Mobile Payment Application Provisioning And Personalization on a Mobile Device

US 20150073996A1
Filed: 09/09/2014
Published: 03/12/2015
Est. Priority Date: 09/10/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a server computer, a provisioning request for provisioning an account on a mobile device, the provisioning request including encrypted payment account information, the encrypted payment account information encrypted using a first secure element key associated with a security domain of a secure element provided on the mobile device, the first secure element key being one of a secure element key pair, and the secure element key pair being unique to the secure element;

decrypting, by the server computer, the encrypted payment account information using a second secure element key of the secure element key pair;

validating, by the server computer, the mobile device using the second secure element key of the secure element key pair; and

provisioning, by the server computer, the account on the mobile device using the decrypted payment account information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention are directed to systems and methods for providing a central entity that can provision mobile payment applications on mobile communication devices and personalize the mobile payment applications with consumer and account information. The personalization of the mobile payment application on the mobile communication device may include provisioning a payment account on the mobile payment application. The central entity may provision the account on the mobile payment application without interacting with the issuer during the provisioning of the account. The central entity may provision the account on the mobile communication device by decrypting, using a secure element key, encrypted payment account information received from the mobile communication device. The payment account information may be encrypted by a secure element of the mobile communication device using the same secure element key.

46 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a server computer, a provisioning request for provisioning an account on a mobile device, the provisioning request including encrypted payment account information, the encrypted payment account information encrypted using a first secure element key associated with a security domain of a secure element provided on the mobile device, the first secure element key being one of a secure element key pair, and the secure element key pair being unique to the secure element;
  
  decrypting, by the server computer, the encrypted payment account information using a second secure element key of the secure element key pair;
  
  validating, by the server computer, the mobile device using the second secure element key of the secure element key pair; and
  
  provisioning, by the server computer, the account on the mobile device using the decrypted payment account information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising, prior to provisioning the account on the mobile device:
    - provisioning, by the server computer, a mobile payment application on the secure element of the mobile device using a trusted service manager of the secure element; and
      
      providing, by the server computer, the first secure element key of the secure element key pair to the secure element of the mobile device.
  - 3. The method of claim 2, wherein the account is provisioned on the mobile payment application.
  - 4. The method of claim 1, wherein the validating further comprises:
    - determining that the second secure element key is other one of the secure element key pair; and
      
      identifying the secure element based on determining that the second secure element key is the other one of the secure element key pair.
  - 5. The method of claim 1, wherein the first secure element key of the secure element key pair is stored at the secure element of the mobile device and the second secure element key of the secure element key pair is stored at the server computer.
  - 6. The method of claim 1, wherein the encrypted payment account information is generated by encrypting one or more of a primary account number, an account activation code, a card verification value and a card expiration date.
  - 7. The method of claim 1, wherein a primary account number included in the encrypted payment account information is exchanged between the mobile device and the server computer without being communicated to an issuer of the account during the provisioning of the account on the mobile device.
  - 8. The method of claim 1, further comprising:
    - sharing, by the server computer, a secret key with an issuer of the account prior to receiving the provisioning request;
      
      receiving, by the server computer, an account activation code for the account from the mobile device, wherein the account activation code is generated by the issuer of the account using the shared secret key;
      
      validating, by the server computer, the account activation code using the shared secret key without communicating with the issuer of the account during the provisioning of the account on the mobile device; and
      
      verifying that the account is pre-authorized by the issuer to be provisioned on the mobile device based on the validating.

9. A server computer comprising:
- a processor; and
  
  a non-transitory computer readable medium coupled to the processor, the computer readable medium comprising code, that when executed by the processor, causes the processor to;
  
  receive a provisioning request for provisioning an account on a mobile device, the provisioning request including encrypted payment account information, the encrypted payment account information encrypted using a first secure element key associated with a security domain of a secure element provided on the mobile device, the first secure element key being one of a secure element key pair, and the secure element key pair being unique to the secure element;
  
  decrypt the encrypted payment account information using a second secure element key of the secure element key pair;
  
  validate the mobile device using the second secure element key of the secure element key pair; and
  
  provision the account on the mobile device using the decrypted payment account information.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The server computer of claim 9, wherein the code, when executed by the processor, further causes the processor to:
    - provision a mobile payment application on the secure element of the mobile device using a trusted service manager of the secure element; and
      
      provide the first secure element key of the secure element key pair to the secure element of the mobile device.
  - 11. The server computer of claim 10, wherein the account is provisioned on the mobile payment application.
  - 12. The server computer of claim 9, wherein the code, when executed by the processor to validate the mobile device, further causes the processor to:
    - determine that the second secure element key is other one of the secure element key pair; and
      
      identify the secure element based on determining that the second secure element key is the other one of the secure element key pair.
  - 13. The server computer of claim 9, wherein the first secure element key of the secure element key pair is stored at the secure element of the mobile device and the second secure element key of the secure element key pair is stored at the server computer.
  - 14. The server computer of claim 9, wherein the encrypted payment account information is generated by encrypting one or more of a primary account number, an account activation code, a card verification value and a card expiration date.
  - 15. The server computer of claim 9, wherein a primary account number included in the encrypted payment account information is exchanged between the mobile device and the server computer without being communicated to an issuer of the account during the provisioning of the account on the mobile device.
  - 16. The server computer of claim 9, wherein the code, when executed by the processor, further causes the processor to:
    - share a secret key with an issuer of the account prior to receiving the provisioning request;
      
      receive an account activation code for the account from the mobile device, wherein the account activation code is generated by the issuer of the account using the shared secret key;
      
      validate the account activation code using the shared secret key without communicating with the issuer of the account during the provisioning of the account on the mobile device; and
      
      verify that the account is pre-authorized by the issuer to be provisioned on the mobile device based on the validating.

17. A method comprising:
- encrypting, by a mobile device, payment account information using a first secure element key associated with a security domain of a secure element provided on the mobile device, the first secure element key being one of a secure element key pair, and the secure element key pair being unique to the secure element;
  
  generating, by the mobile device, a provisioning request for provisioning an account on the mobile device, the provisioning request including the encrypted payment account information;
  
  sending, by the mobile device, the provisioning request to a server computer; and
  
  receiving, by the mobile device, a script provisioning the account on the mobile device, wherein the script is generated by the server computer upon the server computer decrypting the encrypted payment account information using a second secure element key of the secure element key pair and validating the mobile device using the second secure element key of the secure element key pair.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein the first secure element key of the secure element key pair is stored at the secure element of the mobile device and the second secure element key of the secure element key pair is stored at the server computer.
  - 19. The method of claim 17, further comprising:
    - receiving, by the mobile device, a user input providing an account activation code, wherein the account activation code is generated by an issuer of the account activated on the mobile device; and
      
      sending, by the mobile device, the account activation code to the server computer for verification of the account being pre-authorized by the issuer to be provisioned on the mobile device.
  - 20. The method of claim 19, wherein the account activation code is generated by the issuer using a shared secret key and validated by the server computer using the shared secret key, such that the issuer of the account and the server computer shared the secret key prior to generation of the account activation code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Makhotin, Oleg, Ngo, Hao, Aabye, Christian, Pirzadeh, Kiushan

Granted Patent

US 10,223,694 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/3227   using secure elements embed...

G06Q 20/325   using wireless networks

G06Q 20/3265   characterised by personalis...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/354   Card activation or deactiva...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/3829   involving key management

Mobile Payment Application Provisioning And Personalization on a Mobile Device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile Payment Application Provisioning And Personalization on a Mobile Device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links