Systems and Methods For Secure Pin-Based Transactions Via a Host Based Pin Pad

US 20090327114A1
Filed: 06/30/2008
Published: 12/31/2009
Est. Priority Date: 06/30/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for securely authorizing a PIN-based transaction between a merchant system and a consumer device, comprising:

receiving, from the merchant system via a first communication link, transaction data comprising an account identifier and a payment amount;

presenting a verification interface to the consumer device via a second communication link, said verification interface including a plurality of interactive controls;

receiving from the consumer device via said verification interface coordinates representing locations within the verification interface of selected interactive controls corresponding to PIN elements;

determining the PIN elements based on said coordinates;

building a PIN block based on said PIN elements and said transaction data within a secure server; and

providing said PIN block to a third party payment processor system and awaiting a confirmation from the third party payment processor system that the transaction has been authorized.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for securely verifying over an open network a transaction using a payment card requiring authorization, such as a PIN, to be used. The system utilizes a secure host system to establish two lines of communication between a merchant and a consumer device used by an individual using the payment card. The secure host system provides a verification interface that is presented to the consumer device, providing a means for the individual to provide verification information. The secure host system receives verification information from the consumer device, couples the verification information with card information supplied by a merchant for verification from a third party payment provider. The transaction service provider verifies the transaction without sending the cardholder'"'"'s actual PIN over the open network.

32 Citations

View as Search Results

19 Claims

1. A method for securely authorizing a PIN-based transaction between a merchant system and a consumer device, comprising:
- receiving, from the merchant system via a first communication link, transaction data comprising an account identifier and a payment amount;
  
  presenting a verification interface to the consumer device via a second communication link, said verification interface including a plurality of interactive controls;
  
  receiving from the consumer device via said verification interface coordinates representing locations within the verification interface of selected interactive controls corresponding to PIN elements;
  
  determining the PIN elements based on said coordinates;
  
  building a PIN block based on said PIN elements and said transaction data within a secure server; and
  
  providing said PIN block to a third party payment processor system and awaiting a confirmation from the third party payment processor system that the transaction has been authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising the step of, in response to receiving said confirmation, notifying the merchant system that the transaction has been authorized.
  - 3. The method of claim 1, further comprising the step of, in response to receiving a denial, notifying the merchant system that the transaction has not been authorized.
  - 4. The method of claim 1, further comprising the step of, in response to receiving the transaction data from the merchant system, determining that an account associated with the account identifier is PIN-able.
  - 5. The method of claim 1, further comprising the step of, in response to receiving the transaction data from the merchant system, determining that a BIN included within the account identifier is associated with a valid participating financial institution.
  - 6. The method of claim 1, wherein the transaction data further comprises a merchant ID;
    - andwherein the method further comprises the step of, in response to receiving the transaction data from the merchant system, verifying that the merchant system is registered and in good standing based on the merchant ID.
  - 7. The method of claim 1, wherein the plurality of interactive controls are randomly arranged within the verification interface.
  - 8. The method of claim 7, wherein presenting a verification interface to the consumer device via a second communication link, said verification interface including a plurality of interactive controls further comprises presenting a verification interface after generating an algorithm that randomly arranges the plurality of interactive controls.
  - 9. The method of claim 7, wherein the plurality of interactive controls are randomly re-arranged within the verification interface after each selection of one of the interactive controls corresponding to a PIN element.
  - 10. The method of claim 1, wherein the secured server comprises a hardware security module.
  - 11. The method of claim 1 further comprising the step of, in response to receiving the transaction data from the merchant system, providing a theme package to the merchant system.
  - 12. The method of claim 1, wherein presenting a verification interface to the consumer device via a second communication link further comprises presenting a verification interface after receiving a request from the consumer device to present the verification interface.

13. A system for of securely authorizing a PIN-based transaction between a merchant system and a consumer device, comprising:
- a transaction gateway server for receiving from the merchant system via a first communication link transaction data comprising an account identifier and a payment amount;
  
  a verification application server for generating a verification interface and for randomly arranging a plurality of interactive controls within the verification interface;
  
  a verification gateway for providing the verification interface to the consumer device via a second communication link and for receiving from the consumer device via the verification interface coordinates representing locations within the verification interface of selected interactive controls corresponding to PIN elements; and
  
  a secured server for receiving the coordinates and the transaction data, determining the PIN elements based on said coordinates, building a PIN block based on said PIN elements and said transaction data, and providing said PIN block to a third party payment processor system for authorization of the transaction.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, further comprising a transaction application server;
    - andwherein the transaction data further comprises a merchant ID, the merchant ID used by the transaction application server to verify that the merchant system is registered and in good standing with the system.
  - 15. The system of claim 14, wherein the transaction application server provides a theme package to the merchant system.
  - 16. The system of claim 13, wherein the secured server provides an algorithm to the verification application to for randomly arranging the plurality of interactive controls.
  - 17. The system of claim 13, wherein the verification gateway receives requests from the consumer device to display the verification interface.
  - 18. The system of claim 13, wherein the secured server is a hardware security module.

19. A method of securely authorizing a PIN-based transaction between a merchant system and a consumer device, comprising:
- establishing a first communication link with the merchant system;
  
  receiving from the merchant system via said first communication link transaction data comprising an account identifier, a merchant ID, and a payment amount;
  
  in response to receiving the transaction data from the merchant system, determining that an account associated with the account identifier is PIN-able, that a BIN included within the account identifier is associated with a valid participating financial institution, and verifying that the merchant system is registered and in good standing based on the merchant ID;
  
  presenting a verification interface to the consumer device via a second communication link, said verification interface including a plurality of interactive controls randomly arranged within the verification interface;
  
  receiving from the consumer device via said verification interface coordinates representing locations within the verification interface of selected interactive controls corresponding to PIN elements;
  
  determining the PIN elements based on said coordinates within a hardware security module;
  
  building a PIN block based on said PIN elements and said transaction data within the hardware security module;
  
  providing said PIN block to a third party payment processor system and awaiting a confirmation from the third party payment processor system that the transaction has been authorized; and
  
  in response to receiving said confirmation, notifying the merchant system that the transaction has been authorized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accullink Incorporated
Original Assignee
Accullink Incorporated
Inventors
Bahl, Ashish, Sheth, Nandan S.

Application Number

US12/164,837
Publication Number

US 20090327114A1
Time in Patent Office

Days
Field of Search
US Class Current

705/35
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 40/00   Finance; Insurance; Tax str...

G07F 7/1041   PIN input keyboard gets new...

Systems and Methods For Secure Pin-Based Transactions Via a Host Based Pin Pad

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods For Secure Pin-Based Transactions Via a Host Based Pin Pad

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links