US 12,293,353 B2
Device provisioning using partial personalization scripts
Erick Wong, Vancouver (CA); and Oleg Makhotin, Paris (FR)
Assigned to Visa International Service Association, San Francisco, CA (US)
Filed by VISA INTERNATIONAL SERVICE ASSOCIATION, San Francisco, CA (US)
Filed on Mar. 27, 2024, as Appl. No. 18/618,895.
Application 18/618,895 is a continuation of application No. 17/232,079, filed on Apr. 15, 2021, granted, now 11,972,412.
Application 17/232,079 is a continuation of application No. 16/255,559, filed on Jan. 23, 2019, granted, now 11,010,755, issued on Apr. 28, 2021.
Application 16/255,559 is a continuation of application No. 15/658,897, filed on Jul. 25, 2017, granted, now 10,235,670, issued on Feb. 27, 2019.
Application 15/658,897 is a continuation of application No. 14/275,404, filed on May 12, 2014, granted, now 9,760,886, issued on Aug. 23, 2017.
Claims priority of provisional application 61/898,428, filed on Oct. 31, 2013.
Claims priority of provisional application 61/822,271, filed on May 10, 2013.
Prior Publication US 2024/0242203 A1, Jul. 18, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06Q 20/36 (2012.01); G06F 21/10 (2013.01); G06Q 20/32 (2012.01); G06Q 20/34 (2012.01); G06Q 20/38 (2012.01)
CPC G06Q 20/363 (2013.01) [G06F 21/1065 (2023.08); G06Q 20/3227 (2013.01); G06Q 20/3278 (2013.01); G06Q 20/354 (2013.01); G06Q 20/3552 (2013.01); G06Q 20/38215 (2013.01); G06Q 20/3829 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method comprising:
sending, by a mobile device, to an application provider computer, a request for provisioning the mobile device, the request including device information for the mobile device, the device information including a secure element identifier and a session identifier, wherein the application provider computer sends the request for provisioning the mobile device to a service provider computer, the service provider computer retrieves a personalization master key associated with the mobile device based on the secure element identifier, generates a personalization session key using a key derivation function, the secure element identifier, the session identifier, and the personalization master key, generates store data commands comprising personalization data, encrypts the store data commands using the personalization session key, generates a partial personalization script using the encrypted store data commands, generates an activation script, encrypts the activation script using the personalization session key, generates a deletion script, and encrypts the deletion script using the personalization session key;
receiving, by the mobile device, from the application provider computer, the partial personalization script, the activation script and the deletion script; and
executing, by the mobile device, the partial personalization script, including:
decrypting the encrypted store data commands using an encryption key that matches the personalization session key; and
executing, by the mobile device, at least one of the activation script and the deletion script, including:
decrypting at least one of the activation script and the deletion script using the encryption key that matches the personalization session key, wherein execution of the activation script enables the mobile device with access to the personalization data and provisions the personalization data onto the mobile device.