In-card access control and monotonic counters for offline payment processing system
First Claim
1. A computer-implemented method for verifying withdrawal transaction histories for smart card devices, comprising:
- detecting a smart card device by a mobile communication device;
establishing, by the mobile communication device, a communication channel with the smart card device in response to detecting the smart card device;
receiving, by the mobile communication device, a transaction history from the smart card device, the transaction history comprising a listing of an amount of at least one previous withdrawal record associated with the smart card device;
calculating, by the mobile communication device, a record sum of withdrawals based on the listing of the amount of the at least one previous withdrawal record, the record sum of withdrawals equaling a total sum amount of withdrawal amounts in previous withdrawal records;
reading, by the mobile communication device, a counter from the smart card device, the counter comprising a value corresponding to a sum of previous withdrawal amounts made using the smart card device;
determining, by the mobile communication device, that the value in the counter matches the calculated record sum of withdrawals;
authorizing, by the mobile communication device, an offline debit transaction with the smart card device in response to a determination that the value in the counter information matches the record sum of withdrawals.
2 Assignments
0 Petitions
Accused Products
Abstract
Preventing fraud during an offline transaction by encoding a randomly-generated card verification code onto a smart card. The verification code is transmitted to a contactless device during each transaction, wherein it is cross-referenced with the account number to ensure presence of the card. Also, every transaction record is signed by an access key resident on the contactless device and certified by a signing key resident on a remote system. Funds may be deposited onto the card when the contactless device creates a deposit request, signs the request using an access key and transmits it to the remote system, which in turn processes the request and certifies it with a signing key. Funds may be withdrawn when the contactless device creates a withdrawal record and signs it using an access key. The remote system verifies the signatures and certifies the records using a signing key when the records are later transmitted.
-
Citations
23 Claims
-
1. A computer-implemented method for verifying withdrawal transaction histories for smart card devices, comprising:
-
detecting a smart card device by a mobile communication device; establishing, by the mobile communication device, a communication channel with the smart card device in response to detecting the smart card device; receiving, by the mobile communication device, a transaction history from the smart card device, the transaction history comprising a listing of an amount of at least one previous withdrawal record associated with the smart card device; calculating, by the mobile communication device, a record sum of withdrawals based on the listing of the amount of the at least one previous withdrawal record, the record sum of withdrawals equaling a total sum amount of withdrawal amounts in previous withdrawal records; reading, by the mobile communication device, a counter from the smart card device, the counter comprising a value corresponding to a sum of previous withdrawal amounts made using the smart card device; determining, by the mobile communication device, that the value in the counter matches the calculated record sum of withdrawals; authorizing, by the mobile communication device, an offline debit transaction with the smart card device in response to a determination that the value in the counter information matches the record sum of withdrawals. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer program product, comprising:
a non-transitory computer-readable medium having computer-readable program instructions embodied therein that when executed by a computer causes the computer to perform the steps of; receiving a transaction history from a smart card device, the transaction history comprising a listing of an amount of at least one previous withdrawal record associated with the smart card device; calculating a record sum of withdrawals based on the listing of the amount of the at least one previous withdrawal record, the record sum of withdrawals equaling a total sum amount of withdrawal amounts in previous withdrawal records; reading a counter from the smart card device, the counter comprising a value corresponding to a sum of previous withdrawals using the smart card device; determining that the value in the counter matches the record sum of withdrawals; and authorizing a transaction with the smart card device in response to a determination that the value in the counter information matches the record sum of withdrawals. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
19. A system for verifying withdrawal transaction histories for smart card devices, the system comprising:
-
a processor; and a storage device comprising hardware storing executable instructions that when executed by the processor cause the processor to execute the steps of; instructions that receiving a transaction history from a smart card device, the transaction history comprising a listing of an amount of at least one previous withdrawal associated with the smart card device; calculating a record sum of withdrawals based on the listing of the amount of the at least one previous withdrawal record, the record sum of withdrawals equaling a total sum amount of withdrawal amounts in previous withdrawal records; receiving a counter from the smart card device, the counter comprising a value corresponding to a sum of previous withdrawals using the smart card device; determining that the value in the counter matches the record sum of withdrawals; processing an offline debit transaction to debit a transaction amount from the smart card device without a network connection to a remote computer management system that manages an account for the smart card device, the transaction amount being equal to or less than a balance of funds on the smart card device; and authorizing a transaction with the smart card device in response to a determination that the value in the counter information matches the record sum of withdrawals. - View Dependent Claims (20, 21, 22, 23)
-
Specification