Transaction verification system and method
First Claim
1. A method of providing for verifying a transaction, comprising:
- a. providing for receiving into a token an identification number of a financial instrument, wherein said token comprises a processor and a memory, and said processor provides for storing the received information in said memory;
b. providing for receiving into said token a transaction amount of a transaction to be financed by said financial instrument;
c. providing for receiving into said token a personal identification number associated with said token;
d. providing for incrementing a transaction count stored in said memory;
e. providing for generating a passcode, wherein said passcode comprises a digest of said identification number of said financial instrument, said transaction amount and said transaction count, and said digest is responsive to an encryption process responsive to a digest keyset that is stored in said memory; and
f. providing for displaying said passcode and said transaction count on a display associated with said token.
0 Assignments
0 Petitions
Accused Products
Abstract
A user enters into a token a token PIN, and an identification number of a financial instrument and a transaction amount of a transaction to be verified. If the token PIN is correct, a processor in the token increments a transaction count, and generates a first passcode using an encryption process using a digest keyset to digest the information entered into the token. The user provides the first passcode, the transaction count, and an identification number associated with the token to a merchant, who then transmits this to a financial institution, along with the identification number of the financial instrument and the transaction amount. The financial institution transmits this information to a verification server, which uses the digest keyset associated with the token to generate a second passcode by digesting the same quantities as used to generate the first passcode. The verification server verifies the transaction responsive to whether the first and second passcodes are equal, and to whether the transaction count is greater than the last transaction count associated with the token.
208 Citations
56 Claims
-
1. A method of providing for verifying a transaction, comprising:
-
a. providing for receiving into a token an identification number of a financial instrument, wherein said token comprises a processor and a memory, and said processor provides for storing the received information in said memory;
b. providing for receiving into said token a transaction amount of a transaction to be financed by said financial instrument;
c. providing for receiving into said token a personal identification number associated with said token;
d. providing for incrementing a transaction count stored in said memory;
e. providing for generating a passcode, wherein said passcode comprises a digest of said identification number of said financial instrument, said transaction amount and said transaction count, and said digest is responsive to an encryption process responsive to a digest keyset that is stored in said memory; and
f. providing for displaying said passcode and said transaction count on a display associated with said token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20)
-
-
17. A method of verifying a transaction, comprising:
-
a. establishing a transaction amount of a transaction with a user to be paid with a financial instrument used by said user;
b. receiving an identification number of said financial instrument from said user;
c. receiving an expiration date of said financial instrument from said user;
d. receiving a passcode from said user, wherein said passcode is generated by a token in possession of said user, said passcode comprises a digest of said identification number of said financial instrument, said transaction amount and a transaction count;
e. receiving said transaction count from said user;
f. receiving an identification number of said token from said user;
g. transmitting said identification number of said financial instrument and said transaction amount to at least one third party computer system;
h. transmitting said expiration date to a third party computer system of a bank that issued said financial instrument;
i. transmitting said passcode, said transaction count, and said identification number of said token to at least one third party computer system;
j. receiving an authorization decision from said third party computer system of said bank, wherein said authorization decision is responsive to a verification of said transaction, wherein said verification is dependent upon whether said passcode is consistent with said identification number of said financial instrument, said transaction amount, said transaction count and said identification number of said token, and whether said expiration date has been exceeded; and
k. determining responsive to said authorization decision whether or not to authorize said transaction.
-
-
21. A method of verifying a transaction, comprising:
-
a. receiving from a merchant an identification number, wherein said identification number is of a financial instrument being used by a user to finance a transaction;
b. receiving from said merchant an expiration date of said financial instrument;
c. receiving from said merchant information about a transaction amount of said transaction being financed with said financial instrument;
d. receiving from said merchant a passcode, wherein said passcode is generated by a token in possession of said user, said passcode comprises a digest of said identification number of said financial instrument, said transaction amount and a transaction count;
e. receiving from said merchant said transaction count;
f. receiving from said merchant an identification number of said token;
g. transmitting said identification number of said financial instrument, said transaction amount, said passcode, said transaction count, and said identification number of said token to a third party computer system;
h. receiving from said third party computer system a verification decision, wherein said verification decision is responsive to a verification of said transaction, wherein said verification is dependent upon whether said passcode is consistent with said identification number of said financial instrument, said transaction amount, said transaction count and said identification number of said token;
i. determining responsive to said verification decision and to whether said expiration date is exceeded, an authorization decision of whether or not to authorize said transaction; and
j. transmitting said authorization decision to said merchant. - View Dependent Claims (22, 23, 25, 27, 28, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39, 40)
-
-
24. A method of verifying a transaction, comprising:
-
a. receiving from a merchant an identification number, wherein said identification number is of a financial instrument being used by a user to finance a transaction;
b. receiving from said merchant an expiration date of said financial instrument;
c. receiving from said merchant information about a transaction amount of said transaction being financed with said financial instrument;
d. receiving from said merchant a signed verification identifier, wherein said signed verification identifier is transmitted to said merchant by a third party computer system responsive to a verification of whether a passcode generated by a token in possession of said user is consistent with said identification number of said financial instrument, said transaction amount, a transaction count provided by said user, and an identification number of said token; and
said identification number of said financial instrument, said transaction amount, said passcode, said transaction count and said identification number of said token are provided by said merchant to said third party computer system;
e. determining responsive to said signed verification identifier and to whether said expiration date is exceeded, an authorization decision of whether or not to authorize said transaction; and
f. transmitting said authorization decision to said merchant.
-
-
26. A method of verifying a transaction, comprising:
-
a. receiving from a computer system an identification number of a financial instrument, a transaction amount of a transaction being conducted by a user with a merchant, a first passcode generated by a token in possession of said user, a transaction count, and an identification number of said token, wherein said first passcode comprises a digest of said identification number of said financial instrument, said transaction amount and said transaction count;
b. retrieving from a database a digest keyset and a last transaction count, wherein said operation of retrieving is from a record of said database corresponding to said identification number of said token;
c. generating a second passcode, wherein said second passcode comprises a digest of said identification number of said financial instrument, said transaction amount and said transaction count, and said digest is responsive to an encryption process responsive to said digest keyset;
d. generating a verification decision, wherein said verification decision is responsive to a comparison of said first and second passcodes, and to a comparison of said transaction count with said last transaction count, whereby said transaction is not verified unless said first and second passcodes are equal to one another and said transaction count is greater than said last transaction count;
e. transmitting said verification decision to said computer system; and
f. modifying said database by setting said last transaction count in said record equal to said transaction count.
-
-
35. A computer data signal embodied in a transmission medium, comprising:
-
a. a data segment including an identification number of a financial instrument;
b. a data segment including a transaction amount of a transaction being conducted by a user with a merchant;
c. a data segment including a passcode generated by a token in possession of said user, wherein said passcode comprises a digest of said identification number of said financial instrument, said transaction amount and a transaction count, and said digest is responsive to an encryption process responsive to a digest keyset;
d. a data segment including said transaction count; and
e. a data segment including an identification number of said token.
-
-
41. A token for generating a passcode and a transaction count for use in a transaction verification system, said token comprising:
-
a. a keypad for entering numeric data related to a transaction to be verified;
b. a display for displaying information related to said transaction to be verified;
c. a processor operatively connected to said keypad and to said display; and
d. a memory operatively connected to said processor, wherein said memory is adapted to store a digest keyset and the transaction count, said processor is adapted with an encryption process using said digest keyset to generate a passcode comprising a digest of information related to said transaction entered on said keypad, and of said transaction count, said processor is adapted to increment said transaction count for each different transaction, said passcode comprises a digest of said transaction count, and said processor is adapted to output said passcode and said transaction count. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
-
Specification