PAYMENT SYSTEM FOR AUTHORIZING A TRANSACTION BETWEEN A USER DEVICE AND A TERMINAL
First Claim
1. A method of authorizing an EMV payment transaction between a user device and a point-of-sale terminal, the user device being configured with a payment application, the payment application being associated with a certificate and a hash corresponding to the certificate, the hash being generated on the basis of an application expiration date parameter, the application expiration date parameter comprising data indicative of an expiration date associated with the certificate, such that the hash is generated on the basis of an expiration day, an expiration month and an expiration year of the certificate, the method comprising:
- in response to the point-of-sale terminal receiving the certificate, the point-of-sale terminal verifying the hash, thereby establishing the authenticity of the application expiration date parameter, and hence the validity of the certificate; and
selectively authorizing the payment application for conducting the transaction.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. The payment application is associated with a certificate and a corresponding hash. The hash is adapted to be generated on the basis of an application expiration date parameter, which is adapted to comprise data indicative of an expiration date of day level granularity associated with the certificate. During processing of the EMV transaction, the point-of-sale terminal verifies the hash, thereby establishing the authenticity of the application expiration date, and hence the validity of the certificate.
26 Citations
20 Claims
-
1. A method of authorizing an EMV payment transaction between a user device and a point-of-sale terminal, the user device being configured with a payment application, the payment application being associated with a certificate and a hash corresponding to the certificate, the hash being generated on the basis of an application expiration date parameter, the application expiration date parameter comprising data indicative of an expiration date associated with the certificate, such that the hash is generated on the basis of an expiration day, an expiration month and an expiration year of the certificate, the method comprising:
-
in response to the point-of-sale terminal receiving the certificate, the point-of-sale terminal verifying the hash, thereby establishing the authenticity of the application expiration date parameter, and hence the validity of the certificate; and selectively authorizing the payment application for conducting the transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A user device for conducting an EMV payment transaction with a point-of-sale terminal, the user device comprising:
-
a payment application, wherein the payment application is associated with a certificate and a hash corresponding to the certificate, the hash generated based on an application expiration date parameter, the application expiration date parameter comprising data indicative of an expiration date associated with the certificate, such that the hash is generated on the basis of an expiration day, an expiration month and an expiration year of the certificate, wherein the payment application is configured to transmit the certificate to the point-of-sale terminal and to receive an authorization response from the point-of-sale terminal, wherein to conduct the EMV payment transaction. - View Dependent Claims (19, 20)
-
Specification