Credential lending for mobile device transactions

JP7873723B2Active Publication Date: 2026-06-12AMERICAN EXPRESS TRAVEL RELATED SERVICES CO INC

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Patents
Current Assignee / Owner
AMERICAN EXPRESS TRAVEL RELATED SERVICES CO INC
Filing Date
2022-11-30
Publication Date
2026-06-12

AI Technical Summary

Benefits of technology

【0008】 いくつかの実施形態では、支払い鍵(例えば、ASSK)を保持しているモバイル·デバイスは、モバイル·デバイスによって定義された限られた数の取引で有効であるように設定することができるセッションベースのサブ支払い鍵(例えば、アカウント固有サブ秘密鍵(ASSSK:Account Specific Sub Secret Key)を導出する。このように、モバイル·デバイスは、サブ支払い鍵及びその他の関連データを別の受信者に送信することができ、これにより、受信者は、POS端末での通常の非接触支払い又は通常のオンライン購入を行うことができる。いくつかの実施形態では、累積取引総額、単一の取引値限度など、追加的なリスク·パラメータを、イシュアの要求に応じてこのサブ支払い鍵に追加することができる。以下の議論は、本開示の様々なコンポーネントの動作の例示的な例を提供するが、以下の例示的な例の使用は、以下の例示的な例によって開示される原理と一致する他の実装形態を排除するものではない。

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 0007873723000001
    Figure 0007873723000001
  • Figure 0007873723000002
    Figure 0007873723000002
  • Figure 0007873723000003
    Figure 0007873723000003
Patent Text Reader

Abstract

A system and method are described that allows a first client device to authorize a second client device to use a payment token for contactless payments, where the payment token is authenticated for use by the second device with restrictions set by the first device. In one embodiment, the system comprises a computing device including a secure element. The system also includes machine-readable instructions that, when executed by a processor, cause the computing device to at least receive instructions for generating a sub-payment token and receive a selection of key restrictions for the sub-payment token. An application stored in the secure element is invoked to generate the sub-payment token based on the key restrictions. The sub-payment token is received and includes a sub-payment key and an application transaction counter range. The sub-payment token is transmitted to the second computing device over a wireless communication session.
Need to check novelty before this filing date? Find Prior Art

Claims

1. A computing device comprising a processor, memory, and a secure element, wherein the secure element is a tamper-proof hardware component that runs a restricted application, A machine-readable instruction stored in the memory, which, when executed by the processor, outputs to the computing device at least: Receiving instructions for generating sub-payment tokens associated with payment tokens stored in the computing device, wherein the payment tokens have a first application transaction counter range; Receiving the selection of key restrictions for the aforementioned sub-payment token, Executing the restricted application within the secure element to generate the sub-payment token based at least in part on the key restriction, wherein the sub-payment token includes a sub-payment key and a second application transaction counter range, and the second application transaction counter range is restricted by the first application transaction counter range. Receiving the sub-payment token from the aforementioned restricted application, Establishing a wireless communication session with the client device, The subpayment token is transmitted to the wallet application of the client device via the aforementioned wireless communication session. A system that includes machine-readable instructions for performing the following actions.

2. The system according to claim 1, wherein the key restriction includes at least one of a category restriction parameter, a single transaction limit restriction parameter, or a date restriction parameter.

3. The wallet application is a second wallet application, and when the machine-readable instruction is executed by the processor, the computing device receives at least: The system according to claim 1, wherein a user interface for a first wallet application is displayed on the computing device, and the user interface is configured to receive the selection of the key restriction.

4. The system according to claim 1, wherein transmitting the sub-payment token to the wallet application of the client device includes securing the sub-payment token using an encryption key stored in the secure element.

5. The system according to claim 1, wherein sending the sub-payment token to the wallet application of the client device includes using a peer-to-peer messaging protocol.

6. The system according to claim 1, wherein the secure element is a processor component.

7. A first mobile device including a secure hardware element receives an instruction to generate a sub-payment token associated with a payment token stored in the first mobile device, wherein the payment token has a first application transaction counter range. The first mobile device receives the selection of a key restriction for the sub-payment token, The first mobile device runs a restricted application within the secure hardware element to generate the sub-payment token based on the key restriction, wherein the sub-payment token includes a sub-payment key and a second application transaction counter range, and the second application transaction counter range is restricted by the first application transaction counter range. The first mobile device receives the sub-payment token from the restricted application, The first mobile device establishes a wireless communication session with the second mobile device, A method comprising the first mobile device transmitting the sub-payment token to the wallet application of the second mobile device via the wireless communication session.

8. The method according to claim 7, wherein the key restriction includes at least one of a category restriction parameter, a single transaction limit restriction parameter, or a date restriction parameter.

9. The method according to claim 7, wherein the second application transaction counter range is at least in part based on the quantity of transactions permitted for the sub-payment token.

10. The aforementioned wallet application is a second wallet application, The method according to claim 7, further comprising the first mobile device displaying a user interface of a first wallet application on the first mobile device, wherein the user interface is configured to receive the selection of the key restriction.

11. Sending the sub-payment token to the wallet application on the second mobile device is The method according to claim 7, further comprising the first mobile device securing the sub-payment token using an encryption key stored in the secure hardware element.

12. The method according to claim 7, wherein sending the sub-payment token to the wallet application of the second mobile device includes using a peer-to-peer messaging protocol.

13. The method according to claim 7, wherein the secure hardware element is tamper-proof and includes a processor and memory, the memory storing the restricted application.

14. A non-temporary computer-readable medium that embodies machine-executable instructions stored within itself, wherein when the machine-executable instructions are executed by the processor of a computing device, the computing device receives at least: Receiving instructions for generating sub-payment tokens associated with payment tokens stored in the computing device, wherein the computing device includes secure hardware elements and the payment tokens have a first application transaction counter range. Receiving the selection of key restrictions for the aforementioned sub-payment token, Executing a restricted application within the secure hardware element to generate the sub-payment token based on the key restriction, wherein the sub-payment token includes a sub-payment key and a second application transaction counter range, and the second application transaction counter range is restricted by the first application transaction counter range. Receiving the sub-payment token from the aforementioned restricted application, Establishing a wireless communication session with the client device, A non-temporary computer-readable medium that causes the sub-payment token to be transmitted to the wallet application of the client device via the wireless communication session.

15. The non-temporary computer-readable medium according to claim 14, wherein the key restriction includes at least one of a category restriction parameter, a single transaction limit restriction parameter, or a date restriction parameter.

16. The non-temporary computer-readable medium according to claim 14, wherein the second application transaction counter range is at least in part based on the quantity of transactions permitted for the sub-payment token.

17. When the machine-executable instruction is executed by the processor, the computing device receives at least: A non-temporary computer-readable medium according to claim 14, wherein the computing device displays a user interface for a first wallet application, and the user interface is configured to receive the selection of the key restriction.

18. A non-temporary computer-readable medium according to claim 14, wherein transmitting the sub-payment token to the wallet application of the client device includes securing the sub-payment token using an encryption key stored in the secure hardware element.

19. The non-temporary computer-readable medium according to claim 14, wherein the secure hardware element includes a processor and memory, and the restricted application is stored in the memory.

20. The system according to claim 1, wherein the sub-payment key is an account-specific private key.