• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    computer, server and method. systems and methods for validating and processing payment transactions are disclosed. in the embodiments of the invention, a first authorization request message and a first verification value are received on a server computer. the verification value is validated, and a second authorization request message with a second verification value is generated. the first check value can be a dynamic value and the second check value can be a static value. the second check value is associated with the handheld device used to perform a transaction, and is what the handheld device’s issuing computers expect to receive as part of an authorization request message in a payment transaction.
    公开号:BR112012022918A2
    申请号:R112012022918-4
    申请日:2011-04-06
    公开日:2021-03-30
    发明作者:Ayman Hammad
    申请人:Visa International Service Association;
    IPC主号:
    专利说明:

    "AAA taaaaeatniaiitentá aaa AAAAAAANNAAAALAA. 1“ SERVER COMPUTER, AND, METHOD ”This order is a non-provisional order and claims priority to Provisional Order US 61 / 322,677, filed on April 9, 2010 (Attorney File No. 016222-067800US) , the full text of which is 5 - description is incorporated by reference for all purposes here: r GROUNDS There is a need for more secure data transfer when paying for goods and services using payment cards, such as debit and credit cards.
    In a typical payment transaction, a user can use a credit card to purchase an item at a merchant or enter their account information on a payment page on a merchant's website. The merchant then generates an authorization request message using a POS (point of sale) terminal when the user is present at the merchant's location. Alternatively, for an online transaction, the merchant's website can generate an authorization request message for non-present card (CNP) transactions. In another example, the authorization request message is passed to the credit card issuing computer, and the issuing computer can approve or reject the request to authorize the transaction.
    There are a variety of methods by which fraudsters attempt to obtain user account information in order to conduct fraudulent transactions.
    To address this problem, payment transactions can become - partially dependent on data that is not part of the account information stored on a user's debit or credit card, or data that is not part of the information that is typically provided by a user to a payment page on the website of a commercial establishment.
    AND MMOs Mar IarMaM MM MIA Rr AAAAAAAANAAIANNAANANMAAAAAAAA lada AAbdidtdiAAAi ant 2 However, modifications to combat fraudsters can be costly. For example, it can be costly to modify all issuing computers to accommodate such fraud prevention measures. Therefore, there is a need for systems and methods that can provide more security - 5 for payment transactions without requiring the issuer to modify its E computers. . Modalities of the invention address these and other problems, both individually and collectively.
    BRIEF SUMMARY Modalities of the invention are directed to methods, systems and devices for processing transactions.
    One embodiment of the invention is directed to receiving a first authorization request message comprising a first verification value, determining whether the first verification value is valid 15th, creating a second authorization request message comprising a second verification value and send the second authorization request message to a server computer.
    Another embodiment of the invention is directed to sending a validation indicator to the server computer, where the validation indicator indicates whether the first verification value is valid.
    Another embodiment of the invention is directed to determining whether the first authorization request message includes a static check value associated with a handheld device when the first check value is not valid.
    Another embodiment of the invention is to receive an authorization request message associated with a payment transaction from a first server computer, to receive a validation indicator from the first server computer, where the validation indicator indicates whether a check value associated with rDraanitntsttailtittraitaiaaAsAAsAAAAAAAAANAAAASSRINNSSA The AcAAAA 3 payment transaction is valid, and generate an authorization response message based on the validation indicator.
    These and other embodiments of the invention are described in further detail below. r 5 - BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 shows a block diagram of a system according to an embodiment of the invention.
    Figure 2a shows a block diagram of some components of an IP Connection Point according to an invention modality.
    Figure 2b shows a block diagram of some components of a payment processing network according to an embodiment of the invention.
    Figure 3a shows a block diagram of the functional components present in a cell phone.
    Figure 3b shows a schematic representation of a payment card.
    Figure 4 shows a block diagram of some components of a verification token according to an embodiment of the invention.
    Figure 5 shows a picture of a person interacting with a verification token that is associated with a client computer.
    Figure 6 shows a flowchart that illustrates some of the steps involved in processing a transaction according to one - modality of the invention.
    Figure 7 shows an exemplary authorization request message before and after the validation process according to an embodiment of the invention.
    Figure 8 shows a block diagram of a device
    - ARM THE II UARANA LARES AAAARAMNAMARAADAAMNAAAAMAAALAAINAAAVANAAL AAA AAA tisitadidrhiiaataMiaatbiiistihenssáio. 4 computer.
    DETAILED DESCRIPTION In order to provide more security for electronic transactions, data that is not part of the account information and is stored on the card -. 5 - of a user's debit or credit, and which are not readily available,: can be used during the processing of electronic transactions. Such data can be generated by an external source and introduced in the process of | transaction at any point and then verified by a processing entity to make sure that the transaction originated from an authorized source. At some point, before the transaction data reaches a issuing computer operated by an issuer, a processing entity may replace data that is not part of the account information with data that the issuing computer expects to receive. In this way, the processing entity can provide more security and authenticate the 15th transaction without forcing the issuing computer to make changes to its current transaction processing method and without requiring changes to its computer. The following description provides exemplary systems and methods for processing an acquisition transaction, using authorization messages with different data elements. One authorization request message can include a dynamic verification value (dCVV2), while the other authorization request message can include a static verification value (CV V2). In an embodiment of the invention, a user communicates with a server computer of the IP Connection Point through a client computer through a first communication channel. The user then provides account information from a chip on a portable device (for example, a contactless payment card) to the client computer through a verification token associated with the client computer. The verification token can be on the client computer, or connected to it. Account information can be stored on the handheld device on an integrated circuit (IC) chip. When the account information is received on the '5 - IP Connection Point server computer, then the server computer can generate: a dynamic verification value (ACVV2). Once generated, the IP Connection Point server computer can transmit the dynamic verification value (dCVV2) to the verification token associated with the client computer.
    Before or after the user receives the dynamic verification value, then the user initiates a transaction with a merchant, such as an online merchant. During the transaction, the user provides his payment information to a cashier page on the merchant's website. Payment information can also be automatically filled in using the verification token on a payment page on a merchant's website. The merchant's computer then generates a first authorization request message that includes a first verification value. The authorization request message includes data associated with a user's portable device. The first verification value can be the dynamic verification value (dCVV2). The dynamic verification value (dCVV2) can be placed in the authorization request message at a location that is used for the conventional static verification value (CV V2) that can be printed on the back - of debit / credit cards. The dynamic verification value is received on a client computer from a server computer via the first communication channel.
    The merchant sends the first authorization request message to the acquirer's computer, which forwards the
    0 NNAINGNRANMAANUNBIIMAUNSONLADANAINAAMLAL ALMADA AaNtaalaiaitA Ns Lana hdnara d broadcaster 6 first message of authorization request to the payment processing network. Then, the payment processing network server computer receives the first authorization message and generates a second authorization message that includes a second verification value. The second check value can be a static check value. conventional (dCV V2).
    When the payment processing network server computer receives the first authorization request message, it validates the first verification value (for example, dynamic verification value (dCVV2)) associated with the first authorization request message. The payment processing network server computer receives a copy of the first verification value from the IP Connection Point server computer and compares it with the one associated with the first authorization request message. If the first verification value matches that received from the IP Connection Point server computer, the payment processing network server computer then generates a second authorization request message that includes a second verification value. The second check value is in a format that can be processed by the issuing computer - the user's portable device.
    Once the second authorization message is generated! by the server computer of the payment processing network, it is forwarded to the issuing computer operated by the issuer of the user's portable device. Then, the issuing computer can decide whether to authorize the transaction or not. The transaction may or may not be authorized, as the authorization may depend on a number of factors, including, but not limited to, the amount of credit or funds in the user's account, the likelihood of fraud, etc.
    After the issuing computer decides whether to authorize the transaction or not, an authorization response message that comprises the decision whether to authorize the transaction or not is sent back to the merchant's computer 130 via the acquirer's computer and the processing network of payment. : 5 At a later time, a clearing and: settlement process can take place between the various acquirers, issuers and the payment processing network. Before discussing specific embodiments of the invention, some “descriptions of some specific terms are provided below.
    An "authorization request message" can be a message that includes an account identifier from the issuing computer. The account identifier of the issuing computer can be a payment card account identifier associated with a payment card. The authorization request message can request that a payment card issuing computer authorize a transaction. An authorization request message according to an embodiment of the invention can conform to ISO 8583, which is a standard for systems that exchange electronic transactions made by cardholders using payment cards. An authorization request message can comprise data elements that include, in addition to the account identifier, a service code, a CV V (card verification value) and an expiration date.
    An "authorization reply message" can be an electronic message reply from the issuing financial institution to a | authorization request message, which may include one or more of the following - status indicators: Approval - transaction has been approved; Decline - transaction was not approved; or Call Center - answer pending for more information, commercial establishment must call the toll-free telephone number for authorization. It can also include an authorization code, which can be a code that a bank issuing the
    NANA baAh Man RANA 8 credit card returns in an electronic message to the POS equipment of the merchant that indicates approval of the transaction. The code serves as proof of authorization.
    As used herein, "dynamic verification value" F 5 - (also referred to as dynamic device verification value, E. dynamic card verification value, dCVV2 or first verification value) can refer to a numeric or alphanumeric value which is generated by an algorithm (for example, encryption algorithm) that receives one or more account data as input. The dynamic check value is entered into the payment transaction and is used by a payment processing network to verify that the payment transaction has been initiated from an authorized source.
    As used herein, "static verification value" (also referred to as card verification value, CVV2 or second verification value) can refer to a numeric or alphanumeric value that is typically displayed on a portable device (for example, cards debit / credit card) used to make a payment transaction. The static verification value can be included among the data in an authorization request message. The static check value is used by the - issuing computer of the handheld device to determine whether the handheld device was present at the time of the payment transaction.
    A "validation indicator" can be a binary value in the authorization request message that indicates whether a check value in the authorization request message is valid or not. The validation indicator can be set to "1" if the validation of the check value is successful, and set to "0" if the validation fails.
    A portable "chip-like" device can be embedded with an integrated circuit, or chip, that communicates information to a transaction point terminal. Portable chip-like devices may include chip cards
    AMADA deArbAAAAAAAAAAAANAAtsáA0hdaAiahaithaittiaiaiAttitiddatinittdataldathtidiaittaitntçãã 9 that offer greater functionality (and security) through the combination of significant computational energy and substantial data storage. In addition, a chip-like portable device may include an exclusive digital transaction seal or signature on the chip that proves its own. 5 - authenticity in an offline environment and prevent fraudsters from using E fraudulent payment cards. It can be used to insure online payment transactions and protect cardholders, merchants and issuing computers from fraud using a unique online transaction cryptogram. It can also be used to support better user verification methods.
    A chip-like portable device can store data elements that include a cryptogram, variable data elements, such as counters, and other information. Counters, in particular, can be used to calculate check values, such as CVV, 15 ° CVV2, dCVV and dCVV2 check values. For example, a handheld device can include a counter and can generate a first check value using the counter when each transaction is conducted by the handheld device. Thus, the accountant can track the number of transactions that are conducted by the handheld device, and can cause the first check value to change with each transaction. During a transaction, the first check value can be passed to a central server computer, which can also maintain a corresponding second counter. The central server computer can independently generate a second check value and then compare it with the first check value. If they —correspond, or are in a predetermined range, then the transaction can be considered authentic. If the first and second check values are very different, then this may indicate that the handheld device being used to conduct the transaction is not authentic. Dynamic counters, such as these, are not stored on the magnetic strips on conventional payment cards, because conventional payment cards do not have the ability to manipulate data. A "cryptogram" can refer to a numerical value that is the result of the data elements inserted in an algorithm and then - 5 - encrypted, commonly used to validate the integrity of the data. Cryptograms can include an Authorization Request Cryptogram (ARQC), an Authorization Response Cryptogram (ARPC), a Transaction Certificate (TC) and an Application Authorization Cryptogram (AAC).
    10 A "chip-like format" can include a data format that is compatible with the carrying of data from a portable chip-like device. Data formats can be part of a message (for example, an authorization request message or an authorization response message). A chip-like format can include chip-based data elements, such as cryptograms and variable data elements, such as counters. They can also include an account number, expiration date and service code.
    As used herein, "magnetic strip format" refers to an authorization request message formatted from the data | stored on a magnetic strip on a portable device. Data stored on the magnetic strip of a portable device can be in the form of data from Track 1 ("International Air Transport Association") and Track 2 ("American Banking Association"). Track 1 data may include the cardholder's name, as well as account number and other discretionary data.
    Track 2 data may include the cardholder's account, encrypted PIN and other discretionary data.
    A "communications channel" can include any suitable path for communication between two or more entities. Suitable communication channels can be present directly between two itriinaininaainiainiaaasadbaNMaAA AAA aintaiMANtAAaAAANAAASAANAAAAAANNNAAANANAAAAANAAAA 11 entities, such as a client computer and a Connection Point server, or can include numerous different entities. Any suitable communication protocols can be used for communication channels in accordance with embodiments of the invention.
    h 5 "Account information" may include any appropriate information associated with an account. Such information can be directly related to the account or can be derived from the information related to the account. Examples of account information include a Primary Account Number (PAN), name, expiration date, CVV (card verification value), dCVV (dynamic card verification value), CVV2 (card verification value 2) and dCVV2 (dynamic verification value of card 2). In general, CVV2 is understood as a static check value associated with a portable payment device. dCVV2 is a dynamic check value associated with a portable payment device. In general, dCVV2 and CVV2 values are visible to a user (for example, a consumer), while CVV and dCVV values are typically embedded in memory or in the authorization request message and are not readily known to the user (although they are known issuing computer and payment processors).
    As used herein, "transaction data" can refer to data that can be associated with a transaction. In some embodiments, "transaction data" can be included in an authorization request message and an authorization response message. Such data may include account information, such as a Primary Account Number (PAN), name, expiration date, CVV (card verification value), dCVV (dynamic card verification value), CV V2 (value of card verification 2) and dCVV2 (dynamic verification value of card 2), as well as merchant code, transaction amount and all appropriate data used to process a payment transaction.
    As used here, a "server computer" is typically a powerful computer or group of computers. For example, the server computer can be a large, large computer, a minicomputer cluster, or a group of functioning servers; as a unit. In one example, the server computer can be a database server coupled to an Internet server. As used herein, "determining whether the first verification value is valid" can refer to a validation process in the modalities of the invention that is carried out by a payment processing network or other entity according to which, a first value verification in an authorization request message is compared using a comparison software module with its duplicate copy received from a server computer (operated by an IP Connection Point) that originally generated the first verification value. If the first verification value in the authorization request message corresponds to the duplicate copy received from the server computer operated by an IP Connection Point, then the first verification value is valid. For example, the server computer operated by the IP Connection Point can generate a first check value "123" and send it to a client computer to be included in an authorization request message. A server computer operated by a payment processing network receives the authorization request message and compares the value "123" with a copy it received - previously from the server computer (operated by the IP Connection Point) that it originally generated this first check value ("123"). In some modalities, the IP Connection Point and the payment processing network can operate as an entity, in which case, upon receipt of an authorization request message, a server computer can regulate the first verification value and compare it. it with the one in the authorization request message to check for a match. Specific details in relation to some of the aspects ”5 - described above are provided below. The specific details of the specific aspects can be combined in some appropriate way without departing from the spirit and scope of modalities of the invention.
    1. Exemplary Systems A system according to an embodiment of the invention is shown in figure 1. Figure 1 shows a system 100 that can be used in an embodiment of the invention. System 100 can include a plurality of users, merchants, = portable devices, acquirers and emitting computers. As illustrated in figure 1, user 110 has access to portable device 112, communicates with verification token 120 and client computer 122. Client computer 122 communicates with IP Connection Point 152 and the computer commercial establishment 130. As illustrated in figure 1, in one embodiment, the client computer 122 can communicate with the computer of the commercial establishment 130 through a communication network, such as the Internet 124. The computer of the commercial establishment 130 is in communication with the acquirer's computer 140, which is also in communication with the payment processing network 150. The payment processing network 150 is in communication with the computer — emitter160 and the IP Connection Point 152. In the modalities of the invention, verification token 120 can be associated with client computer 122 which is used by a user 110. It can allow client computer 122 to form a first communication channel secure communications 200 (an example of a first communication channel) with the IP Connection Point 152, which can be in operational communication with the payment processing network 150. Although the IP Connection Point 152 is shown as an entity separated in figure 1, the IP Connection Point 152 can be incorporated into the f 5 - payment processing network 150, or it can be omitted. In the last.: Situation, the first secure communications channel 200 can directly connect the payment processing network 150 and the client computer 122. The payment processing network 150 can reside between the acquirer's computer 140 and an issuing computer
    160. The path that includes the computer of the merchant 130, the computer of the acquirer 140 and the payment processing network 150 can form at least part of a second communications channel 202. Figure 2a illustrates some elements of the Connection Point of 1P152 according to an embodiment of the invention. As shown in figure 2a, the IP Connection Point 152 can include an IP Connection Point 152A server computer and a 152C database. The server computer 152A may include a computer-readable media (CRM) 152A-1 and a processor 152B. The 152A-1 computer-readable media may include a 152A-2 generation module. The generation module 152A-2 can be programmed in software stored on the computer-readable media 154 and executed by the processor 152B that generates a dynamic verification value. Such dynamic verification values can be 3, 4, 5 or more characters in length. They can be additionally created using any suitable data conversion process.
    Figure 2b illustrates some elements of the payment processing network 150 according to an embodiment of the invention. As shown in figure 2b, the payment processing network 150 may include a server computer in the payment processing network
    150A and a 150C database. The 150A server computer can include a 150A-1 computer-readable (CRM) media and a 150B processor. The 150A-1 computer-readable media can include a 150A-2 verification module and a 150A-3 generation module. ”5 In some embodiments, the 150A server computer can. comprise a processor and computer-readable media attached to the processor. Computer-readable media includes code executable by the processor to implement a method that comprises: receiving a first authorization request message that comprises a first verification value; determine whether the first check value is valid; create a second authorization request message that comprises a second verification value; and sending the second authorization request message to an issuing computer.
    The 150A-2 verification module can be a software program stored on computer-readable media 150A-1 and run by the 150B processor, which monitors an authorization request message and compares various types of data in the authorization request message, such as as the dynamic verification value, with the same type of data supplied by the IP Connection Point 152 or any other entity | to make sure that the data that is part of electronic payment transactions is accurate and originates from an authorized source. The generation module 152A-3 can be programmed in software stored on the computer-readable media 150A-1 and executed by the processor 152B that generates a static check value (for example, CV V2).
    User 110 refers to an individual or organization, such as a company, who is able to purchase goods or services or to make any suitable payment transaction with the merchant's computer 130.
    The portable device 112 can be in any suitable shape. In some embodiments, portable devices are portable in nature. Suitable portable devices can be handheld and compact, so that they can fit inside a consumer's bag and / or pocket (for example, pocket size). They can include. 5 smart cards, keychain devices (such as the Speedpass! M: commercially available from Exxon-Mobil Corp.), etc. Other examples of portable devices include cell phones, personal digital assistants (PDAs), radiolocators, payment cards, security cards, access cards, smart media, transponders and the like. Portable devices can also be debit devices (for example, a debit card), credit devices (for example, a credit card) or stored-value devices (for example, a stored-value card). Two specific examples of portable device 112 are shown in figures 3a and 3b, which will be described later.
    The verification token 120 may be an electronic device configured to be coupled to the client computer 122, or may be present on it, and may be able to receive card data wirelessly from the portable device 112. Elements of the verification token 120 and its operations will be described below in relation to figure 4.
    The client computer 122 can be in any suitable form. Examples of client computers can include phones, | televisions, personal “computers”, portable computers, PDAs, integrated receivers / decoders and other computing devices. In some embodiments, the client computer may comprise a processor and a computer-readable medium attached to the processor. The client computer 122 may run an operating system, such as Microsoft WindowsTM, and may have a suitable browser, such as Internet Explorer "M.
    As used here, a "sending computer" is,
    - MANUALS AANNANRNNAAUAAENNASANRUNAURANAUANNÍNOEAAAMOUNNARMNNSRNANRANANNAANAMNNAAA NANA 17 typically, a computer operated by a business entity (for example, a bank) that maintains financial accounts for the consumer and often issues a portable device, such as a credit or debit card. Typically, a "business establishment" is an entity that engages in transactions and can sell goods or services.
    AND Typically, an "acquirer" is a business entity (for example, a commercial bank) that has a business relationship with a particular business establishment or other entity. Some entities may perform functions of both the issuer and the acquirer.
    “Modalities of the invention include such issuing entities - individual purchasers.
    The payment processing network 150 may include subsystems, networks and data processing operations used to support and distribute authorization services, exception filing services and clearing and settlement services. For example, the payment processing network 150 may comprise a server computer, coupled to a network interface, and an information database. An exemplary payment processing network can include VisaNef "M. Payment processing networks, such as VisaNef" M, can process credit card transactions, debit card transactions and other types of business transactions. VisaNef "M, in particular, includes a VIP system (Visa Integrated Payments system) that processes authorization requests, and a base II system, which performs clearing and settlement services. The payment processing network 150 can use any - redecom wired or wireless, including the Internet.
    IP Connection Point 152 refers to an entity that includes one or more servers and databases, and has access to various sender computer data, transaction data and user data used for! authenticate the consumer's portable devices. The IP Connection Point:
    152 also generates and distributes notifications and alert messages to various distribution channels. The IP Connection Point 152 can be part of the payment processing network 150 or it can be a separate entity in communication with the payment processing network 150.
    o 5 As used herein, typically a "computer-readable media" or "computer-readable storage media" is a - - storage media, such as a hard disk or any suitable type of data storage media capable of to store data, such as program codes.
    Databases 152C and 150C (shown in figures 2a and 2b, respectively) may be able to store data from client computers. Databases 152C and 150C can also be in the form of independent hard drives connected to one or more server computers that retrieve data from databases 152C and 150C as a result of queries from client computers.
    Now, with reference to figure 3a, a block diagram of a portable device 112 incorporated as a cell phone 112H that can be used in embodiments of the invention is provided. The 112H cell phone - can be both a notification device, which can receive alert messages, as well as a portable device, which can be used to make payments. The exemplary cell phone 112H may comprise a computer-readable medium and a body, as shown in figure 3a. The 112B computer-readable media may be present on the body, or it may be detachable from it. The body may be in the form of a plastic substrate, housing or other structure. The 112B computer-readable media can be in the form of (or can be included in) a memory that stores data (for example, account numbers of the issuing computer, loyalty provider account numbers, etc.) and can be in any suitable form that includes a magnetic strip, a memory chip, etc. Preferably, the memory stores information, such as financial information, traffic information (for example, as on a subway or train pass), access information (for example, as on access badges), etc. - 5 Financial information may include information, such as bank account information, loyalty account information (for example, a loyalty account number), a bank identification number (BIN), credit card number information, or debit card, account balance information, expiration date, consumer information, such as name, date of birth, etc. Any information mentioned above can be transmitted by telephone 112H. | In some embodiments, information in memory can also be in the form of data tracks that are traditionally associated with credit cards. Such tracks include Track 1 and Track 2. Track 1 ("International Air Transport Association") stores more information than Track 2, and contains the cardholder's name, account number and other discretionary data. Track 1 is sometimes used by airlines when closing reservations with a credit card. Track 2 ("American Banking Association") is currently the most - commonly used. Track 2 is the track that is read by ATMs and credit card verifiers. The ABA (American Banking Association) designed the specifications for Track 2, and all banks in the world comply with these specifications. Track 2 contains the cardholder's account, encrypted PIN and other discretionary data.
    The 112H cell phone may additionally include a 112G non-contact element, which is typically implemented in the form of a semiconductor chip (or other data storage element) with an associated wireless transfer element (for example, data transmission), such as like an antenna. The 112G non-contact element is associated with
    AIR RRRRRASANANAAAARNAARAANANRRAAAAMARANAANAANAAAAA RANMA 20 (for example, embedded in) the 112H phone, and control data or instructions transmitted over a cellular network can be applied to the 112G non-contact element via a non-contact element interface (not shown). The interface of the non-contact element works for 'S - it will allow the exchange of data and / or control instructions between the system of: circuits of the mobile device (and, therefore, the cellular network) and an optional non-contact element 112G.
    The 112G contactless element is capable of transferring and receiving | data using a near-field communications ("NFC") capability | (or near field communications media), typically according to a standardized protocol or data transfer mechanism (eg, ISO 14443 / NFC). Near-field communications capability is a short-range communications capability, such as RFID, Bluetooth '! M, infrared, or other data transfer capability, which can be used to exchange data between the 112H cell phone and an interrogation device .
    Thus, the 112H cell phone is capable of communicating and transferring data and / or control instructions through both the cellular network and the near-field communications capability.
    The 112H cell phone may also include a 112C processor (for example, a microprocessor) for processing the 112H phone's functions and a 112D display to allow a consumer to see phone numbers and other information and messages.
    The 112H cell phone can additionally include 112E input elements to allow a user to enter information into the device, a 112F speaker to allow the user to listen to voice communication, music, etc., and an 1121 microphone to allow the user to transmit your voice through the 112H cell phone.
    The 112H telephone may also include an antenna 112A for wireless data transfer (for example, data transmission).
    If the handheld device is in the form of a debit card, credit card or smart card, the handheld device can also optionally have features, such as magnetic strips.
    Such devices can operate in both a contact and non-contact mode.
    Another example of a portable device in the form of one; payment card is shown in figure 3b.
    Figure 3b shows a 112M plastic substrate.
    A non-contact element 112J for interfacing with an access device may be present on, or embedded in, the plastic substrate 112M.
    112K user information, such as an account number, expiration date and user name, can be printed or stamped on the card.
    Also, a magnetic strip 112L can be on the plastic substrate 112M.
    The payment card may also comprise a microprocessor and / or memory chips with user data stored in them, such as an integrated circuit (IC) chip. Figure 4 is a block diagram that illustrates several! components of verification token 120 according to a modality. | The modality illustrated in figure 2 is a USB device that includes a 120E USB connectivity module, a 120H secure element (for example, a smart card chip), a 120G wireless / contactless reader capable of reading data from the card (data payment) from a portable device, a 120F built-in memory, a 120A self-installing driver, a 120B form filling application, a 120C terminal application and a 120D heartbeat application.
    Verification token 120 may also have other features, such as a keyboard temporary storage capacity and a unique serial number associated with the verification token.
    Verification token 120 has no footprint on client computer 122 with Internet connectivity when it is plugged in.
    The various components and modules in the verification token 120 can be used to implement methods according to modalities of the invention.
    Although figure 2 illustrates a verification token 120 as something similar to a USB connector, verification token 120 can come in other forms. For example, it can be part of hardware or another module. 5 - installed on a computer, consumer device or other device. : For example, in other modalities, the verification token can be hosted on a computer and does not have to be a device that is physically separate from the computer. UI. Exemplary Methods Methods according to the modalities of the invention are described in figures 5-7 in relation to the elements of the system in figures 1-4.
    Regarding figures 1 and 5, before establishing the first one! communications channel 200, in embodiments of the invention, user 110 can receive a verification token 120 from his financial institution.
    Alternatively, user 110 can receive verification token 120 from another entity on behalf of a financial institution.
    As shown in figure 5, then, user 110 can connect verification token 120 to USB port 122A of his client computer 122 through a USB connector 120E. Client computer 122 can power verification token 120. Once it is connected to client computer 122, it can recognize the presence of verification token 120 as a valid device, and verification token 120 can self-install. Then, verification token 120 can scan client computer 122 to verify connectivity to the Internet. Note that, although client computer 122 and verification token 120 are shown as separate devices in figure 5, in other embodiments, verification token 120 may be part of client computer 122.
    If Internet connectivity is available, then verification token 120 can automatically attempt to establish an SSL session in the background with IP Connection Point 152, so that it can be used as part of an authentication process.
    As shown in figure 4, verification token 120 can include an application, such as self-installing driver 120A, so that verification token 120 can install itself automatically: after verification token 120 is inserted and recognized by the client computer 122. So the token application is able to connect to a specialized host, perhaps, at a predefined IP address, using a secure SSL session in the background.
    A 120C terminal application and a 120D heartbeat application can be used to establish and maintain this session.
    If the session connection is successfully established, the token identifies itself to the IP Connection Point 152 by providing its unique serial number and / or IP address to the TP Connection Point 152. Other information can also be passed (for example , password) to the IP Connection Point 152 at this point.
    The verification token 120 modality illustrated in figure 5 is a USB token that includes a 120E USB connectivity module, a 120H secure element (for example, a chip, such as a smart card chip, that has data protocols and hardware and security - enough), a 120G wireless / contactless reader capable of reading payment data from a portable device, 120F built-in memory, one! 120A self-installing driver, a 120B form filling application, a 120C terminal application and a 120D heartbeat application.
    Verification token 120 may also have other features, such as a - keyboard temporary storage capacity and a unique serial number associated with verification token 120. Verification token 120 may have little or no footprint on client computer 120 when it is plugged into a standard client computer with Internet connectivity.
    - MNNRAROUNRAaMAANaNNAAAANNAAAAAAAAANAEANDAAAtAANNsAasand eta ns tiene, 24 When the verification token 120 is operatively coupled to the client computer 122, the verification token 120 establishes a first communication channel 200 with the server computer of the IP Connection Point 152A (figure 2a). The IP Connection Point 152 can stay; 5 in communication with a payment processing network 150. Note j, that, in the following description, the server computer of the IP Connection Point 152A and the server computer of the payment processing network 150A can be incorporated by a single computer device or separate computer devices.
    Such computer devices can work - separately or together to facilitate the functions described here.
    After establishing the first communication channel 200 from client computer 122 to IP Connection Point 152, user 110 manipulates handheld device 112 so that it interacts with client computer 122. For example, user 110 may be asked presenting handheld device 112 to complete the transaction while making purchases from a merchant's website.
    As explained, after the verification token 120 has been placed on the client computer 122, and upon successful mutual authentication, Ponto | IP Connection Code 152 can register verification token 120 and its: —P address for a session.
    A session key is associated with the session.
    At some point during the process, IP Connection Point 152 can validate a token serial number associated with verification token 120 and credentials from information accessible on a remote or local database (for example, 152C database of figure 2a) If valid, the IP Connection Point 152 can calculate a UDK (unique derived key) for the token based on a master key and the serial number.
    A unique derived key (UDK) can be stored in the secure element of the 120H token.
    This mutual host-token authentication can use an algorithm based on Triple DES.
    Then, upon successful mutual authentication, IP Connection Point 152 can register token 120 and its IP address for this session.
    A session key is established through mutual authentication to support all communication for that session between the verification token. 5 12060 host.
    All data exchanged between the token and the already specialized host can be encrypted and tunneled through an SSL session.
    The session can remain active or be terminated or restarted at any time.
    At this point, the IP Connection Point 152 becomes aware of the token, the serial number, the session key and the IP address.
    In some modalities, a dynamic verification value (dCV V2) can be sent to the token at this point.
    In some embodiments, a dynamic verification value (dCVV2) will be sent only after it is requested by verification token 120, as described with additional details below.
    After the session is established, as shown in figure 5, the portable device 112 which can be a payment device, such as a credit card, can be used to interact with a verification token (for example, a USB plug) which is associated with the client computer 122. The portable device 112 may comprise a chip comprising chip card data, such as a dynamic counter, dynamic verification value, personal account number (PAN), i cryptogram, user information , expiration date, card number, issuing computer information, etc.
    In embodiments of the invention, the chip in the handheld device 112 can interact with the verification token 120 via a contact interface and / or a wireless near-field (NFC) communication interface. Thus, as explained, verification token 120 can include a reader with contact and / or non-contact capabilities.
    During the interaction between the verification token 120 and the portable device 112, the verification token 120 can receive the chip-formatted data from the portable device 112 and communicate the data to the client computer 122 and then to the Connection Point of IP 152 and the payment processing network 150. Verification token 120 may additionally allow the client computer 122 to establish the first r 5 - communications channel 200 with the IP Connection Point 152 through the use of! It is cryptograms generated every time the portable device 112 interacts with the: verification token 120. Then, the user 110 can initiate a request to receive a new dynamic verification value (dCVV2) by presenting the portable device 112 to the verification token 120. User 110 can do this by waving handheld device 112 next to a wireless or contactless reader on verification token 120. Alternatively, some modalities may use readers that can read the magnetic strip on a handheld device.
    Verification token 120 energizes handheld device 112 to collect account information, such as one or more of account numbers, cryptograms, CVV and CVV2 values for a transaction.
    Other data that can be collected from the same source or from another source may include a session key with the IP Connection Point.
    Then —tokende verification 112 can encrypt this collected data.
    Then, the client computer 122 forwards the account information and other information to the IP Connection Point 152 through the first communication channel 200, preferably in encrypted form.
    Then, the IP Connection Point 152 validates the information - received.
    For example, IP Connection Point 152 can receive a request for the dynamic verification value (dCVV2) from verification token 120, including the encrypted Primary Account Number (PAN) and additional information (encrypted using the session key) ). The IP Connection Point 152 can identify the Primary Account Number (PAN)
    associated with this request and validate the relationship between the PAN and the token. If the information is validated, the IP Connection Point 152 can generate a first verification value. The first verification value can be a dynamic verification value (dCVV2). ”5 Next, the first verification value is sent from the Point: IP Connection 152, through the first secure communication channel 200, to verification token 120. In some embodiments, the first verification value may include a value of dynamic verification (dCVV2). However, the first check value can be any value associated with handheld device 112 that can be used to identify and verify this handheld device 112 during a transaction. Verification token 120 can store the verification value or complete a self-completed form on the cashier page of the merchant 130 when the value is received. In other embodiments, the first verification value can be received and displayed on the client computer 122 to the user. This is also illustrated in figure 5.
    Thus, in some embodiments, verification token 120 can insert a dynamic verification value (dCVV2) on a merchant's website page operated by the merchant's computer 130. Verification token 120 can use a form-filling application 120 to fill in, on the form, the Primary Account Number (PAN) and the dynamic verification value (dCVV2). Other information can also be filled in by the token, such as shipping addresses according to various modalities. The user then conducts a transaction with a merchant using the dynamic verification value (dCV V2) and other payment data.
    Once on the cashier page, the user can either manually enter the information required to complete the transaction or, | optionally, an autocomplete feature can be included in the
    :: 28 verification 120. In the latter mode, verification token 120 may include software module that includes instructions (for example, computer code) executable by a processor to communicate data from the handheld device when the cashier page is presented to the user 110. E 5 - This information can include the user's personal information that includes a B payment card number, expiration date, billing information, name and the first verification value (for example, dCV V2) that was obtained through the first communication channel from the IP Connection Point 152. When data from the handheld device is entered on the cashier page and confirmed (for example, via a 'submit' button or similar type button), the data is sent to the computer of the commercial establishment 130 through the second communication channel 202, which can be safely established through a medium, such as the Internet.
    Then, a first authorization request message is generated by the merchant's computer 130 and sent to the payment processing network 150 via the acquirer's computer
    140. The first authorization request message can be formatted in a previous format, such as a magnetic stripe data format.
    In the embodiments of the invention, when the first verification value is in the form of a dynamic verification value (dCVV2) that is received from the IP Connection Point 152 through the process described above, the first authorization request message is generated with the dynamic verification value placed in place of the static verification value (CVV2). The static check value (CVV2) can be in the form of a number printed on the handheld device 112 of user 110.
    In the previous format of the authorization request message (for example, magnetic strip data format), there is a place reserved for the static verification value (CV V2). The static check value (CVV2) can be used by the sending computer 160 to determine whether the portable device 112 was present at the time of the transaction or not. In the embodiments of the invention, the place reserved for the static check value (CVV2) can be advantageously used for. 5 include and pass a dynamic verification value (dCVV2) through: second communication channel 202. - When the payment processing network 150 receives an authorization request message (first authorization request message) which can include a value dynamic verification value (first verification value), it can validate the dynamic verification value and, after a validation process, replace the dynamic verification value with the static verification (second verification value) that the sending computer 60 expects to receive. This method advantageously allows the use of dynamic verification values in the payment transaction process without requiring the issuing computer 160 to make any changes.
    This method also advantageously allows the payment processing network 150 to process transactions using the dynamic check value (dC V V2) together with the transaction using the previous static check value (CV V2). This unprecedented process will now be described in relation to the flowchart illustrated in figure 6.
    After the payment processing network 150! receive the first authorization request message (step 601), then the payment processing network 150 can use the first check value, which can be in the form of a dynamic check value (dCVV2), associated with the Number of Primary Account (PAN) to help authenticate a transaction that involves PAN. In step 602, the payment processing network 150 determines whether the dynamic verification value (dCVV2) (first verification value) is valid by comparing it with the duplicate copy of the dynamic verification value (dCVV2) received from the Payment Point. IP connection 152 to verify that they match. The dynamic verification value (dCVV2) received from the IP Connection Point 152 can be stored in the 150C database. 5 - (shown in figure 2b), then, it can be accessed for the process; validation. This validation process can be performed by a software module, such as the verification module 150A-2 (shown in figure 2b) running on the server computer of the payment processing network 150A. If validation is successful, in step 603, payment processing network 150 generates the static check value (CV V2) associated with handheld device 112. This can be done by a software module, such as the generation module 150A-3 (shown in figure 2b) running on the server computer of the payment processing network 150A. The payment processing network then generates a second authorization request message by replacing the dynamic verification value (first verification value) with the static verification value! (second check value). The second authorization request message can also include a validation indicator (also referred to as CV V2 result code), which can be in the form of an indicator - which indicates the result of the validation process.
    In step 604, the second authorization request message that includes the static verification value (CVV2) is sent to the issuing computer 160 together with a validation indicator. Figure 7 illustrates the generation of a second authorization request message - exemplary after the validation process. Figure 7 shows the authorization request message 701 that includes a dynamic verification value (first verification value). Then, the authorization request message 701 passes through the validation process and, after it is verified that the dynamic verification value (dCVV2) corresponds to that
    EOAEE 31 received from IP Connection Point 152, a static verification value (CVV2) is generated and placed in the location of the dynamic verification value (dCV V2) together with a validation indicator (ie CV result code V2) which can be in binary format, with "1" indicating that: 5 - the validation process was successful.
    B In the example shown in figure 7, the check value | dynamic (dCVV2) is "123" and, after the validation process, the value of | static check (CV V2) is calculated, which is "456" in this example. The value "456" is what the sending computer 160 expects to receive as part of the “authorization request message. Therefore, it can be seen that the modalities of the invention add a layer of security to the transaction process without disturbing the system and without forcing the sending computer 160 to modify its systems.
    Again, in relation to the flowchart in figure 6, if the validation process fails because the dynamic verification value is not valid or if the first authorization request message was sent without the correct dynamic verification value (for example, the static verification value was used or a fraudster entered the wrong verification value), in step 605, the payment processing network 150 determines —the issuing computer 160 has chosen a restore option, so that the payment processing network 150 can verify that the first authorization request message was sent with a static verification value. The "restore option" can be selected by the issuing computers that wish to receive the authorization request message and use their own processes to determine whether the transaction is generated from an authorized source or not.
    If the sending computer 160 has selected the restore option, then, in step 606, the first authorization request message is checked against the presence of a check value to PE EEE Po PITT PETIT ITTITITEO
    32 static (CVV2), and the static check value is validated.
    The payment processing network 150 can generate (i.e., recalculate) the static check value associated with the handheld device that was used for the transaction.
    The static verification value can be generated from the data - 5 - associated with the user's portable device, such as the Account Number
    B Primary (PAN). -
    If the verification value in the first authorization request message that is received from the acquirer's computer matches the static verification value (CVV2) associated with the portable device 112 used for the transaction, then, in step 607, the network payment processing 150 passes the authorization request message along with the static verification value and a validation indicator that indicates that the static verification value has been validated and that the handheld device used is authentic.
    The validation indicator can be placed in the first authorization request message or, optionally, a second authorization request message can be generated with the validation indicator.
    If the restore option was not chosen in step 605 or the validation process failed in step 606, a second authorization request message can be formatted that includes a validation indicator that indicates that the static check value in the first request message authorization did not match the correct value.
    Optionally, the payment processing network 150 passes the first authorization request message to the issuing computer 60 together with the “same check value (first check value) that was received from the acquirer's computer as part of the first payment message. authorization request.
    In this last example, if the dCVV2 is "123" and the CVV2 expected by the issuing computer is "456", then the payment processing network can simply pass the value "123" to the issuing computer 60. Thus, the processing network Payment 150 may intentionally pass a value that the issuing computer 160 does not expect to see if the payment processing network 150 determines that the dCVV 2 originally received from the merchant was "5 incorrect.
    : When the issuing computer 160 receives the authorization request message, it will then generate a response message from: authorization indicating whether the transaction was approved or not. The authorization reply message is sent to the payment processing network 150, which sends it to the acquirer's computer 140. Then, the acquirer's computer 140 notifies the merchant's computer 130 of the result. It can be seen that the modalities of the invention provide many advantages. By replacing the dynamic verification value (dCVV2) (first verification value) with the static verification value (CVV2) (second verification value), more security can be provided for payment transactions, without requiring the issuing computers to modify their transaction processing infrastructures and systems. Furthermore, the unprecedented modalities of the invention allow the processing of both transactions that use dynamic verification values and those that do not. Furthermore, by passing the authorization request message to the issuing computer even in those cases where the validation process fails, issuing computers can advantageously use their own - validation processes and decide whether they want to authorize the transaction. The various participants and elements (for example, the issuing computer, the server, the payment processing network, the IP Connection Point, the merchant, the acquirer's computer and the user's computer) in Figure 1 can operate a or more
    YAN of lnisARiMS AA taduinatnntaitaitintsalidunsiaasttaiiaidiaiai eat 34 computer devices (for example, a server computer) to facilitate the functions described here. Any of the elements in figure 1 can use any suitable number of subsystems to facilitate the functions described in the systems and methods described in the previous sections. Examples of such: 5 - subsystems or components are shown in figure 8. The subsystems: shown in figure 8 are interconnected via an 875 system bus. Additional subsystems, such as an 874 printer, 878 keyboard, 879 fixed disk (or another memory that comprises computer-readable media), monitor 876, which is attached to the display adapter 872 and - still others, are shown. Peripheral and input / output (1 / O) devices, which are coupled to the 1 / O 871 controller, can be connected to the computer system by any number of devices known in the art, such as a serial port 877. For example, the serial port 877 or external interface 881 can be used to connect the computer device over a wide area network, such as the Internet, a mouse-type input device or a digitizer. Interconnection via the system bus allows the central processor 873 to communicate with each subsystem and control the execution of instructions from system memory 872 or fixed disk 879, as well as the exchange of information between the subsystems. System memory 872 and / or fixed disk 879 can incorporate computer-readable media.
    Specific details in relation to some of the aspects described above are provided below. The specific details of the specific aspects can be combined in any appropriate way without departing from the spirit and scope of the modalities of the invention.
    It should be understood that the present invention described above can be implemented in the form of control logic using computer software in a modular or integrated manner. Based on the description and the precepts provided herein, those skilled in the art will know and understand other ways and / or methods to implement the present invention using hardware and a combination of hardware and software. Any of the software components or functions described in this application can be implemented as software code to be - 5 - executed by a processor using any suitable computer language, such as, for example, Java, C ++ or Perl, using, for example, example, conventional or object-oriented techniques. The software code can be stored as a series of instructions or commands on computer-readable media, such as random access memory (RAM), exclusive read-only memory (ROM), magnetic media, such as a hard drive or a floppy disk, or an optical media, such as a CD-ROM. Any such computer-readable media can reside on a single computing device, and can be present on different computing devices on a system or network.
    One or more resources from any modality can be combined with one or more resources from any other modality without departing from the scope of the invention.
    A quote of "one", "one", "o" or "a" is intended to mean "one or more", unless specifically stated to the contrary.
    All of the above patent applications, patents, publications and descriptions are hereby incorporated by reference in their | with all purposes. None is admitted as technology! previous.
    权利要求:
    Claims (22)
    [1]
    1. Server computer, characterized by the fact that it comprises: a processor; and ”5 a computer-readable media coupled to the processor, D in which the computer-readable media includes code executable by the processor to implement a method comprising: receiving a first authorization request message comprising a first verification value; determine whether the first check value is valid; create a second authorization request message that comprises a second verification value; and sending the second authorization request message to an issuing computer.
    [2]
    2. Server computer according to claim 1, characterized by the fact that the first verification value is a dynamic verification value.
    [3]
    3. Server computer according to claim 1, characterized by the fact that the second check value is a static check value.
    [4]
    4. Server computer according to claim 1, characterized by the fact that it additionally comprises: sending a validation indicator in the second authorization request message to the server computer, where the - validation indicator indicates whether the first verification value is valid .
    [5]
    5. Server computer according to claim 1, characterized by the fact that the server computer is a first server computer, and in which the method further comprises: receiving a duplicate copy of the first scan value from a second server computer, where the second server computer is operated by an IP Connection Point.
    [6]
    6. Server computer according to claim 5, characterized by the fact that it determines whether the first check value is. 5 - valid additionally includes comparing the first verification value e from the first authorization request message with the verification value received from the server computer operated by the IP Connection Point.
    [7]
    7. Server computer according to claim 1,! characterized by the fact that the second verification value is generated based on the transaction data in the first authorization request message.
    [8]
    8. Server computer according to claim 1, characterized by the fact that the second check value is associated with a portable device.
    [9]
    9. Server computer according to claim 1, characterized by the fact that the first authorization request message includes data associated with a portable device.
    [10]
    10. Server computer according to claim 9, characterized by the fact that the portable device is a payment card.
    [11]
    11. Server computer according to claim 9, characterized by the fact that the portable device is a cell phone.
    [12]
    12. Server computer according to claim 1, characterized by the fact that the second authorization request message is in a magnetic strip data format.
    [13]
    13. Server computer according to claim 1, characterized by the fact that it additionally comprises: determining whether the first message requesting
    | | 3 authorization includes a static check value associated with a handheld device when the first check value is not valid.
    [14]
    14. Method, characterized by the fact that it comprises: receiving a first authorization request message “5 - which comprises a first verification value; H, determine whether the first check value is valid; create a second authorization request message that comprises a second verification value; and send the second authorization request message to a server computer.
    [15]
    15. Method according to claim 14, characterized by the fact that it further comprises: determining whether the first authorization request message includes a static verification value associated with a handheld device when the first verification value is not valid.
    [16]
    16. Method according to claim 14, characterized by the fact that it additionally comprises: sending a validation indicator in the second authorization request message to the server computer, where the validation indicator indicates whether the first verification value is valid.
    [17]
    17. Method according to claim 14, characterized in that the first check value is a dynamic check value and the second check value is a static check value.
    [18]
    18. Method according to claim 14, characterized by the fact that the second verification value is generated based on the data in the first authorization request message.
    [19]
    19. Method, characterized by the fact that it comprises: receiving an authorization request message associated with a payment transaction from a first server computer; receiving a validation indicator from the first server computer, where the validation indicator indicates whether a - 5 verification value associated with the payment transaction is valid; and "- - generate an authorization response message based on the validation indicator.
    [20]
    20. Method according to claim 19, characterized in that the check value is additionally associated with a - portable device.
    [21]
    21. Method according to claim 20, characterized by the fact that the portable device is a payment card.
    [22]
    22. Method according to claim 20, characterized by the fact that the handheld device is a cell phone.
    类似技术:
    公开号 | 公开日 | 专利标题
    US11107053B2|2021-08-31|System and method for securely validating transactions
    US20200097960A1|2020-03-26|Methods and systems for provisioning mobile devices with payment credentials
    US11232455B2|2022-01-25|System and method including customized linkage rules in payment transactions
    US10417542B2|2019-09-17|Mobile device with scannable image including dynamic data
    US20190019176A1|2019-01-17|Over the air update of payment transaction data stored in secure memory
    US20190172048A1|2019-06-06|Security system incorporating mobile device
    US8453226B2|2013-05-28|Token validation for advanced authorization
    US9672508B2|2017-06-06|Over the air update of payment transaction data stored in secure memory
    US8977570B2|2015-03-10|System and method including chip-based device processing for transaction
    US20210352049A1|2021-11-11|Techniques For Securely Communicating Sensitive Data For Disparate Data Messages
    US20210326866A1|2021-10-21|Techniques For Securely Communicating Sensitive Data
    同族专利:
    公开号 | 公开日
    US20190303891A1|2019-10-03|
    AU2011237715B2|2014-12-18|
    WO2011127177A3|2012-02-02|
    RU2580086C2|2016-04-10|
    US11107053B2|2021-08-31|
    US20110270757A1|2011-11-03|
    US10373138B2|2019-08-06|
    SG183988A1|2012-10-30|
    RU2012139268A|2014-05-20|
    WO2011127177A2|2011-10-13|
    CN102792325A|2012-11-21|
    CA2792555C|2019-06-18|
    EP2556475A2|2013-02-13|
    AU2011237715A1|2012-09-27|
    EP2556475A4|2014-01-15|
    CA2792555A1|2011-10-13|
    CN102792325B|2017-09-01|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US5805702A|1995-09-29|1998-09-08|Dallas Semiconductor Corporation|Method, apparatus, and system for transferring units of value|
    US7707120B2|2002-04-17|2010-04-27|Visa International Service Association|Mobile account authentication service|
    KR100535711B1|2003-05-15|2005-12-09|주식회사 케이티프리텔|Method and system for managing credit card certification/approval information by two way|
    US7275685B2|2004-04-12|2007-10-02|Rearden Capital Corporation|Method for electronic payment|
    KR100588620B1|2004-04-27|2006-06-14|주식회사 케이티프리텔|Method and System for processing data call in CDMA network|
    US20090119504A1|2005-08-10|2009-05-07|Riverbed Technology, Inc.|Intercepting and split-terminating authenticated communication connections|
    CN1753011A|2005-09-22|2006-03-29|邵军利|New type electronic payment system and its realization method|
    US7552467B2|2006-04-24|2009-06-23|Jeffrey Dean Lindsay|Security systems for protecting an asset|
    CN106936587B|2006-06-19|2020-05-12|维萨美国股份有限公司|Consumer authentication system and method|
    US8494959B2|2007-08-17|2013-07-23|Emc Corporation|Payment card with dynamic account number|
    US8359630B2|2007-08-20|2013-01-22|Visa U.S.A. Inc.|Method and system for implementing a dynamic verification value|
    US8010428B2|2007-09-26|2011-08-30|Visa Usa Inc.|Form factor identification|
    EP2245583A1|2008-01-04|2010-11-03|M2 International Ltd.|Dynamic card verification value|
    EP2098985A3|2008-03-03|2012-11-07|Broadcom Corporation|Secure financial reader architecture|
    WO2010005681A1|2008-06-16|2010-01-14|Visa U.S.A. Inc.|System and method for authorizing financial transactions with online merchants|
    US8898089B2|2008-06-24|2014-11-25|Visa U.S.A. Inc.|Dynamic verification value system and method|
    US9715681B2|2009-04-28|2017-07-25|Visa International Service Association|Verification of portable consumer devices|
    US8326759B2|2009-04-28|2012-12-04|Visa International Service Association|Verification of portable consumer devices|
    US9038886B2|2009-05-15|2015-05-26|Visa International Service Association|Verification of portable consumer devices|
    US7891560B2|2009-05-15|2011-02-22|Visa International Service Assocation|Verification of portable consumer devices|
    US10133773B2|2009-11-20|2018-11-20|Mastercard International Incorporated|Methods and systems for indirectly retrieving account data from data storage devices|
    SG183988A1|2010-04-09|2012-10-30|Visa Int Service Ass|System and method for securely validating transactions|US10296874B1|2007-12-17|2019-05-21|American Express Travel Related Services Company, Inc.|System and method for preventing unauthorized access to financial accounts|
    SG183988A1|2010-04-09|2012-10-30|Visa Int Service Ass|System and method for securely validating transactions|
    NL2004825C2|2010-06-04|2011-12-06|Ubiqu B V|A method of authorizing a person, an authorizing architecture and a computer program product.|
    EP2707847A4|2011-05-10|2015-04-01|Dynamics Inc|Systems, devices, and methods for mobile payment acceptance, mobile authorizations, mobile wallets, and contactless communication mechanisms|
    US8136724B1|2011-06-24|2012-03-20|American Express Travel Related Services Company, Inc.|Systems and methods for gesture-based interaction with computer systems|
    US20130054337A1|2011-08-22|2013-02-28|American Express Travel Related Services Company, Inc.|Methods and systems for contactless payments for online ecommerce checkout|
    US8714439B2|2011-08-22|2014-05-06|American Express Travel Related Services Company, Inc.|Methods and systems for contactless payments at a merchant|
    US8805956B1|2011-09-27|2014-08-12|Trend Micro, Inc.|Data leakage prevention in cloud-endpoint model|
    WO2013067521A2|2011-11-05|2013-05-10|Sequent Software Inc.|System and method for increasing security in internet transactions|
    US10535064B2|2012-03-19|2020-01-14|Paynet Payments Network, Llc|Systems and methods for real-time account access|
    AU2013235387A1|2012-03-19|2014-10-09|Paynet Payments Network, Llc|Systems and methods for real-time account access|
    AU2014256396B2|2013-11-15|2020-08-20|Nyce Payments Network, Llc|Systems and methods for real-time account access|
    US9572029B2|2012-04-10|2017-02-14|Imprivata, Inc.|Quorum-based secure authentication|
    GB2504925A|2012-07-13|2014-02-19|Masabi Ltd|Data entry during non-contact payment transactions|
    US20140067675A1|2012-09-06|2014-03-06|American Express Travel Related Services Company, Inc.|Authentication using dynamic codes|
    CA2854150A1|2013-06-10|2014-12-10|The Toronto Dominion Bank|High fraud risk transaction authorization|
    EP2827291A1|2013-07-19|2015-01-21|Gemalto SA|Method for securing a validation step of an online transaction|
    GB2517912A|2013-08-29|2015-03-11|Ifpl Group Ltd|Order and payment system|
    US8930274B1|2013-10-30|2015-01-06|Google Inc.|Securing payment transactions with rotating application transaction counters|
    US20150235207A1|2014-02-19|2015-08-20|Bank Of America Corporation|Risk mitigating transaction authorization|
    CA2933336C|2014-04-14|2018-09-04|Mastercard International Incorporated|Method and system for generating an advanced storage key in a mobile device without secure elements|
    US10565595B2|2014-04-30|2020-02-18|Visa International Service Association|Systems and methods for data desensitization|
    WO2016130821A1|2015-02-11|2016-08-18|Mastercard International Incorporated|Online form fill for tokenized credentials|
    CA2973195A1|2015-02-20|2016-08-25|Visa International Service Association|Contactless data exchange between mobile devices and readers|
    US20160260084A1|2015-03-06|2016-09-08|Mastercard International Incorporated|Secure mobile remote payments|
    US11037139B1|2015-03-19|2021-06-15|Wells Fargo Bank, N.A.|Systems and methods for smart card mobile device authentication|
    US11188919B1|2015-03-27|2021-11-30|Wells Fargo Bank, N.A.|Systems and methods for contactless smart card authentication|
    US20160337370A1|2015-05-13|2016-11-17|Sony Computer Entertainment America Llc|Portable profile access token|
    FR3042894B1|2015-10-27|2018-10-12|Ingenico Group|METHOD FOR SECURING TRANSACTION DATA PROCESSING, TERMINAL AND CORRESPONDING COMPUTER PROGRAM|
    US20170161733A1|2015-12-02|2017-06-08|Mastercard International Incorporated|Method and system for validation of a token requestor|
    RU2649295C2|2015-12-31|2018-03-30|Акционерное общество "Национальная система платежных карт"|Method of customer verification|
    WO2017120605A1|2016-01-07|2017-07-13|Visa International Service Association|Systems and methods for device push provisioning|
    US10861019B2|2016-03-18|2020-12-08|Visa International Service Association|Location verification during dynamic data transactions|
    US11113688B1|2016-04-22|2021-09-07|Wells Fargo Bank, N.A.|Systems and methods for mobile wallet provisioning|
    CN106875186B|2016-06-20|2020-07-24|阿里巴巴集团控股有限公司|Offline payment method and device|
    AU2017296055A1|2016-07-15|2019-02-07|Cardinalcommerce Corporation|Authentication to authorization bridge using enriched messages|
    GB201613882D0|2016-08-12|2016-09-28|Mastercard International Inc|Digital secure remote payment Enhancements when transacting with an authenticated merchant|
    SE540668C2|2016-08-30|2018-10-09|No Common Payment Ab|Generation and verification of a temporary card security code for use in card based transactions|
    SG11201901280YA|2016-10-28|2019-03-28|Visa Int Service Ass|System for data set translation of accounts|
    US20180197174A1|2017-01-06|2018-07-12|Mastercard International Incorporated|Systems and Methods for Use in Facilitating Transactions to Payment Accounts|
    CN108573373A|2017-03-13|2018-09-25|上海诺基亚贝尔股份有限公司|Method and apparatus for secure payment|
    CN107392611B|2017-03-24|2020-04-24|创新先进技术有限公司|Method and device for sending transaction information and consensus verification|
    US11195176B2|2017-08-23|2021-12-07|Visa International Service Association|System, method, and computer program product for stand-in processing|
    US20210295323A1|2018-07-06|2021-09-23|No Common Payment Ab|Regaining an original card security code used in a card based transaction|
    SG11202104548SA|2018-11-06|2021-05-28|Visa Int Service Ass|Systems and methods for managing a transaction state object|
    BR112019008171A2|2018-11-07|2019-09-10|Alibaba Group Holding Ltd|computer-implemented method for validating blockchain transactions based on account templates, computer readable storage media, and system|
    US10992516B2|2018-12-13|2021-04-27|Honeywell International Inc.|Efficient self-checking redundancy comparison in a network|
    US20200250668A1|2019-01-31|2020-08-06|Visa International Service Association|Method, System, and Computer Program Product for Automatically Re-Processing a Transaction|
    US10467622B1|2019-02-01|2019-11-05|Capital One Services, Llc|Using on-demand applications to generate virtual numbers for a contactless card to securely autofill forms|
    US11120453B2|2019-02-01|2021-09-14|Capital One Services, Llc|Tap card to securely generate card data to copy to clipboard|
    EP3809350A1|2019-10-18|2021-04-21|Mastercard International Incorporated|Enchanced security in sensitive data transfer over a network|
    法律状态:
    2021-04-06| B08F| Application fees: application dismissed [chapter 8.6 patent gazette]|Free format text: REFERENTE A 10A ANUIDADE. |
    2021-08-10| B08K| Patent lapsed as no evidence of payment of the annual fee has been furnished to inpi [chapter 8.11 patent gazette]|Free format text: REFERENTE AO DESPACHO 8.6 PUBLICADO NA RPI 2622 DE 06/04/2021. |
    优先权:
    申请号 | 申请日 | 专利标题
    US32267710P| true| 2010-04-09|2010-04-09|
    US61/322677|2010-04-09|
    PCT/US2011/031426|WO2011127177A2|2010-04-09|2011-04-06|System and method for securely validating transactions|
    [返回顶部]