ONE-TIME CREDIT CARD NUMBERS
First Claim
Patent Images
1. A method, implemented at least in part by a computing device, the method comprising:
- receiving a one-time credit card number for a purchase transaction being made via a customer device;
receiving signed purchase transaction details of the purchase transaction originating from the customer device;
via a shared secret shared with the customer device and the signed purchase transaction details, determining whether the one-time credit card number is valid; and
responsive to determining that the one-time credit card number is valid, outputting an indication of validity of the purchase transaction.
1 Assignment
0 Petitions
Accused Products
Abstract
Various technologies related to one-time credit card numbers are presented. One-time credit card numbers can originate from a customer device and be independently generated by the customer device without online communication with an issuer. Signed transaction details can also be sent, providing non-repudiation of the purchase transaction. Merchant infrastructure need not be changed to accommodate the one-time credit card numbers. The technologies can be particularly resilient to replay, forgery, man-in-the-middle, and guessing attacks for credit card number generation or other usage by an attacker.
-
Citations
21 Claims
-
1. A method, implemented at least in part by a computing device, the method comprising:
-
receiving a one-time credit card number for a purchase transaction being made via a customer device; receiving signed purchase transaction details of the purchase transaction originating from the customer device; via a shared secret shared with the customer device and the signed purchase transaction details, determining whether the one-time credit card number is valid; and responsive to determining that the one-time credit card number is valid, outputting an indication of validity of the purchase transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method, implemented at least in part by a computing device, the method comprising:
-
in a customer controlled device, generating, with a one-time credit card number generation application having as input shared secret shared with an issuer, a one-time credit card number; outputting the one-time credit card number for use in a purchase being made by a customer from a merchant; generating signed purchase transaction information, the generating comprising signing, with the shared secret, purchase transaction information for the purchase being made by the customer from the merchant; and outputting the signed purchase transaction information. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. One or more computer-readable storage devices comprising:
-
an infrastructure-transparent one-time credit card number; wherein the infrastructure-transparent one-time credit card number is generated by a customer device responsive to a request for a new one-time credit card number without receiving information from an issuer after receipt of the request.
-
-
20. One or more computer-readable storage devices comprising computer-executable instructions for performing a method comprising:
-
receiving a request to generate a new one-time credit card number; responsive to the request, generating, at a customer device, the one-time credit card number, wherein the one-time credit card number is of a format of a standard credit card number, wherein the generating is based at least on a shared secret shared with an issuer, and wherein the one-time credit card number is generated without receiving information from the issuer after receiving the request to generate the new one-time credit card number; generating signed details of a purchase transaction conducted between a customer and a merchant, wherein the generating comprises signing details of the purchase transaction with a private key of the customer, wherein the details comprise an identity of the customer and the one-time credit card number; sending the one-time credit card number to the merchant for the purchase transaction conducted between the customer and the merchant; and sending the signed details of the purchase transaction to the issuer. - View Dependent Claims (21)
-
Specification