Track data encryption

US 8,972,303 B2
Filed: 09/16/2010
Issued: 03/03/2015
Est. Priority Date: 06/19/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a computer, an authorization request message associated with a transaction, the authorization request message including a secondary Primary Account Number (PAN) in a PAN data field of the authorization request message, and a primary PAN that is encrypted and located in a location of the authorization request message other than the PAN data field, wherein the secondary PAN is associated with the primary PAN, wherein the secondary PAN has end portions and a middle portion, wherein at least one of the end portions of the secondary PAN is the same as a corresponding end portion of the primary PAN, while at least the middle portion of the secondary PAN is different than a corresponding middle portion of the primary PAN;

determining, by the computer, that the secondary PAN in the PAN data field is not a valid PAN;

identifying, by the computer, based on the determination, the location of the encrypted primary PAN in the authorization request message;

decrypting, by the computer, the encrypted primary PAN;

determining, by the computer, based upon the decrypted primary PAN, an authorization response indicating whether the transaction is to be approved or disapproved; and

sending, by the computer, an authorization response message including the authorization response.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for using a secondary PAN is disclosed. The method includes providing a secondary PAN associated with a primary PAN, where the secondary PAN has at least one end portion that is the same as the primary PAN, but has a middle portion of that is different than the primary PAN.

315 Citations

20 Claims

1. A method comprising:
- receiving, at a computer, an authorization request message associated with a transaction, the authorization request message including a secondary Primary Account Number (PAN) in a PAN data field of the authorization request message, and a primary PAN that is encrypted and located in a location of the authorization request message other than the PAN data field, wherein the secondary PAN is associated with the primary PAN, wherein the secondary PAN has end portions and a middle portion, wherein at least one of the end portions of the secondary PAN is the same as a corresponding end portion of the primary PAN, while at least the middle portion of the secondary PAN is different than a corresponding middle portion of the primary PAN;
  
  determining, by the computer, that the secondary PAN in the PAN data field is not a valid PAN;
  
  identifying, by the computer, based on the determination, the location of the encrypted primary PAN in the authorization request message;
  
  decrypting, by the computer, the encrypted primary PAN;
  
  determining, by the computer, based upon the decrypted primary PAN, an authorization response indicating whether the transaction is to be approved or disapproved; and
  
  sending, by the computer, an authorization response message including the authorization response.
- View Dependent Claims (2, 3, 4, 5, 11, 12, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein the primary PAN is associated with a portable consumer device, and wherein the method is performed by an issuer or a payment processing network.
  - 3. The method of claim 1, wherein the middle portion of the secondary PAN comprises at least three digits that each have a same value.
  - 4. The method of claim 1, wherein the end portions of the secondary PAN include a first end portion including a Bank Identification Number (BIN) and a second end portion including four digits.
  - 5. The method of claim 1, wherein the secondary PAN was initially provided for the payment transaction from a portable consumer device.
  - 11. The method of claim 1, wherein the middle portion of the secondary PAN comprises encrypted digits.
  - 12. The method of claim 11, wherein the encrypted digits are dynamically generated.
  - 17. The method of claim 1 wherein said determination that the secondary PAN in the PAN data field is not a valid PAN comprises determining that a number of digits in the middle portion of the secondary PAN all have a same value.
  - 18. The method of claim 1 wherein said determination that the secondary PAN in the PAN data field is not a valid PAN comprises determining that a structure of the secondary PAN does not conform with a list of valid PAN structures.
  - 19. The method of claim 17 wherein said identifying of the location of the encrypted primary PAN in the authorization request message comprises retrieving a predetermined PAN location identifier from a database.
  - 20. The method of claim 19 wherein said decrypting the encrypted primary PAN comprises:
    - retrieving, a decryption key from the database; and
      
      performing a decryption operation using the encrypted primary PAN and the decryption key.

6. A non-transitory computer readable storage medium comprising instructions that, when executed by one or more processors of a computer, cause the computer to perform operations comprising:
- receiving, at the computer, an authorization request message associated with a transaction, the authorization request message including a secondary Primary Account Number in a PAN data field of the authorization request message, and a primary PAN in a location of the authorization request message other than the PAN data field, wherein the secondary PAN is associated with the primary PAN, wherein the secondary PAN has end portions and a middle portion, and wherein at least one of the end portions of the secondary PAN is the same as a corresponding end portion of the primary PAN, while at least the middle portion of the secondary PAN is different than a corresponding middle portion of the primary PAN;
  
  based upon a determination that the secondary PAN in the PAN data field is not a valid PAN, identifying, by the computer, the location of the encrypted primary PAN in the authorization request message;
  
  decrypting the encrypted primary PAN;
  
  determining, based upon the decrypted primary PAN, an authorization response indicating whether the transaction is to be approved or disapproved; and
  
  sending, by the computer, an authorization response message including the authorization response.
- View Dependent Claims (7, 8, 9, 13, 14, 15, 16)
- - 7. The non-transitory computer readable storage medium of claim 6 wherein the end portions of the secondary PAN include a first end portion including a Bank Identification Number (BIN) and a second end portion including four digits.
  - 8. The non-transitory computer readable storage medium of claim 6 wherein the middle portion of the secondary PAN comprises at least three digits that have a same value.
  - 9. The non-transitory computer readable storage medium of claim 6 wherein the primary PAN and the secondary PAN both have 13, 16, or 19 digits.
  - 13. The computer readable medium of claim 6, wherein the middle portion of the secondary PAN comprises encrypted digits.
  - 14. The computer readable medium of claim 13, wherein the encrypted portion is generated dynamically.
  - 15. The computer readable medium of claim 13, wherein the encrypted portion is statically stored on a portable consumer device.
  - 16. The computer readable medium of claim 8, wherein the middle portion of the secondary PAN further comprises a digit selected to allow a checksum operation to be performed using the secondary PAN that will generate a same value as a checksum digit of the decrypted primary PAN, wherein the digit has a different value than the value of the three digits of the middle portion of the secondary PAN.

10. A server comprising:
- one or more processors; and
  
  a non-transitory computer readable storage medium including instructions that when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  receiving an authorization request message associated with a transaction, the authorization request message including a secondary Primary Account Number (PAN) in a PAN data field of the authorization request message, and a primary PAN in a location of the authorization request message other than the PAN data field, wherein the secondary PAN is associated with the primary PAN, wherein the secondary PAN has end portions and a middle portion, and wherein at least one of the end portions of the secondary PAN is the same as a corresponding end portion of the primary PAN, while at least the middle portion of the secondary PAN is different than a corresponding middle portion of the primary PAN;
  
  based upon a determination that the secondary PAN in the PAN data field is not a valid PAN, identifying the location of the encrypted primary PAN in the authorization request message;
  
  decrypting the encrypted primary PAN;
  
  determining, based upon the decrypted primary PAN, an authorization response indicating whether the transaction is to be approved or disapproved; and
  
  sending an authorization response message including the authorization response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Hammad, Ayman
Primary Examiner(s)
Hewitt, II, Calvin L
Assistant Examiner(s)
Nilforoush, Mohammad A

Application Number

US12/883,413
Publication Number

US 20110004553A1
Time in Patent Office

1,629 Days
Field of Search

705 50- 79
US Class Current

705/67
CPC Class Codes

G06Q 20/085   involving remote charge det...

G06Q 20/105   involving programming of a ...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/204   comprising interface for re...

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 2220/00   Business processing using c...

G06Q 30/06   Buying, selling or leasing ...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3271   using challenge-response

Track data encryption

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

315 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Track data encryption

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

315 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links