Signature based negative list for off line payment device validation

US 20080183622A1
Filed: 03/01/2007
Published: 07/31/2008
Est. Priority Date: 01/30/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

reading data at a point of service (POS) terminal at a merchant, wherein;

a payment device is presented to the POS terminal by a consumer seeking to conduct a transaction for a good or service from the merchant;

the payment device includes a Primary Account Number (PAN) issued by an issuer; and

the data read from the payment device includes a non-PAN signature that corresponds to the PAN;

checking a list of non-PAN signatures maintained by the POS terminal to determine if the non-PAN signature read from the data on the payment device is on the list; and

permitting, on the basis if whether the non-PAN signature is on the list, the consumer to complete the transaction with the merchant.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At each of a plurality of transit readers of a transit system, for each of a plurality of riders, where each rider seeks to conduct an access transaction with the transit system for access into the transit facility by using a payment device issued by an issuer in a payment system, data is read from the payment device. The data includes an encryption code that uniquely corresponds to the payment device and was created by the issuer using one or more encryption keys and a predetermined algorithm. A check will be performed, remotely and/or locally, of one or more lists of other encryption codes to determine if the encryption code is on the list. On the basis of whether the encryption code is on the list, the rider is permitted access to the facility of the transit system. The payment device need not be changed for the rider'"'"'s fare. Decryption of the encryption code read from the payment device is not required to complete the access transaction.

57 Citations

View as Search Results

44 Claims

1. A method comprising:
- reading data at a point of service (POS) terminal at a merchant, wherein;
  
  a payment device is presented to the POS terminal by a consumer seeking to conduct a transaction for a good or service from the merchant;
  
  the payment device includes a Primary Account Number (PAN) issued by an issuer; and
  
  the data read from the payment device includes a non-PAN signature that corresponds to the PAN;
  
  checking a list of non-PAN signatures maintained by the POS terminal to determine if the non-PAN signature read from the data on the payment device is on the list; and
  
  permitting, on the basis if whether the non-PAN signature is on the list, the consumer to complete the transaction with the merchant.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method as defined in claim 1, wherein the non-PAN signature is created by the issuer using at least one of:
    - one or more encryption keys; and
      
      a predetermined algorithm.
  - 3. The method as defined in claim 2, wherein at least one said encryption key is a type selected from the group consisting of a symmetric type and an asymmetric type.
  - 4. The method as defined in claim 3, wherein the asymmetric type is a public key infrastructure.
  - 5. The method as defined in claim 2, wherein the predetermined algorithm produces a result selected from the group, consisting of a hash, a certificate, a signature utilizing data stored on the payment device that is unique to that payment device.
  - 6. The method as defined in claim 2, wherein the predetermined algorithm includes one or more variables each of which is selected from the group consisting of the name of an account holder corresponding to the payment device, a partial PAN, expiry data of the payment device, and a service code of the payment processing system that corresponds to the PAN of the payment device.
  - 7. The method as defined in claim 6, wherein the one or more variables are stored in the payment device in Track 1 and/or Track 2 data fields in accordance with a magnetic stripe data (MSD) configuration.
  - 8. The method as defined in claim 1, wherein the non-PAN signature is static on the payment device.
  - 9. The method as defined in claim 1, wherein the reading data further comprises storing information for each said transaction.
  - 10. The method as defined in claim 9, wherein the information stored for each said transaction comprises the date and time thereof, an identification of the POS terminal of the merchant, and at least some of the data read from a data storage region of the payment device.
  - 11. The method as defined in claim 10, wherein the data read from the data storage region of the payment device is stored in a format selected from the group consisting of:
    - either Track 1 or Track 2 data fields of the payment device in accordance with a magnetic stripe data (MSD) configuration; and
      
      a data track that is compatible with the payment processing system that processes data in accordance with a magnetic stripe data (MSD) configuration.
  - 12. The method as defined in claim 10, wherein the data read from the data storage region of the payment device is read contactlessly.
  - 13. The method as defined in claim 1, wherein the payment device is selected from the group consisting of a credit card, a debit card, a stored value card, a contactless payment device, and combinations thereof
  - 14. The method as defined in claim 1, wherein the payment device is within a mobile device selected from the group consisting of a personal digital assistant, a wireless telephone, and an expert system including a substrate having embedded therein a contactless element including a chip capable of use as a transaction payment mechanism for each said access transaction.
  - 15. The method as defined in claim 1, wherein the reading, the checking, and the permitting are all performed within a time period not exceeding one (1) second.
  - 16. A computer readable medium comprising instructions which, when executed by a computer, performs the method of claim 1.

17. A method comprising:
- reading data at a transit system reader in a transit system, wherein;
  
  a payment device is presented to the transit system reader by a rider seeking to conduct an access transaction for access to a facility of the transit system; and
  
  the payment device includes a Primary Account Number (PAN) issued by an issuer in a payment processing system; and
  
  the data read from the payment device includes encryption code; and
  
  without decrypting the encryption code;
  
  checking, at the transit system reader, a list of other said encryption codes to determine if the encryption code is on the list; and
  
  permitting, on the basis if whether the encryption code is on the list, the rider access to the facility of the transit system.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 18. The method as defined in claim 17, wherein the encryption code that uniquely corresponds to the payment device is created by the issuer using:
    - one or more encryption keys; and
      
      a predetermined algorithm.
  - 19. The method as defined in claim 18, wherein at least one said encryption key is a type selected from the group consisting of a symmetric type and an asymmetric type.
  - 20. The method as defined in claim 19, wherein the asymmetric type is a public key infrastructure.
  - 21. The method as defined in claim 18, wherein the predetermined algorithm produces a result selected from the group consisting of a hash, a certificate, a signature utilizing data stored on the payment device that is unique to that payment device.
  - 22. The method as defined in claim 18, wherein the predetermined algorithm includes one or more variables each of which is selected from the group consisting of the name of a cardholder corresponding to the payment device, a partial PAN, expiry data of the payment device, and a service code of the payment device.
  - 23. The method as defined in claim 22, wherein the one or more variables are stored in the payment device in Track 1 and/or Track 2 data fields of the payment device in accordance with a magnetic stripe data (MSD) configuration.
  - 24. The method as defined in claim 17, wherein the encryption code read from the payment device is static on the payment device.
  - 25. The method as defined in claim 17, wherein the reading data further comprises storing information for each said access transaction.
  - 26. The method as defined in claim 25, wherein the information stored for each said access transaction comprises the date and time thereof, an identification of the POS terminal in the transit system, and at least some of the data read from a data storage region of the payment device.
  - 27. The method as defined in claim 17, wherein the data read from the payment device is stored in a format selected from the group consisting of:
    - either Track 1 or Track 2 data fields of the payment device in accordance with a magnetic stripe data (MSD) configuration; and
      
      a data track that is compatible with the payment processing system that processes data in accordance with a magnetic stripe data (MSD) configuration.
  - 28. The method as defined in claim 17, wherein the data is contactlessly read from a data storage region of the payment device.
  - 29. The method as defined in claim 17, wherein the payment device is selected from the group consisting of a credit card, a debit card, a stored value card, a contactless payment device, and combinations thereof
  - 30. The method as defined in claim 17, wherein the payment device is within a mobile device selected from the group consisting of a personal digital assistant, a wireless telephone, and an expert system including a substrate having embedded therein a contactless element including a chip capable of use as a transaction payment mechanism for each said access transaction.
  - 31. The method as defined in claim 17, wherein the reading, the checking, and the permitting are all performed within a time period not exceeding one (1) second.
  - 32. A computer readable medium comprising instructions which, when executed by a computer, performs the method of claim 17.

33. A method comprising:
- reading data at a transit reader in a transit system, wherein;
  
  a payment device is presented to the transit system reader by a rider seeking to conduct an access transaction for access to a facility of the transit system;
  
  the data is in the Track 1 and/or Track 2 data fields in accordance with an Magnetic Stripe Data (MSD) configuration;
  
  the payment device includes a Primary Account Number (PAN) issued by an issuer in a payment processing system; and
  
  the data read from the payment device includes encryption code that;
  
  uniquely corresponds to the payment device;
  
  is created by the issuer using at least one of;
  
  one or more encryption keys; and
  
  a predetermined algorithm;
  
  checking, at the transit system reader, a list of other said encryption codes to determine if the encryption code is on the list; and
  
  permitting, without decrypting the encryption code, the rider access to the facility of the transit system on the basis if whether the encryption code is on the list.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 34. The method as defined in claim 33, wherein at least one said encryption key is a type selected from the group consisting of a symmetric type and an asymmetric type.
  - 35. The method as defined in claim 34, wherein the asymmetric type is a public key infrastructure.
  - 36. The method as defined in claim 33, wherein the predetermined algorithm produces a result selected from the group consisting of a hash, a certificate, a signature utilizing data stored on the payment device that is unique to that payment device.
  - 37. The method as defined in claim 33, wherein the predetermined algorithm includes one or more variables each of which is selected from the group consisting of the name of a cardholder corresponding to the payment device, a partial PAN, expiry data of the payment device, and a service code of the payment device.
  - 38. The method as defined in claim 33, wherein the reading data further comprises storing information for each said access transaction.
  - 39. The method as defined in claim 38, wherein the information stored for each said access transaction comprises the date and time thereof, an identification of the POS terminal in the transit system, and at least some of the data read from a data storage region of the payment device.
  - 40. The method as defined in claim 33, wherein the data is contactlessly read from a data storage region of the payment device.
  - 41. The method as defined in claim 33, wherein the payment device is selected from the group consisting of a credit card, a debit card, a stored value card, a contactless payment device, and combinations thereof
  - 42. The method as defined in claim 33, wherein the payment device is within a mobile device selected from the group consisting of a personal digital assistant, a wireless telephone, and an expert system including a substrate having embedded therein a contactless element including a chip capable of use as a transaction payment mechanism for each said access transaction.
  - 43. The method as defined in claim 33, wherein the reading, the checking, and the permitting are all performed within a time period not exceeding one (1) second.
  - 44. A computer readable medium comprising instructions which, when executed by a computer, performs the method of claim 33.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Thaw, William Alexander, Dixon, Phil, Hammad, Ayman, Aabye, Christian

Granted Patent

US 7,809,652 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/44
CPC Class Codes

G06Q 20/027   involving a payment switch ...

G06Q 20/04   Payment circuits

G06Q 20/085   involving remote charge det...

G06Q 20/0855   involving a third party

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/204   comprising interface for re...

G06Q 20/32   using wireless devices

G06Q 20/327   Short range or proximity pa...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/4016   involving fraud or risk lev...

G07B 15/00   Arrangements or apparatus f...

Signature based negative list for off line payment device validation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Signature based negative list for off line payment device validation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links