On May 7, 2026, the U.S. Patent and Trademark Office published a patent application from Mastercard International Incorporated titled “Method and System for Securely Reporting and Storing Computer Security Profiles” (US20260128871A1). A published application is not an issued patent; it is an ~18-month-delayed look at where a company directed its filing effort. What makes this one a useful signal is the category it lands in: it is a cybersecurity disclosure that happens to use a blockchain, not a payments disclosure.

The disclosed method takes a device's security profile, encrypts it with a public key, then re-encrypts the result with a quantum-cryptography step before committing it to the chain. The application describes the endpoint of that flow directly:

A method for secure storage of cybersecurity data in a blockchain includes: identifying, by a processor of a processing server, a device profile for a computing device.— Method and system for securely reporting and storing computer security profiles, US20260128871A1

The two CPC classes on the published record, H04L 9/0852 (quantum-key cryptography) and H04L 9/50 (the blockchain subclass), describe the filing precisely: the chain is the durable, distributed store, and the cryptography is the protection wrapped around the record before it lands there. The asset being recorded is a security profile — the network's own operational data — not a unit of money.

A cluster that uses the chain as a record layer

That pattern is not new for Mastercard; it is the dominant one across its blockchain publications. The records show more than 200 Mastercard applications tagged to blockchain, and a run of them describe the same architectural move: take a piece of network data that needs to be tamper-evident and shared across parties, and write it to a chain. Earlier published applications in the cluster include fraud prevention via blockchain (US20190318359A1), which stores declined-transaction records as block data values; enhanced login-credential security via blockchain (US20190342290A1), which keeps account tokens and usage rules on-chain; and efficient distribution of configuration data using permissioned blockchain (US20190245698A1), which propagates network configuration as appended blocks.

Adjacent filings push the same idea into other corners of the network. Trust-based payments via blockchain (US20190188704A1) records broker-mediated transactions; transaction authorization via a controlled blockchain (US20190362352A1) uses a multi-account profile and cross-issuer timing to gate authorizations; and securing transactions by check using blockchain technology (US20190340584A1) validates a physical check against an on-chain data value. The class facets across the cluster bear this out: the most common codes are H04L 9/0637 and H04L 9/3247 (block construction and digital signatures) sitting alongside the G06Q 20 payment-architecture classes — the chain used as infrastructure under the existing payment rails.

What the filings point to, and the caveats

Read as a body, Mastercard's published applications point toward a consistent direction: the company discloses the blockchain as a tamper-evident record and coordination layer for its own network — security profiles, fraud history, credentials, configuration, certificates — rather than as a consumer-facing cryptocurrency. The new security-profile application is a clean recent example, because the data it commits to the chain is internal infrastructure data with no token attached. For a general reader, the practical read is that the filing effort documented here is about hardening and auditing the payments network, with the ledger as a supporting component.

The usual limits apply. These are published applications, not grants; claims can narrow or fail before issuance, and a filing discloses intent to seek coverage, not a deployed system. It is also worth noting the cadence factually: the blockchain-tagged Mastercard publication count has eased from its 2019–2020 peak (31 and 37 in those years in the records) to single digits in the most recent year, so the recent signal is one filing extending an established cluster rather than a fresh surge. What the records establish is the disclosed pattern — Mastercard keeps filing applications that put network data on a chain — and the May 7 application is squarely inside it.