MODULE ID BASED ENCRYPTION FOR FINANCIAL TRANSACTIONS

US 20090144202A1
Filed: 10/08/2008
Published: 06/04/2009
Est. Priority Date: 11/29/2007
Status: Active Grant

First Claim

Patent Images

1. A smart payment card module, comprising:

a communication module coupled to at least one communication network;

a processing module coupled to the communication module;

memory coupled to the processing module; and

wherein the processing module, in cooperation with the communication module, is operable to;

receive and store a first encryption key;

store payment account information for a user payment account encrypted with the first encryption key;

detect that the smart payment card module has been communicatively coupled to a media device;

identify an ID of the media device;

communicate with a remote server using the first encryption key to create a secure tunnel to initiate a key rotation to establish a second encryption key that is based on the ID of the media device;

encrypt the payment account information with the second encryption key; and

store the payment account information encrypted with the second encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server is operable to receive a media device identifying number (ID) and establish an association between a media device and a payment account and, in one embodiment, supports at least one of payment authorization and payment clearing based at least in part on the media device ID and the payment account. A network and system includes a payment card processor server that is operable to receive a payment authorization request and to determine if an authorized media device generated a purchase selection message and to determine to approve a received payment authorization request based, in part, if the media device was authorized for the purchase selection based upon a received media device ID. The system is further operable to perform a key rotation to protect payment account information.

135 Citations

View as Search Results

24 Claims

1. A smart payment card module, comprising:
- a communication module coupled to at least one communication network;
  
  a processing module coupled to the communication module;
  
  memory coupled to the processing module; and
  
  wherein the processing module, in cooperation with the communication module, is operable to;
  
  receive and store a first encryption key;
  
  store payment account information for a user payment account encrypted with the first encryption key;
  
  detect that the smart payment card module has been communicatively coupled to a media device;
  
  identify an ID of the media device;
  
  communicate with a remote server using the first encryption key to create a secure tunnel to initiate a key rotation to establish a second encryption key that is based on the ID of the media device;
  
  encrypt the payment account information with the second encryption key; and
  
  store the payment account information encrypted with the second encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The smart payment card module of claim 1 wherein the processing module produces transmission messages with payment account information encrypted with the second encryption key for transmission to a payment card company server from the media device.
  - 3. The smart payment card module of claim 1 wherein the processing module receives a third encryption key and produces the third encryption key to the media device for establishing a secure tunnel for transmitting a purchase selection message.
  - 4. The smart payment card module of claim 1 wherein the second encryption key is based on both the media device ID and at least a portion of the payment account information.
  - 5. The smart payment card module of claim 1 wherein the processing module initiates a key rotation to establish the second encryption key based on the media device ID if:
    - the smart payment card module has determined that it has been communicatively coupled to the media device and that it has been communicatively coupled to any media device only once;
      
      orthe smart payment card module receives, through an encrypted communication, a control command from the remote server to establish a new encryption key based upon the media device ID.
  - 6. The smart payment card module of claim 1 wherein the processing module decrypts the payment account information with the first encryption key and encrypts the payment account information with the second encryption key prior to storing the payment account information.
  - 7. The smart payment card module of claim 1 wherein credit card track 2 type of payment account information is encrypted with the second encryption key that is based upon the media device ID.

8. A method for key rotation, comprising:
- receiving and storing a first encryption key;
  
  storing payment account information for a user payment account;
  
  detecting that the smart payment card module has been communicatively coupled to a media device for a first time;
  
  identifying an ID of the media device;
  
  creating a secure tunnel with a payment card company using the first encryption key to initiate a key rotation to establish a second encryption key that is based on the ID of the media device;
  
  encrypting the payment account information with the second encryption key; and
  
  storing the encrypted payment account information.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 9. The method of claim 8 wherein the second encryption key is based on both the media device ID and at least a portion of the payment account information.
  - 10. The method of claim 8 wherein the second encryption key is received from a payment card company server for encrypting a specified portion of the payment account information.
  - 11. The method of claim 8 further including receiving a third encryption key for:
    - encrypting non-track 2 type of payment account information in purchase selection messages;
      
      orencrypting payment account information that includes the payment account information encrypted with the second encryption key.
  - 12. The method of claim 11 wherein the third encryption key is produced to the media device.
  - 13. The method of claim 8 further including producing messages to the media device for transmission to a payment card company server to establish the second encryption key.
  - 14. The method of claim 8 wherein the payment account information is encrypted with the first encryption key prior to storing the payment account information and prior to initiating a key rotation to establish the second encryption key.
  - 15. The method of claim 8 further including initiating a key rotation process to establish the second encryption key based on the media device ID when:
    - the smart payment card module has determined that it has been communicatively coupled to a media device and that it has been communicatively coupled to any media device only once;
      
      orthe smart payment card module receives, through an encrypted communication, a control command from the remote server to generate a new encryption key based upon the media device ID.
  - 16. The method of claim 8 further including decrypting the payment account information with the first encryption key and encrypting the payment account information with the second encryption key prior to storing the payment account information.
  - 17. The method of claim 10 further including encrypting credit card track 2 type of data with the second encryption key that is based upon the media device ID.

18. A method in a media device, comprising:
- determining that a smart card has been communicatively coupled to the media device;
  
  communicating with the smart card through a smart card interface;
  
  receiving a first encryption key from the smart card;
  
  establishing a first secure communication tunnel with a first remote server using the first encryption key;
  
  receiving a second encryption key through the first secure communication tunnel with the first remote server and providing the second encryption key to the smart card;
  
  encrypting the payment account information with the second encryption key;
  
  receiving a purchase selection indication from a remote control device;
  
  retrieving payment account information from the smart card wherein the payment account information is encrypted with the second encryption key;
  
  establishing a second secure communication tunnel with a second remote server using at least one of the second encryption key and a third encryption key; and
  
  transmitting the encrypted payment account information.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The method of claim 18 further including producing a media device ID to one of the first remote server and the smart card.
  - 20. The method of claim 18 further including transmitting an unencrypted portion of the payment account information to the second external server.
  - 21. The method of claim 18 further including receiving the third encryption key for the second secure communication tunnel.
  - 22. The method of claim 21 further including transmitting a first portion of the payment account information encrypted with the second encryption key and a second portion of the payment account information encrypted with the third encryption key.
  - 23. The method of claim 18 wherein the second encryption key is used to encrypt credit card track 2 type of payment account information for a user payment account and further wherein the second encryption key is based upon the media device ID for a media device having an established association the user payment account.
  - 24. The method of claim 18 wherein the first and second remote servers are the same.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
HURRY, SIMON J.

Granted Patent

US 7,983,994 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06Q 20/085   involving remote charge det...

G06Q 20/12   specially adapted for elect...

G06Q 20/14   specially adapted for billi...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4014   Identity check for transact...

G06Q 20/4037   Remote solvency checks

G06Q 20/409   Device specific authenticat...

G06Q 30/0601   Electronic shopping [e-shop...

G07F 7/08   by coded identity card or c...

H04N 21/2542   for selling goods, e.g. TV ...

H04N 21/2543   Billing , e.g. for subscrip...

H04N 21/4182   for identification purposes...

H04N 21/42684   Client identification by a ...

H04N 21/47815   Electronic shopping payment...

MODULE ID BASED ENCRYPTION FOR FINANCIAL TRANSACTIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

135 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

MODULE ID BASED ENCRYPTION FOR FINANCIAL TRANSACTIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

135 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links