METHODS, DEVICES, AND SYSTEMS FOR SECURE PROVISIONING, TRANSMISSION, AND AUTHENTICATION OF PAYMENT DATA

US 20150371234A1
Filed: 10/10/2014
Published: 12/24/2015
Est. Priority Date: 02/21/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method for creating dynamic card data, comprising:

receiving, by a device, card track data;

encrypting, by the device, the card track data using a first key;

sending, by the device, the encrypted card track data to a server;

receiving, by the device, a working key;

generating, by the device, modified card track data including a time-dependent CVV using the working key; and

sending, by the device, the modified card track data to a point of sale terminal or causing the modified card track data to be displayed to a user for use in an e-commerce transaction.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices, systems, and methods for securely converting a user'"'"'s existing static payment card data into dynamic card data that can be authenticated by card issuers or by a stand-in service provider, such as a payment network or processor without requiring the card issuers to make infrastructure changes. The dynamic data can be provisioned onto a magnetic secure transmission device (MST) either directly from a card issuer or using a swiper type device. Devices, systems, and methods are also disclosed for securely provisioning a dynamic card onto the MST by the card issuer. These dynamic cards may be used to transmit modified one-time-use card track data from the MST to a point of sale using a dynamic-CVV methodology to provide higher levels of security during a transaction.

240 Citations

21 Claims

1. A method for creating dynamic card data, comprising:
- receiving, by a device, card track data;
  
  encrypting, by the device, the card track data using a first key;
  
  sending, by the device, the encrypted card track data to a server;
  
  receiving, by the device, a working key;
  
  generating, by the device, modified card track data including a time-dependent CVV using the working key; and
  
  sending, by the device, the modified card track data to a point of sale terminal or causing the modified card track data to be displayed to a user for use in an e-commerce transaction.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein an expiration date, a registered primary account number, or a portion of a discretionary field of the modified track data indicates to a card issuer or a third party service provider that the modified card track data is dynamic-CVV (dCVV) card track data and authorization is to be performed in a dCVV mode.
  - 3. The method of claim 1, wherein the sending the modified card track data to the point of sale terminal includes sending the time-dependent CVV, and a dynamic mode indicator.
  - 4. The method of claim 3, wherein the dynamic mode indicator is a primary account number, an expiration date, or a separate dynamic mode indicator of the modified track data.
  - 5. The method of claim 4, wherein the dynamic mode indicator indicates to a card issuer or third party service provider, that the modified card track data is dynamic-CVV (dCVV) card track data and authorization is to be performed in a dCVV mode.
  - 6. The method of claim 1, wherein the device is a magnetic stripe storage and transmission device or a mobile communication device.

7. A method for provisioning dynamic financial card data by issuer, comprising:
- receiving, by a server, a request for provisioning card track data;
  
  requesting, by the server, an authentication of a user corresponding to the card track data from a card issuer server, wherein the card issuer server corresponds to a card issuer of the card track data;
  
  receiving, by the server, an authentication result from the card issuer server; and
  
  generating, by the server, a working key for the generation of dynamic card track data.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the requesting the authentication of the user from the card issuer server includes sending a primary account number and at least one of a CVV-2, a name, a date of birth, a username and password, and an answer to a challenge question to the card issuer server for authentication.
  - 9. The method of claim 7, further comprising securely sending the working key to a wallet server.
  - 10. The method of claim 7, further comprising receiving a request for verification of a dynamic-CVV (dCVV) in response to initiation of a payment transaction, wherein the dCVV is based on the working key.
  - 11. The method of claim 10, wherein the receiving the request for verification of the dCVV includes receiving a primary account number, an expiration date, a service code, a time-stamp, and a mode indicator.
  - 12. The method of claim 11, further comprising comparing the received time-stamp with a stored time-stamp or current time on the server for verifying a transaction.
  - 13. The method of claim 12, further comprising sending an authorization failure in response to the stored time-stamp or current time corresponding to a time greater than the received time-stamp.

14. A method for performing dynamic-CVV (dCVV), comprising:
- generating, by a server, a working key for card track data;
  
  receiving, by a magnetic stripe storage and transmission device (MST), the working key;
  
  generating, by the MST, modified card track data including a dCVV component based on original card track data, a time-stamp or counter and the working key;
  
  sending the modified card track data to a point of sale terminal or e-commerce website for payment processing;
  
  receiving, by the server, a request for verification of the dCVV from a card issuer server or a third party service provider in response to initiation of the payment processing, wherein the request includes the modified card track data;
  
  performing, by the server, a verification of the dCVV component; and
  
  sending, by the server, a verification failure or final verification based on the verification of the dCVV component.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The method of claim 14, wherein the modified card track data includes the dCVV component, a primary account number, an expiration date, a service code, the time-stamp or counter, and optionally a separate mode indicator when the expiry date or the primary account number is not used to indicate that authorization is to be performed in a dCVV mode.
  - 16. The method of claim 15, wherein the mode indicator indicates to the card issuer server that the modified card track data is dCVV card track data and authorization is to be performed in a dCVV mode.
  - 17. The method of claim 15, wherein the performing the verification includes comparing a received time-stamp or received counter with a stored time-stamp or a current time of the server or stored counter.
  - 18. The method of claim 17, wherein the sending the verification failure or final verification includes sending the verification failure in response to the stored time-stamp or current time of the server corresponding to a time greater than the received time-stamp.
  - 19. The method of claim 15, wherein the performing the verification includes:
    - independently computing, by the server, a dCVV vale using the working key; and
      
      comparing the computed dCVV value with the dCVV component.
  - 20. The method of claim 19, wherein the sending the verification failure or final verification includes sending the final verification in response to the computed dCVV value matching the received dCVV component.
  - 21. The method of claim 14, further comprising sending, by the server, the original card track data to the card issuer server for processing via the card issuer server'"'"'s normal processing methods to complete a transaction, wherein the original card track data corresponds to data of a card issuer corresponding to the card issuer server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
LoopPay Incorporated
Inventors
Huang, Enyang, Graylin, William Wang, Wallner, George

Application Number

US14/511,994
Publication Number

US 20150371234A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/327   Short range or proximity pa...

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/36   using electronic wallets or...

G06Q 20/363   with the personal data of a...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4018   using the card verification...

G06Q 20/409   Device specific authenticat...

G06Q 20/40975   using encryption therefor

METHODS, DEVICES, AND SYSTEMS FOR SECURE PROVISIONING, TRANSMISSION, AND AUTHENTICATION OF PAYMENT DATA

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

240 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS, DEVICES, AND SYSTEMS FOR SECURE PROVISIONING, TRANSMISSION, AND AUTHENTICATION OF PAYMENT DATA

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

240 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links