Dynamic number authentication for credit/debit cards

US 10,296,903 B2
Filed: 10/08/2009
Issued: 05/21/2019
Est. Priority Date: 01/11/2001
Status: Active Grant

First Claim

Patent Images

1. A method for conducting commercial transactions, the method comprising:

by a transaction device;

receiving a selection of an account selection button from a plurality of account selection buttons of the transaction device, each of the plurality of account selection buttons assigned a unique account for conducting commercial transactions;

selecting a unique account identifier number representing the unique account assigned to the account selection button;

dispensing a next unused random number from a set of random numbers stored in a memory of the transaction device, the set of random numbers stored in the memory of the transaction device including a plurality of random numbers, being independent of the unique account identifier number, and being determined before dispensing any random number from the set of random numbers stored in the memory of the transaction device; and

displaying the dispensed next unused random number and the unique account identifier number on a display of the transaction device; and

by the external authentication system;

accepting the commercial transaction in response to the dispensed next unused random number matching a next unused random number of a set of random numbers stored on the external authentication system, the set of random numbers stored on the external authentication system being the same as the set of random numbers stored on the transaction device after synchronization of the transaction device with the external authentication system; and

rejecting the commercial transaction in response to the dispensed next unused random number failing to match the next unused random number of the set of random numbers stored on the external authentication system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for conducting a commercial transaction over the Internet or other network connection are provided. Random numbers, which are unique for each user session, are pre-loaded onto a handheld, portable device, or token The random numbers are generated by external systems and delivered to the token for storage an internal memory and to a database accessible by an authentication system. The random numbers are dispensed by the token to a user by pressing a button on the token or otherwise signaling the token. A dispensed number is cross referenced, by the authentication system, to the database. The dispensed number authenticates the user or transaction.

44 Citations

View as Search Results

10 Claims

1. A method for conducting commercial transactions, the method comprising:
- by a transaction device;
  
  receiving a selection of an account selection button from a plurality of account selection buttons of the transaction device, each of the plurality of account selection buttons assigned a unique account for conducting commercial transactions;
  
  selecting a unique account identifier number representing the unique account assigned to the account selection button;
  
  dispensing a next unused random number from a set of random numbers stored in a memory of the transaction device, the set of random numbers stored in the memory of the transaction device including a plurality of random numbers, being independent of the unique account identifier number, and being determined before dispensing any random number from the set of random numbers stored in the memory of the transaction device; and
  
  displaying the dispensed next unused random number and the unique account identifier number on a display of the transaction device; and
  
  by the external authentication system;
  
  accepting the commercial transaction in response to the dispensed next unused random number matching a next unused random number of a set of random numbers stored on the external authentication system, the set of random numbers stored on the external authentication system being the same as the set of random numbers stored on the transaction device after synchronization of the transaction device with the external authentication system; and
  
  rejecting the commercial transaction in response to the dispensed next unused random number failing to match the next unused random number of the set of random numbers stored on the external authentication system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method for conducting commercial transactions according to claim 1, further including:
    - resynchronizing the external authentication system with the transaction device in response to the dispensed next unused random number differing from the next unused random number stored on the external authentication system.
  - 3. The method for conducting commercial transactions according to claim 2, wherein resynchronizing the external authentication system with the transaction device includes:
    - locating a random number corresponding to the dispensed next unused random number in the set of random numbers stored on the external authentication system;
      
      dispensing a second next unused random number from the set of random numbers stored on the transaction device, the second next unused random number dispensed subsequent to the dispensed next unused random number;
      
      comparing the dispensed second next unused random number to a random number in the set of random numbers stored on the external authentication system that is next after the located random number; and
      
      ,allowing resynchronization in response to the dispensed second next unused random number matching the random number that is next after the located random number.
  - 4. The method for conducting commercial transactions according to claim 1, further including:
    - storing a new set of random numbers from an external system in the memory of the transaction device and the external authentication system when unused random numbers from the set of random numbers on the transaction device become exhausted or on a request from a user.
  - 5. The method for conducting commercial transactions according to claim 1, further including:
    - providing 1 to N additional numbers for each unused random numbers via 1 to N predetermined polynomial transformation equations, wherein the 1 to N predetermined polynomial transformation equations operate on each unused random number to generate 1 to N additional numbers.
  - 6. The method for conducting commercial transactions according to claim 1, wherein the transaction device is configured to receive a user entry of a personal identification number (PIN) each time the transaction device is activated, and not dispense the next unused random number until a predetermined PIN has been entered.
  - 7. The method according to claim 1, wherein the unique account identifier number is selected from a plurality of accounts associated with the transaction device.
  - 8. The method according to claim 1, wherein dispensing the next unused random number includes removing the next unused random number from the stored set of random numbers in the memory of the transaction device;
    - and wherein accepting the commercial transaction includes removing the dispensed next unused random number from the stored set of random numbers on the external authentication system.
  - 9. The method according to claim 1, wherein dispensing a next unused random number includes:
    - calculating a polynomial transform of a random number in the set of random numbers stored on the transaction device to create the next unused random number.
  - 10. The method according to claim 1, wherein dispensing the next unused random number includes:
    - swiping the transaction device in a magnetic strip reader which reads the dispensed next unused random number and the unique account identifier number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CardinalCommerce Corporation (Visa, Inc.)
Original Assignee
Cardinal Commerce Corporation
Inventors
Keresman, III, Michael A., Hartridge, Andrew J., Balasubramanian, Chandra A.
Primary Examiner(s)
Hewitt, II, Calvin L
Assistant Examiner(s)
Sherr, Cristina Owen

Application Number

US12/575,838
Publication Number

US 20100023453A1
Time in Patent Office

3,512 Days
Field of Search

705 67
US Class Current
CPC Class Codes

C07D 209/88   with hetero atoms or with c...

G06F 21/34   involving the use of extern...

G06F 21/46   by designing passwords or c...

G06F 21/77   in smart cards

G06Q 20/0855   involving a third party

G06Q 20/105   involving programming of a ...

G06Q 20/3415   Cards acting autonomously a...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 2220/00   Business processing using c...

G06Q 2220/10   Usage protection of distrib...

G06Q 2220/145   Specific computer ID, e.g. ...

G06Q 2220/18   Licensing

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3228   One-time or temporary data,...

Dynamic number authentication for credit/debit cards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic number authentication for credit/debit cards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links