Patents by Inventor Mehdi Collinge
Mehdi Collinge has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12100003Abstract: A method for building an advanced storage key includes: storing, in a mobile device, at least (i) device information associated with the mobile device, (ii) program code associated with a first program including an instance identifier, and (iii) program code associated with a second program including a first key; generating a device fingerprint associated with the mobile device based on the device information via execution of the code associated with the first program; generating a random value via execution of the code associated with the first program; building a diversifier value based on the generated device fingerprint, the generated random value, and the instance identifier included in the code associated with the first program; and decrypting the built diversifier value using the first key stored in the code associated with the second program via execution of the code associated with the second program to obtain a storage key.Type: GrantFiled: May 24, 2022Date of Patent: September 24, 2024Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi Collinge, Cristian Radu
-
Patent number: 12093954Abstract: A method for generating payment credentials in a payment transaction includes storing, in a memory, at least a card master key associated with a transaction account. The method also includes generating, by a processing device, a first session key based on at least the stored card master key; generating, by the processing device, a second session key; generating, by the processing device, a first application cryptogram based on at least the first session key; generating, by the processing device, a second application cryptogram based on at least the second session key; and transmitting, by a transmitting device, at least the first application cryptogram and second application cryptogram for use in a payment transaction.Type: GrantFiled: April 13, 2022Date of Patent: September 17, 2024Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi Collinge, Patrik Smets, Axel Emile Jean Charles Cateland
-
Publication number: 20240305442Abstract: A method of providing a secure service at a computing node for a requesting party external to the computing node is described. The following steps are taken at the computing node. A service request comprising a request to generate a credential is received from a requesting party. The computing node generates the credential and obtains service-related information. A clear message part is created comprising service-identifying information. A checksum is then created from at least a part of the service-identifying information and from at least a part of the credential and the service-related information. The credential, the service-related information and the checksum are then encrypted to form an encrypted message part. A message comprising the clear message part and the encrypted message part is then sent to the requesting party.Type: ApplicationFiled: July 22, 2021Publication date: September 12, 2024Applicant: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi Collinge, Alan Johnson, Omar Laazimani
-
Patent number: 12052361Abstract: A method is described of monitoring a service performed at a computing node. The computing node is one of a plurality of computing nodes in a distributed computing system. Each computing node is adapted to perform at least one service for clients. A monitoring process is adapted to monitor a service process performing the process. In the method, the monitoring process monitors the service process on performance of the service. The monitoring service then provides monitoring information to a monitoring process for another service process. A suitable computing node for performing the service is described, as is a coordinated monitoring service for supporting multiple monitoring services.Type: GrantFiled: November 3, 2020Date of Patent: July 30, 2024Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Cristian Radu, Mehdi Collinge, Omar Laazimani
-
Patent number: 11997190Abstract: A computing node in a distributed information security system, wherein the computing node is adapted to communicate with a subset of clients of the distributed information security system, wherein the computing node provides at least one cryptographic service for the clients of the subset, wherein the computing node is provisioned with a plurality of keys for use by said at least one cryptographic service, wherein the computing node is adapted to associate a key from the plurality of keys to a service request for a client according to a deterministic process based on one or more data associated with the client. A distributed information security system comprising a plurality of such nodes is also described, together with a method of providing a cryptographic service at such a computing node.Type: GrantFiled: April 22, 2020Date of Patent: May 28, 2024Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi Collinge, Omar Laazimani
-
Publication number: 20240029062Abstract: A method for generating and provisioning payment credentials to a mobile device lacking a secure element includes: generating a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier; provisioning, to a mobile device lacking a secure element, the generated card profile; receiving, from the mobile device, a key request, wherein the key request includes at least a mobile identification number (PIN) and the profile identifier; using the mobile PIN; generating a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction; and transmitting the generated single use key to the mobile device.Type: ApplicationFiled: October 5, 2023Publication date: January 25, 2024Applicant: Mastercard International IncorporatedInventors: Mehdi COLLINGE, Susan THOMPSON, Patrik SMETS, David Anthony ROBERTS, Michael Christopher WARD
-
Patent number: 11842340Abstract: A method for generating cryptograms in a webservice environment includes: receiving, in a first environment of a computing system, a credential request transmitted by an external computing device using a secure communication protocol, the credential request including a transaction identifier and account identifier; transmitting, by the first environment, a data request to a second environment of the computing system, the data request including the account identifier; receiving, by the first environment, an account profile and session key from the second environment; transmitting, by the first environment, a cryptogram request to a third environment of the computing system, the cryptogram request including the account profile and session key; receiving, by the first environment, a cryptogram from the third environment generated using the account profile and session key; and transmitting, by the first environment, the cryptogram and transaction identifier to the external computing device via the secure communicType: GrantFiled: February 3, 2022Date of Patent: December 12, 2023Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi Collinge, Patrik Smets
-
Patent number: 11829999Abstract: A system and method for generating and provisioning payment credentials to a mobile device lacking a secure element includes receiving and storing by the mobile device a card profile from a remote system. The card profile may include payment credentials corresponding to a payment account and a profile identifier. The mobile device may receive a mobile personal identification number (PIN) input by a user of the mobile device and transmit a key request to the remote system. The mobile device may receive a single use key which may include an application transaction counter and a generating key from the remote system. The mobile device may generate a payment cryptogram valid for a single financial transaction based on the received single use key and the mobile PIN and transmit the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction.Type: GrantFiled: November 13, 2019Date of Patent: November 28, 2023Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi Collinge, Susan Thompson, Patrik Smets, David Anthony Roberts, Michael Christopher Ward
-
Publication number: 20230370451Abstract: A method of maintaining a secure relationship between a client device and a server is described. The client device receives a first challenge from the server and determines and provides a first response to the first challenge. A cookie is established associated with the secure relationship. This cookie is shared between the client and the server. To establish the secure relationship in a later interaction, the client provides the cookie to the server. The server then provides both the first challenge and a second challenge, to which the client determines a first response and a second response. The client then provides a composite response from which the first response and the second response are derivable by the server, allowing the server to be assured that the secure relationship exists. Each challenge uses a challenge function adapted to provide a fingerprint of the client device. Methods at both client and server, and suitably configured client and server, are also described.Type: ApplicationFiled: June 30, 2020Publication date: November 16, 2023Inventors: Mehdi Collinge, Omar Laazimani
-
Publication number: 20230327863Abstract: A method of providing a secure service at a computing node is described. The secure service is for a requesting party external to the computing node. The following steps take place at the computing node. A service request is received from the requesting party. This service request comprises a request to generate a credential. The credential is then generated, and service-related information is obtained. The credential and the service-related information are encrypted using an encryption process to form an encrypted message part. A service-identifying clear message part is also created, and a message is sent comprising the clear message part and the encrypted message part to the requesting party. Methods of using such a message to validate the credential, and of using such a message to confirm the integrity of service-related information held in the message, are also described, as is computing apparatus adapted to carry out one or more of these methods.Type: ApplicationFiled: July 22, 2021Publication date: October 12, 2023Applicant: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi Collinge, Alan Johnson, Omar Laazimani
-
Publication number: 20230274278Abstract: Methods, apparatus and systems for operating a payment-enabled mobile device to facilitate a payment transaction with a merchant server. In an embodiment, a mobile device processor of the payment-enabled mobile device receives a payment transaction request from a user, transmits a payment transaction initiation message directly to a merchant server of the merchant, and receives a request message from the merchant server that includes one of a request to provide an Authorization Request Cryptogram (ARQC) or a request to provide user consent information. The user consent information may include cardholder verification results or a request to provide an ARQC.Type: ApplicationFiled: May 3, 2023Publication date: August 31, 2023Inventors: Patrik Smets, Jonathan James Main, Mehdi Collinge
-
Publication number: 20220329409Abstract: A method is described of managing service events in a distributed computing system. The distributed computing system comprises a plurality of computing nodes able to perform a service using a service process. The method takes place at one of the computing nodes. A service event is received or created. This service event is identified by a combination of a node identifier, a time element, and a local counter value. The local counter value represents a number of service events performed by a service process for a user since a last reset. The identified service event is then stored in a service process database according to node identifier and local counter values. The service process database is used to manage service events in the distributed system.Type: ApplicationFiled: April 22, 2020Publication date: October 13, 2022Applicant: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi Collinge, Omar Laazimani, Cristian Radu
-
Publication number: 20220321326Abstract: A method for a computing node to provide a cryptographic key in response to a service request, the method comprising: establishing a key list, wherein the key list comprises key identifiers for a plurality of keys; receiving a service request and identifying that a key is required in response to the service request; and using a deterministic process from data associated with the service request to allocate one of the key identifiers and hence the key associated with said one of the key identifiers to the service request. A suitably configured computing node is also described.Type: ApplicationFiled: April 22, 2020Publication date: October 6, 2022Applicant: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi Collinge, Omar Laazimani
-
Publication number: 20220321336Abstract: A computing node in a distributed information security system, wherein the computing node is adapted to communicate with a subset of clients of the distributed information security system, wherein the computing node provides at least one cryptographic service for the clients of the subset, wherein the computing node is provisioned with a plurality of keys for use by said at least one cryptographic service, wherein the computing node is adapted to associate a key from the plurality of keys to a service request for a client according to a deterministic process based on one or more data associated with the client. A distributed information security system comprising a plurality of such nodes is also described, together with a method of providing a cryptographic service at such a computing node.Type: ApplicationFiled: April 22, 2020Publication date: October 6, 2022Applicant: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi Collinge, Omar Laazimani
-
Publication number: 20220292499Abstract: A method for building an advanced storage key includes: storing, in a mobile device, at least (i) device information associated with the mobile device, (ii) program code associated with a first program including an instance identifier, and (iii) program code associated with a second program including a first key; generating a device fingerprint associated with the mobile device based on the device information via execution of the code associated with the first program; generating a random value via execution of the code associated with the first program; building a diversifier value based on the generated device fingerprint, the generated random value, and the instance identifier included in the code associated with the first program; and decrypting the built diversifier value using the first key stored in the code associated with the second program via execution of the code associated with the second program to obtain a storage key.Type: ApplicationFiled: May 24, 2022Publication date: September 15, 2022Applicant: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi COLLINGE, Cristian RADU
-
Patent number: 11429940Abstract: A transaction processing system for sending user information data to a personal device, and an associated method are provided. The system comprises: a personal device, such as a balance display card; an interface device, such as a card reader for transmitting data to and from the card; a communications network connecting to the interface device; an issuer processor connected to the communications network; and a trusted network processor (TNP) processor connected to the communications network, interposed between the interface device and the issuer processor. The TNP processor is arranged to receive a transaction request message from a card user and to transmit a response message back to the personal device, the response message typically being a transaction authorization together with information for display on the card.Type: GrantFiled: October 21, 2019Date of Patent: August 30, 2022Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Sebastien Pochic, Barry Alan Maidment, Mehdi Collinge, Fikret Ates
-
Publication number: 20220245630Abstract: A method for generating payment credentials in a payment transaction includes storing, in a memory, at least a card master key associated with a transaction account. The method also includes generating, by a processing device, a first session key based on at least the stored card master key; generating, by the processing device, a second session key; generating, by the processing device, a first application cryptogram based on at least the first session key; generating, by the processing device, a second application cryptogram based on at least the second session key; and transmitting, by a transmitting device, at least the first application cryptogram and second application cryptogram for use in a payment transaction.Type: ApplicationFiled: April 13, 2022Publication date: August 4, 2022Applicant: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi COLLINGE, Patrik SMETS, Axel Emile Jean Charles CATELAND
-
Patent number: 11361313Abstract: A method for building an advanced storage key includes: storing, in a mobile device, at least (i) device information associated with the mobile device, (ii) program code associated with a first program including an instance identifier, and (iii) program code associated with a second program including a first key; generating a device fingerprint associated with the mobile device based on the device information via execution of the code associated with the first program; generating a random value via execution of the code associated with the first program; building a diversifier value based on the generated device fingerprint, the generated random value, and the instance identifier included in the code associated with the first program; and decrypting the built diversifier value using the first key stored in the code associated with the second program via execution of the code associated with the second program to obtain a storage key.Type: GrantFiled: March 13, 2018Date of Patent: June 14, 2022Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi Collinge, Cristian Radu
-
Publication number: 20220156739Abstract: A method for generating cryptograms in a webservice environment includes: receiving, in a first environment of a computing system, a credential request transmitted by an external computing device using a secure communication protocol, the credential request including a transaction identifier and account identifier; transmitting, by the first environment, a data request to a second environment of the computing system, the data request including the account identifier; receiving, by the first environment, an account profile and session key from the second environment; transmitting, by the first environment, a cryptogram request to a third environment of the computing system, the cryptogram request including the account profile and session key; receiving, by the first environment, a cryptogram from the third environment generated using the account profile and session key; and transmitting, by the first environment, the cryptogram and transaction identifier to the external computing device via the secure communicType: ApplicationFiled: February 3, 2022Publication date: May 19, 2022Applicant: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi COLLINGE, Patrik SMETS
-
Patent number: 11334890Abstract: A method for generating payment credentials in a payment transaction includes: storing, in a memory, at least a single use key associated with a transaction account; receiving, by a receiving device, a personal identification number; identifying, by a processing device, a first session key; generating, by the processing device, a second session key based on at least the stored single use key and the received personal identification number; generating, by the processing device, a first application cryptogram based on at least the first session key; generating, by the processing device, a second application cryptogram based on at least the second session key; and transmitting, by a transmitting device, at least the first application cryptogram and second application cryptogram for use in a payment transaction.Type: GrantFiled: December 2, 2014Date of Patent: May 17, 2022Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Mehdi Collinge, Patrik Smets, Axel Emile Jean Charles Cateland