Systems and methods for secure detokenization

US 10,038,563 B2
Filed: 08/09/2017
Issued: 07/31/2018
Est. Priority Date: 07/23/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

sending, by a requestor computer, to a second token provider computer, a de-tokenization request comprising a requestor certificate and a second token, the requestor certificate including a requestor public key and indicating that the requestor computer is authorized to receive a credential,wherein the second token provider computer replaces the second token with a first token in the de-tokenization request, wherein the second token provider computer forwards the de-tokenization request with the requestor certificate and the first token to a first token provider computer,wherein the first token provider computer determines a credential associated with the first token, and wherein the first token provider computer encrypts the credential with the requestor public key; and

receiving, by the requestor computer, from the first token provider computer, the encrypted credential.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for requesting a credential associated with token in a multiple token layer environment is disclosed. A tokenization certificate serves to validate the identity of a credential requestor and provide information about the requestor'"'"'s authorization for de-tokenizing a token. Also, a public key in the tokenization certificate is used to encrypt the credential for secure transmission to the requestor.

Citations

20 Claims

1. A method comprising:
- sending, by a requestor computer, to a second token provider computer, a de-tokenization request comprising a requestor certificate and a second token, the requestor certificate including a requestor public key and indicating that the requestor computer is authorized to receive a credential,wherein the second token provider computer replaces the second token with a first token in the de-tokenization request, wherein the second token provider computer forwards the de-tokenization request with the requestor certificate and the first token to a first token provider computer,wherein the first token provider computer determines a credential associated with the first token, and wherein the first token provider computer encrypts the credential with the requestor public key; and
  
  receiving, by the requestor computer, from the first token provider computer, the encrypted credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first token was generated by a first token provider computer, wherein the second token was generated by the second token provider computer, and wherein the second token provider computer determines that the first token is associated with the second token.
  - 3. The method of claim 1, wherein the requestor computer is a mobile device.
  - 4. The method of claim 1, wherein the requestor computer is a resource provider computer, wherein the first token provider computer is an authorizing entity computer, and wherein the second token provider computer is a transaction processing network computer.
  - 5. The method of claim 1, further comprising:
    - decrypting, by the requestor computer, the encrypted credential with a requestor private key that is paired with the requestor public key.
  - 6. The method of claim 5, wherein the requestor computer is a resource provider computer, and wherein the method further comprises:
    - using the credential to determine a fraud risk for a subsequent transaction.
  - 7. The method of claim 5, wherein the requestor computer is a resource provider computer, wherein the method further comprises:
    - using the credential to track user activity.
  - 8. The method of claim 1, wherein the second token provider computer determines that the requestor computer is authorized to de-tokenize the second token based on the requestor certificate, and wherein the first token provider computer determines that the requestor computer is authorized to receive the credential based on the requestor certificate.
  - 9. The method of claim 1, wherein the first token provider computer sends a de-tokenization response to the second token provider computer, the de-tokenization response including the encrypted credential, and wherein the second token provider computer forwards the de-tokenization response to the requestor computer.
  - 10. The method of claim 9, wherein the requestor certificate includes a requestor computer address, and wherein the first token provider computer directs de-tokenization response to the requestor computer address.

11. A requestor computer comprising:
- a processor; and
  
  a computer readable medium, the computer readable medium comprising code, executable by the processor, for implementing a method comprising;
  
  sending to a second token provider computer, a de-tokenization request comprising a requestor certificate and a second token, the requestor certificate including a requestor public key and indicating that the requestor computer is authorized to receive a credential,wherein the second token provider computer replaces the second token with a first token in the de-tokenization request, wherein the second token provider computer forwards the de-tokenization request with the requestor certificate and the first token to a first token provider computer,wherein the first token provider computer determines a credential associated with the first token, and wherein the first token provider computer encrypts the credential with the requestor public key; and
  
  receiving from the first token provider computer, the encrypted credential.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The requestor computer of claim 11, wherein the first token was generated by a first token provider computer, wherein the second token was generated by the second token provider computer, and wherein the second token provider computer determines that the first token is associated with the second token.
  - 13. The requestor computer of claim 11, wherein the requestor computer is a mobile device.
  - 14. The requestor computer of claim 11, wherein the requestor computer is a resource provider computer, wherein the first token provider computer is an authorizing entity computer, and wherein the second token provider computer is a transaction processing network computer.
  - 15. The requestor computer of claim 11, further comprising:
    - decrypting the encrypted credential with a requestor private key that is paired with the requestor public key.
  - 16. The requestor computer of claim 15, wherein the requestor computer is a resource provider computer, and wherein the method further comprises:
    - using the credential to determine a fraud risk for a subsequent transaction.
  - 17. The requestor computer of claim 15, wherein the requestor computer is a resource provider computer, wherein the method further comprises:
    - using the credential to track user activity.
  - 18. The requestor computer of claim 11, wherein the second token provider computer determines that the requestor computer is authorized to de-tokenize the second token based on the requestor certificate, and wherein the first token provider computer determines that the requestor computer is authorized to receive the credential based on the requestor certificate.
  - 19. The requestor computer of claim 11, wherein the first token provider computer sends a de-tokenization response to the second token provider computer, the de-tokenization response including the encrypted credential, and wherein the second token provider computer forwards the de-tokenization response to the requestor computer.
  - 20. The requestor computer of claim 19, wherein the requestor certificate includes a requestor computer address, and wherein the first token provider computer directs de-tokenization response to the requestor computer address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Gaddam, Ajit, Aissi, Selim
Primary Examiner(s)
Powers, William S

Application Number

US15/673,408
Publication Number

US 20170338965A1
Time in Patent Office

356 Days
Field of Search

713173
US Class Current
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/64   Self-signed certificates

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 9/3215   using a plurality of channe...

H04L 9/3263   involving certificates, e.g...

Systems and methods for secure detokenization

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure detokenization

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links