Payment service authentication for a transaction using a generated dynamic verification value
First Claim
1. A method of creating and processing a verification value for a transaction, the method comprising:
- creating, by a microprocessor of a payment device, a base record comprising a data value comprising an account number;
overlaying, by the microprocessor of the payment device, an application transaction counter (ATC), or hash value based on transaction data for the transaction over a portion of the data value;
splitting, by the microprocessor, the overlaid data value into at least a first block and a second block;
encrypting, by the microprocessor, the first block using a first encryption key;
performing, by the microprocessor, at least an exclusive-OR (XOR) operation on the encrypted first block and the second block to produce a first result;
encrypting, by the microprocessor, the first result using the first encryption key to produce a second result;
selecting, by the microprocessor, one or more values based at least in part on the second result as the verification value for the transaction; and
transmitting, from the payment device through a contact-based or contactless interface to a service provider computer via a POS terminal, the verification value for the transaction, wherein the service provider computer is configured to approve or disapprove of the transaction based on a comparison of the transmitted verification value to a second verification value independently generated from the transaction data at the service provider computer.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for dynamically generating a verification value for a transaction and for utilizing such value to verify the authenticity of the payment service application. The dynamically created verification value may be generated on a payment device, such as an integrated circuit credit card or smart card, embedded into the payment data, and transmitted to a point of sale terminal. Alternatively, payment data is sent by a payment device to a point of sale terminal, which generates a verification value and embeds it into the payment data. The embedded verification value is used by a service provider to verify the authenticity of the transaction. The methods and systems may be used in a contactless (wireless) environment or a non-wireless environment.
-
Citations
14 Claims
-
1. A method of creating and processing a verification value for a transaction, the method comprising:
-
creating, by a microprocessor of a payment device, a base record comprising a data value comprising an account number; overlaying, by the microprocessor of the payment device, an application transaction counter (ATC), or hash value based on transaction data for the transaction over a portion of the data value; splitting, by the microprocessor, the overlaid data value into at least a first block and a second block; encrypting, by the microprocessor, the first block using a first encryption key; performing, by the microprocessor, at least an exclusive-OR (XOR) operation on the encrypted first block and the second block to produce a first result; encrypting, by the microprocessor, the first result using the first encryption key to produce a second result; selecting, by the microprocessor, one or more values based at least in part on the second result as the verification value for the transaction; and transmitting, from the payment device through a contact-based or contactless interface to a service provider computer via a POS terminal, the verification value for the transaction, wherein the service provider computer is configured to approve or disapprove of the transaction based on a comparison of the transmitted verification value to a second verification value independently generated from the transaction data at the service provider computer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A payment device comprising a processor and a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, for implementing a method comprising:
-
creating, by the processor, a base record comprising a data value comprising an account number; overlaying an application transaction counter (ATC), or hash value based on transaction data for a transaction over a portion of the data value; splitting the overlaid data value into a first block and a second block; encrypting the first block using a first encryption key; performing an exclusive-OR (XOR) operation on the encrypted first block and the second block to produce a first result; encrypting the first result using a second encryption key to produce a second result; selecting one or more values based on the second result as a verification value for the transaction; and transmitting, from the payment device through a contact-based or contactless interface to a service provider computer via a POS terminal, the verification value of the transaction, wherein the service provider computer is configured to approve or disapprove the transaction based on a comparison of the transmitted verification value to a second verification value independently generated from the transaction data at the service provider computer. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification