WO2013130982A1 - Systems and methods for mapping a mobile cloud account to a payment account - Google Patents
Systems and methods for mapping a mobile cloud account to a payment account Download PDFInfo
- Publication number
- WO2013130982A1 WO2013130982A1 PCT/US2013/028631 US2013028631W WO2013130982A1 WO 2013130982 A1 WO2013130982 A1 WO 2013130982A1 US 2013028631 W US2013028631 W US 2013028631W WO 2013130982 A1 WO2013130982 A1 WO 2013130982A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- rca
- mca
- icc
- payment
- mobile
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/355—Personalisation of cards for use
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3223—Realising banking transactions through M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
Definitions
- the present disclosure relates to the mapping of a mobile cloud account to a payment account, specifically using a mobile cloud account to conduct contactless payment transactions without modification to legacy issuer processing systems.
- NFC near field communication
- a secure element chip included as part of the mobile device is utilized.
- the present disclosure provides a description of systems and methods for mapping a mobile cloud account to a payment account, and the processing of financial transactions based therein.
- a method for mapping a payment account to a mobile cloud account number includes: generating, by a generating device, an integrated circuit card (ICC) RSA key pair including an ICC public key and an ICC private key; generating, by the generating device, an ICC master key based on at least a master key identifier; transmitting, by a transmitting device, the ICC public key, the ICC private key, the ICC master key, and the master key identifier to a mobile device for storage in a secure element; receiving, by a receiving device, a real card account number (RCA) corresponding to a payment account; identifying, by a processing device, attributes of the RCA; identifying, by the processing device, a mobile cloud account number (MCA) based on the attributes of the RCA; receiving, by the receiving device, an issuer private key and an issuer private key certificate; generating, by the generating device, an ICC public key certificate based on certification of the ICC public key by the issuer private key; creating, by the processing
- a method for processing a financial transaction includes: storing, in a mapping database, a plurality of mapping records, wherein each mapping record includes at least a master key identifier, a mobile cloud account number (MCA), and a real card account number (RCA), and wherein the MCA is based on attributes of the RCA; receiving, by a receiving device, transaction data related to a financial transaction, wherein the transaction data includes at least an MCA and a payment cryptogram; validating, by a validation device, the payment cryptogram; identifying, in the mapping database, a specific mapping record, wherein the specific mapping record includes the MCA included in the received transaction data; and transmitting, by a transmitting device, at least the RCA included in the specific mapping record and a validation result indicating a success or failure of the validation of the payment cryptogram.
- MCA mobile cloud account number
- RCA real card account number
- a method for providing payment credentials for a financial transaction includes: receiving, by a receiving device, personalization data, wherein the personalization data includes at least an integrated circuit card (ICC) public key, an ICC private key, an ICC master key, and a master key identifier; storing, in a first location of a secure element of a mobile device, the received personalization data; receiving, by a receiving device at least one post issuance script, wherein each of the at least one post issuance script is configured to store, in a second location of the secure element of the mobile device, mobile cloud account data, the mobile cloud account data including at least an issuer public key certificate, an ICC public key certificate, and a mobile cloud account number (MCA); storing, in a database not included in the secure element, the received at least one post issuance script; receiving, by an input device, an indication of an MCA included in a specific post issuance script of the received at least one post issuance script; and executing, by a processing device, the specific post issuance script, wherein the
- a system for mapping a payment account to a mobile cloud account includes a mapping database, a generating device, a transmitting device, a receiving device, and a processing device.
- the generated device is configured to generate an integrated circuit card (ICC) RSA key pair including an ICC public key and an ICC private key; generating, by the generating device, an ICC master key based on at least a master key identifier.
- the transmitting device is configured to transmit the ICC public key, the ICC private key, the ICC master key, and the master key identifier to a mobile device for storage in a secure element.
- the receiving device is configured to receive a real card account number (RCA) corresponding to a payment account.
- RCA real card account number
- the processing device is configured to identify attributes of the RCA and identify a mobile cloud account number (MCA) based on the attributes of the RCA.
- the receiving device is further configured to receive an issuer private key and an issuer private key certificate.
- the generating device is further configured to generate an ICC public key certificate based on certification of the ICC public key by the issuer private key.
- the processing device is further configured to create a post issuance script configured to store mobile cloud account data in the secure element of the mobile device, wherein the mobile cloud account data includes at least the issuer public key certificate, the MCA, and the ICC public key certificate.
- the transmitting device is further configured to transmit the created post issuance script to the mobile device.
- the mapping database is configured to store a mapping record, wherein the mapping record includes at least the master key identifier, the MCA, and the RCA.
- a system for processing a financial transaction includes a mapping database, a receiving device, a validation device, a processing device, and a transmitting device.
- the mapping database is configured to store a plurality of mapping records, wherein each mapping record includes at least a master key identifier, a mobile cloud account number (MCA), and a real card account number (RCA), and wherein the MCA is based on attributes of the RCA.
- the receiving device is configured to receive transaction data related to a financial transaction, wherein the transaction data includes at least an MCA and a payment cryptogram.
- the validation device is configured to validate the payment cryptogram.
- the processing device is configured to identify, in the mapping database, a specific mapping record, wherein the specific mapping record includes the MCA included in the received transaction data.
- the transmitting device is configured to transmit at least the RCA included in the specific mapping record and a validation result indicating a success or failure of the validation of the payment cryptogram.
- a mobile device for providing payment credentials for a financial transaction includes an input device, a secure element, a database not included in the secure element, a receiving device, and a processing device.
- the receiving device is configured to receive personalization data, wherein the personalization data includes at least an integrated circuit card (ICC) public key, an ICC private key, an ICC master key, and a master key identifier.
- the processing device is configured to store, in a first location of the secure element of the mobile device, the received personalization data.
- ICC integrated circuit card
- the receiving device is further configured to receive at least one post issuance script, wherein each of the at least one post issuance script is configured to store, in a second location of the secure element of the mobile device, mobile cloud account data, the mobile cloud account data including at least an issuer public key certificate, an ICC public key certificate, and a mobile cloud account number (MCA).
- the processing device is further configured to store, in the database, the received at least one post issuance script.
- the input device is configured to receive an indication of an MCA included in a specific post issuance script of the received at least one post issuance script.
- the processing device is further configured to execute the specific post issuance script, wherein the MCA is based on attributes of a real card account number (RCA).
- a non-transitory computer readable recording medium records program instructions stored therein that causes a processor of a mobile computing device to execute a method for providing payment credentials for a financial transaction, wherein the method includes: receiving, by a receiving device, personalization data, wherein the personalization data includes at least an integrated circuit card (ICC) public key, an ICC private key, an ICC master key, and a master key identifier; storing, in a first location of a secure element of a mobile device, the received personalization data; receiving, by a receiving device at least one post issuance script, wherein each of the at least one post issuance script is configured to store, in a second location of the secure element of the mobile device, mobile cloud account data, the mobile cloud account data including at least an issuer public key certificate, an ICC public key certificate, and a mobile cloud account number (MCA); storing, in a database not included in the secure element, the received at least one post issuance script; receiving, by an input device, an indication of an MCA included in a
- FIG. 1 is a high level architecture illustrating a system for the mapping of mobile cloud accounts to payment accounts and processing of contactless payment transactions using a mobile cloud account in
- FIG. 2 is a block diagram illustrating data stored in the mobile device of FIG. 1 for the conducting of contactless payment transactions accordance with exemplary embodiments.
- FIG. 3 is a process flow illustrating a method for the over-the-air provisioning of a master key identifier to a mobile device in accordance with exemplary embodiments.
- FIGS. 4A and 4B are a process flow illustrating a method for the provisioning of mobile cloud account data to a mobile device in accordance with exemplary embodiments.
- FIG. 5 is a flow chart illustrating a high-level method for the processing of an authorization request for a contactless payment transaction funded via a mobile cloud account in accordance with exemplary
- FIG. 6 is a process flow illustrating a method for the processing of contactless payment transaction funded via a mobile cloud account in accordance with exemplary embodiments.
- FIG. 7 is a block diagram illustrating the provisioning of mobile cloud accounts to a mobile device in accordance with exemplary
- FIG. 8 is a block diagram illustrating the provisioning of mobile cloud account data to a secure element of a mobile device in accordance with exemplary embodiments.
- FIG. 9 is a process flow illustrating a method for the mapping and cryptography of mobile cloud account data in accordance with exemplary embodiments.
- FIG. 10 is a flow chart illustrating an exemplary method for the mapping of a payment account to a mobile cloud account in accordance with exemplary embodiments.
- FIG. 1 1 is a flow chart illustrating an exemplary method for the processing of a financial transaction in accordance with exemplary embodiments.
- FIG. 12 is a flow chart illustrating an exemplary method for providing payment credentials for a financial transaction in accordance with exemplary embodiments.
- FIG. 13 is a block diagram illustrating a computer system
- Payment Network A system or network used for the transfer of money via the use of cash-substitutes. Payment networks may use a variety of different protocols and procedures in order to process the transfer of money for various types of transactions. Transactions that may be performed via a payment network may include product or service purchases, credit purchases, debit transactions, fund transfers, account withdrawals, etc. Payment networks may be configured to perform transactions via cash- substitutes, which may include payment cards, letters of credit, checks, financial accounts, etc. Examples of networks or systems configured to perform as payment networks include those operated by MasterCard ® , VISA ® , Discover ® , American Express ® , etc.
- Payment Account A financial account that may be used to fund a transaction, such as a checking account, savings account, credit account, virtual payment account, etc.
- a payment account may be associated with an entity, which may include a person, family, company, corporation,
- Payment Card A card or data associated with a payment account that may be provided to a merchant in order to fund a financial transaction via the associated payment account. Payment cards may include credit cards, debit cards, charge cards, stored-value cards, prepaid cards, fleet cards, virtual payment numbers, virtual card numbers, controlled payment numbers, etc. A payment card may be a physical card that may be provided to a merchant, or may be data representing the associated payment account (e.g., as stored in a communication device, such as a smart phone or computer).
- data including a payment account number may be considered a payment card for the processing of a transaction funded by the associated payment account.
- a check may be considered a payment card where applicable.
- Payment cards may also include real card accounts having associated real card account numbers (RCAs) and mobile cloud accounts having associated mobile cloud account numbers (MCAs) as discussed in more detail herein.
- RCAs real card account numbers
- MCAs mobile cloud account numbers
- FIG. 1 is a high level diagram illustrating a system 100 for the mapping of mobile cloud accounts to payment accounts and the processing of financial transactions funded via mobile cloud accounts.
- the system 100 may include a mobile device 102.
- the mobile device 102 may be any type of mobile computing device 102 suitable for performing the functions as disclosed herein as will be apparent to persons having skill in the relevant art, such as a cellular phone, smart phone, table computer, etc.
- the mobile device 102 may include a secure element.
- a secure element may be a tamper-resistant platform capable of securely storing data, such as a hardware chip.
- the secure element may store a master key identifier, which may be provisioned to the secure element at the time of the manufacture of the mobile device 102, or via an over-the-air (OTA) provisioning method, such as discussed in more detail below.
- OTA over-the-air
- the mobile device 102 may also include data related to one or more mobile cloud accounts.
- a mobile cloud account may include a mobile cloud account number (MCA), which may be associated with a real card account number (RCA).
- MCA mobile cloud account number
- the RCA may correspond to a payment account issued to the user by an issuer 1 12.
- the MCA may be mapped to the RCA such that the user may conduct a financial transaction using the MCA for funding of the financial transaction, and the funds may be supplied by the payment account corresponding to the RCA.
- the user may be able to conduct a payment transaction using the mobile device 102 without storing the RCA, thereby reducing the potential for fraud.
- the user may indicate, using the mobile device 102, one of the MCAs to be used to fund a financial transaction while at a merchant.
- the mobile device 102 may execute a post issuance script, discussed in more detail below, configured to transmit mobile cloud account data into the secure element of the mobile device 102.
- the mobile device may then transmit payment credentials for the indicated mobile cloud account to a contactless point-of-sale terminal 104 via near field transaction. Methods and systems for the transmission of payment credentials via near field transaction will be apparent to persons having skill in the relevant art.
- the contactless terminal 104 may transmit the payment credentials and other transaction information to an acquirer 106, such as an acquiring bank, operating as or on behalf of the merchant, who may then submit an authorization request for the financial transaction with the MCA included for funding of the transaction.
- an acquirer 106 such as an acquiring bank
- the submission of authorization requests for a financial transaction will be apparent to persons having skill in the relevant art.
- the authorization request may be submitted to, and received by, a payment network 108.
- the payment network 108 may identify the MCA included in the authorization request and may, based on attributes of the MCA, such as an issuer identification number (UN) or bank identification number (BIN), route the authorization request to a mobile cloud service provider 1 10.
- the service provider 1 10 may include a mapping database 1 16 configured to store a plurality of mapping records, each of which may include at least a master key identifier, an MCA, and the corresponding RCA.
- the service provider 1 10 may identify the MCA included in the authorization request and then may identify the corresponding mapping record included in the mapping database 1 16. The service provider 1 10 may then transmit the
- the service provider 1 10 may be any service, server, manager, system, etc. configured to perform the functions as disclosed herein. In some embodiments the service provider 1 10 may be included as part of the payment network 108 or may be operated by or on behalf of the issuer 112.
- the payment network 108 may receive the RCA corresponding to the MCA supplied by the mobile device 102, and may forward the
- the issuer 1 12 may then authorize the financial transaction for funding by the payment account corresponding to the RCA and submit an authorization response to the payment network 108.
- the payment network 108 may then replace the RCA included in the authorization response with the MCA, and forward the authorization response to the acquirer 106, which may forward the response to the merchant for finalization of the transaction.
- the acquirer 106 may post the financial transaction for clearing with a clearing service 1 14.
- the clearing service 114 may transmit the posted transaction to the service provider 1 10.
- the service provider 1 10 may identify the RCA corresponding to the MCA included in the posted transaction using the mapping database 1 16, and may return the identified RCA to the clearing service 1 14.
- the clearing service 1 14 may then clear the transaction using the RCA with the issuer 1 12 using systems and methods apparent to persons having skill in the relevant art.
- the use of the MCA may enable the user of the mobile device 102 to more securely conduct a contactless payment transaction without using an RCA.
- the issuer 1 12 may be able to process the financial transaction via the RCA without being required to significantly change their existing processing systems.
- the service provider 1 10 may pre-validate the payment transaction based on the MCA and/or additional payment credentials. In such an embodiment, if the validation of the MCA fails, the service provider 1 10 (e.g., via the payment network 108) may transmit an authorization response to the acquirer 106 indicating denial of the transaction, and notify the issuer 1 12 of the failed validation. This may allow the transaction to be conducted without requiring any processing by the issuer 1 12. Conversely, if validation succeeds, the authorization may reach the issuer 1 12 pre-validated, which may enable the issuer 112 to approve or deny the transaction without being required to perform validation. Such a system may then not only enable the issuer 1 12 to process contactless payment transactions, but may also improve the efficiency of transaction processing.
- FIG. 2 illustrates data stored in the mobile device 102 for use in conducting contactless payment transactions via a mobile cloud account.
- the mobile device 102 may include a mobile wallet 202.
- the mobile wallet 202 may be an electronic wallet configured to store and transmit payment credentials for one or more mobile cloud accounts. The use of electronic wallets for the storage and transmission of payment credentials will be apparent to persons having skill in the relevant art.
- the mobile account credentials may include at least the MCA for each mobile cloud account and one or more security key certificates, as discussed in more detail below.
- the mobile device 102 may also include a payment user interface (Ul) 204.
- the payment Ul 204 may include an interface provided for the user for management of a payment application 208.
- the payment application 208 may be an application program stored on the mobile device 102 and executed by a processor of the mobile device.
- the payment application 208 may provide security for the functions performed by the mobile device 102 as disclosed herein, and may also facilitate
- the payment Ul 204 and/or the payment application 208 may be
- the mobile device 102 may also include a secure element 210.
- the secure element 210 may be a tamper-resistant platform, such as a hardware chip.
- the secure element 210 may store at least a master key identifier and a mobile cardlet.
- the master key identifier and the mobile cardlet may be stored in separate portions of the secure element 210.
- the master key identifier may be a value that is unique to the mobile device 102, such as a sixteen or nineteen digit number. Values suitable for use as the master key identifier will be apparent to persons having skill in the relevant art.
- the master key identifier may be provisioned to the secure element 210 by the manufacturer of the mobile device 102 at the time of the manufacture of the mobile device 102. In some instances, the master key identifier may be provisioned to the mobile device 102 and stored in the secure element 210 via over-the-air (OTA) processing, as discussed in more detail below.
- OTA over-the-air
- the mobile cardlet may be similarly provisioned to the secure element 210 physically or via OTA processing. In some embodiments the mobile cardlet and master key identifier may be provisioned to the secure element 210 simultaneously.
- the mobile cardlet may be configured to store mobile cloud account data for the transmission of payment credentials including the mobile cloud account data to the contactless terminal 104 for the conducting of a payment transaction.
- the mobile device 102 may execute a post issuance script, discussed in more detail below, which may transmit payment credentials for the selected mobile cloud account to the secure element 210 (e.g., to the mobile cardlet). The user may then initiate transmission of the payment credentials from the mobile cardlet to the contactless terminal 104 to initiate the transaction.
- the payment Ul 204 may include additional functionality 206.
- the additional functionality 206 may be configured to provide the user of the mobile device 102 with additional functions, such as the application of coupons to contactless transactions conducted using the mobile device 102, participation in a loyalty program, receiving of offers or discounts, etc. Additional functions will be apparent to persons having skill in the relevant art, such as the inControlTM platform by MasterCard ® . Details regarding inControlTM may be found in U.S. Patent No. 6,636,833, issued October 21 , 2003; U.S. Patent No. 7,136,835, issued November 14, 2006; U.S. Patent No. 7,571 ,142, issued August 4, 2009; U.S. Patent No.
- FIG. 3 is a process flow illustrating a method for the OTA
- a user 302 may request to use the mobile cloud service on a mobile device 102 that lacks a master key identifier in a secure element 210 of the mobile device 102.
- the request may be submitted to the service provider 1 10 via a mobile network operator (MNO) 304.
- MNO mobile network operator
- the service provider 1 10 may receive the request and may, in step 308, verify that the mobile device 102 does not already include a master key identifier.
- the service provider 1 10 may identify that the mobile device 102 already includes a master key identifier in the secure element 210 (e.g., if the master key identifier was provisioned by the MNO or a third party (e.g., the mobile device manufacturer, secure element issuer, etc.) at the manufacture of the mobile device 102), the method may proceed to step 316, if applicable, or step 320 where the mobile device 102 may be ready to receive MCAs.
- the service provider 1 10 may generate a master key identifier and a mobile cardlet for provisioning to the mobile device 102.
- the master key identifier may be any unique value suitable for the identification of the mobile device 102 and/or the secure element 210.
- the master key identifier may be a sixteen or nineteen digit number.
- the master key identifier may be identified in outside of possible RCA account ranges such that the master key identifier may not correspond to a RCA.
- the first digit of a generated master key identifier may be zero.
- the mobile cardlet may be configured to store payment credentials for transmission to the contactless terminal 104 via near field communication. In an exemplary embodiment, the mobile cardlet may contain no payment credentials upon provisioning to the mobile device 102.
- the service provider 1 10 may push (e.g., transmit) the generated master key identifier and mobile cardlet to the mobile device 102 via the MNO 304.
- the mobile device 102 may receive the data and may, in step 314, install (e.g., store) the master key identifier and mobile cardlet into the secure element 210.
- the master key identifier and mobile cardlet may be stored in separate portions of the secure element 210.
- the service provider 1 10 may identify (e.g., generate) personalization data and forward the personalization data to the mobile device 102.
- the personalization data may be data uniquely associated with the user 302 and/or the mobile device 102, as discussed in more detail below.
- the mobile device 102 may receive and install the personalization data in the secure element 210.
- the mobile device 102 may be ready to receive MCAs for use in conducting contactless payment transactions.
- FIGS. 4A and 4B are a process flow illustrating a method for the provisioning of a mobile cloud account to the mobile device 102.
- the MNO 304 may provision the master key identifier to the mobile device 102. It will be apparent to persons having skill in the relevant art that, in some embodiments, the master key identifier may be provisioned to the mobile device 102 over the air, such as using the method illustrated in FIG. 3. In step 404, the mobile device 102 may receive the master key identifier and store the master key identifier in the secure element 210.
- the user 302 may receive the mobile device 102, such as by purchasing the mobile device 102, or may otherwise be in possession of the mobile device 102 with the master key identifier included in the secure element 210.
- the user 302 may perform a service discovery to identify any RCAs associated with the user 302 that are eligible for use with the mobile cloud service.
- the service discovery may be performed by the MNO 304, in step 410, by identifying those RCAs associated with the user 302 eligible for the mobile cloud service.
- the method may include step 412, where the issuer 1 12 may provide real card account information to the MNO 304 for use in the determination of eligible RCAs.
- the MNO 304 may request specific card or issuer system details to determine if an RCA may be used in the mobile cloud service.
- the identification of eligible RCAs may be performed by the service provider 1 10.
- the MNO 304 may transmit the eligible RCAs to the mobile device 102, for display to the user 302 at step 416 (e.g., via the payment Ul 204). It will be apparent to persons having skill in the relevant art that steps 408 and 416 may be performed via a computing device other than the mobile device 102, such as a computer where the user 302 may initiate the service discovery and view eligible RCAs via a webpage.
- the user 302 may request an MCA for a real card account.
- the request may be submitted to the service provider 1 10.
- the service provider 1 10 may then request the master key identifier from the secure element 210 of the mobile device 102.
- the mobile device 102 may identify the master key identifier in the secure element 210 and transmit it to the service provider 1 10 in step 422.
- the service provider 1 10 may then, in step 424, request details for the real card account identified by the user 302 from the issuer 112.
- the issuer 1 12 may identify the real card account in step 426 and then may, in step 428, provide the requested RCA details back to the service provider 1 10.
- step 430 the service provider 1 10 may identify an MCA to correspond to the RCA, may map the MCA to the RCA, and store a mapping record in the mapping database 1 16. Identification of the MCA is discussed in more detail below with respect to FIG. 9.
- step 430 may be an optional step.
- the MCA may be identified by the issuer 1 12 and supplied directly to the service provider 1 10.
- the service provider 1 10 may validate the payment credentials for the MCA supplied by the issuer 1 12, but the issuer 1 12 may perform any necessary mapping as part of the processing of the financial transaction.
- the service provider 1 10 may generate a post issuance script.
- the post issuance script may be configured to cause the mobile device 102 to transmit mobile cloud account data for a selected MCA from a database or storage in the mobile device 102 to the mobile cardlet inside of the secure element 210.
- Data that may be included in the mobile cloud account data may include the MCA and additional information discussed in more detail below.
- the service provider 1 10 may transmit the post issuance script and related data to the mobile device 102, which may receive the script and data in step 436.
- the user 302 may (e.g., via the display Ul 204), select an MCA for use in funding a contactless payment transaction.
- the mobile device 102 may execute the corresponding post issuance script.
- the execution of the script may cause the mobile device 102 to transmit the corresponding mobile cloud account data into the mobile cardlet in the secure storage 210.
- the transmitted mobile cloud account data may overwrite an existing mobile cloud account data in the mobile cardlet such that the mobile cardlet may include data for only a single mobile cloud account at any given time.
- the mobile device 102 may be ready for the contactless payment transaction (e.g., ready to transmit payment credentials to the contactless terminal 104 via near field communication).
- FIG. 5 is a high level flow diagram illustrating a method for processing an authorization request for a contactless payment transaction funded via an MCA initiated by the mobile device 102.
- the mobile device 102 may transmit the MCA and related payment credentials from the mobile cardlet in the secure storage to the contactless terminal 104 via near field communication.
- the contactless terminal 104 may receive the MCA and payment credentials and may, in step 504, forward the information to the acquirer 106.
- the acquirer 106 may then generate an authorization request using systems and methods apparent to persons having skill in the relevant art, wherein the authorization request includes the MCA and payment credentials.
- the authorization request may be submitted by the acquirer to the payment network 108 in step 506.
- the payment network 108 may then, in step 508, forward at least the MCA to the service provider 1 10.
- the service provider 1 10 may receive the MCA and perform cryptography to validate the MCA using methods apparent to persons having skill in the relevant art.
- the service provider 1 10 may also, using the mapping database 1 16, identify an RCA corresponding to the MCA.
- the service provider 1 10 may then, in step 510, forward the identified RCA to the payment network 108.
- the service provider 1 10 may return an indication of the failure of the validation to the payment network 108 and/or directly to the acquirer 106. In some embodiments, if verification fails, the service provider 1 10 may transmit a notification to the issuer 1 12. In a further embodiment, the issuer 1 12 may request to the service provider 1 10 to not be notified of any failed verifications. In one embodiment, the service provider 1 10 may still forward the RCA to the payment network 108 for forwarding to the issuer 1 12 if mapping succeeds but cryptography validation of payment credentials (e.g., a payment cryptogram) fails.
- payment credentials e.g., a payment cryptogram
- the payment network 108 may receive the RCA from the service provider 1 10 and may, in step 512, replace the MCA in the authorization request with the RCA and forward the authorization request to the issuer 1 12.
- the issuer 1 12 provides the MCA directly to the service provider 1 10 (e.g., such that the service provider 1 10 does not generate the MCA)
- the payment network may submit the authorization request including the MCA and the indication of the successful validation performed by the service provider 1 10, and the issuer 1 12 may map the MCA to the corresponding RCA.
- the issuer 1 12 may approve or deny the financial transaction using systems, methods, and practices that will be apparent to persons having skill in the relevant art.
- the issuer 1 12 may then, in step 514, submit an authorization response to the payment network 108 indicating whether the transaction is approved or denied.
- the payment network 108 may then replace the RCA in the authorization response with the MCA and forward the modified authorization response to the acquirer 106 for finalization of the transaction.
- the payment network 108 may forward the authorization response including the RCA to the service provider 1 10 for replacement with the MCA via the mapping database 1 16.
- FIG. 6 is a process flow illustrating a more detailed method for the authorization of a contactless payment transaction funded via a mobile cloud account.
- the user 302 may "tap" the contactless terminal 104 using the mobile device 102 with payment credentials loaded into the mobile cardlet in the secure storage 210.
- the term “tapping” may refer to the transmission of payment credentials via near field communication from the mobile device 102 to the contactless terminal 104 due to the close proximity of the mobile device 102 to the terminal 104, which sometimes may result in the mobile device 102 physically tapping the terminal 104.
- the payment credentials may include a payment cryptogram, such as an authorization request cryptogram or dynamic card validation code, generated based on at least a portion of the mobile cloud account data stored in the secure element 210.
- the contactless terminal 104 may forward the payment credentials, including the MCA and payment cryptogram, to the acquirer 106, who may then submit an authorization request including the MCA and payment credentials to the payment network 108 in step 604.
- the mobile device 102 may also transmit additional credentials to the contactless terminal.
- the credentials may include a mobile personal identification number (PIN), which may be a number input by the user 302 into the mobile device 102 prior or subsequent to indication of an MCA for use in the payment transaction.
- the credentials may include an online PIN, which may be input by the user 302 into the contactless terminal 104.
- the contactless terminal 104 may prompt the user 302 to input the online PIN subsequent to the transmission of the payment credentials to the contactless terminal 104 and prior to the transmission of data to the acquirer 106.
- the payment network 108 may route the authorization request based on the MCA.
- the number may indicate that the transaction is to be funded by an MCA, which the payment network 108 may identify needs to be mapped by the service provider 1 10 and accordingly forward the relevant information to the service provider 1 10.
- the authorization request may originate from a different payment network, but may be forwarded to the payment network 108 and/or the service provider 1 10 for validation/verification and/or mapping.
- the verified and/or mapped credentials may be forwarded on to the issuer 1 12 for authorization, and then returned to the originating payment network.
- the service provider 1 10 may receive the MCA and additional payment credentials if applicable and may verify (e.g. , validate) the MCA and/or payment cryptogram or other credentials using cryptography methods and systems apparent to persons having skill in the relevant art. If the verification of the credentials fails, then, in step 610, the payment network 108 may receive an indication from the service provider 1 10 to deny the authorization. The payment network 108 may then submit an
- the service provider 1 10 may submit a notification to the issuer 1 12 of the failed verification of the credentials.
- the service provider 1 10 may map the MCA used in the failed verification to identify the corresponding RCA and include the corresponding RCA in the notification.
- the service provider 1 10 may identify the RCA corresponding to the MCA via the mapping database 1 16. It will be apparent to persons having skill in the relevant art that, in some embodiments, step 614 may be an optional step. In such an embodiment, the service provider 1 10 may return only an indication of the successful validation of the credentials. If the mapping is performed by the service provider 1 10, then, in step 616, the service provider 1 10 may return the corresponding RCA to the payment network 108.
- the payment network 108 may route the authorization request with the RCA in place of the MCA to the issuer 1 12.
- the issuer 1 12 may approve and process the financial transaction using methods apparent to persons having skill in the relevant art.
- the service provider 1 10 does not generate and map an MCA
- authorization response routed to the issuer 1 12 may include the MCA, and step 620 may further include identifying the RCA corresponding to the MCA.
- the issuer 1 12 may submit a response to the payment network 108 approving the financial transaction.
- the payment network 108 may replace the RCA included in the authorization response with the corresponding MCA.
- replacing the RCA may include step 626, where the service provider 1 10 may remap the RCA to the corresponding MCA and transmit the MCA to the payment network 108.
- the payment network 108 may transmit the authorization response including the MCA to the acquirer 106, who may then forward the authorization response to the contactless terminal 104 for finalization of the transaction.
- FIGS. 7 and 8 illustrate the provisioning of mobile cloud account data to the mobile device 102 and subsequently into the secure element 210 for transmission to the contactless terminal 104 for use in funding a contactless payment transaction.
- the issuer 112 may issue a plurality of real card accounts 702 to the user 302.
- Each real card account may include an RCA corresponding to the account.
- the service provider 1 10 may identify and/or generate an MCA to correspond to each RCA.
- the MCA may be included in a mobile cloud account 704 provisioned to the wallet 202 of the mobile device 102.
- the wallet 202 may store the mobile cloud account 704 and related data (e.g., MCA, post issuance scripts, etc.) for selection by the user 302 for use in a contactless payment transaction.
- the mobile device 102 may also include the secure element 210.
- the secure element 210 may include the master key identifier 706 stored in a first portion of the secure element 210.
- each mobile cloud account 704 may include mobile cloud account data 802, such as the MCA, an issuer public key certificate, and ICC public key certificate, discussed in more detail below.
- mobile cloud account data 802 such as the MCA, an issuer public key certificate, and ICC public key certificate, discussed in more detail below.
- the mobile device 102 may execute the corresponding post issuance script.
- the post issuance script may cause the mobile device 102 to execute an update command 804.
- the update command 804 may cause the mobile device 102 to transmit the mobile cloud account data 802 to the secure element 210.
- the mobile cloud account data 802 may be stored in the secure element 210 in a second portion of the secure element 210 separate from the master key identifier 706, such as the mobile cardlet.
- the storage of the mobile cloud account data 802 in a separate portion of the secure element 210 may provide for additional security to prevent misappropriation or unauthorized access to the master key identifier 706 or other information. It will be apparent to persons having skill in the relevant art that the data included in the mobile cloud account data 802 as illustrated in FIG. 8 is provided as an illustration, and that the mobile cloud account data 802 may include different data or information.
- FIG. 9 is a process flow illustrating a detailed method for the generation of mapping and cryptography data for a mobile cloud account.
- the service provider 1 10 may generate (e.g., create) an integrated circuit card (ICC) RSA key pair, which may include an ICC public key and an ICC private key. Methods for generating key pairs using RSA will be apparent to persons having skill in the relevant art.
- the service provider 1 10 may create ICC master keys, such as an ICC master data encryption service (DES) key, based on the master key identifier sequence number and master key identifier domain issuer master keys.
- DES ICC master data encryption service
- the service provider 1 10 may create personalization data.
- the personalization data may include data personalized to a specific user 302 and/or mobile device 102.
- the personalized data may include at least an ICC DES master key, the ICC private key, the ICC public key and master key identifier and sequence number, and any additional information as applicable, such as card risk management information.
- the personalization data may be transmitted to the mobile device 102 for storage in the secure element (e.g., in the mobile cardlet).
- step 906 may further include creating the mobile cardlet for installation in the secure storage 210 in step 908.
- step 910 the mobile device 102 may transmit the mobile key identifier and ICC public key stored in the secure element 210 to the service provider 1 10.
- step 912 the issuer 1 12 may send the RCA to which an MCA is requested to the service provider 1 10.
- steps 910 and 912 may be performed concurrently, in an alternate order, or at varying points in time.
- step 910 may be optional, as the service provider 1 10 may retain the mobile key identifier and ICC public key utilized and/or created in previous steps.
- step 912 may occur prior to step 902 such that step 902 is triggered by the receipt of the RCA for the identification and mapping of a corresponding MCA.
- the service provider 1 10 may generate an MCA corresponding to the RCA.
- the MCA may be generated to include one or more attributes of the RCA.
- the MCA may include one or more attributes of the RCA including at least one of: brand, product, country code, region, account level management participation, and Durbin indicator.
- the MCA may include at least a portion of the RCA. In a further embodiment, the portion may be at least the last four digits of the RCA.
- the payment Ul 204 may display the mobile cloud account for the MCA to the user 302 in the form of an image of a payment card with first twelve digits of the MCA obscured (e.g., replaced by asterisks) and the last four digits displayed, such that the user 302 may readily recognize which MCA corresponds to which RCA based on the last four digits. It will be apparent to persons having skill in the relevant art that other indicators may be used, such as a similar graphical image
- a nickname or other notation provided by the user 302, etc.
- the MCA may be identified such that there is a 1 :1 relationship between an RCA account range and an MCA account range.
- an MCA account range may correspond to a particular issuer 1 12.
- the first digit of the identified MCA may be zero, which may indicate that the MCA corresponds to an RCA (e.g., for routing by a payment network 108).
- multiple MCAs may be mapped to correspond to a single RCA, such as in an instance where multiple payment cards may be issued for a single RCA (e.g., family cards, corporate cards, etc.).
- the service provider 1 10 may create an ICC public key certificate.
- the ICC public key certificate may be created by the certification of the ICC public key by an issuer private key received from the issuer 1 12.
- the ICC public key may be received by the service provider 1 10 from the secure element 210 of the mobile device 102.
- the issuer 1 12 may transmit an issuer public key certificate to the service provider 1 10.
- the service provider 1 10 may generate mobile cloud account data 802 corresponding to the generated MCA.
- the mobile cloud account data 802 may include at least the issuer public key certificate, the ICC public key certificate, and the MCA.
- the generated MCA may include an expiration date, which may be further included in the mobile cloud account data 802.
- the mobile cloud account data 802 may further include static track data and initialization vectors.
- the service provider 1 10 may generate a post issuance script configured to transmit the mobile cloud account data 802 from the wallet 202 of the mobile device 102 to the mobile cardlet in the secure storage 210.
- the service provider 1 10 may transmit the post issuance script to the mobile device 102, which may, in step 924, receive and store the post issuance script in the wallet 202.
- the service provider 1 10 may save a mapping record for the generated MCA in the mapping database 1 16.
- the mapping record may include at least the master key identifier 706, the MCA, and the RCA.
- FIG. 10 illustrates a method 1000 for mapping a payment account (e.g., the real card account 702) to a mobile cloud account number.
- a payment account e.g., the real card account 702
- an integrated circuit card (ICC) RSA key pair including an ICC public key and an ICC private key may be generated by a generating device (e.g., included in the service provider 1 10).
- the generating device may generate an ICC master key based on at least a master key identifier (e.g., the master key identifier 706).
- a master key identifier e.g., the master key identifier 706
- the master key identifier may be a sixteen or nineteen digit number.
- a transmitting device may transmit at least the ICC public key, the ICC private key, the ICC master key, and the master key identifier to a mobile device (e.g., the mobile device 102) for storage in a secure element (e.g., the secure element 210).
- a receiving device may receive a real card account number (RCA) corresponding to a payment account 702.
- RCA real card account number
- attributes of the RCA may be identified by a processing device.
- the attributes of the RCA may include at least one of: a brand, product, country code, region, account level management participation, and Durbin indicator.
- the attributes of the RCA may include at least one of: a brand, product, country code, region, account level management participation, and Durbin indicator.
- processing device may identify a mobile cloud account number (MCA) based on the identified attributes of the RCA.
- MCA mobile cloud account number
- identifying the MCA may include receiving, by the receiving device, the MCA from an issuer (e.g., the issuer 112) associated with the RCA.
- the identified MCA may include at least a portion of the RCA.
- the portion of the RCA may include at least the last four digits.
- the receiving device may receive an issuer private key and an issuer private key certificate.
- the generating device may generate an ICC public key certificated based on certification of the ICC public key by the issuer private key.
- the processing device may create a post issuance script configured to store mobile cloud account data (e.g., the mobile cloud account data 802) in the secure element 210 of the mobile device 102, wherein the mobile cloud account data 802 includes at least the issuer public key certificate, the MCA, and the ICC public key certificate.
- the transmitting device may transmit the created post issuance script to the mobile device 102.
- a mapping record may be stored in a mapping database (e.g., the mapping database 1 16), wherein the mapping record includes at least the master key identifier 706, the MCA, and the RCA.
- FIG. 1 1 illustrates a method 1 100 for processing a contactless financial transaction using a mobile cloud account.
- a plurality of mapping records may be stored in a mapping database (e.g., the mapping database 1 16), wherein each mapping record includes at least a master key identifier (e.g., the master key identifier 706), a mobile cloud account number (MCA), and a real card account number (RCA), and wherein the MCA is based on attributes of the RCA.
- the MCA may include at least a portion of the RCA.
- the portion of the RCA may include at least the last four digits of the RCA.
- the attributes of the RCA may include at least one of: a brand, product, country code, region, account level management participation, and Durbin indicator.
- the master key identifier 706 may be a sixteen or nineteen digit number.
- a receiving device may receive transaction data related to a financial transaction, wherein the transaction data may include at least an MCA and a payment cryptogram.
- the received transaction data may be included in an authorization request for the financial transaction.
- the payment cryptogram may be one of: a dynamic card validation code and an authorization request cryptogram.
- a validation device may validate the payment cryptogram.
- a specific mapping record may be identified in the mapping database 1 16, wherein the specific mapping record includes the MCA included in the received transaction data.
- a transmitting device may transmit at least the RCA included in the specific mapping record and a validation result indicating a success or failure of the validation of the payment cryptogram.
- the method 1 100 may further comprise: receiving, by the receiving device, an authorization response from an issuer (e.g., the issuer 1 12) associated with the RCA, the authorization response including at least the RCA included in the specific mapping record and an indication of approval or denial of the financial transaction; and transmitting, by the transmitting device, an authorization response including the MCA included in the specific mapping record in response to the authorization request.
- an issuer e.g., the issuer 1 12
- FIG. 12 illustrates a method 1200 for providing payment credentials for a mobile cloud account from a mobile device for a contactless payment transaction.
- step 1202 personalization data may be received by a receiving device, wherein the personalization data includes at least an integrated circuit card (ICC) public key, an ICC private key, an ICC master key, and a master key identifier (e.g., the master key identifier 706).
- the received personalization data may be stored in a first location of a secure element (e.g., the secure element 210) of a mobile device (e.g., the mobile device 102).
- a secure element e.g., the secure element 2
- step 1206 at least one post issuance script may be received by a receiving device, wherein each of the at least one post issuance script is configured to store, in a second location of the secure element 210 of the mobile device 102, mobile cloud account data (e.g., the mobile cloud account data 802), the mobile cloud account data 802 including at least an issuer public key certificate, an ICC public key certificate, and a mobile cloud account number (MCA), and wherein the MCA is based on attributes of a real card account number (RCA).
- the MCA may include at least a portion of the RCA.
- the portion of the RCA may include at least the last four digits of the RCA.
- the attributes of the RCA may include at least one of: a brand, product, country code, region, account level management participation, and Durbin indicator.
- the master key identifier 706 is a sixteen or nineteen digit number.
- the received at least one post issuance script may be stored in a database (e.g., the wallet 202) not included in the secure element 210.
- a database e.g., the wallet 202
- an indication of an MCA included in a specific post issuance script of the at least one post issuance script may be received by an input device.
- the input device may include at least one of: a mouse, keyboard, click wheel, scroll wheel, and touch screen.
- the specific post issuance script may be executed by a
- the method 1200 may further include:
- the payment cryptogram may be one of: a dynamic card validation code and an authorization request cryptogram.
- FIG. 13 illustrates a computer system 1300 in which embodiments of the present disclosure, or portions thereof, may be implemented as computer-readable code.
- mobile device 102, the contactless terminal 104, the acquirer 106, the payment network 108, the service provider 1 10, the issuer 1 12, and the clearing service 1 14 of FIG. 1 may be implemented in the computer system 1300 using hardware, software, firmware, non-transitory computer readable media having instructions stored thereon, or a combination thereof and may be implemented in one or more computer systems or other processing systems.
- Hardware, software, or any combination thereof may embody modules and components used to implement the methods of FIGS. 3-7 and 9-12.
- programmable logic may execute on a commercially available processing platform or a special purpose device.
- a person having ordinary skill in the art may appreciate that embodiments of the disclosed subject matter can be practiced with various computer system configurations, including multi-core multiprocessor systems, minicomputers, mainframe computers, computers linked or clustered with distributed functions, as well as pervasive or miniature computers that may be embedded into virtually any device.
- processor device and a memory may be used to implement the above described embodiments.
- a processor device as discussed herein may be a single processor, a plurality of processors, or combinations thereof. Processor devices may have one or more processor “cores.”
- the terms "computer program medium,” “non-transitory computer readable medium,” and “computer usable medium” as discussed herein are used to generally refer to tangible media such as a removable storage unit 1318, a removable storage unit 1322, and a hard disk installed in hard disk drive 1312.
- Processor device 1304 may be a special purpose or a general purpose processor device.
- the processor device 1304 may be connected to a communication infrastructure 1306, such as a bus, message queue, network, multi-core message-passing scheme, etc.
- the network may be any network suitable for performing the functions as disclosed herein and may include a local area network (LAN), a wide area network (WAN), a wireless network (e.g., WiFi), a mobile communication network, a satellite network, the Internet, fiber optic, coaxial cable, infrared, radio frequency (RF), or any combination thereof. Other suitable network types and configurations will be apparent to persons having skill in the relevant art.
- the computer system 1300 may also include a main memory 1308 (e.g., random access memory, read-only memory, etc.), and may also include a secondary memory 1310.
- the secondary memory 1310 may include the hard disk drive 1312 and a removable storage drive 1314, such as a floppy disk drive, a magnetic tape drive, an optical disk drive, a flash memory, etc.
- the removable storage drive 1314 may read from and/or write to the removable storage unit 1318 in a well-known manner.
- the removable storage unit 1318 may include a removable storage media that may be read by and written to by the removable storage drive 1314.
- the removable storage drive 1314 is a floppy disk drive
- the removable storage unit 1318 may be a floppy disk.
- the removable storage unit 1318 may be non-transitory computer readable recording media.
- the secondary memory 1310 may include alternative means for allowing computer programs or other instructions to be loaded into the computer system 1300, for example, the removable storage unit 1322 and an interface 1320.
- Examples of such means may include a program cartridge and cartridge interface (e.g., as found in video game systems), a removable memory chip (e.g., EEPROM, PROM, etc.) and associated socket, and other removable storage units 1322 and interfaces 1320 as will be apparent to persons having skill in the relevant art.
- Data stored in the computer system 1300 may be stored on any type of suitable computer readable media, such as optical storage (e.g., a compact disc, digital versatile disc, Blu-ray disc, etc.) or magnetic tape storage (e.g., a hard disk drive).
- the data may be configured in any type of suitable database configuration, such as a relational database, a structured query language (SQL) database, a distributed database, an object database, etc. Suitable configurations and storage types will be apparent to persons having skill in the relevant art.
- the computer system 1300 may also include a communications interface 1324.
- the communications interface 1324 may be configured to allow software and data to be transferred between the computer system 1300 and external devices.
- Exemplary communications interfaces 1324 may include a modem, a network interface (e.g., an Ethernet card), a
- Software and data transferred via the communications interface 1324 may be in the form of signals, which may be electronic, electromagnetic, optical, or other signals as will be apparent to persons having skill in the relevant art.
- the signals may travel via a communications path 1326, which may be configured to carry the signals and may be implemented using wire, cable, fiber optics, a phone line, a cellular phone link, a radio frequency link, etc.
- Computer program medium and computer usable medium may refer to memories, such as the main memory 1308 and secondary memory 1310, which may be memory semiconductors (e.g. DRAMs, etc.). These computer program products may be means for providing software to the computer system 1300.
- Computer programs e.g., computer control logic
- Computer programs may also be received via the communications interface 1324.
- Such computer programs, when executed, may enable computer system 1300 to implement the present methods as discussed herein.
- the computer programs, when executed may enable processor device 1304 to implement the methods illustrated by FIGS. 3-7 and 9-12, as discussed herein. Accordingly, such computer programs may represent controllers of the computer system 1300.
- the software may be stored in a computer program product and loaded into the computer system 1300 using the removable storage drive 1314, interface 1320, and hard disk drive 1312, or communications interface 1324.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Finance (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP13754963.0A EP2820602B1 (en) | 2012-03-01 | 2013-03-01 | Systems and methods for mapping a mobile cloud account to a payment account |
SG11201405369RA SG11201405369RA (en) | 2012-03-01 | 2013-03-01 | Systems and methods for mapping a mobile cloud account to a payment account |
CA2865435A CA2865435C (en) | 2012-03-01 | 2013-03-01 | Systems and methods for mapping a mobile cloud account to a payment account |
AU2013225742A AU2013225742B2 (en) | 2012-03-01 | 2013-03-01 | Systems and methods for mapping a mobile cloud account to a payment account |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261605588P | 2012-03-01 | 2012-03-01 | |
US61/605,588 | 2012-03-01 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013130982A1 true WO2013130982A1 (en) | 2013-09-06 |
Family
ID=49043415
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2013/028631 WO2013130982A1 (en) | 2012-03-01 | 2013-03-01 | Systems and methods for mapping a mobile cloud account to a payment account |
Country Status (6)
Country | Link |
---|---|
US (1) | US20130232083A1 (en) |
EP (1) | EP2820602B1 (en) |
AU (1) | AU2013225742B2 (en) |
CA (1) | CA2865435C (en) |
SG (2) | SG10201607274UA (en) |
WO (1) | WO2013130982A1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9775029B2 (en) | 2014-08-22 | 2017-09-26 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US9972005B2 (en) | 2013-12-19 | 2018-05-15 | Visa International Service Association | Cloud-based transactions methods and systems |
US10187363B2 (en) | 2014-12-31 | 2019-01-22 | Visa International Service Association | Hybrid integration of software development kit with secure execution environment |
US10558973B2 (en) * | 2016-06-23 | 2020-02-11 | Beijing Xiaomi Mobile Software Co., Ltd. | Method and apparatus for card activation |
US10846694B2 (en) | 2014-05-21 | 2020-11-24 | Visa International Service Association | Offline authentication |
US11017386B2 (en) | 2013-12-19 | 2021-05-25 | Visa International Service Association | Cloud-based transactions with magnetic secure transmission |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9747632B2 (en) * | 2013-01-13 | 2017-08-29 | Retail Technologies Corporation | Store mobile cloud application system for inventory management and customer order fulfillment and method for retail establishment |
US9606619B2 (en) * | 2013-02-13 | 2017-03-28 | Nokia Technologies Oy | Method and apparatus for accepting third-party use of services based on touch selection |
US9022286B2 (en) | 2013-03-15 | 2015-05-05 | Virtual Electric, Inc. | Multi-functional credit card type portable electronic device |
US9760886B2 (en) * | 2013-05-10 | 2017-09-12 | Visa International Service Association | Device provisioning using partial personalization scripts |
US20150095225A1 (en) * | 2013-10-02 | 2015-04-02 | Mastercard International Incorporated | Enabling synchronization between disparate payment account systems |
US10007909B2 (en) * | 2013-12-02 | 2018-06-26 | Mastercard International Incorporated | Method and system for secure transmission of remote notification service messages to mobile devices without secure elements |
AU2015259162B2 (en) * | 2014-05-13 | 2020-08-13 | Visa International Service Association | Master applet for secure remote payment processing |
CN104240071B (en) * | 2014-09-28 | 2018-05-08 | 上海海基业信息技术有限公司 | A kind of cloud payment cipher publishing system and its application process |
US9619636B2 (en) * | 2015-02-06 | 2017-04-11 | Qualcomm Incorporated | Apparatuses and methods for secure display on secondary display device |
US10439813B2 (en) * | 2015-04-02 | 2019-10-08 | Visa International Service Association | Authentication and fraud prevention architecture |
EP3122082A1 (en) * | 2015-07-24 | 2017-01-25 | Gemalto Sa | Method to secure an applicative function in a cloud-based virtual secure element implementation |
US10523441B2 (en) | 2015-12-15 | 2019-12-31 | Visa International Service Association | Authentication of access request of a device and protecting confidential information |
WO2017115386A1 (en) * | 2015-12-28 | 2017-07-06 | Hasija Sunil Kumar | Multi-account mapping system and method |
CN106997527A (en) * | 2016-01-25 | 2017-08-01 | 阿里巴巴集团控股有限公司 | Credit payment method and device based on mobile terminal P2P |
US11157901B2 (en) * | 2016-07-18 | 2021-10-26 | Dream Payments Corp. | Systems and methods for initialization and activation of secure elements |
US10417629B2 (en) | 2016-09-02 | 2019-09-17 | Microsoft Technology Licensing, Llc | Account identifier digitization abstraction |
US11348116B2 (en) | 2017-11-07 | 2022-05-31 | Mastercard International Incorporated | Systems and methods for enhancing online user authentication using a personal cloud platform |
CN108734447A (en) * | 2018-05-29 | 2018-11-02 | 广东通莞科技股份有限公司 | A kind of mobile-payment system of micro services framework |
EP4282128A1 (en) * | 2021-01-19 | 2023-11-29 | Visa International Service Association | Mobile user authentication system and method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030222138A1 (en) * | 2002-05-31 | 2003-12-04 | Carole Oppenlander | System and method for authorizing transactions |
KR20040040267A (en) * | 2002-10-31 | 2004-05-12 | (주)로코모 | Method for Issuing Instant Mobile Card using Wireless Network and Accounting it using Short Distance Communication |
KR20040041230A (en) * | 2002-11-09 | 2004-05-17 | 신현길 | The method of mobile payment with a proxy-card and this system |
US20060196931A1 (en) * | 2005-03-07 | 2006-09-07 | Nokia Corporation | Methods, system and mobile device capable of enabling credit card personalization using a wireless network |
US20070055630A1 (en) * | 2005-09-06 | 2007-03-08 | Visa U.S.A. | System and method for secured account numbers in proximity devices |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6163771A (en) * | 1997-08-28 | 2000-12-19 | Walker Digital, Llc | Method and device for generating a single-use financial account number |
AU2001239945A1 (en) * | 2000-02-29 | 2001-09-12 | E-Scoring, Inc. | Systems and methods enabling anonymous credit transactions |
GB2446179B (en) * | 2007-02-01 | 2011-08-31 | Monitise Group Ltd | Methods and a System for Providing Transaction Related Information |
US8725574B2 (en) * | 2008-11-17 | 2014-05-13 | Mastercard International Incorporated | Methods and systems for payment account issuance over a mobile network |
US9734495B2 (en) * | 2009-06-02 | 2017-08-15 | Qualcomm Incorporated | Mobile commerce authentication and authorization systems |
US9324066B2 (en) * | 2009-12-21 | 2016-04-26 | Verizon Patent And Licensing Inc. | Method and system for providing virtual credit card services |
PL2526514T3 (en) * | 2010-01-19 | 2018-10-31 | Bluechain Pty Ltd | Method, device and system for securing payment data for transmission over open communication networks |
US8346671B2 (en) * | 2010-04-01 | 2013-01-01 | Merchant Link, Llc | System and method for point-to-point encryption with adjunct terminal |
CA3012391A1 (en) * | 2010-04-05 | 2011-10-13 | Cardinalcommerce Corporation | Method and system for processing pin debit transactions |
-
2013
- 2013-03-01 SG SG10201607274UA patent/SG10201607274UA/en unknown
- 2013-03-01 WO PCT/US2013/028631 patent/WO2013130982A1/en active Application Filing
- 2013-03-01 CA CA2865435A patent/CA2865435C/en active Active
- 2013-03-01 AU AU2013225742A patent/AU2013225742B2/en active Active
- 2013-03-01 US US13/782,111 patent/US20130232083A1/en not_active Abandoned
- 2013-03-01 EP EP13754963.0A patent/EP2820602B1/en active Active
- 2013-03-01 SG SG11201405369RA patent/SG11201405369RA/en unknown
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030222138A1 (en) * | 2002-05-31 | 2003-12-04 | Carole Oppenlander | System and method for authorizing transactions |
KR20040040267A (en) * | 2002-10-31 | 2004-05-12 | (주)로코모 | Method for Issuing Instant Mobile Card using Wireless Network and Accounting it using Short Distance Communication |
KR20040041230A (en) * | 2002-11-09 | 2004-05-17 | 신현길 | The method of mobile payment with a proxy-card and this system |
US20060196931A1 (en) * | 2005-03-07 | 2006-09-07 | Nokia Corporation | Methods, system and mobile device capable of enabling credit card personalization using a wireless network |
US20070055630A1 (en) * | 2005-09-06 | 2007-03-08 | Visa U.S.A. | System and method for secured account numbers in proximity devices |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10664824B2 (en) | 2013-12-19 | 2020-05-26 | Visa International Service Association | Cloud-based transactions methods and systems |
US11164176B2 (en) | 2013-12-19 | 2021-11-02 | Visa International Service Association | Limited-use keys and cryptograms |
US11875344B2 (en) | 2013-12-19 | 2024-01-16 | Visa International Service Association | Cloud-based transactions with magnetic secure transmission |
US10402814B2 (en) | 2013-12-19 | 2019-09-03 | Visa International Service Association | Cloud-based transactions methods and systems |
US11017386B2 (en) | 2013-12-19 | 2021-05-25 | Visa International Service Association | Cloud-based transactions with magnetic secure transmission |
US9972005B2 (en) | 2013-12-19 | 2018-05-15 | Visa International Service Association | Cloud-based transactions methods and systems |
US10846694B2 (en) | 2014-05-21 | 2020-11-24 | Visa International Service Association | Offline authentication |
US11842350B2 (en) | 2014-05-21 | 2023-12-12 | Visa International Service Association | Offline authentication |
US9775029B2 (en) | 2014-08-22 | 2017-09-26 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US11036873B2 (en) | 2014-08-22 | 2021-06-15 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US11783061B2 (en) | 2014-08-22 | 2023-10-10 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US10511583B2 (en) | 2014-12-31 | 2019-12-17 | Visa International Service Association | Hybrid integration of software development kit with secure execution environment |
US11240219B2 (en) | 2014-12-31 | 2022-02-01 | Visa International Service Association | Hybrid integration of software development kit with secure execution environment |
US10187363B2 (en) | 2014-12-31 | 2019-01-22 | Visa International Service Association | Hybrid integration of software development kit with secure execution environment |
US10558973B2 (en) * | 2016-06-23 | 2020-02-11 | Beijing Xiaomi Mobile Software Co., Ltd. | Method and apparatus for card activation |
Also Published As
Publication number | Publication date |
---|---|
US20130232083A1 (en) | 2013-09-05 |
AU2013225742B2 (en) | 2018-02-08 |
SG11201405369RA (en) | 2014-11-27 |
EP2820602B1 (en) | 2020-10-28 |
AU2013225742A1 (en) | 2014-09-18 |
EP2820602A1 (en) | 2015-01-07 |
CA2865435C (en) | 2019-04-30 |
CA2865435A1 (en) | 2013-09-06 |
EP2820602A4 (en) | 2015-12-02 |
SG10201607274UA (en) | 2016-10-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2820602B1 (en) | Systems and methods for mapping a mobile cloud account to a payment account | |
US11829999B2 (en) | Systems and methods for processing mobile payments by provisoning credentials to mobile devices without secure elements | |
US9947001B2 (en) | System and method for using multiple payment accounts using a single payment device | |
US10552822B2 (en) | System and method for processing financial transactions using a mobile device for payment | |
US20150046336A1 (en) | System and method of using a secondary screen on a mobile device as a secure and convenient transacting mechanism | |
RU2663319C2 (en) | Method and system of safe authenticating user and mobile device without safety elements | |
US20140310182A1 (en) | Systems and methods for outputting information on a display of a mobile device | |
CN108352019B (en) | Method and system for fraud detection using mobile communication devices | |
US20150066651A1 (en) | Method and System for Secure Mobile Payment Processing and Data Analytics | |
US20240020676A1 (en) | Portable device loading mechanism for account access | |
WO2017062193A1 (en) | Method and system for distribution of social benefits | |
US20140250007A1 (en) | Method and system of cookie driven cardholder authentication summary | |
US10572873B2 (en) | Method and system for the transmission of authenticated authorization requests | |
WO2016040576A1 (en) | System and method for processing financial transactions using a mobile device for payment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13754963 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2865435 Country of ref document: CA |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2013225742 Country of ref document: AU Date of ref document: 20130301 Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2013754963 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112014021627 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: 112014021627 Country of ref document: BR Kind code of ref document: A2 Effective date: 20140901 |