Securing external systems with account token substitution

US 10,726,413 B2
Filed: 04/11/2016
Issued: 07/28/2020
Est. Priority Date: 08/12/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a tokenization server, a transaction authorization message including an account identifier, wherein the tokenization server is communicatively coupled to a first external entity computer of a first external entity and a second external entity computer of a second external entity for performing transaction support processes that supplement an authorization process in connection with the transaction authorization message;

determining, by the tokenization server, that the first external entity computer is adapted to receive an account token in lieu of the account identifier whereas the second external entity computer is adapted to receive the account identifier;

identifying, by the tokenization server, a unique token derivation key assigned to the first external entity computer, wherein the unique token derivation key is available only to the tokenization server;

generating, by the tokenization server, the account token for the account identifier included in the transaction authorization message, generating comprising;

encrypting the account identifier using the unique token derivation key for the first external entity computer to obtain the account token;

transmitting, by the tokenization server, a first external transaction support request message with the account token to the first external entity computer for processing by the first external entity;

transmitting, by the tokenization server, a second external transaction support request message with the account identifier to the second external entity computer for processing by the second external entity;

receiving, by the tokenization server, a first external transaction support response message including the account token from the first external entity computer in response to the first external entity computer performing the transaction support process;

receiving, by the tokenization server, a second external transaction support response message including the account identifier from the second external entity computer in response to the second external entity computer performing the transaction support process;

sending, by the tokenization server, the transaction authorization message along with data from the first external transaction support response message or the second external transaction support response message to an issuer computer;

receiving, by the tokenization server, a transaction response message from the issuer computer; and

sending, by the tokenization server, the transaction response message along with data from the first external transaction support response message or the second external transaction support response message to a merchant computer.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, apparatuses, and methods for providing an account token to an external entity during the lifecycle of a payment transaction. In some embodiments, an external entity may be a merchant computer requesting authorization of a payment message. In other embodiments, the external entity may be a support computer providing a payment processing network or a merchant support functions.

600 Citations

11 Claims

1. A method comprising:
- receiving, by a tokenization server, a transaction authorization message including an account identifier, wherein the tokenization server is communicatively coupled to a first external entity computer of a first external entity and a second external entity computer of a second external entity for performing transaction support processes that supplement an authorization process in connection with the transaction authorization message;
  
  determining, by the tokenization server, that the first external entity computer is adapted to receive an account token in lieu of the account identifier whereas the second external entity computer is adapted to receive the account identifier;
  
  identifying, by the tokenization server, a unique token derivation key assigned to the first external entity computer, wherein the unique token derivation key is available only to the tokenization server;
  
  generating, by the tokenization server, the account token for the account identifier included in the transaction authorization message, generating comprising;
  
  encrypting the account identifier using the unique token derivation key for the first external entity computer to obtain the account token;
  
  transmitting, by the tokenization server, a first external transaction support request message with the account token to the first external entity computer for processing by the first external entity;
  
  transmitting, by the tokenization server, a second external transaction support request message with the account identifier to the second external entity computer for processing by the second external entity;
  
  receiving, by the tokenization server, a first external transaction support response message including the account token from the first external entity computer in response to the first external entity computer performing the transaction support process;
  
  receiving, by the tokenization server, a second external transaction support response message including the account identifier from the second external entity computer in response to the second external entity computer performing the transaction support process;
  
  sending, by the tokenization server, the transaction authorization message along with data from the first external transaction support response message or the second external transaction support response message to an issuer computer;
  
  receiving, by the tokenization server, a transaction response message from the issuer computer; and
  
  sending, by the tokenization server, the transaction response message along with data from the first external transaction support response message or the second external transaction support response message to a merchant computer.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the transaction authorization message is a transaction authorization request message, the first external transaction support response message or the second external transaction support response message includes a fraud score, and the method further comprises:
    - sending, by the tokenization server, the fraud score along with the transaction authorization message to the issuer computer.
  - 3. The method of claim 1, further comprising, before generating the account token, determining, by the tokenization server, that an account token associated with the account identifier has not been generated.
  - 4. The method of claim 1, further comprising:
    - receiving, by the tokenization server from the first external entity computer and the second external entity computer, transaction support processing information about the first external entity computer and the second external entity computer during an enrollment process;
      
      storing, by the tokenization server, the transaction support processing information associated with the first external entity computer and the second external entity computer in a database.
  - 5. The method of claim 4, wherein determining that the first external entity computer is adapted to receive the account token further comprises:
    - looking up, by the tokenization server, the transaction support processing information associated with the first external entity computer from the database; and
      
      determining, by the tokenization server, that the first external entity computer is adapted to receive the account token in lieu of the account identifier based on the transaction support processing information about the first external entity.
  - 6. The method of claim 1, wherein the first external entity computer or the second external entity computer includes a reporting system that generates reports of transaction histories based on a number of categories, and the method further comprises:
    - sending the transaction response message along with the reports of transaction histories to the merchant computer.

7. A server computer comprising:
- a processor anda memory coupled to the processor, the memory storing instructions that, when executed by the processor, cause the processor to;
  
  receive a transaction authorization message including an account identifier, wherein the server computer is communicatively coupled to a first external entity computer of a first external entity and a second external entity computer of a second external entity for performing transaction support processes that supplement an authorization process in connection with the transaction authorization message;
  
  determine that the first external entity computer is adapted to receive an account token in lieu of the account identifier whereas the second external entity computer is adapted to receive the account identifier;
  
  identify a unique token derivation key assigned to the first external entity computer, wherein the unique token derivation key is available only to the server computer;
  
  generate the account token for the account identifier included in the transaction authorization message, wherein the instructions causing the processor to generate the account token further cause the processor to;
  
  encrypt the account identifier using the unique token derivation key for the first external entity computer to obtain the account token;
  
  transmit a first external transaction support request message with the account token to the first external entity computer for processing by the first external entity;
  
  transmit a second external transaction support request message with the account identifier to the second external entity computer for processing by the second external entity;
  
  receive a first external transaction support response message including the account token from the first external entity computer in response to the first external entity computer performing the transaction support process; and
  
  receive a second external transaction support response message including the account identifier from the second external entity computer in response to the second external entity computer performing the transaction support process;
  
  send the transaction authorization message along with data from the first external transaction support response message or the second external transaction support response message to an issuer computer;
  
  receive a transaction response message from the issuer computer; and
  
  send the transaction response message along with data from the first external transaction support response message or the second external transaction support response message to a merchant computer.
- View Dependent Claims (8, 9, 10)
- - 8. The server computer of claim 7, wherein the transaction authorization message is a transaction authorization request message, the first external transaction support response message or the second external transaction support response message includes a fraud score, and the instructions, when executed by the processor, further cause the processor to:
    - send the fraud score along with the transaction authorization message to the issuer computer.
  - 9. The server computer of claim 7, wherein the instructions, when executed by the processor, further cause the processor to, before generating the account token, determine that an account token associated with the account identifier has not been generated.
  - 10. The server computer of claim 7, wherein the first external entity computer or the second external entity computer includes a reporting system that generates reports of transaction histories based on a number of categories, and wherein the instructions, when executed by the processor, further cause the processor to send the transaction response message along with the reports of transaction histories to the merchant computer.

11. A non-transitory computer readable medium storing instructions that, when executed by a processor of a tokenization server, cause the processor to:
- receive a transaction authorization message including an account identifier at a tokenization server, wherein the tokenization server is communicatively coupled to a first external entity computer of a first external entity and a second external entity computer of a second external entity for performing transaction support processes that supplement an authorization process in connection with the transaction authorization message;
  
  determine that the first external entity computer is adapted to receive an account token in lieu of the account identifier whereas the second external entity computer is adapted to receive the account identifier;
  
  identify a unique token derivation key assigned to the first external entity computer, wherein the unique token derivation key is available only to the tokenization server;
  
  generate the account token for the account identifier included in the transaction authorization message, wherein the instructions causing the processor to generate the account token further cause the processor to;
  
  encrypt the account identifier using the unique token derivation key for the first external entity computer to obtain the account token;
  
  transmit a first external transaction support request message with the account token to the first external entity computer for processing by the first external entity;
  
  transmit a second external transaction support request message with the account identifier to the second external entity computer for processing by the second external entity;
  
  receive a first external transaction support response message including the account token from the first external entity computer in response to the first external entity computer performing the transaction support process;
  
  receive a second external transaction support response message including the account identifier from the second external entity computer in response to the second external entity computer performing the transaction support process;
  
  send the transaction authorization message along with data from the first external transaction support response message or the second external transaction support response message to an issuer computer;
  
  receive a transaction response message from the issuer computer; and
  
  send the transaction response message along with data from the first external transaction support response message or the second external transaction support response message to a merchant computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Basu, Gourab, Mori, Michael, Sakata, Ross, Cracknell, Steven, Yee, Millie, Carlson, Mark, Stan, Patrick, Keshan, Surendra, Katzin, Edward
Primary Examiner(s)
Kim, Steven S

Application Number

US15/095,984
Publication Number

US 20160224976A1
Time in Patent Office

1,569 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/12   specially adapted for elect...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/385   using an alias or single-us...

G06Q 20/4016   involving fraud or risk lev...

G06Q 2220/00   Business processing using c...

Securing external systems with account token substitution

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

600 Citations

11 Claims

Specification

Use Cases

Quick Links

Others

Securing external systems with account token substitution

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

600 Citations

11 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others