Embedding cloud-based functionalities in a communication device

US 10,477,393 B2
Filed: 06/27/2018
Issued: 11/12/2019
Est. Priority Date: 08/22/2014
Status: Active Grant

First Claim

Patent Images

1. A server computer comprising:

a hardware processor; and

a memory storing code, which when executed by the hardware processor, causes the server computer to perform operations including;

generating by the server computer a first cryptogram key that is usable for generation of a first transaction cryptogram to conduct a first transaction;

transmitting the first cryptogram key to a first application executing in a first memory region of a communication device, wherein the first application executing in the first memory region of the communication device provides the first cryptogram key to an application agent executing in a second memory region of the communication device to store the first cryptogram key in the second memory region of the communication device;

receiving by the server computer a replenishment request for a second cryptogram key from the first application executing in the first memory region of the communication device, the replenishment request including transaction log information derived from a transaction log; and

generating by the server computer the second cryptogram key that is usable for generation of a second transaction cryptogram to conduct a second transaction upon determining that the transaction log information in the replenishment request matches transaction log information stored at the server computer and transmitting the second cryptogram key to the first application of the communication device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for enhancing the security of a communication device may include providing an application agent and a transaction application that executes on a communication device. The application agent may receive, from the application, a cryptogram key generated by a remote computer, and store the cryptogram key on the communication device. When the application agent receives a request to conduct a transaction from the application, the application agent may generate a transaction cryptogram using the cryptogram key, and provides the transaction cryptogram to an access device.

667 Citations

20 Claims

1. A server computer comprising:
- a hardware processor; and
  
  a memory storing code, which when executed by the hardware processor, causes the server computer to perform operations including;
  
  generating by the server computer a first cryptogram key that is usable for generation of a first transaction cryptogram to conduct a first transaction;
  
  transmitting the first cryptogram key to a first application executing in a first memory region of a communication device, wherein the first application executing in the first memory region of the communication device provides the first cryptogram key to an application agent executing in a second memory region of the communication device to store the first cryptogram key in the second memory region of the communication device;
  
  receiving by the server computer a replenishment request for a second cryptogram key from the first application executing in the first memory region of the communication device, the replenishment request including transaction log information derived from a transaction log; and
  
  generating by the server computer the second cryptogram key that is usable for generation of a second transaction cryptogram to conduct a second transaction upon determining that the transaction log information in the replenishment request matches transaction log information stored at the server computer and transmitting the second cryptogram key to the first application of the communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The server computer of claim 1, wherein the first cryptogram key is a limited-use key.
  - 3. The server computer of claim 1, wherein the transaction log information includes an authentication code generated from the transaction log.
  - 4. The server computer of claim 1, wherein the transaction log includes transaction data for each of a plurality of transactions conducted using the first cryptogram key.
  - 5. The server computer of claim 1, wherein the server computer does not communication with the application agent except via the first application executing in the first memory region of the communication device.
  - 6. The server computer of claim 1, wherein the second memory region is a trusted execution environment.
  - 7. The server computer of claim 6, wherein the trusted execution environment is implemented in a virtual machine.
  - 8. The server computer of claim 6, wherein the trusted execution environment is implemented as a secure operating mode in a processor of the communication device.
  - 9. The server computer of claim 1, wherein the first cryptogram key is usable for generation of two types of transaction cryptogram.
  - 10. The server computer of claim 9, wherein the two types of transaction cryptogram includes a magnetic-stripe based transaction cryptogram and a chip based transaction cryptogram.

11. A method comprising:
- generating, by a server computer, a first cryptogram key that is usable for generation of a first transaction cryptogram to conduct a first transaction;
  
  transmitting, by the server computer, the first cryptogram key to a first application executing in a first memory region of a communication device, wherein the first application executing in the first memory region of the communication device provides the first cryptogram key to an application agent executing in a second memory region of the communication device to store the first cryptogram key in the second memory region of the communication device;
  
  receiving, by the server computer, a replenishment request for a second cryptogram key from the first application executing in the first memory region of the communication device, the replenishment request including transaction log information derived from a transaction log; and
  
  generating, by the server computer, the second cryptogram key that is usable for generation of a second transaction cryptogram to conduct a second transaction upon determining that the transaction log information in the replenishment request matches transaction log information stored at the server computer and transmitting the second cryptogram key to the first application of the communication device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the first cryptogram key is a limited-use key.
  - 13. The method of claim 11, wherein the transaction log information includes an authentication code generated from the transaction log.
  - 14. The method of claim 11, wherein the transaction log includes transaction data for each of a plurality of transactions conducted using the first cryptogram key.
  - 15. The method of claim 11, wherein the server computer does not communication with the application agent except via the first application executing in the first memory region of the communication device.
  - 16. The method of claim 11, wherein the second memory region is a trusted execution environment.
  - 17. The method of claim 16, wherein the trusted execution environment is implemented in a virtual machine.
  - 18. The method of claim 16, wherein the trusted execution environment is implemented as a secure operating mode in a processor of the communication device.
  - 19. The method of claim 11, wherein the first cryptogram key is usable for generation of two types of transaction cryptogram.
  - 20. The method of claim 19, wherein the two types of transaction cryptogram includes a magnetic-stripe based transaction cryptogram and a chip based transaction cryptogram.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Lopez, Eduardo
Primary Examiner(s)
Chai, Longbit

Application Number

US16/020,796
Publication Number

US 20180324584A1
Time in Patent Office

503 Days
Field of Search

726 26
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/606   by securing the transmissio...

G06F 9/455   Emulation; Interpretation; ...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3227   using secure elements embed...

G06Q 20/326   Payment applications instal...

G06Q 20/3263   characterised by activation...

G06Q 20/3265   characterised by personalis...

G06Q 20/327   Short range or proximity pa...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/382   insuring higher security of...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

H04L 63/068   using time-dependent keys, ...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 4/80   Services using short range ...

H04W 88/02   Terminal devices

Embedding cloud-based functionalities in a communication device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

667 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Embedding cloud-based functionalities in a communication device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

667 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links