公开(公告)号：US11146539B2

公开(公告)日：2021-10-12

申请号：US16228238

申请日：2018-12-20

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Duncan Garrett ,  John Beric ,  Michael Ward ,  David Anthony Roberts

IPC: H04L29/06 ,  G06Q20/32 ,  G06Q20/42 ,  G06Q20/40

Abstract: A method for trusted notifications comprises: receiving, at a first host having at least one trusted server, a request message from a sender computing device, the request message comprising a request identifier and instructions to: update, at a second host, a recipient account associated with a recipient computing device, and to make a corresponding update at the first host to a sender account associated with the sender computing device. The method further comprises authorizing, at the first host, the request message; updating the sender account; generating a secure message at the at least one trusted server, the secure message comprising the request identifier and an indication from the at least one trusted server that the update completed; and sending the secure message from the first host to the sender computing device. The secure message can be received at the sender computer device and conveyed to the recipient computing device.

公开(公告)号：US11080697B2

公开(公告)日：2021-08-03

申请号：US15725893

申请日：2017-10-05

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Sowmya Reddy Lakka ,  Brian Piel ,  Vincenzo Palomba ,  Jonathan James Main ,  David Anthony Roberts

IPC: G06Q20/38 ,  G06Q20/40 ,  G06Q20/12 ,  G06Q20/04

Abstract: Systems and methods are provided for authenticating users to payment accounts in connection with transactions. An exemplary method includes receiving, by at least one computing device, an authentication request for a transaction associated with a payment account where the authentication request includes a token associated with the payment account and a cryptogram, and mapping the token to a primary account number (PAN) for the payment account. The method also includes validating the cryptogram, generating a directory server nonce (DSN) for the authentication request, and transmitting the DSN and the account number to an access control server (ACS) associated with an issuer of the payment account. The method further includes, in response to an issuer authentication value (IAV), compiling an accountholder authentication value (AAV) including the IAV, the DSN and an amount of the transaction, and transmitting the AAV to one of a merchant and a server.

公开(公告)号：US10778416B2

公开(公告)日：2020-09-15

申请号：US15822669

申请日：2017-11-27

Applicant: MasterCard International Incorporated

Inventor： David Anthony Roberts ,  Alan Mushing ,  Susan Thompson

IPC: H04L9/08 ,  H04W12/04 ,  G06Q20/38 ,  G06Q20/32 ,  G06Q20/34 ,  G06Q20/12 ,  H04W4/60 ,  G06F21/53 ,  G06F21/74

Abstract: A method of refreshing key material is described for use in a trusted execution environment logically protected from a regular execution environment. The trusted execution environment further comprises a key identifier. New key material is received at the trusted execution environment to replace existing key material. The key identifier is set to a new value to indicate that new key material is present. The new value of the key identifier is provided directly or indirectly to other parties in association with cryptographic outputs provided by the trusted execution environment using the refreshed key material. This approach is described in connection with an application executing securely on a mobile device.

公开(公告)号：US20190188731A1

公开(公告)日：2019-06-20

申请号：US16209340

申请日：2018-12-04

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： David Anthony Roberts ,  Patrik Smets ,  Ramin Aghdaee ,  Joseph Pitcher

IPC: G06Q30/00 ,  G06Q20/40 ,  G06Q20/20 ,  G07G1/00 ,  G06Q20/34

CPC classification number: G06Q30/0185 ,  B42D25/305 ,  G06Q20/20 ,  G06Q20/209 ,  G06Q20/341 ,  G06Q20/352 ,  G06Q20/3552 ,  G06Q20/3825 ,  G06Q20/3827 ,  G06Q20/401 ,  G06Q30/018 ,  G07G1/009

Abstract: A method for a goods manager to authenticate products at the point of sale is provided. The method comprises: providing an authentication device to a merchant, wherein the authentication device is not associated with a product but is configured to receive product information from a merchant terminal; once information about a product has been received by the authentication device from the merchant terminal, obtaining from the authentication device a signed message comprising information about the authentication device and information about the product received from the merchant terminal; and providing authorization data to the authentication device if the information fulfils one or more criteria, thereby associating the authentication device with the product. A method for a merchant to authenticate goods at the point of sale and a merchant terminal to perform such a method are also provided.

公开(公告)号：US20190114617A1

公开(公告)日：2019-04-18

申请号：US16156560

申请日：2018-10-10

Applicant: Mastercard International Incorporated

Inventor： Florent Hay ,  Kuan Hua Chen ,  David Anthony Roberts

IPC: G06Q20/32 ,  H04W12/06 ,  G06F21/36 ,  G06Q20/40 ,  G06K7/14

Abstract: There is presented a method and a computing device for user authentication and transaction staging on a user device. The method comprises authenticating a user of the user device by a first device verification method and generating transaction credentials at the user device. The method further comprises generating at least one optical code data corresponding to the transaction credentials and displaying the at least one optical code on the user device in a form suitable for scanning by a second device to progress a transaction with the second device.

公开(公告)号：US10135614B2

公开(公告)日：2018-11-20

申请号：US14243325

申请日：2014-04-02

Applicant: MasterCard International Incorporated

Inventor： David Anthony Roberts ,  Patrik Smets ,  Axel Emile Jean Charles Cateland ,  Patricia Bateson

IPC: H04L9/08 ,  H04W12/06 ,  H04W12/04 ,  H04L9/32 ,  G06Q20/20 ,  G06Q20/32 ,  G06Q20/38

Abstract: Disclosed herein is a method for performing an integrated contactless point-of-sale transaction. More particularly, there is disclose a method comprising: receiving, by a mobile device 1, a seed number from a communications network; generating, by the mobile device 1, one or more session keys, in dependence on the received seed number, for use in encrypted communication with the mobile device 1; and/or generating, by the mobile device 1, a pre-image, in dependence on the received seed number, for use in generating an unpredictable number for use in secure communication with the mobile device. Advantageously, the generation of session keys and/or a pre-image in dependence on a seed number provided to the mobile device improves the security of the system since the source of the seed number can detect incorrect session keys and/or unpredictable number derived from an incorrect pre-image.

公开(公告)号：US20160217467A1

公开(公告)日：2016-07-28

申请号：US14983973

申请日：2015-12-30

Applicant: MasterCard International Incorporated

Inventor： Patrik Smets ,  Axel Cateland ,  Ian David Alan Maddocks ,  David Anthony Roberts

IPC: G06Q20/40 ,  G06Q20/32

Abstract: A mobile computing device having at least one processor and at least one memory, together providing a first execution environment and a second execution environment logically isolated from the first execution environment, the mobile computing device comprising: a first application executable within the first execution environment; a second trusted application executable within the second execution environment; and a secure communications channel between the first application and the second trusted application, wherein the second trusted application is configured to generate one or more data items and to provide the one or more data items to the first application via the secure communications channel.

Abstract translation: 一种具有至少一个处理器和至少一个存储器的移动计算设备，一起提供与第一执行环境逻辑隔离的第一执行环境和第二执行环境，所述移动计算设备包括：可在第一执行环境内执行的第一应用; 在第二执行环境内可执行的第二可信应用程序; 以及第一应用和第二可信应用之间的安全通信信道，其中所述第二可信应用被配置为生成一个或多个数据项，并且经由所述安全通信信道将所述一个或多个数据项提供给所述第一应用。

公开(公告)号：US20160110696A1

公开(公告)日：2016-04-21

申请号：US14884151

申请日：2015-10-15

Applicant: MasterCard International Incorporated

Inventor： Michael David Angus ,  John Beric ,  David Colby Brown ,  Chanoch Henuch Gewirtz ,  Salah Malaika Goss ,  Dennis J. Hill ,  Patrick L. Killian ,  Sandeep Malhotra ,  Paul Michael Musser ,  Tara Nathan ,  David Anthony Roberts ,  Mark N. Savoye ,  Dave Sylvester

IPC: G06Q20/10 ,  G06Q20/36

CPC classification number: G06Q20/108 ,  G06Q20/367

Abstract: One or more embodiments provide a system and method comprising receiving at a device a first token associated with a first account; executing a transaction; recording the executed transaction at each of the device and the first token, wherein the execution of the transaction is offline; and balancing the account associated with the first token per the transaction when the first token is online after the executed transaction. Numerous other aspects are provided.

Abstract translation: 一个或多个实施例提供一种系统和方法，包括在设备处接收与第一帐户相关联的第一令牌; 执行交易; 在所述设备和所述第一令牌的每一个处记录所执行的交易，其中所述交易的执行是脱机的; 并且在执行的事务之后，当第一个令牌联机时，平衡每个事务与第一个令牌相关联的帐户。 提供了许多其他方面。

公开(公告)号：US20140298027A1

公开(公告)日：2014-10-02

申请号：US14243325

申请日：2014-04-02

Applicant: MasterCard International Incorporated

Inventor： David Anthony Roberts ,  Patrik Smets ,  Axel Emile Jean Charles Cateland ,  Patricia Bateson

IPC: H04L9/08 ,  H04W12/06

CPC classification number: H04L9/0869 ,  G06Q20/20 ,  G06Q20/3278 ,  G06Q20/3829 ,  H04L9/321 ,  H04L9/3271 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06

Abstract: Disclosed herein is a method for performing an integrated contactless point-of-sale transaction. More particularly, there is disclose a method comprising: receiving, by a mobile device 1, a seed number from a communications network; generating, by the mobile device 1, one or more session keys, in dependence on the received seed number, for use in encrypted communication with the mobile device 1; and/or generating, by the mobile device 1, a pre-image, in dependence on the received seed number, for use in generating an unpredictable number for use in secure communication with the mobile device. Advantageously, the generation of session keys and/or a pre-image in dependence on a seed number provided to the mobile device improves the security of the system since the source of the seed number can detect incorrect session keys and/or unpredictable number derived from an incorrect pre-image.

Abstract translation: 本文公开了一种执行集成的非接触式销售点交易的方法。 更具体地，公开了一种方法，包括：由移动设备1从通信网络接收种子号码; 由移动设备1根据接收到的种子号码生成用于与移动设备1的加密通信中的一个或多个会话密钥; 和/或由移动设备1根据接收到的种子号码生成用于生成用于与移动设备进行安全通信的不可预测的号码的前置映像。 有利的是，根据提供给移动设备的种子号码，生成会话密钥和/或预先映像提高了系统的安全性，因为种子号码的源可以检测不正确的会话密钥和/或不可预测的号码 不正确的前图像。

公开(公告)号：US20140279559A1

公开(公告)日：2014-09-18

申请号：US13832931

申请日：2013-03-15

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Theresa SMITH ,  David Anthony Roberts ,  David John Sylvester

IPC: G06Q20/22 ,  G06Q20/38

CPC classification number: G06Q20/227 ,  G06Q20/3227 ,  G06Q20/3552 ,  G06Q20/363 ,  G06Q20/3829

Abstract: A method and system for transmitting multiple payment accounts for use by a payment device. The method includes allocating a cryptographic personal account number (CPAN) and producing at least one cryptographic master key set relating to this CPAN and transmitting, by a transmitting device, at least one produced cryptographic master key set for storage in a payment device. Further, the method includes receiving, by a receiving device, at least one device personal account number (DPAN), wherein each of the at least one DPAN is associated with a payment account associated with a consumer; generating, by a processing device, a repersonalization script for each of the at least one DPAN, wherein the repersonalization script includes a set of data associated with the corresponding DPAN; and transmitting, by the transmitting device, at least one repersonalization script to the payment device. The payment device is configured to use the CPAN for selected cryptographic calculations, and use the DPAN and the associated set of data for other aspects of a financial transaction.

Abstract translation: 一种用于发送支付设备使用的多个支付账户的方法和系统。 该方法包括分配密码个人帐号（CPAN）并产生与该CPAN有关的至少一个加密主密钥集，并由发送装置发送至少一个生成的加密主密钥集，用于存储在支付装置中。 此外，该方法包括由接收设备接收至少一个设备个人帐号（DPAN），其中所述至少一个DPAN中的每一个与与消费者相关联的支付账户相关联; 通过处理设备生成用于所述至少一个DPAN中的每一个的repersonalization脚本，其中所述个人化脚本包括与相应DPAN相关联的一组数据; 以及由所述发送装置向所述支付装置发送至少一个再个人化脚本。 支付设备被配置为使用CPAN进行选择的加密计算，并且使用DPAN和相关联的数据集合用于金融交易的其他方面。