Cloud-based transactions methods and systems

US 9,972,005 B2
Filed: 12/19/2014
Issued: 05/15/2018
Est. Priority Date: 12/19/2013
Status: Active Grant

First Claim

Patent Images

1. A method for enhancing security of a communication device when conducting a transaction using the communication device, the method comprising:

receiving, from a remote computer by the communication device, a limited-use key (LUK) that is associated with a set of one or more limited-use thresholds that limits usage of the LUK, wherein the LUK is usable for more than one transaction;

generating, by the communication device, a transaction cryptogram using the LUK;

sending, to an access device by the communication device, a token instead of a real account identifier and the transaction cryptogram to conduct the transaction, wherein the transaction is authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds;

sending, to the remote computer by the communication device, a replenishment request for a second LUK, the replenishment request including transaction log information derived from transaction data that is unique for each of a plurality of transactions conducted using the LUK, the transaction data being stored in a transaction log on the communication device; and

receiving, from the remote computer by the communication device, the second LUK when the transaction log information in the replenishment request matches transaction log information at the remote computer, the second LUK being a different key than the LUK.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and sending a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds.

Citations

24 Claims

1. A method for enhancing security of a communication device when conducting a transaction using the communication device, the method comprising:
- receiving, from a remote computer by the communication device, a limited-use key (LUK) that is associated with a set of one or more limited-use thresholds that limits usage of the LUK, wherein the LUK is usable for more than one transaction;
  
  generating, by the communication device, a transaction cryptogram using the LUK;
  
  sending, to an access device by the communication device, a token instead of a real account identifier and the transaction cryptogram to conduct the transaction, wherein the transaction is authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds;
  
  sending, to the remote computer by the communication device, a replenishment request for a second LUK, the replenishment request including transaction log information derived from transaction data that is unique for each of a plurality of transactions conducted using the LUK, the transaction data being stored in a transaction log on the communication device; and
  
  receiving, from the remote computer by the communication device, the second LUK when the transaction log information in the replenishment request matches transaction log information at the remote computer, the second LUK being a different key than the LUK.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 23, 24)
- - 2. The method of claim 1, wherein the communication device stores the LUK or the token in a memory, instead of in a secure element.
  - 3. The method of claim 1, wherein receiving the LUK further includes receiving a key index that includes information pertaining to generation of the LUK.
  - 4. The method of claim 3, wherein the key index is sent with the transaction cryptogram to the access device to conduct the transaction.
  - 5. The method of claim 3, wherein the key index includes at least one of:
    - time information indicating when the LUK is generated; and
      
      a replenishment counter value indicating a number of times the LUK has been replenished.
  - 6. The method of claim 3, wherein the key index includes:
    - a pseudo-random number that is used as a seed to generate the LUK;
      
      ora transaction counter value indicating a number of transactions that has been previously conducted by a mobile application of the communication device at the time the LUK is generated.
  - 7. The method of claim 1, wherein the set of one or more limited-use thresholds includes at least one of:
    - a time-to-live indicating a time duration that the LUK is valid for;
      
      a predetermined number of transactions that the LUK is valid for; and
      
      a cumulative transaction amount indicating the total transaction amount that the LUK is valid for.
  - 8. The method of claim 1, wherein the set of one or more limited-use thresholds includes an international usage threshold and a domestic usage threshold.
  - 9. The method of claim 1, wherein the transaction log stored on the communication device includes:
    - for each transaction conducted using the LUK;
      
      a transaction timestamp indicating the time of the corresponding transaction;
      
      an application transaction counter value associated with the corresponding transaction; and
      
      a transaction type indicator indicating whether the corresponding transaction is a magnetic stripe based transaction or an integrated chip based transaction.
  - 10. The method of claim 1, wherein the transaction log information sent to the remote computer includes an authentication code computed over at least the transaction log using the LUK.
  - 11. The method of claim 1, wherein the replenishment request is sent in response to:
    - determining that a next transaction conducted with the LUK will exhaust the set of one or more limited-use thresholds;
      
      determining that the set of one or more limited-use thresholds associated with the LUK has been exhausted;
      
      orreceiving a push message requesting the communication device to replenish the LUK.
  - 23. The method of claim 1, wherein the transaction cryptogram is generated by:
    - enciphering transaction information using a first portion of the LUK;
      
      deciphering the enciphered transaction information using a second portion of the LUK; and
      
      re-enciphering the deciphered transaction information using the first portion of the LUK.
  - 24. The method of claim 1, wherein the transaction cryptogram is generated by:
    - encrypting a predetermined numeric string using the LUK; and
      
      decimalizing the encrypted predetermined numeric string.

12. A communication device comprising:
- a processor; and
  
  a memory coupled to the processor and storing a mobile application that performs operations for enhancing security of the communication device when conducting transactions using the communication device, the operations including;
  
  receiving a limited-use key (LUK) that is associated with a set of one or more limited-use thresholds that limits usage of the LUK, wherein the LUK is usable for more than one transaction;
  
  generating a transaction cryptogram using the LUK;
  
  sending a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction, wherein the transaction is authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds;
  
  sending a replenishment request for a second LUK, the replenishment request including transaction log information derived from transaction data that is unique for each of a plurality of transactions conducted using the LUK, the transaction data being stored in a transaction log on the communication device; and
  
  receiving the second LUK when the transaction log information in the replenishment request matches transaction log information at the remote computer, the second LUK being a different key than the LUK.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The communication device of claim 12, wherein the communication device stores the LUK or the token in a memory, instead of in a secure element.
  - 14. The communication device of claim 12, wherein receiving the LUK further includes receiving a key index that includes information pertaining to generation of the LUK.
  - 15. The communication device of claim 14, wherein the key index is sent with the transaction cryptogram to the access device to conduct the transaction.
  - 16. The communication device of claim 14, wherein the key index includes at least one of:
    - time information indicating when the LUK is generated; and
      
      a replenishment counter value indicating a number of times the LUK has been replenished.
  - 17. The communication device of claim 14, wherein the key index includes a seed from which the LUK is generated.
  - 18. The communication device of claim 12, wherein the set of one or more limited-use thresholds includes at least one of:
    - a time-to-live indicating a time duration that the LUK is valid for;
      
      a predetermined number of transactions that the LUK is valid for; and
      
      a cumulative transaction amount indicating the total transaction amount that the LUK is valid for.
  - 19. The communication device of claim 12, wherein the set of one or more limited-use thresholds includes an international usage threshold and a domestic usage threshold.
  - 20. The communication device of claim 12, wherein the transaction log stored on the communication device includes:
    - for each transaction conducted using the LUK;
      
      a transaction timestamp indicating the time of the corresponding transaction;
      
      an application transaction counter value associated with the corresponding transaction; and
      
      a transaction type indicator indicating whether the corresponding transaction is a magnetic stripe based transaction or an integrated chip based transaction.
  - 21. The communication device of claim 12, wherein the transaction log information includes an authentication code computed over at least the transaction log using the LUK.
  - 22. The communication device of claim 12, wherein the replenishment request is sent in response to:
    - determining that a next transaction conducted with the LUK will exhaust the set of one or more limited-use thresholds;
      
      determining that the set of one or more limited-use thresholds associated with the LUK has been exhausted;
      
      orreceiving a push message requesting the communication device to replenish the LUK.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Wong, Erick, Flurscheim, Christian, Makhotin, Oleg, Lopez, Eduardo, Sharma, Sanjeev, Jones, Christopher, Guglani, Abhishek, Sevanto, Jarkko Oskari, Patel, Bharatkumar, Or, Tai Lung Burnnet, Aabye, Christian, Ngo, Hao, Sheets, John F.
Primary Examiner(s)
King, John B
Assistant Examiner(s)
Cruz-Franqui, Richard W

Application Number

US14/577,837
Publication Number

US 20150180836A1
Time in Patent Office

1,243 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/322   Aspects of commerce using m...

G06Q 20/326   Payment applications instal...

G06Q 20/327   Short range or proximity pa...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/389   Keeping log of transactions...

G06Q 2220/00   Business processing using c...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0428   wherein the data content is...

H04L 9/0869   involving random numbers or...

Cloud-based transactions methods and systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud-based transactions methods and systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links