Apparatus and method for combining cryptograms for card payments
First Claim
1. A method comprising the steps of:
- obtaining, by a terminal component from a payment device reader component, at least a first cryptogram and a second cryptogram;
transmitting, from said terminal component to an issuer of a payment device presented to said payment device reader component, through a payment network, said first cryptogram, said second cryptogram, and extra data, wherein at least said first cryptogram and said second cryptogram are transmitted in a first message; and
obtaining, by said terminal, a second message from said issuer, said second message corresponding to authentication, by said issuer, of said payment device presented to said payment device reader component, said authentication being issued upon a first cryptographic calculation, wherein said first cryptographic calculation is selected from among a plurality of cryptographic calculations upon determining that said first message and said extra data have been obtained by said issuer,wherein said first cryptographic calculation comprises;
running a first message authentication code calculation using said extra data;
running a second message authentication code calculation using said extra data; and
determining said authentication of said payment device by comparing a truncated portion of an output of each of said first and second message authentication code calculations to said first cryptogram and said second cryptogram.
1 Assignment
0 Petitions
Accused Products
Abstract
At least a first cryptogram and a second cryptogram are transmitted from a payment device reader component to a terminal component. A message including at least the first cryptogram and the second cryptogram is transmitted from the terminal component to an issuer of a payment device presented to the reader component, through a payment network. A message is obtained from the issuer, corresponding to authentication, by the issuer, of the payment device (and optionally the owner of the payment device) presented to the reader component, based at least on the first cryptogram and the second cryptogram. The payment network is configured in accordance with at least one of (i) a standard, and (ii) a specification, which normally employs only a single cryptogram for the message and the authentication. Apparatuses and computer program products are also disclosed.
21 Citations
27 Claims
-
1. A method comprising the steps of:
-
obtaining, by a terminal component from a payment device reader component, at least a first cryptogram and a second cryptogram; transmitting, from said terminal component to an issuer of a payment device presented to said payment device reader component, through a payment network, said first cryptogram, said second cryptogram, and extra data, wherein at least said first cryptogram and said second cryptogram are transmitted in a first message; and obtaining, by said terminal, a second message from said issuer, said second message corresponding to authentication, by said issuer, of said payment device presented to said payment device reader component, said authentication being issued upon a first cryptographic calculation, wherein said first cryptographic calculation is selected from among a plurality of cryptographic calculations upon determining that said first message and said extra data have been obtained by said issuer, wherein said first cryptographic calculation comprises; running a first message authentication code calculation using said extra data; running a second message authentication code calculation using said extra data; and determining said authentication of said payment device by comparing a truncated portion of an output of each of said first and second message authentication code calculations to said first cryptogram and said second cryptogram. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 25)
-
-
13. A non-transitory computer program product comprising a tangible computer readable recordable storage medium storing in a non-transitory manner computer usable program code executable on at least one hardware processor, the computer usable program code being configured to:
-
obtain, by a terminal component from a payment device reader component, at least a first cryptogram and a second cryptogram; transmit, from said terminal component to an issuer of a payment device presented to said payment device reader component, through a payment network, said first cryptogram, said second cryptogram, and extra data, wherein at least said first cryptogram and said second cryptogram are transmitted in a first message; and obtain, by said terminal, a second message from said issuer, said second message corresponding to authentication, by said issuer, of said payment device presented to said payment device reader component, said authentication being issued upon a first cryptographic calculation, wherein said first cryptographic calculation is selected from among a plurality of cryptographic calculations upon determining that said first message and said extra data have been obtained by said issuer, wherein said first cryptographic calculation comprises; running a first message authentication code calculation using said extra data; running a second message authentication code calculation using said extra data; and
determining said authentication of said payment device by comparing a truncated portion of an output of each of said first and second message authentication code calculations to said first cryptogram and said second cryptogram.
-
-
14. A terminal-reader apparatus for use with a payment device issued by an issuer, and a payment network, said apparatus comprising:
-
a memory storing a reader module and a terminal module; and at least one processor, coupled to said memory, and operative to; implement at least a portion of a reader component and a terminal component by executing said reader module and said terminal module; obtain, by said terminal component from said reader module, at least a first cryptogram and a second cryptogram, upon presentation of the payment device to the reader component; transmit, from said terminal component to the issuer of the payment device, through the payment network, said first cryptogram, said second cryptogram, and extra data, wherein at least said first cryptogram and said second cryptogram are transmitted in a first message; and obtain, by said terminal, a second message from the issuer, said second message corresponding to authentication, by the issuer, of the payment device presented to said reader component, said authentication being issued upon a first cryptographic calculation, wherein said first cryptographic calculation is selected from among a plurality of cryptographic calculations upon determining that said first message and said extra data have been obtained by said issuer, wherein said first cryptographic calculation comprises; running a first message authentication code calculation using said extra data; running a second message authentication code calculation using said extra data; and determining said authentication of said payment device by comparing a truncated portion of an output of each of said first and second message authentication code calculations to said first cryptogram and said second cryptogram. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
26. A method comprising the steps of:
-
receiving, by an issuer of a payment device, at least a first cryptogram, a second cryptogram, and extra data read from payment device by a payment device reader of a terminal component, wherein at least said first cryptogram and said second cryptogram are transmitted to said issuer in a first message through a payment network; selecting, from among plurality of cryptographic calculations, a first cryptographic calculation for processing messages comprising a plurality of cryptograms upon determining that said first message and said extra data have been received by said issuer; authenticating the payment device according to a combination of said first cryptogram and said second cryptogram; and transmitting a second message corresponding to an authentication of the payment device to the terminal component via the payment network, wherein said authentication is an approval of a transaction using said payment device, wherein said first cryptographic calculation comprises; running a first message authentication code calculation using said extra data; running a second message authentication code calculation using said extra data; and determining said authentication of said payment device by comparing a truncated portion of an output of each of said first and second message authentication code calculations to said first cryptogram and said second cryptogram. - View Dependent Claims (27)
-
Specification