Limited-use keys and cryptograms
First Claim
1. A method for enhancing security of a communication device when conducting a transaction using the communication device, the method comprising:
- encrypting, by a computer system, account information with a first encryption key to generate a second encryption key;
encrypting, by the computer system, key index information using the second encryption key to generate a limited-use key (LUK), wherein the key index information includes a key index having a counter value indicating a number of times that the LUK has been renewed in a predetermined time period, and time information indicating when the LUK is generated, and wherein the LUK is associated with a set of one or more limited-use thresholds that limits usage of the LUK; and
providing, by the computer system, the LUK and the key index to the communication device via an application platform computer;
receiving, by the computer system, the key index information and a transaction cryptogram generated by the communication device, the transaction cryptogram including transaction data encrypted by the LUK;
verifying, by the computer system, that the transaction cryptogram was encrypted using the LUK, and that the LUK has not exceeded the one or more limited-use thresholds, wherein verifying that the transaction cryptogram was encrypted using the LUK includes;
regenerating the transaction cryptogram using the received key index information; and
based on the verifying, authorizing the transaction.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include encrypting account information with a first encryption key to generate a second encryption key, and encrypting key index information using the second key to generate a limited-use key (LUK). The key index information may include a key index having information pertaining to generation of the LUK. The LUK and the key index can be provided to the communication device to facilitate generation of a transaction cryptogram for a transaction conducted using the communication device, and the transaction can be authorized based on the transaction cryptogram generated from the LUK.
-
Citations
24 Claims
-
1. A method for enhancing security of a communication device when conducting a transaction using the communication device, the method comprising:
-
encrypting, by a computer system, account information with a first encryption key to generate a second encryption key; encrypting, by the computer system, key index information using the second encryption key to generate a limited-use key (LUK), wherein the key index information includes a key index having a counter value indicating a number of times that the LUK has been renewed in a predetermined time period, and time information indicating when the LUK is generated, and wherein the LUK is associated with a set of one or more limited-use thresholds that limits usage of the LUK; and providing, by the computer system, the LUK and the key index to the communication device via an application platform computer; receiving, by the computer system, the key index information and a transaction cryptogram generated by the communication device, the transaction cryptogram including transaction data encrypted by the LUK; verifying, by the computer system, that the transaction cryptogram was encrypted using the LUK, and that the LUK has not exceeded the one or more limited-use thresholds, wherein verifying that the transaction cryptogram was encrypted using the LUK includes; regenerating the transaction cryptogram using the received key index information; and based on the verifying, authorizing the transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer system for enhancing security of a communication device when conducting transactions using the communication device, the computer system comprising:
-
one or more processors; and one or more memories storing computer-readable code, which when executed by the one or more processors, causes the computer system to perform operations including; encrypting account information with a first encryption key to generate a second encryption key; encrypting key index information using the second encryption key to generate a limited-use key (LUK), wherein the key index information includes a key index having a counter value indicating a number of times that the LUK has been renewed in a predetermined time period, and time information indicating when the LUK is generated, and wherein the LUK is associated with a set of one or more limited-use thresholds that limits usage of the LUK; providing the LUK and the key index to the communication device via an application platform computer; receiving the key index information and a transaction cryptogram generated by the communication device, wherein the transaction cryptogram includes transaction data encrypted by the LUK; verifying that the transaction cryptogram was encrypted using the LUK, and that the LUK has not exceeded the one or more limited-use thresholds, wherein verifying that the transaction cryptogram was encrypted using the LUK includes; regenerating the transaction cryptogram using the received key index information; and based on the verifying, authorizing the transaction. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification