Security system incorporating mobile device
First Claim
1. A method comprising:
- receiving, at a server computer, a first request from a mobile device associated with a consumer for a device verification value, the first request including account information associated with a portable consumer device and information associated with the mobile device, wherein the first request is based on an interaction between the mobile device and the portable consumer device, wherein the first request is received at the server computer over a secure communications channel between the server computer and the mobile device;
determining, using the server computer, that the first request for the device verification value is valid;
performing, by the server computer, at least a first validation test pertaining to the first request based on the determination that the first request for the device verification value is valid, wherein the at least first validation test validates the mobile device;
generating, by the server computer, a first device verification value based on the at least first validation test, wherein the first device verification value is a temporary first device verification value that is valid for a first predetermined number of transactions or for a first predetermined amount of time, wherein the temporary first device verification value includes information related to validation of the mobile device;
sending, by the server computer, the first device verification value to the mobile device;
storing, by the server computer, the first device verification value;
receiving, at the server computer, a first authorization request message comprising the first device verification value from a first point of sale terminal for a transaction between the mobile device associated with the consumer and the first point of sale terminal, the first authorization request message including data related to the transaction and the first device verification value, wherein the first device verification value was previously transferred from the mobile device to the first point of sale terminal via an interaction between the mobile device and the first point of sale terminal;
determining, by the server computer, if the first device verification value in the received first authorization request message corresponds to the stored first device verification value;
generating, by the server computer, a first authorization response message based at least in part on the determination if the first device verification value in the first authorization request message corresponds to the stored first device verification value;
sending the first authorization response message to the first point of sale terminal;
after the first device verification value becomes invalid;
receiving, at the server computer, a second request from the mobile device for another device verification value, the second request including the account information associated with the portable consumer device and information associated with the mobile device, wherein the second request is based on another interaction between the mobile device and the portable consumer device, wherein the second request is received at the server computer over the secure communications channel between the server computer and the mobile device;
determining, using the server computer, that the second request for another device verification value is valid;
performing, by the server computer, at least second validation test pertaining to the second request based on the determination that the second request for the another device verification value is valid, wherein the at least second validation test validates the mobile device;
generating, by the server computer, a second device verification value based on the at least second validation test, wherein the second device verification value is a temporary second device verification value that is valid for a second predetermined number of transactions or for a second predetermined amount of time, wherein the temporary second device verification value includes information related to validation of the mobile device;
sending, by the server computer, the second device verification value to the mobile device; and
storing, by the server computer, the second device verification value.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, a first server computer may be provided. The first server computer may comprise a processor and a computer readable medium coupled to the processor. The computer readable medium may include code executable by the processor for implementing a method. The method may include the step of electronically receiving an authorization request message that includes a first device verification value from a merchant for a first transaction, where the first device verification value may have been received by the merchant from a mobile device based on an interaction between the mobile device and an access device. In some embodiments, the mobile device may have received the first verification value based on a first request. The method may further include the step of determining by a data processor if the first device verification value corresponds to a stored device verification value.
765 Citations
13 Claims
-
1. A method comprising:
-
receiving, at a server computer, a first request from a mobile device associated with a consumer for a device verification value, the first request including account information associated with a portable consumer device and information associated with the mobile device, wherein the first request is based on an interaction between the mobile device and the portable consumer device, wherein the first request is received at the server computer over a secure communications channel between the server computer and the mobile device; determining, using the server computer, that the first request for the device verification value is valid; performing, by the server computer, at least a first validation test pertaining to the first request based on the determination that the first request for the device verification value is valid, wherein the at least first validation test validates the mobile device; generating, by the server computer, a first device verification value based on the at least first validation test, wherein the first device verification value is a temporary first device verification value that is valid for a first predetermined number of transactions or for a first predetermined amount of time, wherein the temporary first device verification value includes information related to validation of the mobile device; sending, by the server computer, the first device verification value to the mobile device; storing, by the server computer, the first device verification value; receiving, at the server computer, a first authorization request message comprising the first device verification value from a first point of sale terminal for a transaction between the mobile device associated with the consumer and the first point of sale terminal, the first authorization request message including data related to the transaction and the first device verification value, wherein the first device verification value was previously transferred from the mobile device to the first point of sale terminal via an interaction between the mobile device and the first point of sale terminal; determining, by the server computer, if the first device verification value in the received first authorization request message corresponds to the stored first device verification value; generating, by the server computer, a first authorization response message based at least in part on the determination if the first device verification value in the first authorization request message corresponds to the stored first device verification value; sending the first authorization response message to the first point of sale terminal; after the first device verification value becomes invalid; receiving, at the server computer, a second request from the mobile device for another device verification value, the second request including the account information associated with the portable consumer device and information associated with the mobile device, wherein the second request is based on another interaction between the mobile device and the portable consumer device, wherein the second request is received at the server computer over the secure communications channel between the server computer and the mobile device; determining, using the server computer, that the second request for another device verification value is valid; performing, by the server computer, at least second validation test pertaining to the second request based on the determination that the second request for the another device verification value is valid, wherein the at least second validation test validates the mobile device; generating, by the server computer, a second device verification value based on the at least second validation test, wherein the second device verification value is a temporary second device verification value that is valid for a second predetermined number of transactions or for a second predetermined amount of time, wherein the temporary second device verification value includes information related to validation of the mobile device; sending, by the server computer, the second device verification value to the mobile device; and storing, by the server computer, the second device verification value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
Specification