Method and system for performing a transaction using a dynamic authorization code

US 20070260544A1
Filed: 05/10/2007
Published: 11/08/2007
Est. Priority Date: 11/10/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authorizing a transaction over a transaction network employing a standardized message format having a data portion reserved for a static PIN, comprising:

receiving dynamic code data based on a dynamic code;

preparing a transaction message in said standardized message format, said dynamic code data inserted in said data portion reserved for said static PIN;

transmitting said traction message to an authorization entity over a communications link;

receiving a response from said authorization entity; and

authorizing a transaction in response to said receiving step.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for conducting a transaction involving transmission of a dynamic authentication code in place of a static PIN block using currently existing messaging standards or PIN acceptance devices. Minimal changes to existing processes an equipment are made while greatly improving security and fraud minimization.

Citations

12 Claims

1. A method for authorizing a transaction over a transaction network employing a standardized message format having a data portion reserved for a static PIN, comprising:
- receiving dynamic code data based on a dynamic code;
  
  preparing a transaction message in said standardized message format, said dynamic code data inserted in said data portion reserved for said static PIN;
  
  transmitting said traction message to an authorization entity over a communications link;
  
  receiving a response from said authorization entity; and
  
  authorizing a transaction in response to said receiving step.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein said dynamic code is generated based at least in part on a counter value that changes before each new transaction.
  - 3. The method of claim 1, wherein said dynamic code is encrypted before said transmitting step.
  - 4. The method of claim 1 wherein said dynamic code is entered on a non-secure PIN entry device before said receiving step.
  - 5. The method of claim 1 wherein said dynamic code is entered on an online order form using a web browser.

6. A method for authorizing a transaction over a transaction network employing a standardized message format having a data portion reserved for a static PIN, comprising:
- making available to an account holder a code generating device;
  
  receiving a transaction message in said standardized message format, said message including dynamic code data based on a dynamic code provided by said code generating device, said dynamic code data inserted in said data portion reserved for said static PIN, and said message including account data;
  
  using at least said received account data to determine expected dynamic code data;
  
  comparing said received dynamic code data to said expected dynamic code data; and
  
  authorizing a transaction in response to said comparing step.
- View Dependent Claims (7, 8, 10)
- - 7. The method of claim 6 wherein said dynamic code is generated based at least in part on a counter value that changes before each new transaction.
  - 8. The method of claim 6 wherein said using at least said received account data includes the step of retrieving from an account database information associated with said code generating device.
  - 10. The method of claim 6 wherein said dynamic code is encrypted before said receiving step, further comprising:
    - decrypting said dynamic code data to recover said dynamic code

9. The method of 8 wherein said retrieving from an account database includes retrieving a counter value associated with said code generating device.

11. A system for authorizing a transaction, comprising:
- a transaction network employing a standardized message format having a data portion reserved for a static PIN;
  
  a dynamic code generator for generating a dynamic code;
  
  an account database storing information regarding one or more account;
  
  a receiver for receiving a transaction message in said standardized message format, said message having said dynamic code inserted in said data portion reserved for said static PIN, and said message including account data; and
  
  a processor for (a) retrieving, using said account data, account information from said account database, (b) determining an expected dynamic code based on at least said retrieved account information, (c) comparing said received dynamic code to said expected dynamic code, and (d) authorizing a transaction in response to said comparing.
- View Dependent Claims (12)
- - 12. The system of claim 11, wherein said dynamic code generator includes a stored counter value that changes before each new transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Wankmueller, John

Granted Patent

US 8,527,427 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/44
CPC Class Codes

G06Q 20/40   Authorisation, e.g. identif...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

Method and system for performing a transaction using a dynamic authorization code

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for performing a transaction using a dynamic authorization code

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links