PRE-GENERATION OF SESSION KEYS FOR ELECTRONIC TRANSACTIONS AND DEVICES THAT PRE-GENERATE SESSION KEYS FOR ELECTRONIC TRANSACTIONS
First Claim
1. A method of securing a transaction between a user terminal and a transaction terminal, comprising:
- generating a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter;
encrypting the plurality of session cryptographic keys to provide a plurality of encrypted session cryptographic keys;
storing the plurality of encrypted session cryptographic keys and one of the respective plurality of values of the transaction counter in the user terminal;
generating a cryptogram based on a first one of the plurality of encrypted session cryptographic keys and transaction data for the transaction;
transmitting the cryptogram to the transaction terminal;
updating the transaction counter; and
deleting the first one of the plurality of encrypted session cryptographic keys from the user terminal after generating the cryptogram.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and devices for pre-generating session keys for securing transactions are provided. A plurality of session cryptographic keys are generated from a master cryptographic key and a respective plurality of possible values of a transaction counter. The session cryptographic keys are encrypted to provide a plurality of encrypted session cryptographic keys, which are stored in the user terminal. The master cryptographic key is deleted from the user terminal after the session keys are generated. To secure a transaction, a cryptogram is generated based on one of the encrypted session cryptographic keys and transaction data for the transaction, and the cryptogram is transmitted to a transaction terminal. The transaction counter is updated, and the encrypted session cryptographic key is deleted from the user terminal.
91 Citations
23 Claims
-
1. A method of securing a transaction between a user terminal and a transaction terminal, comprising:
-
generating a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter; encrypting the plurality of session cryptographic keys to provide a plurality of encrypted session cryptographic keys; storing the plurality of encrypted session cryptographic keys and one of the respective plurality of values of the transaction counter in the user terminal; generating a cryptogram based on a first one of the plurality of encrypted session cryptographic keys and transaction data for the transaction; transmitting the cryptogram to the transaction terminal; updating the transaction counter; and deleting the first one of the plurality of encrypted session cryptographic keys from the user terminal after generating the cryptogram. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A user terminal, comprising:
-
a processor; a memory coupled to the processor; and a communication module coupled to the processor; wherein the processor is configured to generate a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter, to encrypt the plurality of session cryptographic keys to provide a plurality of encrypted session cryptographic keys, to store the plurality of encrypted session cryptographic keys, to exchange transaction data relating to a proposed transaction with a transaction terminal, to generate a cryptogram based on a first one of the plurality of encrypted session cryptographic keys and the transaction data, to transmit the cryptogram to the transaction terminal using the communication module, to update the transaction counter, and to delete the first one of the plurality of encrypted session cryptographic keys from the user terminal. - View Dependent Claims (14, 15, 16)
-
-
17. A provisioning server, comprising:
-
a processor; a memory coupled to the processor; and a communication module coupled to the processor; wherein the processor is configured to generate a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter, and to transmit the plurality of session cryptographic keys and the transaction counter to a user terminal for use in securing a financial transaction. - View Dependent Claims (18, 19)
-
-
20. A computer program product for securing a transaction between a user terminal and a transaction terminal, comprising:
-
a computer readable storage medium having computer readable program code embodied in the medium, the computer readable program code comprising; computer readable program code to generate a plurality of session cryptographic keys from a master cryptographic key and a respective plurality of possible values of a transaction counter; computer readable program code to store the session cryptographic keys and one of the plurality of transaction counters in the user terminal; computer readable program code to generate a cryptogram based on a first one of the plurality of session cryptographic keys and transaction data for the transaction; computer readable program code to transmit the cryptogram to the transaction terminal; computer readable program code to update the transaction counter; and computer readable program code to delete the first one of the plurality of session cryptographic keys from the user terminal after generating the cryptogram.
-
-
21. A method, comprising:
-
generating a plurality of secret items corresponding to a respective plurality of possible values of an index; storing the plurality of secret items and a first one of the plurality of possible values of the index in a first terminal; generating an message corresponding to the first one of the plurality of possible values of the index using a first one of the secret items; transmitting the message to the second terminal; updating the index; and deleting the first one of the plurality of secret items from the first terminal after generating the message. - View Dependent Claims (22, 23)
-
Specification