公开(公告)号：US11580509B2

公开(公告)日：2023-02-14

申请号：US16440060

申请日：2019-06-13

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Dave Sylvester ,  John Beric ,  James David Sinton ,  Duncan Garrett ,  David Anthony Roberts ,  Emil Johan Sjoberg

IPC: G06Q20/10 ,  G06Q20/06 ,  G06Q20/36

Abstract: A transaction device is described. The device comprises storage configured to store a first data record comprising first value data and a unique identifier associated with one other device; communications circuitry configured to receive an identifier and second value data from a device; and control circuitry configured to compare the received identifier with the unique identifier and in the event of a positive comparison, the control circuitry is further configured to update the stored first value data in accordance with the exchanged second value data.

公开(公告)号：US11528139B2

公开(公告)日：2022-12-13

申请号：US16838666

申请日：2020-04-02

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Patrik Smets ,  David Anthony Roberts

IPC: H04L9/32 ,  H04L9/06 ,  H04L29/06 ,  G06Q20/38 ,  H04L9/40

Abstract: There is provided an authentication system for validating identity credentials of a user attempting to access a resource provided by a remote resource provision system. The authentication system includes an input configured to receive, from the resource provision system, an authentication request comprising a cryptographic representation of digital identity data of the user and an associated token identifier, where the digital identity data comprises at least one image of an identity credential of the user. The system also includes a processor configured to: determine a pre-stored cryptographic identifier corresponding to the token identifier; and compare the received cryptographic representation with the pre-stored cryptographic identifier. The system further includes an output configured to transmit, to the remote resource provision system and in response to determining a match between the received cryptographic representation and the pre-stored cryptographic identifier, an authentication confirmation indicating successful validation of the digital identity data.

公开(公告)号：US11151579B2

公开(公告)日：2021-10-19

申请号：US16209340

申请日：2018-12-04

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： David Anthony Roberts ,  Patrik Smets ,  Ramin Aghdaee ,  Joseph Pitcher

IPC: G06Q30/00 ,  G06Q20/40 ,  G06Q20/34 ,  G07G1/00 ,  G06Q20/20 ,  G06Q20/38 ,  B42D25/305

Abstract: A method for a goods manager to authenticate products at the point of sale is provided. The method comprises: providing an authentication device to a merchant, wherein the authentication device is not associated with a product but is configured to receive product information from a merchant terminal; once information about a product has been received by the authentication device from the merchant terminal, obtaining from the authentication device a signed message comprising information about the authentication device and information about the product received from the merchant terminal; and providing authorization data to the authentication device if the information fulfils one or more criteria, thereby associating the authentication device with the product. A method for a merchant to authenticate goods at the point of sale and a merchant terminal to perform such a method are also provided.

公开(公告)号：US20200322152A1

公开(公告)日：2020-10-08

申请号：US16838666

申请日：2020-04-02

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Patrik Smets ,  David Anthony Roberts

IPC: H04L9/32 ,  H04L9/06 ,  H04L29/06 ,  G06Q20/38

Abstract: There is provided an authentication system for validating identity credentials of a user attempting to access a resource provided by a remote resource provision system. The authentication system includes an input configured to receive, from the resource provision system, an authentication request comprising a cryptographic representation of digital identity data of the user and an associated token identifier, where the digital identity data comprises at least one image of an identity credential of the user. The system also includes a processor configured to: determine a pre-stored cryptographic identifier corresponding to the token identifier; and compare the received cryptographic representation with the pre-stored cryptographic identifier. The system further includes an output configured to transmit, to the remote resource provision system and in response to determining a match between the received cryptographic representation and the pre-stored cryptographic identifier, an authentication confirmation indicating successful validation of the digital identity data.

公开(公告)号：US10699277B2

公开(公告)日：2020-06-30

申请号：US14983973

申请日：2015-12-30

Applicant: MasterCard International Incorporated

Inventor： Patrik Smets ,  Axel Cateland ,  Ian David Alan Maddocks ,  David Anthony Roberts

IPC: G06Q20/40 ,  G06Q20/34 ,  G06Q20/32

Abstract: A mobile computing device having at least one processor and at least one memory, together providing a first execution environment and a second execution environment logically isolated from the first execution environment, the mobile computing device comprising: a first application executable within the first execution environment; a second trusted application executable within the second execution environment; and a secure communications channel between the first application and the second trusted application, wherein the second trusted application is configured to generate one or more data items and to provide the one or more data items to the first application via the secure communications channel.

公开(公告)号：US10552840B2

公开(公告)日：2020-02-04

申请号：US15386568

申请日：2016-12-21

Applicant: MasterCard International Incorporated

Inventor： Patrik Smets ,  Tim Stuart ,  Chirodeep Aikat ,  David Kenneth Meadon ,  David Anthony Roberts

IPC: G06K5/00 ,  G06Q20/40 ,  G06Q20/20 ,  G06Q20/34 ,  G07F7/08

Abstract: A payment transaction is performed at a POS (point of sale) device. The device includes a terminal component and a reader component. The reader component includes a contact interface for establishing a data signal path via conductive contact with an integrated circuit (IC) payment card. A payment transaction is initiated. The data signal path is established between the reader component and the IC payment card. The IC payment card is commanded to generate a cryptogram for verification by an issuer of the card. The cryptogram is received from the card. In response to receiving the cryptogram, a command is issued to disable contact reading operation by the reader component.

公开(公告)号：US10461927B2

公开(公告)日：2019-10-29

申请号：US15642762

申请日：2017-07-06

Applicant: MasterCard International Incorporated

Inventor： Michael Ward ,  John Beric ,  Duncan Garrett ,  David Anthony Roberts

IPC: H04L9/08 ,  H04L9/30 ,  H04L9/14 ,  H04L9/32

Abstract: A method of establishing a secure channel for communication between a first computing device and a second computing device is described. The method uses an elliptic curve Diffie-Hellman protocol, wherein G is an elliptic curve generator point and the first computing device has a unique private key dc with a public key Qc=dc G certified by a party trusted by the second computing device. The first computing device generates (520) a blinding factor r and sends (540) a blinded public key R=r·Qc to the second computing device. The second computing device generates (510) an ephemeral private key dt and a corresponding ephemeral public key Qt=dt G and sends Qt to the first computing device. The first computing device generates (530) Kc=KDF(r dc·Qt) and the second computing device generates (550) Kt=KDF(dt·R), where KDF is a key derivation function used in both generation operations, to establish a secure channel between the first computing device and the second computing device. G is a point in the elliptic curve group E, wherein E is a group of prime order but E* is the quadratic twist of E and is a group of order m=z·m′ where m′ is prime and z is an integer, wherein r·dc is chosen such that z is a factor of r·dc. Suitable apparatus for performing the method is also described.

公开(公告)号：US20180183579A1

公开(公告)日：2018-06-28

申请号：US15822669

申请日：2017-11-27

Applicant: MasterCard International Incorporated

Inventor： David Anthony Roberts ,  Alan Mushing ,  Susan Thompson

IPC: H04L9/08 ,  G06F21/53 ,  H04W4/00 ,  G06Q20/38

Abstract: A method of refreshing key material is described for use in a trusted execution environment logically protected from a regular execution environment. The trusted execution environment further comprises a key identifier. New key material is received at the trusted execution environment to replace existing key material. The key identifier is set to a new value to indicate that new key material is present. The new value of the key identifier is provided directly or indirectly to other parties in association with cryptographic outputs provided by the trusted execution environment using the refreshed key material. This approach is described in connection with an application executing securely on a mobile device.

公开(公告)号：US20180026784A1

公开(公告)日：2018-01-25

申请号：US15642762

申请日：2017-07-06

Applicant: MasterCard International Incorporated

Inventor： Michael Ward ,  John Beric ,  Duncan Garrett ,  David Anthony Roberts

IPC: H04L9/08 ,  H04L9/30 ,  H04L9/14

Abstract: A method of establishing a secure channel for communication between a first computing device and a second computing device is described. The method uses an elliptic curve Diffie-Hellman protocol, wherein G is an elliptic curve generator point and the first computing device has a unique private key dc with a public key Qc=dc G certified by a party trusted by the second computing device. The first computing device generates (520) a blinding factor r and sends (540) a blinded public key R=r·Qc to the second computing device. The second computing device generates (510) an ephemeral private key dt and a corresponding ephemeral public key Qt=dt G and sends Qt to the first computing device. The first computing device generates (530) Kc=KDF (r dc·Qt) and the second computing device generates (550) Kt=KDF (dt·R), where KDF is a key derivation function used in both generation operations, to establish a secure channel between the first computing device and the second computing device. G is a point in the elliptic curve group E, wherein E is a group of prime order but E* is the quadratic twist of E and is a group of order m=z·m′ where m′ is prime and z is an integer, wherein r·dc is chosen such that z is a factor of r·dc. Suitable apparatus for performing the method is also described.

公开(公告)号：US20170169424A1

公开(公告)日：2017-06-15

申请号：US15375537

申请日：2016-12-12

Applicant: MasterCard International Incorporated

Inventor： Ian David Alan Maddocks ,  David Anthony Roberts

IPC: G06Q20/38 ,  G06Q20/32 ,  G06Q20/40

CPC classification number: G06Q20/3821 ,  G06Q20/322 ,  G06Q20/35785 ,  G06Q20/40 ,  G06Q20/4012 ,  G06Q20/4014 ,  G06Q20/40145 ,  G06Q2220/00 ,  H04L63/0861 ,  H04L63/0884 ,  H04W12/06

Abstract: A method of performing a transaction with a payment credential where the transaction is approved by a delegated user is described. A user and an issuer of a payment credential between them establish permitted use and an authentication option for a delegated user. The delegated user uses the payment credential to perform the transaction. Both the transaction and the authentication option used by the delegated user are provided to the issuer. The issuer then will allow the transaction if the transaction falls within the permitted use and the authentication option is valid for the delegated user. Suitable computing devices and service offerings are also described.