Method and system for conducting secure payments over a computer network

US 6,990,470 B2
Filed: 06/22/2001
Issued: 01/24/2006
Est. Priority Date: 04/11/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of conducting an electronic transaction over a public communications network with an account number, comprising:

electronically generating a per-card key associated with said account number;

electronically generating a message authentication code using said per-card key;

electronically converting said message authentication code into a pseudo expiration date;

electronically generating an authorization request for said transaction, said request having an expiration date field containing said pseudo expiration date; and

electronically verifying said message authentication code based on said pseudo expiration date.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure method of conducting an electronic transaction over a public communications network is provided which utilizes a pseudo-expiration date in the expiration date field of an authorization request. One of the preferred methods comprises:

- generating a per-card key associated with an account number;
- generating a message authentication code using the per-card key;
- converting the message authentication code into a pseudo expiration date;
- generating an authorization request for the transaction, the request having an expiration date field containing the pseudo expiration date; and
- verifying the message authentication code based on the pseudo expiration date.
- Another embodiment of the invention includes a method of conducting an electronic transaction over a public communications network, with a payment account number having an associated pseudo account number, comprising:
- (a) providing the pseudo account number with a control field indicating one of a plurality of key-generation processes to be used to generate an authentication key;
- (b) generating an authentication key associated with the pseudo account number using one of the plurality of key-generation processes indicated in the control field of the pseudo account number;
- (c) using the authentication key to generate a message authentication code specific to the transaction;
- (d) generating an authorization request message including the message authentication code and the pseudo account number; and
- (e) verifying the message authentication code using the indicated key-generation process and the authentication key.

330 Citations

14 Claims

1. A method of conducting an electronic transaction over a public communications network with an account number, comprising:
- electronically generating a per-card key associated with said account number;
  
  electronically generating a message authentication code using said per-card key;
  
  electronically converting said message authentication code into a pseudo expiration date;
  
  electronically generating an authorization request for said transaction, said request having an expiration date field containing said pseudo expiration date; and
  
  electronically verifying said message authentication code based on said pseudo expiration date.
- View Dependent Claims (2)
- - 2. The method of claim 1 wherein said electronic transaction is conducted over a public communications network and a payment network including an issuer of said account number, and wherein said account number has a real expiration date, further comprising the steps of generating a second authorization request including said real expiration date and forwarding said second request to said issuer for approval of said transaction.

3. A method of conducting an electronic transaction over a public communications network with a payment account number having an associated pseudo account number, comprising:
- (a) electronically generating by a service provider a per-card key associated with said pseudo account number using said payment account number and said pseudo account number;
  
  (b) creating a secure payment application for use in said transaction including said per-card key, (c) using said per-card key to electronically generate a message authentication code (“
  
  MAC”
  
  );
  
  (d) electronically generating a MAC verification request by said secure payment application including said pseudo account number and said MAC;
  
  (e) electronically verifying said MAC;
  
  (f) based on said verification, creating an expected transaction sequence number (ETSN) for said MAC;
  
  (g) providing said secure payment application with reference data;
  
  (h) electronically creating a second message authentication code using said expected transaction sequence number and said per-card key;
  
  (i) electronically converting said second message authentication code into a pseudo expiration date using said reference data;
  
  (j) electronically generating an authorization request having an expiration date field containing said pseudo expiration date; and
  
  (k) responding to said authorization request and verifying said second message authentication code based on said pseudo expiration date.
- View Dependent Claims (4, 5, 6, 7, 8, 9)
- - 4. The method of claim 3 wherein said per-card key is generated using a per BIN key.
  - 5. The method of claim 3 wherein said MAC verification request further includes an expiration date of said payment account number, a version number and a transaction sequence number value, and wherein said step of verifying said MAC is based on said expiration date, said version number and said transaction sequence number value.
  - 6. The method of claim 5 wherein said step of creating said second message authentication code uses said version number.
  - 7. The method of claim 3 wherein said reference data includes a reference date and a number of months indicator.
  - 8. The method of claim 3 wherein said step of verifying said second message authentication code includes the following steps:
    - determining said payment account number using said pseudo account number and a stored conversion table;
      
      determining said per-card key associated with said pseudo account number using said payment account number and said pseudo account number;
      
      selecting a second expected transaction sequence number for which an associated message authentication code has not been verified;
      
      converting said third message authentication code into a second pseudo expiration date using second reference data, said second reference data being specified for said second expected transaction sequence number;
      
      comparing said second pseudo expiration date with said pseudo expiration date; and
      
      verifying said second message authentication code based on said comparison.
  - 9. The method of claim 8 wherein said second message authentication code is verified if said second pseudo expiration date matches said pseudo expiration date.

10. A method of conducting an electronic transaction over a public communications network, with a payment account number having an associated pseudo account number, comprising:
- (a) electronically providing said pseudo account number with a control field indicating one of a plurality of key-generation processes to be used to generate an authentication key;
  
  (b) electronically generating an authentication key associated with said pseudo account number using said one of said plurality of key-generation processes indicated in said control field of said pseudo account number;
  
  (c) using said authentication key to electronically generate a message authentication code specific to said transaction;
  
  (d) electronically generating an authorization request message including said message authentication code and said pseudo account number; and
  
  (e) verifying the message authentication code using said indicated key-generation process and said authentication key.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10 wherein said authentication key is generated also using an authentication key derivation key on said pseudo account number.
  - 12. The method of claim 11 wherein said authentication key is generated also using a per-BIN key.

13. A method of conducting an electronic transaction over a communications network with an account number, comprising:
- electronically generating a per-card key associated with said account number;
  
  electronically generating a message authentication code using said per-card key;
  
  providing at least two different operating modes for forwarding in different manners said message authentication code with an authorization request having different fields, at least one of said operating modes for forwarding said message authentication code in an expiration date field and at least one of said operating modes for forwarding said message authentication code in a message authentication code field.
- View Dependent Claims (14)
- - 14. The method of claim 13, wherein said message authentication code is automatically conveyed in said message authentication code field if said message authentication code field exists.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Campbell, Carl M., Hogan, Edward J.
Primary Examiner(s)
Tramwell, James P.
Assistant Examiner(s)
WORJLOH, JALATEE

Application Number

US09/886,485
Publication Number

US 20020116341A1
Time in Patent Office

1,677 Days
Field of Search

705 64- 79, 713/150, 380/277
US Class Current

705/64
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/14   specially adapted for billi...

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/383   Anonymous user system

G06Q 20/385   using an alias or single-us...

G06Q 20/401   Transaction verification

G06Q 40/02   Banking, e.g. interest calc...

Method and system for conducting secure payments over a computer network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

330 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for conducting secure payments over a computer network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

330 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links