SYSTEMS, METHODS, AND COMPUTER READABLE MEDIA FOR CONDUCTING A TRANSACTION USING CLOUD BASED CREDENTIALS

US 20130275307A1
Filed: 04/15/2013
Published: 10/17/2013
Est. Priority Date: 04/13/2012
Status: Active Grant

First Claim

Patent Images

1. A method for conducting an electronic transaction, the method comprising:

initiating an electronic transaction between a mobile device and a point of sale (POS) reader device;

applying at least a user identifier that is associated with a user of the mobile device and shared secret data as inputs to a cryptographic function in the mobile device, wherein the shared secret data is a key or password shared by both the user and an issuer server;

inserting the output of the cryptographic function into legacy transaction formatted data;

wirelessly providing the legacy transaction formatted data to the POS reader device via the electronic transaction;

forwarding, from the POS reader device, the legacy transaction formatted data to the issuer server;

processing, at the issuer server, the legacy transaction formatted data to verify the user identifier and request authorization for the electronic transaction;

sending, to the POS reader device, a notification message that indicates that the electronic transaction is authorized; and

conducting, at the POS reader device, the electronic transaction upon receipt of the notification message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for conducting an electronic transaction that includes initiating an electronic transaction between a mobile device and a POS reader device and applying at least a user identifier that is associated with a user of the mobile device and shared secret data as inputs to a cryptographic function in the mobile device. The method further includes inserting the output of the cryptographic function into legacy transaction formatted data, wirelessly providing the legacy transaction formatted data to the POS reader device via the electronic transaction, forwarding the legacy transaction formatted data to the issuer server, and processing, at the issuer server, the legacy transaction formatted data to verify the user identifier and request authorization for the electronic transaction. The method also includes sending a notification message to the POS reader device that indicates that the electronic transaction is authorized and conducting the electronic transaction upon receipt of the notification message.

Citations

23 Claims

1. A method for conducting an electronic transaction, the method comprising:
- initiating an electronic transaction between a mobile device and a point of sale (POS) reader device;
  
  applying at least a user identifier that is associated with a user of the mobile device and shared secret data as inputs to a cryptographic function in the mobile device, wherein the shared secret data is a key or password shared by both the user and an issuer server;
  
  inserting the output of the cryptographic function into legacy transaction formatted data;
  
  wirelessly providing the legacy transaction formatted data to the POS reader device via the electronic transaction;
  
  forwarding, from the POS reader device, the legacy transaction formatted data to the issuer server;
  
  processing, at the issuer server, the legacy transaction formatted data to verify the user identifier and request authorization for the electronic transaction;
  
  sending, to the POS reader device, a notification message that indicates that the electronic transaction is authorized; and
  
  conducting, at the POS reader device, the electronic transaction upon receipt of the notification message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1 wherein processing the legacy transaction formatted data includes:
    - decrypting a portion of the legacy transaction formatted data using a copy of the shared secret data; and
      
      comparing the portion of the legacy transaction formatted data with stored user information in the issuer server to verify the user identifier.
  - 3. The method of claim 2 wherein, if the user identifier is verified, determining if card credentials stored at the issuer server that are associated with the user are valid.
  - 4. The method of claim 3 wherein, if the card credentials are determined to be valid, utilizing the card credentials to complete the electronic transaction.
  - 5. The method of claim 1 wherein the legacy transaction formatted data includes at least one of:
    - Track 1 data, Track 2 data, Track 3 data, and EMV data.
  - 6. The method of claim 1 wherein the electronic transaction includes an electronic payment transaction or an electronic non-payment transaction.
  - 7. The method of claim 1 wherein the cryptographic function is at least one of:
    - a one way function, a cryptographic hash function, a standard encryption function, and proprietary encryption function.
  - 8. The method of claim 1 wherein the mobile device includes a near field communications (NFC) enabled mobile device.
  - 9. The method of claim 1 wherein the mobile device is equipped with at least one of:
    - a Quick Response (QR) code reader, a barcode reader, a camera, a Bluetooth enabling chip, a WiFi enabling chip, and another wireless technology enabling chip.
  - 10. The method of claim 1 wherein the electronic transaction is conducted in a magnetic stripe based network or a Europay, MasterCard, and Visa (EMV) card based network.
  - 11. The method of claim 1 wherein initiating an electronic transaction includes initiating the electronic transaction without an electronic payment card or an electronic non-payment card stored in the mobile device.
  - 12. The method of claim 1 wherein the POS reader device is either located at a fixed location or comprises a mobile POS reader device.
  - 13. The method of claim 1 wherein the user identifier is mapped to a mobile device identifier or a subscriber identity module (SIM) identifier.
  - 14. The method of claim 13 wherein the mobile device identifier includes a serial number or an international mobile equipment identity (IMEI) number.
  - 15. The method of claim 1 wherein the cryptographic function is generated using at least one of:
    - an account number, the user identifier, a password, a subscriber identity module (SIM) identifier, an employer identification number (EIN), a WIN, an international mobile equipment identity (IMEI) number, biometric data, a sequence number, a random number, and a unique transaction identifier.
  - 16. The method of claim 1 wherein the shared secret data includes at least one of:
    - a password, a public key, and a shared key.
  - 17. The method of claim 1 wherein the shared secret data includes a combination of a password and biometric data.
  - 18. The method of claim 1 wherein the user identifier is linked to an application account that is used to facilitate the electronic transaction.
  - 19. The method of claim 1 wherein the user identifier is linked to card credentials stored in the issuer server.
  - 20. The method of claim 19 wherein the card credentials includes magnetic stripe data or Europay, MasterCard, and Visa (EMV) payment card data.
  - 21. The method of claim 1 wherein a bank identifier number (BIN) is added to the output of the cryptographic function to form Track 1 and Track 2 data and is used to route the Track 1 and Track 2 data to the issuer server over an existing POS, payment, or non-payment network infrastructure.

22. A system for conducting an electronic transaction, the system comprising:
- a point of sale (POS) reader device located a point of sale that is configured to process an electronic transaction;
  
  a mobile device configure configured to initiate the electronic transaction with the POS reader device, to apply at least a user identifier that is associated with a user of the mobile device and shared secret data as inputs to a cryptographic function in the mobile device, wherein the shared secret data is a key or password shared by both the user and an issuer server, to insert the output of the cryptographic function into the legacy transaction formatted data, and to wirelessly provide the legacy transaction formatted data to the POS reader device via the electronic transaction; and
  
  an issuer server configured to receive the legacy transaction formatted data from the POS reader device, to process the legacy transaction formatted data to verify the user identifier and request authorization for the electronic transaction, and to send a notification message that indicates that the electronic transaction is authorized to the POS reader device.

23. A non-transitory computer readable medium having stored thereon executable instructions for controlling a computer to perform steps comprising:
- initiating an electronic transaction between a mobile device and a point of sale (POS) reader device;
  
  applying at least a user identifier that is associated with a user of the mobile device and shared secret data as inputs to a cryptographic function in the mobile device, wherein the shared secret data is a key or password shared by both the user and an issuer server;
  
  inserting the output of the cryptographic function into legacy transaction formatted data;
  
  wirelessly providing the legacy transaction formatted data to the POS reader device via the electronic transaction;
  
  forwarding, from the POS reader device, the legacy transaction formatted data to the issuer server;
  
  processing, at the issuer server, the legacy transaction formatted data to verify the user identifier and request authorization for the electronic transaction;
  
  sending, to the POS reader device, a notification message that indicates that the electronic transaction is authorized; and
  
  conducting, at the POS reader device, the electronic transaction upon receipt of the notification message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Khan, Mohammad

Granted Patent

US 10,528,944 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/64
CPC Class Codes

G06Q 20/204   comprising interface for re...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/363   with the personal data of a...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

SYSTEMS, METHODS, AND COMPUTER READABLE MEDIA FOR CONDUCTING A TRANSACTION USING CLOUD BASED CREDENTIALS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS, METHODS, AND COMPUTER READABLE MEDIA FOR CONDUCTING A TRANSACTION USING CLOUD BASED CREDENTIALS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links