Module ID based encryption for financial transactions

US 9,280,775 B2
Filed: 06/09/2011
Issued: 03/08/2016
Est. Priority Date: 11/29/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining, by a media device, that a smart card has been communicatively coupled to the media device;

communicating, by the media device, with the smart card through a smart card interface;

receiving, by the media device, a first encryption key from the smart card;

creating, by the media device, a first secure communication tunnel with a first remote server using the received first encryption key;

receiving, by the media device, a second encryption key, from the first remote server, through the created first secure communication tunnel, wherein the second encryption key is generated based at least in part on a media device id associated with the media device;

receiving, by the media device, a purchase selection indication from a control device;

encrypting a first portion of payment account information using the second encryption key;

receiving, by the media device, a third encryption key;

encrypting a second portion of the payment account information using the received third encryption key;

creating, by the media device, a second secure communication tunnel with a second remote server using the second encryption key; and

transmitting, by the media device, the first portion of the payment account information encrypted with the second encryption key and the second portion of the payment account information encrypted with the third encryption key to the second remote server.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server is operable to receive a media device identifying number (ID) and establish an association between a media device and a payment account and, in one embodiment, supports at least one of payment authorization and payment clearing based at least in part on the media device ID and the payment account. A network and system includes a payment card processor server that is operable to receive a payment authorization request and to determine if an authorized media device generated a purchase selection message and to determine to approve a received payment authorization request based, in part, if the media device was authorized for the purchase selection based upon a received media device ID. The system is further operable to perform a key rotation to protect payment account information.

Citations

20 Claims

1. A method comprising:
- determining, by a media device, that a smart card has been communicatively coupled to the media device;
  
  communicating, by the media device, with the smart card through a smart card interface;
  
  receiving, by the media device, a first encryption key from the smart card;
  
  creating, by the media device, a first secure communication tunnel with a first remote server using the received first encryption key;
  
  receiving, by the media device, a second encryption key, from the first remote server, through the created first secure communication tunnel, wherein the second encryption key is generated based at least in part on a media device id associated with the media device;
  
  receiving, by the media device, a purchase selection indication from a control device;
  
  encrypting a first portion of payment account information using the second encryption key;
  
  receiving, by the media device, a third encryption key;
  
  encrypting a second portion of the payment account information using the received third encryption key;
  
  creating, by the media device, a second secure communication tunnel with a second remote server using the second encryption key; and
  
  transmitting, by the media device, the first portion of the payment account information encrypted with the second encryption key and the second portion of the payment account information encrypted with the third encryption key to the second remote server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 19)
- - 2. The method of claim 1 further including communicating the media device ID to the first remote server or the smart card.
  - 3. The method of claim 1 wherein the second encryption key is used to encrypt credit card track 2 type of user payment account information and wherein the second encryption key is based on the media device ID associated with the media device, the media device having an established association with the user payment account.
  - 4. The method of claim 1 wherein the third encryption key is used to further encrypt the encrypted first portion of the payment account information prior to transmitting to the second remote server.
  - 5. The method of claim 1 wherein the smart card is created by using the media device id associated with the media device and the payment account information.
  - 6. The method of claim 1 wherein the second remote server is a payment card management server, the method further comprising:
    - transmitting a message to the payment card management server, the message including the media device id and a merchant tag; and
      
      receiving payment authorization from a merchant server associated with the merchant tag.
  - 7. The method of claim 1 wherein the media device id is a permanent identification number of the media device that is non-modifiable.
  - 8. The method of claim 1 wherein the first remote server is a payment card company server and the second remote server is one of a media server, a payment card management server, or a merchant server.
  - 9. The method of claim 1 wherein the third encryption key is received through a communication subsequent to receiving the second encryption key, the method further comprising:
    - establishing another secure communication tunnel with another remote server using the third encryption key; and
      
      sending the encrypted first portion of the payment account information to the other remote server.
  - 19. The method of claim 1 wherein the first portion of the payment account information and the second portion of the payment account information are encrypted by the smart card.

10. An apparatus comprising:
- one or more processors programmed to execute a set of instructions; and
  
  a non-transitory computer readable medium coupled to the one or more processors for storing the set of instructions that, when executed causes the one or more processors to execute a process comprising;
  
  determining that a smart card has been communicatively coupled to a media device;
  
  communicating with the smart card through a smart card interface;
  
  receiving a first encryption key from the smart card;
  
  creating a first secure communication tunnel with a first remote server using the received first encryption key;
  
  receiving a second encryption key, from the first remote server, through the created first secure communication tunnel, wherein the second encryption key is generated based at least in part on a media device id associated with the media device;
  
  receiving a purchase selection indication from a control device;
  
  encrypting a first portion of payment account information using the second encryption key;
  
  receiving a third encryption key;
  
  encrypting a second portion of the payment account information using the received third encryption key;
  
  creating a second secure communication tunnel with a second remote server using the second encryption key; and
  
  transmitting the first portion of the payment account information encrypted with the second encryption key and the second portion of the payment account information encrypted with the third encryption key to the second remote server.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 20)
- - 11. The apparatus of claim 10 further including communicating the media device ID to the first remote server or the smart card.
  - 12. The apparatus of claim 10 wherein the second encryption key is used to encrypt credit card track 2 type of user payment account information and wherein the second encryption key is based on the media device ID associated with the media device, the media device having an established association with the user payment account.
  - 13. The apparatus of claim 10 wherein the third encryption key is used to further encrypt the encrypted first portion of the payment account information prior to transmitting to the second remote server.
  - 14. The apparatus of claim 10 wherein the smart card is created by using the media device id associated with the media device and the payment account information.
  - 15. The apparatus of claim 10 wherein the second remote server is a payment card management server, the process further comprising:
    - transmitting a message to the payment card management server, the message including the media device id and a merchant tag; and
      
      receiving payment authorization from a merchant server associated with the merchant tag.
  - 16. The apparatus of claim 10 wherein the media device id is a permanent identification number of the media device that is non-modifiable.
  - 17. The apparatus of claim 10 wherein the first remote server is a payment card company server and the second remote server is one of a media server, a payment card management server, or a merchant server.
  - 18. The apparatus of claim 10 wherein the third encryption key is received through a communication subsequent to receiving the second encryption key, the process further comprising:
    - establishing another secure communication tunnel with another remote server using the third encryption key; and
      
      sending the encrypted first portion of the payment account information to the other remote server.
  - 20. The apparatus of claim 10 wherein at least one of the smart card or the media device is part of the apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Hurry, Simon J.
Primary Examiner(s)
Ravetti, Dante

Application Number

US13/157,129
Publication Number

US 20110238578A1
Time in Patent Office

1,734 Days
Field of Search

705/67, 705/16, 705/21, 705/59, 705/71, 380/44, 380/262, 380/278, 380/279
US Class Current

1/1
CPC Class Codes

G06Q 20/085   involving remote charge det...

G06Q 20/12   specially adapted for elect...

G06Q 20/14   specially adapted for billi...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4014   Identity check for transact...

G06Q 20/4037   Remote solvency checks

G06Q 20/409   Device specific authenticat...

G06Q 30/0601   Electronic shopping [e-shop...

G07F 7/08   by coded identity card or c...

H04N 21/2542   for selling goods, e.g. TV ...

H04N 21/2543   Billing , e.g. for subscrip...

H04N 21/4182   for identification purposes...

H04N 21/42684   Client identification by a ...

H04N 21/47815   Electronic shopping payment...

Module ID based encryption for financial transactions

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Module ID based encryption for financial transactions

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links