NZ721223A - Method and system for generating an advanced storage key in a mobile device without secure elements - Google Patents
Method and system for generating an advanced storage key in a mobile device without secure elementsInfo
- Publication number
- NZ721223A NZ721223A NZ721223A NZ72122314A NZ721223A NZ 721223 A NZ721223 A NZ 721223A NZ 721223 A NZ721223 A NZ 721223A NZ 72122314 A NZ72122314 A NZ 72122314A NZ 721223 A NZ721223 A NZ 721223A
- Authority
- NZ
- New Zealand
- Prior art keywords
- mobile
- mobile device
- program
- payment
- code associated
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Storage Device Security (AREA)
- Telephone Function (AREA)
- Mobile Radio Communication Systems (AREA)
- Cash Registers Or Receiving Machines (AREA)
Abstract
Advances in mobile and communication technologies have created tremendous opportunities, one of which is providing the user of a mobile computing device with the ability to initiate and pay for payment transactions using their mobile device. One such approach to enable such actions on a mobile device has been the use of near field communication (NFC) technology to securely transmit payment details from the mobile device to a nearby contactless point of sale (POS) terminal. In order to achieve this, mobile phones with secure element hardware, such as a secure element (SE) chip, are used to securely store the payment credentials. A secure element is a special that may be included in some NFC-enabled devices that is a temper-resistant platform that may securely host applications and their confidential data. However, not all mobile devices have secure elements. In addition, some financial institutions may not have access to secure elements on mobile devices, even if the mobile device is equipped with such an element. As a result, many consumers with mobile devices that possess the required hardware for conducting contactless or other types of remote payment transactions may be unable to actually utilize this capability. Because of such difficulties, there is a need for a technical solution to enable mobile computing devices to initiate and conduct payment transactions without the use of secure elements. Some methods and systems for conducting payment transactions using mobile devices lacking secure elements, or without the use of secure elements in mobile devices equipped with them, can be found in U.S. Patent Application No. 13/827,042, entitled “Systems and Methods for Processing Mobile Payments by Provisioning Credentials to Mobile Devices Without Secure Elements,” by Mehdi Collinge et al., filed on March 14, 2013, which is herein incorporated by reference in its entirety. While such methods and systems can be suitable for conducting payment transactions via a mobile device without using a secure element, many consumers, merchants, and financial institutions may be wary of participating in such transactions due to a desire for even greater security. As a result, there is a need for technical solutions to provide even more security for the receipt and storage of payment credentials in a mobile device lacking a secure element, as well as providing increased security for in the transmission of payment credentials to a point of sale from the mobile device during conducting of a financial transaction. Increased security in these processes can result in increased peace of mind for all entities involved, which can result in an increase in the use of mobile devices for contactless or remote payment transactions, which can provide a vast number of benefits to consumers over traditional payment methods. As a solution, or a useful alternative, to one or more to the above described technical problems, the present invention provides a method for building an advanced storage key includes: storing, in a memory of a mobile device, at least (i) device information associated with the mobile device, (ii) program code associated with a first program, the code including an instance identifier, and (iii) program code associated with a second program, the code including a first key; generating a device fingerprint associated with the mobile device based on the device information via execution of the code associated with the first program; generating a random value via execution of the code associated with the first program; building a diversifier value based on the generated device fingerprint, the generated random value, and the instance identifier included in the code associated with the first program; and decrypting the built diversifier value using the first key stored in the code associated with the second program via execution of the code associated with the second program to obtain a storage key.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201461979113P | 2014-04-14 | 2014-04-14 | |
| PCT/US2014/068000 WO2015160385A1 (en) | 2014-04-14 | 2014-12-02 | Method and system for generating an advanced storage key in a mobile device without secure elements |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| NZ721223A true NZ721223A (en) | 2018-02-23 |
Family
ID=54324415
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| NZ721223A NZ721223A (en) | 2014-04-14 | 2014-12-02 | Method and system for generating an advanced storage key in a mobile device without secure elements |
Country Status (14)
| Country | Link |
|---|---|
| EP (1) | EP3132406A4 (en) |
| JP (3) | JP6224254B2 (en) |
| KR (3) | KR102151579B1 (en) |
| CN (2) | CN111523884B (en) |
| AU (3) | AU2014391256B2 (en) |
| CA (1) | CA2933336C (en) |
| IL (1) | IL246109B (en) |
| MX (1) | MX356939B (en) |
| NZ (1) | NZ721223A (en) |
| RU (2) | RU2682840C2 (en) |
| SG (2) | SG10201801008SA (en) |
| UA (1) | UA117951C2 (en) |
| WO (1) | WO2015160385A1 (en) |
| ZA (1) | ZA201603938B (en) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10270748B2 (en) | 2013-03-22 | 2019-04-23 | Nok Nok Labs, Inc. | Advanced authentication techniques and applications |
| US11521203B2 (en) * | 2015-07-09 | 2022-12-06 | Cryptography Research, Inc. | Generating a cryptographic key based on transaction data of mobile payments |
| JP2017175226A (en) * | 2016-03-18 | 2017-09-28 | 株式会社インテック | Program, method and system for issuing public key certificate |
| US10769635B2 (en) | 2016-08-05 | 2020-09-08 | Nok Nok Labs, Inc. | Authentication techniques including speech and/or lip movement analysis |
| EP3340094B1 (en) * | 2016-12-22 | 2021-04-28 | Mastercard International Incorporated | Method for renewal of cryptographic whiteboxes under binding of new public key and old identifier |
| EP3364329B1 (en) * | 2017-02-21 | 2023-07-26 | Mastercard International Incorporated | Security architecture for device applications |
| CN108804908B (en) * | 2017-05-04 | 2023-05-09 | 腾讯科技(深圳)有限公司 | Equipment fingerprint generation method and device and computing equipment |
| CN107908948B (en) * | 2017-11-01 | 2019-11-19 | 中国移动通信集团江苏有限公司 | A kind of Android APP device-fingerprint generation method applied to security risk control |
| US11868995B2 (en) | 2017-11-27 | 2024-01-09 | Nok Nok Labs, Inc. | Extending a secure key storage for transaction confirmation and cryptocurrency |
| US11831409B2 (en) | 2018-01-12 | 2023-11-28 | Nok Nok Labs, Inc. | System and method for binding verifiable claims |
| CN109068304A (en) * | 2018-08-07 | 2018-12-21 | 佛山市苔藓云链科技有限公司 | It is a kind of to verify the true method of internet of things equipment using near-field communication |
| US11258604B2 (en) * | 2018-10-19 | 2022-02-22 | Oracle International Corporation | Rewiring cryptographic key management system service instances |
| US12041039B2 (en) * | 2019-02-28 | 2024-07-16 | Nok Nok Labs, Inc. | System and method for endorsing a new authenticator |
| JP7127585B2 (en) * | 2019-03-12 | 2022-08-30 | オムロン株式会社 | Safety system and maintenance method |
| US11792024B2 (en) | 2019-03-29 | 2023-10-17 | Nok Nok Labs, Inc. | System and method for efficient challenge-response authentication |
| US11783332B2 (en) | 2020-02-14 | 2023-10-10 | Mastercard International Incorporated | Method and system for facilitating secure card-based transactions |
| EP3933731A1 (en) * | 2020-06-30 | 2022-01-05 | Mastercard International Incorporated | Authorization data processing for multiple issuers |
| US11784798B2 (en) | 2021-03-30 | 2023-10-10 | Visa International Service Association | System, method, and computer program product for data security |
| CN115396103B (en) * | 2022-10-26 | 2023-03-24 | 杭州海康威视数字技术股份有限公司 | AI data sharing method, system and device based on white box key |
Family Cites Families (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7606771B2 (en) * | 2001-01-11 | 2009-10-20 | Cardinalcommerce Corporation | Dynamic number authentication for credit/debit cards |
| EP1839083B1 (en) * | 2005-01-07 | 2010-09-08 | LIMO Patentverwaltung GmbH & Co. KG | Device for homogenizing light |
| KR100842267B1 (en) * | 2006-12-01 | 2008-06-30 | 한국전자통신연구원 | Server, Client and Method for integrated user authentication in a system of multi-authentication means |
| JP2009284231A (en) * | 2008-05-22 | 2009-12-03 | Panasonic Corp | Key generating apparatus, key generating method, key generating program, and electronic apparatus |
| US8555089B2 (en) * | 2009-01-08 | 2013-10-08 | Panasonic Corporation | Program execution apparatus, control method, control program, and integrated circuit |
| US8893967B2 (en) * | 2009-05-15 | 2014-11-25 | Visa International Service Association | Secure Communication of payment information to merchants using a verification token |
| US8380177B2 (en) * | 2010-04-09 | 2013-02-19 | Paydiant, Inc. | Mobile phone payment processing methods and systems |
| CN102792325B (en) * | 2010-04-09 | 2017-09-01 | 维萨国际服务协会 | System and method for safely confirming transaction |
| SG187832A1 (en) * | 2010-08-12 | 2013-03-28 | Mastercard International Inc | Multi-commerce channel wallet for authenticated transactions |
| US20120151223A1 (en) * | 2010-09-20 | 2012-06-14 | Conde Marques Ricardo Nuno De Pinho Coelho | Method for securing a computing device with a trusted platform module-tpm |
| US8746553B2 (en) * | 2010-09-27 | 2014-06-10 | Mastercard International Incorporated Purchase | Payment device updates using an authentication process |
| AU2010363671B2 (en) * | 2010-11-10 | 2014-11-27 | Einnovations Holdings Pte. Ltd. | Method of performing a financial transaction via unsecured public telecommunication infrastructure and an apparatus for same |
| GB201105765D0 (en) * | 2011-04-05 | 2011-05-18 | Visa Europe Ltd | Payment system |
| WO2012170895A1 (en) * | 2011-06-09 | 2012-12-13 | Yeager C Douglas | Systems and methods for authorizing a transaction |
| US9473295B2 (en) * | 2011-09-26 | 2016-10-18 | Cubic Corporation | Virtual transportation point of sale |
| US10515359B2 (en) * | 2012-04-02 | 2019-12-24 | Mastercard International Incorporated | Systems and methods for processing mobile payments by provisioning credentials to mobile devices without secure elements |
| JP5795453B2 (en) * | 2012-04-18 | 2015-10-14 | グーグル・インコーポレーテッド | Payment transaction processing without secure elements |
| WO2013159110A1 (en) * | 2012-04-20 | 2013-10-24 | Conductiv Software, Inc. | Multi-factor mobile transaction authentication |
| KR20130140948A (en) * | 2012-05-17 | 2013-12-26 | 삼성전자주식회사 | Apparatus and method for contents encryption and decryption based on storage device id |
| US8738454B2 (en) * | 2012-07-23 | 2014-05-27 | Wal-Mart Stores, Inc. | Transferring digital receipt data to mobile devices |
| CN113011896B (en) * | 2013-08-15 | 2024-04-09 | 维萨国际服务协会 | Secure remote payment transaction processing using secure elements |
| BR112016012527A2 (en) * | 2013-12-02 | 2017-08-08 | Mastercard International Inc | METHOD AND SYSTEM FOR SECURE USER AND MOBILE DEVICE AUTHENTICATION WITHOUT SECURE ELEMENTS |
-
2014
- 2014-12-02 AU AU2014391256A patent/AU2014391256B2/en active Active
- 2014-12-02 CN CN202010102477.6A patent/CN111523884B/en active Active
- 2014-12-02 UA UAA201609401A patent/UA117951C2/en unknown
- 2014-12-02 WO PCT/US2014/068000 patent/WO2015160385A1/en active Application Filing
- 2014-12-02 CA CA2933336A patent/CA2933336C/en active Active
- 2014-12-02 KR KR1020207004059A patent/KR102151579B1/en active IP Right Grant
- 2014-12-02 EP EP14889340.7A patent/EP3132406A4/en not_active Ceased
- 2014-12-02 RU RU2018113732A patent/RU2682840C2/en not_active IP Right Cessation
- 2014-12-02 JP JP2016541581A patent/JP6224254B2/en active Active
- 2014-12-02 SG SG10201801008SA patent/SG10201801008SA/en unknown
- 2014-12-02 CN CN201480074686.7A patent/CN106104605B/en active Active
- 2014-12-02 RU RU2016136503A patent/RU2653290C1/en not_active IP Right Cessation
- 2014-12-02 KR KR1020167028484A patent/KR101903709B1/en active IP Right Grant
- 2014-12-02 KR KR1020187027712A patent/KR102150722B1/en active IP Right Grant
- 2014-12-02 NZ NZ721223A patent/NZ721223A/en not_active IP Right Cessation
- 2014-12-02 SG SG11201604876YA patent/SG11201604876YA/en unknown
- 2014-12-02 MX MX2016010086A patent/MX356939B/en active IP Right Grant
-
2016
- 2016-06-08 IL IL246109A patent/IL246109B/en active IP Right Grant
- 2016-06-09 ZA ZA2016/03938A patent/ZA201603938B/en unknown
-
2017
- 2017-10-04 JP JP2017194490A patent/JP6703510B2/en active Active
- 2017-10-12 AU AU2017245412A patent/AU2017245412A1/en not_active Abandoned
-
2019
- 2019-10-18 AU AU2019250276A patent/AU2019250276B2/en active Active
-
2020
- 2020-01-15 JP JP2020004636A patent/JP6889967B2/en active Active
Also Published As
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| NZ721223A (en) | Method and system for generating an advanced storage key in a mobile device without secure elements | |
| NZ720688A (en) | Method and system for secure authentication of user and mobile device without secure elements | |
| US11968191B1 (en) | Sending a cryptogram to a POS while disconnected from a network | |
| US11861605B2 (en) | Secured account provisioning and payments for NFC-enabled devices | |
| US11250404B2 (en) | Transaction scheme for offline payment | |
| CA2907096C (en) | System and method for using multiple payment accounts using a single payment device | |
| KR102325361B1 (en) | Method and system for secure transmission of remote notification service messages to mobile devices without secure elements | |
| US20140279558A1 (en) | Two-Way, Token-Based Validation for NFC-Enabled Transactions | |
| US12020243B2 (en) | Magnetic card swipe emulation systems and methods | |
| US20160027017A1 (en) | Method and system for using dynamic cvv in qr code payments | |
| US20230259940A1 (en) | Remote emv payment applications | |
| JP2015525389A (en) | System and method for enabling secure transactions with mobile devices | |
| US9246677B2 (en) | Method and system for secure data communication between a user device and a server | |
| US20140025577A1 (en) | System and method for secure transactions utilizing passive near-field communications devices | |
| US10089631B2 (en) | System and method of neutralizing mobile payment | |
| US10387884B2 (en) | System for preventing mobile payment | |
| WO2020082833A1 (en) | Transfer method and apparatus, and device | |
| US20150371232A1 (en) | Preemptive credit and debit card fraud protection system | |
| Saha et al. | Survey of strong authentication approaches for mobile proximity and remote wallet applications-Challenges and evolution | |
| Bulsara et al. | Addressing the trust factor in mobile payments through enhanced security controls | |
| Saha et al. | Applicability of DUKPT Key Management Scheme to Cloud Wallet and other Mobile Payments | |
| NZ735128A (en) | Method and system for secure transmission of remote notification service messages to mobile devices without secure elements |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PSEA | Patent sealed | ||
| RENW | Renewal (renewal fees accepted) |
Free format text: PATENT RENEWED FOR 1 YEAR UNTIL 02 DEC 2019 BY CPA GLOBAL Effective date: 20181019 |
|
| LAPS | Patent lapsed |