Apparatus and Method for Combining Cryptograms for Card Payments

US 20120011070A1
Filed: 07/09/2010
Published: 01/12/2012
Est. Priority Date: 07/09/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising the steps of:

facilitating transmitting, from a payment device reader component to a terminal component, at least a first cryptogram and a second cryptogram;

facilitating transmitting, from said terminal component to an issuer of a payment device presented to said reader component, through a payment network, a message comprising at least said first cryptogram and said second cryptogram; and

obtaining a message from said issuer, said message corresponding to authentication, by said issuer, of said payment device presented to said reader component, based at least on said first cryptogram and said second cryptogram;

wherein said payment network is configured in accordance with at least one of;

a standard, anda specificationwhich normally employs only a single cryptogram for said message and said authentication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At least a first cryptogram and a second cryptogram are transmitted from a payment device reader component to a terminal component. A message including at least the first cryptogram and the second cryptogram is transmitted from the terminal component to an issuer of a payment device presented to the reader component, through a payment network. A message is obtained from the issuer, corresponding to authentication, by the issuer, of the payment device (and optionally the owner of the payment device) presented to the reader component, based at least on the first cryptogram and the second cryptogram. The payment network is configured in accordance with at least one of (i) a standard, and (ii) a specification, which normally employs only a single cryptogram for the message and the authentication. Apparatuses and computer program products are also disclosed.

61 Citations

View as Search Results

26 Claims

1. A method comprising the steps of:
- facilitating transmitting, from a payment device reader component to a terminal component, at least a first cryptogram and a second cryptogram;
  
  facilitating transmitting, from said terminal component to an issuer of a payment device presented to said reader component, through a payment network, a message comprising at least said first cryptogram and said second cryptogram; and
  
  obtaining a message from said issuer, said message corresponding to authentication, by said issuer, of said payment device presented to said reader component, based at least on said first cryptogram and said second cryptogram;
  
  wherein said payment network is configured in accordance with at least one of;
  
  a standard, anda specificationwhich normally employs only a single cryptogram for said message and said authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising said issuer authenticating said payment device presented to said reader component, based at least on said first cryptogram and said second cryptogram.
  - 3. The method of claim 2, further comprising facilitating transmitting, from said payment device reader component to said terminal component, an unpredictable number and a transaction counter, wherein:
    - said message transmitted from said terminal component to said issuer further comprises said unpredictable number and said transaction counter; and
      
      said authentication, by said issuer, of said payment device presented to said reader component, is further based on said unpredictable number and said transaction counter.
  - 4. The method of claim 3, wherein said payment device comprises at least one of a contactless payment device and a contacted payment device.
  - 5. The method of claim 4, wherein, in said step of transmitting said message comprising said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram, said message comprises an authorization request message.
  - 6. The method of claim 5, wherein said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram are embedded in an exiting message element of said authorization request message.
  - 7. The method of claim 5, wherein said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram are contained in a new message element of said authorization request message.
  - 8. The method of claim 4, further comprising transmitting, from said terminal to said issuer through said payment network, an authorization request message which is separate from, but associated with, said message comprising said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram.
  - 9. The method of claim 4, wherein said first cryptogram comprises a CVC3 Track 1 cryptogram and said second cryptogram comprises a CVC3 Track 2 cryptogram.
  - 10. The method of claim 9 wherein, in said authentication, said issuer authenticates said payment device presented to said reader, based on said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram, by:
    - running two message authentication code calculations;
      
      truncating output of each of said two message authentication code calculations to two bytes; and
      
      comparing said two truncated message authentication code calculation outputs to said first and second cryptograms.
  - 11. The method of claim 3, further comprising including at least one additional bit as an input to a cryptographic calculation by said issuer, wherein:
    - said first and second cryptograms verifying with said bit at a first logical level corresponds to a first condition;
      
      said first and second cryptograms verifying with said bit at a second logical level corresponds to a second condition; and
      
      said first and second cryptograms not verifying with said bit at said first logical level or said second logical level corresponds to a third condition.
  - 12. The method of claim 11, wherein:
    - said first condition comprises a correct PIN entry;
      
      said second condition comprises an incorrect PIN entry; and
      
      said third condition comprises a counterfeit payment device.
  - 13. The method of claim 1, further comprising providing a system, said system in turn comprising distinct software modules embodied on at least one tangible computer readable storage medium, said modules comprising a reader module and a terminal module, wherein:
    - said step of facilitating transmitting, from said payment device reader component to said terminal component, at least said first cryptogram and said second cryptogram, is carried out at least in part by said reader module executing on at least one hardware processor;
      
      said step of facilitating transmitting, from said terminal component to said issuer of said payment device presented to said reader component, through said payment network, said message comprising at least said first cryptogram and said second cryptogram, is carried out at least in part by said terminal module executing on said at least one hardware processor; and
      
      said step of obtaining said message from said issuer, corresponding to said authentication, by said issuer, of said payment device presented to said reader component, based at least on said first cryptogram and said second cryptogram, is carried out at least in part by said terminal module executing on said at least one hardware processor.

14. An apparatus comprising:
- means for facilitating transmitting, from a payment device reader component to a terminal component, at least a first cryptogram and a second cryptogram;
  
  means for facilitating transmitting, from said terminal component to an issuer of a payment device presented to said reader component, through a payment network, a message comprising at least said first cryptogram and said second cryptogram; and
  
  means for obtaining a message from said issuer, said message corresponding to authentication, by said issuer, of said payment device presented to said reader component, based at least on said first cryptogram and said second cryptogram;
  
  wherein said payment network is configured in accordance with at least one ofa standard, anda specificationwhich normally employs only a single cryptogram for said message and said authentication.

15. A computer program product comprising a tangible computer readable recordable storage medium including computer usable program code executable on at least one hardware processor, the computer usable program code being configured to:
- facilitate transmitting, from a payment device reader component to a terminal component, at least a first cryptogram and a second cryptogram;
  
  facilitate transmitting, from said terminal component to an issuer of a payment device presented to said reader component, through a payment network, a message comprising at least said first cryptogram and said second cryptogram; and
  
  obtain a message from said issuer, said message corresponding to authentication, by said issuer, of said payment device presented to said reader component, based at least on said first cryptogram and said second cryptogram;
  
  wherein said payment network is configured in accordance with at least one ofa standard, anda specificationwhich normally employs only a single cryptogram for said message and said authentication.

16. A terminal-reader apparatus for use with a payment device issued by an issuer, and a payment network, said apparatus comprising:
- a memory storing a reader module and a terminal module; and
  
  at least one processor, coupled to said memory, and operative to;
  
  implement at least a portion of a reader component and a terminal component by executing said reader module and said terminal module;
  
  facilitate transmitting, from said reader component to said terminal component, at least a first cryptogram and a second cryptogram, upon presentation of the payment device to the reader component;
  
  facilitate transmitting, from said terminal component to the issuer of the payment device, through the payment network, a message comprising at least said first cryptogram and said second cryptogram; and
  
  obtaining a message from the issuer, said message corresponding to authentication, by the issuer, of the payment device presented to said reader component, based at least on said first cryptogram and said second cryptogram;
  
  wherein the payment network is configured in accordance with at least one of;
  
  a standard, anda specificationwhich normally employs only a single cryptogram for said message and said authentication.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. The apparatus of claim 16, wherein said at least one processor is further operative to facilitate transmitting, from said payment device reader component to said terminal component, an unpredictable number and a transaction counter, wherein:
    - said message transmitted from said terminal component to the issuer further comprises said unpredictable number and said transaction counter; and
      
      said message corresponding to said authentication, by the issuer, of the payment device presented to said reader component, is further based on said unpredictable number and said transaction counter.
  - 18. The apparatus of claim 17, wherein said reader component further comprises a payment device interface.
  - 19. The apparatus of claim 17, wherein, when said at least one processor is operative to facilitate sending said message comprising said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram, said message comprises an authorization request message.
  - 20. The apparatus of claim 19, wherein said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram are embedded in an existing message element of said authorization request message.
  - 21. The apparatus of claim 19, wherein said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram are contained in a new message element of said authorization request message.
  - 22. The apparatus of claim 17, wherein said at least one processor is further operative to transmit, from said terminal component to the issuer through the payment network, an authorization request message which is separate from, but associated with, said message comprising said unpredictable number, said transaction counter, said first cryptogram, and said second cryptogram.
  - 23. The apparatus of claim 17, wherein said first cryptogram comprises a CVC3 Track 1 cryptogram and said second cryptogram comprises a CVC3 Track 2 cryptogram.
  - 24. The apparatus of claim 16, wherein said reader component and said terminal component are integrated.
  - 25. The apparatus of claim 24, wherein said at least one processor comprises a first processor and further comprises at least a second processor, said first processor being operative to implement said at least a portion of said reader component by executing said reader module and said second processor being operative to implement said at least a portion of said terminal component by executing said terminal module.
  - 26. The apparatus of claim 16, wherein said reader component and said terminal component are realized separately, and wherein said at least one processor comprises a first processor and further comprises at least a second processor, said first processor being operative to implement said at least a portion of said reader component by executing said reader module and said second processor being operative to implement said at least a portion of said terminal component by executing said terminal module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Smets, Patrik, Vanneste, Paul, Ward, Michael C.

Granted Patent

US 10,217,109 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/72
CPC Class Codes

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/4012   Verifying personal identifi...

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3242   involving keyed hash functi...

Apparatus and Method for Combining Cryptograms for Card Payments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and Method for Combining Cryptograms for Card Payments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links