公开(公告)号：US20160080151A1

公开(公告)日：2016-03-17

申请号：US14850286

申请日：2015-09-10

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Patrik Smets ,  Patrick Mestré ,  Dave Roberts ,  Duncan Garrett

IPC: H04L9/32 ,  G06Q20/38 ,  G06Q20/40 ,  H04W12/06

CPC classification number: H04L9/321 ,  G06Q20/3829 ,  G06Q20/401 ,  G06Q2220/00 ,  H04L9/3228 ,  H04L9/3242 ,  H04L63/08 ,  H04L2209/56

Abstract: A system and method of authenticating a communication network comprising a first computing device, a second computing device and an intermediary computing device, wherein there is a first path between the first computing device and the intermediary computing device and a second path between the second computing device and the intermediary computing device. The method is executed at the intermediary computing device, and comprises receiving, from the first computing device, a first session key generated by the first computing device using a function, wherein an input to the function comprises an incremented variable; receiving, from the second computing device, data associated with a second session key generated by the second computing device using the function; determining that the first session key and the second session key are the same; and defining the communication network as authentic when the first session key and the second session key are the same.

Abstract translation: 一种认证包括第一计算设备，第二计算设备和中间计算设备的通信网络的系统和方法，其中在所述第一计算设备和所述中间计算设备之间存在第一路径以及所述第二计算设备之间的第二路径 和中介计算设备。 所述方法在所述中间计算设备处执行，并且包括从所述第一计算设备接收由所述第一计算设备使用功能生成的第一会话密钥，其中所述函数的输入包括递增的变量; 从所述第二计算设备接收与由所述第二计算设备使用所述功能生成的第二会话密钥相关联的数据; 确定第一会话密钥和第二会话密钥是相同的; 以及当所述第一会话密钥和所述第二会话密钥相同时，将所述通信网络定义为真实的。

公开(公告)号：US20140365776A1

公开(公告)日：2014-12-11

申请号：US14298280

申请日：2014-06-06

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Patrik Smets ,  Patrick Mestré ,  Dave Roberts ,  Duncan Garrett

IPC: H04L9/08

CPC classification number: G06Q20/401 ,  G06Q20/102 ,  G06Q20/341 ,  G06Q20/3829 ,  G06Q20/409 ,  H04L9/0841 ,  H04L9/0869 ,  H04L9/3066 ,  H04L63/1408 ,  H04L2209/08 ,  H04L2209/16 ,  H04L2209/56

Abstract: A transaction device for establishing a shared secret with a point of interaction (POI) over a communications network to enable encrypted communications between the transaction device and the point of interaction, the device comprising: an input arranged to receive communications from the point of interaction; a processor arranged to generate a first communication according to a Diffie-Hellman protocol; an output arranged to send the first communication to the point of interaction; wherein the processor is arranged to apply a randomly generated blinding factor, r, when generating the first communication and wherein, in response to receiving a second communication from the point of interaction at the input, the second communication having been generated according to the Diffie-Hellman protocol, the processor is arranged to apply the randomly generated blinding factor and generate a shared secret according to the Diffie-Hellman protocol in dependence on data contained within the second communication.

Abstract translation: 一种交易设备，用于通过通信网络建立具有交互点（POI）的共享秘密，以实现交易设备与交互点之间的加密通信，该设备包括：输入端，用于从交互点接收通信; 布置成根据Diffie-Hellman协议生成第一通信的处理器; 布置成将第一通信发送到交互点的输出; 其中所述处理器被布置为在生成所述第一通信时应用随机生成的盲目因子r，并且其中响应于从所述输入处的交互点接收到第二通信，所述第二通信已经根据所述Diffie- Hellman协议，处理器被布置为根据Diffie-Hellman协议应用随机生成的盲目因子并根据第二通信中包含的数据生成共享秘密。

公开(公告)号：US12118534B2

公开(公告)日：2024-10-15

申请号：US18347049

申请日：2023-07-05

Applicant: Mastercard International Incorporated

Inventor： Ian David Alan Maddocks ,  Simon Phillips ,  Duncan Garrett ,  James John Anderson

IPC: G06Q20/32 ,  G06Q20/10 ,  G06Q20/40 ,  H04W4/80

CPC classification number: G06Q20/3278 ,  G06Q20/102 ,  G06Q20/3224 ,  G06Q20/4012 ,  G06Q20/405 ,  H04W4/80

Abstract: A contactless transaction terminal and method for interacting with a payment enabled mobile device to permit access to a location or to a service. The contactless transaction terminal includes a processor, a polling signal generator operably connected to the processor, an NFC circuit operably connected to the polling signal generator, and a receiver operably connected to the NFC circuit and to a data recovery circuit that is operably connected to the processor. Also included is a storage device operably connected to the processor. The storage device stores program instructions which when executed cause the processor to generate, via the polling signal generator, short-distance radio signals including at least three polling signals; emit, via the NFC circuit, the at least three polling signals at frequent intervals for detection by a payment-enabled mobile device; receive at least one of a Type A or Type B signal from the payment enabled mobile device; and permit access to at least one of a location or service.

公开(公告)号：US11734669B2

公开(公告)日：2023-08-22

申请号：US17341924

申请日：2021-06-08

Applicant: Mastercard International Incorporated

Inventor： Ian David Alan Maddocks ,  Simon Phillips ,  Duncan Garrett ,  James John Anderson

IPC: G06Q20/40 ,  G06Q20/32 ,  G06Q20/20 ,  G06Q20/38 ,  G06Q20/10 ,  H04W4/80

CPC classification number: G06Q20/3278 ,  G06Q20/102 ,  G06Q20/3224 ,  G06Q20/405 ,  G06Q20/4012 ,  H04W4/80

Abstract: A method of operating a payment-enabled mobile device to gain access to a location or a service. In an embodiment, a contactless front-end (CLF) component of a payment-enabled mobile device sequentially detects short-distance radio signals comprising at least two different polling signals, determines based on the sequence of the at least two different polling signals, that the payment-enabled mobile device is in proximity to a non-retail contactless transaction terminal, and then a payment application running on the payment-enabled mobile device bypasses a customary user verification feature. The process also includes the payment-enabled mobile device running the payment application performing a transaction with the non-retail contactless transaction terminal without invoking the customary user verification feature and then gaining access to at least one of a location or service. In some embodiments, the location or service includes one of a transit system, a hotel, a motor vehicle, a workplace, a room, a home, a bank branch, a vehicle charging station and a government facility.

公开(公告)号：US09779402B2

公开(公告)日：2017-10-03

申请号：US15265151

申请日：2016-09-14

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Duncan Garrett ,  Dave Roberts ,  Patrik Smets

IPC: G06Q20/40 ,  H04L9/08 ,  G06Q20/34 ,  G06Q20/38 ,  H04L9/30 ,  H04L29/06 ,  G06Q20/10

CPC classification number: G06Q20/401 ,  G06Q20/102 ,  G06Q20/341 ,  G06Q20/3829 ,  G06Q20/409 ,  H04L9/0841 ,  H04L9/0869 ,  H04L9/3066 ,  H04L63/1408 ,  H04L2209/08 ,  H04L2209/16 ,  H04L2209/56

Abstract: Methods and devices are provided for use in detecting relay attacks between devices in a communications network. One method includes sending first data by a first device to a second device, and receiving, by the first device, a communication from the second device where the communication comprises second data generated at the second device and a time parameter related to the generation of the second data. The method also includes measuring a total transmission time at the first device between sending the first data and receiving the communication, and determining a further time parameter related to the generation of the second data based at least in part on the measured total transmission time. The method then further includes determining the presence of a relay attack between the first and second devices in dependence on a comparison of the time parameter and the further time parameter.

公开(公告)号：US20170206521A1

公开(公告)日：2017-07-20

申请号：US15334735

申请日：2016-10-26

Applicant: MasterCard International Incorporated

Inventor： Ian David Alan Maddocks ,  Simon Phillips ,  Duncan Garrett ,  James John Anderson

IPC: G06Q20/32 ,  G06Q20/40 ,  G06Q20/10 ,  H04W4/00

CPC classification number: G06Q20/3278 ,  G06Q20/102 ,  G06Q20/3224 ,  G06Q20/4012 ,  G06Q20/405 ,  H04W4/80

Abstract: A method of operating a payment-enabled mobile device includes detecting, by the mobile device, that the mobile device is in proximity to a non-retail contactless transaction terminal. The method further includes permitting operation of an application program in the mobile device. The permitting of operation of the application program is in response to the detected proximity of the non-retail contactless transaction terminal. The operation of the application program is to engage in a transaction with the non-retail contactless transaction terminal while bypassing a user verification feature of the application program.

公开(公告)号：US20170006048A1

公开(公告)日：2017-01-05

申请号：US15265151

申请日：2016-09-14

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Duncan Garrett ,  Dave Roberts ,  Patrik Smets

IPC: H04L29/06 ,  G06Q20/34 ,  H04L9/30 ,  H04L9/08

CPC classification number: G06Q20/401 ,  G06Q20/102 ,  G06Q20/341 ,  G06Q20/3829 ,  G06Q20/409 ,  H04L9/0841 ,  H04L9/0869 ,  H04L9/3066 ,  H04L63/1408 ,  H04L2209/08 ,  H04L2209/16 ,  H04L2209/56

Abstract: Methods and devices are provided for use in detecting relay attacks between devices in a communications network. One method includes sending first data by a first device to a second device, and receiving, by the first device, a communication from the second device where the communication comprises second data generated at the second device and a time parameter related to the generation of the second data. The method also includes measuring a total transmission time at the first device between sending the first data and receiving the communication, and determining a further time parameter related to the generation of the second data based at least in part on the measured total transmission time. The method then further includes determining the presence of a relay attack between the first and second devices in dependence on a comparison of the time parameter and the further time parameter.

Abstract translation: 提供了用于检测通信网络中设备之间的中继攻击的方法和设备。 一种方法包括：通过第一设备将第一数据发送到第二设备，以及由第一设备接收来自第二设备的通信，其中通信包括在第二设备处生成的第二数据，以及与生成第二设备相关的时间参数 第二个数据。 该方法还包括在发送第一数据和接收通信之间测量第一设备的总传输时间，以及至少部分地基于所测量的总传输时间来确定与产生第二数据有关的另外的时间参数。 该方法然后还包括根据时间参数和另外的时间参数的比较确定第一和第二设备之间的中继攻击的存在。

公开(公告)号：US20130246269A1

公开(公告)日：2013-09-19

申请号：US13754419

申请日：2013-01-30

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： David A. Roberts ,  Duncan Garrett ,  Eddy L. H. Van de Velde

IPC: G06Q20/40

CPC classification number: G06Q20/40 ,  G06Q20/10 ,  G06Q20/18 ,  G06Q20/38 ,  G06Q20/382 ,  G07F7/1008 ,  G07F7/12

Abstract: A first command is sent from a payment terminal assembly to a payment device with an on-device balance to compute a cryptogram to complete a putative transaction. It is detected that the cryptogram is not received as expected. In response, an identifier of the payment device and transaction recovery data associated with the putative transaction are stored in a storage area of a terminal memory of the payment terminal assembly. The payment terminal assembly obtains the identifier of the payment device, upon re-presentation of the payment device. Upon such re-presentation, the payment terminal assembly compares the obtained identifier of the payment device to contents of the storage area. Conditioned at least upon the comparing yielding a match, a second command is sent from the payment terminal assembly to the payment device to instruct the payment device to re-produce the cryptogram to complete the putative transaction.

Abstract translation: 第一命令从支付终端组件发送到具有设备上余额的支付设备，以计算密码以完成推定的交易。 检测到没有按预期方式收到密码。 作为响应，将与推定交易相关联的支付设备和交易恢复数据的标识符存储在支付终端组件的终端存储器的存储区域中。 支付终端组件在重新呈现支付设备时获得支付设备的标识符。 在这种重新呈现时，支付终端组件将获得的支付设备的标识符与存储区域的内容进行比较。 至少在进行比较的条件下产生匹配时，第二命令从支付终端组件发送到支付设备，以指示支付设备重新产生密码以完成推定的交易。

公开(公告)号：US11379849B2

公开(公告)日：2022-07-05

申请号：US16811727

申请日：2020-03-06

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Patrick Mestre ,  Patrik Smets ,  Eddy Van De Velde ,  Duncan Garrett

IPC: G06Q20/40 ,  G06Q20/34 ,  G06Q20/38 ,  H04L9/06 ,  H04L9/08

Abstract: A method of performing a contactless transaction between a payment device and a terminal is described. The method comprises establishing a data connection between the payment device and the terminal and then establishing if the payment device and the terminal both support an enhanced security architecture. If they do not, they will then perform the contactless transaction according to a basic transaction flow using a first cryptographic system. If they do, they will perform the contactless transaction according to an enhanced transaction flow using a second cryptographic system. The first cryptographic system and the second cryptographic system comprise different asymmetric cryptographic systems. Suitable payment devices and terminals, and methods at the payment devices and terminals, are described.

公开(公告)号：US11188893B2

公开(公告)日：2021-11-30

申请号：US15334735

申请日：2016-10-26

Applicant: MasterCard International Incorporated

Inventor： Ian David Alan Maddocks ,  Simon Phillips ,  Duncan Garrett ,  James John Anderson

IPC: G06Q20/40 ,  G06Q30/02 ,  G06Q20/32 ,  G06Q20/34 ,  G06Q20/38 ,  H04W4/80 ,  G06Q20/10

Abstract: A method of operating a payment-enabled mobile device includes detecting, by the mobile device, that the mobile device is in proximity to a non-retail contactless transaction terminal. The method further includes permitting operation of an application program in the mobile device. The permitting of operation of the application program is in response to the detected proximity of the non-retail contactless transaction terminal. The operation of the application program is to engage in a transaction with the non-retail contactless transaction terminal while bypassing a user verification feature of the application program.