TO A PAYMENT STANDARD FOR ACCESS CONTROL AND/OR SECURE DATA STORAGE

US 20090103730A1
Filed: 10/19/2007
Published: 04/23/2009
Est. Priority Date: 10/19/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method of using a device conforming to a payment standard to control access to at least a first facility, said method comprising the steps of:

facilitating secure establishment of a key associated with a first facility identifier, shared between said device and an operator of said first facility, via a public key management infrastructure of a payment system operating according to said payment standard, during a first transaction, substantially in accordance with said payment standard, between said device and said first facility; and

facilitating controlling access to said first facility, via said device, using said key associated with said first facility identifier, substantially without reference to an issuer of said device and substantially without use of asymmetric keys of said device, during a plurality of subsequent transactions, substantially in accordance with said payment standard, between said device and said first facility.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure establishment of a key associated with a first facility identifier is facilitated. The key is shared between a device and an operator of a first facility, via a public key management infrastructure of a payment system operating according to the payment standard, during a first transaction, substantially in accordance with the payment standard, between the device and the first facility. Controlling access to a first facility is facilitated, via the device, using the key associated with the first facility identifier, substantially without reference to an issuer of the device and substantially without use of asymmetric keys of the device, during a plurality of subsequent transactions, substantially in accordance with the payment standard, between the device and the first facility. The steps can be repeated for a number of different facilities, such as different transit systems, with appropriate rules to address a situation where the device has a limited storage capacity for keys of different transit operators.

116 Citations

View as Search Results

25 Claims

1. A method of using a device conforming to a payment standard to control access to at least a first facility, said method comprising the steps of:
- facilitating secure establishment of a key associated with a first facility identifier, shared between said device and an operator of said first facility, via a public key management infrastructure of a payment system operating according to said payment standard, during a first transaction, substantially in accordance with said payment standard, between said device and said first facility; and
  
  facilitating controlling access to said first facility, via said device, using said key associated with said first facility identifier, substantially without reference to an issuer of said device and substantially without use of asymmetric keys of said device, during a plurality of subsequent transactions, substantially in accordance with said payment standard, between said device and said first facility.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein said step of facilitating secure establishment of said key associated with said first facility identifier comprises the sub-steps of:
    - facilitating presentation of said device to a first terminal associated with said first facility, within said first transaction;
      
      facilitating said device obtaining from said first terminal a first facility identifier;
      
      facilitating determining whether said device has said key associated with said first facility identifier already stored thereon; and
      
      responsive to said determining step indicating that said device does not have said key associated with said first facility identifier already stored thereon;
      
      facilitating establishing a first symmetric key with a public key of said device; and
      
      establishing said key associated with said first facility identifier with said device using said public key of said device.
  - 3. The method of claim 2, wherein said step of facilitating controlling access to said first facility, via said device, comprises the sub-steps of:
    - facilitating presentation of said device to a second terminal associated with said first facility, within a given one of said plurality of subsequent transactions;
      
      facilitating said device obtaining from said second terminal said first facility identifier;
      
      facilitating determining whether said device has said key associated with said first facility identifier already stored thereon; and
      
      responsive to said determining step indicating that said device does have said key associated with said first facility identifier already stored thereon, facilitating said second terminal obtaining from said device a message authentication cryptogram for a payment-type transaction employing said key associated with said first facility identifier.
  - 4. The method of claim 3, wherein said step of facilitating controlling access to said facility further comprises the additional sub-step of facilitating usage of said message authentication cryptogram employing said key associated with said first facility identifier for verification purposes, substantially without use of conventional asymmetric cryptography techniques.
  - 5. The method of claim 4, further comprising the additional step of facilitating provision of a device identifier from said device to said second terminal.
  - 6. The method of claim 3, further comprising the additional steps of:
    - facilitating presentation of said device to a third terminal associated with a second facility, within another subsequent transaction substantially in accordance with said payment standard;
      
      facilitating said device obtaining from said third terminal a second facility identifier;
      
      facilitating determining whether said device has a key associated with said second facility identifier already stored thereon; and
      
      responsive to said determining step indicating that said device does not have said key associated with said second facility identifier already stored thereon;
      
      facilitating establishing a second symmetric key with said public key of said device; and
      
      facilitating establishing said key associated with said second facility identifier with said device using said public key of said device.
  - 7. The method of claim 6, further comprising the additional steps of:
    - facilitating presentation of said device to a fourth terminal associated with said second facility, within another subsequent transaction substantially in accordance with said payment standard, subsequent to said presentation to said third terminal;
      
      facilitating said device obtaining from said fourth terminal said second facility identifier;
      
      facilitating determining whether said device has said key associated with said second facility identifier already stored thereon; and
      
      responsive to said determining step indicating that said device does have said key associated with said second facility identifier already stored thereon, facilitating said fourth terminal obtaining from said device a message authentication cryptogram employing said key associated with said second facility identifier.
  - 8. The method of claim 7, further comprising the additional step of facilitating provision of said device identifier from said device to said fourth terminal.
  - 9. The method of claim 6, further comprising the additional step of repeating, for at least a third facility, said steps of facilitating presentation, obtaining said identifier, determining, and said establishing steps, until a key storage capacity of said device is exceeded.
  - 10. The method of claim 9, further comprising the additional step of applying at least one rule to determine which given one of a plurality of previously-stored keys is to be deleted to address said key storage capacity of said device being exceeded.
  - 11. The method of claim 10, further comprising the additional step of subsequently repeating, for a given one of said facilities associated with said given one of said plurality of previously-stored keys that was deleted, said steps of facilitating presentation, obtaining said identifier, determining, and said establishing steps, so as to obtain a replacement for said given one of said plurality of previously-stored keys that was deleted.
  - 12. The method of claim 3, further comprising the additional steps of:
    - facilitating establishing an identifier for said key associated with said first facility identifier;
      
      facilitating providing said identifier for said key associated with said first facility identifier from said device to a given terminal of said first facility;
      
      facilitating detecting whether said identifier for said key associated with said first facility identifier indicates that said key associated with said first facility identifier is current; and
      
      responsive to determining that said key associated with said first facility identifier is not current, facilitating replacement of said key associated with said first facility identifier.
  - 13. The method of claim 1, further comprising the additional steps of:
    - facilitating secure establishment of a key associated with a second facility identifier, shared between said device and an operator of a second facility, via said public key management infrastructure of said payment system operating according to said payment standard, during a first transaction between said device and said second facility; and
      
      facilitating controlling access to said second facility, via said device, using said key associated with said second facility identifier, substantially without reference to said issuer of said device and substantially without use of said asymmetric keys of said device, during a plurality of subsequent transactions between said device and said second facility.
  - 14. The method of claim 1, further comprising the additional step of performing a distance-bounding check to detect man in the middle fraud, said distance bounding check being performed using said key associated with said first facility identifier.
  - 15. The method of claim 1, further comprising the additional step of securing data storage, for at least one of confidentiality and integrity, via said key associated with said first facility identifier.

16. A device, conforming to a payment standard, for controlling access to at least a first facility, said device comprising:
- means for facilitating secure establishment of a key associated with a first facility identifier, shared between said device and an operator of said first facility, via a public key management infrastructure of a payment system operating according to said payment standard, during a first transaction, substantially in accordance with said payment standard, between said device and said first facility; and
  
  means for facilitating controlling access to said first facility, via said device, using said key associated with said first facility identifier, substantially without reference to an issuer of said device and substantially without use of asymmetric keys of said device, during a plurality of subsequent transactions, substantially in accordance with said payment standard, between said device and said first facility.
- View Dependent Claims (17)
- - 17. The device of claim 16, further comprising:
    - means for facilitating secure establishment of a key associated with a second facility identifier, shared between said device and an operator of a second facility, via said public key management infrastructure of said payment system operating according to said payment standard, during a first transaction between said device and said second facility; and
      
      means for facilitating controlling access to said second facility, via said device, using said key associated with said second facility identifier, substantially without reference to said issuer of said device and substantially without use of said asymmetric keys of said device, during a plurality of subsequent transactions between said device and said second facility.

18. A terminal suite, conforming to a payment standard, for controlling access to a first facility via a device, said terminal suite comprising:
- means for facilitating secure establishment of a key associated with a first facility identifier, shared between the device and an operator of said first facility, via a public key management infrastructure of a payment system operating according to said payment standard, during a first transaction, substantially in accordance with said payment standard, between the device and a given terminal of said terminal suite; and
  
  means for facilitating controlling access to said first facility, via the device, using said key associated with said first facility identifier, substantially without reference to an issuer of said device and substantially without use of asymmetric keys of said device, during a plurality of subsequent transactions, substantially in accordance with said payment standard, between the device and given terminals of said terminal suite of said first facility.

19. A device, conforming to a payment standard, for controlling access to at least a first facility, said device comprising:
- a memory; and
  
  at least one processor, coupled to the memory, operative to;
  
  facilitate secure establishment of a key associated with a first facility identifier, shared between said device and an operator of said first facility, via a public key management infrastructure of a payment system operating according to said payment standard, during a first transaction, substantially in accordance with said payment standard, between said device and said first facility; and
  
  facilitate controlling access to said first facility, via said device, using said key associated with said first facility identifier, substantially without reference to an issuer of said device and substantially without use of asymmetric keys of said device, during a plurality of subsequent transactions, substantially in accordance with said payment standard, between said device and said first facility.
- View Dependent Claims (20)
- - 20. The device of claim 19, wherein said processor is further operative to:
    - facilitate secure establishment of a key associated with a second facility identifier, shared between said device and an operator of a second facility, via said public key management infrastructure of said payment system operating according to said payment standard, during a first transaction between said device and said second facility; and
      
      facilitate controlling access to said second facility, via said device, using said key associated with said second facility identifier, substantially without reference to said issuer of said device and substantially without use of said asymmetric keys of said device, during a plurality of subsequent transactions between said device and said second facility.

21. A computer program product comprising a computer useable medium including computer usable program code for using a device conforming to a payment standard to control access to at least a first facility, said computer program product including:
- computer usable program code for facilitating secure establishment of a key associated with a first facility identifier, shared between said device and an operator of said first facility, via a public key management infrastructure of a payment system operating according to said payment standard, during a first transaction, substantially in accordance with said payment standard, between said device and said first facility; and
  
  computer usable program code for facilitating controlling access to said first facility, via said device, using said key associated with said first facility identifier, substantially without reference to an issuer of said device and substantially without use of asymmetric keys of said device, during a plurality of subsequent transactions, substantially in accordance with said payment standard, between said device and said first facility.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The computer program product of claim 21, wherein said computer usable program code for facilitating secure establishment of said key associated with said first facility identifier comprises:
    - computer usable program code for facilitating presentation of said device to a first terminal associated with said first facility, within said first transaction;
      
      computer usable program code for facilitating said device obtaining from said first terminal a first facility identifier;
      
      computer usable program code for facilitating determining whether said device has said key associated with said first facility identifier already stored thereon; and
      
      computer usable program code for, responsive to said determining step indicating that said device does not have said key associated with said first facility identifier already stored thereon;
      
      facilitating establishing a first symmetric key with a public key of said device; and
      
      establishing said key associated with said first facility identifier with said device using said public key of said device.
  - 23. The computer program product of claim 22, wherein said computer usable program code for facilitating controlling access to said first facility, via said device, comprises:
    - computer usable program code for facilitating presentation of said device to a second terminal associated with said first facility, within a given one of said plurality of subsequent transactions;
      
      computer usable program code for facilitating said device obtaining from said second terminal said first facility identifier;
      
      computer usable program code for facilitating determining whether said device has said key associated with said first facility identifier already stored thereon; and
      
      computer usable program code for, responsive to said determining step indicating that said device does have said key associated with said first facility identifier already stored thereon, facilitating said second terminal obtaining from said device a message authentication cryptogram for a payment-type transaction employing said key associated with said first facility identifier.
  - 24. The computer program product of claim 23, wherein said computer usable program code for facilitating controlling access to said facility further comprises computer usable program code for facilitating usage of said message authentication cryptogram employing said key associated with said first facility identifier for verification purposes, substantially without use of conventional asymmetric cryptography techniques.
  - 25. The computer program product of claim 21, further comprising:
    - computer usable program code for facilitating secure establishment of a key associated with a second facility identifier, shared between said device and an operator of a second facility, via said public key management infrastructure of said payment system operating according to said payment standard, during a first transaction between said device and said second facility; and
      
      computer usable program code for facilitating controlling access to said second facility, via said device, using said key associated with said second facility identifier, substantially without reference to said issuer of said device and substantially without use of said asymmetric keys of said device, during a plurality of subsequent transactions between said device and said second facility.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Miller, Stuart, Ward, Michael C., Smets, Patrik, Garrett, Duncan, Beric, John, Roberts, David A.

Application Number

US11/875,026
Publication Number

US 20090103730A1
Time in Patent Office

Days
Field of Search
US Class Current

380/258
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3829   involving key management

G06Q 20/40975   using encryption therefor

G07B 15/00   Arrangements or apparatus f...

G07F 7/10   together with a coded signa...

G07F 7/1008   Active credit-cards provide...

APPARATUS AND METHOD FOR USING A DEVICE CONFORMING TO A PAYMENT STANDARD FOR ACCESS CONTROL AND/OR SECURE DATA STORAGE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

116 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHOD FOR USING A DEVICE CONFORMING TO A PAYMENT STANDARD FOR ACCESS CONTROL AND/OR SECURE DATA STORAGE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links