System and method for token domain control
First Claim
Patent Images
1. A method comprising:
- receiving, by a processor in a token service computer, a first token request from a first token requestor computer, wherein the first token request includes a payment account number and a first domain identifier;
identifying, by the processor in the token service computer, a payment token associated with the payment account number;
generating, by the processor in the token service computer, a first token code associated with the payment token;
assigning, by the processor in the token service computer, the payment token and the first token code to the first domain identifier, such that the first token code is specific to a first domain associated with the first domain identifier;
providing, by the processor in the token service computer, the payment token and the first token code to the first token requestor computer, wherein the first token requestor subsequently uses the payment token in place of the payment account number for a first payment transaction, and wherein the first token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the first token code and used within the first domain;
receiving, by the processor in the token service computer, a second token request from a second token requestor computer, wherein the second token request includes the payment account number and a second domain identifier, wherein the payment account number received in the second token request is the same as the payment account number received in the first token request;
identifying, by the processor in the token service computer, the payment token associated with the payment account number;
generating, by the processor in the token service computer, a second token code associated with the payment token, wherein the second token code is different than the first token code, and wherein the second token code and the first token code are both associated with the same payment token;
assigning, by the processor in the token service computer, the payment token and the second token code to the second domain identifier, such that the second token code is specific to a second domain associated with the second domain identifier, wherein the first domain identifier is different than the second domain identifier, and wherein the first domain is different than the second domain; and
providing, by the processor in the token service computer, the payment token and the second token code to the second token requestor computer, wherein the second token requestor subsequently uses the payment token in place of the payment account number for a second payment transaction, wherein the second token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the second token code and used within the second domain.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for providing a token code in conjunction with a value token is disclosed. The token code serves as a shared secret for authenticating the use of the value token. Multiple token holders can possess the same value token, but each token holder may have a different token code for use with the value token.
534 Citations
24 Claims
-
1. A method comprising:
-
receiving, by a processor in a token service computer, a first token request from a first token requestor computer, wherein the first token request includes a payment account number and a first domain identifier; identifying, by the processor in the token service computer, a payment token associated with the payment account number; generating, by the processor in the token service computer, a first token code associated with the payment token; assigning, by the processor in the token service computer, the payment token and the first token code to the first domain identifier, such that the first token code is specific to a first domain associated with the first domain identifier; providing, by the processor in the token service computer, the payment token and the first token code to the first token requestor computer, wherein the first token requestor subsequently uses the payment token in place of the payment account number for a first payment transaction, and wherein the first token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the first token code and used within the first domain; receiving, by the processor in the token service computer, a second token request from a second token requestor computer, wherein the second token request includes the payment account number and a second domain identifier, wherein the payment account number received in the second token request is the same as the payment account number received in the first token request; identifying, by the processor in the token service computer, the payment token associated with the payment account number; generating, by the processor in the token service computer, a second token code associated with the payment token, wherein the second token code is different than the first token code, and wherein the second token code and the first token code are both associated with the same payment token; assigning, by the processor in the token service computer, the payment token and the second token code to the second domain identifier, such that the second token code is specific to a second domain associated with the second domain identifier, wherein the first domain identifier is different than the second domain identifier, and wherein the first domain is different than the second domain; and providing, by the processor in the token service computer, the payment token and the second token code to the second token requestor computer, wherein the second token requestor subsequently uses the payment token in place of the payment account number for a second payment transaction, wherein the second token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the second token code and used within the second domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A token service computer comprising:
-
a processor; and a non-transitory computer readable medium, the non-transitory computer readable medium comprising code, that when executed by the processor, implementing a method comprising; receiving a first token request from a first token requestor computer, wherein the first token request includes a payment account number and a first domain identifier; identifying a payment token associated with the payment account number; generating a first token code associated with the payment token; assigning the payment token and the first token code to the first domain identifier, such that the first token code is specific to a first domain associated with the first domain identifier; providing the payment token and the first token code to the first token requestor computer, wherein the first token requestor subsequently uses the payment token in place of the payment account number for a first payment transaction, wherein the first token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the first token code and used within the first domain; receiving a second token request from a second token requestor computer, wherein the second token request includes the payment account number and a second domain identifier, wherein the payment account number received in the second token request is the same as the payment account number received in the first token request; identifying the payment token associated with the payment account number; generating a second token code associated with the payment token, wherein the second token code is different than the first token code, and wherein the second token code and the first token code are both associated with the same payment token; assigning the payment token and the second token code to the second domain identifier, such that the second token code is specific to a second domain associated with the second domain identifier, wherein the first domain identifier is different than the second domain identifier, and wherein the first domain is different than the second domain; and providing the payment token and the second token code to the second token requestor computer, wherein the second token requestor subsequently uses the payment token in place of the payment account number for a second payment transaction, wherein the second token requestor'"'"'s subsequent use of the payment token is valid if the payment token is accompanied by the second token code and used within the second domain. - View Dependent Claims (14, 15)
-
-
16. A method comprising:
-
receiving, by a token service system, a first authorization request message for a first payment transaction, the first authorization request message including a payment token being used in place of a payment account number, a first token code, and a first domain identifier; determining, by the token service system, that the first token code is associated with the payment token; determining, by the token service system, that the payment token and the first token code are assigned to the first domain identifier, wherein the first token code is specific to a first domain associated with the first domain identifier; identifying, by the token service system, the payment account number associated with the payment token; adding, by the token service system, the payment account number to the first authorization request message; sending, by the token service system, the first authorization request message to an authorizing entity computer; receiving, by the token service system, a first authorization response message including the payment account number from the authorizing entity computer; replacing, by the token service system, the payment account number with the payment token and the first token code in the first authorization response message; forwarding, by the token service system, the first authorization response message; receiving, by the token service system, a second authorization request message for a second payment transaction, the second authorization request message including the payment token, a second token code, and a second domain identifier, wherein the token received in the second authorization request message is the same as the payment token received in the first authorization request message; determining, by the token service system, that the second token code is associated with the payment token, wherein the second token code is different than the first token code, and wherein the second token code and the first token code are both associated with the same payment token; determining, by the token service system, that the payment token and the second token code are assigned to the second domain identifier, wherein the second code is different than the first token code, and wherein the second token code is specific to a second domain associated with the second domain identifier; identifying, by the token service system, the payment account number associated with the payment token; adding, by the token service system, the payment account number to the second authorization request message; sending, by the token service system, the second authorization request message to the authorizing entity computer; receiving, by the token service system, a second authorization response message including the payment account number from the authorizing entity computer; replacing, by the token service system, the payment account number with the payment token and the second token code in the authorization response message; and forwarding, by the token service system, the second authorization response message. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A token service system comprising:
a token service computer comprising a first processor and a first non-transitory computer readable medium, the first non-transitory computer readable medium comprising code, that when executed by the first processor to implement a method comprising; receiving a first payment account number request from a transaction processing network computer, the first payment account number request including a payment token, a first token code, and a first domain identifier; determining that the first token code is associated with the payment token; determining that the payment token and the first token code are assigned to the first domain identifier, wherein the first token code is specific to a first domain associated with the first domain identifier; identifying the payment account number associated with the payment token; and sending a first payment account number response including the payment account number to the transaction processing network computer; and receiving a second payment account number request from a transaction processing network computer, the second payment account number request including the payment token, a second token code, and a second domain identifier; determining that the second token code is associated with the payment token; determining that the payment token and the second token code are assigned to the second domain identifier, wherein the second code is different than the first token code, and wherein the second token code is specific to a second domain associated with the second domain identifier; identifying the payment account number associated with the payment token; and sending a second payment account number response including the payment account number to the transaction processing network computer; and a transaction processing network computer in communication with the token service computer, the transaction processing network computer comprising a second processor and a second non-transitory computer readable medium, the second non-transitory computer readable medium comprising code, that when executed by the second processor implementing a method comprising; receiving a first authorization request message for a first payment transaction, the first authorization request message including the payment token, the first token code, and the first domain identifier; sending the first payment account number request to the token service computer, the first payment account number request including the payment token, the first token code, and the first token requestor; receiving the first payment account number response including the payment account number associated with the payment token from the token service computer; adding the payment account number to the first authorization request message; sending the first authorization request message to an authorizing entity computer; receiving a first authorization response message including the payment account number from the authorizing entity computer; replacing the payment account number with the payment token and the first token code in the first authorization response message; forwarding the first authorization response message; receiving a second authorization request message for a second payment transaction, the second authorization request message including the payment token, the second token code, and the second domain identifier; sending the second payment account number request to the token service computer, the second payment account number request including the payment token, the second token code, and the second token requestor; receiving the second payment account number response including the payment account number associated with the payment token from the token service computer; adding the payment account number to the second authorization request message; sending the second authorization request message to an authorizing entity computer; receiving a second authorization response message including the payment account number from the authorizing entity computer; replacing the payment account number with the payment token and the second token code in the second authorization response message; and forwarding the second authorization response message. - View Dependent Claims (22, 23, 24)
Specification