Apparatus and method for combining cryptograms for card payments

US 10,217,109 B2
Filed: 07/09/2010
Issued: 02/26/2019
Est. Priority Date: 07/09/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising the steps of:

obtaining, by a terminal component from a payment device reader component, at least a first cryptogram and a second cryptogram;

transmitting, from said terminal component to an issuer of a payment device presented to said payment device reader component, through a payment network, said first cryptogram, said second cryptogram, and extra data, wherein at least said first cryptogram and said second cryptogram are transmitted in a first message; and

obtaining, by said terminal, a second message from said issuer, said second message corresponding to authentication, by said issuer, of said payment device presented to said payment device reader component, said authentication being issued upon a first cryptographic calculation, wherein said first cryptographic calculation is selected from among a plurality of cryptographic calculations upon determining that said first message and said extra data have been obtained by said issuer,wherein said first cryptographic calculation comprises;

running a first message authentication code calculation using said extra data;

running a second message authentication code calculation using said extra data; and

determining said authentication of said payment device by comparing a truncated portion of an output of each of said first and second message authentication code calculations to said first cryptogram and said second cryptogram.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At least a first cryptogram and a second cryptogram are transmitted from a payment device reader component to a terminal component. A message including at least the first cryptogram and the second cryptogram is transmitted from the terminal component to an issuer of a payment device presented to the reader component, through a payment network. A message is obtained from the issuer, corresponding to authentication, by the issuer, of the payment device (and optionally the owner of the payment device) presented to the reader component, based at least on the first cryptogram and the second cryptogram. The payment network is configured in accordance with at least one of (i) a standard, and (ii) a specification, which normally employs only a single cryptogram for the message and the authentication. Apparatuses and computer program products are also disclosed.

21 Citations

27 Claims

1. A method comprising the steps of:
- obtaining, by a terminal component from a payment device reader component, at least a first cryptogram and a second cryptogram;
  
  transmitting, from said terminal component to an issuer of a payment device presented to said payment device reader component, through a payment network, said first cryptogram, said second cryptogram, and extra data, wherein at least said first cryptogram and said second cryptogram are transmitted in a first message; and
  
  obtaining, by said terminal, a second message from said issuer, said second message corresponding to authentication, by said issuer, of said payment device presented to said payment device reader component, said authentication being issued upon a first cryptographic calculation, wherein said first cryptographic calculation is selected from among a plurality of cryptographic calculations upon determining that said first message and said extra data have been obtained by said issuer,wherein said first cryptographic calculation comprises;
  
  running a first message authentication code calculation using said extra data;
  
  running a second message authentication code calculation using said extra data; and
  
  determining said authentication of said payment device by comparing a truncated portion of an output of each of said first and second message authentication code calculations to said first cryptogram and said second cryptogram.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 25)
- - 2. The method of claim 1, wherein said extra data comprises an unpredictable number and a transaction counter, and wherein:
    - said first message transmitted from said terminal component to said issuer further comprises said unpredictable number and said transaction counter; and
      
      said authentication, by said issuer, of said payment device presented to said reader component, is further based on said unpredictable number and said transaction counter.
  - 3. The method of claim 2, wherein said payment device comprises at least one of a contactless payment device and a contacted payment device.
  - 4. The method of claim 3, wherein, in said step of transmitting said first message comprising said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram, said first message comprises an authorization request message.
  - 5. The method of claim 4, wherein said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram are embedded in an existing message element of said authorization request message.
  - 6. The method of claim 4, wherein said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram are contained in a message element extending said authorization request message.
  - 7. The method of claim 1, further comprising transmitting, from said terminal to said issuer through said payment network, an authorization request message which is separate from, but associated with, said first message comprising said first cryptogram, and said second cryptogram.
  - 8. The method of claim 1, wherein said first cryptogram comprises a CVC3 Track 1 cryptogram and said second cryptogram comprises a CVC3 Track 2 cryptogram.
  - 9. The method of claim 1, wherein, in said authentication, said issuer authenticates said payment device presented to said reader by:
    - selecting said first cryptographic calculation upon determining that said first message includes said first cryptogram, said second cryptogram, and said extra data, wherein said extra data comprises an unpredictable number, a transaction counter; and
      
      selecting a second cryptographic calculation from among said plurality of cryptographic calculations upon determining that said first message includes insufficient data for performing said first cryptographic calculation.
  - 10. The method of claim 1, further comprising including at least one additional bit as an input to said cryptographic calculation by said issuer, the method further comprising one of:
    - determining a first condition upon verifying said first and second cryptograms and said bit has a first logical level;
      
      determining a second condition upon verifying said first and second cryptograms and said bit has a second logical level; and
      
      determining a third condition upon a failure to verify said first and second cryptograms and said bit has said first logical level or said second logical level.
  - 11. The method of claim 10, wherein:
    - said first condition comprises a correct PIN entry;
      
      said second condition comprises an incorrect PIN entry; and
      
      said third condition comprises a counterfeit payment device.
  - 12. The method of claim 1, further comprising providing a system comprising distinct software modules embodied on at least one tangible computer readable storage medium, said modules comprising a reader module and a terminal module, wherein:
    - said step of obtaining, by said terminal component from said payment device reader component, at least said first cryptogram and said second cryptogram, is carried out at least in part by said reader module executing on at least one hardware processor;
      
      said step of transmitting, from said terminal component to said issuer of said payment device presented to said reader component, through said payment network, said first cryptogram, said second cryptogram, and said extra data, is carried out at least in part by said terminal module executing on said at least one hardware processor; and
      
      said step of obtaining, by said terminal, said second message from said issuer, is carried out at least in part by said terminal module executing on said at least one hardware processor.
  - 25. The method of claim 1, further comprising:
    - adding a bit to said first message indicating an inclusion of said first cryptogram and said second cryptogram; and
      
      selecting a logic level of said cryptographic calculation according to said bit.

13. A non-transitory computer program product comprising a tangible computer readable recordable storage medium storing in a non-transitory manner computer usable program code executable on at least one hardware processor, the computer usable program code being configured to:
- obtain, by a terminal component from a payment device reader component, at least a first cryptogram and a second cryptogram;
  
  transmit, from said terminal component to an issuer of a payment device presented to said payment device reader component, through a payment network, said first cryptogram, said second cryptogram, and extra data, wherein at least said first cryptogram and said second cryptogram are transmitted in a first message; and
  
  obtain, by said terminal, a second message from said issuer, said second message corresponding to authentication, by said issuer, of said payment device presented to said payment device reader component, said authentication being issued upon a first cryptographic calculation, wherein said first cryptographic calculation is selected from among a plurality of cryptographic calculations upon determining that said first message and said extra data have been obtained by said issuer,wherein said first cryptographic calculation comprises;
  
  running a first message authentication code calculation using said extra data;
  
  running a second message authentication code calculation using said extra data; and
  
  determining said authentication of said payment device by comparing a truncated portion of an output of each of said first and second message authentication code calculations to said first cryptogram and said second cryptogram.

14. A terminal-reader apparatus for use with a payment device issued by an issuer, and a payment network, said apparatus comprising:
- a memory storing a reader module and a terminal module; and
  
  at least one processor, coupled to said memory, and operative to;
  
  implement at least a portion of a reader component and a terminal component by executing said reader module and said terminal module;
  
  obtain, by said terminal component from said reader module, at least a first cryptogram and a second cryptogram, upon presentation of the payment device to the reader component;
  
  transmit, from said terminal component to the issuer of the payment device, through the payment network, said first cryptogram, said second cryptogram, and extra data, wherein at least said first cryptogram and said second cryptogram are transmitted in a first message; and
  
  obtain, by said terminal, a second message from the issuer, said second message corresponding to authentication, by the issuer, of the payment device presented to said reader component, said authentication being issued upon a first cryptographic calculation, wherein said first cryptographic calculation is selected from among a plurality of cryptographic calculations upon determining that said first message and said extra data have been obtained by said issuer,wherein said first cryptographic calculation comprises;
  
  running a first message authentication code calculation using said extra data;
  
  running a second message authentication code calculation using said extra data; and
  
  determining said authentication of said payment device by comparing a truncated portion of an output of each of said first and second message authentication code calculations to said first cryptogram and said second cryptogram.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The apparatus of claim 14, wherein said extra data comprises an unpredictable number and a transaction counter, and wherein:
    - said first message transmitted from said terminal component to the issuer further comprises said unpredictable number and said transaction counter; and
      
      in said second message corresponding to said authentication, by the issuer, of the payment device presented to said reader component, said authentication is further based on said unpredictable number and said transaction counter.
  - 16. The apparatus of claim 15, wherein said reader component further comprises a payment device interface.
  - 17. The apparatus of claim 15, wherein, when said at least one processor is operative to facilitate sending said first message comprising said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram, said first message comprises an authorization request message.
  - 18. The apparatus of claim 17, wherein said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram are embedded in an existing message element of said authorization request message.
  - 19. The apparatus of claim 17, wherein said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram are contained in a message element extending said authorization request message.
  - 20. The apparatus of claim 15, wherein said at least one processor is further operative to transmit, from said terminal component to the issuer through the payment network, an authorization request message which is separate from, but associated with, said first message comprising said first cryptogram, and said second cryptogram.
  - 21. The apparatus of claim 15, wherein said first cryptogram comprises a CVC3 Track 1 cryptogram and said second cryptogram comprises a CVC3 Track 2 cryptogram.
  - 22. The apparatus of claim 14, wherein said reader component and said terminal component are integrated.
  - 23. The apparatus of claim 22, wherein said at least one processor comprises a first processor and further comprises at least a second processor, said first processor being operative to implement said at least a portion of said reader component by executing said reader module and said second processor being operative to implement said at least a portion of said terminal component by executing said terminal module.
  - 24. The apparatus of claim 14, wherein said reader component and said terminal component are realized separately, and wherein said at least one processor comprises a first processor and further comprises at least a second processor, said first processor being operative to implement said at least a portion of said reader component by executing said reader module and said second processor being operative to implement said at least a portion of said terminal component by executing said terminal module.

26. A method comprising the steps of:
- receiving, by an issuer of a payment device, at least a first cryptogram, a second cryptogram, and extra data read from payment device by a payment device reader of a terminal component, wherein at least said first cryptogram and said second cryptogram are transmitted to said issuer in a first message through a payment network;
  
  selecting, from among plurality of cryptographic calculations, a first cryptographic calculation for processing messages comprising a plurality of cryptograms upon determining that said first message and said extra data have been received by said issuer;
  
  authenticating the payment device according to a combination of said first cryptogram and said second cryptogram; and
  
  transmitting a second message corresponding to an authentication of the payment device to the terminal component via the payment network, wherein said authentication is an approval of a transaction using said payment device,wherein said first cryptographic calculation comprises;
  
  running a first message authentication code calculation using said extra data;
  
  running a second message authentication code calculation using said extra data; and
  
  determining said authentication of said payment device by comparing a truncated portion of an output of each of said first and second message authentication code calculations to said first cryptogram and said second cryptogram.
- View Dependent Claims (27)
- - 27. The method of claim 26, wherein, in said authentication, said issuer authenticates said payment device presented to said reader by:
    - selecting said first cryptographic calculation upon determining that said first message includes said first cryptogram, said second cryptogram, and said extra data, wherein said extra data comprises an unpredictable number, a transaction counter; and
      
      selecting a second cryptographic calculation from among said plurality of cryptographic calculations upon determining that said first message includes insufficient data for performing said first cryptographic calculation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Ward, Michael C., Smets, Patrik, Vanneste, Paul
Primary Examiner(s)
Wu, Rutao
Assistant Examiner(s)
Mandel, Monica A

Application Number

US12/833,059
Publication Number

US 20120011070A1
Time in Patent Office

3,154 Days
Field of Search

705 72
US Class Current
CPC Class Codes

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/4012   Verifying personal identifi...

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3242   involving keyed hash functi...

Apparatus and method for combining cryptograms for card payments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Apparatus and method for combining cryptograms for card payments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others