Financial transactions with dynamic personal account numbers

US 7,580,898 B2
Filed: 12/30/2006
Issued: 08/25/2009
Est. Priority Date: 03/15/2004
Status: Active Grant

First Claim

Patent Images

1. A system for securing financial transactions with payment cards in card-not-present financial transactions with merchants in which a payment card is not accessible to a merchant terminal, comprising:

a payment card for use in card-not-present financial transactions with a merchant, and which does not depend on receiving data from said merchant in card-not-present financial transactions;

a personal account number (PAN) disposed on the surface of the payment card and visibly readable by a user, and including a dynamic part in which the digits presented can vary, and a static part in which the digits do not change;

a crypto-table of individual table-values externally preprogrammed into the payment card and dependent on personalization information;

a user display disposed on the payment card in said dynamic part of the PAN, and providing an electronic visual output for a selected table-value from said crypto-table;

an electronic trigger to select a next table-value from said crypto-table for the user display;

a timer connected to the electronic trigger, and providing a limit on the frequency at which said new next table-value from said crypto-table can be retrieved; and

a payment infrastructure connected through said merchant and providing for financial transaction authorizations based at least on the validity of said dynamic and static parts of the PAN, for generating and preprogramming crypto-table and table-values into the payment card according to a cryptogram generation process that is not included in the payment card.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing financial transactions involving payment cards includes associating a sixteen-digit personal account number (PAN) with a particular payment card and user, wherein are included fields for a system number, a bank/product number, a user account number, and a check digit. A four-digit expiration date (MMYY) associated with the PAN. A magnetic stripe on the payment card is encoded with the PAN for periodic reading by a magnetic card reader during a financial transaction. A table of cryptographic values associated with the PAN and the MMYY is stored on each user'"'"'s payment card during personalization by an issuing bank. A next financial transaction being commenced with the payment card is sensed. A cryptographic value from the table of cryptographic values is selected for inclusion as a dynamic portion of the user account number with the PAN when a next financial transaction is sensed. Any cryptographic value from the table of cryptographic values will not be used again in another financial transaction after being used once. The issuing bank authorizes the next financial transaction only if the PAN includes a correct cryptographic value in the user account number field.

Citations

13 Claims

1. A system for securing financial transactions with payment cards in card-not-present financial transactions with merchants in which a payment card is not accessible to a merchant terminal, comprising:
- a payment card for use in card-not-present financial transactions with a merchant, and which does not depend on receiving data from said merchant in card-not-present financial transactions;
  
  a personal account number (PAN) disposed on the surface of the payment card and visibly readable by a user, and including a dynamic part in which the digits presented can vary, and a static part in which the digits do not change;
  
  a crypto-table of individual table-values externally preprogrammed into the payment card and dependent on personalization information;
  
  a user display disposed on the payment card in said dynamic part of the PAN, and providing an electronic visual output for a selected table-value from said crypto-table;
  
  an electronic trigger to select a next table-value from said crypto-table for the user display;
  
  a timer connected to the electronic trigger, and providing a limit on the frequency at which said new next table-value from said crypto-table can be retrieved; and
  
  a payment infrastructure connected through said merchant and providing for financial transaction authorizations based at least on the validity of said dynamic and static parts of the PAN, for generating and preprogramming crypto-table and table-values into the payment card according to a cryptogram generation process that is not included in the payment card.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein:
    - the PAN is a set of use-once sixteen-digit personal account numbers linked with a particular payment card, wherein are included fields for a system number, a bank/product number, a user account number, and a check dig it, and each account number includes a variable part that must match an expected variation to be accepted in financial transactions by the payment infrastructure.
  - 3. The system of claim 1, further comprising:
    - a four-digit expiration date (MMYY) linked with the PAN and included to discriminate amongst a user population.
  - 4. The system of claim 1, further comprising:
    - a magnetic stripe disposed on said payment card and encoded with the PAN, and providing for periodic reading by a magnetic card reader during a card-present financial transaction with a merchant.
  - 5. The system of claim 1, further comprising:
    - a cryptogram generation process for reserving only to an issuing bank, and that includes table generation keys or algorithm details that are not shared externally, and that can send personalization information a secure message that includes at least one of corresponding users'"'"' names, addresses, account numbers, expiration dates.
  - 6. The system of claim 1, further comprising:
    - a swipe sensor for detecting that the payment card has been swiped in a card reader and for signaling that a financial transaction is being commenced with the payment card in a card-present transaction with a merchant.
  - 7. The system of claim 1, wherein:
    - the crypto-table of individual table-values includes means for not repeating the use of any of said individual table-values in another financial transaction after being used once.

8. A construction and operation method for securing payment card financial transactions in a secure financial transaction network and payment infrastructure, comprising:
- associating a personal account number (PAN) with a particular payment card and user by embossing and magnetically recording on said payment card fields for a system number, a bank/product number, a user account number, and a check digit;
  
  associating an expiration date with said PAN by embossing and magnetically recording on said payment card;
  
  encoding a magnetic stripe disposed on said payment card with a magnetic data recording to represent said PAN for periodic electronic reading by a magnetic card reader during a card-present financial transaction with a merchant terminal;
  
  electronically storing data for a table of cryptographic values associated with said PAN on each user'"'"'s payment card during personalization;
  
  electronically sensing a financial transaction being commenced with the payment card with the use of a swipe sensor;
  
  separating in time a current financial transaction with a merchant terminal from a next, new financial transaction, with an electronic timer disposed in said payment card, and triggered by a user input;
  
  electronically presenting a current variable part of said PAN on the user display only during a current financial transaction with said merchant terminal;
  
  electronically presenting a new, next variable part of said PAN on said user display only during a next, new financial transaction with any merchant terminal;
  
  imposing an electronic limit on how frequently a new, next variable part of said PAN can be electronically generated and presented on said user display;
  
  data selecting a cryptographic value from a table of cryptographic values for inclusion as a dynamic portion of said PAN when a next, new financial transaction is electronically sensed with any merchant terminal;
  
  not repeating the use of any cryptographic data value from said table of cryptographic values in another financial transaction with any merchant terminal after being used once; and
  
  authorizing with an electronic data message said next financial transaction only if said PAN electronically read by any merchant terminal includes a correct cryptographic value in said user account number field.
- View Dependent Claims (9)
- - 9. The method of claim 8, further comprising:
    - limiting the range of said four-digit expiration date (MMYY) to a range of forty-eight months and evenly allocating expiration months in the range to discriminate amongst a population of users during validation, such that said PAN and said MMYY combine to provide a greater number of unique identifiers for such users.

10. A secure financial transaction network for payment cards, comprising:
- a personal account number (PAN) with an included set of variations in a predictable sequence for linking with a particular payment card and user, wherein are included fields for a system number, a bank/product number, a user account number, and a check digit;
  
  static and dynamic magnetic recording devices for encoding a magnetic stripe on said payment card with said PAN and its variations in use-once sequence for periodic reading by a magnetic card reader during a financial transaction, wherein said PAN does not necessarily match another PAN that may be presented on a user display disposed on the same payment card;
  
  a secure message of personalization information to enable programming of a table of cryptographic values constituting sequenced predictable variations in said PAN on each user'"'"'s payment card;
  
  a card-present trigger for sensing a next financial transaction being commenced with said payment card;
  
  a device for selecting a cryptographic value from said table of cryptographic values for inclusion as a dynamic portion of said user account number in said PAN when a next financial transaction is sensed;
  
  a device for not repeating the use of any cryptographic value from said table of cryptographic values in another financial transaction after its being used once; and
  
  a transaction authorized message for authorizing by said issuing bank said next financial transaction only if said PAN matches an expected variation defined originally in said secure message of personalization information for said table of cryptographic values.
- View Dependent Claims (11)
- - 11. The network of claim 10, further comprising:
    - a four-digit expiration date (MMYY) limited to a range of forty-eight months and evenly allocating expiration months in the range to a population of users, such that said PAN and said MMYY combine to discriminate amongst such users.

12. A secure payment card, comprising:
- a payment card for use in card-present and card-not-present financial transactions with merchants;
  
  a set of personal account numbers (PAN'"'"'s) that are predictable and sequentially issued visually or magnetically by the payment card, wherein are included data fields for a system number, a bank/product number, a user account number, and a check digit;
  
  a magnetic stripe disposed on the payment and providing static and dynamic magnetic data representing a selected one from the set of PAN'"'"'s for periodic reading one-way access by a magnetic card reader during a card-present financial transaction;
  
  a precomputed and preprogrammed table of cryptographic values for constructing individual ones of the set of PAN'"'"'s on the payment card when triggered by a use;
  
  a detector for sensing a next, new financial transaction being commenced with the payment card and providing a trigger to issue a new PAN;
  
  a cryptographic value selectable from the table of cryptographic values for inclusion as a dynamic portion of said user account number with said each PAN when a next financial transaction is sensed.
- View Dependent Claims (13)
- - 13. the payment card of claim 12, further comprising:
    - a display device and switch embedded in the payment card for supporting secure card-not-present transactions by making the set of PAN'"'"'s visually readable by a user once, and only one at a time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fitbit, Inc. (Alphabet Inc.)
Original Assignee
Qsecure Inc.
Inventors
Brown, Kerry D., Pariseau, David Kevin
Primary Examiner(s)
Elisca; Pierre E

Application Number

US11/618,813
Publication Number

US 20070208671A1
Time in Patent Office

969 Days
Field of Search

705/75, 705/50, 705/51
US Class Current

705/75
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3415   Cards acting autonomously a...

G06Q 20/367   involving electronic purses...

G06Q 20/385   using an alias or single-us...

G06Q 20/401   Transaction verification

G07F 7/08   by coded identity card or c...

G07F 7/1008   Active credit-cards provide...

G07F 7/1083   Counting of PIN attempts

G07F 7/12   Card verification

Financial transactions with dynamic personal account numbers

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Financial transactions with dynamic personal account numbers

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links