公开(公告)号：US20200322152A1

公开(公告)日：2020-10-08

申请号：US16838666

申请日：2020-04-02

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Patrik Smets ,  David Anthony Roberts

IPC: H04L9/32 ,  H04L9/06 ,  H04L29/06 ,  G06Q20/38

Abstract: There is provided an authentication system for validating identity credentials of a user attempting to access a resource provided by a remote resource provision system. The authentication system includes an input configured to receive, from the resource provision system, an authentication request comprising a cryptographic representation of digital identity data of the user and an associated token identifier, where the digital identity data comprises at least one image of an identity credential of the user. The system also includes a processor configured to: determine a pre-stored cryptographic identifier corresponding to the token identifier; and compare the received cryptographic representation with the pre-stored cryptographic identifier. The system further includes an output configured to transmit, to the remote resource provision system and in response to determining a match between the received cryptographic representation and the pre-stored cryptographic identifier, an authentication confirmation indicating successful validation of the digital identity data.

公开(公告)号：US10699277B2

公开(公告)日：2020-06-30

申请号：US14983973

申请日：2015-12-30

Applicant: MasterCard International Incorporated

Inventor： Patrik Smets ,  Axel Cateland ,  Ian David Alan Maddocks ,  David Anthony Roberts

IPC: G06Q20/40 ,  G06Q20/34 ,  G06Q20/32

Abstract: A mobile computing device having at least one processor and at least one memory, together providing a first execution environment and a second execution environment logically isolated from the first execution environment, the mobile computing device comprising: a first application executable within the first execution environment; a second trusted application executable within the second execution environment; and a secure communications channel between the first application and the second trusted application, wherein the second trusted application is configured to generate one or more data items and to provide the one or more data items to the first application via the secure communications channel.

公开(公告)号：US10552840B2

公开(公告)日：2020-02-04

申请号：US15386568

申请日：2016-12-21

Applicant: MasterCard International Incorporated

Inventor： Patrik Smets ,  Tim Stuart ,  Chirodeep Aikat ,  David Kenneth Meadon ,  David Anthony Roberts

IPC: G06K5/00 ,  G06Q20/40 ,  G06Q20/20 ,  G06Q20/34 ,  G07F7/08

Abstract: A payment transaction is performed at a POS (point of sale) device. The device includes a terminal component and a reader component. The reader component includes a contact interface for establishing a data signal path via conductive contact with an integrated circuit (IC) payment card. A payment transaction is initiated. The data signal path is established between the reader component and the IC payment card. The IC payment card is commanded to generate a cryptogram for verification by an issuer of the card. The cryptogram is received from the card. In response to receiving the cryptogram, a command is issued to disable contact reading operation by the reader component.

公开(公告)号：US10275767B2

公开(公告)日：2019-04-30

申请号：US14919265

申请日：2015-10-21

Applicant: MasterCard International Incorporated

Inventor： Mehdi Collinge ,  Patrik Smets

IPC: G06Q20/38 ,  H04L29/06 ,  G06Q20/00

Abstract: A method for generating cryptograms in a webservice environment includes: receiving, in a first environment of a computing system, a credential request transmitted by an external computing device using a secure communication protocol, the credential request including a transaction identifier and account identifier; transmitting, by the first environment, a data request to a second environment of the computing system, the data request including the account identifier; receiving, by the first environment, an account profile and session key from the second environment; transmitting, by the first environment, a cryptogram request to a third environment of the computing system, the cryptogram request including the account profile and session key; receiving, by the first environment, a cryptogram from the third environment generated using the account profile and session key; and transmitting, by the first environment, the cryptogram and transaction identifier to the external computing device via the secure communication protocol.

公开(公告)号：US20180181950A1

公开(公告)日：2018-06-28

申请号：US15837177

申请日：2017-12-11

Applicant: MasterCard International Incorporated

Inventor： Axel Emile Jean Charles Cateland ,  Patrik Smets ,  Luis Filipe de Almeida Ferreira da Silva

IPC: G06Q20/34 ,  G06Q20/32 ,  G06Q20/40 ,  G06Q20/38

CPC classification number: G06Q20/352 ,  G06Q20/202 ,  G06Q20/3226 ,  G06Q20/3227 ,  G06Q20/3278 ,  G06Q20/3552 ,  G06Q20/363 ,  G06Q20/38215 ,  G06Q20/4018 ,  G06Q2220/00

Abstract: Performance and processing of a contactless transaction at an electronic payment device with a terminal of a transaction system is described. In the device, an account data set is prepared for use in contactless transactions. This account data set comprises user account details to identify a user account with an issuer for the user account and an indicator indicating that the contactless transaction is a customer not present (CNP) transaction. A contactless transaction is performed with the terminal using the contactless transaction account data set. In processing, transaction details of a contactless transaction are received and reviewed to determine whether the contactless transaction is indicated to be a customer present or a customer not present transaction. If the contactless transaction is indicated to be a customer present transaction, an issuing bank for the electronic payment device is notified. If the contactless transaction is indicated to be a customer not present transaction, the contactless transaction is processed as a customer not present transaction. Suitable apparatus is also described.

公开(公告)号：US20180034511A1

公开(公告)日：2018-02-01

申请号：US15662362

申请日：2017-07-28

Applicant: MasterCard International Incorporated

Inventor： Patrik Smets ,  Patrick Mestre ,  Florent Hay ,  Kuan Hua Chen ,  Shilpa Harvey

IPC: H04B5/00 ,  G06Q20/32 ,  H04W76/02

CPC classification number: H04B5/0062 ,  G06Q20/202 ,  G06Q20/327 ,  G06Q20/3278 ,  G06Q20/382 ,  G06Q20/425 ,  H04W76/14

Abstract: A method of enhanced interaction between a first computing device and a second computing device is described. A first channel for connection between the first computing device and the second computing device using a short range communication technology and a second channel for communication between the first computing device and the second computing device using a communication technology are established. A first interaction is performed using the first channel and an additional interaction is performed using the second channel. Suitable first and second computing devices are also described.

公开(公告)号：US09485092B2

公开(公告)日：2016-11-01

申请号：US14298280

申请日：2014-06-06

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Patrik Smets ,  Patrick Mestre ,  Dave Roberts ,  Duncan Garret

IPC: H04L9/08 ,  G06Q20/34 ,  G06Q20/38 ,  H04L9/30

CPC classification number: G06Q20/401 ,  G06Q20/102 ,  G06Q20/341 ,  G06Q20/3829 ,  G06Q20/409 ,  H04L9/0841 ,  H04L9/0869 ,  H04L9/3066 ,  H04L63/1408 ,  H04L2209/08 ,  H04L2209/16 ,  H04L2209/56

Abstract: A transaction device for establishing a shared secret with a point of interaction (POI) over a communications network to enable encrypted communications between the transaction device and the point of interaction, the device comprising: an input arranged to receive communications from the point of interaction; a processor arranged to generate a first communication according to a Diffie-Hellman protocol; an output arranged to send the first communication to the point of interaction; wherein the processor is arranged to apply a randomly generated blinding factor, r, when generating the first communication and wherein, in response to receiving a second communication from the point of interaction at the input, the second communication having been generated according to the Diffie-Hellman protocol, the processor is arranged to apply the randomly generated blinding factor and generate a shared secret according to the Diffie-Hellman protocol in dependence on data contained within the second communication.

Abstract translation: 一种交易设备，用于通过通信网络建立具有交互点（POI）的共享秘密，以实现交易设备与交互点之间的加密通信，该设备包括：输入端，用于从交互点接收通信; 布置成根据Diffie-Hellman协议生成第一通信的处理器; 布置成将第一通信发送到交互点的输出; 其中所述处理器被布置为在生成所述第一通信时应用随机生成的盲目因子r，并且其中响应于从所述输入处的交互点接收到第二通信，所述第二通信已经根据所述Diffie- Hellman协议，处理器被布置为根据Diffie-Hellman协议应用随机生成的盲目因子并根据第二通信中包含的数据生成共享秘密。

公开(公告)号：US20160080151A1

公开(公告)日：2016-03-17

申请号：US14850286

申请日：2015-09-10

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Patrik Smets ,  Patrick Mestré ,  Dave Roberts ,  Duncan Garrett

IPC: H04L9/32 ,  G06Q20/38 ,  G06Q20/40 ,  H04W12/06

CPC classification number: H04L9/321 ,  G06Q20/3829 ,  G06Q20/401 ,  G06Q2220/00 ,  H04L9/3228 ,  H04L9/3242 ,  H04L63/08 ,  H04L2209/56

Abstract: A system and method of authenticating a communication network comprising a first computing device, a second computing device and an intermediary computing device, wherein there is a first path between the first computing device and the intermediary computing device and a second path between the second computing device and the intermediary computing device. The method is executed at the intermediary computing device, and comprises receiving, from the first computing device, a first session key generated by the first computing device using a function, wherein an input to the function comprises an incremented variable; receiving, from the second computing device, data associated with a second session key generated by the second computing device using the function; determining that the first session key and the second session key are the same; and defining the communication network as authentic when the first session key and the second session key are the same.

Abstract translation: 一种认证包括第一计算设备，第二计算设备和中间计算设备的通信网络的系统和方法，其中在所述第一计算设备和所述中间计算设备之间存在第一路径以及所述第二计算设备之间的第二路径 和中介计算设备。 所述方法在所述中间计算设备处执行，并且包括从所述第一计算设备接收由所述第一计算设备使用功能生成的第一会话密钥，其中所述函数的输入包括递增的变量; 从所述第二计算设备接收与由所述第二计算设备使用所述功能生成的第二会话密钥相关联的数据; 确定第一会话密钥和第二会话密钥是相同的; 以及当所述第一会话密钥和所述第二会话密钥相同时，将所述通信网络定义为真实的。

公开(公告)号：US20150317748A1

公开(公告)日：2015-11-05

申请号：US14683549

申请日：2015-04-10

Applicant: MasterCard International Incorporated

Inventor： David A. Roberts ,  Patrik Smets ,  Patrick Mestré ,  Ian Maddocks

IPC: G06Q40/00

CPC classification number: G06Q40/12 ,  G06Q20/12 ,  G06Q20/34

Abstract: A method of matching transaction data with a transaction receipt using one of a plurality of transaction-specific elements is described. Transaction-specific elements are determined (210) from a transaction between a payment token of a user and a terminal. Transaction identifiers are then formed (220), each from a separate transaction-specific element. At least one of the transaction identifiers is then received or generated (230) in a transaction processing system. The transaction processing system provides transaction data associated with this transaction identifier. Each of the transaction identifiers used by the transaction processing system is combined (240) to form a composite transaction identifier comprising a plurality of transaction identifier elements. Each transaction identifier is matched (250) against each transaction identifier element to identify the transaction and to associate the transaction data with a transaction receipt. This approach is particularly effective for use in providing receipts for contactless card transactions. A terminal, a mobile computing device, a receipt service and a transaction processing system are also described.

Abstract translation: 描述使用多个交易特定元件之一来匹配交易数据与交易收据的方法。 从用户的支付令牌和终端之间的交易确定特定于交易的元件（210）。 然后形成事务标识符（220），每一个都来自单独的特定于事务的元素。 然后在事务处理系统中接收或生成至少一个事务标识符（230）。 交易处理系统提供与该交易标识符相关联的交易数据。 由事务处理系统使用的每个事务标识符被组合（240）以形成包括多个事务标识符元素的复合事务标识符。 每个交易标识符与每个交易标识符元素匹配（250）以标识交易并将交易数据与交易收据相关联。 这种方法对于用于提供非接触式卡交易的收据特别有效。 还描述了终端，移动计算设备，接收服务和事务处理系统。

公开(公告)号：US20140365776A1

公开(公告)日：2014-12-11

申请号：US14298280

申请日：2014-06-06

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Patrik Smets ,  Patrick Mestré ,  Dave Roberts ,  Duncan Garrett

IPC: H04L9/08

CPC classification number: G06Q20/401 ,  G06Q20/102 ,  G06Q20/341 ,  G06Q20/3829 ,  G06Q20/409 ,  H04L9/0841 ,  H04L9/0869 ,  H04L9/3066 ,  H04L63/1408 ,  H04L2209/08 ,  H04L2209/16 ,  H04L2209/56

Abstract: A transaction device for establishing a shared secret with a point of interaction (POI) over a communications network to enable encrypted communications between the transaction device and the point of interaction, the device comprising: an input arranged to receive communications from the point of interaction; a processor arranged to generate a first communication according to a Diffie-Hellman protocol; an output arranged to send the first communication to the point of interaction; wherein the processor is arranged to apply a randomly generated blinding factor, r, when generating the first communication and wherein, in response to receiving a second communication from the point of interaction at the input, the second communication having been generated according to the Diffie-Hellman protocol, the processor is arranged to apply the randomly generated blinding factor and generate a shared secret according to the Diffie-Hellman protocol in dependence on data contained within the second communication.

Abstract translation: 一种交易设备，用于通过通信网络建立具有交互点（POI）的共享秘密，以实现交易设备与交互点之间的加密通信，该设备包括：输入端，用于从交互点接收通信; 布置成根据Diffie-Hellman协议生成第一通信的处理器; 布置成将第一通信发送到交互点的输出; 其中所述处理器被布置为在生成所述第一通信时应用随机生成的盲目因子r，并且其中响应于从所述输入处的交互点接收到第二通信，所述第二通信已经根据所述Diffie- Hellman协议，处理器被布置为根据Diffie-Hellman协议应用随机生成的盲目因子并根据第二通信中包含的数据生成共享秘密。