Transaction messaging

Description

BACKGROUND OF THE INVENTION

Field of the Invention

The present invention relates to systems and methods for transmitting and processing transaction messages, and in particular to systems and methods useable for sending transaction messages where an identifier is encrypted.

Description of the Related Technology

Smart devices, such as smart cards, access cards, financial instruments such as payment cards, fobs and most recently mobile telephones and other portable electronic devices are increasingly being used to effect transactions. A transaction may involve a number of functions. In a simple form, a user in possession of a suitable smart device may be granted access through a security door. Alternatively, or in addition, such a user may be able to make payments for goods and services, or to use the smart device in ticketing for access to public transport or an event.

A suitable smart device has a processor and a memory. These may be combined in a secure element, which is a piece of tamper resistant hardware which can only be communicated with in a limited fashion.

In use, the smart device is presented to a terminal of a transaction processing system, for example a door lock, a point of sale device or a ticket barrier. The smart device communicates with the terminal. This communication may be contactless for example using near field communications (NFC), or through contact between the device and the terminal. The smart device may communicate solely with the terminal; however more often data provided by the smart device is transmitted through the transaction processing system to a suitable recipient. This recipient authenticates the smart device and may respond, for example by commanding the terminal to open a door or barrier, or by providing data to the smart device.

To enable a smart device to be used in this manner, the smart device is provided with a device identifier. This may be a number, or alphanumeric string which is capable of uniquely identifying the device and thereby enabling the transaction processing system to determine whether to grant access, or to effect payment, or similar. An example of a suitable device identifier used in payments is a primary account number or PAN, which is used on credit and debit cards to effect payments.

Methods have been proposed to modify or obscure a device identifier during a transaction to increase security. While such proposed systems make it harder for a malicious third party to clone or pretend to be the smart device, such systems still do not obviate a risk that a third party may track a user's movements and activity using data transferred from the device.

SUMMARY

In accordance with at least one embodiment, methods, devices, systems and software are provided for supporting or implementing functionality to transmit and/or process transaction messages.

This is achieved by a combination of features recited in each independent claim. Accordingly, dependent claims prescribe further detailed implementations of various embodiments.

According to a first aspect of the invention there is provided a method for transmitting a transaction message, the method comprising: encrypting, at a transaction device, a transaction device identifier; generating, at the transaction device, a temporary transaction device identifier; causing a transaction message to be sent to a transaction processing system, the transaction message comprising, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data, wherein the temporary transaction device identifier is provided in the first data field and the encrypted transaction device identifier is provided in the second data field.

The temporary transaction device identifier may be generated at least partly using further data, which further data is other than the transaction device identifier. Furthermore, the transaction message may comprise a third data field, and data at least partly identifying a cryptographic key associated with the encryption of the transaction device identifier may be provided in the third data field. The cryptographic key may be generated at least partly using further data, which further data is other than the transaction device identifier. The cryptographic key may further be generated using, in addition, a value uniquely associated with the transaction device identifier.

The method may comprise receiving the further data from the transaction processing system. For a given transaction, at least part of the further data may be specific to the transaction.

In embodiments, the transaction device identifier may comprise data indicative of a primary account number of a financial instrument.

According to a second aspect of the invention there is provided a method of processing a transaction message, the method comprising: receiving a transaction message from a first part of a transaction processing system, the transaction message comprising, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data, the first data field comprising a first transaction device identifier; decrypting data within the supplementary data field to identify a second transaction device identifier; processing the transaction message based on the second transaction device identifier.

The processing may comprise sending a modified transaction message with the first transaction device identifier replaced by the second transaction device identifier to a second part of a transaction processing system. The method may further comprise storing an association between the first transaction device identifier and the second transaction device identifier.

The method may comprise: receiving a response message from the second part of the transaction processing system, the response message comprising a data field configured to hold a transaction device identifier, the data field comprising the second transaction device identifier; modifying the response message to replace the second transaction device identifier with the first transaction device identifier; and sending the modified response message to the first part of the transaction processing system.

The transaction message may comprise a third data field, and data at least partly identifying a cryptographic key associated with the encryption of the data within the second data field may be provided in the third data field. In addition, the transaction message may comprise one or more further data fields configured to hold further transaction data, and the method may comprise verifying the further transaction data using the data in the third data field.

The transaction message may comprise one or more further data fields configured to hold further transaction data, and the method may comprise generating a cryptographic key used to decrypt data within the second data field from the further transaction data. The method may comprise using, in addition, a value uniquely associated with the second transaction device identifier, to verify the further transaction data.

In embodiments, the transaction device identifier may comprise data indicative of a primary account number of a financial instrument.

According to a third aspect of the invention there is provided a method for transmitting a transaction message, the method comprising: generating, at a transaction device, at least one cryptographic data element using at least a transaction device identifier and further data other than the transaction device identifier as inputs to an cryptographic function; causing a transaction message to be sent to a transaction processing system, the transaction message comprising, at least, the further data and the at least one cryptographic data element.

The at least one cryptographic data element may comprise an encrypted version of the transaction device identifier. Furthermore, the method may comprise: generating a cryptographic key using at least the further data; and generating the encrypted version of the transaction device identifier using the cryptographic key. The method may further comprise using, in addition, a value uniquely associated with the transaction device identifier to generate the cryptographic key. The at least one cryptographic data element may further comprise data at least partly identifying the cryptographic key.

In embodiments, the transaction device identifier may comprise data indicative of a primary account number of a financial instrument.

According to a fourth aspect of the invention there is provided a method of processing a transaction message, the method comprising: receiving, from a first part of a transaction processing system, a transaction message, the transaction message comprising a first transaction device identifier and at least two cryptographic data elements; and using a first of the cryptographic data elements to determine a cryptographic key; decrypting a second of the cryptographic data elements whereby to determine a second transaction device identifier; and processing the transaction message based on the second transaction device identifier.

The processing may comprise sending a modified transaction message with the first transaction device identifier replaced by the second transaction device identifier to a second part of a transaction processing system. The method may also comprise storing an association between the first transaction device identifier and the second transaction device identifier.

The transaction message may comprise one or more further data fields configured to hold further data, and the method may comprise verifying the further data using the first of the cryptographic data elements. The method may further comprise using, in addition, a value uniquely associated with the second transaction device identifier, to verify the further data.

In embodiments, the transaction device identifier may comprise data indicative of a primary account number of a financial instrument.

According to a fifth aspect of the invention there is provided a method of processing a transaction message, the method comprising: receiving, from a first part of a transaction processing system, a transaction message, the transaction message comprising a first transaction device identifier, a cryptographic data element and further data; generating a cryptographic key using at least the further data; decrypting the cryptographic data element using the cryptographic key whereby to determine a second transaction device identifier; and processing the transaction message based on the second transaction device identifier.

According to a sixth aspect of the invention there is provided apparatus for use in transmitting a transaction message from a transaction device, the apparatus configured to: encrypt a transaction device identifier; generate a temporary transaction device identifier; cause a transaction message to be sent to a transaction processing system, the transaction message comprising, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data, wherein the temporary transaction device identifier is provided in the first data field and the encrypted transaction device identifier is provided in the second data field.

According to a seventh aspect of the invention there is provided apparatus for processing a transaction message, the apparatus configured to: receive a transaction message from a first part of a transaction processing system, the transaction message comprising, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data, the first data field comprising a first transaction device identifier; decrypt data within the supplementary data field to identify a second transaction device identifier; process the transaction message based on the second transaction device identifier.

According to a eighth aspect of the invention there is provided apparatus for use in transmitting a transaction message from a transaction device, the apparatus configured to: generate at least one cryptographic data element using at least a transaction device identifier and further data as inputs to an cryptographic function; cause a transaction message to be sent to a transaction processing system, the transaction message comprising, at least, the further data and the at least one cryptographic data element.

According to a ninth aspect of the invention there is provided apparatus for processing a transaction message, the apparatus configured to: receive, from a first part of a transaction processing system, a transaction message, the transaction message comprising a first transaction device identifier and at least two cryptographic data elements; and use a first of the cryptographic data elements as a cryptographic key to decrypt a second of the cryptographic data elements whereby to determine a second transaction device identifier; and process the transaction message based on the second transaction device identifier.

According to a tenth aspect of the invention there is provided apparatus for processing a transaction message, the apparatus configured to: receive, from a first part of a transaction processing system, a transaction message, the transaction message comprising a first transaction device identifier, a cryptographic data element and further data; generate a cryptographic key using at least the further data; decrypt the cryptographic data element using the cryptographic key whereby to determine a second transaction device identifier; and process the transaction message based on the second transaction device identifier.

According to a eleventh aspect of the invention there is provided a computer program for use in transmitting a transaction message from a transaction device, the computer program configured to: encrypt a transaction device identifier; generate a temporary transaction device identifier; cause a transaction message to be sent to a transaction processing system, the transaction message comprising, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data, wherein the temporary transaction device identifier is provided in the first data field and the encrypted transaction device identifier is provided in the second data field.

According to a twelfth aspect of the invention there is provided a computer program for processing a transaction message, the computer program configured to: receive a transaction message from a first part of a transaction processing system, the transaction message comprising, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data, the first data field comprising a first transaction device identifier; decrypt data within the supplementary data field to identify a second transaction device identifier; process the transaction message based on the second transaction device identifier.

According to a thirteenth aspect of the invention there is provided a computer program for use in transmitting a transaction message from a transaction device, the computer program configured to: generate at least one cryptographic data element using at least a transaction device identifier and further data as inputs to an cryptographic function; cause a transaction message to be sent to a transaction processing system, the transaction message comprising, at least, the further data and the at least one cryptographic data element.

According to a fourteenth aspect of the invention there is provided a computer program for processing a transaction message, the computer program configured to: receive, from a first part of a transaction processing system, a transaction message, the transaction message comprising a first transaction device identifier and at least two cryptographic data elements; and use a first of the cryptographic data elements as a cryptographic key to decrypt a second of the cryptographic data elements whereby to determine a second transaction device identifier; and process the transaction message based on the second transaction device identifier.

According to a fifteenth aspect of the invention there is provided a computer program for processing a transaction message, the computer program configured to: receive, from a first part of a transaction processing system, a transaction message, the transaction message comprising a first transaction device identifier, a cryptographic data element and further data; generate a cryptographic key using at least the further data; decrypt the cryptographic data element using the cryptographic key whereby to determine a second transaction device identifier; and process the transaction message based on the second transaction device identifier.

According to a sixteenth aspect of the invention, there is provided a method for transmitting a transaction message from a transaction device having a transaction device identifier, the method comprising: encrypting, at a transaction device, a transaction device identifier; generating, at the transaction device, a transaction message for a transaction system, the transaction message comprising, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data; and

sending the transaction message to a transaction processing system, wherein the generation of the transaction message comprises providing data in the first data field of the transaction message that does not identify the transaction device and providing the encrypted transaction device identifier in the second data field of the transaction message.

According to a seventeenth aspect of the invention, there is provided a method of processing a transaction message, the method comprising: receiving a transaction message from a first part of a transaction processing system, the transaction message comprising, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data; decrypting data within the supplementary data field to generate decrypted data; processing the transaction message using said decrypted data to form the transaction device identifier instead of the data in the first data field.

According to an eighteenth aspect of the invention, there is provided apparatus for use in transmitting a transaction message from a transaction device, the apparatus configured to:

encrypt a transaction device identifier; generate a transaction message comprising, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data; and send the transaction message to the transaction processing system, wherein the apparatus is arranged to generate the transaction message such that data that does not identify the transaction device is provided in the first data field and the encrypted transaction device identifier is provided in the second data field.

According to a nineteenth aspect of the invention, there is provided apparatus for processing a transaction message, the apparatus configured to: receive a transaction message from a first part of a transaction processing system, the transaction message comprising, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data; decrypt data within the supplementary data field to generate decrypted data; and process the transaction message using said decrypted data to form the transaction device identifier instead of the data in the first data field.

Further features and advantages will become apparent from the following description of preferred embodiments, given by way of example only, which is made with reference to the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

Systems, apparatuses and methods will now be described as embodiments, by way of example only, with reference to the accompanying figures in which:

FIG. 1 shows a schematic diagram of a transaction system in which embodiments of the invention may be practised;

FIG. 2 illustrates a communication flow according to an embodiment;

FIG. 3 illustrates a method according to an embodiment;

FIG. 4 illustrates a further method according to an embodiment; and

FIG. 5 shows a schematic diagram of a device which may be used in embodiments of the invention.

Some parts, components and/or steps of the embodiments appear in more than one Figure; for the sake of clarity the same reference numeral will be used to refer to the same part, component or step in all of the Figures.

DETAILED DESCRIPTION OF CERTAIN INVENTIVE EMBODIMENTS

FIG. 1 shows a transaction system 10. A transaction device 12, is provided. Examples of suitable transaction devices include smart cards, access cards, fobs, financial instruments such as payment cards, mobile telephones and other portable electronic devices such as tablets and smart watches. The transaction device 12 has a data connection to a transaction terminal 14. Examples of suitable transaction terminals include payment terminals, access points to transit systems, and doors.

The data connection between the transaction device 12 and the transaction terminal 14 may be contactless. Examples of contactless connection technologies which may be used include near field communications (NFC) and optical systems—the latter being, for example, provided by a system which uses a camera in a mobile telephone to identify and read data presented on e.g. a screen of the terminal. The data connection may alternatively be a contact connection using a suitable arrangement of electrically conductive pads and pins to enable communication.

The transaction terminal 14 is connected to a first transaction processing server 16, which is in turn connected to a second transaction processing server 18. Together the terminal 14 and servers 16 and 18 may be considered to constitute a transaction processing system 20. While not shown, one or more additional transaction processing servers may be provided between the transaction terminal 14 and first transaction processing server 16. Likewise, one or more additional transaction processing servers may be provided between the first transaction processing server 16 and the second transaction processing server 18. Collectively, the transaction terminal 14 and any additional transaction processing servers between the transaction terminal 14 and first transaction processing server 16 may be considered as a first part of the transaction processing system 20. Equally, the second transaction processing server 18 and any additional transaction processing servers between the first transaction processing server 16 and the second transaction processing server 18 may be considered as a second part of the transaction processing system 20.

While only a single instance of each of the device 12, terminal 14 and servers 16 and 18 are shown, it will be appreciated that the transaction system 10 may be substantially more complex, with multiple devices 12 (representing devices provided to multiple users), multiple terminals 14 (representing, for example, multiple payment terminals or access terminals) and even multiple servers 16 and 18.

The operation of the transaction system 10 shown in FIG. 1 during a transaction will now be described with reference to FIG. 2. In general, in this transaction a transaction device 12 is presented to a transaction terminal 14, and the transaction processing system 20 operates to authorize or deny the transaction. Depending on whether the transaction is authorized or denied, the transaction terminal, or a device connected thereto, may perform some action (such as opening a door), alternatively or additionally, a message may be sent back to the transaction device. A more detailed description follows.

In a first step 22, a transaction is instigated and the transaction device 12 connects to the transaction terminal 14. The instigation of the transaction may, for example, include a user selecting goods or services to purchase, or selecting a destination for a ticketing transaction. This may require user input, or alternatively may be predetermined based on the identity of the transaction terminal—for example an identity of a transaction terminal on a transit system may be used to define the service required without any specific user input.

The connection between the transaction device 12 and the transaction terminal 14 may be established by the transaction device 12 being presented to the terminal and a contactless, e.g. near field communication (NFC), connection being established. Alternatively, a transaction device 12 may be physically inserted into or connected to the transaction terminal 14 to enable an electrical connection to be established. Such methods are known in the art and need not be described in detail here.

Having, in step 22, instigated the transaction and established the connection transaction data associated with the transaction may be sent, in step 24, from the transaction terminal 14 to the transaction device 12. This transaction data may include, for example, a price to be paid in the transaction or an identity of an entry or egress point for a ticketing transaction on a transit system. In general, the nature of the transaction as described above will define the transaction data.

In step 26, the transaction device prepares a transaction message, and in step 28 the transaction message is sent to from the transaction device to the transaction terminal 14. A more detailed description of the content of this message, and the methods by which it is created in steps 24 to 28 will be provided below with reference to FIG. 3.

In step 30 transaction terminal then forwards the message on to the first transaction processing server 16. As will be appreciated from the description above, this may involve sending the message via one or more further transaction processing servers.

In step 32, the first transaction processing server 16 processes the transaction message. In some embodiment the first transaction processing server 16 may be capable of authorizing or denying the transaction. In such cases, the signaling flow may pass straight to step 40 described below.

In the alternative, the second transaction processing server 18 may be the entity capable of authorizing or denying the transaction. In such cases, the first transaction processing server 16 may modify the message. The modified message may then be sent to the second transaction processing server 18 in step 34.

The second transaction processing server 18 then authorizes or denies the transaction and, in step 38, sends a response message to the first transaction processing server 16. This response message may again be processed by the first transaction processing server 16, before the modified response message is sent, in step 40, to the transaction terminal 14. A more detailed description of the processing of the message by the first transaction processing server 16 in steps 30 to 40 will be provided below with reference to FIG. 4.

Upon receipt of the response message in step 40, the transaction terminal 14 may perform any number of actions. For example, the transaction terminal 14 may send a response message to the transaction device 42. This response message may contain data indicative of the transaction being authorized, and may, if required, include a ticket or other data structure which may be stored by the transaction device 12 for later use. Alternatively, or additionally, the transaction device may take an appropriate action, shown by step 44. This action may be, for example, to open a door or ticketing barrier, or may be the provision of an indication that the transaction has been authorized (and therefore that the user may be provided with purchased goods or services).

The above processing flow is known in the art of transaction systems and therefore has been described in overview only.

As mentioned above, a more detailed description of the operation of the transaction device in steps 24 to 28 will now be provided with reference to FIG. 3. Here the transaction device will be assumed to be provided with a transaction device identifier. This is a value or code which enables the transaction processing system to identify the transaction device 12 and distinguish it from other similar transaction devices. An example of a suitable transaction device identifier is a primary account number (PAN) of a financial instrument. In addition to the transaction device identifier, authentication data may be stored by the transaction device 12. This authentication data may be used to enable messages sent from the transaction device 12 to be authenticated by the transaction processing system, thereby enabling the transaction processing system to authorize or deny any given transaction. The authentication data may include supplementary credentials and cryptographic keys which have been earlier provided to the transaction device 12.

In step 24, as mentioned above, the transaction device 12 may receive transaction data from the transaction processing system. This transaction data may include data associated with the identity of the transaction terminal 14, for example an identity of a merchant or transit services provider which provides or uses that terminal, an identity of the terminal itself, a location for the terminal, a channel or domain associated with the communication with the terminal (this may indicate whether wireless or electrical contact is used), and payment details to enable the merchant to receive payment. In addition, the transaction data may include data which is specific to the transaction itself, for example data indicative of a time for the transaction, an amount for a payment, an amount for a reduction in a pre-paid ticket, and/or an identification of any goods or services associated with the transaction. The transaction data comprises at least some data which is other than the transaction device identifier.

In step 26A, the transaction device 12 generates a cryptographic key using the received transaction data. Typically, the cryptographic key will be generated using the transaction data as an input to one or more cryptographic functions. The transaction data may not be the only input to the function, and the following additional inputs may be used:

- a value uniquely associated with the transaction device identifier, for example a hashing key or seed value stored on the transaction device 12;
- the transaction device identifier (it will be apparent that the transaction data referred to above represents data other than the transaction device identifier);
- a value indicative of the number of the transactions which have been previously performed or completed by the transaction device 12; and
- data indicative of a channel or domain used for the transaction.

One example of how a cryptographic key may be generated will now be described. This example will use Elliptic Curve Cryptography (ECC) and a method called ECC El Gamal for key agreement. It will be assumed that a cyclic group G has been defined based on a generator value g. A public key P_sfor a transaction processing server, e.g. server 16 has been generated based on the group G and a private key d_sfor that server. For example:

P_s=d_s·G=g^d^s

This public key has been made available to the transaction device. In addition, a further key K, the hashing key, has been defined and is known to both the transaction device 12 and to the first transaction processing server 16. The hashing key K may be a value uniquely associated with the transaction device.

In a first step, the transaction device 12 calculates a hash value. This may be done using a keyed-hash message authentication code (HMAC). The inputs to the hash function include the hashing key K and, in this example, a concatenation of the device identifier (I_D) and the transaction data. The output of the hashing function is denoted by h, and can be written as:

h=HMAC(K,I_D∥transaction data)

Using h and the cyclic group G the transaction device 12 may generate an ephemeral public key P_Dfor the device for use in the transaction. This public key P_Drepresents the cryptographic key described above. For example:

P_D=h·G=g^h

In addition, using h and the public key P_sof the first transaction processing server 16, the transaction device 12 may generate a shared secret S. For example:

S=h·P_s=P_s^h=g^d^s^h

Having generated the ephemeral cryptographic key P_D, and from that computed the shared secret S, in step 26B the transaction device 12 encrypts the device identifier I_Dusing the shared secret S to generate an encrypted transaction device identifier C. For example:

C=enc(S,I_D)

The cryptographic key P_D, and the encrypted transaction device identifier C may each be considered cryptographic data elements which may be sent to the transaction terminal 14 in a transaction message.

In addition to generating the encrypted transaction device identifier C, in step 26C the transaction device 12 may generate a temporary transaction device identifier. The temporary transaction device identifier may be generated entirely randomly, or pseudo randomly. Alternatively it may be based on the encrypted transaction device identifier C; or generated using further data, at least some of which is data other than the transaction device identifier, for example the transaction data described above, or the public key P_Dgenerated for the device.

The temporary transaction device identifier may be generated using a further function, with one of the values described above as an input. For instance, it is typically the case that the device identifier has a certain format—for example being of a certain length. In such cases, the input value may be modified to provide a temporary transaction device identifier. The temporary transaction device identifier may not be wholly generated, and may be based in part on predetermined data, such as a portion of the real transaction device identifier.

As an example, where the transaction device identifier is a 16 digit PAN, the first 6 digits represent a Bank Identification Number (BIN) or Issuer identification number (IIN), and the last digit represents a check digit. The BIN/IIN from the original transaction device identifier may be kept, and augmented with nine digits of the temporary transaction device identifier and a suitable check digit.

In step 26D, the transaction device 12 creates a transaction message to be sent to a transaction processing system using the values generated above. It will often be the case that the transaction message must conform to a certain standard. For example, the transaction message may be formatted in accordance with an EMV standard for payment processing, which specifies mandatory data elements for the transaction message including a data element configured to convey the PAN as a transaction device identifier. Accordingly this standard may specify that the message should comprise, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data. Accordingly, the temporary transaction device identifier, that does not in fact identify the transaction device 12, may be provided in the first data field and the encrypted transaction device identifier may be provided in the second data field. In addition the transaction message may comprise a third data field, and the cryptographic key P_Dassociated with the encryption of the transaction device identifier may be provided in the third data field. It will be understood that the cryptographic key P_Dwas not itself used in the encryption of the transaction device identifier. Instead, by virtue of being the public key associated with the shared secret used in the encryption, P_Drepresents data identifying the cryptographic key associated with the encryption of the transaction device identifier. Finally, some or all of the transaction data may be provided in other fields of the message.

Having generated a suitable transaction message, the transaction device 12, in step 28, sends the transaction message to the transaction processing system, i.e. the transaction terminal 14.

A more detailed description of the operation of the first transaction processing server 16 in steps 30 to 40 will now be provided with reference to FIG. 4.

In step 30, the first transaction processing server 16 receives the transaction message. In line with the description above, the message created by the transaction device 12 comprises a temporary transaction device identifier, an encrypted transaction device identifier C and the ephemeral cryptographic key P_D. The encrypted transaction device identifier C and the ephemeral cryptographic key P_Dmay be considered as cryptographic data elements. In addition, the message may contain at least some of the transaction data.

In step 32A, the first transaction processing server 16 may generate the shared secret S using the cryptographic key P_D. For example:

S=d_s·P_D=P_D^d^s=g^h^d^s

The shared secret S may then be used to decrypt the encrypted transaction device identifier C to generate the original transaction device identifier I_D.

In addition, the first transaction processing server 16 may validate any transaction data provided in the transaction message. This may be done by using the original transaction device identifier I_Dto look up the hashing key K for the transaction device 12 and then recreating the hash value h′ and the ephemeral public key P′_Das described above. For example:

h′=HMAC(K,I_D∥transaction data)
P′_D=h′·G=g^h′

A comparison of the public key P_Dsent in the transaction message and the newly generated public key P′_Dwill demonstrate whether the transaction data received in the message corresponds to the transaction data used to generate the public key P_D.

The first transaction processing server 16 may then process the transaction message based on the original transaction device identifier (i.e. at least part of the decrypted data derived from the encrypted data provided in the second data field). In other words, the transaction message may be processed as if the temporary transaction device identifier were replaced by the original transaction device identifier I_D. As mentioned above, the first transaction processing server 16 itself may be able to authorize or deny the transaction at this point. If this is the case, then in step 32E, the first transaction processing server 16 determines, using the original transaction device identifier I_Dwhether to authorize or deny the transaction and generates a suitable response message. In step 40 the first transaction processing server 16 then sends the response message back to the transaction terminal 14.

However, in the alternative the first transaction processing server 16 may, in step 32C, modify the transaction message, replacing the temporary transaction device identifier with the original transaction device identifier I_D. The first transaction processing server 16 may additionally, in step 32D, store an association between the temporary transaction device identifier and the original transaction device identifier I_D.

Subsequently, in step 34 the first transaction processing server 16 may send the modified transaction message with the temporary transaction device identifier replaced by the original transaction device identifier the second transaction processing server 18. The second transaction processing server 18 may then process the modified transaction message as a normal message which had been originally provided with an unencrypted transaction device identifier.

In step 36 the first transaction processing server 16 may receive a response message from the second transaction processing server 18. This response message may comprise a data field configured to hold a transaction device identifier, which consequently comprises the original transaction device identifier I_D.

In step 38, the first transaction processing server 16 may modify the response message to replace the original second transaction device identifier I_Dwith the first transaction device identifier, using the association stored in step 32D. The modified response message may then, in step 40, be sent to the transaction terminal 14.

The above described methods present the following advantages. Firstly, the field designed to contain the transaction device identifier in a typical transaction system is limited in size and needs to adhere to strict formatting rules. This puts restrictions on the degree of freedom for any temporary transaction device identifier. By providing a temporary transaction device identifier in a message and separately providing an encrypted transaction device identifier, the degree of freedom for encrypting the transaction device identifier is increased, and therefore security is correspondingly increased. Equally, it is easier to generate the temporary transaction device identifier as it only needs to conform to the requirements of being random, or pseudo random, and enabling the transaction message to be properly handled by the transaction system.

Furthermore, by providing the ephemeral cryptographic key with the transaction message, it is possible to ensure that no information provided in the transaction message can be used to track a user. This is because the ephemeral cryptographic key is itself non deterministic or random and therefore cannot be used to track a user.

It should be noted that a system may be used where a transaction device identifier is encrypted using solely a public key of a recipient server. The disadvantage of such system is that they are susceptible to attack, as the relatively static key (that of the server) means that multiple messages are all sent using the same key, which in turn reduces the security of the system.

A further advantage relates to the size of a cryptographic key which is required to enable effective encryption of the transaction device identifier. For example, a typical length of an ECC cryptographic key required to provide adequate encryption is 32 bytes or more. Providing this key in a message takes up a large amount of the message data, often significantly more than the transaction device identifier itself. For example, a PAN may be uniquely identified by less than 8 bytes of data, a quarter of the data size of the key which may be used to encrypt the PAN. However, in embodiments the cryptographic key also serves as data enabling the transaction data to be verified. This dual use improves the data size efficiency of any message and enables messages, encrypted according to the embodiments described above, to be transmitted using existing systems with restrictions on the size of any message.

Alternative Embodiments and Modifications

While a specific implementation of ECC cryptography has been described above, it will be appreciated that modifications may be made, or entirely different systems may be used, for the generation and use of the cryptographic key. For example, the shared secret S may be used directly to encrypt the device identifier, however in the alternative, a further key, generated using S may be used. Alternatively, an implementation may use lattice based cryptographic methods such as NTRU. For such an implementation, there would be no need to communicate a separate ephemeral key to the server since the output of the encryption mechanism is effectively random.

In the specific implementation described above, the temporary transaction device identifier is random so that no information in the transaction message can be used to track the transaction device 12, and accordingly potentially track the user of the transaction device 12. Alternatively, instead of a random temporary transaction device identifier, a fixed number stored by the transaction device 12 that is the same for many or all transaction devices utilizing the invention could be inserted in the field in the transaction message for the transaction device identifier. In this way, it is not possible to determine the identity of the transaction device from the entry within the transaction device identifier field within the transaction message. Further, such a static transaction device identifier can be used to indicate to a recipient of the transaction message that an encrypted version of the actual transaction device identifier is provided in a separate field of the transaction message.

Embodiments are intended to be compatible with existing systems. Therefore the message sent by the transaction device 12 may conform to existing protocols. In particular, it is intended that only the transaction device 12 and the first transaction processing server 16 need be modified to enable the overall system to operate as before. Consequently, the first transaction processing server 16 may operate to convert any message provided by the transaction device 12 into a format which is usable by the second transaction processing server 18 without requiring modification of the second transaction processing server 18.

In some embodiments, the temporary transaction device identifier may correspond to the encrypted transaction device identifier, and may therefore be used to retrieve the original device identifier. This obviates the need for any further field.

While the cryptographic key has been described as being transmitted with the transaction message, some embodiments may be arranged to generate the cryptographic key from the transaction data in a manner which can be replicated by the first transaction processing server 16. Accordingly, at the first transaction processing server 16, a cryptographic key may be generated using at least the transaction data provided in the transaction message. This cryptographic key may then be used to decrypt any cryptographic data element containing the original transaction device identifier.

In embodiments, the original transaction device identifier may be a pointer to a transaction device identifier useable by the second transaction processing server 18. As such the first transaction processing server 16 may possess a lookup table which enables the pointer to be used to identify a suitable transaction device identifier. Therefore, no modification is needed for the second transaction processing server 18, but the identifier passed between the transaction device 12 and the first transaction processing server 16 need not be selected according to the requirements for a suitable identifier useable by the second transaction processing server 18.

In the specific implementation described above, the transaction terminal 14 forwards the transaction message from the transaction device 12 to a first transaction processing server 16 and the first transaction processing server 16 recovers the transaction device identifier for the transaction device 12. In some implementations, the transaction terminal 14 may be required to authorize a transaction faster than can be achieved if the transaction terminal awaits a response from the first transaction processing server. An example of such an implementation is a ticket gate arrangement in which a transaction terminal within a ticket gate needs to authorize a transaction and transfer ticket information to a transaction device 12 within a short time. In such an implementation, the transaction terminal 14 may send a message to the transaction device 12 including a public key certificate for the transaction terminal 14, and the transaction device 12 may encrypt the transaction device identifier using the public key derived or extracted from the certificate for the transaction terminal 14, preferably using a cryptographic scheme as described above, and send the encrypted transaction device identifier to the transaction terminal 14. The transaction terminal 14 may then recover the transaction device identifier and, for example, compare the recovered transaction device identifier with a blacklist of transaction device identifiers stored by the transaction terminal 14, indicating transaction devices 12 for which no transaction should be made, before authorizing the transaction.

In embodiments, the transaction device itself may be a self-contained device, such as a smart card or fob. In other embodiments, the transaction device 12 be a general purpose computing device, such as a mobile phone or computer, which is contains, or is connected to apparatus which generates the transaction messages. Such an apparatus may be tamper resistant hardware; that is a secure element. In such cases, it will be appreciated that reference to the transaction device performing a given operation, such as sending a message to a terminal, is representative of the transaction device causing another device (e.g. the mobile telephone) to send such a message.

Recently, systems whereby a computing device (such as a mobile telephone) can be used without requiring a secure element, have been proposed. On such system is called “Host Card Emulation” whereby a transaction application executes within a device's application processor. An alternative, but similar system is the use of a “Trusted Execution Environment” within a suitable device. Embodiments of the invention are applicable to these and similar systems.

In some embodiments, the transaction device 12 may not receive any transaction data from the transaction terminal 14, but may generate the transaction data itself. In further embodiments the transaction data may be received by other means. For example it has been proposed to use mobile telephones in transactions, and to enable those mobile telephones to send and receive data via the mobile network alongside any transaction which may occur over a contactless (e.g. NFC) connection between the mobile telephone and a terminal. In such cases, it is envisaged that at least some of the communications described above, whether the provision of transaction data to the transaction device, or transmission of the transaction message, may not involve the transaction terminal 14, but other communications systems.

The connection between the transaction device 12 and the transaction terminal 14 may be bidirectional as described above, but may equally be unidirectional. For example, a mobile telephone may receive transaction data from a terminal via a unidirectional connection (e.g. by photographing a code optically displayed by the terminal) and may then create and send a suitable transaction message via a wireless communications network such as a cellular connection or WiFi. In such cases the transaction terminal may not itself have any communications capabilities with the transaction processing network, and may be, for example, a poster displaying an optical code such as a QR code.

In other embodiments, there may not be a transaction terminal 14 as such, and the transaction device 12 may communicate directly with a network and thereby with the first transaction processing server 16. This may be used for online transactions where the transaction device 12 is a connected computer or portable device.

In some embodiments, other information, such as credentials for enabling the message to be authenticated, may be encrypted alongside the device identifier.

The cryptographic key may be compressed. For example a full elliptical function cryptographic key has an X and a Y component. It is possible to compress the key be providing only the X component alongside one or two bits of data to indicate a sign for the Y component. Knowledge of the X component, the function used, and the sign of the Y component enables the cull cryptographic key to be recreated. In the above description it will be appreciated that where a key is described as being determined or provided, a compressed version thereof may be equivalently used.

The transaction device 12, transaction terminal 14 and transaction processing servers 16 and 18, may comprise computerized hardware as is known in the art. An exemplary computerized system 50, capable of performing the method steps described above, will now be described with reference to FIG. 5.

The computerized system 50 comprises a processing system 51, such as a CPU, or an array of CPUs. The processing system 51 is connected to a computer readable storage medium such as memory 52. This memory may be a volatile memory, for example RAM; or a non-volatile or non-transitory memory, for example a solid state drive (SSD) or hard disk drive (HDD). The system 50 may also comprise an interface 54, capable of transmitting and/or receiving data from other elements in the system.

The memory 52 stores computer readable/computer executable instructions 53. The computer readable instructions may be configured such that when they are executed by the processing system 51, the computerized system 50 is caused to perform the methods described above. To enable this, the processing system 51 may retrieve the computer instructions 53 from memory 52 and execute these instructions. In so doing, the processing system 51 may cause the interface to transmit or receive data as required. This data may itself be stored in memory 52, and retrieved as required—for example to be transmitted via the interface 54.

It is to be understood that any feature described in relation to any one embodiment may be used alone, or in combination with other features described, and may also be used in combination with one or more features of any other of the embodiments, or any combination of any other of the embodiments. Furthermore, equivalents and modifications not described above may also be employed without departing from the scope of the invention, which is defined in the accompanying claims. The features of the claims may be combined in combinations other than those specified in the claims.

Claims

1. A method of processing a transaction message, wherein the transaction message conforms to an EMV standard in which the transaction message includes a first data field configured to hold a device identifier, a second data field configured to hold supplementary data, a third data field, and a fourth data field configured to hold data associated with a transaction, the method comprising: receiving, by a transaction processing server, the transaction message from a first part of a transaction processing system, the transaction message comprising a temporary transaction device identifier in the first data field, an encrypted transaction device identifier in the second data field, an ephemeral public key PD in the third data field, and transaction data in the fourth data field;generating, by the transaction processing server, a shared secret S using a private key ds of the transaction processing server and the ephemeral public key PD in the third data field;decrypting, by the transaction processing server, the encrypted transaction device identifier in the second data field using the shared secret S to generate a transaction device identifier associated with a transaction device;retrieving, by the transaction processing server, a hashing key K associated with the transaction device using the transaction device identifier;calculating, by the transaction processing server, a hash value h′ of a concatenation of the transaction device identifier and the transaction data using the hashing key K;generating, by the transaction processing server, a server generated ephemeral public key P′D using the hash value h′;validating, by the transaction processing server, the transaction data by comparing the server generated ephemeral public key P′D with the ephemeral public key PD in the third data field; andprocessing, by the transaction processing server, the transaction message using the transaction device identifier instead of the temporary transaction device identifier in the first data field.
2. The method of claim 1, wherein the processing comprises sending a modified transaction message with the temporary transaction device identifier in the first data field replaced by the transaction device identifier to a second part of the transaction processing system.
3. The method of claim 2, further comprising storing an association between the temporary transaction device identifier in the first data field and the transaction device identifier.
4. The method of claim 3, further comprising: receiving a response message from the second part of the transaction processing system, the response message comprising a data field configured to hold a device identifier, the data field comprising the transaction device identifier;modifying the response message to replace the transaction device identifier with the temporary transaction device identifier in the first data field; andsending the modified response message to the first part of the transaction processing system.
5. The method of claim 1, wherein the transaction message comprises a fifth data field configured to hold further transaction data, and the method further comprises verifying the further transaction data using the ephemeral public key PD in the third data field.
6. The method of claim 1, wherein the transaction message comprises a fifth data field configured to hold further transaction data, and wherein the further transaction data is used in decryption of the encrypted transaction device identifier.
7. The method of claim 5, wherein a value uniquely associated with the transaction device identifier is used in verifying the further transaction data.
8. The method of claim 1, wherein the transaction device identifier comprises data indicative of a primary account number of a financial instrument.
9. The method of claim 1, wherein the temporary transaction device identifier is based on a random or pseudo-random number.
10. A computer system for processing a transaction message, wherein the transaction message conforms to an EMV standard in which the transaction message includes a first data field configured to hold a device identifier, a second data field configured to hold supplementary data, a third data field, and a fourth data field configured to hold data associated with a transaction, the computer system comprising: a processor; anda memory storing computer readable code, which when executed by the processor, causes the computer system to perform operations including: receiving the transaction message from a first part of a transaction processing system, the transaction message comprising a temporary transaction device identifier in the first data field, an encrypted transaction device identifier in the second data field, an ephemeral public key PD in the third data field, and transaction data in the fourth data field;generating a shared secret S using a private key ds of the computer system and the ephemeral public key PD in the third data field;decrypting the encrypted transaction device identifier in the second data field using the shared secret S to generate a transaction device identifier associated with a transaction device;retrieving a hashing key K associated with the transaction device using the transaction device identifier;calculating a hash value h′ of a concatenation of the transaction device identifier and the transaction data using the hashing key K;generating a system generated ephemeral public key P′D using the hash value h′;validating the transaction data by comparing the system generated ephemeral public key P′D with the ephemeral public key PD in the third data field; andprocessing the transaction message using the transaction device identifier instead of the temporary transaction device identifier in the first data field.
11. The computer system of claim 10, wherein the processing comprises sending a modified transaction message with the temporary transaction device identifier in the first data field replaced by the transaction device identifier to a second part of the transaction processing system.
12. The computer system of claim 11, wherein the operations further include storing an association between the temporary transaction device identifier in the first data field and the transaction device identifier.
13. The computer system of claim 12, wherein the operations further include: receiving a response message from the second part of the transaction processing system, the response message comprising a data field configured to hold a device identifier, the data field comprising the transaction device identifier;modifying the response message to replace the transaction device identifier with the temporary transaction device identifier in the first data field; andsending the modified response message to the first part of the transaction processing system.
14. The computer system of claim 10, wherein the transaction message comprises a fifth data field configured to hold further transaction data, and the operations further include verifying the further transaction data using the ephemeral public key PD in the third data field.
15. The computer system of claim 10, wherein the transaction message comprises a fifth data field configured to hold further transaction data, and wherein the further transaction data is used in decryption of the encrypted transaction device identifier.
16. The computer system of claim 15, wherein a value uniquely associated with the transaction device identifier is used in verifying the further transaction data.
17. The computer system of claim 10, wherein the transaction device identifier comprises data indicative of a primary account number of a financial instrument.
18. The computer system of claim 10, wherein the temporary transaction device identifier is based on a random or pseudo-random number.

Priority Claims (1)

Number	Date	Country	Kind
1419016.9	Oct 2014	GB	national

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of International Application No. PCT/GB2015/053200, filed Oct. 26, 2015, which claims the benefit of U.K. Application No. GB1419016.9, filed Oct. 24, 2014. Each of the above-referenced patent applications is incorporated by reference in its entirety.

US Referenced Citations (601)

Number	Name	Date	Kind
5280527	Gullman	Jan 1994	A
5613012	Hoffman	Mar 1997	A
5781438	Lee	Jul 1998	A
5883810	Franklin	Mar 1999	A
5930767	Reber	Jul 1999	A
5953710	Fleming	Sep 1999	A
5956699	Wong	Sep 1999	A
6000832	Franklin	Dec 1999	A
6014635	Harris	Jan 2000	A
6044360	Picciallo	Mar 2000	A
6163771	Walker	Dec 2000	A
6227447	Campisano	May 2001	B1
6236981	Hill	May 2001	B1
6267292	Walker	Jul 2001	B1
6327578	Linehan	Dec 2001	B1
6341724	Campisano	Jan 2002	B2
6385596	Wiser	May 2002	B1
6422462	Cohen	Jul 2002	B1
6425523	Shem Ur	Jul 2002	B1
6453301	Niwa	Sep 2002	B1
6592044	Wong	Jul 2003	B1
6636833	Flitcroft	Oct 2003	B1
6748367	Lee	Jun 2004	B1
6805287	Bishop	Oct 2004	B2
6879965	Fung	Apr 2005	B2
6891953	DeMello	May 2005	B1
6901387	Wells	May 2005	B2
6931382	Laage	Aug 2005	B2
6938019	Uzo	Aug 2005	B1
6941285	Sarcanin	Sep 2005	B2
6980670	Hoffman	Dec 2005	B1
6990470	Hogan	Jan 2006	B2
6991157	Bishop	Jan 2006	B2
7051929	Li	May 2006	B2
7069249	Stolfo	Jun 2006	B2
7103576	Mann, III	Sep 2006	B2
7113930	Eccles	Sep 2006	B2
7136835	Flitcroft	Nov 2006	B1
7177835	Walker	Feb 2007	B1
7177848	Hogan	Feb 2007	B2
7194437	Britto	Mar 2007	B1
7209561	Shankar et al.	Apr 2007	B1
7264154	Harris	Sep 2007	B2
7287692	Patel	Oct 2007	B1
7292999	Hobson	Nov 2007	B2
7350230	Forrest	Mar 2008	B2
7353382	Labrou	Apr 2008	B2
7379919	Hogan	May 2008	B2
RE40444	Linehan	Jul 2008	E
7415443	Hobson	Aug 2008	B2
7444676	Asghari-Kamrani	Oct 2008	B1
7469151	Khan	Dec 2008	B2
7548889	Bhambri	Jun 2009	B2
7567934	Flitcroft	Jul 2009	B2
7567936	Peckover	Jul 2009	B1
7571139	Giordano	Aug 2009	B1
7571142	Flitcroft	Aug 2009	B1
7580898	Brown	Aug 2009	B2
7584153	Brown	Sep 2009	B2
7593896	Flitcroft	Sep 2009	B1
7606560	Labrou	Oct 2009	B2
7627531	Breck	Dec 2009	B2
7627895	Gifford	Dec 2009	B2
7650314	Saunders	Jan 2010	B1
7685037	Reiners	Mar 2010	B2
7702578	Fung	Apr 2010	B2
7707120	Dominguez	Apr 2010	B2
7712655	Wong	May 2010	B2
7734527	Uzo	Jun 2010	B2
7753265	Harris	Jul 2010	B2
7770789	Oder, II	Aug 2010	B2
7784685	Hopkins, III	Aug 2010	B1
7793851	Mullen	Sep 2010	B2
7801826	Labrou	Sep 2010	B2
7805376	Smith	Sep 2010	B2
7805378	Berardi	Sep 2010	B2
7818264	Hammad	Oct 2010	B2
7828220	Mullen	Nov 2010	B2
7835960	Breck	Nov 2010	B2
7841523	Oder, II	Nov 2010	B2
7841539	Hewton	Nov 2010	B2
7844550	Walker	Nov 2010	B2
7848980	Carlson	Dec 2010	B2
7849020	Johnson	Dec 2010	B2
7853529	Walker	Dec 2010	B1
7853995	Chow	Dec 2010	B2
7865414	Fung	Jan 2011	B2
7873579	Hobson	Jan 2011	B2
7873580	Hobson	Jan 2011	B2
7890393	Talbert	Feb 2011	B2
7891563	Oder, II	Feb 2011	B2
7896238	Fein	Mar 2011	B2
7908216	Davis et al.	Mar 2011	B1
7922082	Muscato	Apr 2011	B2
7931195	Mullen	Apr 2011	B2
7937324	Patterson	May 2011	B2
7938318	Fein	May 2011	B2
7954705	Mullen	Jun 2011	B2
7959076	Hopkins, III	Jun 2011	B1
7996288	Stolfo	Aug 2011	B1
8025223	Saunders	Sep 2011	B2
8046256	Chien	Oct 2011	B2
8060448	Jones	Nov 2011	B2
8060449	Zhu	Nov 2011	B1
8074877	Mullen	Dec 2011	B2
8074879	Harris	Dec 2011	B2
8082210	Hansen	Dec 2011	B2
8095113	Kean	Jan 2012	B2
8104679	Brown	Jan 2012	B2
RE43157	Bishop	Feb 2012	E
8109436	Hopkins, III	Feb 2012	B1
8121942	Carlson	Feb 2012	B2
8121956	Carlson	Feb 2012	B2
8126449	Beenau	Feb 2012	B2
8132723	Hogg et al.	Mar 2012	B2
8171525	Pelly	May 2012	B1
8175973	Davis et al.	May 2012	B2
8190523	Patterson	May 2012	B2
8196813	Vadhri	Jun 2012	B2
8205791	Randazza	Jun 2012	B2
8219489	Patterson	Jul 2012	B2
8224702	Mengerink	Jul 2012	B2
8225385	Chow	Jul 2012	B2
8229852	Carlson	Jul 2012	B2
8265993	Chien	Sep 2012	B2
8280777	Mengerink	Oct 2012	B2
8281991	Wentker et al.	Oct 2012	B2
8328095	Oder, II	Dec 2012	B2
8336088	Raj et al.	Dec 2012	B2
8346666	Lindelsee et al.	Jan 2013	B2
8376225	Hopkins, III	Feb 2013	B1
8380177	Laracey	Feb 2013	B2
8387873	Saunders	Mar 2013	B2
8401539	Beenau	Mar 2013	B2
8401898	Chien	Mar 2013	B2
8402555	Grecia	Mar 2013	B2
8403211	Brooks	Mar 2013	B2
8412623	Moon	Apr 2013	B2
8412837	Emigh	Apr 2013	B1
8417642	Oren	Apr 2013	B2
8447699	Batada	May 2013	B2
8453223	Svigals	May 2013	B2
8453925	Fisher	Jun 2013	B2
8458487	Palgon	Jun 2013	B1
8484134	Hobson	Jul 2013	B2
8485437	Mullen	Jul 2013	B2
8494959	Hathaway	Jul 2013	B2
8498908	Mengerink	Jul 2013	B2
8504475	Brand et al.	Aug 2013	B2
8504478	Saunders	Aug 2013	B2
8510816	Quach	Aug 2013	B2
8433116	Davis et al.	Sep 2013	B2
8528067	Hurry et al.	Sep 2013	B2
8533860	Grecia	Sep 2013	B1
8538845	Liberty	Sep 2013	B2
8555079	Shablygin	Oct 2013	B2
8566168	Bierbaum	Oct 2013	B1
8567670	Stanfield	Oct 2013	B2
8571939	Lindsey	Oct 2013	B2
8577336	Mechaley, Jr.	Nov 2013	B2
8577803	Chatterjee	Nov 2013	B2
8577813	Weiss	Nov 2013	B2
8578176	Mattsson	Nov 2013	B2
8583494	Fisher	Nov 2013	B2
8584251	Mcguire	Nov 2013	B2
8589237	Fisher	Nov 2013	B2
8589271	Evans	Nov 2013	B2
8589291	Carlson	Nov 2013	B2
8595098	Starai	Nov 2013	B2
8595812	Bomar	Nov 2013	B2
8595850	Spies	Nov 2013	B2
8606638	Dragt	Dec 2013	B2
8606700	Carlson	Dec 2013	B2
8606720	Baker	Dec 2013	B1
8615468	Varadarajan	Dec 2013	B2
8620754	Fisher	Dec 2013	B2
8635157	Smith	Jan 2014	B2
8646059	Von Behren	Feb 2014	B1
8651374	Brabson	Feb 2014	B2
8656180	Shablygin	Feb 2014	B2
8751391	Freund	Jun 2014	B2
8751642	Vargas	Jun 2014	B2
8762263	Gauthier et al.	Jun 2014	B2
8793186	Patterson	Jul 2014	B2
8838982	Carlson et al.	Sep 2014	B2
8856539	Weiss	Oct 2014	B2
8887308	Grecia	Nov 2014	B2
9065643	Hurry et al.	Jun 2015	B2
9070129	Sheets et al.	Jun 2015	B2
9100826	Weiss	Aug 2015	B2
9160741	Wentker et al.	Oct 2015	B2
9229964	Stevelinck	Jan 2016	B2
9245267	Singh	Jan 2016	B2
9249241	Dai et al.	Feb 2016	B2
9256871	Anderson et al.	Feb 2016	B2
9280765	Hammad	Mar 2016	B2
9530137	Weiss	Dec 2016	B2
9646303	Karpenko	May 2017	B2
9680942	Dimmick	Jun 2017	B2
20010029485	Brody	Oct 2001	A1
20010034720	Armes	Oct 2001	A1
20010054003	Chien	Dec 2001	A1
20020007320	Hogan	Jan 2002	A1
20020016749	Borecki	Feb 2002	A1
20020029193	Ranjan	Mar 2002	A1
20020035548	Hogan	Mar 2002	A1
20020073045	Rubin	Jun 2002	A1
20020091648	Phillips	Jul 2002	A1
20020116341	Hogan	Aug 2002	A1
20020133467	Hobson	Sep 2002	A1
20020147913	Lun Yip	Oct 2002	A1
20030028481	Flitcroft	Feb 2003	A1
20030130955	Hawthorne	Jul 2003	A1
20030191709	Elston	Oct 2003	A1
20030191945	Keech	Oct 2003	A1
20040010462	Moon	Jan 2004	A1
20040050928	Bishop	Mar 2004	A1
20040059682	Hasumi	Mar 2004	A1
20040093281	Silverstein	May 2004	A1
20040139008	Mascavage	Jul 2004	A1
20040143532	Lee	Jul 2004	A1
20040158532	Breck	Aug 2004	A1
20040193891	Ollila	Sep 2004	A1
20040210449	Breck	Oct 2004	A1
20040210498	Freund	Oct 2004	A1
20040232225	Bishop	Nov 2004	A1
20040236632	Maritzen	Nov 2004	A1
20040260646	Berardi	Dec 2004	A1
20050037735	Coutts	Feb 2005	A1
20050080730	Sorrentino	Apr 2005	A1
20050108178	York	May 2005	A1
20050199709	Linlor	Sep 2005	A1
20050246293	Ong	Nov 2005	A1
20050269401	Spitzer	Dec 2005	A1
20050269402	Spitzer	Dec 2005	A1
20060235795	Johnson	Oct 2006	A1
20060237528	Bishop	Oct 2006	A1
20060278704	Saunders	Dec 2006	A1
20070107044	Yuen	May 2007	A1
20070129955	Dalmia	Jun 2007	A1
20070136193	Starr	Jun 2007	A1
20070136211	Brown	Jun 2007	A1
20070170247	Friedman	Jul 2007	A1
20070179885	Bird	Aug 2007	A1
20070208671	Brown	Sep 2007	A1
20070245414	Chan	Oct 2007	A1
20070288377	Shaked	Dec 2007	A1
20070291995	Rivera	Dec 2007	A1
20080015988	Brown	Jan 2008	A1
20080029607	Mullen	Feb 2008	A1
20080035738	Mullen	Feb 2008	A1
20080052226	Agarwal	Feb 2008	A1
20080054068	Mullen	Mar 2008	A1
20080054079	Mullen	Mar 2008	A1
20080054081	Mullen	Mar 2008	A1
20080065554	Hogan	Mar 2008	A1
20080065555	Mullen	Mar 2008	A1
20080201264	Brown	Aug 2008	A1
20080201265	Hewton	Aug 2008	A1
20080228646	Myers	Sep 2008	A1
20080243702	Hart	Oct 2008	A1
20080245855	Fein	Oct 2008	A1
20080245861	Fein	Oct 2008	A1
20080283591	Oder, II	Nov 2008	A1
20080302869	Mullen	Dec 2008	A1
20080302876	Mullen	Dec 2008	A1
20080313264	Pestoni	Dec 2008	A1
20090006262	Brown	Jan 2009	A1
20090010488	Matsuoka	Jan 2009	A1
20090037333	Flitcroft	Feb 2009	A1
20090037388	Cooper	Feb 2009	A1
20090043702	Bennett	Feb 2009	A1
20090048971	Hathaway	Feb 2009	A1
20090106112	Dalmia	Apr 2009	A1
20090106160	Skowronek	Apr 2009	A1
20090134217	Flitcroft	May 2009	A1
20090157555	Biffle	Jun 2009	A1
20090159673	Mullen	Jun 2009	A1
20090159700	Mullen	Jun 2009	A1
20090159707	Mullen	Jun 2009	A1
20090173782	Muscato	Jul 2009	A1
20090200371	Kean	Aug 2009	A1
20090248583	Chhabra	Oct 2009	A1
20090276347	Kargman	Nov 2009	A1
20090281948	Carlson	Nov 2009	A1
20090294527	Brabson	Dec 2009	A1
20090300738	Dewe	Dec 2009	A1
20090307139	Mardikar	Dec 2009	A1
20090308921	Mullen	Dec 2009	A1
20090319784	Faith et al.	Dec 2009	A1
20090327131	Beenau	Dec 2009	A1
20100008535	Abulafia	Jan 2010	A1
20100088237	Wankmueller	Apr 2010	A1
20100094755	Kloster	Apr 2010	A1
20100106644	Annan	Apr 2010	A1
20100120408	Beenau	May 2010	A1
20100133334	Vadhri	Jun 2010	A1
20100138347	Chen	Jun 2010	A1
20100145860	Pelegero	Jun 2010	A1
20100161433	White	Jun 2010	A1
20100185545	Royyuru	Jul 2010	A1
20100211505	Saunders	Aug 2010	A1
20100223186	Hogan	Sep 2010	A1
20100228668	Hogan	Sep 2010	A1
20100235284	Moore	Sep 2010	A1
20100258620	Torreyson	Oct 2010	A1
20100291904	Musfeldt	Nov 2010	A1
20100299267	Faith et al.	Nov 2010	A1
20100306076	Taveau	Dec 2010	A1
20100325041	Berardi	Dec 2010	A1
20110010292	Giordano	Jan 2011	A1
20110016047	Wu	Jan 2011	A1
20110016320	Bergsten	Jan 2011	A1
20110040640	Erikson	Feb 2011	A1
20110047076	Carlson et al.	Feb 2011	A1
20110083018	Kesanupalli	Apr 2011	A1
20110087596	Dorsey	Apr 2011	A1
20110093397	Carlson	Apr 2011	A1
20110125597	Oder, II	May 2011	A1
20110153437	Archer	Jun 2011	A1
20110153498	Makhotin et al.	Jun 2011	A1
20110154466	Harper	Jun 2011	A1
20110161233	Tieken	Jun 2011	A1
20110178926	Lindelsee et al.	Jul 2011	A1
20110191244	Dai	Aug 2011	A1
20110238511	Park	Sep 2011	A1
20110238573	Varadarajan	Sep 2011	A1
20110246317	Coppinger	Oct 2011	A1
20110258111	Raj et al.	Oct 2011	A1
20110270751	Csinger et al.	Nov 2011	A1
20110272471	Mullen	Nov 2011	A1
20110272478	Mullen	Nov 2011	A1
20110276380	Mullen	Nov 2011	A1
20110276381	Mullen	Nov 2011	A1
20110276424	Mullen	Nov 2011	A1
20110276425	Mullen	Nov 2011	A1
20110295745	White	Dec 2011	A1
20110302081	Saunders	Dec 2011	A1
20120023567	Hammad	Jan 2012	A1
20120028609	Hruska	Feb 2012	A1
20120030047	Fuentes et al.	Feb 2012	A1
20120035998	Chien	Feb 2012	A1
20120041881	Basu	Feb 2012	A1
20120047237	Arvidsson	Feb 2012	A1
20120066078	Kingston	Mar 2012	A1
20120072350	Goldthwaite	Mar 2012	A1
20120078735	Bauer	Mar 2012	A1
20120078798	Downing	Mar 2012	A1
20120078799	Jackson	Mar 2012	A1
20120095852	Bauer	Apr 2012	A1
20120095865	Doherty	Apr 2012	A1
20120116902	Cardina	May 2012	A1
20120123882	Carlson	May 2012	A1
20120123940	Killian	May 2012	A1
20120129514	Beenau	May 2012	A1
20120143754	Patel	Jun 2012	A1
20120143767	Abadir	Jun 2012	A1
20120143772	Abadir	Jun 2012	A1
20120158580	Eram	Jun 2012	A1
20120158593	Garfinkle	Jun 2012	A1
20120173431	Ritchie	Jul 2012	A1
20120185386	Salama	Jul 2012	A1
20120197807	Schlesser	Aug 2012	A1
20120203664	Torossian	Aug 2012	A1
20120203666	Torossian	Aug 2012	A1
20120215688	Musser	Aug 2012	A1
20120215696	Salonen	Aug 2012	A1
20120221421	Hammad	Aug 2012	A1
20120226582	Hammad	Sep 2012	A1
20120231844	Coppinger	Sep 2012	A1
20120233004	Bercaw	Sep 2012	A1
20120246070	Vadhri	Sep 2012	A1
20120246071	Jain	Sep 2012	A1
20120246079	Wilson et al.	Sep 2012	A1
20120265631	Cronic	Oct 2012	A1
20120271770	Harris	Oct 2012	A1
20120297446	Webb	Nov 2012	A1
20120300932	Cambridge	Nov 2012	A1
20120303503	Cambridge	Nov 2012	A1
20120303961	Kean	Nov 2012	A1
20120304273	Bailey	Nov 2012	A1
20120310725	Chien	Dec 2012	A1
20120310831	Harris	Dec 2012	A1
20120316992	Oborne	Dec 2012	A1
20120317035	Royyuru	Dec 2012	A1
20120317036	Bower	Dec 2012	A1
20130017784	Fisher	Jan 2013	A1
20130018757	Anderson et al.	Jan 2013	A1
20130019098	Gupta	Jan 2013	A1
20130031006	Mccullagh et al.	Jan 2013	A1
20130054337	Brendell	Feb 2013	A1
20130054466	Muscato	Feb 2013	A1
20130054474	Yeager	Feb 2013	A1
20130081122	Svigals	Mar 2013	A1
20130091028	Oder, II	Apr 2013	A1
20130110658	Lyman	May 2013	A1
20130111599	Gargiulo	May 2013	A1
20130117185	Collison	May 2013	A1
20130124290	Fisher	May 2013	A1
20130124291	Fisher	May 2013	A1
20130124364	Mittal	May 2013	A1
20130138525	Bercaw	May 2013	A1
20130144888	Faith	Jun 2013	A1
20130145148	Shablygin	Jun 2013	A1
20130145172	Shablygin	Jun 2013	A1
20130159178	Colon	Jun 2013	A1
20130159184	Thaw	Jun 2013	A1
20130166402	Parento	Jun 2013	A1
20130166456	Zhang	Jun 2013	A1
20130173736	Krzeminski	Jul 2013	A1
20130185202	Goldthwaite	Jul 2013	A1
20130191227	Pasa et al.	Jul 2013	A1
20130191286	Cronic	Jul 2013	A1
20130191289	Cronic	Jul 2013	A1
20130198071	Jurss	Aug 2013	A1
20130198080	Anderson et al.	Aug 2013	A1
20130200146	Moghadam	Aug 2013	A1
20130204787	Dubois	Aug 2013	A1
20130204793	Kerridge	Aug 2013	A1
20130212007	Mattsson	Aug 2013	A1
20130212017	Bangia	Aug 2013	A1
20130212019	Mattsson	Aug 2013	A1
20130212024	Mattsson	Aug 2013	A1
20130212026	Powell et al.	Aug 2013	A1
20130212666	Mattsson	Aug 2013	A1
20130218698	Moon	Aug 2013	A1
20130218769	Pourfallah et al.	Aug 2013	A1
20130226799	Raj	Aug 2013	A1
20130226802	Hammad	Aug 2013	A1
20130226813	Voltz	Aug 2013	A1
20130246199	Carlson	Sep 2013	A1
20130246202	Tobin	Sep 2013	A1
20130246203	Laracey	Sep 2013	A1
20130246258	Dessert	Sep 2013	A1
20130246259	Dessert	Sep 2013	A1
20130246261	Purves et al.	Sep 2013	A1
20130246267	Tobin	Sep 2013	A1
20130254028	Salci	Sep 2013	A1
20130254052	Royyuru	Sep 2013	A1
20130254102	Royyuru	Sep 2013	A1
20130254117	Von Mueller	Sep 2013	A1
20130262296	Thomas	Oct 2013	A1
20130262302	Lettow	Oct 2013	A1
20130262315	Hruska	Oct 2013	A1
20130262316	Hruska	Oct 2013	A1
20130262317	Collinge	Oct 2013	A1
20130275300	Killian	Oct 2013	A1
20130275307	Khan	Oct 2013	A1
20130275308	Paraskeva	Oct 2013	A1
20130282502	Jooste	Oct 2013	A1
20130282575	Mullen	Oct 2013	A1
20130282588	Hruska	Oct 2013	A1
20130297501	Monk et al.	Nov 2013	A1
20130297504	Nwokolo	Nov 2013	A1
20130297508	Belamant	Nov 2013	A1
20130304649	Cronic	Nov 2013	A1
20130308778	Fosmark	Nov 2013	A1
20130311382	Fosmark	Nov 2013	A1
20130317982	Mengerink	Nov 2013	A1
20130332344	Weber	Dec 2013	A1
20130339253	Sincai	Dec 2013	A1
20130346305	Mendes	Dec 2013	A1
20130346314	Mogollon	Dec 2013	A1
20140006785	Shaliv et al.	Jan 2014	A1
20140007213	Sanin	Jan 2014	A1
20140013106	Redpath	Jan 2014	A1
20140013114	Redpath	Jan 2014	A1
20140013452	Aissi et al.	Jan 2014	A1
20140019352	Shrivastava	Jan 2014	A1
20140025581	Calman	Jan 2014	A1
20140025585	Calman	Jan 2014	A1
20140025958	Calman	Jan 2014	A1
20140032417	Mattsson	Jan 2014	A1
20140032418	Weber	Jan 2014	A1
20140040137	Carlson	Feb 2014	A1
20140040139	Brudnicki	Feb 2014	A1
20140040144	Plomske	Feb 2014	A1
20140040145	Ozvat	Feb 2014	A1
20140040148	Ozvat	Feb 2014	A1
20140040628	Fort	Feb 2014	A1
20140041018	Bomar	Feb 2014	A1
20140046853	Spies	Feb 2014	A1
20140047551	Nagasundaram et al.	Feb 2014	A1
20140052532	Tsai	Feb 2014	A1
20140052620	Rogers	Feb 2014	A1
20140052637	Jooste	Feb 2014	A1
20140068706	Aissi	Mar 2014	A1
20140074637	Hammad	Mar 2014	A1
20140108172	Weber et al.	Apr 2014	A1
20140114857	Griggs et al.	Apr 2014	A1
20140143137	Carlson	May 2014	A1
20140164243	Aabye et al.	Jun 2014	A1
20140188586	Carpenter et al.	Jul 2014	A1
20140249945	Gauthier	Sep 2014	A1
20140294701	Dai et al.	Oct 2014	A1
20140297534	Patterson	Oct 2014	A1
20140310183	Weber	Oct 2014	A1
20140324690	Allen et al.	Oct 2014	A1
20140330721	Wang	Nov 2014	A1
20140330722	Laxminarayanan et al.	Nov 2014	A1
20140331265	Mozell et al.	Nov 2014	A1
20140337236	Wong et al.	Nov 2014	A1
20140344153	Raj et al.	Nov 2014	A1
20140372308	Sheets	Dec 2014	A1
20150019443	Sheets et al.	Jan 2015	A1
20150032625	Dill	Jan 2015	A1
20150032626	Dill	Jan 2015	A1
20150032627	Dill	Jan 2015	A1
20150046338	Laxminarayanan	Feb 2015	A1
20150046339	Wong et al.	Feb 2015	A1
20150052064	Karpenko et al.	Feb 2015	A1
20150081544	Wong et al.	Mar 2015	A1
20150088756	Makhotin et al.	Mar 2015	A1
20150106239	Gaddam et al.	Apr 2015	A1
20150112870	Nagasundaram et al.	Apr 2015	A1
20150112871	Kumnick	Apr 2015	A1
20150120472	Aabye et al.	Apr 2015	A1
20150127529	Makhotin et al.	May 2015	A1
20150127547	Powell et al.	May 2015	A1
20150140960	Powell et al.	May 2015	A1
20150142673	Nelsen et al.	May 2015	A1
20150161597	Subramanian et al.	Jun 2015	A1
20150178724	Ngo et al.	Jun 2015	A1
20150180836	Wong et al.	Jun 2015	A1
20150186864	Jones et al.	Jul 2015	A1
20150193222	Pirzadeh et al.	Jul 2015	A1
20150195133	Sheets et al.	Jul 2015	A1
20150199679	Palanisamy et al.	Jul 2015	A1
20150199689	Kumnick et al.	Jul 2015	A1
20150220917	Aabye et al.	Aug 2015	A1
20150269566	Gaddam et al.	Sep 2015	A1
20150278799	Palanisamy	Oct 2015	A1
20150287037	Salmon	Oct 2015	A1
20150312038	Palanisamy	Oct 2015	A1
20150319158	Kumnick	Nov 2015	A1
20150324736	Sheets	Nov 2015	A1
20150332262	Lingappa	Nov 2015	A1
20150356560	Shastry et al.	Dec 2015	A1
20150363781	Badenhorst	Dec 2015	A1
20160028550	Gaddam et al.	Jan 2016	A1
20160036790	Shastry et al.	Feb 2016	A1
20160042263	Gaddam et al.	Feb 2016	A1
20160065370	Le Saint et al.	Mar 2016	A1
20160092696	Guglani et al.	Mar 2016	A1
20160092872	Prakash et al.	Mar 2016	A1
20160092874	O'Regan	Mar 2016	A1
20160103675	Aabye et al.	Apr 2016	A1
20160119296	Laxminarayanan et al.	Apr 2016	A1
20160132878	O'Regan	May 2016	A1
20160140545	Flurscheim et al.	May 2016	A1
20160148197	Dimmick	May 2016	A1
20160148212	Dimmick	May 2016	A1
20160171479	Prakash et al.	Jun 2016	A1
20160173483	Wong et al.	Jun 2016	A1
20160197725	Hammad	Jul 2016	A1
20160210628	McGuire	Jul 2016	A1
20160217461	Gaddam	Jul 2016	A1
20160218875	Le Saint et al.	Jul 2016	A1
20160224976	Basu	Aug 2016	A1
20160224977	Sabba et al.	Aug 2016	A1
20160232527	Patterson	Aug 2016	A1
20160239842	Cash et al.	Aug 2016	A1
20160269391	Gaddam et al.	Sep 2016	A1
20160308995	Youdale et al.	Oct 2016	A1
20170046696	Powell et al.	Feb 2017	A1
20170076288	Awasthi	Mar 2017	A1
20170103387	Weber	Apr 2017	A1
20170109745	Al-Bedaiwi	Apr 2017	A1
20170148013	Rajurkar	May 2017	A1
20170163617	Narayan	Jun 2017	A1
20170163629	Law	Jun 2017	A1
20170186001	Reed et al.	Jun 2017	A1
20170200156	Karpenko	Jul 2017	A1
20170200165	Narayan	Jul 2017	A1
20170201520	Chandoor	Jul 2017	A1
20170220818	Nagasundaram et al.	Aug 2017	A1
20170221054	Flurscheim	Aug 2017	A1
20170221056	Karpenko	Aug 2017	A1
20170228723	Taylor	Aug 2017	A1
20170236113	Chitalia	Aug 2017	A1
20170293914	Girish	Oct 2017	A1
20170295155	Wong et al.	Oct 2017	A1
20170337549	Wong	Nov 2017	A1
20170364903	Lopez	Dec 2017	A1
20170364914	Howard	Dec 2017	A1
20170373852	Cassin	Dec 2017	A1
20180006821	Kinagi	Jan 2018	A1
20180075081	Chipman	Mar 2018	A1
20180247303	Raj	Aug 2018	A1
20180262334	Hammad	Sep 2018	A1
20180268399	Spector	Sep 2018	A1
20180268405	Lopez	Sep 2018	A1
20180285875	Law	Oct 2018	A1
20180324184	Kaja	Nov 2018	A1
20180324584	Lopez	Nov 2018	A1
20190020478	Girish	Jan 2019	A1
20190066069	Faith	Feb 2019	A1
20190147439	Wang	May 2019	A1
20190356489	Palanisamy	Nov 2019	A1
20190384896	Jones	Dec 2019	A1
20190392431	Chitalia et al.	Dec 2019	A1

Foreign Referenced Citations (21)

Number	Date	Country
0982958	Mar 2000	EP
1028401	Aug 2000	EP
2156397	Feb 2010	EP
2000014648	Mar 2000	WO
2001035304	May 2001	WO
2001035304	May 2001	WO
2004051585	Nov 2003	WO
2004042536	May 2004	WO
2005001751	Jun 2004	WO
2006113834	Oct 2006	WO
2009032523	Mar 2009	WO
2010034879	Apr 2010	WO
2010078522	Jul 2010	WO
2012068078	May 2012	WO
2012098556	Jul 2012	WO
2012142370	Oct 2012	WO
2012167941	Dec 2012	WO
2013048538	Apr 2013	WO
2013056104	Apr 2013	WO
2013119914	Aug 2013	WO
2013179271	Dec 2013	WO

Non-Patent Literature Citations (4)

Entry
Petition for Inter Partes Review of U.S. Pat. No. 8,533,860 Challenging Claims 1-30 Under 35 U.S.C. § 312 and 37 C.F.R. § 42.104, filed Feb. 17, 2016, Before the USPTO Patent Trial and Appeal Board, IPR 2016-00600, 65 pages.
Hellman, M.E., “An Overview of Public Key Cryptography,” IEEE, Nov. 1978, pp. 24-32.
Dean, et al., U.S. Appl. No. 16/311,144 (unpublished), “Encryption Key Exchange Process Using Access Device,” filed Dec. 18, 2018.
Kang, et al., U.S. Appl. No. 16/347,175 (unpublished), “Access Identifier Provisioning to Application,” filed May 2, 2019.

Related Publications (1)

	Number	Date	Country
	20170228728 A1	Aug 2017	US

Continuations (1)

	Number	Date	Country
Parent	PCT/GB2015/053200	Oct 2015	US
Child	15495249		US

Transaction messaging

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

US

CPC

International Classifications

Term Extension

Abstract

Description

Claims

Priority Claims (1)

CROSS-REFERENCE TO RELATED APPLICATIONS

US Referenced Citations (601)

Foreign Referenced Citations (21)

Non-Patent Literature Citations (4)

Related Publications (1)

Continuations (1)