MASTER APPLET FOR SECURE REMOTE PAYMENT PROCESSING

US 20150332262A1
Filed: 05/13/2015
Published: 11/19/2015
Est. Priority Date: 05/13/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining, by a master applet associated with a mobile application, a plurality of available applications on a mobile device;

displaying, by the master applet, the plurality of available applications to a user;

receiving, by the master applet, a selection of one of the plurality of available applications from the user;

obtaining, by the master applet, encrypted credentials from the selected application;

generating, by the master applet, an encrypted payload by encrypting a payload including the encrypted credentials and transaction data, wherein the payload is encrypted using a master applet encryption key associated with the master applet; and

sending the encrypted payload to a processor computer, wherein the processor computer decrypts the encrypted payload using a master applet decryption key and decrypts the encrypted credentials using a selected application decryption key to obtain decrypted credentials, and wherein the processor computer uses the decrypted credentials and the transaction data to initiate a transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are directed to methods, apparatuses, and systems for processing transactions using a master applet on a mobile device. One embodiment of the invention is directed to a method comprising a master applet associated with a mobile application of a mobile device determining available applications on a mobile device, displaying the available applications to a user, and receiving a selection of one of the available applications from the user. The method further comprises obtaining encrypted credentials from the selected application, generating an encrypted payload including the encrypted credentials and transaction data using a master applet encryption key associated with the applet, and sending the encrypted payload to a processor computer. The processor computer decrypts the encrypted payload using a master applet decryption key, decrypts the encrypted credentials using a selected application decryption key, and uses the decrypted credentials and transaction data to initiate a transaction.

Citations

20 Claims

1. A method comprising:
- determining, by a master applet associated with a mobile application, a plurality of available applications on a mobile device;
  
  displaying, by the master applet, the plurality of available applications to a user;
  
  receiving, by the master applet, a selection of one of the plurality of available applications from the user;
  
  obtaining, by the master applet, encrypted credentials from the selected application;
  
  generating, by the master applet, an encrypted payload by encrypting a payload including the encrypted credentials and transaction data, wherein the payload is encrypted using a master applet encryption key associated with the master applet; and
  
  sending the encrypted payload to a processor computer, wherein the processor computer decrypts the encrypted payload using a master applet decryption key and decrypts the encrypted credentials using a selected application decryption key to obtain decrypted credentials, and wherein the processor computer uses the decrypted credentials and the transaction data to initiate a transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein each of the plurality of available applications is associated with a different payment method including different user verification processes and different encrypted credentials.
  - 3. The method of claim 1, wherein obtaining the encrypted credentials from the selected application comprises:
    - determining, by the master applet, a plurality of commands associated with the selected application;
      
      sending, by the master applet, a credential request command from the plurality of commands associated with the selected application to the selected application; and
      
      receiving, by the master applet, a credential response associated with the selected application, the credential response including the encrypted credentials, wherein credentials of the encrypted credentials are encrypted by the selected application using an encryption key associated with the selected application.
  - 4. The method of claim 1, wherein the master applet encryption key and the master applet decryption key are specific to the mobile application and wherein the master applet encryption key and the master applet decryption key are determined using a mobile application identifier associated with the mobile application.
  - 5. The method of claim 1, wherein one of the plurality of available applications includes the master applet, and wherein obtaining encrypted credentials from the selected application comprises:
    - receiving, by the master applet, credentials from the user; and
      
      encrypting, by the master applet, the credentials using an encryption key associated with the master applet.
  - 6. The method of claim 1, wherein the encrypted payload includes a selected application identifier and wherein the selected application decryption key is determined by the processor computer by searching a registered application key database for the selected application identifier.
  - 7. The method of claim 1, wherein determining the plurality of available applications on the mobile device comprises:
    - searching, by the master applet, for registered applications present on the mobile device, wherein the registered applications are associated with previously registered application decryption keys stored by the processor computer.
  - 8. The method of claim 1, wherein the encrypted credentials are stored in a secure memory of the mobile device and the selected application obtains the encrypted credentials from the secure memory.
  - 9. The method of claim 1, wherein the encrypted credentials are stored by a remote server computer and the selected application obtains the encrypted credentials from the remote server computer.
  - 10. The method of claim 1, wherein sending the encrypted payload to a processor computer comprises:
    - sending the encrypted payload and a master applet indicator to a remote computer associated with the mobile application, wherein the remote computer uses the master applet indicator to determine that the encrypted payload should be forwarded to the processor computer, and wherein the remote computer forwards the encrypted payload to the processor computer.

11. A method comprising:
- receiving, by a computer, an encrypted payload from a master applet operating on a mobile device, the encrypted payload generated by encrypting a payload including encrypted credentials and transaction data, wherein the encrypted credentials are associated with a selected application on the mobile device;
  
  decrypting, by the computer, the encrypted payload using a decryption key associated with the master applet to obtain the encrypted credentials and the transaction data;
  
  determining, by the computer, a decryption key associated with the encrypted credentials;
  
  decrypting, by the computer, the encrypted credentials using the decryption key; and
  
  initiating, by the computer, a transaction using the decrypted credentials and transaction data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein the encrypted payload includes an application identifier associated with the selected application on the mobile device, and wherein determining the encryption key associated with the encrypted credentials comprises:
    - parsing, by the computer, the application identifier from the decrypted payload;
      
      searching, by the computer, a registered application key database for a decryption key associated with the application identifier; and
      
      obtaining, by the computer, the decryption key from the plurality of application decryption keys stored in the registered application key database.
  - 13. The method of claim 12, wherein the application identifier is associated with the master applet operating on the mobile device, and wherein the decryption key associated with the encrypted credentials is the encryption key associated with the master applet.
  - 14. The method of claim 11, wherein the computer receives a mobile application identifier associated with the encrypted payload and wherein decrypting the encrypted payload using the decryption key associated with the master applet comprises:
    - determining, by the computer, the mobile application identifier;
      
      searching, by the computer, a master applet key database for a decryption key associated with the mobile application identifier;
      
      obtaining, by the computer, the decryption key associated with the mobile application identifier from the plurality of decryption keys stored in the master applet key database; and
      
      decrypting, by the computer, the encrypted payload using the decryption key associated with the mobile application identifier.
  - 15. The method of claim 14, wherein the mobile application identifier is a merchant identifier that is associated with a merchant mobile application configured to perform e-commerce transactions for a merchant associated with the transaction.
  - 16. The method of claim 12, further comprising:
    - receiving, by the computer, a registration request from an application developer;
      
      issuing, by the computer, the selected application identifier to the application developer;
      
      generating, by the computer, an encryption key and a decryption key associated with the selected application associated with the application developer;
      
      storing, by the computer, the decryption key in a registered application key database; and
      
      sending, by the computer, a registration response to the application developer, wherein the registration response includes the encryption key for use in the selected application.
  - 17. The method of claim 11, wherein initiating the transaction using the decrypted credentials and transaction data comprises:
    - generating, by the computer, an authorization request message including the decrypted credentials and the transaction data; and
      
      sending, by the computer, the authorization request message for processing by a payment network configured to process the authorization request message.
  - 18. The method of claim 11, wherein before receiving the encrypted payload from the master applet, a remote computer associated with a mobile application operating on the mobile device receives the encrypted payload and a master applet indicator from the mobile device, wherein the remote computer uses the master applet indicator to determine that the encrypted payload should be forwarded to the processor computer, and wherein the remote computer forwards the encrypted payload and master applet indicator to the processor computer.

19. A system comprising:
- a mobile device comprising a master applet associated with a mobile application, the master applet being configured to;
  
  determine a plurality of available applications on a mobile device;
  
  display the plurality of available applications to a user;
  
  receive a selection of one of the plurality of available applications from the user;
  
  obtain encrypted credentials from the selected application;
  
  generate an encrypted payload by encrypting a payload including the encrypted credentials and transaction data, wherein the payload is encrypted using a master applet encryption key; and
  
  send the encrypted payload to a computer; and
  
  the computer configured to;
  
  receive the encrypted payload including the encrypted credentials and the transaction data;
  
  decrypt the encrypted payload using a decryption key associated with the master applet to obtain the encrypted credentials and the transaction data;
  
  determine a decryption key associated with the encrypted credentials;
  
  decrypt the encrypted credentials using the decryption key associated with the encrypted credentials; and
  
  initiate a transaction using the decrypted credentials and the transaction data.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the computer is a processor computer, and wherein the system further comprises:
    - a mobile application computer associated with the mobile application operating on the mobile device, the mobile application computer being configured to;
      
      receive the encrypted payload and a master applet indicator from the mobile device;
      
      determine that the encrypted payload should be forwarded to the processor computer using the master applet indicator, andforward the encrypted payload and master applet indicator to the processor computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Lingappa, Phaneendra Ramaseshu

Granted Patent

US 10,592,899 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3574   Multiple applications on card

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

MASTER APPLET FOR SECURE REMOTE PAYMENT PROCESSING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MASTER APPLET FOR SECURE REMOTE PAYMENT PROCESSING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links