Over the air update of payment transaction data stored in secure memory

US 9,672,508 B2
Filed: 10/29/2012
Issued: 06/06/2017
Est. Priority Date: 09/22/2008
Status: Active Grant

First Claim

Patent Images

1. An apparatus for facilitating payment transactions between a plurality of consumers and a plurality of merchants, comprising:

a processor;

a memory; and

a set of instructions stored in the memory, which when executed by the processor, cause the processor to;

generate a first pair of encryption keys, the first pair of encryption keys including a first encryption key and a second encryption key;

distribute the first encryption key to a first mobile gateway that processes a first set of payment transactions;

generate a second pair of encryption keys, the second pair of encryption keys including a third encryption key and a fourth encryption key;

distribute the third encryption key to an issuer computer, wherein the issuer computer generates a first device key using the third encryption key and distributes the first device key to a first mobile device, wherein the first mobile device receives the first device key from the issuer computer, wherein the first mobile device conducts a transaction with a device reader, wherein the device reader provides transaction data for the transaction to the issuer computer, wherein the issuer computer generates updated transaction data for the transaction;

generate a first session key for encrypting the updated transaction data using the second encryption key;

generate the first device key using the fourth encryption key;

encrypt the first session key using the first device key to create a first encrypted session key; and

distribute the first encrypted session key to the first mobile device via the first mobile gateway, wherein the first mobile device decrypts the first encrypted session key using the first device key that the first mobile device previously received from the issuer computer, wherein the first mobile gateway encrypts the updated transaction data using the first session key and transmits the encrypted updated transaction data to the first mobile device, wherein the first mobile device decrypts the encrypted updated transaction data using the first session key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, apparatus, and method for processing payment transactions that are conducted using a mobile device that includes a contactless element, such as an integrated circuit chip. The invention enables the updating, correction or synchronization of transaction data maintained by an Issuer with that stored on the device. This is accomplished by using a wireless (cellular) network as a data communication channel for data provided by an Issuer to the mobile device, and is particularly advantageous in circumstances in which the contactless element is not presently capable of communication with a device reader or point of sale terminal that uses a near field communications mechanism. Data transferred between the mobile device and Issuer may be encrypted and decrypted to provide additional security and protect the data from being accessed by other users or applications. If encryption keys are used for the encryption and decryption processes, they may be distributed by a key distribution server or other suitable entity to a mobile gateway which participates in the data encryption and decryption operations.

407 Citations

20 Claims

1. An apparatus for facilitating payment transactions between a plurality of consumers and a plurality of merchants, comprising:
- a processor;
  
  a memory; and
  
  a set of instructions stored in the memory, which when executed by the processor, cause the processor to;
  
  generate a first pair of encryption keys, the first pair of encryption keys including a first encryption key and a second encryption key;
  
  distribute the first encryption key to a first mobile gateway that processes a first set of payment transactions;
  
  generate a second pair of encryption keys, the second pair of encryption keys including a third encryption key and a fourth encryption key;
  
  distribute the third encryption key to an issuer computer, wherein the issuer computer generates a first device key using the third encryption key and distributes the first device key to a first mobile device, wherein the first mobile device receives the first device key from the issuer computer, wherein the first mobile device conducts a transaction with a device reader, wherein the device reader provides transaction data for the transaction to the issuer computer, wherein the issuer computer generates updated transaction data for the transaction;
  
  generate a first session key for encrypting the updated transaction data using the second encryption key;
  
  generate the first device key using the fourth encryption key;
  
  encrypt the first session key using the first device key to create a first encrypted session key; and
  
  distribute the first encrypted session key to the first mobile device via the first mobile gateway, wherein the first mobile device decrypts the first encrypted session key using the first device key that the first mobile device previously received from the issuer computer, wherein the first mobile gateway encrypts the updated transaction data using the first session key and transmits the encrypted updated transaction data to the first mobile device, wherein the first mobile device decrypts the encrypted updated transaction data using the first session key.
- View Dependent Claims (2, 3, 4, 5, 11, 12, 13, 14, 15)
- - 2. The apparatus of claim 1, wherein the first set of transactions are defined by having a common characteristic, the common characteristic being one or more of a region from which the transactions originated, a type or characteristic of a consumer originating the transactions, a type or characteristic of a payment device used to originate the transactions, a service provided as part of processing the transactions, or a characteristic of the mobile gateway.
  - 3. The apparatus of claim 1, wherein the first set of transactions are defined by having a common characteristic, the common characteristic being that the transactions in the set are of a similar type, wherein the type is one of an eCommerce transaction, a debit transaction, a credit transaction, or a prepaid transaction.
  - 4. The apparatus of claim 1, wherein the apparatus is operated by an Issuer of a payment device.
  - 5. The apparatus of claim 1, wherein the apparatus is operated by a payment processor.
  - 11. The apparatus of claim 1, wherein the set of instructions stored in the memory, when executed by the processor, further cause the processor tostore, in the memory, the second encryption key;
    - store, in the memory, a first record associating the first pair of encryption keys with the first mobile gateway; and
      
      store, in the memory, the fourth encryption key.
  - 12. The apparatus of claim 1, wherein the set of instructions stored in the memory, when executed by the processor, further cause the processor togenerate a plurality of mobile gateway encryption key pairs, each key pair of the plurality of mobile gateway encryption key pairs being different from each other key pair of the plurality of mobile gateway encryption key pairs and being different from the first pair of encryption keys;
    - andgenerate a plurality of mobile device keys, each key of the plurality of mobile device keys different from each other key the plurality of mobile device keys, and being different from the first device key.
  - 13. The apparatus of claim 1, wherein the set of instructions stored in the memory, when executed by the processor, further cause the processor togenerate a third pair of encryption keys, the third pair of encryption keys including a fifth encryption key and a sixth encryption key, the third pair of encryption keys being different from the first pair of encryption keys;
    - distribute the fifth encryption key to a second mobile gateway, the second mobile gateway being different from the first mobile gateway, the second mobile gateway configured to process a second set of payment transactions, the second set of payment transactions being different from the first set of payment transactions;
      
      generate a fourth pair of encryption keys, the fourth pair of encryption keys including a seventh encryption key and an eighth encryption key, the fourth pair of encryption keys being different from the second pair of encryption keys;
      
      distribute the seventh encryption key to the issuer computer, the issuer computer being configured to generate a second device key using the seventh encryption key and distribute the second device key to a second mobile device, the second mobile device being different from the first mobile device, the second device key being different from the first device key;
      
      receive a second request from the second mobile gateway for a second session key for encrypting second transaction data for the second mobile device, the second transaction data being generated by the issuer computer;
      
      generate the second session key using the sixth encryption key, the second session key being generated in response to the receiving of the second request;
      
      generate the second device key using the eighth encryption key;
      
      encrypt the second session key using the second device key to create a second encrypted session key;
      
      distribute the second encrypted session key to the second mobile device via the second mobile gateway, the second mobile device being configured to decrypt the second encrypted session key using the second device key and use the second session key to decrypt the encrypted second transaction data from the second mobile gateway.
  - 14. The apparatus of claim 13, whereinthe first set of transactions processed by the first mobile gateway is defined by having a first common characteristic, the first common characteristic being that the transactions in the first set are one of an eCommerce transaction, a debit transaction, a credit transaction, and a prepaid transaction, andwherein the second set of transactions processed by the second mobile gateway is defined by having a second common characteristic, the second common characteristic being that the transactions in the second set are one of the eCommerce transaction, the debit transaction, the credit transaction, and the prepaid transaction, the second common characteristic being different from the first common characteristic.
  - 15. The apparatus of claim 13, whereinthe first set of transactions processed by the first mobile gateway is defined by having a first common characteristic, the first common characteristic being one or more of a region from which the transactions originated, a type or characteristic of a consumer originating the transactions, a type or characteristic of a payment device used to originate the transactions, a service provided as part of processing the transactions, and a characteristic of the mobile gateway, andwherein the second set of transactions processed by the second mobile gateway is defined by having a second common characteristic, the second common characteristic being one or more of the region from which the transactions originated, the type or characteristic of the consumer originating the transactions, the type or characteristic of the payment device used to originate the transactions, the service provided as part of processing the transactions, or a characteristic of the mobile gateway, the second common characteristic being different from the first common characteristic.

6. A method, comprising:
- generating, by a computer, a first pair of encryption keys, the first pair of encryption keys including a first encryption key and a second encryption key;
  
  distributing, by the computer, the first encryption key to a first mobile gateway, wherein the first mobile gateway process a first set of payment transactions;
  
  generating, by the computer, a second pair of encryption keys, the second pair of encryption keys including a third encryption key and a fourth encryption key;
  
  distributing, by the computer, the third encryption key to an issuer computer, wherein the issuer computer generates a first device key using the third encryption key and distributes the first device key to a first mobile device, wherein the first mobile device receives the first device key from the issuer computer, wherein the first mobile device is conducts a transaction with a device reader, wherein the device reader provides transaction data for the transaction to the issuer computer, wherein the issuer computer generates updated transaction data for the transaction;
  
  generating, by the computer, a first session key for encrypting the updated transaction data using the second encryption key;
  
  generating, by the computer, the first device key using the fourth encryption key;
  
  encrypting, by the computer, the first session key using the first device key to create a first encrypted session key; and
  
  distributing, by the computer, the first encrypted session key to the first mobile device via the first mobile gateway, wherein the first mobile device decrypts the first encrypted session key using the first device key that the first mobile device previously received from the issuer computer, wherein the first mobile gateway encrypts the updated transaction data using the first session key and transmits the encrypted updated transaction data to the first mobile device, wherein the first mobile device decrypts the encrypted updated transaction data using the first session key.
- View Dependent Claims (7, 8, 9, 10, 16, 17, 18, 19, 20)
- - 7. The method of claim 6, wherein the first set of transactions is defined by having a common characteristic, the common characteristic being that the transactions in the set are of a similar type, wherein the type is one of an eCommerce transaction, a debit transaction, a credit transaction, or a prepaid transaction.
  - 8. The method of claim 6, wherein the first set of transactions is defined by having a common characteristic, the common characteristic being one or more of a region from which the transactions originated, a type or characteristic of a consumer originating the transactions, a type or characteristic of a payment device used to originate the transactions, a service provided as part of processing the transactions, or a characteristic of the mobile gateway.
  - 9. The method of claim 6, wherein the computer is operated by an Issuer of a payment device.
  - 10. The method of claim 6, wherein the computer is operated by a payment processor.
  - 16. The method of claim 6, further comprising:
    - storing, at the computer, the second encryption key;
      
      storing, at the computer, a first record associating the first pair of encryption keys with the first mobile gateway; and
      
      storing, at the computer, the fourth encryption.
  - 17. The method of claim 6, further comprising:
    - generating, by the computer, a plurality of mobile gateway encryption key pairs, each key pair of the plurality of mobile gateway encryption key pairs being different from each other key pair of the plurality of mobile gateway encryption key pairs and being different from the first pair of encryption keys; and
      
      generating, by the computer, a plurality of mobile device keys, each key of the plurality of mobile device keys different from each other key the plurality of mobile device keys, and being different from the first device key.
  - 18. The method of claim 6, further comprising:
    - generating, by the computer, a third pair of encryption keys, the third pair of encryption keys including a fifth encryption key and a sixth encryption key, the third pair of encryption keys being different from the first pair of encryption keys;
      
      distributing, by the computer, the fifth encryption key to a second mobile gateway, the second mobile gateway being different from the first mobile gateway, the second mobile gateway configured to process a second set of payment transactions, the second set of payment transactions being different from the first set of payment transactions;
      
      generating, by the computer, a fourth pair of encryption keys, the fourth pair of encryption keys including a seventh encryption key and an eighth encryption key, the fourth pair of encryption keys being different from the second pair of encryption keys;
      
      distributing, by the computer, the seventh encryption key to the issuer computer, the issuer computer being configured to generate a second device key using the seventh encryption key and distribute the second device key to a second mobile device, the second mobile device being different from the first mobile device, the second device key being different from the first device key;
      
      receiving, by the computer, a second request from the second mobile gateway for a second session key for encrypting second transaction data for the second mobile device, the second transaction data being generated by the issuer computer;
      
      generating, by the computer, the second session key using the sixth encryption key, the second session key being generated in response to the receiving of the second request;
      
      generating, by the computer, the second device key using the eighth encryption key;
      
      encrypting, by the computer, the second session key using the second device key to create a second encrypted session key;
      
      distributing, by the computer, the second encrypted session key to the second mobile device via the second mobile gateway, the second mobile device being configured to decrypt the second encrypted session key using the second device key and configured to use the second session key to decrypt the encrypted second transaction data from the second mobile gateway.
  - 19. The method of claim 18, whereinthe first set of transactions processed by the first mobile gateway is defined by having a first common characteristic, the first common characteristic being that the transactions in the first set are one of an eCommerce transaction, a debit transaction, a credit transaction, and a prepaid transaction, andwherein the second set of transactions processed by the second mobile gateway is defined by having a second common characteristic, the second common characteristic being that the transactions in the second set are one of the eCommerce transaction, the debit transaction, the credit transaction, and the prepaid transaction, the second common characteristic being different from the first common characteristic.
  - 20. The method of claim 18, whereinthe first set of transactions processed by the first mobile gateway is defined by having a first common characteristic, the first common characteristic being one or more of a region from which the transactions originated, a type or characteristic of a consumer originating the transactions, a type or characteristic of a payment device used to originate the transactions, a service provided as part of processing the transactions, and a characteristic of the mobile gateway, andwherein the second set of transactions processed by the second mobile gateway is defined by having a second common characteristic, the second common characteristic being one or more of the region from which the transactions originated, the type or characteristic of the consumer originating the transactions, the type or characteristic of the payment device used to originate the transactions, the service provided as part of processing the transactions, or a characteristic of the mobile gateway, the second common characteristic being different from the first common characteristic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Aabye, Christian, Pirzadeh, Kiushan, Zeiden, Gustavo Mariath, Pitchford, Chris, Ngo, Hao, Wilson, David William
Primary Examiner(s)
Hayes, John
Assistant Examiner(s)
Winter, John M

Application Number

US13/662,843
Publication Number

US 20130060706A1
Time in Patent Office

1,681 Days
Field of Search

705 71
US Class Current
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/204   comprising interface for re...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/326   Payment applications instal...

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

Over the air update of payment transaction data stored in secure memory

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

407 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Over the air update of payment transaction data stored in secure memory

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

407 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others