TOKEN VERIFICATION USING LIMITED USE CERTIFICATES
First Claim
1. A computer-implemented method comprising:
- receiving, by an access device, a token and a token certificate associated with the token from a user device, wherein the token certificate comprises a token identifier and a digital signature generated using the token identifier;
determining, by the access device, that the token certificate is valid by verifying that the digital signature corresponds to the token identifier;
determining, by the access device, that the token is valid using the token certificate; and
conducting, by the access device, a transaction using the token.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, devices, and systems are provided for verifying tokens using limited-use certificates. For example, a user device can send a token request to a token provider computer, and receive in response a token and a token certificate associated with the token. The token certificate may include, for example, a hash of the token and a digital signature by the token provider computer or another trusted entity. The user device can provide the token and the token certificate to an access device. The access device can verify the token using the token certificate, and verify the token certificate using a digital signature. In some cases, the token and token certificate may be verified offline. The access device can then conduct a transaction using the token.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, by an access device, a token and a token certificate associated with the token from a user device, wherein the token certificate comprises a token identifier and a digital signature generated using the token identifier; determining, by the access device, that the token certificate is valid by verifying that the digital signature corresponds to the token identifier; determining, by the access device, that the token is valid using the token certificate; and conducting, by the access device, a transaction using the token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method comprising:
-
sending, by a user device, a token request to a token provider computer, the token request including account information for a user operating the user device; receiving, by the user device, a token response from the token provider computer, the token response including a token associated with the account information, and a token certificate associated with the token; and sending, by the user device, the token and the token certificate to an access device in order to conduct a transaction. - View Dependent Claims (10, 11, 12)
-
-
13. An access device comprising:
-
a processor; and a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising; receiving, from a user device, a token and a token certificate associated with the token, wherein the token certificate comprises a token identifier and a digital signature generated using the token identifier; determining that the token certificate is valid by verifying the digital signature; determining that the token is valid using the token certificate; and conducting a transaction using the token. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification