	US 12,192,346 B2
	Enhanced security in sensitive data transfer over a network
Christopher Eggimann, Brooklyn, NY (US); and Manu Dharmaiah Kallugudde, Berkshire (GB)
Assigned to MASTERCARD INTERNATIONAL INCORPORATED, Purchase, NY (US)
Filed by MASTERCARD INTERNATIONAL INCORPORATED, Purchase, NY (US)
Filed on Mar. 6, 2023, as Appl. No. 18/118,107.
Application 18/118,107 is a continuation of application No. 17/001,863, filed on Aug. 25, 2020, granted, now 11,611,434.
Claims priority of application No. 19204108 (EP), filed on Oct. 18, 2019.
Prior Publication US 2023/0208632 A1, Jun. 29, 2023
Int. Cl. H04L 9/08 (2006.01); H04L 9/32 (2006.01)

CPC H04L 9/0863 (2013.01) [H04L 9/088 (2013.01); H04L 9/3213 (2013.01); H04L 9/3242 (2013.01); H04L 2209/56 (2013.01)]

14 Claims

1. A computer-implemented method for authenticating a transaction over a secure network, the method comprising:

prior to authorization of a transaction:

receiving, by a digital service server, from a merchant plug-in (MPI) computing device, via a directory server, a token and a first cryptogram for the transaction, the first cryptogram unique to the transaction; and then decrypting, by the digital service server, the token into sensitive data;

diversifying, by the digital service server, a master key from an issuer master symmetric key, which is specific to an issuer;

diversifying, by the digital service server, one or more session keys from the diversified master key based on an application transaction count (ATC);

validating, by the digital service server, the first cryptogram, based on the one or more diversified session keys; and then

based on the first cryptogram being validated:

incrementing, by the digital service server, the ATC; and

generating, by the digital service server, a first message including a validation result and the sensitive data; and then

transmitting, by the digital service server, the first message to an issuer server of the issuer to authenticate the transaction.