In-card access control and monotonic counters for offline payment processing system

US 8,898,088 B2
Filed: 02/29/2012
Issued: 11/25/2014
Est. Priority Date: 02/29/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for verifying withdrawal transaction histories for smart card devices, comprising:

detecting a smart card device by a mobile communication device;

establishing, by the mobile communication device, a communication channel with the smart card device in response to detecting the smart card device;

receiving, by the mobile communication device, a transaction history from the smart card device, the transaction history comprising a listing of an amount of at least one previous withdrawal record associated with the smart card device;

calculating, by the mobile communication device, a record sum of withdrawals based on the listing of the amount of the at least one previous withdrawal record, the record sum of withdrawals equaling a total sum amount of withdrawal amounts in previous withdrawal records;

reading, by the mobile communication device, a counter from the smart card device, the counter comprising a value corresponding to a sum of previous withdrawal amounts made using the smart card device;

determining, by the mobile communication device, that the value in the counter matches the calculated record sum of withdrawals;

authorizing, by the mobile communication device, an offline debit transaction with the smart card device in response to a determination that the value in the counter information matches the record sum of withdrawals.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Preventing fraud during an offline transaction by encoding a randomly-generated card verification code onto a smart card. The verification code is transmitted to a contactless device during each transaction, wherein it is cross-referenced with the account number to ensure presence of the card. Also, every transaction record is signed by an access key resident on the contactless device and certified by a signing key resident on a remote system. Funds may be deposited onto the card when the contactless device creates a deposit request, signs the request using an access key and transmits it to the remote system, which in turn processes the request and certifies it with a signing key. Funds may be withdrawn when the contactless device creates a withdrawal record and signs it using an access key. The remote system verifies the signatures and certifies the records using a signing key when the records are later transmitted.

164 Citations

23 Claims

1. A computer-implemented method for verifying withdrawal transaction histories for smart card devices, comprising:
- detecting a smart card device by a mobile communication device;
  
  establishing, by the mobile communication device, a communication channel with the smart card device in response to detecting the smart card device;
  
  receiving, by the mobile communication device, a transaction history from the smart card device, the transaction history comprising a listing of an amount of at least one previous withdrawal record associated with the smart card device;
  
  calculating, by the mobile communication device, a record sum of withdrawals based on the listing of the amount of the at least one previous withdrawal record, the record sum of withdrawals equaling a total sum amount of withdrawal amounts in previous withdrawal records;
  
  reading, by the mobile communication device, a counter from the smart card device, the counter comprising a value corresponding to a sum of previous withdrawal amounts made using the smart card device;
  
  determining, by the mobile communication device, that the value in the counter matches the calculated record sum of withdrawals;
  
  authorizing, by the mobile communication device, an offline debit transaction with the smart card device in response to a determination that the value in the counter information matches the record sum of withdrawals.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein the counter comprises a total amount of withdrawal transactions.
  - 3. The computer-implemented method of claim 1, wherein the counter may only be incremented, not decremented.
  - 4. The computer-implemented method of claim 1, wherein the communication channel is established using a near field communication (NFC) protocol.
  - 5. The computer-implemented method of claim 1, wherein the mobile communication device is a mobile telephone.
  - 6. The computer-implemented method of claim 1, wherein the mobile communication device comprises a stand-alone card reader.
  - 7. The computer-implemented method of claim 1, wherein calculating the record sum of withdrawals comprises:
    - sorting withdrawal transactions in order of withdrawal from a previous withdrawal W(n−
      
      1) to a latest withdrawal W(n); and
      
      reviewing the latest withdrawal transaction to identify the current sum of withdrawals.
  - 8. The computer-implemented method of claim 1, wherein calculating the record sum of withdrawals comprises:
    - sorting withdrawal transactions in order of withdrawal from a previous withdrawal W(n−
      
      1) to a latest withdrawal W(n); and
      
      adding the latest withdrawal transaction to the previous withdrawal to identify the current sum of withdrawals.
  - 9. The computer-implemented method of claim 1, further comprising:
    - receiving, by the mobile communication device, a transaction history from the smart card device, the transaction history comprising information regarding at least one previous deposit record associated with the smart card device; and
      
      calculating, by the mobile communication device, a smart card balance, the smart card balance comprising a difference obtained by subtracting the record sum of withdrawals from a record sum of deposits, the record sum of deposits equaling a total amount of deposits in previous deposit records.
  - 10. The computer-implemented method of claim 1, further comprising:
    - processing, by the mobile communication device, an offline debit transaction to debit a transaction amount from the smart card device without a network connection to a remote computer management system that manages an account associated with the smart card device, the transaction amount being equal to or less than a balance of funds on the smart card device;
      
      transmitting, by the mobile communication device, a transaction record to the smart card device, the transaction record indicating the transaction amount debited from the smart card device; and
      
      storing, by the mobile communication device, the smart card identification information, the transaction history, and the transaction record.
  - 11. The computer-implemented method of claim 10, further comprising:
    - after authorizing the offline debit transaction with the smart card device, establishing, by the mobile communication device, a network connection with the remote computer management system; and
      
      transmitting, by the mobile communication device, the card identification information, the transaction history, and the transaction record to the remote computer management system via the network connection to update the account managed by the remote computer management system.

12. A computer program product, comprising:
- a non-transitory computer-readable medium having computer-readable program instructions embodied therein that when executed by a computer causes the computer to perform the steps of;
  
  receiving a transaction history from a smart card device, the transaction history comprising a listing of an amount of at least one previous withdrawal record associated with the smart card device;
  
  calculating a record sum of withdrawals based on the listing of the amount of the at least one previous withdrawal record, the record sum of withdrawals equaling a total sum amount of withdrawal amounts in previous withdrawal records;
  
  reading a counter from the smart card device, the counter comprising a value corresponding to a sum of previous withdrawals using the smart card device;
  
  determining that the value in the counter matches the record sum of withdrawals; and
  
  authorizing a transaction with the smart card device in response to a determination that the value in the counter information matches the record sum of withdrawals.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The computer program product of claim 12, wherein the counter may only be incremented, not decremented.
  - 14. The computer program product of claim 12, wherein calculating the record sum of withdrawals comprises performing the steps of:
    - sorting withdrawal transactions in order of withdrawal from a previous withdrawal W(n−
      
      1) to a latest withdrawal W(n); and
      
      reviewing the latest withdrawal transaction to identify the current sum of withdrawals.
  - 15. The computer program product of claim 12, wherein calculating the record sum of withdrawals comprises performing the steps of:
    - sorting withdrawal transactions in order of withdrawal from a previous withdrawal W(n−
      
      1) to a latest withdrawal W(n); and
      
      adding the latest withdrawal transaction to the previous withdrawal to identify the current sum of withdrawals.
  - 16. The computer program product of claim 12, further comprising performing the steps of:
    - receiving a transaction history from the smart card device, the transaction history comprising information regarding at least one previous deposit record associated with the smart card device; and
      
      calculating a smart card balance, the smart card balance comprising a difference obtained by subtracting the record sum of withdrawals from a record sum of deposits, the record sum of deposits equaling a total amount of deposits in previous deposit records.
  - 17. The computer program product of claim 12, further comprising performing the steps of:
    - processing an offline debit transaction to debit a transaction amount from the smart card device without a network connection to a remote computer management system that manages an account associated with the smart card device, the transaction amount being equal to or less than a balance of funds on the smart card device;
      
      transmitting a transaction record to the smart card device, the transaction record indicating the transaction amount debited from the smart card device; and
      
      storing the smart card identification information, the transaction history, and the transaction record.
  - 18. The computer program product of claim 17, further comprising performing the steps of:
    - establishing a network connection with the remote computer management system after authorizing the offline debit transaction with the smart card device; and
      
      transmitting the card identification information, the transaction history, and the transaction record to the remote computer management system via the network connection to update the account managed by the remote computer management system.

19. A system for verifying withdrawal transaction histories for smart card devices, the system comprising:
- a processor; and
  
  a storage device comprising hardware storing executable instructions that when executed by the processor cause the processor to execute the steps of;
  
  instructions thatreceiving a transaction history from a smart card device, the transaction history comprising a listing of an amount of at least one previous withdrawal associated with the smart card device;
  
  calculating a record sum of withdrawals based on the listing of the amount of the at least one previous withdrawal record, the record sum of withdrawals equaling a total sum amount of withdrawal amounts in previous withdrawal records;
  
  receiving a counter from the smart card device, the counter comprising a value corresponding to a sum of previous withdrawals using the smart card device;
  
  determining that the value in the counter matches the record sum of withdrawals;
  
  processing an offline debit transaction to debit a transaction amount from the smart card device without a network connection to a remote computer management system that manages an account for the smart card device, the transaction amount being equal to or less than a balance of funds on the smart card device; and
  
  authorizing a transaction with the smart card device in response to a determination that the value in the counter information matches the record sum of withdrawals.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The system of claim 19, wherein the processor is further configured to execute instructions stored in the storage device to cause the processor to execute the step of incrementing the counter, wherein the counter is incremented by an access key resident on the mobile communication device, and wherein the counter may only be incremented, not decremented.
  - 21. The system of claim 19, wherein the processor is further configured to execute instructions stored in the storage device to cause the processor to execute the steps of:
    - receiving a transaction history from the smart card device, the transaction history comprising information regarding at least one previous deposit record associated with the smart card device; and
      
      calculating a smart card balance, the smart card balance comprising a difference obtained by subtracting the record sum of withdrawals from a record sum of deposits, the record sum of deposits equaling a total amount of deposits in previous deposit records.
  - 22. The system of claim 19, wherein the processor is further configured to execute instructions stored in the storage device to cause the processor to execute the steps of:
    - transmitting a transaction record to the smart card device, the transaction record indicating the transaction amount debited from the smart card device; and
      
      storing the smart card identification information, the transaction history, and the transaction record.
  - 23. The system of claim 22, wherein the processor is further configured to execute instructions stored in the storage device to cause the processor to execute the steps of:
    - establishing a network connection with the remote computer management system; and
      
      transmitting the card identification information, the transaction history, and the transaction record to the remote computer management system via the network connection to update the account managed by the remote computer management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Paya, Ismail Cem, Lisowiec, Malgorzata Monika, Okonkwo, Aneto Pablo, Leung, Patrick Pui Wah, Jiang, Fan, Springer, Michael William
Primary Examiner(s)
Hewitt, II, Calvin L
Assistant Examiner(s)
Iluonakhamhe, Isidora

Application Number

US13/408,794
Publication Number

US 20130226791A1
Time in Patent Office

1,000 Days
Field of Search

705/51, 705/52, 705/64, 705/65, 705/71, 705/72, 705/75, 235/380
US Class Current

705/65
CPC Class Codes

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/343   Cards including a counter

G06Q 20/353   Payments by cards read by M...

G06Q 20/367   involving electronic purses...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/4018   using the card verification...

G06Q 40/12   Accounting

H04B 5/77   for interrogation

In-card access control and monotonic counters for offline payment processing system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

164 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

In-card access control and monotonic counters for offline payment processing system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

164 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links