Verification of portable consumer devices

US 7,891,560 B2
Filed: 02/24/2010
Issued: 02/22/2011
Est. Priority Date: 05/15/2009
Status: Active Grant

First Claim

Patent Images

1. A verification token that obtains a device verification value for a transaction conducted using a portable consumer device, the verification token comprising:

a peripheral interface adapted to couple to a peripheral interface of a computer;

a reader adapted to read identification information from portable consumer devices;

a computer-readable medium;

a data processor electrically coupled to the peripheral interface of the verification token, the reader, and the computer-readable medium;

code embodied on the computer-readable medium that directs the data processor to receive identification information read from a portable consumer device by the reader for the transaction, the identification information including an account number and a first device verification value provided by the portable consumer device;

code embodied on the computer-readable medium that directs the data processor to communicate with a computer by way of the peripheral interface of the verification token and to access to a networking facility of the computer;

code embodied on the computer-readable medium that directs the data processor to establish, using the networking facility of the computer, communications with an entity that can provide a second device verification value;

code embodied on the computer-readable medium that directs the data processor to transmit at least the account number and the first device verification value of the received identification information to the entity by way of the networking facility of the computer; and

code embodied on the computer-readable medium that directs the data processor to receive, after transmitting said identification information, the second device verification value for the transaction from the entity by way of the networking facility of the computer, wherein the second device verification value is configured to be enterable in a card-verification value field of a merchant web page.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is coupled to a computer by a USB connection so as to use the computer'"'"'s networking facilities. The verification token reads identification information from a user'"'"'s portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer'"'"'s networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer'"'"'s display, or may display the value to the user using the computer'"'"'s display.

Citations

20 Claims

1. A verification token that obtains a device verification value for a transaction conducted using a portable consumer device, the verification token comprising:
- a peripheral interface adapted to couple to a peripheral interface of a computer;
  
  a reader adapted to read identification information from portable consumer devices;
  
  a computer-readable medium;
  
  a data processor electrically coupled to the peripheral interface of the verification token, the reader, and the computer-readable medium;
  
  code embodied on the computer-readable medium that directs the data processor to receive identification information read from a portable consumer device by the reader for the transaction, the identification information including an account number and a first device verification value provided by the portable consumer device;
  
  code embodied on the computer-readable medium that directs the data processor to communicate with a computer by way of the peripheral interface of the verification token and to access to a networking facility of the computer;
  
  code embodied on the computer-readable medium that directs the data processor to establish, using the networking facility of the computer, communications with an entity that can provide a second device verification value;
  
  code embodied on the computer-readable medium that directs the data processor to transmit at least the account number and the first device verification value of the received identification information to the entity by way of the networking facility of the computer; and
  
  code embodied on the computer-readable medium that directs the data processor to receive, after transmitting said identification information, the second device verification value for the transaction from the entity by way of the networking facility of the computer, wherein the second device verification value is configured to be enterable in a card-verification value field of a merchant web page.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The verification token of claim 1, wherein the peripheral interface of the verification token comprises a universal serial bus connector.
  - 3. The verification token of claim 1, wherein the identification information is encrypted and wherein the first device verification value varies each time the portable consumer device is read for its identification information.
  - 4. The verification token of claim 1, wherein the code that directs the data processor to communicate with a computer comprises code that directs the data processor to send a device driver to the computer and an instruction to install the device driver in the computer'"'"'s operating system, wherein the device driver enables the computer to recognize the verification token and communicate with the verification token;
    - wherein the code that directs the data processor to access to a networking facility of the computer comprises a function call to a network services module of the computer'"'"'s operating system, andwherein the code that directs the data processor to establish communications with the entity using the networking facility of the computer comprises one or more function calls to an application program interface of the network services module of the computer, the one or more function calls providing a universal resource identifier of an entity and an instruction to establish a communications session with the entity, the universal resource identifier being stored in the computer-readable medium or read from the portable consumer device.
  - 5. The verification token of claim 1 further comprising a serial number and an encryption key, and wherein the verification token transmits the serial number and a message encrypted by the encryption key to the entity, the serial number and the encryption key being uniquely assigned to the verification token.
  - 6. The verification token of claim 1, further comprising:
    - code embodied on the computer-readable medium that directs the data processor to locate a browser web page on the computer that has a form field for a device verification value, and to enter the device verification value received from the entity in the form field.
  - 7. The verification token of claim 1, further comprising:
    - code embodied on the computer-readable medium that directs the data processor to display the device verification value received from the entity to the user on a display of the computer.
  - 8. The verification token of claim 1, wherein the code that directs the data processor to receive the device verification value from the entity further directs the data processor to receive a dynamic account number from the entity.
  - 9. The verification token of claim 8, further comprising:
    - code embodied on the computer-readable medium that directs the data processor to locate a browser web page on the computer that has a first form field for an account number and a second form field for a device verification value, and to fill the first field with the dynamic account number and the second field with the device verification value received from the entity.
  - 10. The verification token of claim 8, further comprising:
    - code embodied on the computer-readable medium that directs the data processor, to display the dynamic account number and the device verification value received from the entity to the user on a display device of the computer.
  - 11. The verification token of claim 1, further comprising:
    - code embodied on the computer-readable medium that directs the data processor to prompt a user to enter a password on a keyboard of the computer, to read a password entered by the user, and to compare the entered password against a stored password embodied on the computer-readable medium; and
      
      code embodied on the computer-readable medium that directs the data processor to prevent identification information from at least being read or sent when the read password is not the same as the stored password.

12. A method of obtaining a device verification value for a transaction conducted using a portable consumer device, the method comprising:
- establishing a communications link between a verification token and a computer, the computer having a networking facility;
  
  establishing, using the networking facility of the computer, a communications session between the verification token and an entity that can provide a device verification value;
  
  reading identification information from a portable consumer device into the verification token for the transaction, the read information including an account number and a first device verification value;
  
  transmitting, the read identification information from the verification token to the entity through the communications session, the read identification information being transmitted to the entity in an encrypted form; and
  
  after transmitting the read identification information, receiving, at the verification token, a second device verification value for the transaction from the entity by way of the communications session, wherein the second device verification value is configured to be enterable in a card-verification value field of a merchant web page.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, further comprising encrypting, in the verification token, at least a portion of the identification information read from the portable consumer device using an encryption key stored in the verification token.
  - 14. The method of claim 12 further comprising:
    - prompting a user to enter a password into the computer;
      
      reading a password entered by the user;
      
      comparing the entered password against a password stored in the verification token; and
      
      preventing identification information from at least being read or sent when the read password is not the same as the stored password.
  - 15. The method of claim 12 further comprising:
    - transmitting from the verification token to the entity through the communications session a serial number stored in the verification token and a message encrypted by an encryption key stored in the verification token, the serial number and the encryption key being uniquely assigned to the verification token.
  - 16. The method of claim 12 further comprising at least one of the actions of:
    - displaying the device verification value received from the entity to the user on a display of the computer; and
      
      locating a browser web page on the computer that has a form field for a device verification value, and entering the device verification value received from the entity in the form field.
  - 17. The method of claim 12, further comprising, after transmitting the identification information:
    - receiving, at the verification token, a dynamic account number from the entity by way of the communications session.
  - 18. The method of claim 17, further comprising:
    - locating a browser web page on the computer that has a first form field for an account number and a second form field for a device verification value; and
      
      filling the first field with the dynamic account number and the second field with the device verification value received from the entity.

19. A method of conducting a transaction, the method comprising:
- coupling a verification token to a computer using a peripheral interface of the computer, the computer having a networking facility, the verification token comprising a peripheral interface adapted to couple to the peripheral interface of the computer, a reader adapted to read identification information from portable consumer devices, a computer-readable medium, and a data processor, the verification token being configured to read, identification information that includes an account number and a first device verification value of a portable consumer device using the reader and to obtain a second device verification value therefor from a first entity using the networking facility of the computer;
  
  presenting a portable consumer device to the reader of the verification token to provide the token with an account number and the first device verification value for the transaction and to obtain the second device verification value for the portable consumer device, wherein the second device verification value is configured to be enterable in a card-verification value field of a merchant web page; and
  
  providing the obtained second device verification value to a second entity as part of conducting the transaction.
- View Dependent Claims (20)
- - 20. The method of claim 19 further comprising:
    - presenting a password to the verification token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Hammad, Ayman
Primary Examiner(s)
Hess; Daniel A

Application Number

US12/712,148
Publication Number

US 20100293381A1
Time in Patent Office

363 Days
Field of Search

235/375, 235/379, 235/380, 235/382
US Class Current

235/382
CPC Class Codes

G06F 21/31   User authentication

G06F 21/35   communicating wirelessly

G06Q 20/12   specially adapted for elect...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/3255   using mobile network messag...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/425   using two different network...

Verification of portable consumer devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Verification of portable consumer devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links