CA2981665A1 - System and method of session key generation and exchange - Google Patents
System and method of session key generation and exchange Download PDFInfo
- Publication number
- CA2981665A1 CA2981665A1 CA2981665A CA2981665A CA2981665A1 CA 2981665 A1 CA2981665 A1 CA 2981665A1 CA 2981665 A CA2981665 A CA 2981665A CA 2981665 A CA2981665 A CA 2981665A CA 2981665 A1 CA2981665 A1 CA 2981665A1
- Authority
- CA
- Canada
- Prior art keywords
- electronic device
- payment
- session key
- cryptogram
- fingerprint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000004044 response Effects 0.000 claims abstract description 23
- 238000004891 communication Methods 0.000 claims description 48
- 238000013475 authorization Methods 0.000 claims description 34
- 230000006870 function Effects 0.000 claims description 17
- 238000013478 data encryption standard Methods 0.000 claims description 7
- 238000012545 processing Methods 0.000 abstract description 10
- 238000010586 diagram Methods 0.000 description 10
- 230000008520 organization Effects 0.000 description 7
- 238000013507 mapping Methods 0.000 description 6
- 238000012795 verification Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 238000012546 transfer Methods 0.000 description 5
- 230000002085 persistent effect Effects 0.000 description 4
- 238000009795 derivation Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 239000004753 textile Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3223—Realising banking transactions through M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Abstract
Description
GENERATION AND EXCHANGE
TECHNICAL FIELD
[0001] The present application relates to cryptography, and more particularly to the generation and exchange of session keys.
BACKGROUND
(TM) payment transactions to secure communications such as, for example, in calculating the EMV transaction cryptogram. The use of session keys in EMV payment transactions is set out in EMV Book 2 ¨
Security and Key Management (version 4.3, Nov 2011, available from EMVCo (TM)), the contents of each of which are incorporated herein by reference in their entirety.
payment functionality. With HCE, the operating system of the mobile device may emulate the functional responses of an NFC card, instead of relying on a hardware SE.
BRIEF DESCRIPTION OF THE DRAWINGS
DETAILED DESCRIPTION OF VARIOUS EMBODIMENTS
and, a memory coupled to the processor. The memory stores instructions that, when executed by the processor, cause the computer system to receive from an electronic device, via a network using the communications module, a de-tokenization request, the de-tokenization request including a payment token and a cryptogram, the cryptogram having been generated by the electronic device using a session key generated by the electronic device based on a fingerprint of the electronic device, a secret value previously shared with the electronic device, the payment token, and a transaction counter; retrieve, based on the payment token, the fingerprint, the secret value, and the transaction counter from storage using the storage module;
generate the session key based on the fingerprint, the secret value, the payment token, and the transaction counter;
verify the cryptogram using the session key; upon successfully verifying the cryptogram, retrieve an account number associated with the payment token; and send to the electronic device, via the network using the communications module, a response to the de-tokenization request including the account number.
verifying the cryptogram using the session key; upon successfully verifying the cryptogram, retrieving an account number associated with the payment token; and sending, to the electronic device via the network, a response to the de-tokenization request including the account number.
Conveniently, in this way, reduced cost and/or complexity may be realized.
Further, establishing session keys in accordance with the present application may provide equivalent security to some cloud based generation of keys. Further, establishing session keys in accordance with some example implementations of the present application may improve security since sensitive keys do not need to be stored (even on a temporary basis) in the cloud.
Further, in some implementations, no changes to various computer systems interconnected therewith are required, other than to the electronic device hosting the payment wallet using HCE and to the tokenization service provider and / or the HCE provisioning backend. As the endpoints that may be modified may be entirely under the control of a single financial institution, such embodiments may be advantageous due to ease of deployment.
The electronic device 100 may use host-card emulation (HCE) in order to make NFC payments according to industry standard protocols, including ISO/IEC 14443 (2016), the contents of all parts of which are incorporated herein by reference in their entirety, and/or according to relevant EMV standards as published by EMVCo.
terminal uses this information in order to determine whether a transaction is to be approved or declined. The information may be transmitted over a short-range communication system, such as an NFC
interface. As further described below, the EMV cryptogram is encrypted with a session key. As further described below, a common session key may be established between the electronic device 100 and the computer server system 110 in accordance with the present application.
Persistent storage may be, for example, flash memory, a solid-state drive or the like. Read-only memory and persistent storage are a computer-readable medium. A computer-readable medium may be organized using a file system such as may be administered by an operating system governing overall operation of the example computing device 200.
Additionally or alternatively, the communications module 230 may allow the example computing device 200 to communicate using NFC, via Wi-Fi (TM), using Bluetooth (TM) or via some .. combination of one or more networks or protocols. As described above, contactless payments may be made using NFC. In some embodiments, all or a portion of the communications module 230 may be integrated into a component of the example computing device 200.
For example, the communications module 230 may be integrated into a communications chipset.
(TM) or the like.
In some embodiments, the host card emulation subsystem 410 may also provide user facing mobile wallet components such as, for example, a user interface. In other embodiments, the host card emulation subsystem 410 may co-operate with a mobile wallet application in order to expose mobile payment functionality to a user.
510 in order to validate cryptograms during processing of payment transactions.
secure channel may be established using known cryptographic techniques. In some embodiments, well-known protocols related to communications security may be employed.
Internet Protocol Security (1Psec) and/or Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS) or similar technologies may be employed.
Additionally or alternatively, the fingerprint may be based on an International Mobile Station Equipment Identity (EVIEI) associated with the electronic device 100, an International Mobile Subscriber Identity (IMSI) associated with electronic device 100, and/or an Integrated Circuit Card Identifier (ICCID) of a Subscriber Identity Module (SII\4) coupled to or otherwise associated with the electronic device 100, such as, for example, when the electronic device 100 is a smartphone. In some embodiments, one or more of the aforementioned pieces of data may be combined in order to generate the fingerprint. For example, data may be combined through concatenation of various pieces of data or portions thereof. In some embodiments, a hash function may be employed in order to generate the fingerprint as a fixed length unique identifier of the electronic device 100. For example, a cryptographic hash function such as, for example, one or more of MD-4, MD-5, SHA-1, a hash function from the SHA-2 suite, a hash function from the SHA-3 suite, or the like, may be utilized.
Further, to assist in processing the mapping may be a mapping between the PAN, the PAR, the PAN token, and the secret value.
Additionally, the generation of a session key may also take into account a transaction counter. In other words, it may be that the session key is generated based on the above discussed fingerprint of the device, the secret value and the payment token received in the provisioning reply 620, and the transaction counter.
Including the transaction counter as an input to session key generation may improve resistance to replay attacks such as where an attacker attempts to reuse a session key.The session key may be generated by combining one or more of the above inputs and using an algorithm similar to the algorithm described in EMV 4.1, Book 2 Session and Key Management, (May 2004), Part II, A1.3, the contents of which are incorporated herein by reference in their entirety.
Alternatively, a session key may be generated using another scheme such as, for example, EMV2000, EMV CSK, Mastercard SK, or the like. In some embodiments, a particular session key generation scheme may be selected based on the particular one or more payment networks being employed or utilized.
Put differently, in some embodiments, the session key may be generated by applying a cryptographic hash function one or more times using the fingerprint, the secret value, the payment token, and the transaction counter as inputs, with the latter being included only if the transaction counter is to be utilized in key generation.
construction set out in RFC 2104, "HMAC: Keyed-Hashing for Message Authentication" (February 1997) by H.
Krawczyk et al., the contents of which are incorporated herein by reference in their entirety, may be employed. The HMAC may then be used to derive a key such as, for example, by using the Password-Based Key Derivation Function 2 (PBKDF2). PBK1DF2 is defined in RFC
2898, "PKCS #5: Password-Based Cryptography Specification Version 2.0" (September 2000) by B.
Kaliski, the contents of which are incorporated herein by reference in their entirety.
Terminal 900 may, for example, be a point-of-sale terminal as discussed above.
8583-1:2003, "Financial transaction card originated messages -- Interchange message specifications -- Part 1:
Messages, data elements and code values" (June 2003). The contents of all parts of ISO Standard No. 8583 are incorporated herein by reference in their entirety.
Further, it is presumed that electronic device 100 previously shared a fingerprint of the electronic device 100 with the computer server system 110. In some embodiments, the provisioning of electronic device 100 may, for example, have occurred in accordance with foregoing including the description of FIGS. 6-8 resulting in the aforementioned conditions being satisfied.
Message 1010 is a trigger for the electronic device 100 to generate a cryptogram.
command as defined in EMV Specification Version 4.3 Book 3 ¨ Application Specification (28 Nov 2011), the contents of which are incorporated herein by reference in their entirety. In such embodiments, the message 1010 may include the expected contents for a GenerateAC command such as, for example, data that may be specified by a Card Risk Management Data Object List (CDOL).
As such a session key may be generated based on a fingerprint of the electronic device 100, a secret value previously shared with the electronic device 100, a payment token previously shared with the electronic device 100. In some embodiments, a transaction counter may also factor into the generation of the session key. For example, the session key may be based on the fingerprint, the secret value, the payment token, and the transaction counter.
Authorization Request cryptogram. In a particular example, an EMV cryptogram may be generated using inputs including the session key, the PAN token, the EMV ATC. An EMV
cryptogram may be generated in accordance with EMV standards and/or standards published by card networks
The authorization message includes the cryptogram and the payment token from the message 1012. For example, in some embodiments, the authorization message 1014 may be or may include an ISO 8583 authorization message with DE 55 / Field 55 data including an application cryptogram (the cryptogram) and a PAN token (the payment token).
The payment token may be used as a key to lookup the secret value and/or the device fingerprint.
For example, the mapping established between the payment account, the payment token, and the secret value established at the operation 750 (FIG. 7) may be referenced.
Finally, if a transaction counter is used as an input to session key generation, then it may be independently maintained by the electronic device 100 and the issuer such as, for example, by the computer server system 110, being as the electronic device 100 and the issuer are involved in each transaction. For example, where EMV is employed both the issuer and the electronic device 100 may maintain an EMV
Application Transaction Counter (ATC). Where a transaction counter is used in generating the session key, the computer server system 110 may retrieve, based on the payment token, the fingerprint, the secret value and the transaction counter from storage. For example, the computer server system 110 may include a storage module that may be used to retrieve and/or store data.
In some embodiments, the storage module may retrieve and/or store data from/in storage that is secure against or resistant to attackers. For example, the computer system may utilize a trusted execution environment (TEE) of a processor of the computer server system 110.
Additionally or alternatively, a security co-processor may be utilized
generation algorithm employed by the electronic device 100. As such, the session key generated by the computer server system 110 should be identical to the session key generated by the electronic device 100 such as at the operation 830 (FIG. 8) above.
[01381 Returning to FIG. 10, the message 1020 is sent by the computer server system to the payment network 920.
[0139] Responsive to the message 1020, the payment network may send an authorization message 1022 to the issuer authorization host computer system 930. The authorization message 1022 includes the result of the detokenization operation found in the message 1020. For example, the authorization message 1022 may include a PAN. In some embodiments, the authorization message may be an ISO 8583 authorization message.
[0140] Responsive to the authorization message 1022, the issuer authorization host computer system 930 sends an authorization response 1024 to the payment network 920. The authorization response 1024 may include a result authorizing or declining the transaction.
[0141] The payment network 920 then forwards the authorization response 1024 to the acquirer computer system 910 as an authorization response 1026. As illustrated, the authorization response 1026 serves as a reply to the message 1016.
[0142] The acquirer computer system 910 forwards the authorization response 1026 to the terminal 900 as an authorization response 1028. As illustrated, the authorization response 1026 serves as a reply to the message 1016.
[0143] As set out above, in some embodiments, messages may be according to ISO
Standard No. 8583.
[0144] Example embodiments of the present application are not limited to any particular operating system, system architecture, mobile device architecture, server architecture, or computer programming language.
[0145] It will be understood that the applications, modules, routines, processes, threads, or other software components implementing the described method/process may be realized using standard computer programming techniques and languages. The present application is not limited to particular processors, computer languages, computer programming conventions, data structures, or other such implementation details. Those skilled in the art will recognize that the described processes may be implemented as a part of computer-executable code stored in volatile or non-volatile memory, as part of an application-specific integrated chip (ASIC), etc.
[0146] Certain adaptations and modifications of the described embodiments can be made.
Therefore, the above discussed embodiments are considered to be illustrative and not restrictive.
Claims (24)
a processor;
a storage module coupled to the processor;
a communications module coupled to the processor; and, a memory coupled to the processor, the memory storing instructions that, when executed by the processor, cause the computer system to:
receive from an electronic device, via a network using the communications module, a de-tokenization request, the de-tokenization request including a payment token and a cryptogram, the cryptogram having been generated by the electronic device using a session key generated by the electronic device based on a fingerprint of the electronic device, a secret value previously shared with the electronic device, the payment token, and a transaction counter;
retrieve, based on the payment token, the fingerprint, the secret value, and the transaction counter from storage using the storage module;
generate the session key based on the fingerprint, the secret value, the payment token, and the transaction counter;
verify the cryptogram using the session key;
upon successfully verifying the cryptogram, retrieve an account number associated with the payment token; and send to the electronic device, via the network using the communications module, a response to the de-tokenization request including the account number.
Authorization Request Cryptogram, the payment token includes a Payment Account Number token, and the transaction counter includes an EMV Application Transaction Counter.
receiving, from an electronic device via a network, a de-tokenization request, the de-tokenization request including a payment token and a cryptogram, the cryptogram having been generated by the electronic device using a session key generated by the electronic device based on a fingerprint of the electronic device, a secret value previously shared with the electronic device, the payment token, and a transaction counter;
retrieving, based on the payment token, the fingerprint, the secret value, and the transaction counter;
generating the session key based on the fingerprint, the secret value, the payment token, and the transaction counter;
verifying the cryptogram using the session key;
upon successfully verifying the cryptogram, retrieving an account number associated with the payment token; and sending, to the electronic device via the network, a response to the de-tokenization request including the account number.
Authorization Request Cryptogram, the payment token includes a Payment Account Number token, and the transaction counter includes an EMV Application Transaction Counter.
sending, via a network, a request including an account reference number and a fingerprint of the electronic device;
receiving, via the network, a response to the request, the response including a secret value and a payment token based on an account number, wherein the account number is identified based on an association with the account reference number; and generating a session key for use in performing the payment transaction based on the fingerprint, the secret value, the payment token, and a transaction counter.
retrieving the account reference number using a trusted execution environment or a trusted key store.
a processor;
a communications module coupled to the processor; and, a memory coupled to the processor, the memory storing instructions that, when executed by the processor, cause the computer system to perform a method in accordance with any one of claims 17 to 22.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA2981665A CA2981665C (en) | 2017-10-05 | 2017-10-05 | System and method of session key generation and exchange |
CA3230364A CA3230364A1 (en) | 2017-10-05 | 2017-10-05 | System and method of session key generation and exchange |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA2981665A CA2981665C (en) | 2017-10-05 | 2017-10-05 | System and method of session key generation and exchange |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA3230364A Division CA3230364A1 (en) | 2017-10-05 | 2017-10-05 | System and method of session key generation and exchange |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2981665A1 true CA2981665A1 (en) | 2019-04-05 |
CA2981665C CA2981665C (en) | 2024-04-09 |
Family
ID=65992252
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2981665A Active CA2981665C (en) | 2017-10-05 | 2017-10-05 | System and method of session key generation and exchange |
CA3230364A Pending CA3230364A1 (en) | 2017-10-05 | 2017-10-05 | System and method of session key generation and exchange |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA3230364A Pending CA3230364A1 (en) | 2017-10-05 | 2017-10-05 | System and method of session key generation and exchange |
Country Status (1)
Country | Link |
---|---|
CA (2) | CA2981665C (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10915897B2 (en) * | 2018-06-13 | 2021-02-09 | Clover Network, Inc. | Token management for enhanced omni-channel payments experience and analytics |
-
2017
- 2017-10-05 CA CA2981665A patent/CA2981665C/en active Active
- 2017-10-05 CA CA3230364A patent/CA3230364A1/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10915897B2 (en) * | 2018-06-13 | 2021-02-09 | Clover Network, Inc. | Token management for enhanced omni-channel payments experience and analytics |
Also Published As
Publication number | Publication date |
---|---|
CA3230364A1 (en) | 2019-04-05 |
CA2981665C (en) | 2024-04-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11769148B2 (en) | System and method of session key generation and exchange | |
US11068608B2 (en) | Mutual authentication of software layers | |
US20210344495A1 (en) | Contactless card emulation system and method | |
US20200372503A1 (en) | Transaction messaging | |
EP2945410B1 (en) | Security for mobile applications | |
CN107925572B (en) | Secure binding of software applications to communication devices | |
EP3251284B1 (en) | Methods for secure credential provisioning | |
EP3050247B1 (en) | Method for securing over-the-air communication between a mobile application and a gateway | |
US11496456B2 (en) | Systems and methods encrypting messages using multiple certificates | |
US20170032362A1 (en) | Streamlined enrollment of credit cards in mobile wallets | |
US11636478B2 (en) | Method of performing authentication for a transaction and a system thereof | |
US20150128243A1 (en) | Method of authenticating a device and encrypting data transmitted between the device and a server | |
US20220284431A1 (en) | System and Method for a Self-Calculating Token Vault | |
CA2981665C (en) | System and method of session key generation and exchange | |
US20230090972A1 (en) | Online secret encryption | |
US20180212784A1 (en) | Method to secure an applicative function in a cloud-based virtual secure element implementation | |
EP4307610A1 (en) | Rapid secure wireless transaction | |
EP4307611A1 (en) | Data communication and cryptographic operations for secure wireless interactions | |
Harnaningrum et al. | Mobile Payment Transaction Model with Robust Security in the NFC-HCE Ecosystem with Secure Elements on Smartphones |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request |
Effective date: 20210226 |
|
EEER | Examination request |
Effective date: 20210226 |
|
EEER | Examination request |
Effective date: 20210226 |
|
EEER | Examination request |
Effective date: 20210226 |
|
EEER | Examination request |
Effective date: 20210226 |
|
EEER | Examination request |
Effective date: 20210226 |
|
EEER | Examination request |
Effective date: 20210226 |
|
EEER | Examination request |
Effective date: 20210226 |
|
EEER | Examination request |
Effective date: 20210226 |
|
EEER | Examination request |
Effective date: 20210226 |
|
EEER | Examination request |
Effective date: 20210226 |
|
EEER | Examination request |
Effective date: 20210226 |