TOKEN VERIFICATION USING LIMITED USE CERTIFICATES

US 20150220917A1
Filed: 02/04/2015
Published: 08/06/2015
Est. Priority Date: 02/04/2014
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by an access device, a token and a token certificate associated with the token from a user device, wherein the token certificate comprises a token identifier and a digital signature generated using the token identifier;

determining, by the access device, that the token certificate is valid by verifying that the digital signature corresponds to the token identifier;

determining, by the access device, that the token is valid using the token certificate; and

conducting, by the access device, a transaction using the token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, devices, and systems are provided for verifying tokens using limited-use certificates. For example, a user device can send a token request to a token provider computer, and receive in response a token and a token certificate associated with the token. The token certificate may include, for example, a hash of the token and a digital signature by the token provider computer or another trusted entity. The user device can provide the token and the token certificate to an access device. The access device can verify the token using the token certificate, and verify the token certificate using a digital signature. In some cases, the token and token certificate may be verified offline. The access device can then conduct a transaction using the token.

Citations

20 Claims

1. A computer-implemented method comprising:
- receiving, by an access device, a token and a token certificate associated with the token from a user device, wherein the token certificate comprises a token identifier and a digital signature generated using the token identifier;
  
  determining, by the access device, that the token certificate is valid by verifying that the digital signature corresponds to the token identifier;
  
  determining, by the access device, that the token is valid using the token certificate; and
  
  conducting, by the access device, a transaction using the token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein determining that the token is valid comprises determining that the digital signature is consistent with the token identifier included in the token certificate.
  - 3. The computer-implemented method of claim 2, wherein the digital signature is generated by a token provider computer, and wherein determining that the token certificate is valid comprises:
    - hashing, by the access device, a subset of the token certificate including the token identifier to generate a hash of the token certificate;
      
      decrypting, by the access device, the digital signature using a public key of the token provider computer; and
      
      verifying, by the access device, that the decrypted digital signature matches the hash of the token certificate.
  - 4. The computer-implemented method of claim 2, wherein the token certificate further comprises a context identifier that identifies a context in which the token certificate is valid, wherein the method further comprises:
    - verifying, by the access device, that the context identifier matches an expected value stored on the access device.
  - 5. The computer-implemented method of claim 4, wherein the context identifier is associated with a transit provider, wherein the access device is also associated with the transit provider, and wherein the expected value is a transit provider identifier.
  - 6. The computer-implemented method of claim 5, wherein the access device allows a user associated with the token access to a location upon determining that the token is valid, and wherein the access device conducts the transaction after the user is allowed access to the location.
  - 7. The computer-implemented method of claim 5, further comprising:
    - sending a signal to actuate a restriction mechanism upon determining that the token is valid, wherein the access device conducts the transaction after the restriction mechanism has been actuated.
  - 8. The computer-implemented method of claim 1, wherein conducting the transaction comprises:
    - sending, by the access device, an authorization request message for the transaction, the authorization request message including the token; and
      
      receiving, by the access device, an authorization response message, wherein the authorization response message indicates a status of the transaction.

9. A computer-implemented method comprising:
- sending, by a user device, a token request to a token provider computer, the token request including account information for a user operating the user device;
  
  receiving, by the user device, a token response from the token provider computer, the token response including a token associated with the account information, and a token certificate associated with the token; and
  
  sending, by the user device, the token and the token certificate to an access device in order to conduct a transaction.
- View Dependent Claims (10, 11, 12)
- - 10. The computer-implemented method of claim 9, wherein the token request comprises an account number for a user account, and wherein the token is associated with the account number.
  - 11. The computer-implemented method of claim 9, wherein the token certificate further comprises a context identifier that identifies a context in which the token certificate is valid.
  - 12. The computer-implemented method of claim 11, wherein the context identifier is a transit provider identifier associated with a transit provider, and wherein the token provider computer is associated with the transit provider.

13. An access device comprising:
- a processor; and
  
  a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising;
  
  receiving, from a user device, a token and a token certificate associated with the token, wherein the token certificate comprises a token identifier and a digital signature generated using the token identifier;
  
  determining that the token certificate is valid by verifying the digital signature;
  
  determining that the token is valid using the token certificate; and
  
  conducting a transaction using the token.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The access device of claim 13, wherein determining that the token is valid is performed offline.
  - 15. The access device of claim 14, wherein the token certificate further comprises a context identifier that identifies a context in which the token certificate is valid, wherein the method further comprises:
    - verifying that the context identifier matches an expected value.
  - 16. The access device of claim 15, wherein the context identifier is a transit provider identifier associated with a transit provider, and wherein the token provider computer is associated with the transit provider.
  - 17. The access device of claim 16, wherein the access device allows a user associated with the token access to a location upon determining that the token is valid, and wherein the access device conducts the transaction after the user is allowed access to the location.
  - 18. The access device of claim 13, wherein conducting the transaction comprises:
    - sending an authorization request message for the transaction, the authorization request message including the token; and
      
      receiving an authorization response message, wherein the authorization response message indicates a status of the transaction.
  - 19. A system comprising:
    - the access device of claim 13; and
      
      a user device configured to;
      
      send the token and the token certificate to the access device.
  - 20. The system of claim 19, wherein the user device is further configured to:
    - send a token request to a token provider computer, prior to sending the token and the token certificate to the access device; and
      
      receive a token response from the token provider computer, the token response including the token and the token certificate associated with the token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Aabye, Christian, Sullivan, Brian, Wilson, Dave

Application Number

US14/614,315
Publication Number

US 20150220917A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/352   Contactless payments by cards

G06Q 20/38215   Use of certificates or encr...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3234   involving additional secure...

H04L 9/3268   using certificate validatio...

TOKEN VERIFICATION USING LIMITED USE CERTIFICATES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TOKEN VERIFICATION USING LIMITED USE CERTIFICATES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links