Browser integration with Cryptogram

US 10,333,921 B2
Filed: 04/08/2016
Issued: 06/25/2019
Est. Priority Date: 04/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method of performing a transaction comprising:

receiving, by a server computer, authentication credentials of a user accessing a merchant website associated with a merchant, wherein the authentication credentials are associated with a user account issued by the server computer;

identifying, by the server computer, that the merchant website accessed by the user is a token-aware web site configured to accept a token cryptogram to facilitate the transaction in hidden data fields of a webpage of the merchant website by identifying a unique identifier of the merchant website and transmitting the unique identifier of the merchant website to a processing network to verify the unique identifier of the merchant website;

providing, by the server computer, a transaction data identifier to the merchant website, wherein the transaction data identifier identifies underlying transaction data and is associated with the authentication credentials;

receiving, by the server computer, a confirmation that the transaction data identified by the transaction data identifier is approved by the user to complete the transaction with the merchant;

transmitting, by the server computer, a token and a cryptogram request comprising the unique identifier of the merchant website to the processing network, wherein the token is linked to the transaction data identified by the transaction data identifier;

receiving from the processing network, a token cryptogram based on the token; and

providing, by the server computer, tokenized credentials and the token cryptogram to the hidden data fields of the webpage of the merchant website to conduct the transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure includes utilizing a token cryptogram with a browser to facilitate a transaction. A webpage of a website is configured to accept a token cryptogram in fields of the webpage. The webpage of the website may indicate that it is token-aware and is configured to accept the token cryptograms.

Citations

19 Claims

1. A method of performing a transaction comprising:
- receiving, by a server computer, authentication credentials of a user accessing a merchant website associated with a merchant, wherein the authentication credentials are associated with a user account issued by the server computer;
  
  identifying, by the server computer, that the merchant website accessed by the user is a token-aware web site configured to accept a token cryptogram to facilitate the transaction in hidden data fields of a webpage of the merchant website by identifying a unique identifier of the merchant website and transmitting the unique identifier of the merchant website to a processing network to verify the unique identifier of the merchant website;
  
  providing, by the server computer, a transaction data identifier to the merchant website, wherein the transaction data identifier identifies underlying transaction data and is associated with the authentication credentials;
  
  receiving, by the server computer, a confirmation that the transaction data identified by the transaction data identifier is approved by the user to complete the transaction with the merchant;
  
  transmitting, by the server computer, a token and a cryptogram request comprising the unique identifier of the merchant website to the processing network, wherein the token is linked to the transaction data identified by the transaction data identifier;
  
  receiving from the processing network, a token cryptogram based on the token; and
  
  providing, by the server computer, tokenized credentials and the token cryptogram to the hidden data fields of the webpage of the merchant website to conduct the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - assigning, by the server computer, the unique identifier of the merchant website to the merchant website, wherein the unique identifier is included in the cryptogram request; and
      
      providing the unique identifier of the merchant website to the hidden data fields of the webpage, wherein the hidden data fields are not visible to the user viewing the merchant website.
  - 3. The method of claim 1, wherein identifying that the merchant website is token-aware includes analyzing an html (HyperText Markup Language) tag of the merchant website.
  - 4. The method of claim 3, wherein the html tag also verifies a trusted identity of the merchant website.
  - 5. The method of claim 1 wherein the tokenized credentials are provided to the hidden data fields of the webpage only when the merchant website is identified as token-aware.
  - 6. The method of claim 1, wherein the transaction data is the tokenized credentials.
  - 7. The method of claim 1, wherein the transaction data identifier is a last four digits of a Primary Account Number (PAN).

8. A computer comprising:
- processing logic;
  
  a network interface coupled to the processing logic; and
  
  a computer readable medium accessible to the processing logic, the computer readable medium comprising code, executable by the processing logic, for implementing a method comprising;
  
  receiving, by the computer, authentication credentials of a user accessing a merchant website associated with a merchant, wherein the authentication credentials are associated with a user account issued by the computer;
  
  identifying, by the computer, that the merchant website accessed by the user is a token-aware website configured to accept a token cryptogram to facilitate a transaction in hidden data fields of a webpage of the merchant website by identifying a unique identifier of the merchant website and transmitting the unique identifier of the merchant website to a processing network to verify the unique identifier of the merchant website;
  
  providing, by the computer, a transaction data identifier to the merchant website, wherein the transaction data identifier identifies underlying transaction data and is associated with the authentication credentials;
  
  receiving, by the computer, a confirmation that the transaction data identified by the transaction data identifier is approved by the user to complete the transaction with the merchant;
  
  transmitting, by the computer, a token and a cryptogram request comprising the unique identifier of the merchant website to the processing network, wherein the token is linked to the transaction data identified by the transaction data identifier;
  
  receiving from the processing network, a token cryptogram based on the token; and
  
  providing, by the computer, tokenized credentials and the token cryptogram to the hidden data fields of the webpage of the merchant website to conduct the transaction.

9. A method of performing a transaction comprising:
- receiving a transaction data identifier from a server computer, wherein the transaction data identifier is associated with authentication credentials verified by the server computer;
  
  providing a transaction completion interface of a merchant website associated with a merchant to a computing device, the transaction completion interface making the transaction data identifier viewable to a user of the transaction completion interface, wherein the transaction data identifier identifies underlying transaction data;
  
  receiving a confirmation from the user that the transaction data identified by the transaction data identifier is approved to complete the transaction with the merchant;
  
  transmitting the confirmation to the server computer;
  
  providing an indication to the server computer that the merchant website is a token-aware website configured to accept a token cryptogram to facilitate the transaction in hidden data fields of a webpage of the merchant website by transmitting a unique identifier of the merchant website to the server computer;
  
  receiving, from the server computer, tokenized credentials and a token cryptogram in the hidden data fields of the webpage of the merchant website; and
  
  transmitting an authorization request to an acquirer computer, wherein the authorization request includes the tokenized credentials, the token cryptogram, and the unique identifier of the merchant website.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The method of claim 9 further comprising:
    - receiving an authorization response from the acquirer computer, the authorization response either approving or declining the transaction.
  - 11. The method of claim 10 further comprising:
    - sending a transaction completion message to the computing device when the authorization response approves the transaction.
  - 12. The method of claim 9, wherein the token-aware indication includes an html (HyperText Markup Language) tag.
  - 13. The method of claim 12, wherein the token-aware indication also serves to verify the merchant website as a trusted website.
  - 14. The method of claim 9, wherein the token-aware indication includes an Extended Validation Certificate.
  - 15. The method of claim 9 further comprising:
    - receiving the unique identifier from the server computer.
  - 16. The method of claim 15, wherein receiving the unique identifier includes receiving the unique identifier in one of the hidden data fields of the webpage, and wherein the hidden data fields are not rendered for viewing by the user.
  - 17. The method of claim 9, wherein the transaction data identifier is a last four digits of a social security number.
  - 18. The method of claim 9, wherein the authentication credentials are associated with a browser publisher of a browser that the merchant website is rendered in.

19. A computer comprising:
- processing logic;
  
  a network interface coupled to the processing logic; and
  
  a computer readable medium accessible to the processing logic, the computer readable medium comprising code, executable by the processing logic, for implementing a method comprising;
  
  receiving a transaction data identifier from a server computer, wherein the transaction data identifier is associated with authentication credentials verified by the server computer;
  
  providing a transaction completion interface of a merchant website associated with a merchant to a computing device, the transaction completion interface making the transaction data identifier viewable to a user of the transaction completion interface, wherein the transaction data identifier identifies underlying transaction data;
  
  receiving a confirmation from the user that the transaction data identified by the transaction data identifier is approved to complete a transaction with the merchant;
  
  transmitting the confirmation to the server computer;
  
  providing an indication to the server computer that the merchant website is a token-aware website configured to accept a token cryptogram to facilitate the transaction in hidden data fields of a webpage of the merchant website by transmitting a unique identifier of the merchant web site to the server computer;
  
  receiving, from the server computer, tokenized credentials and a token cryptogram in the hidden data fields of the webpage of the merchant website; and
  
  transmitting an authorization request to an acquirer computer, wherein the authorization request includes the tokenized credentials, the token cryptogram, and the unique identifier of the merchant website.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Narayan, Prasanna L., Sethuraman, Ramji
Primary Examiner(s)
Brown, Anthony D
Assistant Examiner(s)
Anderson, Michael D

Application Number

US15/094,630
Publication Number

US 20160301683A1
Time in Patent Office

1,173 Days
Field of Search

713159
US Class Current
CPC Class Codes

G06Q 20/027   involving a payment switch ...

G06Q 20/0855   involving a third party

G06Q 20/38215   Use of certificates or encr...

G06Q 20/385   using an alias or single-us...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

Browser integration with Cryptogram

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Browser integration with Cryptogram

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links