公开(公告)号：WO2018132193A1

公开(公告)日：2018-07-19

申请号：PCT/US2017/064162

申请日：2017-12-01

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： BRYSON, Brandon, Craig ,  BHATT, Medha ,  ALGER, Eric, G.

IPC: H04L29/06 ,  H04L9/32 ,  H04W12/06 ,  H04L9/08 ,  G06Q20/02 ,  H04L29/08 ,  H04W12/04

CPC classification number: H04L63/0428 ,  G06Q20/02 ,  H04L9/0822 ,  H04L9/0838 ,  H04L9/0844 ,  H04L9/3066 ,  H04L9/321 ,  H04L9/3215 ,  H04L9/3228 ,  H04L9/3263 ,  H04L9/3265 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/0838 ,  H04L63/1441 ,  H04L63/18 ,  H04L67/26 ,  H04L2209/84 ,  H04L2463/082 ,  H04W4/40 ,  H04W12/04 ,  H04W12/04031 ,  H04W12/06

Abstract: Systems and methods prevent fraudulent registration of devices associated with remuneration vehicles by bootstrapping the device to be registered with a bootstrap URL. The bootstrap URL may provide access to a registration server hosted by the vehicle provider. The vehicle provider may verify a single use of the bootstrap URL. Moreover, if access to the bootstrap URL is provided to the device, the vehicle provider may provide a server access communication to the device allowing the device and vehicle provider to set up a secure communication (even if communicating via an unsecure communication path). The secure communication may be used by the vehicle provider and the device to negotiate a symmetric communication key. At least the secure access communication and the symmetric communication key may operate based on one or more of an Elliptic Curve-, Diffie Hellman-, or Elliptic Curve Diffie Hellman (ECDH)-based secure connection scheme.

公开(公告)号：WO2017087113A1

公开(公告)日：2017-05-26

申请号：PCT/US2016/057578

申请日：2016-10-19

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： ZHANG, Jenny, Qian ,  ALGER, Eric, G. ,  BUCHER, Steven, Patrick

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/0884 ,  G06F21/6218 ,  H04L63/0807 ,  H04L63/0823 ,  H04L63/0853 ,  H04L63/0892 ,  H04L63/10

Abstract: A secure authorization server computer system for verifying an identity of an end-user is provided. The computer system is programmed to receive, from a computing client, an authentication request at an authorization component. The authentication request includes a secure authentication request identifier. The computer system is also programmed to validate the authentication request at the authorization component by validating the secure authentication request identifier. The computer system is further programmed to transmit an authentication response from the authorization component to the computing client. The authentication response includes an authorization code. The authorization code represents a validation of the authentication request.

Abstract translation: 提供了用于验证最终用户的身份的安全授权服务器计算机系统。 计算机系统被编程为从计算客户端在授权组件处接收认证请求。 认证请求包括安全认证请求标识符。 计算机系统还被编程为通过验证安全认证请求标识符来验证授权组件处的认证请求。 计算机系统被进一步编程为从授权组件向计算客户端传输认证响应。 认证响应包括授权码。 授权码代表验证请求的验证。

公开(公告)号：WO2016053686A1

公开(公告)日：2016-04-07

申请号：PCT/US2015/051456

申请日：2015-09-22

Applicant: MASTERCARD INTERNATIONAL INCORPORATED

Inventor： RADU, Cristian ,  MAIN, Jonathan, James ,  ALGER, Eric, G.

IPC: G06Q20/36

CPC classification number: G06Q20/4014 ,  G06Q20/36 ,  G06Q20/4012

Abstract: A method includes maintaining a digital wallet in a computer, and receiving a request for a transaction. The computer may receive and verify user authentication data, and then allow the user to access any payment card account in the digital wallet without requiring additional user authentication, regardless of the account selected for the transaction by the user. In some embodiments, cryptogram generation may be performed with an EMV server in association with the digital wallet, to enhance the level of security assurance for merchants, issuers and users.

Abstract translation: 一种方法包括在计算机中维护数字钱包，以及接收对交易的请求。 计算机可以接收和验证用户认证数据，然后允许用户访问数字钱包中的任何支付卡帐户，而不需要额外的用户认证，而不管用户为交易选择的帐户。 在一些实施例中，可以使用与数字钱包相关联的EMV服务器执行密码生成，以增强商家，发行者和用户的安全保证级别。