System and method for token domain control

US 9,848,052 B2
Filed: 05/05/2015
Issued: 12/19/2017
Est. Priority Date: 05/05/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a processor in a token service computer, a first token request from a first token requestor computer, wherein the first token request includes a payment account number and a first domain identifier;

identifying, by the processor in the token service computer, a payment token associated with the payment account number;

generating, by the processor in the token service computer, a first token code associated with the payment token;

assigning, by the processor in the token service computer, the payment token and the first token code to the first domain identifier, such that the first token code is specific to a first domain associated with the first domain identifier;

providing, by the processor in the token service computer, the payment token and the first token code to the first token requestor computer, wherein the first token requestor subsequently uses the payment token in place of the payment account number for a first payment transaction, and wherein the first token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the first token code and used within the first domain;

receiving, by the processor in the token service computer, a second token request from a second token requestor computer, wherein the second token request includes the payment account number and a second domain identifier, wherein the payment account number received in the second token request is the same as the payment account number received in the first token request;

identifying, by the processor in the token service computer, the payment token associated with the payment account number;

generating, by the processor in the token service computer, a second token code associated with the payment token, wherein the second token code is different than the first token code, and wherein the second token code and the first token code are both associated with the same payment token;

assigning, by the processor in the token service computer, the payment token and the second token code to the second domain identifier, such that the second token code is specific to a second domain associated with the second domain identifier, wherein the first domain identifier is different than the second domain identifier, and wherein the first domain is different than the second domain; and

providing, by the processor in the token service computer, the payment token and the second token code to the second token requestor computer, wherein the second token requestor subsequently uses the payment token in place of the payment account number for a second payment transaction, wherein the second token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the second token code and used within the second domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing a token code in conjunction with a value token is disclosed. The token code serves as a shared secret for authenticating the use of the value token. Multiple token holders can possess the same value token, but each token holder may have a different token code for use with the value token.

534 Citations

24 Claims

1. A method comprising:
- receiving, by a processor in a token service computer, a first token request from a first token requestor computer, wherein the first token request includes a payment account number and a first domain identifier;
  
  identifying, by the processor in the token service computer, a payment token associated with the payment account number;
  
  generating, by the processor in the token service computer, a first token code associated with the payment token;
  
  assigning, by the processor in the token service computer, the payment token and the first token code to the first domain identifier, such that the first token code is specific to a first domain associated with the first domain identifier;
  
  providing, by the processor in the token service computer, the payment token and the first token code to the first token requestor computer, wherein the first token requestor subsequently uses the payment token in place of the payment account number for a first payment transaction, and wherein the first token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the first token code and used within the first domain;
  
  receiving, by the processor in the token service computer, a second token request from a second token requestor computer, wherein the second token request includes the payment account number and a second domain identifier, wherein the payment account number received in the second token request is the same as the payment account number received in the first token request;
  
  identifying, by the processor in the token service computer, the payment token associated with the payment account number;
  
  generating, by the processor in the token service computer, a second token code associated with the payment token, wherein the second token code is different than the first token code, and wherein the second token code and the first token code are both associated with the same payment token;
  
  assigning, by the processor in the token service computer, the payment token and the second token code to the second domain identifier, such that the second token code is specific to a second domain associated with the second domain identifier, wherein the first domain identifier is different than the second domain identifier, and wherein the first domain is different than the second domain; and
  
  providing, by the processor in the token service computer, the payment token and the second token code to the second token requestor computer, wherein the second token requestor subsequently uses the payment token in place of the payment account number for a second payment transaction, wherein the second token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the second token code and used within the second domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the first token code is a first hexadecimal value and the second token code is a second hexadecimal value.
  - 3. The method of claim 1, wherein the first domain includes e-commerce payment transactions and wherein the second domain includes in-person payment transactions.
  - 4. The method of claim 1, wherein the first token requestor computer is a merchant computer, wherein the payment account number is associated with a user, and wherein the merchant computer stores the payment token and the first token code on behalf of the user, wherein the first domain identifier is associated with the merchant computer, and wherein the first domain includes transactions associated with the merchant computer.
  - 5. The method of claim 1, wherein the first token requestor computer is a mobile device, wherein the mobile device is associated with a user, and wherein the payment account number is associated with the user, wherein the first domain identifier is associated with the mobile device, and wherein the first domain includes transactions associated with the mobile device.
  - 6. The method of claim 1, further comprising:
    - receiving, by the processor in the token service computer, a first authorization request message for the first payment transaction, the first authorization request message including the payment token, the first token code, and the first domain identifier;
      
      determining, by the processor in the token service computer, that the first token code is associated with the payment token;
      
      determining, by the processor in the token service computer, that the payment token and the first token code are assigned to the first domain identifier;
      
      identifying, by the processor in the token service computer, the payment account number associated with the payment token;
      
      adding, by the processor in the token service computer, the payment account number to the first authorization request message;
      
      receiving, by the processor in the token service computer, a first authorization response message including the payment account number; and
      
      replacing, by the processor in the token service computer, the payment account number with the payment token and the first token code in the first authorization response message.
  - 7. The method of claim 1, wherein the first token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the first domain identifier, and wherein the second token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the second domain identifier.
  - 8. The method of claim 3, wherein the first token requestor'"'"'s subsequent use of the payment token is valid if the payment token is used for an e-commerce payment transaction, and wherein the second token requestor'"'"'s subsequent use of the payment token is valid if the payment token is used for an in-person payment transaction.
  - 9. The method of claim 1, wherein the first domain includes payment transactions with a first merchant, wherein the first domain identifier includes a first merchant identifier, wherein the second domain includes payment transactions with a second merchant, and wherein the second domain identifier includes a second merchant identifier.
  - 10. The method of claim 9, wherein the first token requestor'"'"'s subsequent use of the payment token is valid if the first token requestor is the first merchant, and wherein the second token requestor'"'"'s subsequent use of the payment token is valid if the second token requestor is the second merchant.
  - 11. The method of claim 9, wherein the first token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the first merchant identifier, and wherein the second token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the second merchant identifier.
  - 12. The method of claim 1, wherein the first domain includes a contactless entry mode and wherein the second domain includes magnetic stripe entry mode.

13. A token service computer comprising:
- a processor; and
  
  a non-transitory computer readable medium, the non-transitory computer readable medium comprising code, that when executed by the processor, implementing a method comprising;
  
  receiving a first token request from a first token requestor computer, wherein the first token request includes a payment account number and a first domain identifier;
  
  identifying a payment token associated with the payment account number;
  
  generating a first token code associated with the payment token;
  
  assigning the payment token and the first token code to the first domain identifier, such that the first token code is specific to a first domain associated with the first domain identifier;
  
  providing the payment token and the first token code to the first token requestor computer, wherein the first token requestor subsequently uses the payment token in place of the payment account number for a first payment transaction, wherein the first token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the first token code and used within the first domain;
  
  receiving a second token request from a second token requestor computer, wherein the second token request includes the payment account number and a second domain identifier, wherein the payment account number received in the second token request is the same as the payment account number received in the first token request;
  
  identifying the payment token associated with the payment account number;
  
  generating a second token code associated with the payment token, wherein the second token code is different than the first token code, and wherein the second token code and the first token code are both associated with the same payment token;
  
  assigning the payment token and the second token code to the second domain identifier, such that the second token code is specific to a second domain associated with the second domain identifier, wherein the first domain identifier is different than the second domain identifier, and wherein the first domain is different than the second domain; and
  
  providing the payment token and the second token code to the second token requestor computer, wherein the second token requestor subsequently uses the payment token in place of the payment account number for a second payment transaction, wherein the second token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the second token code and used within the second domain.
- View Dependent Claims (14, 15)
- - 14. The token service computer of claim 13, wherein the first token code is a first hexadecimal value and the second token code is a second hexadecimal value.
  - 15. The token service computer of claim 13, wherein the first domain includes e-commerce payment transactions and wherein the second domain includes in-person payment transactions.

16. A method comprising:
- receiving, by a token service system, a first authorization request message for a first payment transaction, the first authorization request message including a payment token being used in place of a payment account number, a first token code, and a first domain identifier;
  
  determining, by the token service system, that the first token code is associated with the payment token;
  
  determining, by the token service system, that the payment token and the first token code are assigned to the first domain identifier, wherein the first token code is specific to a first domain associated with the first domain identifier;
  
  identifying, by the token service system, the payment account number associated with the payment token;
  
  adding, by the token service system, the payment account number to the first authorization request message;
  
  sending, by the token service system, the first authorization request message to an authorizing entity computer;
  
  receiving, by the token service system, a first authorization response message including the payment account number from the authorizing entity computer;
  
  replacing, by the token service system, the payment account number with the payment token and the first token code in the first authorization response message;
  
  forwarding, by the token service system, the first authorization response message;
  
  receiving, by the token service system, a second authorization request message for a second payment transaction, the second authorization request message including the payment token, a second token code, and a second domain identifier, wherein the token received in the second authorization request message is the same as the payment token received in the first authorization request message;
  
  determining, by the token service system, that the second token code is associated with the payment token, wherein the second token code is different than the first token code, and wherein the second token code and the first token code are both associated with the same payment token;
  
  determining, by the token service system, that the payment token and the second token code are assigned to the second domain identifier, wherein the second code is different than the first token code, and wherein the second token code is specific to a second domain associated with the second domain identifier;
  
  identifying, by the token service system, the payment account number associated with the payment token;
  
  adding, by the token service system, the payment account number to the second authorization request message;
  
  sending, by the token service system, the second authorization request message to the authorizing entity computer;
  
  receiving, by the token service system, a second authorization response message including the payment account number from the authorizing entity computer;
  
  replacing, by the token service system, the payment account number with the payment token and the second token code in the authorization response message; and
  
  forwarding, by the token service system, the second authorization response message.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16 wherein the token service system comprises a token service computer and a transaction processing network computer.
  - 18. The method of claim 16, wherein the first domain is different than the second domain.
  - 19. The method of claim 18, wherein the first domain includes e-commerce payment transactions and wherein the second domain includes in-person payment transactions.
  - 20. The method of claim 16, wherein the authorizing entity computer is an issuer computer that issued a payment account associated with the payment account number.

21. A token service system comprising:
- a token service computer comprising a first processor and a first non-transitory computer readable medium, the first non-transitory computer readable medium comprising code, that when executed by the first processor to implement a method comprising;
  
  receiving a first payment account number request from a transaction processing network computer, the first payment account number request including a payment token, a first token code, and a first domain identifier;
  
  determining that the first token code is associated with the payment token;
  
  determining that the payment token and the first token code are assigned to the first domain identifier, wherein the first token code is specific to a first domain associated with the first domain identifier;
  
  identifying the payment account number associated with the payment token; and
  
  sending a first payment account number response including the payment account number to the transaction processing network computer; and
  
  receiving a second payment account number request from a transaction processing network computer, the second payment account number request including the payment token, a second token code, and a second domain identifier;
  
  determining that the second token code is associated with the payment token;
  
  determining that the payment token and the second token code are assigned to the second domain identifier, wherein the second code is different than the first token code, and wherein the second token code is specific to a second domain associated with the second domain identifier;
  
  identifying the payment account number associated with the payment token; and
  
  sending a second payment account number response including the payment account number to the transaction processing network computer; and
  
  a transaction processing network computer in communication with the token service computer, the transaction processing network computer comprising a second processor and a second non-transitory computer readable medium, the second non-transitory computer readable medium comprising code, that when executed by the second processor implementing a method comprising;
  
  receiving a first authorization request message for a first payment transaction, the first authorization request message including the payment token, the first token code, and the first domain identifier;
  
  sending the first payment account number request to the token service computer, the first payment account number request including the payment token, the first token code, and the first token requestor;
  
  receiving the first payment account number response including the payment account number associated with the payment token from the token service computer;
  
  adding the payment account number to the first authorization request message;
  
  sending the first authorization request message to an authorizing entity computer;
  
  receiving a first authorization response message including the payment account number from the authorizing entity computer;
  
  replacing the payment account number with the payment token and the first token code in the first authorization response message;
  
  forwarding the first authorization response message;
  
  receiving a second authorization request message for a second payment transaction, the second authorization request message including the payment token, the second token code, and the second domain identifier;
  
  sending the second payment account number request to the token service computer, the second payment account number request including the payment token, the second token code, and the second token requestor;
  
  receiving the second payment account number response including the payment account number associated with the payment token from the token service computer;
  
  adding the payment account number to the second authorization request message;
  
  sending the second authorization request message to an authorizing entity computer;
  
  receiving a second authorization response message including the payment account number from the authorizing entity computer;
  
  replacing the payment account number with the payment token and the second token code in the second authorization response message; and
  
  forwarding the second authorization response message.
- View Dependent Claims (22, 23, 24)
- - 22. The token service system of claim 21, wherein the first token code is a first hexadecimal value and the second token code is a second hexadecimal value.
  - 23. The token service system of claim 21, wherein the first domain is different than the second domain.
  - 24. The token service system of claim 23, wherein the first domain includes e-commerce payment transactions and wherein the second domain includes in-person payment transactions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Kumnick, Phillip
Primary Examiner(s)
Gelagay, Shewaye
Assistant Examiner(s)
Johnson, Carlton

Application Number

US14/704,571
Publication Number

US 20150319158A1
Time in Patent Office

959 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/385   using an alias or single-us...

G06Q 20/4016   involving fraud or risk lev...

H04L 63/083   using passwords cryptograph...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/53   using third party service p...

System and method for token domain control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

534 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for token domain control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

534 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links