Methods and apparatus for a secure proximity integrated circuit card transactions
DCFirst Claim
Patent Images
1. A method for securing a transaction utilizing a proximity integrated circuit (PIC) transaction device and a merchant system comprising:
- determining a first merchant action analysis result, at the merchant system, based at least in part on one of an authentication of the PIC transaction device using Offline Data Authentication (ODA), a transaction process restriction, and a merchant risk management factor, the first merchant action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction;
requesting, by the merchant system, an application cryptogram from the PIC transaction device, the application cryptogram being one of a cryptogram for approving the transaction offline, a cryptogram for approving the transaction online, and a cryptogram for denying the transaction based on the first merchant action analysis result;
determining a first card action analysis result, at the PIC transaction device, the first card action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction;
transmitting, by the PIC transaction device, the first card action analysis result to the merchant system, wherein the first card action analysis result includes the requested application cryptogram;
requesting, by the merchant system, based on at least one of the first merchant action analysis result and the first card action analysis result, an authorization response from a PIC issuer system; and
if the merchant system receives the authorization response from the PIC issuer system, determining, at the merchant system, based at least in part on a predetermined rule and at least one of the first merchant action analysis result and the first card action analysis result, whether to approve the transaction offline or deny the transaction offline.
3 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Methods and apparatus for a smartcard system are provided which securely and conveniently provides for secure transaction completion in a contact or contactless environment. The invention utilizes selection of processing applications based on the account issuer parameters and risk factors (stored on a smartcard) and merchant system parameters and risk factors (stored on a merchant system database). The invention permits a merchant system and smartcard to exchange information useful for determining if particular transactions should be completed online or offline.
772 Citations
13 Claims
-
1. A method for securing a transaction utilizing a proximity integrated circuit (PIC) transaction device and a merchant system comprising:
-
determining a first merchant action analysis result, at the merchant system, based at least in part on one of an authentication of the PIC transaction device using Offline Data Authentication (ODA), a transaction process restriction, and a merchant risk management factor, the first merchant action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction; requesting, by the merchant system, an application cryptogram from the PIC transaction device, the application cryptogram being one of a cryptogram for approving the transaction offline, a cryptogram for approving the transaction online, and a cryptogram for denying the transaction based on the first merchant action analysis result; determining a first card action analysis result, at the PIC transaction device, the first card action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction; transmitting, by the PIC transaction device, the first card action analysis result to the merchant system, wherein the first card action analysis result includes the requested application cryptogram; requesting, by the merchant system, based on at least one of the first merchant action analysis result and the first card action analysis result, an authorization response from a PIC issuer system; and if the merchant system receives the authorization response from the PIC issuer system, determining, at the merchant system, based at least in part on a predetermined rule and at least one of the first merchant action analysis result and the first card action analysis result, whether to approve the transaction offline or deny the transaction offline. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for securing a transaction comprising:
-
a proximity integrated circuit (PIC) transaction device, the PIC transaction device being operable to; determine a first card action analysis result, the first card action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction; and transmit the first card action analysis result to a merchant system, wherein the first card action analysis result includes a requested application cryptogram; and the merchant system in communication with the PIC transaction device, the merchant system being operable to; determine a first merchant action analysis result based at least in part on one of an authentication of the PIC transaction device using Offline Data Authentication (ODA), a transaction process restriction, and a merchant risk management factor, the first merchant action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction; request the application cryptogram from the PIC transaction device, the application cryptogram being one of a cryptogram for approving the transaction offline, a cryptogram for approving the transaction online, and a cryptogram for denying the transaction based on the first merchant action analysis result; request, based on at least one of the first merchant action analysis result and the first card action analysis result, an authorization response from a PIC issuer system; and determine if the merchant system receives the authorization response from the PIC issuer system, whether to approve the transaction offline or deny the transaction offline based at least in part on a predetermined rule and at least one of the first merchant action analysis result and the first card action analysis result. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer-readable storage medium having stored thereon sequences of instructions, the sequences of instructions including instructions which when executed by a computer system cause the computer system to perform:
-
determining a first merchant action analysis result, at a merchant system, based at least in part on one of an authentication of a proximity integrated circuit (PIC) transaction device using Offline Data Authentication (ODA), a transaction process restriction, and a merchant risk management factor, the first merchant action analysis result indicating at least one of approving a transaction offline, approving the transaction online, and denying the transaction; requesting, by the merchant system, an application cryptogram from the PIC transaction device, the application cryptogram being one of a cryptogram for approving the transaction offline, a cryptogram for approving the transaction online, and a cryptogram for denying the transaction based on the first merchant action analysis result; determining a first card action analysis result, at the PIC transaction device, the first card action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction; transmitting, by the PIC transaction device, the first card action analysis result to the merchant system, wherein the first card action analysis result includes the requested application cryptogram; requesting, by the merchant system, based on at least one of the first merchant action analysis result and the first card action analysis result, an authorization response from a PIC issuer system; and if the merchant system receives a the authorization response from the PIC issuer system, determining, at the merchant system, based at least in part on a predetermined rule and at least one of the first merchant action analysis result and the first card action analysis result, whether to approve the transaction offline or deny the transaction off line.
-
Specification