One-tap payment using a contactless card

US 10,510,074 B1
Filed: 02/01/2019
Issued: 12/17/2019
Est. Priority Date: 02/01/2019
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a plurality of processor circuits; and

a memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to;

output, by an application executing on a first processor circuit of the plurality of processor circuits, an indication specifying to tap a contactless card to complete a transaction initiated in the application, the transaction associated with a transaction identifier;

receive, by the application from a communications interface of the contactless card, encrypted data generated by the contactless card based at least in part on a private key for the contactless card stored in a memory of the contactless card;

transmit, by the application;

(i) a merchant identifier of a merchant associated with the application, (ii) the transaction identifier, (iii) the encrypted data, and (iv) a location of a device comprising the first processor circuit to an authentication application executing on a second processor circuit of the plurality of processor circuits;

verify, by the authentication application, the encrypted data by decrypting the encrypted data based at least in part on the private key for the contactless card;

determine, by the authentication application, that the contactless card has previously been used to make a purchase with the merchant;

determine, by the authentication application, that the location of the device is within a threshold distance of a known location, the known location to comprise at least one of a home location or a work location associated with the contactless card;

generate, by a virtual account number generator executing on a third processor circuit of the plurality of processor circuits based on the verification of the encrypted data, the determination that the contactless card has previously been used to make a purchase with the merchant, and the determination that the device is within the threshold distance of the known location by the authentication application, a virtual account number;

transmit, by the virtual account number generator, the merchant identifier, the transaction identifier, the virtual account number, an expiration date associated with the virtual account number, and a card verification value (CVV) associated with the virtual account number to a merchant server executing on a fourth processor circuit of the plurality of processor circuits, the merchant server associated with the merchant; and

process, by the merchant server, the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One-tap payment using a contactless card. An application may output an indication specifying to tap a contactless card to complete a transaction initiated in the application. The application may receive encrypted data generated by the contactless card based on a private key stored in the contactless card. The application may transmit a merchant identifier, a transaction identifier, and the encrypted data to an authentication server. The authentication server may verify the encrypted data based on the private key for the contactless card stored by the authentication server. A virtual account number server may generate a virtual account number. A merchant server may receive the merchant identifier, the transaction identifier, the virtual account number, an expiration date, and a card verification value (CVV), and process the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV.

557 Citations

18 Claims

1. A system, comprising:
- a plurality of processor circuits; and
  
  a memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to;
  
  output, by an application executing on a first processor circuit of the plurality of processor circuits, an indication specifying to tap a contactless card to complete a transaction initiated in the application, the transaction associated with a transaction identifier;
  
  receive, by the application from a communications interface of the contactless card, encrypted data generated by the contactless card based at least in part on a private key for the contactless card stored in a memory of the contactless card;
  
  transmit, by the application;
  
  (i) a merchant identifier of a merchant associated with the application, (ii) the transaction identifier, (iii) the encrypted data, and (iv) a location of a device comprising the first processor circuit to an authentication application executing on a second processor circuit of the plurality of processor circuits;
  
  verify, by the authentication application, the encrypted data by decrypting the encrypted data based at least in part on the private key for the contactless card;
  
  determine, by the authentication application, that the contactless card has previously been used to make a purchase with the merchant;
  
  determine, by the authentication application, that the location of the device is within a threshold distance of a known location, the known location to comprise at least one of a home location or a work location associated with the contactless card;
  
  generate, by a virtual account number generator executing on a third processor circuit of the plurality of processor circuits based on the verification of the encrypted data, the determination that the contactless card has previously been used to make a purchase with the merchant, and the determination that the device is within the threshold distance of the known location by the authentication application, a virtual account number;
  
  transmit, by the virtual account number generator, the merchant identifier, the transaction identifier, the virtual account number, an expiration date associated with the virtual account number, and a card verification value (CVV) associated with the virtual account number to a merchant server executing on a fourth processor circuit of the plurality of processor circuits, the merchant server associated with the merchant; and
  
  process, by the merchant server, the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the expiration date and the CVV comprise one or more of:
    - (i) an expiration date and a CVV generated by the virtual account number generator, and (ii) an expiration date and a CVV of the contactless card received by the virtual account number generator from an account database, the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to;
      
      receive, by the virtual account number generator from the account database, an account holder name of an account associated with the contactless card and an address associated with the account; and
      
      transmit, by the virtual account number generator, the account holder name and address to the merchant server, the merchant server further to process the transaction using the account holder name and address.
  - 3. The system of claim 2, the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
    - generate, by the merchant server, a transaction record in a transaction database comprising the transaction identifier, the virtual account number, the expiration date, the CVV, the account holder name, the address, and at least one of an indication of a purchased product and an indication of a purchased service;
      
      transmit, by the merchant server to the application, an indication that the transaction was processed; and
      
      output, by the application, the indication that the transaction was processed on a display.
  - 4. The system of claim 3, the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
    - determine, by the merchant server, an address conflict based on the address being different than a known address specified in a user profile;
      
      transmit, by the merchant server, the address and the known address to the application;
      
      output, by the application on a display of the device, an indication of the address and the known address;
      
      receive, by the application, selection of one of the address and the known address; and
      
      transmit, by the application, the selected one of the address and the known address to the merchant server to resolve the address conflict, the merchant server to process the transaction using the selected one of the address and the known address.
  - 5. The system of claim 1, the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
    - receive, by the application, authentication information for a user account associated with the contactless card, the authentication information comprising one or more of;
      
      (i) a username and a password, (ii) one or more biometric credentials; and
      
      transmit, by the application, the received authentication information to the authentication application, the authentication application to verify the authentication information.
  - 6. The system of claim 1, wherein the communications interface of the contactless card is configured to support at least one of near field communication (NFC), Bluetooth, and Wi-Fi, the merchant server to process the transaction without receiving the virtual account number, the expiration date, the CVV, an account holder name, and an address from the application and without requiring a user of the application to provide authentication information to the application to authenticate with an account associated with the merchant, the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
    - determine, by the authentication application, a device identifier received from the application is associated with a user account associated with the contactless card.

7. A method, comprising:
- outputting, by an application executing on a processor circuit, an indication specifying to tap a contactless card to complete a transaction initiated in the application, the transaction associated with a transaction identifier;
  
  receiving, by the application from a communications interface of the contactless card, encrypted data generated by the contactless card based at least in part on a private key for the contactless card stored in a memory of the contactless card;
  
  transmitting, by the application;
  
  (i) a merchant identifier of a merchant associated with the application, (ii) the transaction identifier, (iii) the encrypted data, and (iv) a location of a device comprising the processor circuit to an authentication server;
  
  verifying, by the authentication server, the encrypted data by decrypting the encrypted data based at least in part on the private key for the contactless card stored in a memory of the authentication server;
  
  determining, by the authentication server, that the contactless card has previously been used to make a purchase with the merchant;
  
  determining, by the authentication server, that the location of the device is within a threshold distance of a known location associated with the contactless card, the known location to comprise at least one of a home location or a work location associated with the contactless card;
  
  generating, by a virtual account number server based on the verification of the encrypted data, the determination that the contactless card has previously been used to make a purchase with the merchant, and the determination that the device is within the threshold distance of the known location by the authentication server, a virtual account number;
  
  transmitting, by the virtual account number server, the merchant identifier, the transaction identifier, the virtual account number, an expiration date associated with the virtual account number, and a card verification value (CVV) associated with the virtual account number to a merchant server associated with the merchant; and
  
  processing, by the merchant server, the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the expiration date and the CVV comprise one or more of:
    - (i) an expiration date and a CVV generated by the virtual account number server, and (ii) an expiration date and a CVV of the contactless card received by the virtual account number server from an account database, the method further comprising;
      
      receiving, by the virtual account number server from the account database, an account holder name of an account associated with the contactless card and an address associated with the account; and
      
      transmitting, by the virtual account number server, the account holder name and address to the merchant server, the merchant server further to process the transaction using the account holder name and address.
  - 9. The method of claim 8, further comprising:
    - generating, by the merchant server, a transaction record in a transaction database comprising the transaction identifier, the virtual account number, the expiration date, the CVV, the account holder name, the address, and at least one of an indication of a purchased product and an indication of a purchased service;
      
      transmitting, by the merchant server to the application, an indication that the transaction was processed; and
      
      outputting, by the application, the indication that the transaction was processed on a display.
  - 10. The method of claim 9, further comprising:
    - determining, by the merchant server, an address conflict based on the address being different than a known address specified in a user profile;
      
      transmitting, by the merchant server, the address and the known address to the application;
      
      outputting, by the application on a display, an indication of the address and the known address;
      
      receiving, by the application, selection of one of the address and the known address; and
      
      transmitting, by the application, the selected one of the address and the known address to the merchant server, the merchant server to process the transaction using the selected one of the address and the known address.
  - 11. The method of claim 10, further comprising:
    - receiving, by the application, authentication information for a user account associated with the contactless card, the authentication information comprising one or more of;
      
      (i) a username and a password, (ii) one or more biometric credentials; and
      
      transmitting, by the application, the received authentication information to the authentication server, the authentication server to verify the authentication information.
  - 12. The method of claim 11, wherein the communications interface of the contactless card is configured to support at least one of near field communication (NFC), Bluetooth, and Wi-Fi, the merchant server to process the transaction without receiving the virtual account number and without requiring a user of the application to provide authentication information to the application to authenticate with an account associated with the merchant, the expiration date, the CVV, an account holder name, and an address from the application, the method further comprising:
    - determining, by the authentication server, a device identifier received from the application is associated with a user account associated with the contactless card.

13. A non-transitory computer-readable storage medium having computer-readable program code embodied therewith, the computer-readable program code executable by one or more processor circuits of a plurality of processor circuits to:
- output, by an application executing on a first processor circuit of the plurality of processor circuits, an indication specifying to tap a contactless card to complete a transaction initiated in the application, the transaction associated with a transaction identifier;
  
  receive, by the application from a communications interface of the contactless card, encrypted data generated by the contactless card based at least in part on a private key for the contactless card stored in a memory of the contactless card;
  
  transmit, by the application;
  
  (i) a merchant identifier of a merchant associated with the application, (ii) the transaction identifier, (iii) the encrypted data, and (iv) a location of a device comprising the first processor circuit to an authentication application executing on a second processor circuit of the plurality of processor circuits;
  
  verify, by the authentication application, the encrypted data by decrypting the encrypted data based at least in part on the private key for the contactless card;
  
  determine, by the authentication application, that the contactless card has previously been used to make a purchase with the merchant;
  
  determine, by the authentication application, that the location of the device is within a threshold distance of a known location, the known location to comprise at least one of a home location or a work location associated with the contactless card;
  
  generate, by a virtual account number generator executing on a third processor circuit of the plurality of processor circuits based on the verification of the encrypted data, the determination that the contactless card has previously been used to make a purchase with the merchant, and the determination that the device is within the threshold distance of the known location by the authentication application, a virtual account number;
  
  transmit, by the virtual account number generator, the merchant identifier, the transaction identifier, the virtual account number, an expiration date associated with the virtual account number, and a card verification value (CVV) associated with the virtual account number to a merchant server executing on a fourth processor circuit of the plurality of processor circuits, the merchant server associated with the merchant; and
  
  process, by the merchant server, the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the expiration date and the CVV comprise one or more of:
    - (i) an expiration date and a CVV generated by the virtual account number generator, and (ii) an expiration date and a CVV of the contactless card received by the virtual account number generator from an account database, further comprising computer-readable program code executable by one or more of the processor circuits to;
      
      receive, by the virtual account number generator from the account database, an account holder name of an account associated with the contactless card and an address associated with the account; and
      
      transmit, by the virtual account number generator, the account holder name and address to the merchant server, the merchant server further to process the transaction using the account holder name and address.
  - 15. The non-transitory computer-readable storage medium of claim 14, further comprising computer-readable program code executable by one or more of the processor circuits to:
    - generate, by the merchant server, a transaction record in a transaction database comprising the transaction identifier, the virtual account number, the expiration date, the CVV, the account holder name, the address, and at least one of an indication of a purchased product and an indication of a purchased service;
      
      transmit, by the merchant server to the application, an indication that the transaction was processed; and
      
      output, by the application, the indication that the transaction was processed on a display.
  - 16. The non-transitory computer-readable storage medium of claim 15, further comprising computer-readable program code executable by one or more of the processor circuits to:
    - determine, by the merchant server, an address conflict based on the address is being different than a known address specified in a user profile;
      
      transmit, by the merchant server, the address and the known address to the application;
      
      output, by the application on a display of the device, an indication of the address and the known address;
      
      receive, by the application, selection of one of the address and the known address; and
      
      transmit, by the application, the selected one of the address and the known address to the merchant server to resolve the address conflict, the merchant server to process the transaction using the selected one of the address and the known address.
  - 17. The non-transitory computer-readable storage medium of claim 16, further comprising computer-readable program code executable by one or more of the processor circuits to:
    - receive, by the application, authentication information for a user account associated with the merchant, the authentication information comprising one or more of;
      
      (i) a username and a password, (ii) one or more biometric credentials.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein the communications interface of the contactless card is configured to support at least one of near field communication (NFC), Bluetooth, and Wi-Fi, further comprising computer-readable program code executable by one or more of the processor circuits to:
    - transmit, by the application, the received authentication information to the authentication application, the authentication application to verify the authentication information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Rule, Jeffrey, Moreton, Paul, Cody, Lea, Hart, Colin, Lutz, Wayne
Primary Examiner(s)
Kim, Steven S
Assistant Examiner(s)
Fenstermacher, Jason B

Application Number

US16/265,974
Time in Patent Office

319 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/352   Contactless payments by cards

G06Q 20/353   Payments by cards read by M...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4018   using the card verification...

G06Q 20/409   Device specific authenticat...

One-tap payment using a contactless card

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

557 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

One-tap payment using a contactless card

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

557 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links