公开(公告)号：US20170083915A1

公开(公告)日：2017-03-23

申请号：US15267349

申请日：2016-09-16

Applicant: MasterCard International Incorporated

Inventor： Mehdi Collinge ,  Patrik Smets

IPC: G06Q20/40 ,  G06Q20/36

CPC classification number: G06Q20/4014 ,  G06Q20/32 ,  G06Q20/3224 ,  G06Q20/3227 ,  G06Q20/327 ,  G06Q20/36 ,  G06Q20/3674 ,  G06Q20/382 ,  G06Q20/40 ,  G06Q20/401 ,  G06Q20/4016 ,  G06Q20/409

Abstract: A method is described for providing user authentication and user consent for a transaction made with a payment device. A user authentication step is taken to verify that a user is entitled to use the payment device, and a user consent step is taken to verify that the user consents to the transaction. The user authentication step is discrete from the user consent step. A payment device adapted to perform this method is also described.

公开(公告)号：US20170046715A1

公开(公告)日：2017-02-16

申请号：US15334800

申请日：2016-10-26

Applicant: MasterCard International Incorporated

Inventor： Simon Phillips ,  Mark Britten ,  Mehdi Collinge

IPC: G06Q20/40 ,  H04W12/06 ,  H04L9/32 ,  H04L29/06 ,  G06Q20/32 ,  G06Q20/38

CPC classification number: G06Q20/4014 ,  G06F21/35 ,  G06Q20/322 ,  G06Q20/327 ,  G06Q20/38215 ,  G06Q20/3825 ,  G06Q20/40 ,  G06Q20/4012 ,  G06Q20/40145 ,  G06Q2220/00 ,  H04L9/3226 ,  H04L63/083 ,  H04L63/0853 ,  H04L63/0861 ,  H04W12/06

Abstract: Back-up credentials data is stored for a user. A communication channel is established with a mobile device. A cryptogram is received from the mobile device, such that the cryptogram is relayed by the mobile device from an authentication device that interacted with the mobile device. The authentication device is associated with the user. The cryptogram is verified. In response to the verification of the cryptogram, the stored back-up credentials data is made accessible to the mobile device.

Abstract translation: 为用户存储备份凭据数据。 与移动设备建立通信信道。 从移动设备接收密码，使得密码由移动设备从与移动设备交互的认证设备中继。 认证设备与用户相关联。 验证密码。 响应密码的验证，存储的备份凭证数据使移动设备可访问。

公开(公告)号：US20150244718A1

公开(公告)日：2015-08-27

申请号：US14614174

申请日：2015-02-04

Applicant: MasterCard International Incorporated

Inventor： Patrik Smets ,  Mehdi Collinge

IPC: H04L29/06

CPC classification number: H04L63/0861 ,  G06F21/32 ,  G06F21/34 ,  G06F21/41 ,  G06F21/74 ,  G06F2221/2105

Abstract: Instead of requiring key exchange between a trusted biometric application in a TEE and an external application outside of the TEE that provides access to a secured function, the trusted application is preconfigured with security data such as (in a first implementation) authentication credentials (e.g. a PIN) or (in a second implementation) a cryptographic key. This security data is then used to authenticate a biometric validation obtained by the trusted application to the external application.

Abstract translation: 不需要在TEE中的可信生物特征应用与TEE之外的提供对安全功能的访问的外部应用之间的密钥交换，所述可信应用是预先配置有安全数据，例如（在第一实现中）认证证书（例如 PIN）或（在第二实现中）密码密钥。 然后将该安全数据用于认证由可信应用程序获取到的外部应用程序的生物特征验证。

公开(公告)号：US12273342B2

公开(公告)日：2025-04-08

申请号：US17584671

申请日：2020-06-30

Applicant: Mastercard International Incorporated

Inventor： Mehdi Collinge ,  Omar Laazimani

IPC: H04L9/00 ,  H04L9/40

Abstract: A method of maintaining a secure relationship between a client device and a server is described. The client device receives a first challenge from the server and determines and provides a first response to the first challenge. A cookie is established associated with the secure relationship. This cookie is shared between the client and the server. To establish the secure relationship in a later interaction, the client provides the cookie to the server. The server then provides both the first challenge and a second challenge, to which the client determines a first response and a second response. The client then provides a composite response from which the first response and the second response are derivable by the server, allowing the server to be assured that the secure relationship exists. Each challenge uses a challenge function adapted to provide a fingerprint of the client device. Methods at both client and server, and suitably configured client and server, are also described.

公开(公告)号：US12155753B2

公开(公告)日：2024-11-26

申请号：US17616533

申请日：2020-04-22

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Mehdi Collinge ,  Omar Laazimani ,  Cristian Radu

IPC: H04L9/08 ,  H04L9/32

Abstract: A method is described of managing service events in a distributed computing system. The distributed computing system comprises a plurality of computing nodes able to perform a service using a service process. The method takes place at one of the computing nodes. A service event is received or created. This service event is identified by a combination of a node identifier, a time element, and a local counter value. The local counter value represents a number of service events performed by a service process for a user since a last reset. The identified service event is then stored in a service process database according to node identifier and local counter values. The service process database is used to manage service events in the distributed system. Service events are removed from the service process database when no longer valid using the time element.

公开(公告)号：US20240305442A1

公开(公告)日：2024-09-12

申请号：US18254769

申请日：2021-07-22

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Mehdi Collinge ,  Alan Johnson ,  Omar Laazimani

IPC: H04L9/06 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0618 ,  H04L9/0819 ,  H04L9/3242

Abstract: A method of providing a secure service at a computing node for a requesting party external to the computing node is described. The following steps are taken at the computing node. A service request comprising a request to generate a credential is received from a requesting party. The computing node generates the credential and obtains service-related information. A clear message part is created comprising service-identifying information. A checksum is then created from at least a part of the service-identifying information and from at least a part of the credential and the service-related information. The credential, the service-related information and the checksum are then encrypted to form an encrypted message part. A message comprising the clear message part and the encrypted message part is then sent to the requesting party. Methods for providing secure services to validate the credential and to obtain the service-related information are also described, as is computing apparatus adapted to perform all these methods.

公开(公告)号：US11829999B2

公开(公告)日：2023-11-28

申请号：US16682357

申请日：2019-11-13

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Mehdi Collinge ,  Susan Thompson ,  Patrik Smets ,  David Anthony Roberts ,  Michael Christopher Ward

IPC: G06Q20/38 ,  G06Q20/32 ,  G06Q20/40

CPC classification number: G06Q20/3823 ,  G06Q20/322 ,  G06Q20/385 ,  G06Q20/405 ,  G06Q20/4012

Abstract: A system and method for generating and provisioning payment credentials to a mobile device lacking a secure element includes receiving and storing by the mobile device a card profile from a remote system. The card profile may include payment credentials corresponding to a payment account and a profile identifier. The mobile device may receive a mobile personal identification number (PIN) input by a user of the mobile device and transmit a key request to the remote system. The mobile device may receive a single use key which may include an application transaction counter and a generating key from the remote system. The mobile device may generate a payment cryptogram valid for a single financial transaction based on the received single use key and the mobile PIN and transmit the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction.

公开(公告)号：US20230274278A1

公开(公告)日：2023-08-31

申请号：US18142708

申请日：2023-05-03

Applicant: MasterCard International Incorporated

Inventor： Patrik Smets ,  Jonathan James Main ,  Mehdi Collinge

IPC: G06Q20/40 ,  G06Q20/36 ,  G06Q20/32 ,  G06Q20/38

CPC classification number: G06Q20/4014 ,  G06Q20/40 ,  G06Q20/367 ,  G06Q20/3227 ,  G06Q20/322 ,  G06Q20/382 ,  G06Q2220/00

Abstract: Methods, apparatus and systems for operating a payment-enabled mobile device to facilitate a payment transaction with a merchant server. In an embodiment, a mobile device processor of the payment-enabled mobile device receives a payment transaction request from a user, transmits a payment transaction initiation message directly to a merchant server of the merchant, and receives a request message from the merchant server that includes one of a request to provide an Authorization Request Cryptogram (ARQC) or a request to provide user consent information. The user consent information may include cardholder verification results or a request to provide an ARQC. Based on the received request message, the mobile device processor selects a particular mobile payment cardlet to use from a plurality of mobile payment cardlets running in a secure element, generates remote payment data using the particular mobile payment cardlet, and transmits the remote payment data to the merchant server to process the payment transaction.

公开(公告)号：US20220321336A1

公开(公告)日：2022-10-06

申请号：US17616303

申请日：2020-04-22

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Mehdi Collinge ,  Omar Laazimani

IPC: H04L9/08 ,  H04L9/32

Abstract: A computing node in a distributed information security system, wherein the computing node is adapted to communicate with a subset of clients of the distributed information security system, wherein the computing node provides at least one cryptographic service for the clients of the subset, wherein the computing node is provisioned with a plurality of keys for use by said at least one cryptographic service, wherein the computing node is adapted to associate a key from the plurality of keys to a service request for a client according to a deterministic process based on one or more data associated with the client. A distributed information security system comprising a plurality of such nodes is also described, together with a method of providing a cryptographic service at such a computing node.

公开(公告)号：US20220321326A1

公开(公告)日：2022-10-06

申请号：US17616361

申请日：2020-04-22

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Mehdi Collinge ,  Omar Laazimani

IPC: H04L9/08

Abstract: A method for a computing node to provide a cryptographic key in response to a service request, the method comprising: establishing a key list, wherein the key list comprises key identifiers for a plurality of keys; receiving a service request and identifying that a key is required in response to the service request; and using a deterministic process from data associated with the service request to allocate one of the key identifiers and hence the key associated with said one of the key identifiers to the service request. A suitably configured computing node is also described.