Financial transactions with dynamic card verification values

US 7,584,153 B2
Filed: 12/30/2006
Issued: 09/01/2009
Est. Priority Date: 03/15/2004
Status: Active Grant

First Claim

Patent Images

1. A system for securing financial transactions with payment cards, comprising:

a payment card for use at least in card-not-present financial transactions with a merchant, and that is not itself capable of cryptographic calculations;

a precomputed set of dynamic variable card verification values (CVVs) disposed electronically in the payment card, and in which the CVVs are distinct and separate from a personal account number and not transmitted in card-present financial transactions;

a user display for visually presenting any said CVV permanently stored in a table and individually selected on the payment card;

a user trigger for starting an electronic selection of a next CVV in a table loaded previously by a cryptographic process and calculated outside the payment card, and for causing a new value of said CVVs to be visually presented on the user display;

a timer connected to the user trigger and providing a limit on the frequency at which a new CVV can be generated or retrieved; and

a payment infrastructure connected through said merchant and providing for financial transaction authorizations based at least on the validity of said CVV values according to said cryptographic process, and including at least a payment authorization, personalization, or card manufacturing component that includes said cryptographic process for pre-computing all said CVV values external to the payment card and that can thereafter be visually presented on the user display of respective payment cards.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A payment card comprises an internal dynamic card verification value (CVV) generator and a user display for card-not-present transactions. Card-present transactions with merchant card readers are enabled by a dynamic magnetic array internally associated with the card'"'"'s magnetic stripe. The user display and a timer are triggered by the user when the user needs to see the card verification value and/or begin a new transaction. A new card verification value is provided for each new transaction according to a cryptographic process, but the timer limits how soon a next new card verification value can be generated.

676 Citations

14 Claims

1. A system for securing financial transactions with payment cards, comprising:
- a payment card for use at least in card-not-present financial transactions with a merchant, and that is not itself capable of cryptographic calculations;
  
  a precomputed set of dynamic variable card verification values (CVVs) disposed electronically in the payment card, and in which the CVVs are distinct and separate from a personal account number and not transmitted in card-present financial transactions;
  
  a user display for visually presenting any said CVV permanently stored in a table and individually selected on the payment card;
  
  a user trigger for starting an electronic selection of a next CVV in a table loaded previously by a cryptographic process and calculated outside the payment card, and for causing a new value of said CVVs to be visually presented on the user display;
  
  a timer connected to the user trigger and providing a limit on the frequency at which a new CVV can be generated or retrieved; and
  
  a payment infrastructure connected through said merchant and providing for financial transaction authorizations based at least on the validity of said CVV values according to said cryptographic process, and including at least a payment authorization, personalization, or card manufacturing component that includes said cryptographic process for pre-computing all said CVV values external to the payment card and that can thereafter be visually presented on the user display of respective payment cards.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, further comprising:
    - personalization data associating a account number (PAN) with a particular payment card and its authorized user, wherein are included data fields for a system number, a bank/product number, a user account number, and a check digit.
  - 3. The system of claim 1, further comprising:
    - personalization data associating a four-digit expiration date (MMYY) with said CVVs.
  - 4. The system of claim 1, further comprising:
    - a magnetic stripe encoding on said payment card with said CVVs for periodic reading by a magnetic card reader during a card-present financial transaction with a merchant.
  - 5. The system of claim 1, further comprising:
    - a table of cryptographic values uniquely associated with said CVVs and electronically disposed within particular payment cards during their personalization.
  - 6. The system of claim 1, further comprising:
    - a detector for automatically sensing a financial transaction is being commenced with the payment card.
  - 7. The system of claim 1, further comprising:
    - a timer disposed in the payment card, and triggerable by a user input, and providing for a separation of a current financial transaction from a next, new financial transaction;
      
      wherein, a current CVV is presented on the user display only during a current financial transaction;
      
      wherein, a new, next CVV is presented on the user display only during a next, new financial transaction; and
      
      wherein, a limit is imposed on how frequently a new, next CVV can be electronically generated and presented on the user display.
  - 8. The system of claim 1, further comprising:
    - a device for selecting a cryptographic value from a table of cryptographic values for inclusion as said CVVs when a next, new financial transaction is sensed.
  - 9. The system of claim 8, further comprising:
    - a device for repeating the use of any CVV from said table of cryptographic values in another financial transaction after being used once.

10. A method for securing payment card financial transactions with electronic devices inside a payment card and a financial transaction network, comprising:
- electronically associating a card verification value (CVV) printed on a particular payment card with the identity of an authorized user;
  
  a personal account number (PAN) electronically embedded in each said payment card, wherein are included data fields for a system number, a bank/product number, a user account number, and a check digit;
  
  electronically associating a four-digit expiration date (MMYY) with said CVV;
  
  electronically encoding a magnetic stripe on said payment card with said CVV for periodic reading by a magnetic card reader during a card-present financial transaction with a merchant;
  
  electronically storing a table of cryptographic values associated with said CVV on each user'"'"'s payment card during personalization;
  
  electronically sensing a financial transaction being commenced with the payment card;
  
  electronically separating a current financial transaction from a next, new financial transaction with a timer disposed in the payment card, and triggered by a user input;
  
  electronically presenting a current variable card verification CVV on the user display only during a current financial transaction;
  
  electronically presenting a new, next variable card verification CVV on the user display only during a next, new financial transaction;
  
  electronically imposing a limit on how frequently a new, next variable card verification CVV can be electronically generated and presented on the user display;
  
  electronically selecting a cryptographic value from a table of cryptographic values for inclusion as a dynamic portion of said CVV when a next, new financial transaction is sensed;
  
  electronically repeating the use of any cryptographic value from said table of cryptographic values in another financial transaction after being used once; and
  
  electronically authorizing said next financial transaction only if said CVV includes a correct cryptographic value in said user account number field.
- View Dependent Claims (11)
- - 11. The method of claim 10, further comprising:
    - electronically limiting the range of said four-digit expiration date to a range of forty-eight months and evenly allocating expiration months in the range to a population of users, such that said CVV and said MMYY combine to provide a greater number of unique identifiers for such users.

12. A secure financial transaction network for payment cards, comprising:
- an electronic device for associating a card verification value (CVV) with a particular payment card and user;
  
  an electronic device for encoding said payment card with said CVV for reading during a financial transaction;
  
  an electronic device for storing a table of cryptographic values associated with said CVV on each user'"'"'s payment card during personalization;
  
  an electronic device for sensing a next financial transaction being commenced with said payment card;
  
  an electronic device for selecting a cryptographic data value from said table of cryptographic values for electronic inclusion in data representing said user account number with said CVV when a next financial transaction is sensed;
  
  an electronic device for not repeating the use of any cryptographic value from said table of cryptographic values in another financial transaction after being used once; and
  
  an electronic device for authorizing by said issuing bank said next financial transaction only if said CVV includes a correct cryptographic value.
- View Dependent Claims (13)
- - 13. The network of claim 12, further comprising:
    - an electronic device for limiting data representing the range of a four-digit expiration date (MMYY) to a range of forty-eight months and for evenly allocating expiration months in the range to a population of users, such that said CVV and said MMYY combine to provide a greater number of unique identifiers for such users.

14. A secure payment card, comprising:
- a particular payment card produced by a financial transaction network for use in financial transactions with merchants connected to said financial transaction network;
  
  a card verification value (CVV) electronically associated by said financial transaction network with the particular payment card and a user, wherein are included data fields for a system number, a bank/product number, a user account number, and a check digit;
  
  a magnetic stripe disposed on the particular payment card, and providing for periodic reading by a magnetic card reader during a financial transaction with any of said merchants;
  
  an electronic user display disposed on the particular payment card;
  
  an electronic table of cryptographic values electronically associated with the CVV on the particular payment card during a personalization of it by said financial transaction network, wherein cryptography was used to generate a set of CVV values for each payment card such that said table values are such that a next valid value cannot be predicted from a valid value already used in a financial transaction;
  
  a swipe detector for sensing a card reader contact during a next, new financial transaction being commenced with the particular payment card; and
  
  a cryptographic value electronically selectable from the table of cryptographic values by a device within said payment card for inclusion as a dynamic portion of an electronic representation of said user account number with said CVV when a next financial transaction is sensed;
  
  wherein, the table of cryptographic values is sufficiently large as to be able to contain a set of said cryptographic values in which each can not be selected again for another financial transaction after its being used once; and
  
  wherein, a next, new financial transaction can proceed only if the CVV includes a verifiable cryptographic value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fitbit, Inc. (Alphabet Inc.)
Original Assignee
Qsecure Inc.
Inventors
Brown, Kerry D., Pariseau, David Kevin
Primary Examiner(s)
Elisca; Pierre E

Application Number

US11/618,818
Publication Number

US 20070136211A1
Time in Patent Office

976 Days
Field of Search

705/75, 705/50, 705/51, 235/380
US Class Current

705/75
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3415   Cards acting autonomously a...

G06Q 20/385   using an alias or single-us...

G06Q 20/4018   using the card verification...

G07F 7/08   by coded identity card or c...

G07F 7/1008   Active credit-cards provide...

G07F 7/1083   Counting of PIN attempts

G07F 7/12   Card verification

Financial transactions with dynamic card verification values

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

676 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Financial transactions with dynamic card verification values

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

676 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links