Systems and methods for processing transactions using a wallet
US-9195984-B1 · Nov 24, 2015 · US
Device provisioning using partial personalization scripts
US11010755B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11010755-B2 |
| Application number | US-201916255559-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 23, 2019 |
| Priority date | May 10, 2013 |
| Publication date | May 18, 2021 |
| Grant date | May 18, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the invention relate to systems and methods for efficiently provisioning mobile devices with personalization data. For some embodiments, a method is disclosed comprising receiving a request for provisioning comprising device information for a mobile device and user authentication information for a user, generating a partial personalization script, an activation script, and a deletion script using the device information, sending the partial personalization script, the activation script, and the deletion script to an application provider computer, wherein the application provider computer initiates execution of the partial personalization script on the mobile device, authenticating the user authentication information, and sending an activation message to the application provider computer, wherein the application provider computer initiates execution of the activation script.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method comprising: receiving, by a processor of a service provider computer, a request for provisioning a computing device, the request including device information for the computing device and user authentication information for a user of the computing device, the device information including a secure element identifier and a session identifier; retrieving, by the processor, a personalization master key associated with the computing device based on the secure element identifier; generating, by the processor, a personalization session key using a key derivation function, the secure element identifier, the session identifier, and the personalization master key; generating, by the processor, store data commands comprising personalization data; encrypting, by the processor, the store data commands using the personalization session key; generating, by the processor, a partial personalization script using the encrypted store data commands; generating, by the processor, an activation script; encrypting, by the processor, the activation script using the personalization session key; generating, by the processor, a deletion script used for deletion of personalization data residing on the computing device; encrypting, by the processor, the deletion script using the personalization session key; and sending, by the processor, the partial personalization script and the activation script and the deletion script to the computing device, wherein the computing device decrypts the store data commands, the activation script, and the deletion script using an encryption key that matches the personalization session key. 2. The computer-implemented method of claim 1 , wherein the session identifier is a nonce value. 3. The computer-implemented method of claim 1 , wherein the personalization master key is a symmetric encryption key. 4. The computer-implemented method of claim 1 , further comprising: determining, by the processor, that the personalization session key is expired; establishing, by the processor, a new session associated with a new personalization session key; generating, by the processor, a new activation script using the new personalization session key; and sending, by the processor, the new activation script. 5. The computer-implemented method of claim 1 , wherein the device information includes a device cryptogram. 6. The computer-implemented method of claim 5 , further comprising authenticating the user by validating the device cryptogram using the personalization session key. 7. The computer-implemented method of claim 1 , wherein the user authentication information includes an account identifier, and wherein the personalization data includes a token that represents the account identifier. 8. The computer-implemented method of claim 1 , wherein the request does not include the personalization master key, and wherein the personalization master key is not sent between the computing device and the service provider computer. 9. The computer-implemented method of claim 1 , wherein the personalization master key is associated with an issuer of a user account or a manufacturer of a secure element associated with the secure element identifier. 10. The computer-implemented method of claim 1 , wherein the partial personalization script includes a script operable to store the personalization data on the computing device. 11. A service provider computer comprising: a processor; a non-transitory computer-readable medium comprising code executable by the processor for implementing operations including: receiving a request for provisioning a computing device, the request including device information for the computing device and user authentication information for a user of the computing device, the device information including a secure element identifier and a session identifier; retrieving a personalization master key associated with the computing device based on the secure element identifier; generating a personalization session key using a key derivation function, the secure element identifier, the session identifier, and the personalization master key; generating store data commands comprising personalization data; encrypting the store data commands using the personalization session key; generating a partial personalization script using the encrypted store data commands; generating an activation script; encrypting the activation script using the personalization session key; generating a deletion script used for deletion of personalization data residing on the computing device; encrypting the deletion script using the personalization session key; and sending the partial personalization script and the activation script and the deletion script to the computing device, wherein the computing device decrypts the store data commands, the activation script, and the deletion script using an encryption key that matches the personalization session key. 12. The service provider computer of claim 11 , wherein the session identifier is a nonce value. 13. The service provider computer of claim 11 , wherein the personalization master key is a symmetric encryption key. 14. The service provider computer of claim 11 , wherein the operations further comprises: determining that the personalization session key is expired; establishing a new session associated with a new personalization session key; generating a new activation script using the new personalization session key; and sending the new activation script. 15. The service provider computer of claim 11 , wherein the device information includes a device cryptogram. 16. The service provider computer of claim 15 , wherein the operations further comprises authenticating the user by validating the device cryptogram using the personalization session key. 17. The service provider computer of claim 11 , wherein the user authentication information includes an account identifier, and wherein the personalization data includes a token that represents the account identifier.
Assignees
Inventors
Classifications
Generating enhanced content · CPC title
Use of certificates or encrypted proofs of transaction rights · CPC title
using secure elements embedded in M-devices · CPC title
Card activation or deactivation · CPC title
involving key management · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11010755B2 cover?
- Embodiments of the invention relate to systems and methods for efficiently provisioning mobile devices with personalization data. For some embodiments, a method is disclosed comprising receiving a request for provisioning comprising device information for a mobile device and user authentication information for a user, generating a partial personalization script, an activation script, and a dele…
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification G06Q20/363. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 18 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).