Back end of payment system associated with financial transactions using card readers coupled to mobile devices
First Claim
1. A system for reconstructing a packet that includes financial transaction card information, comprising:
- a card reader with a read head, a slot for swiping a card, device electronics that include wake-up electronics, and a microcontroller with logic resources and code, the card reader adapted to be coupled to a mobile device, the code including a unique identifier and a cryptographic key, the cryptographic key having been calculated at a payment processing server from a combination of a master secret and the unique identifier, and the card reader configured to;
detect a swipe of a financial transaction card;
upon detecting the swipe of the financial transaction card, the wake-up electronics signal the microcontroller to put the device electronics into an active mode from a sleep mode;
receive, by the card reader, financial transaction data from the card;
encrypt, by the card reader, the financial transaction data using the cryptographic key, to generate encrypted financial transaction data;
generate, by the card reader, a packet including the unique identifier stored in the card reader and the encrypted financial transaction data, wherein the unique identifier is not encrypted; and
transmit the packet from the card reader to a mobile device;
the mobile device configured to;
receive the packet from the card reader; and
transmit the packet to a payment processing server; and
the payment processing server configured to;
receive, by the payment processing server, the packet from the mobile device, the packet including the unique identifier provided by the card reader and the encrypted financial transaction data;
derive, by the payment processing server, the cryptographic key associated with the card reader using the master secret and the unique identifier included in the packet received from the mobile device, wherein the master secret is stored in the payment processing server and not transmitted from the payment processing server;
decrypt, by the payment processing server using the cryptographic key calculated by the payment processing server, the encrypted financial transaction data of the packet to produce non-encrypted financial card information; and
send, by the payment processing server, the non-encrypted financial card information to a payment gateway.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of reconstructing a packet that includes financial card information from a mobile device uses a card reader. The card reader has a read head, a slot for swiping a magnetic stripe of a card and device electronics that includes a microcontroller with logic resources with code. The card reader has a unique identifier and associated cryptographic key. The same code is used to produce an encrypted and signed signal. The encrypted and signed signal, that includes the card reader identifier, is sent to the mobile device. The mobile device sends an encrypted and signed packet to a back end of a payment system. A cryptographic key is used to decrypt and verify the contents of the packet at the back end. Non-encrypted financial card information is sent to a payment gateway.
-
Citations
11 Claims
-
1. A system for reconstructing a packet that includes financial transaction card information, comprising:
-
a card reader with a read head, a slot for swiping a card, device electronics that include wake-up electronics, and a microcontroller with logic resources and code, the card reader adapted to be coupled to a mobile device, the code including a unique identifier and a cryptographic key, the cryptographic key having been calculated at a payment processing server from a combination of a master secret and the unique identifier, and the card reader configured to; detect a swipe of a financial transaction card; upon detecting the swipe of the financial transaction card, the wake-up electronics signal the microcontroller to put the device electronics into an active mode from a sleep mode; receive, by the card reader, financial transaction data from the card; encrypt, by the card reader, the financial transaction data using the cryptographic key, to generate encrypted financial transaction data; generate, by the card reader, a packet including the unique identifier stored in the card reader and the encrypted financial transaction data, wherein the unique identifier is not encrypted; and transmit the packet from the card reader to a mobile device; the mobile device configured to; receive the packet from the card reader; and transmit the packet to a payment processing server; and the payment processing server configured to; receive, by the payment processing server, the packet from the mobile device, the packet including the unique identifier provided by the card reader and the encrypted financial transaction data; derive, by the payment processing server, the cryptographic key associated with the card reader using the master secret and the unique identifier included in the packet received from the mobile device, wherein the master secret is stored in the payment processing server and not transmitted from the payment processing server; decrypt, by the payment processing server using the cryptographic key calculated by the payment processing server, the encrypted financial transaction data of the packet to produce non-encrypted financial card information; and send, by the payment processing server, the non-encrypted financial card information to a payment gateway. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification