System and method for account identifier obfuscation

US 9,065,643 B2
Filed: 06/25/2008
Issued: 06/23/2015
Est. Priority Date: 04/05/2006
Status: Active Grant

First Claim

Patent Images

1. A method for obfuscating an account identifier comprising:

identifying, by a computing device, a first end portion of the account identifier;

identifying, by the computing device, a middle portion of the account identifier, wherein the middle portion of the account identifier excludes the first end portion of the account identifier and further excludes a second end portion of the account identifier;

identifying, by the computing device, the second end portion of the account identifier;

creating, by the computing device, a unique derived key using at least a master key, the first end portion of the account identifier, and the second end portion of the account identifier;

generating, by the computing device during a financial transaction, a dynamic cryptogram unique to the financial transaction using the created unique derived key;

generating, by the computing device, an obfuscated portion of the account identifier using the generated dynamic cryptogram;

replacing, by the computing device, the middle portion of the account identifier with the generated obfuscated portion to create an obfuscated account identifier; and

transmitting, by the computing device to another device, the created obfuscated account identifier within an account identifier field of a transaction data for the financial transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed. The method includes generating an obfuscated portion using a dynamic cryptogram unique to a transaction, where the dynamic cryptogram is determined using a uniquely derived key. The method also includes replacing a middle portion of the account identifier with the obfuscated portion to form an obfuscated account identifier.

518 Citations

21 Claims

1. A method for obfuscating an account identifier comprising:
- identifying, by a computing device, a first end portion of the account identifier;
  
  identifying, by the computing device, a middle portion of the account identifier, wherein the middle portion of the account identifier excludes the first end portion of the account identifier and further excludes a second end portion of the account identifier;
  
  identifying, by the computing device, the second end portion of the account identifier;
  
  creating, by the computing device, a unique derived key using at least a master key, the first end portion of the account identifier, and the second end portion of the account identifier;
  
  generating, by the computing device during a financial transaction, a dynamic cryptogram unique to the financial transaction using the created unique derived key;
  
  generating, by the computing device, an obfuscated portion of the account identifier using the generated dynamic cryptogram;
  
  replacing, by the computing device, the middle portion of the account identifier with the generated obfuscated portion to create an obfuscated account identifier; and
  
  transmitting, by the computing device to another device, the created obfuscated account identifier within an account identifier field of a transaction data for the financial transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 19, 20, 21)
- - 2. The method of claim 1, wherein the first end portion of the account identifier comprises a bank identification number and wherein the second end portion of the account identifier comprises five characters or less.
  - 3. The method of claim 1 further comprising:
    - changing, using the computing device, a check digit of the obfuscated account identifier from a first value to a second value, wherein the check digit is exclusive of the first end portion, the second end portion, and the obfuscated portion, and wherein the first value is stored in a verification field of the transaction data.
  - 4. The method of claim 3, wherein the second value is selected so that a first checksum result of the obfuscated account identifier including the changed check digit matches a second checksum result of the account identifier.
  - 5. The method of claim 1, wherein the dynamic cryptogram is further based upon a variable transaction counter value, and wherein the method further comprises changing the variable transaction counter value.
  - 6. The method of claim 1, wherein said generating the obfuscated portion comprises:
    - converting the middle portion to hexadecimal digits; and
      
      generating a raw value by performing an Exclusive-OR (XOR) operation on the hexadecimal digits and the dynamic cryptogram.
  - 7. The method of claim 6, further comprising:
    - determining that the raw value exceeds a first constant, setting, using the computing device, a flag value within a verification field of the transaction data; and
      
      subtracting, using the computing device, a second constant from the raw value to form the obfuscated portion.
  - 8. The method of claim 1 wherein the another device comprises a host server computer.
  - 9. The method of claim 8,determining that the server computer is unsuccessful in acquiring the account identifier from the obfuscated account identifier;
    - based on the determination that the server computer is unsuccessful in acquiring the account identifier from the obfuscated account identifier, generating a alert.
  - 19. The method of claim 1, wherein the computing device is a portable consumer device associated with a payment account associated with the account identifier.
  - 20. The method of claim 1, wherein the computing device is an access device at a merchant.
  - 21. The method of claim 8, wherein the transaction data is communicated in an authorization request message to the host server computer for authorizing the financial transaction.

10. A non-transitory computer readable medium having instructions embodied thereon that when executed by a processor causes the processor to obfuscate an account identifier by performing operations comprising:
- identifying a first end portion of the account identifier;
  
  identifying a middle portion of the account identifier, wherein the middle portion of the account identifier excludes the first end portion of the account identifier and further excludes a second end portion of the account identifier;
  
  identifying the second end portion of the account identifier;
  
  creating a unique derived key using at least a master key, the first end portion of the account identifier, and the second end portion of the account identifier;
  
  generating during a financial transaction a dynamic cryptogram unique to the financial transaction using the created unique derived key;
  
  generating an obfuscated portion of the account identifier using the generated dynamic cryptogram;
  
  replacing the middle portion of the account identifier with the generated obfuscated portion to create an obfuscated account identifier; and
  
  transmitting the created obfuscated account identifier within an account identifier field of a transaction data for the financial transaction.

11. A method for determining an account identifier from an obfuscated account identifier comprising:
- receiving, by the computing device for a financial transaction, a transaction data including the obfuscated account identifier;
  
  identifying, by the computing device, a first end portion of the obfuscated account identifier;
  
  identifying, by the computing device, an obfuscated middle portion of the obfuscated account identifier, wherein the obfuscated middle portion of the obfuscated account identifier excludes the first end portion of the obfuscated account identifier and further excludes a second end portion of the obfuscated account identifier;
  
  identifying, by the computing device, the second end portion of the obfuscated account identifier;
  
  creating, by the computing device, a unique derived key using at least a master key, the first end portion of the account identifier, and the second end portion of the account identifier;
  
  generating, by the computing device during the financial transaction, a dynamic cryptogram unique to the financial transaction based upon the created unique derived key;
  
  generating, by the computing device, a middle portion of the account identifier using the generated dynamic cryptogram; and
  
  replacing, by the computing device, the obfuscated middle portion of the obfuscated account identifier with the generated middle portion to form the account identifier.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein said identifying the obfuscated middle portion comprises determining, by the computing device, which digits of a plurality of digits of the obfuscated account identifier comprise the obfuscated portion of the obfuscated account identifier.
  - 13. The method of claim 11, wherein the dynamic cryptogram is further based upon a variable transaction counter value and wherein the method further comprises changing, by the computing device, the variable transaction counter value.
  - 14. The method of claim 11, wherein said generating the middle portion of the account identifier comprises:
    - converting, by the computing device, the obfuscated middle portion to hexadecimal digits; and
      
      generating, by the computing device, a raw value by performing an Exclusive-OR (XOR) operation using at least some of the generated dynamic cryptogram and the converted obfuscated middle portion.
  - 15. The method of claim 14, further comprising:
    - determining, by the computing device, that a flag is set in a verification field of the transaction data; and
      
      determining that the flag is set, adding, by the computing device, a fixed value to the raw value to form the middle portion.
  - 16. The method of claim 14, further comprising:
    - identifying, by the computing device, a stored check digit from a verification field of the transaction data; and
      
      combining, by the computing device, the raw value with the stored check digit.
  - 17. The method of claim 11, further comprising:
    - determining that the formed account identifier is invalid, generating, by the computing device, a alert.

18. A non-transitory computer readable medium having instructions embodied thereon that when executed by a processor of a computing device causes the processor to determine an account identifier from an obfuscated account identifier by performing operations comprising:
- receiving a transaction data including the obfuscated account identifier for a financial transaction;
  
  identifying a first end portion of the obfuscated account identifier;
  
  identifying an obfuscated middle portion of the obfuscated account identifier, wherein the obfuscated middle portion of the obfuscated account identifier excludes the first end portion of theobfuscated account identifier and further excludes a second end portion of the obfuscated account identifier;
  
  identifying the second end portion of the obfuscated account identifier;
  
  creating a unique derived key using at least a master key, the first end portion of the account identifier, and the second end portion of the account identifier;
  
  generating during the financial transaction a dynamic cryptogram unique to the financial transaction based upon the created unique derived key;
  
  generating a middle portion of the account identifier using the generated dynamic cryptogram; and
  
  replacing the obfuscated middle portion of the obfuscated account identifier with the generated middle portion to form the account identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Hurry, Simon, Aabye, Christian
Primary Examiner(s)
Ravetti, Dante

Application Number

US12/146,150
Publication Number

US 20090030845A1
Time in Patent Office

2,554 Days
Field of Search

705/76, 705/16, 705/21, 705/59, 380/44, 380/262, 380/278, 380/279
US Class Current

1/1
CPC Class Codes

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/40975   using encryption therefor

H04L 2209/04   Masking or blinding

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 9/12   Transmitting and receiving ...

H04L 9/3234   involving additional secure...

System and method for account identifier obfuscation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

518 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

System and method for account identifier obfuscation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

518 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others