Method and system for generating a dynamic verification value
First Claim
1. A method for authenticating a payment service being used in a transaction comprising:
- generating on a payment device a first verification value unique to the transaction wherein said first verification value is derived from data comprising a first data value and a second data value;
communicating a payment record from the payment device to a point of sale terminal, wherein the payment record comprising the first verification value and payment data;
communicating the payment record from the point of sale terminal to a service provider computer;
generating a second verification value on the service provider computer, wherein the second verification value is generated solely from data residing on the service provider computer; and
disapproving the transaction when the first verification value does not equal the second verification value.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for dynamically generating a verification value for a transaction and for utilizing such value to verify the authenticity of the payment service application. The dynamically created verification value may be generated on a payment device, such as an integrated circuit credit card or smart card, embedded into the payment data, and transmitted to a point of sale terminal. Alternatively, payment data is sent by a payment device to a point of sale terminal, which generates a verification value and embeds it into the payment data. The embedded verification value is used by a service provider to verify the authenticity of the transaction. The methods and systems may be used in a contactless (wireless) environment or a non-wireless environment.
-
Citations
38 Claims
-
1. A method for authenticating a payment service being used in a transaction comprising:
-
generating on a payment device a first verification value unique to the transaction wherein said first verification value is derived from data comprising a first data value and a second data value;
communicating a payment record from the payment device to a point of sale terminal, wherein the payment record comprising the first verification value and payment data;
communicating the payment record from the point of sale terminal to a service provider computer;
generating a second verification value on the service provider computer, wherein the second verification value is generated solely from data residing on the service provider computer; and
disapproving the transaction when the first verification value does not equal the second verification value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of dynamically creating a verification value for a transaction comprising:
-
creating a base record comprising a first data value and a second data value for a payment service being used in the transaction;
splitting the base record into a first field and a second field;
encrypting the first field using a first encryption key;
performing an exclusive-OR (XOR) operation on the encrypted first field and the second field to produce a first result;
encrypting the first result using a second encryption key to produce a second result;
decrypting the second result using a decryption key to produce a third result;
encrypting the third result using a third encryption key to produce a fourth result;
sequentially extracting each value between 0 and 9 from the most-significant digit to the least-significant digit of the fourth result to produce a fifth result;
sequentially extracting and subtracting hexadecimal A from each value between hexadecimal A and hexadecimal F from the most-significant digit to the least-significant digit of the fourth result to produce the sixth result;
concatenating the fifth result and the sixth result to produce a seventh result; and
selecting one or more values from the seventh result as the card verification value. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for verifying a transaction comprising:
-
a first electronic device with a payment service deployed thereon;
a second electronic device in communication with the first electronic device wherein the second electronic device receives a payment record from the first electronic device, the payment record comprising an account number for the payment service and a first verification value generated on the first electronic device;
a service provider system in communication with the second electronic device wherein the service provider computer independently generates a second verification value and disapproves the transaction where the first verification value and the second verification value are not equal. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification