Systems and methods for conducting secure payment transactions using a formatted data structure
First Claim
1. A system for authenticating a cardholder transaction with a merchant on an electronic network, the system comprising:
- an issuer platform layer including at least one 3-D Secure authentication program;
a merchant plug-in (MPI);
an secure payment algorithm (SPA); and
and a data transport layer, wherein the issuer platform comprises an access control server (ACS) that uses the SPA to process transaction and cardholder information for authentication by an authentication method and to generate an Accountholder Authentication Value (AAV) and conveys the AAV through the data transport layer to the MPI, wherein the AAV is a formatted data structure compatible with 3-D Secure message protocols, wherein the formatted data structure has a length of at most 20-bytes including bytes that identify a hash of the merchant'"'"'s name, bytes that identify the ACS, bytes that identify the authentication method, bytes that identify secret cryptographic keys and bytes that include a merchant authentication code (MAC),wherein the SPA comprises an encryption algorithm for generating the MAC, wherein the encryption algorithm uses a pair of secret keys A and B that are identified in the AAV to encrypt a concatenation of the card holder'"'"'s account number, card expiration date and service code to generate a three-digit CVC2 field, and uses the result to populate two bytes of the MAC.
0 Assignments
0 Petitions
Accused Products
Abstract
A formatted data structure is provided for conveying the results of ecommerce authentication programs that are used to authenticate a cardholder'"'"'s on-line transactions. The data structure, which has at most a 20-byte length, is designed to be compatible with 3-D Secure message protocols used in e-commerce. The data structure includes designated fields that include a hash of the merchant'"'"'s name, identify an authentication service provider, identify the authentication method used, and include a merchant authentication code which ties cardholder information to the transaction. Secure payment algorithms are provided for use by the e-commerce authentication programs to generate authentication results in the desired format. In one secure payment algorithm, a secret key is used to encrypt a concatenation of a cardholder account number with information from designated fields of the data structure. In another secure payment algorithm, a pair of secret keys is used to encrypt a concatenation of the cardholder'"'"'s account number, card expiration date and service code. In both cases, portions of the encryption results are used to define the merchant authentication code.
-
Citations
19 Claims
-
1. A system for authenticating a cardholder transaction with a merchant on an electronic network, the system comprising:
-
an issuer platform layer including at least one 3-D Secure authentication program; a merchant plug-in (MPI); an secure payment algorithm (SPA); and and a data transport layer, wherein the issuer platform comprises an access control server (ACS) that uses the SPA to process transaction and cardholder information for authentication by an authentication method and to generate an Accountholder Authentication Value (AAV) and conveys the AAV through the data transport layer to the MPI, wherein the AAV is a formatted data structure compatible with 3-D Secure message protocols, wherein the formatted data structure has a length of at most 20-bytes including bytes that identify a hash of the merchant'"'"'s name, bytes that identify the ACS, bytes that identify the authentication method, bytes that identify secret cryptographic keys and bytes that include a merchant authentication code (MAC), wherein the SPA comprises an encryption algorithm for generating the MAC, wherein the encryption algorithm uses a pair of secret keys A and B that are identified in the AAV to encrypt a concatenation of the card holder'"'"'s account number, card expiration date and service code to generate a three-digit CVC2 field, and uses the result to populate two bytes of the MAC. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A data structure for conveying cardholder transaction authentication information amongst stakeholders in a 3-D Secure environment, the data structure comprising 20 bytes of Base 64 encoded characters, wherein the first byte is a control byte, bytes 2-9 represent a hash of a merchant name, byte 10 identifies an Access control server (ACS) that authenticates the cardholder transaction by an authentication method, byte 11 identifies the authentication method and the secret encryption keys that are used by the ACS to generate a Merchant Authentication Code (MAC), bytes 12-15 represent a transaction sequence number identifying a transaction number processed by the ACS, and bytes 16-20 represent the MAC,
wherein the MAC comprises portions of an encryption of a concatenation of the card holder'"'"'s account number, card expiration date and service code, and wherein a pair of keys A and B that are identified in byte 11 is used for encryption.
-
14. A method for authenticating a cardholder transaction with a merchant on an electronic network in an 3-D Secure environment, the method comprising:
-
using an Access control server (ACS) to process cardholder and transaction information to authenticate the cardholder by an authentication method; deploying a secure payment algorithm (SPA) to generate an Accountholder Authentication Value (AAV) to represent the authentication results, and transporting the AAV in 3-D Secure messages to the merchant, wherein the AAV is a formatted data structure that has a length of at most 20 bytes, including bytes that identify a hash of the merchant'"'"'s name, bytes that identify the ACS, bytes that identify the authentication method, bytes that include a merchant authentication code (MAC), and bytes that identify secret cryptographic keys that are used by the SPA to generate MAC, wherein deploying a SPA comprises; using a pair of pair secret keys A and B that are identified in the AAV to encrypt a concatenation of the card holder'"'"'s account number, card expiration date and service code to generate a three-digit CVC2 field; and assigning the result to populate two bytes of the MAC. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification