SYSTEMS AND METHODS FOR PROCESSING MOBILE PAYMENTS BY PROVISONING CREDENTIALS TO MOBILE DEVICES WITHOUT SECURE ELEMENTS
First Claim
1. A method for generating and provisioning payment credentials to a mobile device lacking a secure element, comprising:
- generating, by a processing device, a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier;
provisioning, to a mobile device, the generated card profile;
receiving, from the mobile device, a key request, wherein the key request includes at least a mobile personal identification number (PIN) and the profile identifier;
using, by an authentication device, the mobile PIN;
generating, by the processing device, a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction; and
transmitting, by a transmitting device, the generated single use key to the mobile device, wherein the mobile device is not required to have a secure element.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for generating and provisioning payment credentials to a mobile device lacking a secure element includes: generating a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier; provisioning, to a mobile device lacking a secure element, the generated card profile; receiving, from the mobile device, a key request, wherein the key request includes at least a mobile identification number (PIN) and the profile identifier; using the mobile PIN; generating a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction; and transmitting the generated single use key to the mobile device.
391 Citations
54 Claims
-
1. A method for generating and provisioning payment credentials to a mobile device lacking a secure element, comprising:
-
generating, by a processing device, a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier; provisioning, to a mobile device, the generated card profile; receiving, from the mobile device, a key request, wherein the key request includes at least a mobile personal identification number (PIN) and the profile identifier; using, by an authentication device, the mobile PIN; generating, by the processing device, a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction; and transmitting, by a transmitting device, the generated single use key to the mobile device, wherein the mobile device is not required to have a secure element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for generating a payment cryptogram in a mobile device lacking a secure element, comprising:
-
receiving, by a receiving device, a card profile, wherein the card profile includes at least payment credentials corresponding to a payment account and a profile identifier; receiving, by an input device, a mobile personal identification number (PIN) input by a user of the mobile device; transmitting, by a transmitting device, a key request, wherein the key request includes at least the profile identifier; receiving, by the receiving device, a single use key, wherein the single use key includes at least an application transaction counter and a generating key; generating, by a processing device, a payment cryptogram valid for a single financial transaction based on at least the received single use key and the mobile PIN; and transmitting, via near field communication, at least the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for generating and provisioning payment credentials to a mobile device lacking a secure element, comprising:
-
storing, in a database, at least a storage key, a plurality of dynamic card validation code keys, and an application transaction counter associated with a mobile application program; provisioning, to the mobile device, at least the storage key, an authentication component, and static payment credentials, wherein the static payment credentials are associated with a payment account; receiving, from the mobile device, a chip authentication program (CAP) token; validating, by a validation device, the authenticity of the received CAP token; generating, by a processing device, a session key unpredictable number (KSUN); generating, by the processing device, a cloud unpredictable number (UNCLOUD); identifying, by the processing device, an encrypted payload based on a derived dynamic card validation code key (KDCVC3), wherein the encrypted payload includes at least a dynamic card validation code key of the plurality of dynamic card validation code keys, the KSUN, and the application transaction counter; transmitting, by a transmitting device, the encrypted payload to the mobile device for use in generating a dynamic card validation code for use in a financial transaction; and transmitting, by the transmitting device, at least the KSUN, UNCLOUD, and application transaction counter to an issuer associated with the payment account for use in validating the generated dynamic card validation code used in the financial transaction. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. A method for generating a dynamic card validation code in a mobile device lacking a secure element, comprising:
-
receiving, by a receiving device, at least a storage key, an authentication component, and static payment credentials; receiving, by an input device, at least one additional credential; generating, by a processing device, a chip authentication program (CAP) token, wherein the CAP token is based on at least the authentication component and the at least one additional credential; transmitting, by a transmitting device, the generated CAP token; receiving, by the receiving device, an encrypted payload, wherein the encrypted payload includes at least a supplied dynamic card validation code, session key unpredictable number, and application transaction counter; decrypting, by the processing device, the encrypted payload using at least the received storage key; receiving, via near field communication, a reader unpredictable number from a point-of-sale terminal; generating, by the processing device, a payment dynamic card validation code based on at least the supplied dynamic card validation code, the session key unpredictable number, the application transaction counter, and the reader unpredictable number; and transmitting, via near field communication, the generated payment dynamic card validation code and the application transaction counter to the point-of-sale terminal for including in an authorization request for a financial transaction. - View Dependent Claims (27)
-
-
28. A system for generating and provisioning payment credentials to a mobile device lacking a secure element, comprising:
-
a transmitting device; a processing device configured to generate a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier; a provisioning device configured to provision, to a mobile device lacking a secure element, the generated card profile; a receiving device configured to receive, from the mobile device, a key request, wherein the key request includes at least a mobile personal identification number (PIN) and the profile identifier; and an authentication device configured to use the mobile PIN, wherein the processing device is further configured to generate a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction, and the transmitting device is configured to transmit the generated single use key to the mobile device. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A system for generating a payment cryptogram in a mobile device lacking a secure element, comprising:
-
a processing device; a receiving device configured to receive a card profile, wherein the card profile includes at least payment credentials corresponding to a payment account and a profile identifier; an input device configured to receive a mobile personal identification number (PIN) input by a user of the mobile device; and a transmitting device configured to transmit a key request, wherein the key request includes at least the profile identifier, wherein the receiving device is further configured to receive a single use key, wherein the single use key includes at least an application transaction counter and a generating key, the processing device is configured to generate a payment cryptogram valid for a single financial transaction based on at least the received single use key and the mobile PIN, and the transmitting device is further configured to transmit, via near field communication, at least the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. A system for generating and provisioning payment credentials to a mobile device lacking a secure element, comprising:
-
a database configured to store at least a storage key, a plurality of dynamic card validation code keys, and an application transaction counter associated with a mobile application program; a provisioning device configured to provision, to the mobile device, at least the storage key, an authentication component, and static payment credentials, wherein the static payment credentials are associated with a payment account; a receiving device configured to receive, from the mobile device, a chip authentication program (CAP) token generated based on at least the static payment credentials; a processing device configured to validate the authenticity of the received CAP token, generate a session key unpredictable number (KSUN), generate a cloud unpredictable number (UNCLOUD), and identify an encrypted payload based on a derived dynamic card validation code key (KDCVC3), wherein the encrypted payload includes at least a dynamic card validation code key of the plurality of dynamic card validation code keys, the KSUN, and the application transaction counter; and a transmitting device configured to transmit the encrypted payload to the mobile device for use in generating a dynamic card validation code for use in a financial transaction, and transmit at least the KSUN, UNCLOUD, and application transaction counter to an issuer associated with the payment account for use in validating the generated dynamic card validation code used in the financial transaction. - View Dependent Claims (48, 49, 50, 51, 52)
-
-
53. A system for generating a dynamic card validation code in a mobile device lacking a secure element, comprising:
-
a receiving device configured to receive at least a storage key, an authentication component, and static payment credentials; an input device configured to receive at least one additional credential; a processing device configured to generate a chip authentication program (CAP) token, wherein the CAP token is based on at least the authentication component and the at least one additional credential; and a transmitting device configured to transmit the generated CAP token, wherein the receiving device is further configured to receive an encrypted payload, wherein the encrypted payload includes at least a supplied dynamic card validation code, session key unpredictable number, and application transaction counter, the processing device is further configured to decrypt the encrypted payload using at least the received storage key, the receiving device is further configured to receive, via near field communication, a reader unpredictable number from a point-of-sale terminal, the processing device is further configured to generate a payment dynamic card validation code based on at least the supplied dynamic card validation code, the session key unpredictable number, the application transaction counter, and the reader unpredictable number, and the transmitting device is further configured to transmit, via near field communication, the generated payment dynamic card validation code and the application transaction counter to the point-of-sale terminal for including in an authorization request for a financial transaction. - View Dependent Claims (54)
-
Specification