Method and system for performing a transaction using a dynamic authorization code
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06Q-020/00
출원번호
US-0746765
(2007-05-10)
등록번호
US-8527427
(2013-09-03)
발명자
/ 주소
Wankmueller, John
출원인 / 주소
MasterCard International Incorporated
대리인 / 주소
Baker Botts L.L.P.
인용정보
피인용 횟수 :
3인용 특허 :
12
초록▼
A method and apparatus for conducting a transaction involving transmission of a dynamic authentication code in place of a static PIN block using currently existing messaging standards or PIN acceptance devices. Minimal changes to existing processes an equipment are made while greatly improving secur
A method and apparatus for conducting a transaction involving transmission of a dynamic authentication code in place of a static PIN block using currently existing messaging standards or PIN acceptance devices. Minimal changes to existing processes an equipment are made while greatly improving security and fraud minimization.
대표청구항▼
1. A method for authorizing a transaction between an account holder and a merchant over a transaction network employing an ISO 8583 standardized message format having a data portion reserved for a static PIN, comprising: providing an account holder with access to a code generating device;generating
1. A method for authorizing a transaction between an account holder and a merchant over a transaction network employing an ISO 8583 standardized message format having a data portion reserved for a static PIN, comprising: providing an account holder with access to a code generating device;generating by said code generating device a dynamic code, said dynamic code being generated based on a value that changes before a new transaction and said dynamic code is insertable in said data portion reserved for said static PIN;receiving, at a PIN processing system comprising a static PIN authentication system and a dynamic code authentication system, a transaction message in said message format, said message including one of the static PIN or the dynamic code;determining, based on the transaction message, whether the received transaction message includes the static PIN or the dynamic code;in response to determining that the transaction message includes the dynamic code, generating by said dynamic code authentication system an expected dynamic code;comparing, by said dynamic code authentication system, the received dynamic code to the generated expected dynamic code; andauthorizing the transaction in response to the comparing step. 2. The method of claim 1 wherein the dynamic code is generated based at least in part on a counter value that changes before each new transaction. 3. The method of claim 1, wherein generating by said dynamic code authentication system the expected dynamic code comprises using at least received account data to generate the expected dynamic code. 4. The method of claim 3 wherein using at least the received account data includes the step of retrieving from an account database information associated with said code generating device. 5. The method of claim 4 wherein retrieving from an account database includes retrieving a counter value associated with said code generating device. 6. The method of claim 1, wherein the transaction message includes an unencrypted version of the dynamic code. 7. A system for authorizing a transaction between an account-holder and a merchant, comprising: a transaction network employing an ISO 8583 standardized message format having a data portion reserved for a static PIN;a code generating device for generating a dynamic code based on a value that changes before a new transaction and the dynamic code is insertable into the data portion reserved for the static PIN;a receiver for receiving a transaction message in said message format, said transaction message including one of the static PIN or the dynamic code; anda PIN processing system comprising a static PIN authentication system and a dynamic code authentication system, the PIN processing system comprising a processor for (a) determining, based on the transaction message, whether the received transaction message includes the static PIN or the dynamic code, (b) in response to determining that the transaction message include the dynamic code, generating an expected dynamic code, (c) comparing the received dynamic code to the generated expected dynamic code, and(d) authorizing the transaction in response to the comparing step. 8. The system of claim 7, wherein said dynamic code generator includes a stored counter value that changes before each new transaction. 9. The system of claim 7, wherein the code generating device comprises a smart card. 10. The system of claim 7, wherein the code generating device comprises a mobile phone. 11. The system of claim 7, wherein the code generating device comprises a key fob device. 12. The system of claim 7, wherein the code generating device comprises a tablet personal computer. 13. A system for authorizing a transaction between an account holder and a merchant over a transaction network employing an ISO 8583 standardized message format having a data portion reserved for a static PIN, comprising: a first non-transitory computer readable storage medium with a first executable program stored there, wherein the first program instructs a first processor to generate a dynamic code based on a value that changes before a new transaction and said dynamic code is insertable in said data portion reserved for said static PIN; anda second non-transitory computer-readable storage medium with a second executable program stored thereon, wherein the second program instructs a second processor to perform the following steps: receiving a transaction message in said message format, said transacion message including one of the static PIN or the dynamic code;determining, based on the transaction message, whether the received transaction message includes the static PIN or the dynamic code;in response to determining that the transaction message includes the dynamic code, generating an expected dynamic code;comparing the received dynamic code to the generated expected dynamic code; andauthorizing the transaction in response to the comparing step. 14. The system of claim 13, wherein the first program instructs the first processor to generate the dynamic code based at least in part on a counter value that changes before the new transaction. 15. The system of claim 13, wherein the second program instructs the second processor to generate the expected dynamic code using at least account data contained in the transaction message. 16. The method of claim 15, wherein using at least the received account data contained in the transaction message includes retrieving from an account database information associated with the first program. 17. The method of claim 16 wherein retrieving from an account database includes retrieving a counter value associated with the first program.
Franklin D. Chase ; Rosen Daniel ; Benaloh Josh ; Simon Daniel R., Electronic online commerce card with customer generated transaction proxy number for online transactions.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.