Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value

US 9,251,637 B2
Filed: 11/15/2006
Issued: 02/02/2016
Est. Priority Date: 11/15/2006
Status: Active Grant

First Claim

Patent Images

1. A method for authorizing a transaction, wherein the transaction involves a credit/debit card, the method comprising:

receiving a transaction authorization request associated with the transaction involving the credit/debit card, wherein the transaction authorization request comprises a prompt for a card verification value (CVV) for authenticating the transaction, wherein the credit/debit card comprises;

one or more input devices positioned on the credit/debit card enabling a user of the credit/debit card to input information into the credit/debit card including a challenge response, wherein the one or more input devices comprise a plurality of buttons corresponding to a plurality of alpha-numeric characters;

a processor in communication with the one or more input devices positioned on the credit/debit card, wherein the processor is configured to;

generate a challenge;

present, via a visual display and a speaker of the credit/debit card, the challenge;

receive, via the plurality of buttons on the credit/debit card, a challenge response comprising alpha-numeric characters; and

determine whether or not the challenge response received into the credit/debit card is successful;

a one-time password generator automatically generating a one-time password or value based at least partially on receiving the challenge response into the credit/debit card and determining that the challenge response is successful;

presenting, via the visual display and the speaker of the credit/debit card, the one-time password, wherein a portion of the one-time password comprises a dynamic card verification value (CVV) for authenticating the transaction;

receiving the dynamic CVV; and

authorizing the transaction involving the credit/debit card if the dynamic CVV generated by the credit/debit card matches at least a portion of an externally generated one-time password for the credit/debit card.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value (CVV) are disclosed. A credit/debit card is able to generate a dynamic card verification value (CVV). Such a card may also include an indication that the dynamic CVV is to be used as a security code for purchasing or other transactions. A card-based financial transaction can be authorized in accordance with the use of a dynamic CVV by receiving a transaction authorization request for a specific credit/debit card, wherein the transaction authorization request includes a dynamic CVV. The dynamic CVV can be compared to at least a portion of a one-time password generated for the specific credit/debit card, and a transaction authorization can be sent to the merchant or vendor when the dynamic CVV matches all or a portion of the one-time password.

87 Citations

View as Search Results

41 Claims

1. A method for authorizing a transaction, wherein the transaction involves a credit/debit card, the method comprising:
- receiving a transaction authorization request associated with the transaction involving the credit/debit card, wherein the transaction authorization request comprises a prompt for a card verification value (CVV) for authenticating the transaction, wherein the credit/debit card comprises;
  
  one or more input devices positioned on the credit/debit card enabling a user of the credit/debit card to input information into the credit/debit card including a challenge response, wherein the one or more input devices comprise a plurality of buttons corresponding to a plurality of alpha-numeric characters;
  
  a processor in communication with the one or more input devices positioned on the credit/debit card, wherein the processor is configured to;
  
  generate a challenge;
  
  present, via a visual display and a speaker of the credit/debit card, the challenge;
  
  receive, via the plurality of buttons on the credit/debit card, a challenge response comprising alpha-numeric characters; and
  
  determine whether or not the challenge response received into the credit/debit card is successful;
  
  a one-time password generator automatically generating a one-time password or value based at least partially on receiving the challenge response into the credit/debit card and determining that the challenge response is successful;
  
  presenting, via the visual display and the speaker of the credit/debit card, the one-time password, wherein a portion of the one-time password comprises a dynamic card verification value (CVV) for authenticating the transaction;
  
  receiving the dynamic CVV; and
  
  authorizing the transaction involving the credit/debit card if the dynamic CVV generated by the credit/debit card matches at least a portion of an externally generated one-time password for the credit/debit card.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1 further comprising sending a transaction denial when the dynamic CVV does not match the at least a portion of the one-time password.
  - 3. The method of claim 2 further comprising:
    - separating the dynamic CVV from credit/debit card data;
      
      validating the credit/debit card data; and
      
      merging the dynamic CVV with the credit/debit card data to produce the transaction authorization or the transaction denial.
  - 4. The method of claim 1 wherein the at least a portion of the one-time password comprises three digits of a six-digit one-time password.
  - 5. The method of claim 4 further comprising:
    - separating the dynamic CVV from credit/debit card data;
      
      validating the credit/debit card data; and
      
      merging the dynamic CVV with the credit/debit card data to produce the transaction authorization.
  - 6. The method of claim 5 wherein the comparing of the dynamic CVV to the three digits of the six-digit one-time password is accomplished using a united authentication server.
  - 7. A computer program product comprising a computer-readable medium having computer program code instructions for performing the method of claim 6.
  - 8. A computer program product comprising a computer-readable medium having computer program code instructions for performing the method of claim 4.
  - 9. The method of claim 1 further comprising:
    - separating the dynamic CVV from credit/debit card data;
      
      validating the credit/debit card data; and
      
      merging the dynamic CVV with the credit/debit card data to produce the transaction authorization.
  - 10. A computer program product comprising a computer-readable medium having computer program code instructions for performing the method of claim 9.
  - 11. A computer program product comprising a computer-readable medium having computer program code instructions for performing the method of claim 1.
  - 12. The method of claim 1, wherein the dynamic CVV was outputted to the user by displaying the dynamic CVV in a visual display and a speaker, the visual display and the speaker being disposed in a body of the credit/debit card.
  - 13. The method of claim 1, wherein the credit/debit card comprises a plurality of buttons corresponding to a plurality of characters, wherein the successful challenge response comprises a plurality of characters, and wherein the successful challenge response was inputted into the credit/debit card by the user using the plurality of buttons.
  - 14. The method of claim 1, wherein the successful challenge response is inputted into the credit/debit card by the user in response to a challenge being presented to the user.
  - 15. The method of claim 14, wherein the successful challenge response is different than the challenge.
  - 16. The method of claim 14, wherein the challenge is outputted by the credit/debit card to the user before the successful challenge response is inputted into the credit/debit card by the user.
  - 17. The method of claim 16, wherein the credit/debit card comprises a visual display, a speaker, and one or more input devices, wherein the challenge was outputted to the user via the visual display and the speaker, and wherein the successful challenge response was inputted by the user using the one or more input devices.
  - 18. The method of claim 1 wherein the dynamic CVV is based at least partially on the challenge response input by the user into the credit/debit card.

19. An apparatus for authorizing a transaction, wherein the transaction involves a credit/debit card, the apparatus comprising:
- means for receiving a transaction authorization request associated with a transaction involving the credit/debit card, wherein the transaction authorization request comprises a prompt for a card verification value (CVV) for authenticating the transaction, wherein the credit/debit card comprises;
  
  one or more input devices positioned on the credit/debit card enabling a user of the credit/debit card to input information into the credit/debit card including a challenge response, wherein the one or more input devices comprise a plurality of buttons corresponding to a plurality of alpha-numeric characters;
  
  a processor in communication with the one or more input devices positioned on the credit/debit card, wherein the processor is configured to;
  
  generate a challenge;
  
  present, via a visual display and a speaker of the credit/debit card, the challenge;
  
  receive, via the plurality of buttons on the credit/debit card, a challenge response comprising alpha-numeric characters; and
  
  determine whether or not the challenge response received into the credit/debit card is successful;
  
  a one-time password generator automatically generating a one-time password or value based at least partially on receiving the challenge response into the credit/debit card and determining that the challenge response is successful;
  
  presenting, via the visual display and the speaker of the credit/debit card, the one-time password, wherein a portion of the one-time password comprises a dynamic card verification value (CVV) for authenticating the transaction;
  
  means for comparing the dynamic CVV to at least a portion of a one-time password externally generated for the credit/debit card; and
  
  means for sending a transaction authorization when the dynamic CVV matches the at least a portion of the one-time password externally generated for the credit/debit card.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 20. The apparatus of claim 19 further comprising means for sending a transaction denial when the dynamic CVV does not match the at least a portion of the one-time password.
  - 21. The apparatus of claim 20 further comprising:
    - means for separating the dynamic CVV from credit/debit card data;
      
      means for validating the credit/debit card data; and
      
      means for merging the dynamic CVV with the credit/debit card data to produce the transaction authorization or the transaction denial.
  - 22. The apparatus of claim 19 further comprising:
    - means for separating the dynamic CVV from credit/debit card data;
      
      means for validating the credit/debit card data; and
      
      means for merging the dynamic CVV with the credit/debit card data to produce the transaction authorization.
  - 23. The apparatus of claim 19, wherein the dynamic CVV was outputted to the user by displaying the dynamic CVV in a visual display and a speaker, the visual display and the speaker being disposed in a body of the credit/debit card.
  - 24. The apparatus of claim 19, wherein the credit/debit card comprises a plurality of buttons corresponding to a plurality of characters, wherein the successful challenge response comprises a plurality of characters, and wherein the successful challenge response was inputted into the credit/debit card by the user using the plurality of buttons.
  - 25. The apparatus of claim 19, wherein the successful challenge response is inputted into the credit/debit card by the user in response to a challenge being presented to the user.
  - 26. The apparatus of claim 25, wherein the successful challenge response is different than the challenge.
  - 27. The apparatus of claim 25, wherein the challenge is outputted by the credit/debit card to the user before the successful challenge response is inputted into the credit/debit card by the user.
  - 28. The apparatus of claim 27, wherein the credit/debit card comprises a visual display, a speaker, and one or more input devices, wherein the challenge was outputted to the user via the visual display and the speaker, and wherein the successful challenge response was inputted by the user via the one or more input devices.

29. A system for authorizing a transaction, wherein the transaction involves a credit/debit card, the system comprising:
- a card approval server configured to receive a transaction authorization request associated with a transaction involving the credit/debit card, wherein the transaction authorization request comprises a prompt for a card verification value (CVV) for authenticating the transaction, wherein the credit/debit card comprises;
  
  one or more input devices positioned on the credit/debit card enabling a user of the credit/debit card to input information into the credit/debit card including a challenge response, wherein the one or more input devices comprise a plurality of buttons corresponding to a plurality of alpha-numeric characters;
  
  a processor in communication with the one or more input devices positioned on the credit/debit card, wherein the processor is configured to;
  
  generate a challenge;
  
  present, via a visual display and a speaker of the credit/debit card, the challenge;
  
  receive, via the plurality of buttons on the credit/debit card, a challenge response comprising alpha-numeric characters; and
  
  determine whether or not the challenge response received into the credit/debit card is successful;
  
  a one-time password generator automatically generating a one-time password or value based at least partially on receiving the challenge response into the credit/debit card and determining that the challenge response is successful;
  
  presenting, via the visual display and the speaker of the credit/debit card, the one-time password, wherein a portion of the one-time password comprises a dynamic card verification value (CVV) for authenticating the transaction;
  
  an intermediate server configured to identify the dynamic CVV from a static CVV and to separate the dynamic CVV from credit/debit card data;
  
  a database interconnected with the card approval server and the intermediate server and configured to validate the credit/debit card data; and
  
  an authentication server interconnected with the intermediate server and configured to compare the dynamic CVV with at least a portion of an externally generated one-time password to authenticate the dynamic CVV.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
- - 30. The system of claim 29 wherein the database further comprises:
    - a credit card database; and
      
      a debit card database.
  - 31. The system of claim 30 wherein the intermediate server is disposed within a middleware layer.
  - 32. The system of claim 31 wherein the at least a portion of the one-time password comprises three digits of a six-digit one-time password.
  - 33. The system of claim 30 wherein the at least a portion of the one-time password comprises three digits of a six-digit one-time password.
  - 34. The system of claim 29 wherein the intermediate server is disposed within a middleware layer.
  - 35. The system of claim 29 wherein the at least a portion of the one-time password comprises three digits of a six-digit one-time password.
  - 36. The system of claim 29, wherein the dynamic CVV was outputted to the user by displaying the dynamic CVV in a visual display and a speaker, the visual display and the speaker being disposed in a body of the credit/debit card.

37. A method for facilitating a transaction involving a credit/debit card, the method comprising:
- receiving a transaction authorization request associated with the transaction involving the credit/debit card, wherein the transaction authorization request comprises a prompt for a card verification value (CVV) for authenticating the transaction, wherein the credit/debit card comprises;
  
  one or more input devices positioned on a face of the credit/debit card enabling a user of the credit/debit card to input information into the credit/debit card including a challenge response, wherein the one or more input devices comprise a plurality of buttons corresponding to a plurality of characters;
  
  a processor in communication with the one or more input devices positioned on the credit/debit card, wherein the processor is configured to;
  
  generate a challenge;
  
  present, via a visual display and a speaker of the credit/debit card, the challenge;
  
  receive, via the plurality of buttons on the credit/debit card, a challenge response comprising alpha-numeric characters; and
  
  determine whether or not the challenge response received into the credit/debit card is successful;
  
  automatically generate a one-time password based at least partially on receiving the challenge response into the credit/debit card and determining that the challenge response is successful;
  
  presenting, via the visual display and the speaker of the credit/debit card, the one-time password, wherein a portion of the one-time password comprises a dynamic card verification value (CVV) for authenticating the transaction.
- View Dependent Claims (38, 39, 40, 41)
- - 38. The method of claim 37, further comprising:
    - generating, by an external entity associated with the credit/debit card, a one-time password corresponding to the one-time password generated by the credit/debit card;
      
      receiving the dynamic card verification value for authenticating the transaction;
      
      determining whether or not the dynamic card verification value for authenticating the transaction matches at least a portion of the one-time password that is generated by the external entity;
      
      approving the transaction based at least partially on determining a successful match between the one-time password generated by the credit/debit card and the one-time password generated by the external entity.
  - 39. The method of claim 38, wherein the transaction is an online transaction, and wherein the dynamic card verification value for authenticating the transaction is received via a webpage associated with the online transaction.
  - 40. The method of claim 37, wherein the processor is further configured to:
    - identify a portion of the one-time password generated by the credit/debit that contains the dynamic card verification value by highlighting the portion of the one-time password or by altering a portion of the visual display containing the dynamic card verification value.
  - 41. The method of claim 37, wherein the plurality of buttons of the credit/debit card correspond to a plurality of alpha-numeric characters, and wherein the challenge response comprises, at least, one alpha character.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Ashfield, James M.
Primary Examiner(s)
KELLY, RAFFERTY D

Application Number

US11/559,931
Publication Number

US 20080110983A1
Time in Patent Office

3,366 Days
Field of Search

235/380, 705/15, 705/16, 705/17
US Class Current

1/1
CPC Class Codes

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3821   Electronic credentials

G06Q 20/3827   Use of message hashing

G06Q 20/385   using an alias or single-us...

G06Q 20/4018   using the card verification...

G06Q 20/409   Device specific authenticat...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

87 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links