Method and system for conducting secure payments over a computer network

US 7,379,919 B2
Filed: 04/11/2001
Issued: 05/27/2008
Est. Priority Date: 04/11/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of conducting a transaction using a payment account for payment over a payment network, the method comprising:

(a) receiving by a service provider other than an issuer of the payment account a first authorization request for the authorization of the transaction using a first payment account number, wherein;

(i) the first payment account number has a service provider identification number that is associated with the service provider other than the issuer and is associated with a second payment account number that has an issuer identification number associated with the issuer, said second payment account number not being included in said first authorization request;

(ii) the first authorization request includes a first acquirer code associated with an acquirer; and

(iii) the first authorization request is routable through the payment network to the service provider based on said service provider identification number;

(b) responsive to the first authorization request, transmitting by the service provider a second authorization request for authorization of the transaction using the second payment account number, the second authorization request including a second acquirer code associated with the service provider and being routable through the payment network to the issuer based on said issuer identification number;

(c) receiving from the issuer a response to the second authorization request transmitted by the service provider, the response including the second acquirer code and being routable through the payment network based on that code; and

(d) transmitting from the service-provider to the acquirer a response to the first authorization request received by the service provider based on the response to the second authorization request received by the service-provider from the issuer, the response to the first authorization request including the first acquirer code and being routable through the payment network based on that code.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for conducting a financial transaction by a purchaser with a merchant having an acquirer bank, over a communications network. The method includes the steps of sending a first authorization request using a pseudo account number associated with a real account number to a service provider which forwards a second authorization request to the issuer using the real account number and preferably a pseudo acquirer code associated with the service provider such that the response to the second request is based on the real account number and sent back to the service provider who preferably forwards a response to the first request preferably to the “real” acquirer. A message authentication code is further provided which includes transaction data, and where the authorization request is formatted as a standard payment card track having one or more fields including a discretionary field in which the message authentication code is placed.

387 Citations

12 Claims

1. A method of conducting a transaction using a payment account for payment over a payment network, the method comprising:
- (a) receiving by a service provider other than an issuer of the payment account a first authorization request for the authorization of the transaction using a first payment account number, wherein;
  
  (i) the first payment account number has a service provider identification number that is associated with the service provider other than the issuer and is associated with a second payment account number that has an issuer identification number associated with the issuer, said second payment account number not being included in said first authorization request;
  
  (ii) the first authorization request includes a first acquirer code associated with an acquirer; and
  
  (iii) the first authorization request is routable through the payment network to the service provider based on said service provider identification number;
  
  (b) responsive to the first authorization request, transmitting by the service provider a second authorization request for authorization of the transaction using the second payment account number, the second authorization request including a second acquirer code associated with the service provider and being routable through the payment network to the issuer based on said issuer identification number;
  
  (c) receiving from the issuer a response to the second authorization request transmitted by the service provider, the response including the second acquirer code and being routable through the payment network based on that code; and
  
  (d) transmitting from the service-provider to the acquirer a response to the first authorization request received by the service provider based on the response to the second authorization request received by the service-provider from the issuer, the response to the first authorization request including the first acquirer code and being routable through the payment network based on that code.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein said response to the second authorization request from the issuer further includes said second payment account number, and said response to the first authorization request by the service provider further includes said first payment account number.
  - 3. The method of claim 1, wherein said first authorization request comprises a message authentication code including transaction data, and said request is formatted with a standard track having a plurality of fields including a discretionary field in which said message authentication code is placed.
  - 4. The method of claim 3, wherein said service provider verifies the message authentication code.

5. A method of conducting a transaction with a merchant over a communications network using a first payment account number that is associated with a second payment account number, the method comprising:
- (a) generating a message authentication code based on one or more transaction details;
  
  (b) transmitting at least the first payment account number and the message authentication code to the merchant;
  
  (c) requesting by the merchant a first authorization request for payment of the transaction using the first payment account number, said second payment account number not being included in said first authorization request, the request being formatted as if payment were tendered at a point-of-sale terminal with a conventional magnetic-stripe payment card, the format having a track with at least a discretionary data field and said message authentication code being transmitted in said discretionary data field;
  
  (d) responsive to the authorization request for the first payment account number, requesting an authorization for payment of the transaction using the second payment account number; and
  
  (e) accepting or declining the authorization request for the first payment account number based on the response to the authorization request for the second payment account number and the message authentication code, wherein said first and second payment account numbers include respective service provider and issuer identification numbers, wherein a service provider other than the issuer receives said merchant'"'"'s request through a payment network based on said service provider identification number, and wherein said service provider generates said request for authorization of payment using the second payment account number and routes said request to said issuer through said network based on said issuer identification number.
- View Dependent Claims (6, 7)
- - 6. The method of claim 5, wherein said service provider includes in said request for authorization for payment an acquirer code associated with said service provider, such that said response from said issuer is routed back to said service provider.
  - 7. The method of claim 6, wherein said request by said merchant includes an associated merchant acquirer code, and wherein said service provider generates a message based on said accepting or declining step and routes that message to said associated merchant acquirer code.

8. A method of conducting a transaction over a communications network, the method comprising:
- issuing by an issuer having an issuer identification number a first payment account number to a user having a computer, said issuer identification number being associated with said first payment account number;
  
  providing a security module for generating a secret key unique to each first account number issued;
  
  generating a second account number associated with said first payment account number;
  
  providing a secure payment application by a service provider to said computer, said application comprising said second account number and said secret key;
  
  storing said secure payment application on said computer;
  
  selecting a merchant with whom to conduct said financial transaction, said merchant having an associated acquirer code;
  
  passing to said computer transaction data;
  
  computer generating a message authentication code based on said transaction data;
  
  transmitting track data in standard track image format to said merchant, said track data comprising said computer generated message authentication code and said second accountnumber, wherein said computer generated message authentication code is directly positioned in the discretionary data field of the standard track image format;
  
  generating a first authorization request based on said data;
  
  transmitting said first request to said service provider;
  
  verifying said first request with said secret key;
  
  obtaining said first payment account number associated with said second account number;
  
  transmitting a second authorization request using said first payment account number to said issuer identification number associated with said first payment account number; and
  
  authorizing or rejecting said second request.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein said track data comprises a discretionary data field, an account number field, and an expiration date field, and wherein said transmitting track data step further includesplacing said message authentication data in said discretionary data field;
    - placing said second account number in said account number field; and
      
      placing an expiration date in said expiration date field.
  - 10. The method of claim 9, wherein said transaction data include said associated acquirer code, and a transaction amount.
  - 11. The method of claim 10, wherein said verifying step further includes verifying said transaction data.
  - 12. The method of claim 8, wherein said second authorization request includes a second acquirer code associated with said service provider, and further comprising the steps of:
    - generating a message based on said authorizing or rejecting step;
      
      forwarding said message to said service provider based on said acquirer code; and
      
      using said merchant'"'"'s associated acquirer code to advise said merchant of said message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Hogan, Edward J., Campbell, Carl M.
Primary Examiner(s)
ELISCA, PIERRE E

Application Number

US09/833,049
Publication Number

US 20020035548A1
Time in Patent Office

2,603 Days
Field of Search

705/64, 705/40
US Class Current

705/64
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/102   Bill distribution or payments

G06Q 20/14   specially adapted for billi...

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 20/403   Solvency checks

G06Q 30/06   Buying, selling or leasing ...

G07F 7/08   by coded identity card or c...

G07F 7/12   Card verification

G07F 7/122   Online card verification

Method and system for conducting secure payments over a computer network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

387 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for conducting secure payments over a computer network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

387 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links