Secured account provisioning and payments for nfc-enabled devices
US-2019147440-A1 · May 16, 2019 · US
Techniques for secure data exchanges
US12388625B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12388625-B2 |
| Application number | US-202017631357-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 31, 2020 |
| Priority date | Jul 31, 2019 |
| Publication date | Aug 12, 2025 |
| Grant date | Aug 12, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods are disclosed for performing a secure exchange of encryption keys (e.g., public keys) between two devices. One or more initialization keys are stored at both devices. In some embodiments, at least one device (e.g., a reader device) stores the initialization key(s) (e.g., a symmetric key, an asymmetric key pair) in local memory as part of performance of a manufacturing process for the device. The second device (e.g., a thin client device) may receive the initialization key(s) from an acceptance cloud (e.g., a server computer configured to perform terminal processing). The initialization key(s) are utilized to perform a secure exchange of the devices' respective public keys. Once these public keys are exchanged, the devices may proceed to establishing a secure connection with which subsequent operations may be performed.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: identifying, by a protocol management computer, presence of a reader device utilizing a near field communications channel; obtaining, by the protocol management computer from a remote server computer, a first initialization key associated with the reader device, wherein a second initialization key corresponding to the first initialization key was previously stored at the reader device during a manufacturing process of the reader device, the first initialization key and the second initialization key being separate instances of a symmetric key; transmitting, by the protocol management computer to the reader device, a first encrypted message and a first initialization vector, the first encrypted message being encrypted using the symmetric key and the first initialization vector; receiving, by the protocol management computer via the near field communications channel from the reader device, a second encrypted message comprising a first public key associated with the reader device, the second encrypted message being encrypted using a second initialization vector that is generated by the reader device using the first initialization vector; and transmitting, by the protocol management computer via the near field communications channel to the reader device, a third encrypted message comprising a second public key associated with the protocol management computer, wherein the third encrypted message is encrypted utilizing a third initialization vector that is generated by the protocol management computer using the second initialization vector that was previously generated using the first initialization vector. 2. The method of claim 1 , further comprising obtaining, by the protocol management computer, an identifier associated with the reader device, wherein a request for the first initialization key comprises the identifier, and wherein the identifier is utilized to retrieve the first initialization key. 3. The method of claim 1 , wherein the remote server computer is configured to perform terminal processing operations. 4. The method of claim 1 , further comprising: decrypting, by the protocol management computer, the second encrypted message utilizing the second initialization vector; and verifying, by the protocol management computer, the second encrypted message as decrypted. 5. The method of claim 4 , further comprising generating a unique identifier for the reader device and a nonce, wherein the symmetric key, the unique identifier, and the nonce is included in the first encrypted message. 6. The method of claim 5 , wherein the second encrypted message, as decrypted, further comprises the symmetric key, one or more unique identifiers for the reader device, and the nonce. 7. The method of claim 6 , wherein verifying the second encrypted message as decrypted comprises comparing the nonce received in the second encrypted message to the nonce as transmitted in the first encrypted message. 8. The method of claim 4 , further comprising generating the second public key and a second private key associated with the protocol management computer in response to verifying the second encrypted message. 9. A protocol management computer, comprising: a hardware processor; and a non-transitory computer readable medium coupled to the hardware processor, the non-transitory computer readable medium comprising code that, when executable by the hardware processor, causes the protocol management computer to perform operations including: identifying presence of a reader device utilizing a near field communications channel; obtaining, from a remote server computer, a first initialization key associated with the reader device, wherein a second initialization key corresponding to the first initialization key was previously stored at the reader device during a manufacturing process of the reader device, the first initialization key and the second initialization key being separate instances of a symmetric key; transmitting, to the reader device, a first encrypted message and a first initialization vector, the first encrypted message being encrypted using the symmetric key and the first initialization vector; receiving, via the near field communications channel from the reader device, a second encrypted message comprising a first public key associated with the reader device, the second encrypted message being encrypted using a second initialization vector that is generated by the reader device using the first initialization vector; and transmitting, via the near field communications channel to the reader device, a third encrypted message comprising a second public key associated with the protocol management computer, wherein the third encrypted message is encrypted utilizing a third initialization vector that is generated by the protocol management computer using the second initialization vector that was previously generated using the first initialization vector. 10. The protocol management computer of claim 9 , wherein the operations further include negotiating, with the reader device, utilizing the first public key and the second public key, one or more session keys. 11. The protocol management computer of claim 10 , wherein the one or more session keys are utilized to establish a secure connection between the protocol management computer and the reader device. 12. The protocol management computer of claim 11 , wherein the secure connection conforms to a Bluetooth communications protocol. 13. The protocol management computer of claim 9 , wherein the secure connection conforms to a Bluetooth communications protocol. 14. A reader device, comprising: a hardware processor; and a non-transitory computer readable medium coupled to the hardware processor, the non-transitory computer readable medium comprising code that, when executable by the hardware processor, causes the reader device to perform operations including: storing, during a manufacturing process of the reader device, a first initialization key, wherein a second initialization key corresponding to the first initialization key was previously stored at a protocol management computer, the first initialization key and the second initialization key being separate instances of a symmetric key; receiving, from the protocol management computer via a near field communications channel, a communication comprising a first encrypted message and a first initialization vector, the first encrypted message being encrypted using the symmetric key and the first initialization vector; in response to receiving the communication, transmitting, via the near field communications channel, a second encrypted message comprising a first public key associated with the reader device, the second encrypted message being encrypted utilizing a second initialization vector that is generated by the reader device using the first initialization vector; and receiving, from the protocol management computer, via the near field communications channel, a third encrypted message comprising a second public key associated with the protocol management computer, wherein the third encrypted message is encrypted utilizing a third initialization vector that is generated by the protocol management computer using the second initialization vector that was previously generated using the first initialization vector. 15. The reader device of claim 14 , wherein the operations further include: decrypting the first encrypted message utilizing the first initialization vector; and decrypting the third encrypted message based at least in part on deriving the third initialization vector based at
Assignees
Inventors
Classifications
Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor · CPC title
involving Diffie-Hellman or related key agreement protocols · CPC title
using a plurality of keys or algorithms · CPC title
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12388625B2 cover?
- Systems and methods are disclosed for performing a secure exchange of encryption keys (e.g., public keys) between two devices. One or more initialization keys are stored at both devices. In some embodiments, at least one device (e.g., a reader device) stores the initialization key(s) (e.g., a symmetric key, an asymmetric key pair) in local memory as part of performance of a manufacturing proces…
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0825. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 12 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).