Methods and apparatus for a secure proximity integrated circuit card transactions

US 7,587,756 B2
Filed: 07/23/2004
Issued: 09/08/2009
Est. Priority Date: 07/09/2002
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for securing a transaction utilizing a proximity integrated circuit (PIC) transaction device and a merchant system comprising:

determining a first merchant action analysis result, at the merchant system, based at least in part on one of an authentication of the PIC transaction device using Offline Data Authentication (ODA), a transaction process restriction, and a merchant risk management factor, the first merchant action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction;

requesting, by the merchant system, an application cryptogram from the PIC transaction device, the application cryptogram being one of a cryptogram for approving the transaction offline, a cryptogram for approving the transaction online, and a cryptogram for denying the transaction based on the first merchant action analysis result;

determining a first card action analysis result, at the PIC transaction device, the first card action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction;

transmitting, by the PIC transaction device, the first card action analysis result to the merchant system, wherein the first card action analysis result includes the requested application cryptogram;

requesting, by the merchant system, based on at least one of the first merchant action analysis result and the first card action analysis result, an authorization response from a PIC issuer system; and

if the merchant system receives the authorization response from the PIC issuer system, determining, at the merchant system, based at least in part on a predetermined rule and at least one of the first merchant action analysis result and the first card action analysis result, whether to approve the transaction offline or deny the transaction offline.

View all claims

3 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Methods and apparatus for a smartcard system are provided which securely and conveniently provides for secure transaction completion in a contact or contactless environment. The invention utilizes selection of processing applications based on the account issuer parameters and risk factors (stored on a smartcard) and merchant system parameters and risk factors (stored on a merchant system database). The invention permits a merchant system and smartcard to exchange information useful for determining if particular transactions should be completed online or offline.

772 Citations

13 Claims

1. A method for securing a transaction utilizing a proximity integrated circuit (PIC) transaction device and a merchant system comprising:
- determining a first merchant action analysis result, at the merchant system, based at least in part on one of an authentication of the PIC transaction device using Offline Data Authentication (ODA), a transaction process restriction, and a merchant risk management factor, the first merchant action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction;
  
  requesting, by the merchant system, an application cryptogram from the PIC transaction device, the application cryptogram being one of a cryptogram for approving the transaction offline, a cryptogram for approving the transaction online, and a cryptogram for denying the transaction based on the first merchant action analysis result;
  
  determining a first card action analysis result, at the PIC transaction device, the first card action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction;
  
  transmitting, by the PIC transaction device, the first card action analysis result to the merchant system, wherein the first card action analysis result includes the requested application cryptogram;
  
  requesting, by the merchant system, based on at least one of the first merchant action analysis result and the first card action analysis result, an authorization response from a PIC issuer system; and
  
  if the merchant system receives the authorization response from the PIC issuer system, determining, at the merchant system, based at least in part on a predetermined rule and at least one of the first merchant action analysis result and the first card action analysis result, whether to approve the transaction offline or deny the transaction offline.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method of claim 1, wherein the authentication includes authenticating, offline, a portion of application data stored in the PIC.
  - 3. A method of claim 1, comprising authorizing the transaction online.
  - 4. A method of claim 1, comprising authorizing the transaction offline.
  - 5. A method of claim 4, comprising authenticating the PIC issuer system online.
  - 6. A method of claim 5, comprising authorizing the transaction by requesting application data from the PIC transaction device.
  - 7. A method of claim 5, comprising receiving a response to a request for PIC issuer system authentication online, using the response to the request for authorization of the PIC issuer system as an input to a second merchant action analysis result.

8. A system for securing a transaction comprising:
- a proximity integrated circuit (PIC) transaction device, the PIC transaction device being operable to;
  
  determine a first card action analysis result, the first card action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction; and
  
  transmit the first card action analysis result to a merchant system, wherein the first card action analysis result includes a requested application cryptogram; and
  
  the merchant system in communication with the PIC transaction device, the merchant system being operable to;
  
  determine a first merchant action analysis result based at least in part on one of an authentication of the PIC transaction device using Offline Data Authentication (ODA), a transaction process restriction, and a merchant risk management factor, the first merchant action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction;
  
  request the application cryptogram from the PIC transaction device, the application cryptogram being one of a cryptogram for approving the transaction offline, a cryptogram for approving the transaction online, and a cryptogram for denying the transaction based on the first merchant action analysis result;
  
  request, based on at least one of the first merchant action analysis result and the first card action analysis result, an authorization response from a PIC issuer system; and
  
  determine if the merchant system receives the authorization response from the PIC issuer system, whether to approve the transaction offline or deny the transaction offline based at least in part on a predetermined rule and at least one of the first merchant action analysis result and the first card action analysis result.
- View Dependent Claims (9, 10, 11, 12)
- - 9. A system of claim 8, wherein the PIC transaction device is operable to provide a plurality of application cryptograms, a plurality of PIC issuer-predetermined transaction processing rulesa PIC issuer-defined dataset for use in performing a PIC issuer-defined risk management analysis, and a plurality of transaction disposition cryptograms in response to a command dataset for use in communicating with the PIC transaction device.
  - 10. A system of claim 8, wherein the merchant system is operable to generate a merchant transaction disposition in accordance with a merchant risk management analysis performed by a merchant risk management application.
  - 11. A system of claim 10, wherein the merchant system is operable to authenticate the PIC transaction device in response to receipt of at least one of the requested application cryptogram, a PIC issuer-predetermined transaction processing rule, a PIC issuer-defined dataset for use in performing a PIC issuer-defined risk management analysis, a transaction disposition cryptogram, and a merchant risk management analysis.
  - 12. A system of claim 11, wherein the merchant system is operable to authorize the transaction in response to receipt of at least one of the requested application cryptogram, a PIC issuer-predetermined transaction processing rule, a PIC issuer-defined dataset for use in performing a PIC issuer-defined risk management analysis, a PIC issuer-provided authentication cryptogram, a transaction disposition cryptogram, and a merchant risk management analysis.

13. A computer-readable storage medium having stored thereon sequences of instructions, the sequences of instructions including instructions which when executed by a computer system cause the computer system to perform:
- determining a first merchant action analysis result, at a merchant system, based at least in part on one of an authentication of a proximity integrated circuit (PIC) transaction device using Offline Data Authentication (ODA), a transaction process restriction, and a merchant risk management factor, the first merchant action analysis result indicating at least one of approving a transaction offline, approving the transaction online, and denying the transaction;
  
  requesting, by the merchant system, an application cryptogram from the PIC transaction device, the application cryptogram being one of a cryptogram for approving the transaction offline, a cryptogram for approving the transaction online, and a cryptogram for denying the transaction based on the first merchant action analysis result;
  
  determining a first card action analysis result, at the PIC transaction device, the first card action analysis result indicating at least one of approving the transaction offline, approving the transaction online, and denying the transaction;
  
  transmitting, by the PIC transaction device, the first card action analysis result to the merchant system, wherein the first card action analysis result includes the requested application cryptogram;
  
  requesting, by the merchant system, based on at least one of the first merchant action analysis result and the first card action analysis result, an authorization response from a PIC issuer system; and
  
  if the merchant system receives a the authorization response from the PIC issuer system, determining, at the merchant system, based at least in part on a predetermined rule and at least one of the first merchant action analysis result and the first card action analysis result, whether to approve the transaction offline or deny the transaction off line.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Saunders, Peter D., Peart, Lee J.
Primary Examiner(s)
Chai, Longbit

Application Number

US10/710,611
Publication Number

US 20050033688A1
Time in Patent Office

1,873 Days
Field of Search

726/9
US Class Current

726/9
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/10   specially adapted for elect...

G06Q 20/14   specially adapted for billi...

G06Q 20/18   involving self-service term...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/327   Short range or proximity pa...

G06Q 20/352   Contactless payments by cards

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4016   involving fraud or risk lev...

G07F 7/127   in which both online and of...

Methods and apparatus for a secure proximity integrated circuit card transactions

First Claim

3 Assignments

Litigations

0 Petitions

Accused Products

Abstract

772 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Methods and apparatus for a secure proximity integrated circuit card transactions

First Claim

3 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

772 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others