Device provisioning using partial personalization scripts

US 9,760,886 B2
Filed: 05/12/2014
Issued: 09/12/2017
Est. Priority Date: 05/10/2013
Status: Active Grant

First Claim

Patent Images

1. A service provider computer comprising:

a processor; and

a non-transitory computer-readable medium comprising code executable by the processor for implementing a method comprising;

receiving a request for provisioning comprising device information for a mobile device and user authentication information for a user;

generating a partial personalization script, an activation script, and a deletion script using the device information;

sending the partial personalization script, the activation script, and the deletion script to an application provider computer, wherein the application provider computer initiates execution of the partial personalization script on the mobile device, and execution of the partial personalization script stores personalization data including payment data onto the mobile device in a secured form, and wherein the application provider computer is a wallet provider computer and is different from the mobile device;

authenticating the user using the user authentication information, wherein authenticating the user and executing the partial personalization script are performed in parallel;

in response to a successful authentication of the user and a successful execution of the partial personalization script, sending an activation message to the application provider computer which causes the application provider computer to initiate execution of the activation script, wherein execution of the activation script enables the mobile device with access to the personalization data and provisions the personalization data onto the mobile device prior to initiating a transaction using the personalization data; and

in response to an unsuccessful authentication of the user or an unsuccessful execution of the partial personalization script, sending a deletion message to the application provider computer which causes the application provider computer to initiate execution of the deletion script to delete the personalization data from the mobile device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention relate to systems and methods for efficiently provisioning mobile devices with personalization data. For some embodiments, a method is disclosed comprising receiving a request for provisioning comprising device information for a mobile device and user authentication information for a user, generating a partial personalization script, an activation script, and a deletion script using the device information, sending the partial personalization script, the activation script, and the deletion script to an application provider computer, wherein the application provider computer initiates execution of the partial personalization script on the mobile device, authenticating the user authentication information, and sending an activation message to the application provider computer, wherein the application provider computer initiates execution of the activation script.

10 Citations

View as Search Results

14 Claims

1. A service provider computer comprising:
- a processor; and
  
  a non-transitory computer-readable medium comprising code executable by the processor for implementing a method comprising;
  
  receiving a request for provisioning comprising device information for a mobile device and user authentication information for a user;
  
  generating a partial personalization script, an activation script, and a deletion script using the device information;
  
  sending the partial personalization script, the activation script, and the deletion script to an application provider computer, wherein the application provider computer initiates execution of the partial personalization script on the mobile device, and execution of the partial personalization script stores personalization data including payment data onto the mobile device in a secured form, and wherein the application provider computer is a wallet provider computer and is different from the mobile device;
  
  authenticating the user using the user authentication information, wherein authenticating the user and executing the partial personalization script are performed in parallel;
  
  in response to a successful authentication of the user and a successful execution of the partial personalization script, sending an activation message to the application provider computer which causes the application provider computer to initiate execution of the activation script, wherein execution of the activation script enables the mobile device with access to the personalization data and provisions the personalization data onto the mobile device prior to initiating a transaction using the personalization data; and
  
  in response to an unsuccessful authentication of the user or an unsuccessful execution of the partial personalization script, sending a deletion message to the application provider computer which causes the application provider computer to initiate execution of the deletion script to delete the personalization data from the mobile device.
- View Dependent Claims (2, 3, 4, 5, 12)
- - 2. The service provider computer of claim 1, wherein generating the partial personalization script comprises:
    - retrieving a personalization master key;
      
      generating a personalization session key using the device information and the personalization master key;
      
      generating store data commands comprising the personalization data; and
      
      encrypting the store data commands using the personalization session key.
  - 3. The service provider computer of claim 2, further comprising:
    - determining that the personalization session key is expired;
      
      establishing a new session associated with a new personalization session key;
      
      generating a new activation script using the new personalization session key; and
      
      sending the new activation script.
  - 4. The service provider computer of claim 1, wherein the device information comprises a device cryptogram, and wherein authenticating the user comprises:
    - retrieving a personalization master key;
      
      generating a personalization session key using the device information and the personalization master key; and
      
      validating the device cryptogram using the personalization session key.
  - 5. The service provider computer of claim 1, wherein the user authentication information comprises a primary account number (PAN), wherein the personalization data comprises a payment token, and wherein the method further comprises sending the PAN and the payment token to an issuer upon execution of the activation script.
  - 12. The service provider computer of claim 1, wherein the method further comprises performing an assessment check based on a number of times the mobile device was previously provisioned.

6. A computer-implemented method comprising:
- receiving, by a processor, a request for provisioning comprising device information for a mobile device and user authentication information for a user;
  
  generating, by the processor, a partial personalization script, an activation script, and a deletion script using the device information;
  
  sending, by the processor, the partial personalization script, the activation script, and the deletion script to an application provider computer, wherein the application provider computer initiates execution of the partial personalization script on the mobile device, and execution of the partial personalization script stores personalization data including payment data onto the mobile device in a secured form, and wherein the application provider computer is a wallet provider computer and is different from the mobile device;
  
  authenticating, by the processor, the user using the user authentication information, wherein authenticating the user and executing the partial personalization script are performed in parallel;
  
  in response to a successful authentication of the user and a successful execution of the partial personalization script, sending, by the processor, an activation message to the application provider computer which causes the application provider computer to initiate execution of the activation script, wherein execution of the activation script enables the mobile device with access to the personalization data and provisions the personalization data onto the mobile device prior to initiating a transaction using the personalization data; and
  
  in response to an unsuccessful authentication of the user or an unsuccessful execution of the partial personalization script, sending, by the processor, a deletion message to the application provider computer which causes the application provider computer to initiate execution of the deletion script to delete the personalization data from the mobile device.
- View Dependent Claims (7, 8, 9, 10, 13)
- - 7. The method of claim 6, wherein generating the partial personalization script comprises:
    - retrieving, by the processor, a personalization master key;
      
      generating, by the processor, a personalization session key using the device information and the personalization master key;
      
      generating, by the processor, store data commands comprising the personalization data; and
      
      encrypting, by the processor, the store data commands using the personalization session key.
  - 8. The method of claim 7, further comprising:
    - determining, by the processor, that the personalization session key is expired;
      
      establishing, by the processor, a new session associated with a new personalization session key;
      
      generating, by the processor, a new activation script using the new personalization session key; and
      
      sending, by the processor, the new activation script.
  - 9. The method of claim 6, wherein the device information comprises a device cryptogram, and wherein authenticating the user comprises:
    - retrieving, by the processor, a personalization master key;
      
      generating, by the processor, a personalization session key using the device information and the personalization master key; and
      
      validating, by the processor, the device cryptogram using the personalization session key.
  - 10. The method of claim 6, wherein the user authentication information comprises a primary account number (PAN), wherein the personalization data comprises a payment token, and wherein the method further comprises sending , by the processor, the PAN and the payment token to an issuer upon execution of the activation script.
  - 13. The method of claim 6, further comprising performing an assessment check based on a number of times the mobile device was previously provisioned.

11. An application provider computer comprising:
- a processor; and
  
  a non-transitory computer-readable medium comprising code executable by the processor for implementing a method comprising;
  
  sending a request for provisioning comprising device information for a mobile device and user authentication information for a user, wherein the user is authenticated using the user authentication information;
  
  receiving a partial personalization script, an activation script, and a deletion script based on the request for provisioning;
  
  initiating execution of the partial personalization script on the mobile device, wherein execution of the partial personalization script stores personalization data including payment data onto the mobile device in a secured form, wherein the user is authenticated in parallel with execution of the partial personalization script, and wherein the application provider computer is a wallet provider computer and is different from the mobile device;
  
  in response to a successful authentication of the user and a successful execution of the partial personalization script, receiving an activation message and initiating execution of the activation script on the mobile device, wherein execution of the activation script enables the mobile device with access to the personalization data and provisions the personalization data onto the mobile device prior to initiating a transaction using the personalization data; and
  
  in response to an unsuccessful authentication of the user or an unsuccessful execution of the partial personalization script, receiving a deletion message and initiating execution of the deletion script to delete the personalization data from the mobile device.
- View Dependent Claims (14)
- - 14. The application provider computer of claim 11, wherein the method further comprises performing an assessment check based on a number of times the mobile device was previously provisioned.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Wong, Erick, Makhotin, Oleg
Primary Examiner(s)
Zoubair, Noura

Application Number

US14/275,404
Publication Number

US 20140337236A1
Time in Patent Office

1,219 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/3227   using secure elements embed...

G06Q 20/3265   characterised by personalis...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/354   Card activation or deactiva...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/363   with the personal data of a...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3829   involving key management

Device provisioning using partial personalization scripts

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Device provisioning using partial personalization scripts

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links