IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0819811
(2010-06-21)
|
등록번호 |
US-8423415
(2013-04-16)
|
발명자
/ 주소 |
- Sahota, Jagdeep Singh
- Aabye, Christian
|
출원인 / 주소 |
- Visa International Service Association
|
대리인 / 주소 |
Kilpatrick Townsend & Stockton LLP
|
인용정보 |
피인용 횟수 :
1 인용 특허 :
49 |
초록
▼
Methods and systems for dynamically generating a verification value for a transaction and for utilizing such value to verify the authenticity of the payment service application. The dynamically created verification value may be generated on a payment device, such as an integrated circuit credit card
Methods and systems for dynamically generating a verification value for a transaction and for utilizing such value to verify the authenticity of the payment service application. The dynamically created verification value may be generated on a payment device, such as an integrated circuit credit card or smart card, embedded into the payment data, and transmitted to a point of sale terminal. Alternatively, payment data is sent by a payment device to a point of sale terminal, which generates a verification value and embeds it into the payment data. The embedded verification value is used by a service provider to verify the authenticity of the transaction. The methods and systems may be used in a contactless (wireless) environment or a non-wireless environment.
대표청구항
▼
1. A method for authenticating a payment service being used in a transaction, the method comprising a plurality of steps, each being performed by hardware executing software, wherein the steps include: generating on a payment device a first verification value unique to the transaction, wherein the v
1. A method for authenticating a payment service being used in a transaction, the method comprising a plurality of steps, each being performed by hardware executing software, wherein the steps include: generating on a payment device a first verification value unique to the transaction, wherein the verification value is generated by: creating a base record comprising: digits for an application transaction counter overlaying the left most digits of a primary account number corresponding to an account upon which the transaction is being conducted, wherein the application transaction counter is incremented for each said transaction; andconcatenated to the right most digits of the primary account number: a card security code for the primary account number; andan expiration date for the primary account number;bisecting the base record into a first field and a second field;encrypting the first field using a first encryption key;performing an exclusive-OR (XOR) operation on the encrypted first field and the second field to produce a first result;encrypting the first result using a second encryption key to produce a second result;decrypting the second result using a decryption key to produce a third result;encrypting the third result using a third encryption key to produce a fourth result;sequentially extracting each value between 0 and 9 from the most-significant digit to the least-significant digit of the fourth result to produce a fifth result;sequentially extracting and subtracting hexadecimal A from each value between hexadecimal A and hexadecimal F from the most-significant digit to the least-significant digit of the fourth result to produce a sixth result;concatenating the fifth result and the sixth result to produce a seventh result; andselecting one or more values from the seventh result as the first verification value;communicating a payment record from the payment device to a point of sale terminal, wherein the payment record comprises the first verification value and payment data from the transaction;communicating the payment record from the point of sale ten inal in a magnetic stripe data format to a service provider computer;generating a second verification value on the service provider computer, wherein the second verification value is generated solely from data residing on the service provider computer; anddisapproving the transaction when the first verification value does not equal the second verification value. 2. The method as defined in claim 1, wherein the base record has a length of 128 bits. 3. The method as defined in claim 1, wherein the steps further comprise determining that a transaction amount for the transaction exceeds a predetermined threshold value prior to the generation of the verification value. 4. The method as defined in claim 1, wherein the steps further comprise determining, prior to the generating of the verification value, that a geographic location of the transaction corresponds to a predetermined geographic location. 5. The method as defined in claim 1, wherein: the verification value is generated on the payment device;the transaction is a payment transaction; andthe payment device is a mobile electronic device. 6. The method as defined in claim 5, wherein the communicating of the payment record from the mobile electronic device to the point of sale terminal comprises the mobile electronic device transmitting the payment record to the point of sale terminal via wireless communications. 7. The method as defined in claim 6, wherein the mobile electronic device is selected from the group consisting of an integrated circuit card, a smartcard, a memory card, a cellular telephone, a personal digital assistant, and a computer. 8. A method for authenticating a payment service being used in a transaction, the method comprising a plurality of steps, each being performed by hardware executing software, wherein the steps include: generating, at a point of sale terminal, unique transaction data for the transaction being processed by the point of sale terminal;sending, from the point of sale terminal in a wireless communication, the unique transaction data for the transaction;receiving, at a mobile electronic device, the unique transaction data for the transaction;creating, at the mobile electronic device, a base record comprising: digits for an application transaction counter overlaying the left most digits of a primary account number corresponding to an account upon which the transaction is being conducted, wherein the application transaction counter is incremented for each said transaction; andconcatenated to the right most digits of the primary account number: a card security code for the primary account number; andan expiration date for the primary account number;splitting, at the mobile electronic device, the base record into a first field and a second field;encrypting, at the mobile electronic device, the first field using a first encryption key;performing, at the mobile electronic device, an exclusive-OR (XOR) operation on the encrypted first field and the second field to produce a first result;encrypting, at the mobile electronic device, the first result using a second encryption key to produce a second result;decrypting, at the mobile electronic device, the second result using a decryption key to produce a third result;encrypting, at the mobile electronic device, the third result using a third encryption key to produce a fourth result;sequentially extracting, at the mobile electronic device, each value between 0 and 9 from the most-significant digit to the least-significant digit of the fourth result to produce a fifth result;sequentially extracting and subtracting, at the mobile electronic device, hexadecimal A from each value between hexadecimal A and hexadecimal F from the most-significant digit to the least-significant digit of the fourth result to produce a sixth result;concatenating, at the mobile electronic device, the fifth result and the sixth result to produce a seventh result; andselecting, at the mobile electronic device, one or more values from the seventh result as a first verification value;sending, from the mobile electronic device, the first verification value;receiving, at the point of sale terminal, the first verification value;communicating the first verification value from the point of sale terminal to a service provider computer;generating a second verification value on the service provider computer, wherein the second verification value is generated solely from data residing on the service provider computer; anddisapproving the transaction when the first verification value does not equal the second verification value. 9. The method as defined in claim 8, wherein the base record has a length of 128 bits. 10. The method as defined in claim 8, wherein the steps further comprise determining that a transaction amount for the transaction exceeds a predetermined threshold value prior to the generation of the verification value. 11. The method as defined in claim 8, wherein the steps further comprise determining, prior to the generating of the verification value, that a geographic location of the transaction corresponds to a predetermined geographic location. 12. The method as defined in claim 8, wherein: the verification value is generated on the payment device;the transaction is a payment transaction; andthe payment device is a mobile electronic device. 13. The method as defined in claim 12, wherein the communicating of the payment record from the mobile electronic device to the point of sale terminal comprises the mobile electronic device transmitting the payment record to the point of sale terminal via wireless communications. 14. The method as defined in claim 12, wherein the mobile electronic device is selected from the group consisting of an integrated circuit card, a smartcard, a memory card, a cellular telephone, a personal digital assistant, and a computer. 15. A system for verifying a transaction comprising: a first electronic device with a payment service deployed thereon;a second electronic device in communication with the first electronic device, wherein the second electronic device receives a payment record from the first electronic device, the payment record comprising an account number for the payment service and a first verification value generated on the first electronic device by: creating, at the first electronic device, a base record comprising: digits for an application transaction counter overlaying the left most digits of a primary account number corresponding to an account upon which the transaction is being conducted, wherein the application transaction counter is incremented for each said transaction; andconcatenated to the right most digits of the primary account number: a card security code for the primary account number; andan expiration date for the primary account number;splitting, at the first electronic device, the base record into a first field and a second field;encrypting, at the first electronic device, the first field using a first encryption key;performing, at the first electronic device, an exclusive-OR (XOR) operation on the encrypted first field and the second field to produce a first result;encrypting, at the first electronic device, the first result using a second encryption key to produce a second result;decrypting, at the first electronic device, the second result using a decryption key to produce a third result;encrypting, at the first electronic device, the third result using a third encryption key to produce a fourth result;sequentially extracting, at the first electronic device, each value between 0 and 9 from the most-significant digit to the least-significant digit of the fourth result to produce a fifth result;sequentially extracting and subtracting, at the first electronic device, hexadecimal A from each value between hexadecimal A and hexadecimal F from the most-significant digit to the least-significant digit of the fourth result to produce a sixth result;concatenating, at the first electronic device, the fifth result and the sixth result to produce a seventh result; andselecting, at the first electronic device, one or more values from the seventh result as the first verification value;anda service provider system in communication with, and receiving the first verification value from, the second electronic device, wherein the service provider computer independently generates a second verification value and disapproves the transaction where the first verification value and the second verification value are not equal. 16. The system as defined in claim 15, wherein the first electronic device is selected from the group consisting of an integrated circuit card, a personal digital assistant, a cellular telephone, and a microprocessor with means for communicating with the second electronic device. 17. The system as defined in claim 15, wherein the first electronic device communicates with the second electronic device via a transmission medium selected from the group consisting of radio frequency waves, infrared frequency waves, and light waves.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.