NZ720688A - Method and system for secure authentication of user and mobile device without secure elements - Google Patents
Method and system for secure authentication of user and mobile device without secure elementsInfo
- Publication number
- NZ720688A NZ720688A NZ720688A NZ72068814A NZ720688A NZ 720688 A NZ720688 A NZ 720688A NZ 720688 A NZ720688 A NZ 720688A NZ 72068814 A NZ72068814 A NZ 72068814A NZ 720688 A NZ720688 A NZ 720688A
- Authority
- NZ
- New Zealand
- Prior art keywords
- mobile
- payment
- secure
- mobile device
- mobile devices
- Prior art date
Links
- 238000000034 method Methods 0.000 title abstract 7
- 238000004891 communication Methods 0.000 abstract 2
- 238000005516 engineering process Methods 0.000 abstract 2
- 230000005540 biological transmission Effects 0.000 abstract 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3274—Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/204—Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Computer And Data Communications (AREA)
Abstract
Advances in mobile and communication technologies have created tremendous opportunities, one of which is providing the user of a mobile computing device with the ability to initiate and pay for payment transactions using their mobile device. One such approach to enable such actions on a mobile device has been the use of near field communication (NFC) technology to securely transmit payment details from the mobile device to a nearby contactless point of sale (POS) terminal. In order to achieve this, mobile phones with secure element hardware, such as a secure element (SE) chip, are used to securely store the payment credentials. A secure element is a special that may be included in some NFC-enabled devices that is a tamper-resistant platform that may securely host applications and their confidential data. However, not all mobile devices have secure elements. In addition, some financial institutions may not have access to secure elements on mobile devices, even if the mobile device is equipped with such an element. As a result, many consumers with mobile devices that possess the required hardware for conducting contactless or other types of remote payment transactions may be unable to actually utilize this capability. Because of such difficulties, there is a need for a technical solution to enable mobile computing devices to initiate and conduct payment transactions without the use of secure elements. Some methods and systems for conducting payment transactions using mobile devices lacking secure elements, or without the use of secure elements in mobile devices equipped with them, can be found in U.S. Patent Application No. 13/827,042, entitled “Systems and Methods for Processing Mobile Payments by Provisioning Credentials to Mobile Devices Without Secure Elements,” by Mehdi Collinge et al., filed on March 14, 2013, which is herein incorporated by reference in its entirety. While such methods and systems can be suitable for conducting payment transactions via a mobile device without using a secure element, many consumers, merchants, and financial institutions may be wary of participating in such transactions due to a desire for even greater security. As a result, there is a need for technical solutions to provide even more security for the receipt and storage of payment credentials in a mobile device lacking a secure element, as well as providing increased security for in the transmission of payment credentials to a point of sale from the mobile device during conducting of a financial transaction. Increased security in these processes can result in increased peace of mind for all entities involved, which can result in an increase in the use of mobile devices for contactless or remote payment transactions, which can provide a vast number of benefits to consumers over traditional payment methods. As a solution, or a useful alternative, to one or more to the above described technical problems, the present invention provides a method for generating payment credentials in a payment transaction includes: storing, in a memory, at least a single use key associated with a transaction account; receiving, by a receiving device, a personal identification number; identifying, by a processing device, a first session key; generating, by the processing device, a second session key based on at least the stored single use key and the received personal identification number; generating, by the processing device, a first application cryptogram based on at least the first session key; generating, by the processing device, a second application cryptogram based on at least the second session key; and transmitting, by a transmitting device, at least the first application cryptogram and second application cryptogram for use in a payment transaction.
Applications Claiming Priority (6)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201361910819P | 2013-12-02 | 2013-12-02 | |
| US201461951842P | 2014-03-12 | 2014-03-12 | |
| US201461955716P | 2014-03-19 | 2014-03-19 | |
| US201461979132P | 2014-04-14 | 2014-04-14 | |
| US201461980784P | 2014-04-17 | 2014-04-17 | |
| PCT/US2014/067992 WO2015084755A1 (en) | 2013-12-02 | 2014-12-02 | Method and system for secure authentication of user and mobile device without secure elements |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| NZ720688A true NZ720688A (en) | 2017-09-29 |
Family
ID=53274011
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| NZ720688A NZ720688A (en) | 2013-12-02 | 2014-12-02 | Method and system for secure authentication of user and mobile device without secure elements |
Country Status (16)
| Country | Link |
|---|---|
| EP (1) | EP3077972A4 (en) |
| JP (2) | JP6353537B2 (en) |
| KR (2) | KR102025816B1 (en) |
| CN (1) | CN106062799B (en) |
| AU (1) | AU2014357381B2 (en) |
| BR (1) | BR112016012527A2 (en) |
| CA (1) | CA2932346C (en) |
| CL (1) | CL2016001353A1 (en) |
| HK (1) | HK1227146A1 (en) |
| IL (1) | IL245965B (en) |
| MX (1) | MX361793B (en) |
| NZ (1) | NZ720688A (en) |
| RU (1) | RU2663319C2 (en) |
| SG (1) | SG10201800179UA (en) |
| UA (1) | UA115500C2 (en) |
| WO (1) | WO2015084755A1 (en) |
Families Citing this family (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015084797A1 (en) | 2013-12-02 | 2015-06-11 | Mastercard International Incorporated | Method and system for secure tranmission of remote notification service messages to mobile devices without secure elements |
| AU2014391256B2 (en) * | 2013-12-02 | 2017-07-13 | Mastercard International Incorporated | Method and system for generating an advanced storage key in a mobile device without secure elements |
| US10614442B2 (en) | 2014-12-03 | 2020-04-07 | Mastercard International Incorporated | System and method of facilitating cash transactions at an ATM system without an ATM card using mobile |
| US10248947B2 (en) * | 2015-06-29 | 2019-04-02 | Oberthur Technologies of America Corp. | Method of generating a bank transaction request for a mobile terminal having a secure module |
| US11120436B2 (en) * | 2015-07-17 | 2021-09-14 | Mastercard International Incorporated | Authentication system and method for server-based payments |
| SG10201508945YA (en) | 2015-10-29 | 2017-05-30 | Mastercard International Inc | Method and system for cardless use of an automated teller machine (atm) |
| US10496982B2 (en) | 2016-02-03 | 2019-12-03 | Accenture Global Solutions Limited | Secure contactless card emulation |
| EP4177810A1 (en) * | 2016-04-18 | 2023-05-10 | Bancontact Payconiq Company | Method and device for authorizing mobile transactions |
| WO2017184840A1 (en) | 2016-04-21 | 2017-10-26 | Mastercard International Incorporated | Method and system for contactless transactions without user credentials |
| CN109716374B (en) * | 2016-09-04 | 2023-12-29 | 万事达卡国际公司 | Method and system for card-less ATM transactions via mobile device |
| EP3340094B1 (en) * | 2016-12-22 | 2021-04-28 | Mastercard International Incorporated | Method for renewal of cryptographic whiteboxes under binding of new public key and old identifier |
| EP3571652B1 (en) * | 2017-01-23 | 2024-04-17 | Mastercard International Incorporated | Method and system for authentication via a trusted execution environment |
| EP3364329B1 (en) | 2017-02-21 | 2023-07-26 | Mastercard International Incorporated | Security architecture for device applications |
| EP3364352A1 (en) | 2017-02-21 | 2018-08-22 | Mastercard International Incorporated | Determining legitimate conditions at a computing device |
| EP3364363A1 (en) | 2017-02-21 | 2018-08-22 | Mastercard International Incorporated | Transaction cryptogram |
| CN107274183B (en) * | 2017-03-21 | 2020-05-22 | 中国银联股份有限公司 | Transaction verification method and system |
| US11468444B2 (en) * | 2017-12-18 | 2022-10-11 | Mastercard International Incorporated | Method and system for bypassing merchant systems to increase data security in conveyance of credentials |
| KR101972599B1 (en) * | 2018-06-19 | 2019-04-25 | 김승훈 | Apparatus and Method for Processing Session Key and Recording Medium Recording Program thereof |
| US10581611B1 (en) * | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
| EP3640878B1 (en) * | 2018-10-17 | 2023-06-21 | Swatch Ag | Method and system for activating a portable contactless payment object |
| US10984416B2 (en) * | 2019-03-20 | 2021-04-20 | Capital One Services, Llc | NFC mobile currency transfer |
| US11803827B2 (en) | 2019-11-01 | 2023-10-31 | Mastercard International Incorporated | Method and system for enabling cardless transactions at an ATM for any institutional entity |
| CN111901109B (en) * | 2020-08-04 | 2022-10-04 | 华人运通(上海)云计算科技有限公司 | White-box-based communication method, device, equipment and storage medium |
| CN113421084B (en) * | 2021-05-26 | 2023-03-24 | 歌尔股份有限公司 | Bus card processing method, device, equipment and readable storage medium |
Family Cites Families (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4183823B2 (en) * | 1999-02-10 | 2008-11-19 | 富士通株式会社 | Data verification device, data verification system, and data verification program storage medium |
| US7249093B1 (en) * | 1999-09-07 | 2007-07-24 | Rysix Holdings, Llc | Method of and system for making purchases over a computer network |
| JP2004086599A (en) * | 2002-08-27 | 2004-03-18 | Toppan Printing Co Ltd | Credit card information management device, management method, and program thereof |
| US7873572B2 (en) * | 2004-02-26 | 2011-01-18 | Reardon David C | Financial transaction system with integrated electronic messaging, control of marketing data, and user defined charges for receiving messages |
| EP2011301B1 (en) * | 2006-04-10 | 2011-06-22 | Trust Integration Services B.V. | Arrangement of and method for secure data transmission. |
| US8713655B2 (en) * | 2008-04-21 | 2014-04-29 | Indian Institute Of Technology | Method and system for using personal devices for authentication and service access at service outlets |
| SG187832A1 (en) * | 2010-08-12 | 2013-03-28 | Mastercard International Inc | Multi-commerce channel wallet for authenticated transactions |
| US8746553B2 (en) * | 2010-09-27 | 2014-06-10 | Mastercard International Incorporated Purchase | Payment device updates using an authentication process |
| KR20120110926A (en) * | 2011-03-30 | 2012-10-10 | 주식회사 비즈모델라인 | Method and system for card payment using program identity, smart phone |
| WO2012170895A1 (en) * | 2011-06-09 | 2012-12-13 | Yeager C Douglas | Systems and methods for authorizing a transaction |
| US10515359B2 (en) | 2012-04-02 | 2019-12-24 | Mastercard International Incorporated | Systems and methods for processing mobile payments by provisioning credentials to mobile devices without secure elements |
| JP5795453B2 (en) * | 2012-04-18 | 2015-10-14 | グーグル・インコーポレーテッド | Payment transaction processing without secure elements |
-
2014
- 2014-12-02 BR BR112016012527A patent/BR112016012527A2/en not_active IP Right Cessation
- 2014-12-02 KR KR1020177035338A patent/KR102025816B1/en active IP Right Grant
- 2014-12-02 KR KR1020167017367A patent/KR101809221B1/en active IP Right Grant
- 2014-12-02 CN CN201480074679.7A patent/CN106062799B/en active Active
- 2014-12-02 AU AU2014357381A patent/AU2014357381B2/en active Active
- 2014-12-02 EP EP14868126.5A patent/EP3077972A4/en not_active Ceased
- 2014-12-02 NZ NZ720688A patent/NZ720688A/en not_active IP Right Cessation
- 2014-12-02 WO PCT/US2014/067992 patent/WO2015084755A1/en active Application Filing
- 2014-12-02 MX MX2016007217A patent/MX361793B/en active IP Right Grant
- 2014-12-02 CA CA2932346A patent/CA2932346C/en active Active
- 2014-12-02 JP JP2016535719A patent/JP6353537B2/en active Active
- 2014-12-02 UA UAA201607123A patent/UA115500C2/en unknown
- 2014-12-02 SG SG10201800179UA patent/SG10201800179UA/en unknown
- 2014-12-02 RU RU2016126401A patent/RU2663319C2/en not_active IP Right Cessation
-
2016
- 2016-06-01 IL IL245965A patent/IL245965B/en unknown
- 2016-06-02 CL CL2016001353A patent/CL2016001353A1/en unknown
- 2016-12-15 HK HK16114270A patent/HK1227146A1/en unknown
-
2018
- 2018-06-08 JP JP2018110433A patent/JP2018164281A/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| AU2014357381A1 (en) | 2016-06-16 |
| HK1227146A1 (en) | 2017-10-13 |
| RU2663319C2 (en) | 2018-08-03 |
| UA115500C2 (en) | 2017-11-10 |
| IL245965A0 (en) | 2016-07-31 |
| KR101809221B1 (en) | 2017-12-14 |
| CN106062799B (en) | 2022-04-29 |
| JP6353537B2 (en) | 2018-07-04 |
| CL2016001353A1 (en) | 2017-05-12 |
| EP3077972A4 (en) | 2017-08-09 |
| WO2015084755A1 (en) | 2015-06-11 |
| CA2932346C (en) | 2018-09-04 |
| EP3077972A1 (en) | 2016-10-12 |
| MX2016007217A (en) | 2016-12-09 |
| SG10201800179UA (en) | 2018-02-27 |
| CN106062799A (en) | 2016-10-26 |
| CA2932346A1 (en) | 2015-06-11 |
| KR20170139689A (en) | 2017-12-19 |
| KR102025816B1 (en) | 2019-09-26 |
| IL245965B (en) | 2022-05-01 |
| JP2017504871A (en) | 2017-02-09 |
| BR112016012527A2 (en) | 2017-08-08 |
| MX361793B (en) | 2018-12-17 |
| AU2014357381B2 (en) | 2017-03-23 |
| KR20160091418A (en) | 2016-08-02 |
| JP2018164281A (en) | 2018-10-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| NZ720688A (en) | Method and system for secure authentication of user and mobile device without secure elements | |
| NZ721223A (en) | Method and system for generating an advanced storage key in a mobile device without secure elements | |
| US11968191B1 (en) | Sending a cryptogram to a POS while disconnected from a network | |
| US12020243B2 (en) | Magnetic card swipe emulation systems and methods | |
| US20160027017A1 (en) | Method and system for using dynamic cvv in qr code payments | |
| US20160171480A1 (en) | Methods and systems for transferring electronic money | |
| US20140129450A1 (en) | Secure payment method and system | |
| AU2017267375A1 (en) | Authentication with smartwatch | |
| CN104537562A (en) | Financial self-service system processing method | |
| US8915428B1 (en) | Wireless-enabled card reader | |
| WO2016088087A1 (en) | Third party access to a financial account | |
| US20180285861A1 (en) | Transaction system and method | |
| US20140025577A1 (en) | System and method for secure transactions utilizing passive near-field communications devices | |
| EP4040361A1 (en) | A communication system comprising a local payment kernel | |
| US10089631B2 (en) | System and method of neutralizing mobile payment | |
| US20170024729A1 (en) | Secure Transmission of Payment Credentials | |
| US10387884B2 (en) | System for preventing mobile payment | |
| US20160275505A1 (en) | Method of receiving payment confirmation in emv contactless mobile payment | |
| US20160071091A1 (en) | Method and system for real time consumer transaction tracking | |
| Vizzarri et al. | Security in mobile payments | |
| Cruz | Nfc and mobile payments today | |
| US11397940B2 (en) | Secure payment transactions | |
| US20210166205A1 (en) | Local edge-node server | |
| WO2017026990A1 (en) | Network trusted service manager | |
| Saha et al. | Applicability of DUKPT Key Management Scheme to Cloud Wallet and other Mobile Payments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PSEA | Patent sealed | ||
| RENW | Renewal (renewal fees accepted) |
Free format text: PATENT RENEWED FOR 1 YEAR UNTIL 02 DEC 2019 BY CPA GLOBAL Effective date: 20181019 |
|
| LAPS | Patent lapsed |