Methods and systems to securely load / reload acontactless payment device
First Claim
Patent Images
1. A method for operating a terminal device, comprising:
- receiving, by the terminal device, a request for a load transaction for loading value onto a contactless payment device, the request including a requested load amount, the contactless payment device including a card-shaped body, an integrated circuit mounted on the card-shaped body, and an antenna mounted on the card-shaped body and coupled to the integrated circuit;
prompting a user, by the terminal device, to present the contactless payment device to a contactless reader operatively coupled to the terminal device;
presenting the contactless payment device to the contactless reader;
establishing a wireless data communication channel between the contactless payment device and the contactless reader in connection with the load transaction;
transmitting an authorization request from the contactless payment device to the contactless reader over the wireless data communication channel, said authorization request for requesting authorization from a remote server computer for said load transaction, said authorization request different from said request for a load transaction;
receiving, by the contactless reader from said contactless payment device over the wireless data communication channel, the authorization request;
transmitting, by the terminal device, said authorization request electronically over a communication channel to the remote server computer, the remote server computer associated with a destination address, the remote server computer operated by or on behalf of an issuer of said contactless payment device for authorization processing;
receiving, by the terminal device, a signed authorization response from said remote server computer indicating approval of the authorization request;
after the terminal device receives the signed authorization response, prompting the user, by the terminal device, to present the contactless payment device to the contactless reader;
second presenting the contactless payment device to the contactless reader;
establishing the wireless data communication channel for a second time in connection with said load transaction;
transmitting, by the contactless reader to the contactless payment device over the wireless data communication channel, the signed authorization response for authentication by the contactless payment device;
transmitting a transaction certificate from the contactless payment device to the contactless reader over the wireless data communication channel;
receiving, by the contactless reader over the wireless data communication channel, the transaction certificate from the contactless payment device indicating authentication of the issuer;
displaying, by the contactless reader, a prompt to enter a personal identification number (PIN);
receiving, by the terminal device via an input device, the PIN from the user;
after the terminal device receives the PIN from the user, prompting the user, by the terminal device, to present the contactless payment device to the contactless reader;
third presenting the contactless payment device to the contactless reader;
establishing the wireless data communication channel for a third time in connection with said load transaction;
transmitting, by the contactless reader over the wireless data communication channel, an encrypted version of the PIN to the contactless payment device;
verifying of the encrypted version of the PIN by the contactless payment device to verify the user; and
accepting said request for the load transaction by the contactless payment device;
wherein said authorization request includes a cryptogram signed by said contactless payment device using a key associated with said contactless payment device.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments allow loading and reloading contactless payment devices using only a contactless terminal interface, while providing user authentication. The contactless terminal interface could be at a merchant POS location, kiosk, or embedded or attached to a personal computing device with contactless read/write capability such as a personal computer or mobile phone or Internet device.
-
Citations
7 Claims
-
1. A method for operating a terminal device, comprising:
-
receiving, by the terminal device, a request for a load transaction for loading value onto a contactless payment device, the request including a requested load amount, the contactless payment device including a card-shaped body, an integrated circuit mounted on the card-shaped body, and an antenna mounted on the card-shaped body and coupled to the integrated circuit; prompting a user, by the terminal device, to present the contactless payment device to a contactless reader operatively coupled to the terminal device; presenting the contactless payment device to the contactless reader; establishing a wireless data communication channel between the contactless payment device and the contactless reader in connection with the load transaction; transmitting an authorization request from the contactless payment device to the contactless reader over the wireless data communication channel, said authorization request for requesting authorization from a remote server computer for said load transaction, said authorization request different from said request for a load transaction; receiving, by the contactless reader from said contactless payment device over the wireless data communication channel, the authorization request; transmitting, by the terminal device, said authorization request electronically over a communication channel to the remote server computer, the remote server computer associated with a destination address, the remote server computer operated by or on behalf of an issuer of said contactless payment device for authorization processing; receiving, by the terminal device, a signed authorization response from said remote server computer indicating approval of the authorization request; after the terminal device receives the signed authorization response, prompting the user, by the terminal device, to present the contactless payment device to the contactless reader; second presenting the contactless payment device to the contactless reader; establishing the wireless data communication channel for a second time in connection with said load transaction; transmitting, by the contactless reader to the contactless payment device over the wireless data communication channel, the signed authorization response for authentication by the contactless payment device; transmitting a transaction certificate from the contactless payment device to the contactless reader over the wireless data communication channel; receiving, by the contactless reader over the wireless data communication channel, the transaction certificate from the contactless payment device indicating authentication of the issuer; displaying, by the contactless reader, a prompt to enter a personal identification number (PIN); receiving, by the terminal device via an input device, the PIN from the user; after the terminal device receives the PIN from the user, prompting the user, by the terminal device, to present the contactless payment device to the contactless reader; third presenting the contactless payment device to the contactless reader; establishing the wireless data communication channel for a third time in connection with said load transaction; transmitting, by the contactless reader over the wireless data communication channel, an encrypted version of the PIN to the contactless payment device; verifying of the encrypted version of the PIN by the contactless payment device to verify the user; and accepting said request for the load transaction by the contactless payment device; wherein said authorization request includes a cryptogram signed by said contactless payment device using a key associated with said contactless payment device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification