Method, Server, And Storage Medium For Verifying Transactions Using A Smart Card

US 20160300224A1
Filed: 06/09/2016
Published: 10/13/2016
Est. Priority Date: 01/07/2014
Status: Active Grant

First Claim

Patent Images

1. A method of verifying a transaction using a smart card, the method comprising:

receiving a transaction request from a first terminal to perform a transaction with a user of the smart card, wherein the transaction request includes card identification information and encrypted card data extracted by the first terminal from the smart card, and transaction information;

determining a respective user account linked to the card identification information;

performing a first verification process to authenticate the smart card, including;

verifying that the smart card possesses a correct decryption key corresponding to the card identification information;

performing a second verification process to authenticate the smart card, including;

verifying that the encrypted card data extracted from the smart card encodes stored card data corresponding to the respective user account linked to the card identification information; and

in accordance with successful completion of the first and the second verification processes, processing the transaction in accordance with the transaction information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, server and storage medium for verifying a transaction using a smart card are disclosed. A server receives a transaction request to perform a transaction with a user of the smart card. The transaction request includes identification information and encrypted data extracted from the smart card, and transaction information. The server determines a user account linked to the identification information. The server performs a first verification process to authenticate the smart card by verifying that the smart card possesses a correct decryption key corresponding to the identification information. The server performs a second verification process to authenticate the smart card by verifying that the encrypted data extracted from the smart card encodes stored data corresponding to the respective user account linked to the identification information. If the first and the second verification processes are successful, the server processes the transaction in accordance with the transaction information.

Citations

20 Claims

1. A method of verifying a transaction using a smart card, the method comprising:
- receiving a transaction request from a first terminal to perform a transaction with a user of the smart card, wherein the transaction request includes card identification information and encrypted card data extracted by the first terminal from the smart card, and transaction information;
  
  determining a respective user account linked to the card identification information;
  
  performing a first verification process to authenticate the smart card, including;
  
  verifying that the smart card possesses a correct decryption key corresponding to the card identification information;
  
  performing a second verification process to authenticate the smart card, including;
  
  verifying that the encrypted card data extracted from the smart card encodes stored card data corresponding to the respective user account linked to the card identification information; and
  
  in accordance with successful completion of the first and the second verification processes, processing the transaction in accordance with the transaction information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein verifying that the smart card possesses the correct decryption key corresponding to the card identification information comprises:
    - generating a pseudo-random string, and storing the pseudo-random string in association with the transaction request;
      
      encrypting the pseudo-random string with a stored encryption key corresponding to the card identification information, wherein the stored encryption key and the correct decryption key corresponding to the card identification information form an encryption-decryption key pair;
      
      sending the encrypted pseudo-random string to the first terminal for processing by the smart card;
      
      in response to sending the encrypted pseudo-random string, receiving, from the first terminal, a decrypted string, wherein the decrypted string corresponds to a decryption process performed by the smart card on the encrypted pseudo-random string with a respective decryption key stored on the smart card; and
      
      comparing the decrypted string to the stored pseudo-random string to determine whether the decrypted string and the stored pseudo-random string are identical.
  - 3. The method of claim 1, wherein verifying that the encrypted card data extracted from the smart card encodes stored card data corresponding to the respective user account linked to the card identification information further comprises:
    - decrypting the encrypted card data included in the transaction request with a stored decryption key corresponding to the respective user account;
      
      determining whether the decrypted card data matches the stored card data corresponding to the respective user account; and
      
      in accordance with a determination that the decrypted card data matches stored card data corresponding to the respective user account, authenticating the user of the smart card as an authorized user of the smart card.
  - 4. The method of claim 1, wherein processing the transaction further comprises:
    - processing the transaction request according to the transaction information and payment information linked to the respective user account.
  - 5. The method of claim 1, further comprising:
    - providing updated card data to the smart card, wherein the updated card data is encrypted with the stored encryption key corresponding to the respective user account.
  - 6. The method of claim 1, wherein processing the transaction further comprises:
    - in accordance with a determination that the transaction information is associated with a security risk, performing a third verification process including;
      
      sending a notification to an electronic device linked to the respective user account; and
      
      in response to receiving an authorization message from the electronic device, processing the transaction request corresponding to the transaction request.
  - 7. The method of claim 1, wherein the security risk is detected when the transaction information indicates at least one of:
    - a transaction amount exceeding a single transaction limit, a transaction amount exceeding a daily transaction limit, a transaction location outside of a predetermined radius from a predefined home location, and one or more items corresponding to the transaction that do match a purchasing profile for the respective user account.

8. A server, comprising:
- one or more processors; and
  
  memory storing one or more programs to be executed by the one or more processors, the one or more programs comprising instructions for;
  
  receiving a transaction request from a first terminal to perform a transaction with a user of the smart card, wherein the transaction request includes card identification information and encrypted card data extracted by the first terminal from the smart card, and transaction information;
  
  determining a respective user account linked to the card identification information;
  
  performing a first verification process to authenticate the smart card, including;
  
  verifying that the smart card possesses a correct decryption key corresponding to the card identification information;
  
  performing a second verification process to authenticate the smart card, including;
  
  verifying that the encrypted card data extracted from the smart card encodes stored card data corresponding to the respective user account linked to the card identification information; and
  
  in accordance with successful completion of the first and the second verification processes, processing the transaction in accordance with the transaction information.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The server of claim 8, wherein verifying that the smart card possesses the correct decryption key corresponding to the card identification information comprises:
    - generating a pseudo-random string, and storing the pseudo-random string in association with the transaction request;
      
      encrypting the pseudo-random string with a stored encryption key corresponding to the card identification information, wherein the stored encryption key and the correct decryption key corresponding to the card identification information form an encryption-decryption key pair;
      
      sending the encrypted pseudo-random string to the first terminal for processing by the smart card;
      
      in response to sending the encrypted pseudo-random string, receiving, from the first terminal, a decrypted string, wherein the decrypted string corresponds to a decryption process performed by the smart card on the encrypted pseudo-random string with a respective decryption key stored on the smart card; and
      
      comparing the decrypted string to the stored pseudo-random string to determine whether the decrypted string and the stored pseudo-random string are identical.
  - 10. The server of claim 8, wherein verifying that the encrypted card data extracted from the smart card encodes stored card data corresponding to the respective user account linked to the card identification information further comprises:
    - decrypting the encrypted card data included in the transaction request with a stored decryption key corresponding to the respective user account;
      
      determining whether the decrypted card data matches the stored card data corresponding to the respective user account; and
      
      in accordance with a determination that the decrypted card data matches stored card data corresponding to the respective user account, authenticating the user of the smart card as an authorized user of the smart card.
  - 11. The server of claim 8, wherein processing the transaction further comprises:
    - processing the transaction request according to the transaction information and payment information linked to the respective user account.
  - 12. The server of claim 8, wherein the one or more programs further comprise instructions for:
    - providing updated card data to the smart card, wherein the updated card data is encrypted with the stored encryption key corresponding to the respective user account.
  - 13. The server of claim 8, wherein processing the transaction further comprises:
    - in accordance with a determination that the transaction information is associated with a security risk, performing a third verification process including;
      
      sending a notification to an electronic device linked to the respective user account; and
      
      in response to receiving an authorization message from the electronic device, processing the transaction request corresponding to the transaction request.
  - 14. The server of claim 8, wherein the security risk is detected when the transaction information indicates at least one of:
    - a transaction amount exceeding a single transaction limit, a transaction amount exceeding a daily transaction limit, a transaction location outside of a predetermined radius from a predefined home location, and one or more items corresponding to the transaction that do match a purchasing profile for the respective user account.

15. A non-transitory computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which, when executed by a server with one or more processors, cause the server to perform operations comprising:
- receiving a transaction request from a first terminal to perform a transaction with a user of the smart card, wherein the transaction request includes card identification information and encrypted card data extracted by the first terminal from the smart card, and transaction information;
  
  determining a respective user account linked to the card identification information;
  
  performing a first verification process to authenticate the smart card, including;
  
  verifying that the smart card possesses a correct decryption key corresponding to the card identification information;
  
  performing a second verification process to authenticate the smart card, including;
  
  verifying that the encrypted card data extracted from the smart card encodes stored card data corresponding to the respective user account linked to the card identification information; and
  
  in accordance with successful completion of the first and the second verification processes, processing the transaction in accordance with the transaction information.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein verifying that the smart card possesses the correct decryption key corresponding to the card identification information comprises:
    - generating a pseudo-random string, and storing the pseudo-random string in association with the transaction request;
      
      encrypting the pseudo-random string with a stored encryption key corresponding to the card identification information, wherein the stored encryption key and the correct decryption key corresponding to the card identification information form an encryption-decryption key pair;
      
      sending the encrypted pseudo-random string to the first terminal for processing by the smart card;
      
      in response to sending the encrypted pseudo-random string, receiving, from the first terminal, a decrypted string, wherein the decrypted string corresponds to a decryption process performed by the smart card on the encrypted pseudo-random string with a respective decryption key stored on the smart card; and
      
      comparing the decrypted string to the stored pseudo-random string to determine whether the decrypted string and the stored pseudo-random string are identical.
  - 17. The non-transitory computer readable storage medium of claim 15, wherein verifying that the encrypted card data extracted from the smart card encodes stored card data corresponding to the respective user account linked to the card identification information further comprises:
    - decrypting the encrypted card data included in the transaction request with a stored decryption key corresponding to the respective user account;
      
      determining whether the decrypted card data matches the stored card data corresponding to the respective user account; and
      
      in accordance with a determination that the decrypted card data matches stored card data corresponding to the respective user account, authenticating the user of the smart card as an authorized user of the smart card.
  - 18. The non-transitory computer readable storage medium of claim 15, wherein the instructions cause the server to perform operations further comprising:
    - providing updated card data to the smart card, wherein the updated card data is encrypted with the stored encryption key corresponding to the respective user account.
  - 19. The non-transitory computer readable storage medium of claim 15, wherein processing the transaction further comprises:
    - in accordance with a determination that the transaction information is associated with a security risk, performing a third verification process including;
      
      sending a notification to an electronic device linked to the respective user account; and
      
      in response to receiving an authorization message from the electronic device, processing the transaction request corresponding to the transaction request.
  - 20. The non-transitory computer readable storage medium of claim 15, wherein the security risk is detected when the transaction information indicates at least one of:
    - a transaction amount exceeding a single transaction limit, a transaction amount exceeding a daily transaction limit, a transaction location outside of a predetermined radius from a predefined home location, and one or more items corresponding to the transaction that do match a purchasing profile for the respective user account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tencent Technology Shenzhen Company Limited (Tencent Holdings Limited)
Original Assignee
Tencent Technology Shenzhen Company Limited (Tencent Holdings Limited)
Inventors
ZHU, Yaxuan, LIU, Kai, CAI, Runda, XU, Zhenyu, LIU, Chenglin

Granted Patent

US 10,878,413 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06K 19/06037   multi-dimensional coding

G06K 19/06112   the marking being simulated...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/401   Transaction verification

Method, Server, And Storage Medium For Verifying Transactions Using A Smart Card

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method, Server, And Storage Medium For Verifying Transactions Using A Smart Card

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links