公开(公告)号：US20180240113A1

公开(公告)日：2018-08-23

申请号：US15896710

申请日：2018-02-14

Applicant: MasterCard International Incorporated

Inventor： Patrik Smets ,  Michael Ward ,  David Anthony Roberts ,  Mohamed Abou El Enin

IPC: G06Q20/40 ,  G06Q20/32 ,  G06Q20/38 ,  G06Q20/34 ,  G06F21/31 ,  H04L29/06 ,  H04L9/32

CPC classification number: G06Q20/401 ,  G06F21/31 ,  G06Q20/02 ,  G06Q20/20 ,  G06Q20/32 ,  G06Q20/3278 ,  G06Q20/351 ,  G06Q20/352 ,  G06Q20/382 ,  G06Q20/3821 ,  G06Q20/4012 ,  G06Q20/40145 ,  G06Q20/4018 ,  G06Q20/409 ,  H04L9/321 ,  H04L63/123 ,  H04L63/126

Abstract: A method of determining legitimate use of a computing device for an action to be approved by a remote system is described. The following steps are carried out at the computing device. A verification method (44) is established for authenticating a user at the computing device or for verifying the integrity of the computing device in association with carrying out the action on that computing device. Cryptographic material is received from a trusted system for use in performing the action. The action is then performed (42). This may or may not comprise successful performance of the verification step. However, performing the action comprises returning information to the remote system that includes whether there was successful authentication using the verification method and parameters relating to computing device state when the action was performed. Suitable computing apparatus is also described.

公开(公告)号：US20180240111A1

公开(公告)日：2018-08-23

申请号：US15896691

申请日：2018-02-14

Applicant: Mastercard International Incorporated

Inventor： Patrik Smets ,  Michael Ward ,  David Anthony Roberts ,  Mohamed Abou El Enin

IPC: G06Q20/38 ,  G06Q20/32 ,  G06Q20/10 ,  G06F21/36 ,  H04L9/14

CPC classification number: G06Q20/3829 ,  G06F21/36 ,  G06F21/602 ,  G06F21/606 ,  G06F2221/2103 ,  G06Q20/102 ,  G06Q20/32 ,  G06Q20/3821 ,  H04L9/0894 ,  H04L9/14 ,  H04L2209/56

Abstract: A computing device embodies a security architecture for an application (42). The security architecture has non-volatile storage (43) for storing first cryptographic material and volatile storage (51) for storing second cryptographic material. The second cryptographic material is lost on rebooting of the computing device. At least the second cryptographic material may be replenished from a source external to the computing device but accessible by a computing network. Methods of use of this architecture by the application are also described.

公开(公告)号：US20180181954A1

公开(公告)日：2018-06-28

申请号：US15844379

申请日：2017-12-15

Applicant: Mastercard International Incorporated

Inventor： James David Sinton ,  John Beric ,  David Anthony Roberts

IPC: G06Q20/38 ,  G06Q20/20

CPC classification number: G06Q20/385 ,  G06Q20/04 ,  G06Q20/202 ,  G06Q20/22 ,  G06Q20/30 ,  G06Q20/341

Abstract: A method of configuring a transaction device (102, 160) for use within a closed loop transaction system (12), the closed loop transaction system comprising a point-of-interaction terminal (24) for processing transactions with the transaction device, the method comprising: receiving an instruction to set a field within a device data store on the transaction device to use a predetermined currency code specified by the terminal; receiving, at the transaction device, a transaction amount available for transactions with the closed loop terminal system; storing (202) the transaction amount on the transaction device; receiving an unique identifier associated with the closed loop terminal system for use in transactions with the point-of-interaction terminal within the system; storing (206) the unique identifier on the transaction device.

公开(公告)号：US20180181947A1

公开(公告)日：2018-06-28

申请号：US15824342

申请日：2017-11-28

Applicant: MasterCard International Incorporated

Inventor： David Anthony Roberts ,  Alan Mushing ,  Susan Thompson

IPC: G06Q20/32 ,  H04L9/30 ,  H04L9/00

CPC classification number: G06Q20/3227 ,  G06F21/14 ,  H04L9/002 ,  H04L9/0841 ,  H04L9/0891 ,  H04L9/3013 ,  H04L9/3066 ,  H04L9/321 ,  H04L63/0823 ,  H04L2209/16 ,  H04L2209/56

Abstract: A method is described for transferring secrets from a first cryptographic system installed on a computing device to a second cryptographic system installed on the computing device to enable the second cryptographic system to replace the first cryptographic system.

公开(公告)号：US20130262317A1

公开(公告)日：2013-10-03

申请号：US13827042

申请日：2013-03-14

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Mehdi COLLINGE ,  Susan Thompson ,  Patrik Smets ,  David Anthony Roberts ,  Michael Christopher Ward

IPC: G06Q20/38

CPC classification number: G06Q20/3823 ,  G06Q20/322 ,  G06Q20/385 ,  G06Q20/4012 ,  G06Q20/405

Abstract: A method for generating and provisioning payment credentials to a mobile device lacking a secure element includes: generating a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier; provisioning, to a mobile device lacking a secure element, the generated card profile; receiving, from the mobile device, a key request, wherein the key request includes at least a mobile identification number (PIN) and the profile identifier; using the mobile PIN; generating a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction; and transmitting the generated single use key to the mobile device.

Abstract translation: 一种用于向缺少安全元件的移动设备生成和提供支付凭证的方法包括：生成与支付账户相关联的卡配置文件，其中所述卡配置文件至少包括对应于相关支付帐户的支付凭证和配置文件标识符; 提供给缺少安全元件的移动设备，生成的卡简档; 从所述移动设备接收密钥请求，其中所述密钥请求至少包括移动标识号（PIN）和所述简档标识符; 使用移动PIN; 生成单个使用密钥，其中所述单一使用密钥至少包括所述简档标识符，应用交易计数器和用于生成对单个金融交易有效的支付密码的生成密钥; 以及将生成的单次使用密钥发送到移动设备。

公开(公告)号：US11855969B2

公开(公告)日：2023-12-26

申请号：US17494077

申请日：2021-10-05

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Duncan Garrett ,  John Beric ,  Michael Ward ,  David Anthony Roberts

IPC: H04L9/40 ,  G06Q20/32 ,  G06Q20/42 ,  G06Q20/40

CPC classification number: H04L63/0428 ,  G06Q20/3255 ,  G06Q20/3274 ,  G06Q20/3276 ,  G06Q20/3278 ,  G06Q20/40 ,  G06Q20/42

Abstract: A method for trusted notifications comprises: receiving, at a first host having at least one trusted server, a request message from a sender computing device, the request message comprising a request identifier and instructions to: update, at a second host, a recipient account associated with a recipient computing device, and to make a corresponding update at the first host to a sender account associated with the sender computing device. The method further comprises authorizing, at the first host, the request message; updating the sender account; generating a secure message at the at least one trusted server, the secure message comprising the request identifier and an indication from the at least one trusted server that the update completed; and sending the secure message from the first host to the sender computing device. The secure message can be received at the sender computer device and conveyed to the recipient computing device.

公开(公告)号：US11829999B2

公开(公告)日：2023-11-28

申请号：US16682357

申请日：2019-11-13

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Mehdi Collinge ,  Susan Thompson ,  Patrik Smets ,  David Anthony Roberts ,  Michael Christopher Ward

IPC: G06Q20/38 ,  G06Q20/32 ,  G06Q20/40

CPC classification number: G06Q20/3823 ,  G06Q20/322 ,  G06Q20/385 ,  G06Q20/405 ,  G06Q20/4012

Abstract: A system and method for generating and provisioning payment credentials to a mobile device lacking a secure element includes receiving and storing by the mobile device a card profile from a remote system. The card profile may include payment credentials corresponding to a payment account and a profile identifier. The mobile device may receive a mobile personal identification number (PIN) input by a user of the mobile device and transmit a key request to the remote system. The mobile device may receive a single use key which may include an application transaction counter and a generating key from the remote system. The mobile device may generate a payment cryptogram valid for a single financial transaction based on the received single use key and the mobile PIN and transmit the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction.

公开(公告)号：US20230155833A1

公开(公告)日：2023-05-18

申请号：US18079765

申请日：2022-12-12

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Patrik Smets ,  David Anthony Roberts

IPC: H04L9/32 ,  G06Q20/38 ,  H04L9/06 ,  H04L9/40

CPC classification number: H04L9/3213 ,  G06Q20/3821 ,  H04L9/0643 ,  H04L63/0876 ,  H04L2209/56

Abstract: There is provided an authentication system for validating identity credentials of a user attempting to access a resource provided by a remote resource provision system. The authentication system includes an input configured to receive, from the resource provision system, an authentication request comprising a cryptographic representation of digital identity data of the user and an associated token identifier, where the digital identity data comprises at least one image of an identity credential of the user. The system also includes a processor configured to: determine a pre-stored cryptographic identifier corresponding to the token identifier; and compare the received cryptographic representation with the pre-stored cryptographic identifier. The system further includes an output configured to transmit, to the remote resource provision system and in response to determining a match between the received cryptographic representation and the pre-stored cryptographic identifier, an authentication confirmation indicating successful validation of the digital identity data.

公开(公告)号：US11620654B2

公开(公告)日：2023-04-04

申请号：US14959646

申请日：2015-12-04

Applicant: MasterCard International Incorporated

Inventor： Maurice David Liscia ,  Axel Cateland ,  Ngassam Ngnoumen ,  David Anthony Roberts

IPC: G06Q20/40 ,  G06K19/06 ,  G06K7/08 ,  G06Q20/34 ,  G06Q20/36 ,  G06Q20/32 ,  G06Q20/20 ,  G06Q20/38

Abstract: Methods and apparatus for enabling a proximity payment device to generate dynamic data for securely conducting a transaction by emulating a magnetic stripe payment card. In an embodiment, a mobile device processor transmits information to a digital enablement service computer to activate a simulated magnetic stripe payment wallet application stored in the mobile device. The mobile device then receives one or more cryptographic keys, generates an unpredictable number (UN), generates dynamic CVC3 data based on the UN, and then assembles emulated magnetic stripe data. During initiation of a purchase transaction, the mobile device processor transmits the emulated magnetic stripe data to a communications interface associated with a merchant device.

公开(公告)号：US11470659B2

公开(公告)日：2022-10-11

申请号：US17078983

申请日：2020-10-23

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Patrik Smets ,  Eddy Van De Velde ,  David Anthony Roberts ,  Jonathan James Main

IPC: H04W76/11 ,  H04W76/12 ,  H04W12/63 ,  H04W12/65 ,  G06Q20/20 ,  H04L65/1104

Abstract: Examples provide a system and method for initiating contactless communication sessions between computing devices using a variety of modalities. A user pre-registers a selected modality for triggering session initiation. A session initiation device generates trigger data based on a detected occurrence of a predetermined event corresponding to a user selected modality, such as, but not limited to, biometric data, a unique user identifier (ID), a vehicle identifier, or any other type of modality. The trigger data is mapped to a mobile device ID. The mobile device ID can be requested from a connection server. The communication session is established between the first computing device and the mobile user device using the mobile device identifier. The computing device transmits data to the mobile user device via the established communication session when the computing device is brought into proximity to the mobile user device.