Anytime validation for verification tokens

US 8,528,067 B2
Filed: 01/12/2011
Issued: 09/03/2013
Est. Priority Date: 01/12/2010
Status: Active Grant

First Claim

Patent Images

1. A method for validating a verification token is from a trusted verification token manufacturer, the method comprising:

receiving, at a server computer having one or more microprocessors, a validation request from the verification token, the verification token including a memory storing a verification token specific key pair received from a verification token manufacturer of the verification token;

determining a verification token serial number based on the validation request using the server computer;

determining a registration status of the verification token serial number;

determining a component of the verification token specific key pair associated with the verification token serial number;

signing a challenge message with the component of the verification token specific key pair;

sending the signed challenge message to the verification token;

receiving, from the verification token, a response to the signed challenge message; and

validating the verification token manufacturer of the verification token is the trusted verification token manufacturer based on the response to the signed challenge message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and method for producing, validating, and registering authentic verification tokens are disclosed. Such systems and methods include generating verification token specific key pairs. The key pairs can be signed by a verification token manufacturer master key or public key certificate for an additional level of authenticity. Related methods and systems for authenticating and registering authorized verification token manufacturers are also disclosed. Once a verification token manufacturer is authenticated, it can be assigned a manufacturer-specific key pair or certificate and in some cases, a predetermined set of serial numbers to assign to the verification tokens it produces. Each serial number can be used to generate a verification token specific key pair specific to the associated verification token. One component of the verification token key pair can be stored to the verification token. Optionally, the component of the verification token key pair stored to the verification token can be signed by the manufacturer specific master key or certificate and stored a verification token public certificate.

84 Citations

View as Search Results

16 Claims

1. A method for validating a verification token is from a trusted verification token manufacturer, the method comprising:
- receiving, at a server computer having one or more microprocessors, a validation request from the verification token, the verification token including a memory storing a verification token specific key pair received from a verification token manufacturer of the verification token;
  
  determining a verification token serial number based on the validation request using the server computer;
  
  determining a registration status of the verification token serial number;
  
  determining a component of the verification token specific key pair associated with the verification token serial number;
  
  signing a challenge message with the component of the verification token specific key pair;
  
  sending the signed challenge message to the verification token;
  
  receiving, from the verification token, a response to the signed challenge message; and
  
  validating the verification token manufacturer of the verification token is the trusted verification token manufacturer based on the response to the signed challenge message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the challenge message is signed with a private component of the verification token specific key pair.
  - 3. The method of claim 2 further comprising:
    - determining a verification token manufacturer identifier based on the validation request and determining a first component of a manufacturer specific key pair based on the verification token manufacturer identifier using the server computer; and
      
      signing the challenge message with the first component of a manufacturer specific key pair.
  - 4. The method of claim 3 further comprising:
    - retrieving a second component of the manufacturer specific key and a verification token manufacturer master key from a database based on the verification token manufacturer identifier using the server computer; and
      
      performing a mutual authentication with the verification token using the server computer.
  - 5. The method of claim 4 wherein performing the mutual authentication comprises:
    - determining a verification token key based on the verification token serial number and the verification token manufacturer master key; and
      
      establishing a verification token key session based on the verification token key.
  - 6. The method of claim 5 wherein establishing a verification token key session further comprises:
    - generating a third component of the manufacturer specific key based on the verification token serial number and a master key associated with the server computer.
  - 7. The method of claim 1 wherein the serial number is generated by the verification token manufacturer.
  - 8. The method of claim 1 wherein the serial number is selected from a set of serial numbers assigned to the verification token manufacture.
  - 9. The method of claim 1 wherein the server computer is operated by one of an issuer, an acquirer, a merchant, or a payment processing network.
  - 10. The method of claim 1 further comprising activating the verification token to allow the verification token to communicate with a portable consumer device after validating the verification token is from the trusted verification token manufacturer.

11. A method for producing a verification token, the method comprising:
- sending a verification token manufacturer registration request to a validation server;
  
  receiving a manufacturer specific master key from the validation server in response to the validation server validating the verification token manufacturer as a trusted verification token manufacturer;
  
  generating a serial number for the verification token;
  
  generating a key pair including a public component and a private component;
  
  signing the public component of the key pair to generate a verification token public certificate with the manufacturer specific master key received from the validation server;
  
  storing the private component of the key pair and the verification token public certificate signed with the manufacturer specific master key to a memory in the verification token;
  
  associating the serial number with the key pair and the private component of the key pair.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11 further comprising storing the serial number to the memory in the verification token.
  - 13. The method of claim 11 further comprising storing a manufacturer identifier to the memory of the verification token.
  - 14. The method of claim 13 further comprising storing code executable on a processor to establish a connection with a verification server over a communication session using a communication facility of a computer to which the verification token is connected.
  - 15. The method of claim 11 further comprising sharing at least the private component of the key pair and the associated serial number with the server.
  - 16. The method of claim 11 wherein the verification token manufacturer is validated as a trusted verification token manufacturer based on a risk review of information about the verification token manufacturer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Hurry, Simon, Hammad, Ayman
Primary Examiner(s)
Hailu, Teshome

Application Number

US13/005,137
Publication Number

US 20110173684A1
Time in Patent Office

965 Days
Field of Search

726/9, 726/20, 713/159, 713/172
US Class Current

726/9
CPC Class Codes

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

G06F 2221/2129   Authenticate client device ...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/3829   involving key management

Anytime validation for verification tokens

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

84 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Anytime validation for verification tokens

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links