| CPC G06Q 20/3829 (2013.01) [G06F 21/32 (2013.01); G06F 21/64 (2013.01); G06Q 20/40145 (2013.01); H04L 63/083 (2013.01); H04L 63/0861 (2013.01); H04W 12/068 (2021.01); G06Q 2220/00 (2013.01); H04L 2463/082 (2013.01)] | 20 Claims |
|
1. A system comprising:
a non-transitory memory; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
receiving, from a computing device, a request for a payment token to enable offline payment capabilities for an account associated with a payment services provider via an application on the computing device, wherein the application is associated with the payment services provider for processing of a payment for a purchase;
receiving a biometric authentication signature corresponding to the account;
determining data corresponding to the account for the payment token to be encrypted based on the biometric authentication signature;
generating the payment token based on the data, wherein the payment token enables the data to be communicated to another device to authorize the payment for the purchase;
determining a hash of the biometric authentication signature converted from details of the biometric authentication signature using a hashing operation shared by the computing device and the system;
determining a key generation algorithm for the application on the computing device, wherein the key generation algorithm enables the application to derive a cryptographic decryption key corresponding to the cryptographic authentication key from the password and the biometric authentication signature, and wherein the key generation algorithm is periodically modified;
generating a cryptographic authentication key based on the hash using the key generation algorithm;
encrypting the payment token using the cryptographic authentication key to create an encrypted payment token;
sending the encrypted payment token to the computing device, wherein the encrypted payment token is decryptable, while the computing device is offline, using the biometric authentication signature and the key generation algorithm, and wherein upon being decrypted into the payment token, the payment token is usable to authorize the payment for the purchase;
receiving the payment token from the other device for the payment for the purchase, wherein the payment token is received based on a decryption of the encrypted payment token by the computing device while offline using the cryptographic decryption key generated from the key generation algorithm; and
modifying the key generation algorithm at an expiration date of the encrypted payment token.
|