Secure remote payment transaction processing including consumer authentication
US-10817875-B2 · Oct 27, 2020 · US
Secure remote payment transaction processing using a secure element
US11188901B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11188901-B2 |
| Application number | US-201715471800-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 28, 2017 |
| Priority date | Aug 15, 2013 |
| Publication date | Nov 30, 2021 |
| Grant date | Nov 30, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device. The method comprises receiving, by a mobile payment application on a secure memory of the mobile device, transaction data from a transaction processor application on the mobile device. The method further comprises validating that the transaction processor application is authentic and in response to validating the transaction processor application, providing encrypted payment credentials to the transaction processor application. The transaction processor application further initiates a payment transaction with a transaction processor server computer using the encrypted payment credentials.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: generating, by a merchant computer, a merchant public-private key pair; transmitting, by the merchant computer, the merchant public key of the merchant public-private key pair to a certificate authority computer; receiving, by the merchant computer, a signed merchant certificate from the certificate authority computer; transmitting, by the merchant computer, the signed merchant certificate to a merchant application on a mobile device; receiving, by the merchant computer, an indication that a remote transaction has been initiated and a request for transaction data from the merchant application on the mobile device; generating, by the merchant computer, signed transaction data for the remote transaction using the private key of the public-private key pair; transmitting, by the merchant computer, the signed transaction data to the merchant application on the mobile device; transmitting, by the merchant application to a remote application on the mobile device, the signed transaction data and the signed merchant certificate, which provides the signed transaction data and the signed merchant certificate to a mobile payment application on the mobile device; responsive to transmitting the signed transaction data and the signed merchant certificate, receiving, by the merchant computer, encrypted payment credentials from the mobile payment application via the merchant application on the mobile device; decrypting, by the merchant computer, the encrypted payment credentials using the private key of the public-private key pair; generating, by the merchant computer, an authorization request message comprising the decrypted payment credentials; transmitting, by the merchant computer, the authorization request message to an issuer computer; and receiving, by the merchant computer, an authorization response message for the remote transaction from the issuer computer. 2. The method of claim 1 , wherein the merchant computer generates the public-private key pair using RSA. 3. The method of claim 1 , wherein the signed merchant certificate is signed by a certificate authority key. 4. The method of claim 1 , wherein the signed merchant certificate includes a certificate identifier, a certificate authority identifier, and a valid-from and valid-to dates for the signed merchant certificate. 5. A computer comprising: a processor; and a non-transitory computer readable medium, the non-transitory computer readable medium comprising code, when executable by the processor, causes the processor to perform the steps of: generating a merchant public-private key pair; transmitting the merchant public key of the merchant public-private key pair to a certificate authority computer; receiving a signed merchant certificate from the certificate authority computer; transmitting the signed merchant certificate to a merchant application on a mobile device; receiving an indication that a remote transaction has been initiated and a request for transaction data from the merchant application on the mobile device; generating signed transaction data for the remote transaction using the private key of the public-private key pair; transmitting the signed transaction data to the merchant application on the mobile device; receiving encrypted payment credentials from a mobile payment application on the mobile device via the merchant application on the mobile device; decrypting the encrypted payment credentials using the private key of the public-private key pair; generating an authorization request message comprising the decrypted payment credentials; transmitting the authorization request message to an issuer computer; and receiving an authorization response message for the remote transaction from the issuer computer. 6. The computer of claim 5 , wherein the computer generates the public-private key pair using RSA. 7. The computer of claim 5 , wherein the signed merchant certificate is signed by a certificate authority key. 8. The computer of claim 5 , wherein the signed merchant certificate includes a certificate identifier, a certificate authority identifier, and a valid-from and valid-to dates for the signed merchant certificate. 9. The method of claim 1 , wherein the mobile device is a mobile phone. 10. The method of claim 1 , wherein the mobile payment application is on a secure element in the mobile device. 11. The method of claim 1 , wherein the remote application communicates with the certificate authority computer to verify a status of the signed merchant certificate, before providing the signed transaction data and the signed merchant certificate to the mobile payment application on the mobile device. 12. The method of claim 11 , wherein the mobile payment application is on a secure memory in the mobile device. 13. The method of claim 12 , wherein the signed merchant certificate includes the merchant public key, and wherein the mobile payment application verifies the signed merchant certificate using the merchant public key before providing the encrypted payment credentials to the merchant computer via the merchant application.
Assignees
Inventors
Classifications
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
Use of electronic signatures · CPC title
involving electronic purses or money safes · CPC title
Transaction verification · CPC title
- G06Q20/38215Primary
Use of certificates or encrypted proofs of transaction rights · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11188901B2 cover?
- Embodiments of the present invention are directed to methods, apparatuses, computer readable media and systems for securely processing remote transactions. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a mobile device. The method comprises receiving, by a mobile payment application on a secure memory of the mobile device, transaction dat…
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification G06Q20/38215. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 30 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).