PAYMENT SYSTEM FOR AUTHORIZING A TRANSACTION BETWEEN A USER DEVICE AND A TERMINAL

US 20140040146A1
Filed: 10/04/2013
Published: 02/06/2014
Est. Priority Date: 04/05/2011
Status: Active Grant

First Claim

Patent Images

1. A method of authorizing an EMV payment transaction between a user device and a point-of-sale terminal, the user device being configured with a payment application, the payment application being associated with a certificate and a hash corresponding to the certificate, the hash being generated on the basis of an application expiration date parameter, the application expiration date parameter comprising data indicative of an expiration date associated with the certificate, such that the hash is generated on the basis of an expiration day, an expiration month and an expiration year of the certificate, the method comprising:

in response to the point-of-sale terminal receiving the certificate, the point-of-sale terminal verifying the hash, thereby establishing the authenticity of the application expiration date parameter, and hence the validity of the certificate; and

selectively authorizing the payment application for conducting the transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. The payment application is associated with a certificate and a corresponding hash. The hash is adapted to be generated on the basis of an application expiration date parameter, which is adapted to comprise data indicative of an expiration date of day level granularity associated with the certificate. During processing of the EMV transaction, the point-of-sale terminal verifies the hash, thereby establishing the authenticity of the application expiration date, and hence the validity of the certificate.

26 Citations

View as Search Results

20 Claims

1. A method of authorizing an EMV payment transaction between a user device and a point-of-sale terminal, the user device being configured with a payment application, the payment application being associated with a certificate and a hash corresponding to the certificate, the hash being generated on the basis of an application expiration date parameter, the application expiration date parameter comprising data indicative of an expiration date associated with the certificate, such that the hash is generated on the basis of an expiration day, an expiration month and an expiration year of the certificate, the method comprising:
- in response to the point-of-sale terminal receiving the certificate, the point-of-sale terminal verifying the hash, thereby establishing the authenticity of the application expiration date parameter, and hence the validity of the certificate; and
  
  selectively authorizing the payment application for conducting the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising a pre-authorization process comprising adapting the application expiration date parameter to represent an expiration date associated with the certificate.
  - 3. The method of claim 1, wherein the certificate is provisioned to the payment application by an issuing bank with which the user of the user device is registered.
  - 4. The method of claim 1, wherein the certificate comprises the hash.
  - 5. The method of claim 1, wherein the method further comprises provisioning a plurality of certificates and hashes to the user device, each certificate and hash being provisioned based at least in part on an expiration date parameter associated therewith.
  - 6. The method of claim 5, wherein, responsive to a predetermined criterion being satisfied, a given certificate and a given hash is provisioned to the user device.
  - 7. The method of claim 6, wherein the predetermined criterion comprises the day, month and year maintained by a certificate provisioning entity matching a given application expiration date.
  - 8. The method of claim 6, wherein the predetermined criterion comprises receiving a request of a predetermined type, the request identifying at least the user device.
  - 9. The method of claim 5, wherein the certificate and the hash are provisioned to the user device via a communications network.
  - 10. The method of claim 1, wherein the application expiration date is configured such that the certificate expires a predetermined number of days after the provisioning of the certificate to the user device, the predetermined number of days being less than a predicted brute force decryption time for the certificate.
  - 11. The method of claim 1, wherein the payment application includes an issuer action code, the issuer action code being transmitted to the point-of-sale terminal and the selective authorization being further performed on the basis of the issuer action code.
  - 12. The method of claim 11, wherein the issuer action code is configured to cause termination of the transaction in the event that the application expiration date is prior to a current day, month and year maintained by the point-of-sale terminal.
  - 13. The method of claim 11, wherein the issuer action code is configured to require authorization of the transaction by an issuing bank associated with the payment application in the event that the application expiration date is prior to a current day, month and year maintained by the point-of-sale terminal.
  - 14. The method of claim 1, wherein the user device comprises a first processing portion and a second processing portion, the first processing portion comprising a first application environment within a secure element and the second processing portion comprising a second application environment external to the secure element, and wherein the second processing portion comprises the payment application
  - 15. The method of claim 14, wherein the user device comprises a mobile communications device and the secure element comprises a Subscriber Identity Module.
  - 16. The method of claim 14, wherein the second application environment comprises a Trusted Execution Environment, and wherein at least part of the payment application is stored or executed in the Trusted Execution Environment.
  - 17. The method of claim 1, wherein the method is conducted using a radio frequency communications protocol.

18. A user device for conducting an EMV payment transaction with a point-of-sale terminal, the user device comprising:
- a payment application, wherein the payment application is associated with a certificate and a hash corresponding to the certificate, the hash generated based on an application expiration date parameter, the application expiration date parameter comprising data indicative of an expiration date associated with the certificate, such that the hash is generated on the basis of an expiration day, an expiration month and an expiration year of the certificate,wherein the payment application is configured to transmit the certificate to the point-of-sale terminal and to receive an authorization response from the point-of-sale terminal, wherein to conduct the EMV payment transaction.
- View Dependent Claims (19, 20)
- - 19. A user device according to claim 18 comprising:
    - a first processing portion; and
      
      a second processing portion,wherein the first processing portion comprises a first application environment within a secure element and the second processing portion comprises a second application environment external to the secure element, and wherein the second processing portion comprises the payment application
  - 20. A user device according to claim 18, wherein the user device is configured to conduct a further EMV transaction that is authorized by an issuing bank, the payment application having a first operative state in which the payment application is enabled to conduct the further EMV payment transaction, and a second operative state, different to the first operative state,wherein the payment application is responsive to receipt of a session key, different to the ICC Master Key, generated by the issuing bank on the basis of a ICC Master Key held by the issuing bank, whereby to be configured into the first operative state and thereafter is arranged to perform an authorization process, the authorization process comprising the steps of:
    - generating the application cryptogram on the basis of the received session key; and
      
      transmitting the generated application cryptogram to the point-of-sale terminal for verification thereof by the issuing bank and authorization of the further EMV payment transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa Europe Limited (Visa, Inc.)
Original Assignee
Visa Europe Limited (Visa, Inc.)
Inventors
FISKE, Stuart

Granted Patent

US 11,416,855 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06Q 20/3229   Use of the SIM of a M-devic...

G06Q 20/326   Payment applications instal...

G06Q 20/327   Short range or proximity pa...

G06Q 20/3821   Electronic credentials

G06Q 20/3825   Use of electronic signatures

G06Q 20/3827   Use of message hashing

PAYMENT SYSTEM FOR AUTHORIZING A TRANSACTION BETWEEN A USER DEVICE AND A TERMINAL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PAYMENT SYSTEM FOR AUTHORIZING A TRANSACTION BETWEEN A USER DEVICE AND A TERMINAL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links