Network security based on proximity

US 10,033,712 B2
Filed: 12/09/2015
Issued: 07/24/2018
Est. Priority Date: 12/09/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method to provide secure data access based on merchant computing device proximity verification, comprising:

generating, by a payment processing computing system, a first merchant beacon device identifier code and a first random nonce;

associating, by the payment processing computing system, the first merchant beacon device identifier code and the first random nonce with a merchant location;

transmitting, by the payment processing computing system and to a merchant beacon device at the merchant location, the first merchant beacon device identifier code and the first random nonce, wherein the merchant beacon device broadcasts the first merchant beacon device identifier code and the first random nonce at the merchant location;

receiving, by the payment processing computing system and from each of one or more user computing devices at the merchant location, data comprising the first merchant beacon device identifier code received by the respective user computing device from the merchant beacon device at the merchant location, current location data, and a respective user account identifier associated with a user account associated with the respective user computing device;

receiving, by the payment processing computing system and from a merchant point of sale computing device associated with the merchant location, data comprising a request for user account information, and the random nonce received by the merchant point of sale computing device from the merchant beacon device at the merchant location, wherein the merchant point of sale computing device associated with the merchant location is separate from the merchant beacon device at the merchant location;

determining, by the payment processing computing system, a correspondence between the random nonce received from merchant point of sale computing device associated with the merchant location to the random nonce associated with the merchant location by the payment processing computing system;

in response to determining the correspondence between the received random nonce received from the merchant point of sale computing device and the associated random nonce, identifying, by the payment processing computing system, one or more user account identifiers associated with the one or more user computing devices that retransmitted the merchant beacon device identifier code and that have current location data corresponding to the merchant location; and

transmitting, by the payment processing computing system and to the merchant point of sale computing device, the one or more user account identifiers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processing system periodically configures a beacon code and random nonce to transmit to a beacon device at a location. Multiple users enter the location with associated user computing devices. The user computing devices retransmit the beacon code broadcasted by the beacon device to the processing system. A particular user initiates a transaction at a computing device at the location, which transmits to the processing system a request for account data and retransmits the beacon code and a random nonce. The processing system verifies the beacon code and random nonce and transmits, to the computing device at the location, user account identifiers associated with user computing devices that retransmitted the beacon code. The processing system receives a selection of the user identifier from the merchant point of sale device and transmits account information to the computing device at the location.

10 Citations

View as Search Results

18 Claims

1. A computer-implemented method to provide secure data access based on merchant computing device proximity verification, comprising:
- generating, by a payment processing computing system, a first merchant beacon device identifier code and a first random nonce;
  
  associating, by the payment processing computing system, the first merchant beacon device identifier code and the first random nonce with a merchant location;
  
  transmitting, by the payment processing computing system and to a merchant beacon device at the merchant location, the first merchant beacon device identifier code and the first random nonce, wherein the merchant beacon device broadcasts the first merchant beacon device identifier code and the first random nonce at the merchant location;
  
  receiving, by the payment processing computing system and from each of one or more user computing devices at the merchant location, data comprising the first merchant beacon device identifier code received by the respective user computing device from the merchant beacon device at the merchant location, current location data, and a respective user account identifier associated with a user account associated with the respective user computing device;
  
  receiving, by the payment processing computing system and from a merchant point of sale computing device associated with the merchant location, data comprising a request for user account information, and the random nonce received by the merchant point of sale computing device from the merchant beacon device at the merchant location, wherein the merchant point of sale computing device associated with the merchant location is separate from the merchant beacon device at the merchant location;
  
  determining, by the payment processing computing system, a correspondence between the random nonce received from merchant point of sale computing device associated with the merchant location to the random nonce associated with the merchant location by the payment processing computing system;
  
  in response to determining the correspondence between the received random nonce received from the merchant point of sale computing device and the associated random nonce, identifying, by the payment processing computing system, one or more user account identifiers associated with the one or more user computing devices that retransmitted the merchant beacon device identifier code and that have current location data corresponding to the merchant location; and
  
  transmitting, by the payment processing computing system and to the merchant point of sale computing device, the one or more user account identifiers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising encrypting, by the payment processing computing system, the first random nonce using a shared encryption key,wherein the first random nonce transmitted to the merchant beacon device comprises the encrypted first random nonce,wherein the merchant beacon device broadcasts the encrypted first random nonce at the merchant location via a local wireless network,wherein the merchant point of sale computing device receives the encrypted first random nonce via the local wireless network, the merchant point of sale computing device comprising the shared encryption key,wherein the merchant point of sale computing device unencrypts the received first encrypted random nonce to determine the unencrypted first random nonce,wherein the random nonce received from the merchant point of sale computing device comprises the unencrypted first random nonce, andwherein the unencrypted first random nonce is compared against the associated random nonce.
  - 3. The method of claim 2, further comprising transmitting, by the payment processing computing system, the shared encryption key to the merchant point of sale computing device.
  - 4. The method of claim 1, further comprising:
    - assigning, by the payment processing computing system, a username and password to the merchant point of sale computing device, wherein the data received from merchant point of sale computing device further comprises the username and password; and
      
      comparing, by the payment processing computing system, the received username and password against the assigned username and password to determine an exact correspondence between the received username and password against the assigned username and password,wherein the user account identifiers associated with the one or more user computing devices that retransmitted merchant beacon device identifier and having current location data corresponding to the merchant location are only identified in response to determining an exact correspondence between the received username and password and the assigned username and password.
  - 5. The method of claim 1, further comprising:
    - at a time before receiving a request from the merchant point of sale computing device for user account information, generating, by the payment processing computing system, a second random nonce;
      
      in response to generating the second random nonce;
      
      associating, by the payment processing computing system, the first merchant beacon device identifier code and the second random nonce with the merchant point of sale computing device and the merchant location;
      
      disassociating, by the payment processing computing system, the first random nonce with the merchant point of sale computing device and the merchant location;
      
      transmitting, by the payment processing computing system, the second random nonce to the merchant beacon device, wherein the merchant beacon device broadcasts the second random nonce at the merchant location via the local wireless network instead of the first random nonce upon receiving the second random nonce; and
      
      receiving, by the payment processing computing system and at a time after transmitting the second random nonce to the merchant beacon device, the second random nonce from the merchant point of sale computing device instead of receiving the first random nonce,wherein the merchant beacon device identifier and the second random nonce are compared against the associated merchant beacon device identifier and the associated second random nonce, andwherein, in response to determining an exact correspondence between the received second random nonce and the associated second random nonce, the user account identifiers associated with the one or more user computing devices that retransmitted the merchant beacon device identifier code and having current location data corresponding to the merchant location are identified and transmitted to the merchant point of sale computing device for display on the merchant point of sale computing device.
  - 6. The method of claim 1, further comprising:
    - at a time before receiving a request from the merchant point of sale computing device for user account information, generating, by the payment processing computing system, a second merchant beacon device identifier code;
      
      in response to generating the second merchant beacon device identifier code;
      
      associating, by the payment processing computing system, the second merchant beacon device code and the first random nonce with the merchant beacon device and the first system location merchant location;
      
      disassociating, by the payment processing computing system, the first merchant beacon device identifier code with the merchant beacon device and the merchant location;
      
      transmitting, by the payment processing computing system, the second merchant beacon device identifier code to the merchant beacon device, wherein the merchant beacon device broadcasts the second merchant beacon device identifier code at the merchant location via the local wireless network instead of the merchant beacon device identifier code upon receiving the second merchant beacon device identifier code;
      
      receiving, by the payment processing computing system and at a time after transmitting the second merchant beacon device identifier code to the merchant beacon device, the second merchant beacon device identifier code from each of one or more user computing devices at a time after receiving the first merchant beacon device identifier code; and
      
      wherein, in response to determining an exact correspondence between the received first random nonce and the associated first random nonce, the user account identifiers associated with the one or more user computing devices that retransmitted the second merchant beacon device identifier code and having current location data corresponding to the merchant location are identified and transmitted to the merchant point of sale computing device for display on the merchant point of sale computing device.
  - 7. The method of claim 1, wherein the one or more transmitted user account identifiers are displayed on the merchant point of sale computing device.
  - 8. The method of claim 1, further comprising:
    - receiving, by the payment processing computing system and from the merchant point of sale computing device, an indication of a selection of a particular user account identifier from the one or more displayed user account identifiers;
      
      retrieving, by the payment processing computing system and based on the user account identifier, payment account information associated with one or more payment accounts of the user account; and
      
      transmitting, by the payment processing computing system and to the merchant point of sale computing device, the payment account information for display via the merchant point of sale computing device.
  - 9. The method of claim 8, further comprising:
    - receiving, by the payment processing computing system and from the merchant point of sale computing device, an indication of a selection of a particular payment account of the user account from the displayed payment account information for use in a transaction;
      
      receiving, by the payment processing computing system and from the merchant point of sale computing device, transaction information to process the transaction comprising a total amount of transaction and merchant system payment account information associated with a payment account of the first system merchant system;
      
      transmitting, by the payment processing computing system and to an issuer system associated with the selected particular payment account of the user account, a payment authorization request comprising the user payment account information, the merchant system payment account information, and the total amount of transaction;
      
      receiving, by the payment processing computing system and from the issuer system, an approval of the payment authorization request; and
      
      in response to receiving the approval of the payment authorization request, transmitting, by the payment processing computing system, notification, to the merchant point of sale computing device, of the approval of the payment authorization request, wherein the merchant point of sale computing device transmits a receipt to a user computing device associated with the user account.

10. A computer program product, comprising:
- a non-transitory computer-readable medium having computer-readable program instructions embodied thereon that when executed by a computer cause the computer to provide secure data access based on computing device proximity verification, the computer-readable program instructions comprising;
  
  computer-executable program instructions to generate a merchant beacon device identifier code;
  
  computer-executable program instructions to associate the merchant beacon device identifier code with a merchant beacon device and a merchant location;
  
  computer-executable program instructions to transmit, to the merchant beacon device, the merchant beacon device identifier code, wherein the merchant beacon device broadcasts the merchant beacon device identifier code at the merchant system location;
  
  computer-executable program instructions to receive, from each of one or more user computing devices at the merchant system location, data comprising the merchant beacon device identifier code, current location data, and a respective user account identifier;
  
  computer-executable program instructions to receive, from a merchant point of sale computing device associated with the merchant location, data comprising a request for user account information and the merchant beacon device identifier code, wherein the merchant point of sale computing device associated with the merchant location is separate from the merchant beacon device at the merchant location;
  
  computer-executable program instructions to determine a correspondence between the merchant beacon device code received from the merchant point of sale computing device associated with the merchant location against the associated merchant beacon device identifier code associated with the merchant location;
  
  in response to determining the correspondence between the received merchant beacon device identifier code and the associated merchant beacon device identifier code, computer-executable program instructions to identify user account identifiers associated with the one or more user computing devices that retransmitted the merchant beacon device identifier code and having current location data corresponding to the merchant location; and
  
  computer-executable program instructions to transmit, to the merchant point of sale computing device, the one or more user account identifiers for display on the computing device associated with the merchant location.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer program product of claim 10, further comprising:
    - computer-executable program instructions to assign a username and password to the merchant point of sale computing device, wherein the data received from the merchant point of sale computing device further comprises the username and password; and
      
      computer-executable program instructions to compare the received username and password against the assigned username and password to determine an exact correspondence between the received username and password against the assigned username and password,wherein the user account identifiers associated with the one or more user computing devices that retransmitted the merchant beacon device identifier code and having current location data corresponding to the merchant location are only identified in response to determining an exact correspondence between the received username and password and the assigned username and password.
  - 12. The computer program product of claim 11, further comprising:
    - computer-executable program instructions to receive from the merchant point of sale computing device, an indication of a selection of a particular user account identifier from the one or more displayed user account identifiers;
      
      computer-executable program instructions to retrieve, based on the user account identifier, payment account information associated with one or more payment accounts of the user account; and
      
      computer-executable program instructions to transmit, to the merchant point of sale computing device, the payment account information for display via the merchant point of sale computing device.
  - 13. The computer program product of claim 12, further comprising:
    - computer-executable program instructions to receive, from the merchant point of sale computing device, an indication of a selection of a particular payment account of the user account from the displayed payment account information for use in a transaction;
      
      computer-executable program instructions to receive, from the merchant point of sale computing device, transaction information to process the transaction comprising a total amount of transaction and merchant system payment account information associated with a payment account of the merchant system;
      
      computer-executable program instructions to transmit, to an issuer system associated with the selected particular payment account of the user account, a payment authorization request comprising the user payment account information, the merchant system payment account information, and the total amount of transaction;
      
      computer-executable program instructions to receive, from the issuer system, an approval of the payment authorization request; and
      
      in response to receiving the approval of the payment authorization request, computer-executable program instructions to transmit notification, to the merchant point of sale computing device, of the approval of the payment authorization request, wherein the merchant point of sale computing device transmits a receipt to a user computing device associated with the user account.
  - 14. The computer program product of claim 11, further comprising:
    - at a time before receiving a request from the merchant point of sale computing device for user account information, computer-executable program instructions to generate a second merchant beacon device identifier code;
      
      in response to generating the second merchant beacon device identifier code;
      
      computer-executable program instructions to associate the second merchant beacon device identifier code and the first random nonce with the merchant beacon device and the merchant location;
      
      computer-executable program instructions to disassociate the merchant beacon device identifier code with the merchant beacon device and the merchant location;
      
      computer-executable program instructions to transmit the second merchant beacon device identifier code to the merchant beacon device, wherein the merchant beacon device broadcasts the second merchant beacon device identifier code at the merchant location via the local wireless network instead of the merchant beacon device identifier code upon receiving the second merchant beacon device identifier code;
      
      computer-executable program instructions to receive, at a time after transmitting the second merchant beacon device identifier code to the merchant beacon device, the second merchant beacon device identifier code from each of one or more user computing devices at a time after receiving the first merchant beacon device identifier code;
      
      wherein, in response to determining an exact correspondence between the received first random nonce and the associated first random nonce, the user account identifiers associated with the one or more user computing devices that retransmitted the second merchant beacon device identifier code and having current location data corresponding to the merchant location are identified and transmitted to the merchant point of sale computing device for display via the merchant point of sale computing device.

15. A system to provide secure data access based on computing device proximity verification, comprising:
- a storage device; and
  
  a processor communicatively coupled to the storage device, wherein the processor executes application code instructions that are stored in the storage device to cause the system to;
  
  generate a merchant beacon device identifier code and a first random nonce;
  
  associate the merchant beacon device identifier code and the first random nonce with a merchant location;
  
  transmit, to the merchant beacon device, the merchant beacon device identifier code and the first random nonce, wherein the merchant beacon device broadcasts the merchant beacon device identifier code and the first random nonce at the merchant system location;
  
  generate a second random nonce;
  
  in response to generating the second random nonce;
  
  associate the second random nonce with the merchant location;
  
  disassociate the first random nonce with the merchant beacon device and the merchant location;
  
  transmit the second random nonce to the merchant beacon device, wherein the merchant beacon device broadcasts the second random nonce at the merchant location via the local wireless network instead of the first random nonce upon receiving the second random nonce;
  
  receive, from each of one or more user computing devices at the merchant system location, data comprising the merchant beacon device identifier code, current location data, and a respective user account identifier;
  
  receive, from a merchant point of sale computing device associated with the merchant location, data comprising a request for user account information and the second random nonce, wherein the merchant point of sale computing device associated with the merchant location is separate from the merchant beacon device at the merchant location;
  
  determine a correspondence between the second random nonce received from the merchant point of sale computing device associated with the merchant location and the associated second random nonce associated with the merchant location;
  
  in response to determining an exact correspondence between the received first random nonce and the associated first random nonce, identify user account identifiers associated with the one or more user computing devices that retransmitted the merchant beacon device identifier code and having current location data corresponding to the merchant location; and
  
  transmit, to the merchant point of sale computing device, the one or more user account identifiers for display on the merchant point of sale computing device.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15, wherein the processor is further configured to execute computer-readable program instructions stored on the storage device to cause the system to compare the merchant beacon device identifier code against the associated merchant beacon device identifier code, wherein, in response to determining a first exact correspondence between the received merchant beacon device identifier code and the associated merchant beacon device identifier code and a second exact correspondence between the received second random nonce and the associated second random nonce, user account identifiers associated with the one or more user computing devices that retransmitted the merchant beacon device identifier code and having current location data corresponding to the merchant system location are identified and retransmitted to the merchant point of sale computing device for display via the merchant point of sale computing device.
  - 17. The system of claim 15, wherein the processor is further configured to execute computer-readable program instructions stored on the storage device to cause the system to:
    - receive from the merchant point of sale computing device, an indication of a selection of a particular user account identifier from the one or more displayed user account identifiers;
      
      retrieve, based on the user account identifier, payment account information associated with one or more payment accounts of the user account; and
      
      transmit, to the merchant point of sale computing device, the payment account information for display via merchant point of sale computing device.
  - 18. The system of claim 17, wherein the processor is further configured to execute computer-readable program instructions stored on the storage device to cause the system to:
    - receive, from the merchant point of sale computing device, an indication of a selection of a particular payment account of the user account from the displayed payment account information for use in a transaction;
      
      receive, from the merchant point of sale computing device, transaction information to process the transaction comprising a total amount of transaction and merchant system payment account information associated with a payment account of the merchant system;
      
      transmit, to an issuer system associated with the selected particular payment account of the user account, a payment authorization request comprising the user payment account information, the merchant system payment account information, and the total amount of transaction;
      
      receive, from the issuer system, an approval of the payment authorization request; and
      
      in response to receiving the approval of the payment authorization request, transmit notification, to the merchant point of sale computing device, of the approval of the payment authorization request, wherein the merchant point of sale computing device transmits a receipt to a user computing device associated with the user account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google LLC (Alphabet Inc.)
Inventors
Chandrasekaran, Sashikanth, Walfish, Sheldon Israel, Wang, Yilei, Xu, Zhihong
Primary Examiner(s)
Lagor, Alexander
Assistant Examiner(s)
Ahsan, Syed M

Application Number

US14/964,519
Publication Number

US 20170171173A1
Time in Patent Office

958 Days
Field of Search

713154
US Class Current
CPC Class Codes

G06Q 20/202   Interconnection or interact...

G06Q 20/3224   Transactions dependent on l...

G06Q 20/36   using electronic wallets or...

H04L 63/0492   by using a location-limited...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0884   by delegation of authentica...

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

Network security based on proximity

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Network security based on proximity

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others