PAYMENT SERVICE AUTHENTICATION FOR A TRANSACTION USING A GENERATED DYNAMIC VERIFICATION VALUE
First Claim
1. A method for authenticating a payment service being used in a transaction, the method comprising a plurality of steps, each being performed by hardware executing software, wherein the steps include:
- generating on a payment device a first verification value unique to the transaction, wherein the verification value is generated by;
creating a base record comprising;
digits for an application transaction counter overlaying the left most digits of a primary account number corresponding to an account upon which the transaction is being conducted, wherein the application transaction counter is incremented for each said transaction; and
concatenated to the right most digits of the primary account number;
a card security code for the primary account number; and
an expiration date for the primary account number;
bisecting the base record into a first field and a second field;
encrypting the first field using a first encryption key;
performing an exclusive-OR (XOR) operation on the encrypted first field and the second field to produce a first result;
encrypting the first result using a second encryption key to produce a second result;
decrypting the second result using a decryption key to produce a third result;
encrypting the third result using a third encryption key to produce a fourth result;
sequentially extracting each value between 0 and 9 from the most-significant digit to the least-significant digit of the fourth result to produce a fifth result;
sequentially extracting and subtracting hexadecimal A from each value between hexadecimal A and hexadecimal F from the most-significant digit to the least-significant digit of the fourth result to produce the sixth result;
concatenating the fifth result and the sixth result to produce a seventh result; and
selecting one or more values from the seventh result as the first verification value;
communicating a payment record from the payment device to a point of sale terminal, wherein the payment record comprises the first verification value and payment data from the transaction;
communicating the payment record from the point of sale terminal in a magnetic stripe data format to a service provider computer;
generating a second verification value on the service provider computer, wherein the second verification value is generated solely from data residing on the service provider computer; and
disapproving the transaction when the first verification value does not equal the second verification value.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for dynamically generating a verification value for a transaction and for utilizing such value to verify the authenticity of the payment service application. The dynamically created verification value may be generated on a payment device, such as an integrated circuit credit card or smart card, embedded into the payment data, and transmitted to a point of sale terminal. Alternatively, payment data is sent by a payment device to a point of sale terminal, which generates a verification value and embeds it into the payment data. The embedded verification value is used by a service provider to verify the authenticity of the transaction. The methods and systems may be used in a contactless (wireless) environment or a non-wireless environment.
-
Citations
20 Claims
-
1. A method for authenticating a payment service being used in a transaction, the method comprising a plurality of steps, each being performed by hardware executing software, wherein the steps include:
-
generating on a payment device a first verification value unique to the transaction, wherein the verification value is generated by; creating a base record comprising; digits for an application transaction counter overlaying the left most digits of a primary account number corresponding to an account upon which the transaction is being conducted, wherein the application transaction counter is incremented for each said transaction; and concatenated to the right most digits of the primary account number; a card security code for the primary account number; and an expiration date for the primary account number; bisecting the base record into a first field and a second field; encrypting the first field using a first encryption key; performing an exclusive-OR (XOR) operation on the encrypted first field and the second field to produce a first result; encrypting the first result using a second encryption key to produce a second result; decrypting the second result using a decryption key to produce a third result; encrypting the third result using a third encryption key to produce a fourth result; sequentially extracting each value between 0 and 9 from the most-significant digit to the least-significant digit of the fourth result to produce a fifth result; sequentially extracting and subtracting hexadecimal A from each value between hexadecimal A and hexadecimal F from the most-significant digit to the least-significant digit of the fourth result to produce the sixth result; concatenating the fifth result and the sixth result to produce a seventh result; and selecting one or more values from the seventh result as the first verification value; communicating a payment record from the payment device to a point of sale terminal, wherein the payment record comprises the first verification value and payment data from the transaction; communicating the payment record from the point of sale terminal in a magnetic stripe data format to a service provider computer; generating a second verification value on the service provider computer, wherein the second verification value is generated solely from data residing on the service provider computer; and disapproving the transaction when the first verification value does not equal the second verification value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for authenticating a payment service being used in a transaction, the method comprising a plurality of steps, each being performed by hardware executing software, wherein the steps include:
-
generating, at a point of sale terminal, unique transaction data for the transaction being processed by the point of sale terminal; sending, from the point of sale terminal in a wireless communication, the unique transaction data for the transaction; receiving, at a mobile electronic device, the unique transaction data for the transaction; creating, at the mobile electronic device, a base record comprising; digits for an application transaction counter overlaying the left most digits of a primary account number corresponding to an account upon which the transaction is being conducted, wherein the application transaction counter is incremented for each said transaction; and concatenated to the right most digits of the primary account number; a card security code for the primary account number; and an expiration date for the primary account number; splitting, at the mobile electronic device, the base record into a first field and a second field; encrypting, at the mobile electronic device, the first field using a first encryption key; performing, at the mobile electronic device, an exclusive-OR (XOR) operation on the encrypted first field and the second field to produce a first result; encrypting, at the mobile electronic device, the first result using a second encryption key to produce a second result; decrypting, at the mobile electronic device, the second result using a decryption key to produce a third result; encrypting, at the mobile electronic device, the third result using a third encryption key to produce a fourth result; sequentially extracting, at the mobile electronic device, each value between 0 and 9 from the most-significant digit to the least-significant digit of the fourth result to produce a fifth result; sequentially extracting and subtracting, at the mobile electronic device, hexadecimal A from each value between hexadecimal A and hexadecimal F from the most-significant digit to the least-significant digit of the fourth result to produce the sixth result; concatenating, at the mobile electronic device, the fifth result and the sixth result to produce a seventh result; and selecting, at the mobile electronic device, one or more values from the seventh result as a first verification value; sending, from the mobile electronic device, the first verification value; receiving, at the point of sale terminal, the first verification value; communicating the first verification value from the point of sale terminal to a service provider computer; generating a second verification value on the service provider computer, wherein the second verification value is generated solely from data residing on the service provider computer; and disapproving the transaction when the first verification value does not equal the second verification value. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for verifying a transaction comprising:
-
a first electronic device with a payment service deployed thereon; a second electronic device in communication with the first electronic device, wherein the second electronic device receives a payment record from the first electronic device, the payment record comprising an account number for the payment service and a first verification value generated on the first electronic device by; creating, at the first electronic device, a base record comprising; digits for an application transaction counter overlaying the left most digits of a primary account number corresponding to an account upon which the transaction is being conducted, wherein the application transaction counter is incremented for each said transaction; and concatenated to the right most digits of the primary account number; a card security code for the primary account number; and an expiration date for the primary account number; splitting, at the first electronic device, the base record into a first field and a second field; encrypting, at the first electronic device, the first field using a first encryption key; performing, at the first electronic device, an exclusive-OR (XOR) operation on the encrypted first field and the second field to produce a first result; encrypting, at the first electronic device, the first result using a second encryption key to produce a second result; decrypting, at the first electronic device, the second result using a decryption key to produce a third result; encrypting, at the first electronic device, the third result using a third encryption key to produce a fourth result; sequentially extracting, at the first electronic device, each value between 0 and 9 from the most-significant digit to the least-significant digit of the fourth result to produce a fifth result; sequentially extracting and subtracting, at the first electronic device, hexadecimal A from each value between hexadecimal A and hexadecimal F from the most-significant digit to the least-significant digit of the fourth result to produce the sixth result; concatenating, at the first electronic device, the fifth result and the sixth result to produce a seventh result; and selecting, at the first electronic device, one or more values from the seventh result as the first verification value; and a service provider system in communication with, and receiving the first verification value from, the second electronic device, wherein the service provider computer independently generates a second verification value and disapproves the transaction where the first verification value and the second verification value are not equal. - View Dependent Claims (18, 19, 20)
-
Specification