SYSTEMS AND METHODS FOR PROCESSING MOBILE PAYMENTS BY PROVISONING CREDENTIALS TO MOBILE DEVICES WITHOUT SECURE ELEMENTS

US 20130262317A1
Filed: 03/14/2013
Published: 10/03/2013
Est. Priority Date: 04/02/2012
Status: Active Grant

First Claim

Patent Images

1. A method for generating and provisioning payment credentials to a mobile device lacking a secure element, comprising:

generating, by a processing device, a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier;

provisioning, to a mobile device, the generated card profile;

receiving, from the mobile device, a key request, wherein the key request includes at least a mobile personal identification number (PIN) and the profile identifier;

using, by an authentication device, the mobile PIN;

generating, by the processing device, a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction; and

transmitting, by a transmitting device, the generated single use key to the mobile device, wherein the mobile device is not required to have a secure element.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for generating and provisioning payment credentials to a mobile device lacking a secure element includes: generating a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier; provisioning, to a mobile device lacking a secure element, the generated card profile; receiving, from the mobile device, a key request, wherein the key request includes at least a mobile identification number (PIN) and the profile identifier; using the mobile PIN; generating a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction; and transmitting the generated single use key to the mobile device.

391 Citations

54 Claims

1. A method for generating and provisioning payment credentials to a mobile device lacking a secure element, comprising:
- generating, by a processing device, a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier;
  
  provisioning, to a mobile device, the generated card profile;
  
  receiving, from the mobile device, a key request, wherein the key request includes at least a mobile personal identification number (PIN) and the profile identifier;
  
  using, by an authentication device, the mobile PIN;
  
  generating, by the processing device, a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction; and
  
  transmitting, by a transmitting device, the generated single use key to the mobile device, wherein the mobile device is not required to have a secure element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, whereinthe single use key is genuine if the mobile PIN is successfully authenticated, andthe single use key is fake if the mobile PIN is unsuccessfully authenticated.
  - 3. The method of claim 1, further comprising:
    - transmitting, by the transmitting device, the generated single use key to an issuer associated with the payment account.
  - 4. The method of claim 1, wherein provisioning the generated card profile to the mobile device may include building a message including the generated card profile, generating an encryption key, encrypting the message using the generated encryption key, and provisioning the encrypted message to the mobile device.
  - 5. The method of claim 1, wherein transmitting the generated single use key to the mobile device may include building a message including the generated single use key, generating an encryption key, encrypting the message using the generated encryption key, and provisioning the encrypted message to the mobile device.
  - 6. The method of claim 1, wherein the generated single use key is inactive.
  - 7. The method of claim 6, further comprising:
    - receiving, from the mobile device, an indication of use of the single use key; and
      
      activating, by the processing device, the generated single use key.
  - 8. The method of claim 7, further comprising:
    - transmitting, by the transmitting device, an indication of activation of the single use key to an issuer associated with the payment account.
  - 9. The method of claim 1, wherein the payment cryptogram is an application cryptogram or a dynamic card validation code.
  - 10. The method of claim 1, wherein using the mobile PIN includes using, by the authentication device, the mobile PIN using an XOR method.

11. A method for generating a payment cryptogram in a mobile device lacking a secure element, comprising:
- receiving, by a receiving device, a card profile, wherein the card profile includes at least payment credentials corresponding to a payment account and a profile identifier;
  
  receiving, by an input device, a mobile personal identification number (PIN) input by a user of the mobile device;
  
  transmitting, by a transmitting device, a key request, wherein the key request includes at least the profile identifier;
  
  receiving, by the receiving device, a single use key, wherein the single use key includes at least an application transaction counter and a generating key;
  
  generating, by a processing device, a payment cryptogram valid for a single financial transaction based on at least the received single use key and the mobile PIN; and
  
  transmitting, via near field communication, at least the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein the payment cryptogram is an application cryptogram or a dynamic card validation code.
  - 13. The method of claim 11, wherein receiving the card profile may include receiving an encrypted message including the card profile, generating a mobile session key, and decrypting the message using the generated mobile session key to obtain the included card profile.
  - 14. The method of claim 11, wherein receiving the single use key may include receiving an encrypted message including the single use key, generating a mobile session key, and decrypting the message using the generated mobile session key to obtain the included single use key.
  - 15. The method of claim 11, further comprising:
    - receiving, by the input device, an indication of use of the received single use key;
      
      transmitting, by the transmitting device, an activation request, wherein the activation request includes at least the profile identifier; and
      
      receiving, by the receiving device, an indication of activation of the single use key.
  - 16. The method of claim 15, wherein the payment credentials and generated payment cryptogram are transmitted to the point-of-sale terminal in response to receiving the indication of activation of the single use key.
  - 17. The method of claim 15, wherein the payment cryptogram is generated in response to receiving the indication of activation of the single use key.
  - 18. The method of claim 11, whereinthe card profile is configured to utilize local data authentication, andlocal data authentication includes one of (1) swapping, in the payment credentials, the meaning of an expiration date and an effective date, (2) setting the expiration date as a date prior to the date of issuance, or (3) setting the effective date as a date beyond the expiry date, or both may be set as the expiration date and effective date as defined, and setting an issuer action code configured to force the financial transaction to be an online transaction.
  - 19. The method of claim 18, wherein the card profile further includes one RSA key pair and certificate.

20. A method for generating and provisioning payment credentials to a mobile device lacking a secure element, comprising:
- storing, in a database, at least a storage key, a plurality of dynamic card validation code keys, and an application transaction counter associated with a mobile application program;
  
  provisioning, to the mobile device, at least the storage key, an authentication component, and static payment credentials, wherein the static payment credentials are associated with a payment account;
  
  receiving, from the mobile device, a chip authentication program (CAP) token;
  
  validating, by a validation device, the authenticity of the received CAP token;
  
  generating, by a processing device, a session key unpredictable number (KS_UN);
  
  generating, by the processing device, a cloud unpredictable number (UN_CLOUD);
  
  identifying, by the processing device, an encrypted payload based on a derived dynamic card validation code key (KD_CVC3), wherein the encrypted payload includes at least a dynamic card validation code key of the plurality of dynamic card validation code keys, the KS_UN, and the application transaction counter;
  
  transmitting, by a transmitting device, the encrypted payload to the mobile device for use in generating a dynamic card validation code for use in a financial transaction; and
  
  transmitting, by the transmitting device, at least the KS_UN, UN_CLOUD, and application transaction counter to an issuer associated with the payment account for use in validating the generated dynamic card validation code used in the financial transaction.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The method of claim 20, whereinthe KD_CVC3is genuine if the received CAP token is successfully validated, andthe KD_CVC3is fake if the received CAP token is unsuccessfully validated.
  - 22. The method of claim 20, wherein validating the authenticity of the CAP token includes validating the authenticity of the CAP token based on at least the provisioned authentication component and an additional credential received from the mobile device.
  - 23. The method of claim 22, wherein the additional credential is at least one of:
    - a gesture, a password, a passcode, and a biometric identifier.
  - 24. The method of claim 20, wherein validating the authenticity of the CAP token includes validating the authenticity of the CAP token based on at least the application transaction counter.
  - 25. The method of claim 20, wherein the encrypted payload is encrypted using at least the storage key.

26. A method for generating a dynamic card validation code in a mobile device lacking a secure element, comprising:
- receiving, by a receiving device, at least a storage key, an authentication component, and static payment credentials;
  
  receiving, by an input device, at least one additional credential;
  
  generating, by a processing device, a chip authentication program (CAP) token, wherein the CAP token is based on at least the authentication component and the at least one additional credential;
  
  transmitting, by a transmitting device, the generated CAP token;
  
  receiving, by the receiving device, an encrypted payload, wherein the encrypted payload includes at least a supplied dynamic card validation code, session key unpredictable number, and application transaction counter;
  
  decrypting, by the processing device, the encrypted payload using at least the received storage key;
  
  receiving, via near field communication, a reader unpredictable number from a point-of-sale terminal;
  
  generating, by the processing device, a payment dynamic card validation code based on at least the supplied dynamic card validation code, the session key unpredictable number, the application transaction counter, and the reader unpredictable number; and
  
  transmitting, via near field communication, the generated payment dynamic card validation code and the application transaction counter to the point-of-sale terminal for including in an authorization request for a financial transaction.
- View Dependent Claims (27)
- - 27. The method of claim 26, wherein the at least one additional credential is at least one of:
    - a gesture, a password, a passcode, and a biometric identifier.

28. A system for generating and provisioning payment credentials to a mobile device lacking a secure element, comprising:
- a transmitting device;
  
  a processing device configured to generate a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier;
  
  a provisioning device configured to provision, to a mobile device lacking a secure element, the generated card profile;
  
  a receiving device configured to receive, from the mobile device, a key request, wherein the key request includes at least a mobile personal identification number (PIN) and the profile identifier; and
  
  an authentication device configured to use the mobile PIN, whereinthe processing device is further configured to generate a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction, andthe transmitting device is configured to transmit the generated single use key to the mobile device.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 29. The system of claim 28, whereinthe single use key is genuine if the mobile PIN is successfully authenticated, andthe single use key is fake if the mobile PIN is unsuccessfully authenticated.
  - 30. The system of claim 28, wherein the transmitting device is further configured to transmit the generated single use key to an issuer associated with the payment account.
  - 31. The system of claim 28, wherein the authentication device is further configured to use the mobile PIN using an XOR method.
  - 32. The system of claim 28, wherein provisioning the generated card profile to the mobile device may include building a message including the generated card profile, generating an encryption key, encrypting the message using the generated encryption key, and provisioning the encrypted message to the mobile device.
  - 33. The system of claim 28, wherein transmitting the generated single use key to the mobile device may include building a message including the generated single use key, generating an encryption key, encrypting the message using the generated encryption key, and provisioning the encrypted message to the mobile device.
  - 34. The system of claim 28, wherein the generated single use key is inactive.
  - 35. The system of claim 34, whereinthe receiving device is further configured to receive, from the mobile device, an indication of use of the single use key, andthe processing device is further configured to activate the generated single use key.
  - 36. The system of claim 35, wherein the transmitting device is further configured to transmit an indication of activation of the single use key to an issuer associated with the payment account.
  - 37. The system of claim 28, wherein the payment cryptogram is an application cryptogram or a dynamic card validation code.

38. A system for generating a payment cryptogram in a mobile device lacking a secure element, comprising:
- a processing device;
  
  a receiving device configured to receive a card profile, wherein the card profile includes at least payment credentials corresponding to a payment account and a profile identifier;
  
  an input device configured to receive a mobile personal identification number (PIN) input by a user of the mobile device; and
  
  a transmitting device configured to transmit a key request, wherein the key request includes at least the profile identifier, whereinthe receiving device is further configured to receive a single use key, wherein the single use key includes at least an application transaction counter and a generating key,the processing device is configured to generate a payment cryptogram valid for a single financial transaction based on at least the received single use key and the mobile PIN, andthe transmitting device is further configured to transmit, via near field communication, at least the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46)
- - 39. The system of claim 38, wherein the payment cryptogram is an application cryptogram or a dynamic card validation code.
  - 40. The system of claim 38, wherein receiving the card profile may include receiving an encrypted message including the card profile, generating a mobile session key, and decrypting the message using the generated mobile session key to obtain the included card profile.
  - 41. The system of claim 38, wherein receiving the single use key may include receiving an encrypted message including the single use key, generating a mobile session key, and decrypting the message using the generated mobile session key to obtain the included single use key.
  - 42. The system of claim 38, whereinthe input device is further configured to receive indication of use of the received single use key,the transmitting device is further configured to transmit an activation request, wherein the activation request includes at least the profile identifier, andthe receiving device is further configured to receive an indication of activation of the single use key.
  - 43. The system of claim 42, wherein the transmitting device is configured to transmit the payment credentials and the generated payment cryptogram in response to the receipt of the indication of activation of the single use key.
  - 44. The system of claim 42, wherein the processing device is configured to generate the payment cryptogram in response to the receipt of the indication of activation of the single use key.
  - 45. The system of claim 38, whereinthe card profile is configured to utilize local data authentication, andlocal data authentication includes one of (1) swapping, in the payment credentials, the meaning of an expiration date and an effective date, (2) setting the expiration date as a date prior to the date of issuance, or (3) setting the effective date as a date beyond the expiry date, or both may be set as the expiration date and effective date as defined, and setting an issuer action code configured to force the financial transaction to be an online transaction.
  - 46. The system of claim 45, wherein the card profile further includes one RSA key pair and certificate.

47. A system for generating and provisioning payment credentials to a mobile device lacking a secure element, comprising:
- a database configured to store at least a storage key, a plurality of dynamic card validation code keys, and an application transaction counter associated with a mobile application program;
  
  a provisioning device configured to provision, to the mobile device, at least the storage key, an authentication component, and static payment credentials, wherein the static payment credentials are associated with a payment account;
  
  a receiving device configured to receive, from the mobile device, a chip authentication program (CAP) token generated based on at least the static payment credentials;
  
  a processing device configured tovalidate the authenticity of the received CAP token,generate a session key unpredictable number (KS_UN),generate a cloud unpredictable number (UN_CLOUD), andidentify an encrypted payload based on a derived dynamic card validation code key (KD_CVC3), wherein the encrypted payload includes at least a dynamic card validation code key of the plurality of dynamic card validation code keys, the KS_UN, and the application transaction counter; and
  
  a transmitting device configured totransmit the encrypted payload to the mobile device for use in generating a dynamic card validation code for use in a financial transaction, andtransmit at least the KS_UN, UN_CLOUD, and application transaction counter to an issuer associated with the payment account for use in validating the generated dynamic card validation code used in the financial transaction.
- View Dependent Claims (48, 49, 50, 51, 52)
- - 48. The system of claim 47, whereinthe KD_CVC3is genuine if the received CAP token is successfully validated, andthe KD_CVC3is fake if the received CAP token is unsuccessfully validated.
  - 49. The system of claim 47, wherein the processing device is configured to validate the authenticity of the CAP token based on at least the provisioned authentication component and an additional credential received from the mobile device.
  - 50. The system of claim 49, wherein the additional credential is at least one of:
    - a gesture, a password, a passcode, and a biometric identifier.
  - 51. The system of claim 47, wherein the processing device is configured to validate the authenticity of the CAP token based on at least the application transaction counter.
  - 52. The system of claim 47, wherein the processing device is further configured to encrypt the encrypted payload using at least the storage key.

53. A system for generating a dynamic card validation code in a mobile device lacking a secure element, comprising:
- a receiving device configured to receive at least a storage key, an authentication component, and static payment credentials;
  
  an input device configured to receive at least one additional credential;
  
  a processing device configured to generate a chip authentication program (CAP) token, wherein the CAP token is based on at least the authentication component and the at least one additional credential; and
  
  a transmitting device configured to transmit the generated CAP token, whereinthe receiving device is further configured to receive an encrypted payload, wherein the encrypted payload includes at least a supplied dynamic card validation code, session key unpredictable number, and application transaction counter,the processing device is further configured to decrypt the encrypted payload using at least the received storage key,the receiving device is further configured to receive, via near field communication, a reader unpredictable number from a point-of-sale terminal,the processing device is further configured to generate a payment dynamic card validation code based on at least the supplied dynamic card validation code, the session key unpredictable number, the application transaction counter, and the reader unpredictable number, andthe transmitting device is further configured to transmit, via near field communication, the generated payment dynamic card validation code and the application transaction counter to the point-of-sale terminal for including in an authorization request for a financial transaction.
- View Dependent Claims (54)
- - 54. The system of claim 53, wherein the at least one additional credential is at least one of:
    - a gesture, a password, a passcode, and a biometric identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Smets, Patrik, Roberts, David Anthony, COLLINGE, Mehdi, Thompson, Susan, Ward, Michael Christopher

Granted Patent

US 10,515,359 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3223   Realising banking transacti...

G06Q 20/3265   characterised by personalis...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/385   using an alias or single-us...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/405   Establishing or using trans...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

SYSTEMS AND METHODS FOR PROCESSING MOBILE PAYMENTS BY PROVISONING CREDENTIALS TO MOBILE DEVICES WITHOUT SECURE ELEMENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

391 Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR PROCESSING MOBILE PAYMENTS BY PROVISONING CREDENTIALS TO MOBILE DEVICES WITHOUT SECURE ELEMENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

391 Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links