METHODS AND APPARATUS FOR A SECURE PROXIMITY INTEGRATED CIRCUIT CARD TRANSACTIONS
First Claim
1. A method for securing a transaction initiated with a proximity integrated circuit (PIC) transaction device comprising:
- a. selecting an application data with the highest priority from amongst the plurality of applications stored on a PIC transaction device database, the selected application data being supported by the PIC transaction device and a PIC transaction device reader, the application data including a list of process functions to perform and a list of transaction issuer predetermined transaction processing rules;
b. authenticating the PIC transaction device using Offline Data Authentication (ODA);
c. determining multiple merchant risk management factors using at least one of the plurality of application data;
d. determining multiple issuer risk management factors using at least one of the plurality of application data; and
e. determining the transaction disposition of a transaction request, the transaction request disposition detailing whether to process a transaction for authorization offline, authorization online, no authorization offline, the determination the transaction request disposition being performed by analyzing at least one of the results of ODA, the list of transaction issuer predetermined transaction processing rules, the merchant risk management factors, and a set of merchant predetermined transaction processing rules.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for a smartcard system are provided which securely and conveniently provides for secure transaction completion in a contact or contactless environment. The invention utilizes selection of processing applications based on the account issuer parameters and risk factors (stored on a smartcard) and merchant system parameters and risk factors (stored on a merchant system database). The invention permits a merchant system and smartcard to exchange information useful for determining if particular transactions should be completed online or offline.
-
Citations
20 Claims
-
1. A method for securing a transaction initiated with a proximity integrated circuit (PIC) transaction device comprising:
-
a. selecting an application data with the highest priority from amongst the plurality of applications stored on a PIC transaction device database, the selected application data being supported by the PIC transaction device and a PIC transaction device reader, the application data including a list of process functions to perform and a list of transaction issuer predetermined transaction processing rules;
b. authenticating the PIC transaction device using Offline Data Authentication (ODA);
c. determining multiple merchant risk management factors using at least one of the plurality of application data;
d. determining multiple issuer risk management factors using at least one of the plurality of application data; and
e. determining the transaction disposition of a transaction request, the transaction request disposition detailing whether to process a transaction for authorization offline, authorization online, no authorization offline, the determination the transaction request disposition being performed by analyzing at least one of the results of ODA, the list of transaction issuer predetermined transaction processing rules, the merchant risk management factors, and a set of merchant predetermined transaction processing rules. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for authorizing a transaction initiated with a proximity integrated circuit (PIC) transaction device comprising:
-
a. receiving at a merchant system a plurality of application data from the PIC transaction device;
b. selecting a transaction processing application from the plurality of application data by the merchant system, the transaction processing application being supported by the PIC transaction device and the merchant system;
c. receiving at the merchant system of a list of functions from the PIC transaction device, the list of functions being supported by the merchant system and the PIC transaction device, the list of functions corresponding to the transaction processing application supported by the PIC transaction device and the merchant system;
d. receiving at a merchant system a dataset for use with processing the list of functions, the dataset being provided by the PIC transaction device;
e. authenticating the PIC transaction device at the merchant system, the merchant system authenticating the PIC transaction device offline;
f. authenticating of a merchant transaction request at the merchant system, the merchant system producing an first offline authentication result t in accordance with merchant risk management analysis;
g. receiving at the merchant system a list of PIC transaction device management rules from the PIC transaction device;
h. determining a first disposition of a transaction request at the merchant system, the determination of the disposition of the transaction request being done in accordance with an analysis by the merchant system of the first offline authentication result, the merchant risk management analysis, PIC transaction device management rules, and a result of a merchant risk management analysis, the transaction request being one of an action to approve the transaction request offline, seeking approving for the transaction request online, declining the transaction request offline; and
i. receiving of a first cryptogram application at the merchant system, the first cryptogram application being received in response to a 1st application request provided from the merchant system to the PIC transaction device, the first cryptogram being one of a transaction certificate (TC) to indicate that the transaction request may be completed online, an application request cryptogram (ARQC) to indicate that the transaction is to be completed online, an application authentication cryptogram (AAC) to indicate that the transaction request is to be declined. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for securing a transaction initiated with a proximity integrated circuit (PIC) transaction device, comprising:
-
a. a PIC transaction device including a PIC transaction device database, the database storing a plurality of cryptogram applications, a plurality of issuer predetermine transaction processing rules, a issuer defined dataset for use in performing an issuer defined risk management analysis, and plurality of transaction disposition cryptograms; and
b. a merchant system in communication with the PIC transaction device, the merchant system comprising a merchant system database, the merchant system database storing a merchant system risk management application, a command dataset for use in communicating with said PIC transaction device and a PIC transaction device issuer. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification