Dynamic card validation value

US 7,922,082 B2
Filed: 01/02/2009
Issued: 04/12/2011
Est. Priority Date: 01/04/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-readable medium comprising instructions that, when executed by a processor, cause an electronic computing system including a card processing server to:

automatically select a dynamic service code such that the dynamic service code is substantially unpredictable based on previously requested dynamically-generated card verification values (CVVs) for a transaction card;

automatically generate a dynamically-generated CVV for the transaction card, wherein the dynamically-generated CVV is based on a card number of the transaction card, an expiry date of the transaction card, and the dynamic service code, and wherein the instructions cause the card processing server to;

concatenate the card number of the transaction card, the expiry date of the transaction card, and the dynamic service code, thereby generating a first value;

pad the first value with zeroes such that the first value includes 128 bits, thereby generating a second value;

split the second value into a first 64-bit block and a second 64-bit block;

encrypt the first 64-bit block with a first encryption key, thereby generating a third value;

perform an “

exclusive or”

operation on the third value and the second 64-bit block, thereby generating a fourth value;

encrypt the fourth value with the first encryption key, thereby generating a fifth value;

decrypt the fifth value with a second encryption key, thereby generating a sixth value;

encrypt the sixth value with the first encryption key, thereby generating a seventh value;

extract all numeric digits in the seventh value, thereby generating an eighth value;

extract all alphabetical digits in the seventh value, thereby generating a ninth value;

convert the ninth value into numeric digits, thereby generating a tenth value;

concatenate the eighth value and the tenth value, thereby generating an eleventh value; and

select a leftmost three digits of the eleventh value as the dynamically-generated CVV;

automatically send, from the card processing server to a cardholder device, a first set of data, the first set of data indicating the dynamically-generated CVV;

in response to receiving a transaction request, automatically determine whether a provided CVV corresponds to the dynamically-generated CVV, the transaction request is a request for an economic transaction, the transaction request specifying the provided CVV and a card number of the transaction card; and

record a charge against an account of a cardholder of the transaction card when it is determined that the provided CVV corresponds to the dynamically-generated CVV.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

As described herein, a card services provider dynamically generates a card verification value (CVV) for a transaction card and sends the dynamically-generated CVV to a cardholder. The card services provider generates the dynamically-generated CVV such that the dynamically-generated CVV is substantially unpredictable based on other dynamically-generated CVVs for the transaction card. The dynamically-generated CVV is only valid for a limited period of time and/or for a limited number of economic transactions. The cardholder uses the dynamically-generated CVV as part of an economic transaction with a merchant. Because the dynamically-generated CVV is only valid for a limited number of economic transactions and/or for a limited period of time, it may be difficult for a thief to repeatedly use the transaction card to make economic transactions.

Citations

13 Claims

1. A computer-readable medium comprising instructions that, when executed by a processor, cause an electronic computing system including a card processing server to:
- automatically select a dynamic service code such that the dynamic service code is substantially unpredictable based on previously requested dynamically-generated card verification values (CVVs) for a transaction card;
  
  automatically generate a dynamically-generated CVV for the transaction card, wherein the dynamically-generated CVV is based on a card number of the transaction card, an expiry date of the transaction card, and the dynamic service code, and wherein the instructions cause the card processing server to;
  
  concatenate the card number of the transaction card, the expiry date of the transaction card, and the dynamic service code, thereby generating a first value;
  
  pad the first value with zeroes such that the first value includes 128 bits, thereby generating a second value;
  
  split the second value into a first 64-bit block and a second 64-bit block;
  
  encrypt the first 64-bit block with a first encryption key, thereby generating a third value;
  
  perform an “
  
  exclusive or”
  
  operation on the third value and the second 64-bit block, thereby generating a fourth value;
  
  encrypt the fourth value with the first encryption key, thereby generating a fifth value;
  
  decrypt the fifth value with a second encryption key, thereby generating a sixth value;
  
  encrypt the sixth value with the first encryption key, thereby generating a seventh value;
  
  extract all numeric digits in the seventh value, thereby generating an eighth value;
  
  extract all alphabetical digits in the seventh value, thereby generating a ninth value;
  
  convert the ninth value into numeric digits, thereby generating a tenth value;
  
  concatenate the eighth value and the tenth value, thereby generating an eleventh value; and
  
  select a leftmost three digits of the eleventh value as the dynamically-generated CVV;
  
  automatically send, from the card processing server to a cardholder device, a first set of data, the first set of data indicating the dynamically-generated CVV;
  
  in response to receiving a transaction request, automatically determine whether a provided CVV corresponds to the dynamically-generated CVV, the transaction request is a request for an economic transaction, the transaction request specifying the provided CVV and a card number of the transaction card; and
  
  record a charge against an account of a cardholder of the transaction card when it is determined that the provided CVV corresponds to the dynamically-generated CVV.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-readable medium of claim 1, wherein the instructions cause the card processing server to send the first set of data comprise instructions that cause the card processing server to automatically sending the first set of data without first receiving a request for the dynamically-generated CVV.
  - 3. The computer-readable medium of claim 2, wherein the instructions further cause the card processing server to:
    - automatically select additional service codes for the transaction card, wherein additional dynamically-generated CVVs for the transaction card are substantially unpredictable based on other dynamically-generated CVVs for the transaction card, each of the additional dynamically-generated CVVs being a sequence of characters based on the card number of the transaction card, the expiry date of the transaction card, and the additional service codes for the transaction card; and
      
      automatically send, on a periodic basis, additional sets of data from the card processing server to the cardholder device, each of the additional sets of data indicating one of the additional dynamically-generated CVVs.
  - 4. The computer-readable medium of claim 1,wherein the instructions further cause the card processing server to, in response to receiving the transaction request, determine whether a transaction limit has been exceeded, the transaction limit indicating how many economic transactions are permitted to specify the CVV specified in the transaction request;
    - andwherein the instructions that cause the card processing server to record the charge comprises instructions that cause the card processing server to record the charge against the account of the cardholder when it is determined that the provided CVV corresponds to the dynamically-generated CVV and the transaction limit has not been exceeded.
  - 5. The computer-readable medium of claim 1, wherein the instructions that cause the card processing server to select the dynamic service code comprise instructions that cause the card processing server to use a pseudo-random process to select the dynamic service code.
  - 6. The computer-readable medium of claim 1, further comprising instructions that cause the card processing server to:
    - when it is determined that the provided CVV does not correspond to the dynamically-generated CVV, automatically send a transaction rejection message from the card processing server to a merchant who sent the transaction request; and
      
      when it is determined that the provided CVV corresponds to the dynamically-generated CVV, automatically send a transaction acceptance message from the card processing server to the merchant.
  - 7. The computer-readable medium of claim 1, further comprising instructions that cause the card processing server to:
    - determine whether the CVV specified in the transaction request corresponds to a statically-generated CVV for the transaction card; and
      
      record the charge against the account of the cardholder of the transaction card when it is determined that the CVV specified in the transaction request corresponds to the statically-generated CVV for the transaction card.
  - 8. The computer-readable medium of claim 1,wherein the computer-readable medium further comprises instructions that enable the card processing server to receive, at the card processing server, a CVV request from the cardholder device, the CVV request indicating that the cardholder device is requesting a dynamically generated CVV for the transaction card;
    - andwherein the instructions that cause the card processing server to send the first set of data comprise instructions that cause the card processing server to send the first set of data in response to the CVV request.
  - 9. The computer-readable medium of claim 1, wherein the instructions that cause the card processing server to send the first set of data comprise instructions that cause the card processing server to automatically send a text message from the card processing server to the cardholder device, the text message containing the first set of data.
  - 10. The computer-readable medium of claim 1, wherein the instructions that cause the card processing server to send the first set of data comprise instructions that cause the card processing server to automatically output signals that represent a vocalization of the dynamically-generated CVV.
  - 11. The computer-readable medium of claim 1,wherein the computer-readable medium further comprises instructions that cause the card processing server to automatically determine, in response to receiving the transaction request, whether a time period associated with the dynamically-generated CVV has expired;
    - andwherein the instructions that cause the card processing server to record the charge comprises instructions that cause the card processing server to automatically record the charge against the account of the cardholder only when it is further determined that the time period associated with the dynamically-generated CVV has not expired.
  - 12. The computer-readable medium of claim 1, wherein the computer-readable medium further comprises instructions that cause the card processing server to:
    - in response to receiving the transaction request, automatically determine whether the economic transaction is occurring in a situation in which a dynamically-generated CVV is required to successfully complete economic transactions using the transaction card;
      
      determine whether the provided CVV is a dynamically-generated CVV; and
      
      reject the economic transaction when it is determined that the economic transaction is occurring in a situation in which a dynamically-generated CVV is required to successfully complete the economic transaction using the transaction card and when it is determined that the provided CVV is not a dynamically-generated CVV.
  - 13. The computer-readable medium of claim 12,wherein the computer-readable medium further comprises instructions that enable the card processing server to receive user preference input that indicates the situation;
    - andwherein the instructions that enable the card processing server to receive the user preference input comprises instructions that enable the card processing server to receive user preference input that specifies one or more of types of user preference input selected from a group consisting of;
      
      a currency amount for an economic transaction above which a dynamically-generated CVV for the transaction card is required to successfully complete an economic transaction using the transaction card,a currency amount for a time period above which a dynamically-generated CVV for the transaction card is required to successfully complete an economic transaction using the transaction card,a type of merchant for which a dynamically-generated CVV for the transaction card is required to successfully complete an economic transaction using the transaction card with a merchant belonging to the type of merchant,a geographic location for which a dynamically-generated CVV for the transaction card is required to successfully complete an economic transaction using the transaction card with a merchant in the geographic location, anda number of economic transactions for which a dynamically-generated CVV for the transaction card is required to successfully complete an economic transaction using the transaction card when the transaction card is used more than the number of economic transactions during a given time period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
M2 International Limited
Original Assignee
M2 International Limited
Inventors
Muscato, Michael A.
Primary Examiner(s)
Lee; Michael G
Assistant Examiner(s)
CHEDEKEL, TABITHA F

Application Number

US12/348,134
Publication Number

US 20090173782A1
Time in Patent Office

830 Days
Field of Search

235/379, 235/380, 235/492, 235/487, 705/41, 705/50
US Class Current

235/380
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/382   insuring higher security of...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4018   using the card verification...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

Dynamic card validation value

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic card validation value

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links