Systems and Methods for Verifying Users, in Connection With Transactions Using Payment Devices

US 20160364730A1
Filed: 06/09/2016
Published: 12/15/2016
Est. Priority Date: 06/09/2015
Status: Active Grant

First Claim

Patent Images

1. A payment device associated with a payment account, the device comprising:

a fingerprint sensor; and

a security chip coupled to the fingerprint sensor and including a payment application, the security chip configured to;

initiate the payment application, which is configured to invoke a verification application, which when invoked, causes the security chip to;

initiate a timer;

capture a fingerprint image, at the fingerprint sensor, when a finger is presented at the fingerprint sensor and when the timer is unexpired;

validate the captured fingerprint image against reference fingerprint data stored in the payment device;

when the timer expires, without a match to the reference fingerprint data, return a first authentication file location (AFL) to a terminal in response to a select comment from the terminal;

when a match between the captured fingerprint image and the reference fingerprint data is found, while the timer is unexpired, return a second AFL to the terminal in response to the select command from the terminal; and

return to the payment application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for verifying users in connection with transactions using payment devices are disclosed. One exemplary method generally includes receiving a select command for an AID associated with a payment application from a terminal and, in response, initiating by a security chip of a payment device, a timer after power-up of the security chip by the terminal. The method also includes capturing a biometric of a user, at a biometric sensor, according to the payment application, and verifying, by the security chip, the captured biometric based on reference biometric data. The method further includes, when the timer is unexpired and the captured biometric is verified, appending a first value to a CVR and returning a first AFL to the terminal, and when the timer is expired, appending a different value to the CVR and returning a different AFL to the terminal.

Citations

20 Claims

1. A payment device associated with a payment account, the device comprising:
- a fingerprint sensor; and
  
  a security chip coupled to the fingerprint sensor and including a payment application, the security chip configured to;
  
  initiate the payment application, which is configured to invoke a verification application, which when invoked, causes the security chip to;
  
  initiate a timer;
  
  capture a fingerprint image, at the fingerprint sensor, when a finger is presented at the fingerprint sensor and when the timer is unexpired;
  
  validate the captured fingerprint image against reference fingerprint data stored in the payment device;
  
  when the timer expires, without a match to the reference fingerprint data, return a first authentication file location (AFL) to a terminal in response to a select comment from the terminal;
  
  when a match between the captured fingerprint image and the reference fingerprint data is found, while the timer is unexpired, return a second AFL to the terminal in response to the select command from the terminal; and
  
  return to the payment application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The device of claim 1, wherein the security chip is configured to:
    - append a first value to a card verification result (CVR) when the captured fingerprint matches the reference fingerprint data; and
      
      append a second value to the CVR when the captured fingerprint is not validated.
  - 3. The device of claim 2, wherein the security chip is configured to append a third value to the CVR when the timer is expired and no fingerprint image is captured.
  - 4. The device of claim 1, wherein one or more dimensions of the payment device are defined by an ID-1 standard;
    - andwherein the fingerprint sensor and the security chip are disposed at opposite end portions of the payment device, such that the security chip is able to be positioned to interact with the terminal, while the fingerprint sensor remains accessible to a user.
  - 5. The device of claim 1, wherein the security chip is configured, in order to initiate the timer, to respond to a defined number of waiting time extension (WTX) requests received from the terminal;
    - andwherein the second AFL includes a card verification method (CVM) list comprising offline personal identification number (PIN) verification, online PIN verification, and/or signature verification.
  - 6. The device of claim 1, wherein the security chip is configured to store the reference fingerprint data based on the captured fingerprint image, when no reference fingerprint data is stored in the payment device prior to the capture of the fingerprint image.
  - 7. A system comprising the payment device of claim 1 and at least one of a payment network and an issuer, the at least one of the payment network and the issuer configured to:
    - intercept an authorization request associated with a transaction to a payment account, initiated by presenting said payment device, when an account number for the transaction is within a range of account numbers and a card verification result (CVR) included in the authorization request indicates a verified biometric;
      
      append a verification indicator to the intercepted authorization request; and
      
      permit the authorization request associated with the transaction to proceed.
  - 8. The system of claim 7, wherein the at least one of the payment network and/or the issuer is configured to append the verification indicator to Sub-Element 17 of Data Element 48 of the intercepted authorization request;
    - wherein the system further comprises the terminal, the terminal structured such that the fingerprint sensor is accessible to a user, when the security chip is in contact with the terminal; and
      
      wherein the terminal is selected from the group consisting of a point-of-sale (POS) terminal and an automated teller machine (ATM) terminal.

9. A computer-implemented method for use in verifying users, in connection with transactions using payment devices, the method comprising:
- receiving a select command, for an application identifier (AID) associated with a payment application, from a terminal;
  
  in response to the select command, initiating, by a security chip of a payment device, a timer after power-up of the security chip by the terminal, the payment device associated with a payment account;
  
  capturing a biometric of a user, at a biometric sensor, according to the payment application, when a biometric is present at the biometric sensor;
  
  verifying, by the security chip, the captured biometric based on reference biometric data;
  
  when the timer is unexpired, and the captured biometric is verified, appending a first value to a card verification result (CVR) and returning a first authentication file location (AFL) to the terminal; and
  
  when the timer is expired, appending a different value to the CVR and returning a different AFL to the terminal, whereby the terminal is able to proceed to an authorization request and/or employ one or more verification methods in response to the first or different AFL.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein appending the different value to the CVR includes:
    - appending a second value to the CVR when the captured biometric is not verified; and
      
      appending a third value to the CVR when no biometric is captured.
  - 11. The method of claim 10, wherein the security chip includes an EMV chip.
  - 12. The method of claim 9, further comprising:
    - generating, by the security chip, according to the payment application, a cryptogram based on the value of the CVR; and
      
      transmitting the cryptogram to the terminal, whereby the cryptogram is included in the authorization request for a payment transaction initiated using the payment device.
  - 13. The method of claim 12, further comprising transmitting the CVR to the terminal, whereby the terminal includes the CVR in the authorization request.
  - 14. The method of claim 9, wherein initiating the timer includes counting a number of waiting time extension (WTX) requests received from the terminal, until a predefined number of WTX requests is counted;
    - andfurther comprising expiring the timer when the predefined number of WTX requests is satisfied.
  - 15. The method of claim 14, wherein the terminal is selected from the group consisting of a point-of-sale (POS) terminal and an automated teller machine (ATM) terminal.
  - 16. The method of claim 14, wherein the payment device includes the biometric sensor;
    - andwherein the biometric is a fingerprint, and the biometric sensor is a fingerprint sensor.

17. A non-transitory computer readable storage media including computer-executable instructions for verifying a user in connection with a transaction involving a payment device, which when executed by at least one processor, cause the at least one processor to:
- initiate a counter of waiting time extension (WTX) requests received from a terminal providing power to a payment device;
  
  detect and capture, at a fingerprint sensor of the payment device, a fingerprint of a user;
  
  verify the captured fingerprint against reference fingerprint data stored at the payment device;
  
  append a value to a card verification result (CVR) when the captured fingerprint is verified;
  
  generate a cryptogram when the captured fingerprint is verified; and
  
  transmit the cryptogram to the terminal, whereby the cryptogram and the CVR are included in an authorization request for a transaction initiated with the payment device, such that, based on content of the cryptogram and/or the CVR, a source entity is able to verify the user and distribute one or more benefits thereto.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer readable storage media of claim 17, wherein the computer-executable instructions, when executed by the at least one processor, cause the at least one processor to launch a payment application in response to power from the terminal.
  - 19. The non-transitory computer readable storage media of claim 17, wherein the computer-executable instructions, when executed by the at least one processor, cause the at least one processor to append a different value to the CVR when the captured fingerprint is not verified and the counter expires.
  - 20. The non-transitory computer readable storage media of claim 17, wherein the computer-executable instructions, when executed by the at least one processor, cause the at least one processor to return a first authentication file location (AFL) to the terminal when the captured fingerprint is verified and a second AFL when the captured fingerprint is not verified, such that the terminal is able to determine to employ a further verification method, or not.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Rans, Jean-Paul Edmond, Bhatt, Sumeet

Granted Patent

US 10,817,878 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3563   Software being resident on ...

G06Q 20/3574   Multiple applications on card

G06Q 20/38215   Use of certificates or encr...

G06Q 20/40145   Biometric identity checks

Systems and Methods for Verifying Users, in Connection With Transactions Using Payment Devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Verifying Users, in Connection With Transactions Using Payment Devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links