IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0642878
(2003-08-18)
|
등록번호 |
US-7761374
(2010-08-09)
|
발명자
/ 주소 |
- Sahota, Jagdeep Singh
- Aabye, Christian
|
출원인 / 주소 |
- Visa International Service Association
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
55 인용 특허 :
42 |
초록
▼
Methods and systems for dynamically generating a verification value for a transaction and for utilizing such value to verify the authenticity of the payment service application. The dynamically created verification value may be generated on a payment device, such as an integrated circuit credit card
Methods and systems for dynamically generating a verification value for a transaction and for utilizing such value to verify the authenticity of the payment service application. The dynamically created verification value may be generated on a payment device, such as an integrated circuit credit card or smart card, embedded into the payment data, and transmitted to a point of sale terminal. Alternatively, payment data is sent by a payment device to a point of sale terminal, which generates a verification value and embeds it into the payment data. The embedded verification value is used by a service provider to verify the authenticity of the transaction. The methods and systems may be used in a contactless (wireless) environment or a non-wireless environment.
대표청구항
▼
What is claimed is: 1. A method comprising a plurality of steps, each being performed by hardware executing software, wherein the steps include: generating a verification value in response to a transaction involving a mobile electronic device, wherein the verification value is generated by: creatin
What is claimed is: 1. A method comprising a plurality of steps, each being performed by hardware executing software, wherein the steps include: generating a verification value in response to a transaction involving a mobile electronic device, wherein the verification value is generated by: creating a base record comprising: digits for an application transaction counter overlaying the left most digits of a primary account number corresponding to an account upon which the transaction is being conducted, wherein the application transaction counter is incremented for each said transaction; and concatenated to the right most digits of the primary account number: a card security code for the primary account number; and an expiration date for the primary account number; bisecting the base record into a first field and a second field; encrypting the first field using a first encryption key; performing an exclusive-OR (XOR) operation on the encrypted first field and the second field to produce a first result; encrypting the first result using a second encryption key to produce a second result: decrypting the second result using a decryption key to produce a third result; encrypting the third result using a third encryption key to produce a fourth result; sequentially extracting each value between 0 and 9 from the most-significant digit to the least-significant digit of the fourth result to produce a fifth result; sequentially extracting and subtracting hexadecimal A from each value between hexadecimal A and hexadecimal F from the most-significant digit to the least-significant digit of the fourth result to produce the sixth result; concatenating the fifth result and the sixth result to produce a seventh result; and selecting one or more values from the seventh result as the verification value; and sending the verification value for delivery to the service provider with data in a magnetic stripe data format so that the service provider can verify the verification value. 2. The method of claim 1 wherein the base record has a length equal to the number of digits of the primary account number corresponding to the account upon which the transaction is being conducted. 3. The method of claim 2, wherein the base record has a length of 128 bits. 4. The method of claim 1 wherein the steps further include a determination that a transaction amount for the transaction exceeds a predetermined threshold value prior to the generation of the verification value. 5. The method of claim 1 wherein the steps further comprise a determination, prior to the generating of the verification value, that a geographic location of the transaction corresponds to a predetermined geographic location. 6. The method of claim 1 wherein: the verification value is generated on the mobile electronic device; the transaction is a payment transaction; and the mobile electronic device is a payment device. 7. The method of claim 6 wherein the mobile electronic device is selected from the group consisting of an integrated circuit card, a smartcard, a memory card, a cellular telephone, a personal digital assistant, and a computer. 8. The method of claim 1 wherein the sending of the verification value for delivery to the service provider comprises the mobile electronic device transmitting the verification value to a point of sale terminal via wireless communications. 9. A method comprising a plurality of steps each being performed by hardware executing software, wherein the steps include: generating, at a point of sale terminal, unique transaction data for a transaction being processed by the point of sale terminal; sending, from the point of sale terminal in a wireless communication, the unique transaction data for the transaction; receiving, at a mobile electronic device, the unique transaction data for the transaction; creating, at the mobile electronic device, a base record comprising: digits for an application transaction counter overlaying the left most digits of a primary account number corresponding to an account upon which the transaction is being conducted, wherein the application transaction counter is incremented for each said transaction; and concatenated to the right most digits of the primary account number: a card security code for the primary account number; and an expiration date for the primary account number; splitting, at the mobile electronic device, the base record into a first field and a second field; encrypting, at the mobile electronic device, the first field using a first encryption key; performing, at the mobile electronic device, an exclusive-OR (XOR) operation on the encrypted first field and the second field to produce a first result; encrypting, at the mobile electronic device, the first result using a second encryption key to produce a second result; decrypting, at the mobile electronic device, the second result using a decryption key to produce a third result; encrypting, at the mobile electronic device, the third result using a third encryption key to produce a fourth result; sequentially extracting, at the mobile electronic device, each value between 0 and 9 from the most-significant digit to the least-significant digit of the fourth result to produce a fifth result; sequentially extracting and subtracting, at the mobile electronic device, hexadecimal A from each value between hexadecimal A and hexadecimal F from the most-significant digit to the least-significant digit of the fourth result to produce the sixth result; concatenating, at the mobile electronic device, the fifth result and the sixth result to produce a seventh result; and selecting, at the mobile electronic device, one or more values from the seventh result as a verification value; sending, from the mobile electronic device, data in a magnetic stripe data format that includes the verification value; and receiving, at the point of sale terminal in a wireless communication, the data in a magnetic stripe data format and transmitting, from the point of sale terminal, the verification value for delivery to the service provider so that the service provider can verify the verification value. 10. The method as defined in claim 9, wherein the base record has a length equal to the number of digits of the primary account number corresponding to the account upon which the transaction is being conducted. 11. The method as defined in claim 10, wherein the base record has a length of 128 bits. 12. The method as defined in claim 9, wherein the steps further include a determination that a transaction amount for the transaction exceeds a predetermined threshold value prior to the generation of the verification value. 13. The method as defined in claim 9, wherein the steps further comprise a determination, prior to the sending, receiving and transmitting, that a geographic location of the transaction corresponds to a predetermined geographic location. 14. The method as defined in claim 9, wherein: the transaction is a payment transaction; the verification value is generated by the mobile electronic device in response to the transaction at the point of sale terminal; and the mobile electronic device is in communication with the point of sale terminal; and the mobile electronic device is a payment device. 15. The method as defined in claim 14, wherein the payment device is selected from the group consisting of an integrated circuit card, a smartcard, a memory card, a cellular telephone, a personal digital assistant, and a computer. 16. The method as defined in claim 9, wherein each said wireless communication is selected from a group consisting of a laser transmission, a radio frequency transmission, an infrared transmission, a Bluetooth transmission, and a wireless local area network transmission.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.