METHOD FOR SECURING OVER-THE-AIR COMMUNICATION BETWEEN A MOBILE APPLICATION AND A GATEWAY
First Claim
1. A method for securing transaction messages transiting between a mobile application in a mobile device and a gateway comprising when a transaction is initiated:
- incrementing a transaction counter of the mobile application,deriving a session encryption key ENC from the transaction counter value and a gateway encryption key KENC, said gateway encryption key being derived from a first master gateway key,encrypting sensitive data with the session encryption key ENC,elaborating a transaction request message comprising the encrypted sensitive data, the transaction counter value, and an application identifier of the mobile application,sending the transaction request message from the mobile application through the mobile device to the gateway, the gateway being configured to compute the session encryption key from the received transaction request message, anddecrypting the received encrypted data with the computed session encryption key ENC.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention generally relates to systems and methods for performing issuer updates of data stored in a mobile device, a remote authentication, a remote payment transaction or enable the configuration of mobile application functions or operations. More specifically, the present invention relates to a method and system for securing an issuer updates processing for mobile payment application. When an update transaction is initiated, the payment application increments an Application Transaction Counter ATC and derives from this ATC a session keys. Sensitive user credential data are encrypted with the computed session keys before transmission to a gateway which is configured to compute the session keys for decryption. The decrypted user credential data are forwarded to a payment application issuer for updates.
147 Citations
28 Claims
-
1. A method for securing transaction messages transiting between a mobile application in a mobile device and a gateway comprising when a transaction is initiated:
-
incrementing a transaction counter of the mobile application, deriving a session encryption key ENC from the transaction counter value and a gateway encryption key KENC, said gateway encryption key being derived from a first master gateway key, encrypting sensitive data with the session encryption key ENC, elaborating a transaction request message comprising the encrypted sensitive data, the transaction counter value, and an application identifier of the mobile application, sending the transaction request message from the mobile application through the mobile device to the gateway, the gateway being configured to compute the session encryption key from the received transaction request message, and decrypting the received encrypted data with the computed session encryption key ENC. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A transaction processing system, comprising a mobile application stored into a mobile device, said mobile application being configured to communicate with an issuer via the mobile communication device across a gateway, wherein transaction messages transiting between the mobile application and the gateway during this communication are secured by:
-
incrementing a transaction counter of the mobile application, deriving a session encryption key ENC from the transaction counter value and a gateway encryption key KENC, said gateway encryption key being derived from a first master gateway key, encrypting sensitive data with the session encryption key ENC, elaborating a transaction request message comprising the encrypted sensitive data, the transaction counter value, and an application identifier of the mobile application, sending the transaction request message from the mobile application through the mobile device to the gateway, the gateway being configured to compute the session encryption key from the received transaction request message, and decrypting the received encrypted data with the computed session encryption key ENC - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification