公开(公告)号：US10956904B2

公开(公告)日：2021-03-23

申请号：US15218842

申请日：2016-07-25

Applicant: MasterCard International Incorporated

Inventor： Mehdi Collinge ,  Mohamed Abou El Enin ,  Andrea Bacioccola ,  Michael Ward

IPC: G06Q20/38 ,  G06F21/53 ,  G06Q20/32

Abstract: Provided are a system and method for managing encryption keys used by a payment application on a mobile device. The method includes executing a mobile payment application in a user domain of the mobile device, where the user domain is an operating environment in which applications are executed and accessed by a user, importing a plurality of encryption keys for use by the mobile payment application into a system domain of the mobile device, where the system domain is a more secure operating environment controlled by an operating system, encrypting payment information of the mobile payment application in the system domain using one or more of the imported keys while executing the mobile payment application in the user domain, and transmitting the encrypted payment information to a merchant.

公开(公告)号：US20180240113A1

公开(公告)日：2018-08-23

申请号：US15896710

申请日：2018-02-14

Applicant: MasterCard International Incorporated

Inventor： Patrik Smets ,  Michael Ward ,  David Anthony Roberts ,  Mohamed Abou El Enin

IPC: G06Q20/40 ,  G06Q20/32 ,  G06Q20/38 ,  G06Q20/34 ,  G06F21/31 ,  H04L29/06 ,  H04L9/32

CPC classification number: G06Q20/401 ,  G06F21/31 ,  G06Q20/02 ,  G06Q20/20 ,  G06Q20/32 ,  G06Q20/3278 ,  G06Q20/351 ,  G06Q20/352 ,  G06Q20/382 ,  G06Q20/3821 ,  G06Q20/4012 ,  G06Q20/40145 ,  G06Q20/4018 ,  G06Q20/409 ,  H04L9/321 ,  H04L63/123 ,  H04L63/126

Abstract: A method of determining legitimate use of a computing device for an action to be approved by a remote system is described. The following steps are carried out at the computing device. A verification method (44) is established for authenticating a user at the computing device or for verifying the integrity of the computing device in association with carrying out the action on that computing device. Cryptographic material is received from a trusted system for use in performing the action. The action is then performed (42). This may or may not comprise successful performance of the verification step. However, performing the action comprises returning information to the remote system that includes whether there was successful authentication using the verification method and parameters relating to computing device state when the action was performed. Suitable computing apparatus is also described.

公开(公告)号：US20180240111A1

公开(公告)日：2018-08-23

申请号：US15896691

申请日：2018-02-14

Applicant: Mastercard International Incorporated

Inventor： Patrik Smets ,  Michael Ward ,  David Anthony Roberts ,  Mohamed Abou El Enin

IPC: G06Q20/38 ,  G06Q20/32 ,  G06Q20/10 ,  G06F21/36 ,  H04L9/14

CPC classification number: G06Q20/3829 ,  G06F21/36 ,  G06F21/602 ,  G06F21/606 ,  G06F2221/2103 ,  G06Q20/102 ,  G06Q20/32 ,  G06Q20/3821 ,  H04L9/0894 ,  H04L9/14 ,  H04L2209/56

Abstract: A computing device embodies a security architecture for an application (42). The security architecture has non-volatile storage (43) for storing first cryptographic material and volatile storage (51) for storing second cryptographic material. The second cryptographic material is lost on rebooting of the computing device. At least the second cryptographic material may be replenished from a source external to the computing device but accessible by a computing network. Methods of use of this architecture by the application are also described.

公开(公告)号：US20200167778A1

公开(公告)日：2020-05-28

申请号：US16670389

申请日：2019-10-31

Applicant: Mastercard International Incorporated

Inventor： David Anthony Roberts ,  Duncan Garrett ,  John Beric ,  Michael Ward

IPC: G06Q20/40 ,  H04L9/08 ,  H04L9/06 ,  H04L9/32

Abstract: Trusted communication between a first computing device and a second computing device in a transaction process is established as follows. A communication channel is established between the first computing device and the second computing device. The first computing device provides a secure communication to the second computing device, this secure communication comprising cryptographic material encrypted by a first cryptographic method. The second computing device decrypts the secure communication using a key already available to it. The first and the second computing device then communicate where trusted communication is required by a second cryptographic method using the cryptographic material. A suitable first computing device and second computing device are also described.

公开(公告)号：US20160350753A1

公开(公告)日：2016-12-01

申请号：US15231208

申请日：2016-08-08

Applicant: MasterCard International Incorporated

Inventor： David A. Roberts ,  Michael Ward

IPC: G06Q20/40 ,  G06F21/72 ,  G06F7/58 ,  G06Q20/10

CPC classification number: G06Q20/401 ,  G06F7/588 ,  G06F21/72 ,  G06Q20/1085 ,  H04L9/0618 ,  H04L9/0643 ,  H04L9/0869 ,  H04L2209/56

Abstract: A method of generating an unpredictable number in a computing device is provided. The method comprises the computing device performing the following programmed steps: obtaining a plurality of data elements; performing a first one way function on an internal value P and the plurality of data elements to update the value P; and performing a second one way function on the value P to obtain the unpredictable number. A computing device adapted to perform this method is also described.

公开(公告)号：US20150010149A1

公开(公告)日：2015-01-08

申请号：US14321023

申请日：2014-07-01

Applicant: MasterCard International Incorporated

Inventor： David A. Roberts ,  Michael Ward

IPC: H04L9/08

CPC classification number: G06Q20/401 ,  G06F7/588 ,  G06F21/72 ,  G06Q20/1085 ,  H04L9/0618 ,  H04L9/0643 ,  H04L9/0869 ,  H04L2209/56

Abstract: A method of generating an unpredictable number in a computing device is provided. The method comprises the computing device performing the following programmed steps: obtaining a plurality of data elements; performing a first one way function on an internal value P and the plurality of data elements to update the value P; and performing a second one way function on the value P to obtain the unpredictable number. A computing device adapted to perform this method is also described.

Abstract translation: 提供了一种在计算设备中产生不可预测的数字的方法。 该方法包括计算设备执行以下编程步骤：获得多个数据元素; 对内部值P和多个数据元素执行第一单向函数以更新值P; 并且对值P执行第二单向函数以获得不可预测的数字。 还描述了适于执行该方法的计算设备。

公开(公告)号：US10461927B2

公开(公告)日：2019-10-29

申请号：US15642762

申请日：2017-07-06

Applicant: MasterCard International Incorporated

Inventor： Michael Ward ,  John Beric ,  Duncan Garrett ,  David Anthony Roberts

IPC: H04L9/08 ,  H04L9/30 ,  H04L9/14 ,  H04L9/32

Abstract: A method of establishing a secure channel for communication between a first computing device and a second computing device is described. The method uses an elliptic curve Diffie-Hellman protocol, wherein G is an elliptic curve generator point and the first computing device has a unique private key dc with a public key Qc=dc G certified by a party trusted by the second computing device. The first computing device generates (520) a blinding factor r and sends (540) a blinded public key R=r·Qc to the second computing device. The second computing device generates (510) an ephemeral private key dt and a corresponding ephemeral public key Qt=dt G and sends Qt to the first computing device. The first computing device generates (530) Kc=KDF(r dc·Qt) and the second computing device generates (550) Kt=KDF(dt·R), where KDF is a key derivation function used in both generation operations, to establish a secure channel between the first computing device and the second computing device. G is a point in the elliptic curve group E, wherein E is a group of prime order but E* is the quadratic twist of E and is a group of order m=z·m′ where m′ is prime and z is an integer, wherein r·dc is chosen such that z is a factor of r·dc. Suitable apparatus for performing the method is also described.

公开(公告)号：US20180026784A1

公开(公告)日：2018-01-25

申请号：US15642762

申请日：2017-07-06

Applicant: MasterCard International Incorporated

Inventor： Michael Ward ,  John Beric ,  Duncan Garrett ,  David Anthony Roberts

IPC: H04L9/08 ,  H04L9/30 ,  H04L9/14

Abstract: A method of establishing a secure channel for communication between a first computing device and a second computing device is described. The method uses an elliptic curve Diffie-Hellman protocol, wherein G is an elliptic curve generator point and the first computing device has a unique private key dc with a public key Qc=dc G certified by a party trusted by the second computing device. The first computing device generates (520) a blinding factor r and sends (540) a blinded public key R=r·Qc to the second computing device. The second computing device generates (510) an ephemeral private key dt and a corresponding ephemeral public key Qt=dt G and sends Qt to the first computing device. The first computing device generates (530) Kc=KDF (r dc·Qt) and the second computing device generates (550) Kt=KDF (dt·R), where KDF is a key derivation function used in both generation operations, to establish a secure channel between the first computing device and the second computing device. G is a point in the elliptic curve group E, wherein E is a group of prime order but E* is the quadratic twist of E and is a group of order m=z·m′ where m′ is prime and z is an integer, wherein r·dc is chosen such that z is a factor of r·dc. Suitable apparatus for performing the method is also described.

公开(公告)号：US11855969B2

公开(公告)日：2023-12-26

申请号：US17494077

申请日：2021-10-05

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： Duncan Garrett ,  John Beric ,  Michael Ward ,  David Anthony Roberts

IPC: H04L9/40 ,  G06Q20/32 ,  G06Q20/42 ,  G06Q20/40

CPC classification number: H04L63/0428 ,  G06Q20/3255 ,  G06Q20/3274 ,  G06Q20/3276 ,  G06Q20/3278 ,  G06Q20/40 ,  G06Q20/42

Abstract: A method for trusted notifications comprises: receiving, at a first host having at least one trusted server, a request message from a sender computing device, the request message comprising a request identifier and instructions to: update, at a second host, a recipient account associated with a recipient computing device, and to make a corresponding update at the first host to a sender account associated with the sender computing device. The method further comprises authorizing, at the first host, the request message; updating the sender account; generating a secure message at the at least one trusted server, the secure message comprising the request identifier and an indication from the at least one trusted server that the update completed; and sending the secure message from the first host to the sender computing device. The secure message can be received at the sender computer device and conveyed to the recipient computing device.

公开(公告)号：US11176547B2

公开(公告)日：2021-11-16

申请号：US15892780

申请日：2018-02-09

Applicant: MasterCard International Incorporated

Inventor： Patrik Smets ,  Michael Ward ,  David Anthony Roberts ,  Jonathan James Main

IPC: G06Q20/38 ,  H04L9/08 ,  G06Q20/32 ,  G06Q20/36 ,  G06Q40/02 ,  G06Q20/40 ,  H04W12/041 ,  H04W12/062 ,  H04W12/0433 ,  G06F8/60

Abstract: A method for generating transaction credentials for a user in a transaction, comprising: storing in a mobile device, an encrypted session key, and an encrypted user authentication credential; receiving an authorisation request; initiating a user authorisation process wherein in the event that the user is an authenticated user, the method comprises: decrypting the encrypted session key and encrypted user authentication credential; generating a transaction cryptogram in dependence on the user authentication credential and the session key; transmitting the transaction cryptogram and a user authentication status to a transaction processing entity for use in a transaction.