Back end of payment system associated with financial transactions using card readers coupled to mobile devices

US 9,916,581 B2
Filed: 11/17/2011
Issued: 03/13/2018
Est. Priority Date: 02/05/2002
Status: Active Grant

First Claim

Patent Images

1. A system for reconstructing a packet that includes financial transaction card information, comprising:

a card reader with a read head, a slot for swiping a card, device electronics that include wake-up electronics, and a microcontroller with logic resources and code, the card reader adapted to be coupled to a mobile device, the code including a unique identifier and a cryptographic key, the cryptographic key having been calculated at a payment processing server from a combination of a master secret and the unique identifier, and the card reader configured to;

detect a swipe of a financial transaction card;

upon detecting the swipe of the financial transaction card, the wake-up electronics signal the microcontroller to put the device electronics into an active mode from a sleep mode;

receive, by the card reader, financial transaction data from the card;

encrypt, by the card reader, the financial transaction data using the cryptographic key, to generate encrypted financial transaction data;

generate, by the card reader, a packet including the unique identifier stored in the card reader and the encrypted financial transaction data, wherein the unique identifier is not encrypted; and

transmit the packet from the card reader to a mobile device;

the mobile device configured to;

receive the packet from the card reader; and

transmit the packet to a payment processing server; and

the payment processing server configured to;

receive, by the payment processing server, the packet from the mobile device, the packet including the unique identifier provided by the card reader and the encrypted financial transaction data;

derive, by the payment processing server, the cryptographic key associated with the card reader using the master secret and the unique identifier included in the packet received from the mobile device, wherein the master secret is stored in the payment processing server and not transmitted from the payment processing server;

decrypt, by the payment processing server using the cryptographic key calculated by the payment processing server, the encrypted financial transaction data of the packet to produce non-encrypted financial card information; and

send, by the payment processing server, the non-encrypted financial card information to a payment gateway.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of reconstructing a packet that includes financial card information from a mobile device uses a card reader. The card reader has a read head, a slot for swiping a magnetic stripe of a card and device electronics that includes a microcontroller with logic resources with code. The card reader has a unique identifier and associated cryptographic key. The same code is used to produce an encrypted and signed signal. The encrypted and signed signal, that includes the card reader identifier, is sent to the mobile device. The mobile device sends an encrypted and signed packet to a back end of a payment system. A cryptographic key is used to decrypt and verify the contents of the packet at the back end. Non-encrypted financial card information is sent to a payment gateway.

Citations

11 Claims

1. A system for reconstructing a packet that includes financial transaction card information, comprising:
- a card reader with a read head, a slot for swiping a card, device electronics that include wake-up electronics, and a microcontroller with logic resources and code, the card reader adapted to be coupled to a mobile device, the code including a unique identifier and a cryptographic key, the cryptographic key having been calculated at a payment processing server from a combination of a master secret and the unique identifier, and the card reader configured to;
  
  detect a swipe of a financial transaction card;
  
  upon detecting the swipe of the financial transaction card, the wake-up electronics signal the microcontroller to put the device electronics into an active mode from a sleep mode;
  
  receive, by the card reader, financial transaction data from the card;
  
  encrypt, by the card reader, the financial transaction data using the cryptographic key, to generate encrypted financial transaction data;
  
  generate, by the card reader, a packet including the unique identifier stored in the card reader and the encrypted financial transaction data, wherein the unique identifier is not encrypted; and
  
  transmit the packet from the card reader to a mobile device;
  
  the mobile device configured to;
  
  receive the packet from the card reader; and
  
  transmit the packet to a payment processing server; and
  
  the payment processing server configured to;
  
  receive, by the payment processing server, the packet from the mobile device, the packet including the unique identifier provided by the card reader and the encrypted financial transaction data;
  
  derive, by the payment processing server, the cryptographic key associated with the card reader using the master secret and the unique identifier included in the packet received from the mobile device, wherein the master secret is stored in the payment processing server and not transmitted from the payment processing server;
  
  decrypt, by the payment processing server using the cryptographic key calculated by the payment processing server, the encrypted financial transaction data of the packet to produce non-encrypted financial card information; and
  
  send, by the payment processing server, the non-encrypted financial card information to a payment gateway.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the packet can contain a signature that can be used to verify that the data has not been modified.
  - 3. The system of claim 1, wherein the microcontroller is configured to recalculate a bit period in real time to capture variable-speed swipes.
  - 4. The system of claim 1, wherein the microcontroller is configured to parse and error-check card data.
  - 5. The system of claim 1, wherein the microcontroller is configured to run periodic checksums on the code and memory.
  - 6. The system of claim 1, wherein the microcontroller is configured to use thresholds to filter out erroneous data and/or false edges.
  - 7. The system of claim 1, wherein the card reader includes an analog to digital front end coupled to the microcontroller, the analog to digital front end being coupled to a processing element in the microcontroller.
  - 8. The system of claim 1, wherein the microcontroller is configured to produce an output jack signal at a frequency such that the output jack signal is recognized as an alternating current signal at the mobile device.
  - 9. The system of claim 1, wherein the microcontroller is configured to produce an output jack signal at a frequency of 2 kHz to 48kHz.
  - 10. The system of claim 1, wherein the microcontroller is configured to capture card readings that are swept at a rate of 5 inches to 50 inches per second.
  - 11. The system of claim 1, wherein a front end of the card reader includes an amplifier/filter, a differentiator, a comparator and the wake-up electronics.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Block, Inc. (f/k/a Square, Inc.)
Original Assignee
Square Inc (Block, Inc. (f/k/a Square, Inc.))
Inventors
Dorsey, Jack, McCauley, Nathan P., Cummins, Justin Phillip, Monica, Diogo, Quigley, Oliver Samuel Curran, McKelvey, James M.
Primary Examiner(s)
Obeid, Mamon
Assistant Examiner(s)
Martinez-Hernandez, Edgar R

Application Number

US13/298,564
Publication Number

US 20120130903A1
Time in Patent Office

2,308 Days
Field of Search

705 44, 705 39, 705 2641, 705 16, 705325, 705 72, 705 1464, 705 67, 705 71, 235380, 235449, 455410, 709217
US Class Current
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/347   Passive cards

G06Q 20/3829   involving key management

G06Q 30/06   Buying, selling or leasing ...

G06Q 40/02   Banking, e.g. interest calc...

G07F 7/0886   the card reader being porta...

Back end of payment system associated with financial transactions using card readers coupled to mobile devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Back end of payment system associated with financial transactions using card readers coupled to mobile devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links