Secure remote payment transaction processing

US 10,607,212 B2
Filed: 07/15/2014
Issued: 03/31/2020
Est. Priority Date: 07/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method of processing a remote transaction initiated by a mobile device, the method comprising:

receiving, by a server computer from a transaction processor in the form of a merchant application on the mobile device via a mobile communications network, a payment request including encrypted payment information including a payment credential associated with an issuer, and a transaction processor certificate, wherein the encrypted payment information including the payment credential was obtained from a mobile payment application on the mobile device after encrypting payment information using a third party key, wherein the transaction processor certificate was obtained from the transaction processor, and wherein the transaction processor is different than the mobile payment application;

decrypting, by the server computer, the encrypted payment information using the third party key;

determining, by the server computer, a transaction processor public key associated with the payment information;

re-encrypting, by the server computer, the payment information using the transaction processor public key;

sending, by the server computer, a payment response including the re-encrypted payment information to the transaction processor via the mobile communications network, wherein the transaction processor decrypts the re-encrypted payment information using a transaction processor private key and initiates a payment transaction using the decrypted payment information;

receiving, by a processing network computer from the transaction processor, an authorization request message comprising the decrypted payment information; and

transmitting, by the processing network computer, the authorization request message to an issuer computer associated with the issuer for authorization,wherein determining the transaction processor public key further comprises;

validating that the transaction processor certificate is authentic;

verifying that the transaction processor certificate is currently valid with a certificate authority; and

extracting the transaction processor public key from the transaction processor certificate, andwherein the transaction processor public key is a merchant application public key, and the transaction processor private key is a merchant application private key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device comprising a server computer receiving a payment request including encrypted payment information. The encrypted payment information being generated by a mobile payment application of the mobile device and being encrypted using a third party key. The method further comprises decrypting the encrypted payment information using the third party key, determining a transaction processor public key associated with the payment information, and re-encrypting the payment information using the transaction processor public key. The method further comprises sending a payment response including the re-encrypted payment information to a transaction processor. The transaction processor decrypts the re-encrypted payment information using a transaction processor private key and initiates a payment transaction.

114 Citations

17 Claims

1. A method of processing a remote transaction initiated by a mobile device, the method comprising:
- receiving, by a server computer from a transaction processor in the form of a merchant application on the mobile device via a mobile communications network, a payment request including encrypted payment information including a payment credential associated with an issuer, and a transaction processor certificate, wherein the encrypted payment information including the payment credential was obtained from a mobile payment application on the mobile device after encrypting payment information using a third party key, wherein the transaction processor certificate was obtained from the transaction processor, and wherein the transaction processor is different than the mobile payment application;
  
  decrypting, by the server computer, the encrypted payment information using the third party key;
  
  determining, by the server computer, a transaction processor public key associated with the payment information;
  
  re-encrypting, by the server computer, the payment information using the transaction processor public key;
  
  sending, by the server computer, a payment response including the re-encrypted payment information to the transaction processor via the mobile communications network, wherein the transaction processor decrypts the re-encrypted payment information using a transaction processor private key and initiates a payment transaction using the decrypted payment information;
  
  receiving, by a processing network computer from the transaction processor, an authorization request message comprising the decrypted payment information; and
  
  transmitting, by the processing network computer, the authorization request message to an issuer computer associated with the issuer for authorization,wherein determining the transaction processor public key further comprises;
  
  validating that the transaction processor certificate is authentic;
  
  verifying that the transaction processor certificate is currently valid with a certificate authority; and
  
  extracting the transaction processor public key from the transaction processor certificate, andwherein the transaction processor public key is a merchant application public key, and the transaction processor private key is a merchant application private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the payment credential is stored in a secure memory of the mobile device and the mobile payment application obtains the payment credential from the secure memory.
  - 3. The method of claim 1, wherein the payment credential includes an account identifier and an expiration date.
  - 4. The method of claim 3, wherein the payment credential further includes a dynamic value generated using a shared algorithm associated with a payment processing network.
  - 5. The method of claim 1, wherein receiving, from the transaction processor, the authorization request message comprising the decrypted payment information comprises receiving, from the transaction processor, the authorization request message comprising the decrypted payment information via an acquirer computer.
  - 6. The method of claim 1, wherein the method further comprises:
    - performing, by the processing network computer, an authentication process using the decrypted payment information;
      
      generating, by the processing network computer, an authentication response value in response to performing the authentication process; and
      
      modifying, by the processing network computer, the authorization request message to include the authentication response value after receiving the authorization request message, wherein the authorization request message that is transmitted to the issuer computer includes the decrypted payment information and the authentication response value.
  - 7. The method of claim 1, further comprising, before receiving, by the server computer, the payment request:
    - providing, by the transaction processor, payee information to the mobile payment application;
      
      retrieving, by the mobile payment application, the payment credential from a secure element of the mobile device; and
      
      providing, by the mobile payment application, the payment credential to the transaction processor.
  - 8. The method of claim 7, wherein the transaction processor private key is stored in the transaction processor.
  - 9. The method of claim 1, wherein the transaction processor initiates the payment transaction by generating the authorization request message.
  - 10. The method of claim 9, wherein the authorization request message is an ISO 8583 message.
  - 11. The method of claim 1, wherein the payment credential is a payment token, and wherein the payment token is a substitute for a real credit or debit card number.
  - 12. The method of claim 1, wherein the server computer is a remote key manager which stores a plurality of public key certificates of a plurality of transaction processors, the plurality of public key certificates including the transaction processor public key certificate.

13. A system comprising:
- a processor; and
  
  a non-transitory computer-readable medium coupled to the processor, the computer-readable medium comprising code, executable by the processor, for performing a method of processing a remote transaction, the method comprising;
  
  receiving, from a transaction processor in the form of a merchant application on a mobile device via a mobile communications network, a payment request including encrypted payment information including a payment credential associated with an issuer, and a transaction processor certificate, wherein the encrypted payment information including the payment credential was obtained from a mobile payment application on the mobile device after encrypting payment information using a third party key, wherein the transaction processor certificate was obtained from the transaction processor, and wherein the transaction processor is different than the mobile payment application;
  
  decrypting the encrypted payment information using the third party key;
  
  determining a transaction processor public key associated with the payment information;
  
  re-encrypting the payment information using the transaction processor public key;
  
  sending a payment response including the re-encrypted payment information to the transaction processor via the mobile communications network, wherein the transaction processor decrypts the re-encrypted payment information using a transaction processor private key and initiates a payment transaction using the decrypted payment information;
  
  receiving, from the transaction processor, an authorization request message comprising the decrypted payment information; and
  
  transmitting the authorization request message to an issuer computer associated with the issuer for authorization,wherein determining the transaction processor public key further comprises;
  
  validating that the transaction processor certificate is authentic;
  
  verifying the transaction processor certificate is currently valid with a certificate authority; and
  
  extracting the transaction processor public key from the transaction processor certificate, andwherein the transaction processor public key is a merchant application public key, and the transaction processor private key is a merchant application private key.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, wherein the payment credential includes an account identifier and an expiration date.
  - 15. The system of claim 14, wherein the payment credential further includes a dynamic value generated using a shared algorithm associated with a payment processing network.

16. A system comprising:
- a mobile device comprising a transaction processor and a mobile payment application; and
  
  a server computer comprisinga processor, anda non-transitory computer-readable medium coupled to the processor, the computer-readable medium comprising code, executable by the processor, for performing a method of processing a remote transaction with the mobile device, the method comprising,receiving, from the transaction processor in the form of a merchant application on the mobile device via a mobile communications network, a payment request including encrypted payment information including a payment credential associated with an issuer, and a transaction processor certificate, wherein the encrypted payment information including the payment credential was obtained from the mobile payment application on the mobile device after encrypting payment information using a third party key, wherein the transaction processor certificate was obtained from the transaction processor, and wherein the transaction processor is different than the mobile payment application,decrypting the encrypted payment information using the third party key,determining a transaction processor public key associated with the payment information,re-encrypting the payment information using the transaction processor public key, sending a payment response including the re-encrypted payment information to the transaction processor via the mobile communications network, wherein the transaction processor decrypts the re-encrypted payment information using a transaction processor private key and initiates a payment transaction using the decrypted payment information, andreceiving, from the transaction processor, the authorization request message comprising the decrypted payment information, andtransmitting an authorization request message to an issuer computer associated with the issuer for authorization,wherein determining the transaction processor public key further comprises;
  
  validating that the transaction processor certificate is authentic,verifying that the transaction processor certificate is currently valid with a certificate authority, andextracting the transaction processor public key from the transaction processor certificate, andwherein the transaction processor public key is a merchant application public key, and the transaction processor private key is a merchant application private key,wherein the mobile device is in communication with the server computer.
- View Dependent Claims (17)
- - 17. The system of claim 16, wherein the mobile device is a mobile phone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Sheets, John, Wagner, Kim, Aabye, Christian, Liu, Frederick, Karpenko, Igor, Powell, Glenn, Pirzadeh, Kiushan
Primary Examiner(s)
Nigh, James D
Assistant Examiner(s)
Neubig, Margaret M

Application Number

US14/332,245
Publication Number

US 20150019443A1
Time in Patent Office

2,086 Days
Field of Search

705 50- 79
US Class Current
CPC Class Codes

G06Q 20/322   Aspects of commerce using m...

G06Q 20/326   Payment applications instal...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/3829   involving key management

Secure remote payment transaction processing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

114 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Secure remote payment transaction processing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links