SYSTEMS AND METHODS FOR AUTHORIZING A TRANSACTION WITH AN UNEXPECTED CRYPTOGRAM
First Claim
1. A method for acquiring digital credential data by a point-of-sale terminal from a mobile device for authorization of a financial transaction comprising:
- using a remote permanent cryptographic key to calculate an expected cryptogram that is expected to comprise at least a portion of the digital credential data, wherein the remote permanent cryptographic key is persistently stored at a remote source that is remote from the mobile device and wherein the mobile device does not access a duplicate local permanent cryptographic key persistently stored locally to the mobile device;
performing an interrogation between the point-of-sale terminal and the mobile device comprising;
sending through a communication channel at least one POS command communication from the point-of-sale terminal to the mobile device requesting the digital credential data; and
sending through the communication channel at least one device response communication from the mobile device to the point-of-sale terminal comprising the expected cryptogram as the at least a portion of the digital credential data;
wherein the financial transaction is authorized.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods are described for performing a timely authorization of digital credential data delivered from a mobile device that is without access to a local persistently stored permanent cryptographic key; through an interrogation with a point-of-sale that behaves according to the direction of a card specification; wherein the card specification expects the mobile device to create a cryptogram that is calculated, at least in part, using the permanent cryptographic key and, at least in part, from unpredictable data delivered from the point-of-sale to the mobile device during the interrogation.
-
Citations
29 Claims
-
1. A method for acquiring digital credential data by a point-of-sale terminal from a mobile device for authorization of a financial transaction comprising:
-
using a remote permanent cryptographic key to calculate an expected cryptogram that is expected to comprise at least a portion of the digital credential data, wherein the remote permanent cryptographic key is persistently stored at a remote source that is remote from the mobile device and wherein the mobile device does not access a duplicate local permanent cryptographic key persistently stored locally to the mobile device; performing an interrogation between the point-of-sale terminal and the mobile device comprising; sending through a communication channel at least one POS command communication from the point-of-sale terminal to the mobile device requesting the digital credential data; and sending through the communication channel at least one device response communication from the mobile device to the point-of-sale terminal comprising the expected cryptogram as the at least a portion of the digital credential data; wherein the financial transaction is authorized. - View Dependent Claims (2)
-
-
3. A method for acquiring digital credential data by a point-of-sale terminal from a mobile device for authorization of a financial transaction comprising:
-
performing an interrogation between the point-of-sale terminal and the mobile device comprising; sending through a communication channel at least one POS command communication from the point-of-sale terminal to the mobile device, the at least one POS command communication comprising (a) a request for the digital credential data that is expected to comprise an expected cryptogram that is expected to be calculated, at least in part, from unpredictable data, and, at least in part, from a permanent cryptographic key and (b) the unpredictable data; and sending through the communication channel at least one device response communication from the mobile device to the point-of-sale terminal, the at least one device response communication comprising at least a portion of the digital credential data that comprises an unexpected cryptogram, substituted in place of the expected cryptogram; wherein the financial transaction is authorized. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method for acquiring digital credential data by a point-of-sale terminal from a secure mobile device for authorization of a financial transaction comprising:
-
performing an interrogation between the point-of-sale terminal and the secure mobile device comprising; sending through a communication channel at least one POS command communication from the point-of-sale terminal to the secure mobile device, the at least one POS command communication comprising (a) a request for the digital credential data that is expected to comprise an expected cryptogram that is expected to be calculated, at least in part, from unpredictable data, and, at least in part, from a permanent cryptographic key and (b) the unpredictable data; and sending through the communication channel at least one device response communication from the secure mobile device to the point-of-sale terminal, the at least one device response communication comprising at least a portion of the digital credential data that comprises the expected cryptogram; in a step that follows the step of performing an interrogation, a secure mobile device transmitting step comprising sending over a second communication channel the unpredictable data from the secure mobile device to a remote application system; in a step that follows the step of performing an interrogation, a point-of-sale terminal transmitting step comprising sending over a third communication channel an authorization request from the point of sale terminal to the remote application system, the authorization request comprising the expected cryptogram and the unpredictable data; in a step that follows the secure mobile device transmitting step and the point-of-sale terminal transmitting step, a corroborative authorizing step comprising; verifying a correctness of the expected cryptogram by the application system; verifying a correctness of the unpredictable data by the application system by comparing the unpredictable data sent over the second communication channel with the unpredictable data sent over the third communication channel; and sending through the third communication channel an authorization response from the remote application system to the point-of-sale terminal wherein data contained in the authorization response is determined, at least in part, by the verifying of the correctness of the unpredictable data and at least in part by the verifying of the correctness of the expected cryptogram; wherein the financial transaction is authorized. - View Dependent Claims (29)
-
Specification