Dynamic alteration of track data

US 9,858,572 B2
Filed: 02/06/2014
Issued: 01/02/2018
Est. Priority Date: 02/06/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method to use discretionary data fields to secure transactions, comprising:

storing, by one or more computing devices, a payment account identifier that identifies a payment account associated with an account of a user that is issued by a payment processing system, the payment account identifier identifying the payment account and being arranged in a plurality of fields and comprising a discretionary data field;

receiving, by the one or more computing devices, a payment request in a communication from a merchant computing system, the payment request comprising a request for payment account information for a payment account to use to fund a payment transaction;

at a time after receiving the payment request, notifying, by the one or more computing devices, the payment processing system that a transaction is pending, the notifying being in a separate communication from the communication with the merchant computing system;

receiving, by the one or more computing devices, an authentication challenge from the payment processing system, the authentication challenge being communicated from the payment processing system upon receipt of the notification;

obtaining, by the one or more computing devices, the payment account identifier and a challenge response to the authentication challenge;

embedding, by the one or more computing devices, the challenge response in the discretionary data field associated with the payment account identifier; and

communicating, by the one or more computing devices, the payment account identifier including the discretionary data field having embedded therein the challenge response to the merchant computing system to be communicated from the merchant computing system to the payment processing system to authorize the payment transaction based on a match between the challenge response and a challenge response stored on the payment processing system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Using discretionary data fields to secure transactions comprises a payment system employing a server configured to associate a payment account of a user with a user computing device, the payment account comprising a payment account identifier that identifies the payment account, and establish a authentication challenge and an corresponding challenge response. The payment system receives a first payment authorization request originating from a merchant computing system comprising the payment account identifier, data associated with the payment account identifier, and a request to fund a transaction using the payment account, wherein the data associated with the payment account identifier comprises a challenge response provided by the user computing device located in a discretionary data field. The payment system compares the provided challenge response with the corresponding challenge response, and approves the transaction based on whether the provided challenge response and the corresponding challenge response match.

224 Citations

18 Claims

1. A computer-implemented method to use discretionary data fields to secure transactions, comprising:
- storing, by one or more computing devices, a payment account identifier that identifies a payment account associated with an account of a user that is issued by a payment processing system, the payment account identifier identifying the payment account and being arranged in a plurality of fields and comprising a discretionary data field;
  
  receiving, by the one or more computing devices, a payment request in a communication from a merchant computing system, the payment request comprising a request for payment account information for a payment account to use to fund a payment transaction;
  
  at a time after receiving the payment request, notifying, by the one or more computing devices, the payment processing system that a transaction is pending, the notifying being in a separate communication from the communication with the merchant computing system;
  
  receiving, by the one or more computing devices, an authentication challenge from the payment processing system, the authentication challenge being communicated from the payment processing system upon receipt of the notification;
  
  obtaining, by the one or more computing devices, the payment account identifier and a challenge response to the authentication challenge;
  
  embedding, by the one or more computing devices, the challenge response in the discretionary data field associated with the payment account identifier; and
  
  communicating, by the one or more computing devices, the payment account identifier including the discretionary data field having embedded therein the challenge response to the merchant computing system to be communicated from the merchant computing system to the payment processing system to authorize the payment transaction based on a match between the challenge response and a challenge response stored on the payment processing system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein the receiving of the authentication challenge comprises identifying, by the one or more computing devices, the authentication challenge request stored on the one or more computing devices.
  - 3. The computer-implemented method of claim 2, wherein the challenge request stored on the one or more computing devices is provided by the payment processing system at a time before the receiving of the payment request.
  - 4. The computer-implemented method of claim 1, wherein the challenge response is received as an input for an operator interface associated with a user computing device.
  - 5. The computer-implemented method of claim 1, wherein the challenge response is received from a set of stored data on a user computing device.
  - 6. The computer-implemented method of claim 1, wherein the challenge response comprises location data of the one or more computing devices.
  - 7. The computer-implemented method of claim 1, wherein the challenge response comprises stored transaction data from a previous transaction.

8. A computer program product, comprising:
- a non-transitory computer-readable storage device having computer-executable program instructions embodied thereon that when executed by a computer cause the computer to use discretionary data fields to secure transactions, the computer-executable program instructions comprising;
  
  computer-executable program instructions to associate a payment account identifier that identifies a payment account associated with a user computing device, the payment account comprising a payment account identifier that identifies the payment account, the payment account identifier being arranged in a plurality of fields and comprising a discretionary data field;
  
  computer-executable program instructions to receive a communication from the user computing device that a transaction is being initiated;
  
  computer-executable program instructions to communicate an authentication challenge and a corresponding challenge response to the user computing device upon receiving the communication from the user computing device that the transaction is being initiated;
  
  computer-executable program instructions to receive a first payment authorization request originating from a merchant computing system, the first payment authorization request comprising the payment account identifier including the discretionary data field having embedded therein the challenge response and a request to fund a transaction using the payment account;
  
  computer-executable program instructions to compare the received challenge response with the corresponding challenge response; and
  
  computer-executable program instructions to reply to the merchant computing system with a responsive authorization state, wherein the responsive authorization state is determined based on the determination whether the provided challenge response and the corresponding challenge response match.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer program product of claim 8, further comprising:
    - computer-executable program instructions to receive a request for an authentication challenge from a user computing device to be associated with a pending transaction; and
      
      computer-executable program instructions to transmit the challenge request to the user computing device.
  - 10. The computer program product of claim 8, further comprising computer-executable program instructions to access a previous transaction associated with the payment account to determine the corresponding challenge response.
  - 11. The computer program product of claim 8, further comprising:
    - computer-executable program instructions to receive a location of the user computing device as the provided challenge response;
      
      computer-executable program instructions to access a database of merchant locations; and
      
      computer-executable program instructions to determine if the provided location of the user computing device matches an expected location based on an identity of the merchant in the transaction details.
  - 12. The computer program product of claim 8, wherein the authentication challenge is provided to the user computing device at a time before the transaction is initiated.
  - 13. The computer program product of claim 8, further comprising computer-executable program instructions to configure the corresponding challenge response to an authentication question based on an input from a user.

14. A system to select payment accounts to use discretionary data fields to secure transactions, comprising:
- a storage resource; and
  
  a processor communicatively coupled to the storage resource, wherein the processor executes application code instructions that are stored in the storage resource to cause the system to;
  
  associate a payment account identifier that identifies a payment account associated with a user computing device, the payment account comprising a payment account identifier that identifies the payment account, the payment account identifier being arranged in a plurality of fields and comprising a discretionary data field;
  
  receive a communication from the user computing device that a transaction is being initiated;
  
  communicate an authentication challenge and a corresponding challenge response to the user computing device upon receiving the communication from the user computing device that the transaction is being initiated;
  
  receive a first payment authorization request originating from a merchant computing system, the first payment authorization request comprising the payment account identifier including the discretionary data field having embedded therein the challenge response and a request to fund a transaction using the payment account;
  
  compare the received challenge response with the corresponding challenge response; and
  
  reply to the merchant computing system with a responsive authorization state, wherein the responsive authorization state is determined based on the determination whether the provided challenge response and the corresponding challenge response match.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system of claim 14, the processor executing further application code instructions that are stored in the storage device and that cause the system to access a previous transaction associated with the payment account to determine the corresponding challenge response.
  - 16. The system of claim 14, wherein the authentication challenge is provided to the user computing device at a time before the transaction is initiated.
  - 17. The system of claim 14, the processor executing further application code instructions that are stored in the storage device and that cause the system to configure the corresponding challenge response to an authentication question based on an input from a user.
  - 18. The system of claim 14, wherein the challenge response comprises location data of the one or more computing devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google LLC (Alphabet Inc.)
Inventors
Brickell, Justin Lee, Mahadevan, Swaminathan, Butler, IV, Harry Lee, Wieler, Bobby, Blanco, Ignacio Carlos
Primary Examiner(s)
HESS, DANIEL A

Application Number

US14/174,828
Publication Number

US 20150220925A1
Time in Patent Office

1,426 Days
Field of Search

235379, 235492, 235380
US Class Current
CPC Class Codes

G06Q 20/36 using electronic wallets or...

G06Q 20/4014 Identity check for transact...

Dynamic alteration of track data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

224 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Dynamic alteration of track data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

224 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others