EMBEDDING CLOUD-BASED FUNCTIONALITIES IN A COMMUNICATION DEVICE

US 20180324584A1
Filed: 06/27/2018
Published: 11/08/2018
Est. Priority Date: 08/22/2014
Status: Active Grant

First Claim

Patent Images

1. A server computer comprising:

a processor; and

a memory storing code, which when executed by the processor, causes the server computer to perform operations including;

generating a first cryptogram key that is usable for generation of a transaction cryptogram to conduct a transaction;

transmitting the first cryptogram key to an application executing in a first memory region of a communication device, wherein the application executing in a first memory region of the communication device provides the first cryptogram key to an application agent executing in a second memory region of the communication device to store the first cryptogram key in a second memory region of the communication device;

receiving a replenishment request for a second cryptogram key from the application executing in the first memory region of the communication device, the replenishment request including transaction log information derived from a transaction log;

determining that the transaction log information in the replenishment request matches transaction log information at the server computer;

generating a first cryptogram key that is usable for generation of a transaction cryptogram to conduct a transaction; and

transmitting the first cryptogram key to an application executing in a first memory region of the communication device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for enhancing the security of a communication device may include providing an application agent and a transaction application that executes on a communication device. The application agent may receive, from the application, a cryptogram key generated by a remote computer, and store the cryptogram key on the communication device. When the application agent receives a request to conduct a transaction from the application, the application agent may generate a transaction cryptogram using the cryptogram key, and provides the transaction cryptogram to an access device.

Citations

20 Claims

1. A server computer comprising:
- a processor; and
  
  a memory storing code, which when executed by the processor, causes the server computer to perform operations including;
  
  generating a first cryptogram key that is usable for generation of a transaction cryptogram to conduct a transaction;
  
  transmitting the first cryptogram key to an application executing in a first memory region of a communication device, wherein the application executing in a first memory region of the communication device provides the first cryptogram key to an application agent executing in a second memory region of the communication device to store the first cryptogram key in a second memory region of the communication device;
  
  receiving a replenishment request for a second cryptogram key from the application executing in the first memory region of the communication device, the replenishment request including transaction log information derived from a transaction log;
  
  determining that the transaction log information in the replenishment request matches transaction log information at the server computer;
  
  generating a first cryptogram key that is usable for generation of a transaction cryptogram to conduct a transaction; and
  
  transmitting the first cryptogram key to an application executing in a first memory region of the communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The server computer of claim 1, wherein the first cryptogram key is a limited-use key.
  - 3. The server computer of claim 1, wherein the transaction log information includes an authentication code generated from the transaction log.
  - 4. The server computer of claim 1, wherein the transaction log includes transaction data for each of a plurality of transactions conducted using the first cryptogram key.
  - 5. The server computer of claim 1, wherein the server computer does not communication with the application agent except via the application executing in the first memory region of the communication device.
  - 6. The server computer of claim 1, wherein the second memory region is a trusted execution environment.
  - 7. The server computer of claim 6, wherein the trusted execution environment is implemented in a virtual machine.
  - 8. The server computer of claim 6, wherein the trusted execution environment is implemented as a secure operating mode in a processor of the communication device.
  - 9. The server computer of claim 1, wherein the first cryptogram key is usable for generation of two types of transaction cryptogram.
  - 10. The server computer of claim 9, wherein the two types of transaction cryptogram includes a magnetic-stripe based transaction cryptogram and a chip based transaction cryptogram.

11. A method comprising:
- generating, by a server computer, a first cryptogram key that is usable for generation of a transaction cryptogram to conduct a transaction;
  
  transmitting, by the server computer, the first cryptogram key to an application executing in a first memory region of a communication device, wherein the application executing in a first memory region of the communication device provides the first cryptogram key to an application agent executing in a second memory region of the communication device to store the first cryptogram key in a second memory region of the communication device;
  
  receiving, by the server computer, a replenishment request for a second cryptogram key from the application executing in the first memory region of the communication device, the replenishment request including transaction log information derived from a transaction log;
  
  determining, by the server computer, that the transaction log information in the replenishment request matches transaction log information at the server computer;
  
  generating, by the server computer, a first cryptogram key that is usable for generation of a transaction cryptogram to conduct a transaction; and
  
  transmitting, by the server computer, the first cryptogram key to an application executing in a first memory region of the communication device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the first cryptogram key is a limited-use key.
  - 13. The method of claim 11, wherein the transaction log information includes an authentication code generated from the transaction log.
  - 14. The method of claim 11, wherein the transaction log includes transaction data for each of a plurality of transactions conducted using the first cryptogram key.
  - 15. The method of claim 11, wherein the server computer does not communication with the application agent except via the application executing in the first memory region of the communication device.
  - 16. The method of claim 11, wherein the second memory region is a trusted execution environment.
  - 17. The method of claim 16, wherein the trusted execution environment is implemented in a virtual machine.
  - 18. The method of claim 16, wherein the trusted execution environment is implemented as a secure operating mode in a processor of the communication device.
  - 19. The method of claim 11, wherein the first cryptogram key is usable for generation of two types of transaction cryptogram.
  - 20. The method of claim 19, wherein the two types of transaction cryptogram includes a magnetic-stripe based transaction cryptogram and a chip based transaction cryptogram.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Lopez, Eduardo

Granted Patent

US 10,477,393 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/606   by securing the transmissio...

G06F 9/455   Emulation; Interpretation; ...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3227   using secure elements embed...

G06Q 20/326   Payment applications instal...

G06Q 20/3263   characterised by activation...

G06Q 20/3265   characterised by personalis...

G06Q 20/327   Short range or proximity pa...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/382   insuring higher security of...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

H04L 63/068   using time-dependent keys, ...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 4/80   Services using short range ...

H04W 88/02   Terminal devices

EMBEDDING CLOUD-BASED FUNCTIONALITIES IN A COMMUNICATION DEVICE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

EMBEDDING CLOUD-BASED FUNCTIONALITIES IN A COMMUNICATION DEVICE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links