Transaction messaging

US 10,769,628 B2
Filed: 04/24/2017
Issued: 09/08/2020
Est. Priority Date: 10/24/2014
Status: Active Grant

First Claim

Patent Images

1. A method of processing a transaction message, wherein the transaction message conforms to an EMV standard in which the transaction message includes a first data field configured to hold a device identifier, a second data field configured to hold supplementary data, a third data field, and a fourth data field configured to hold data associated with a transaction, the method comprising:

receiving, by a transaction processing server, the transaction message from a first part of a transaction processing system, the transaction message comprising a temporary transaction device identifier in the first data field, an encrypted transaction device identifier in the second data field, an ephemeral public key P_Din the third data field, and transaction data in the fourth data field;

generating, by the transaction processing server, a shared secret S using a private key d_sof the transaction processing server and the ephemeral public key P_Din the third data field;

decrypting, by the transaction processing server, the encrypted transaction device identifier in the second data field using the shared secret S to generate a transaction device identifier associated with a transaction device;

retrieving, by the transaction processing server, a hashing key K associated with the transaction device using the transaction device identifier;

calculating, by the transaction processing server, a hash value h′

of a concatenation of the transaction device identifier and the transaction data using the hashing key K;

generating, by the transaction processing server, a server generated ephemeral public key P′

_Dusing the hash value h′

;

validating, by the transaction processing server, the transaction data by comparing the server generated ephemeral public key P′

_Dwith the ephemeral public key P_Din the third data field; and

processing, by the transaction processing server, the transaction message using the transaction device identifier instead of the temporary transaction device identifier in the first data field.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is described a method for transmitting a transaction message from a transaction device having a transaction device identifier. The method involves encrypting, at a transaction device, a transaction device identifier, generating, at the transaction device, a transaction message for a transaction system, the transaction message comprising, at least, a first data field configured to hold a transaction device identifier and a second data field configured to hold supplementary data, and sending the transaction message to a transaction processing system. The generation of the transaction message comprises providing data in the first data field of the transaction message that does not identify the transaction device and providing the encrypted transaction device identifier in the second data field of the transaction message.

600 Citations

18 Claims

1. A method of processing a transaction message, wherein the transaction message conforms to an EMV standard in which the transaction message includes a first data field configured to hold a device identifier, a second data field configured to hold supplementary data, a third data field, and a fourth data field configured to hold data associated with a transaction, the method comprising:
- receiving, by a transaction processing server, the transaction message from a first part of a transaction processing system, the transaction message comprising a temporary transaction device identifier in the first data field, an encrypted transaction device identifier in the second data field, an ephemeral public key P_Din the third data field, and transaction data in the fourth data field;
  
  generating, by the transaction processing server, a shared secret S using a private key d_sof the transaction processing server and the ephemeral public key P_Din the third data field;
  
  decrypting, by the transaction processing server, the encrypted transaction device identifier in the second data field using the shared secret S to generate a transaction device identifier associated with a transaction device;
  
  retrieving, by the transaction processing server, a hashing key K associated with the transaction device using the transaction device identifier;
  
  calculating, by the transaction processing server, a hash value h′
  
  of a concatenation of the transaction device identifier and the transaction data using the hashing key K;
  
  generating, by the transaction processing server, a server generated ephemeral public key P′
  
  _Dusing the hash value h′
  
  ;
  
  validating, by the transaction processing server, the transaction data by comparing the server generated ephemeral public key P′
  
  _Dwith the ephemeral public key P_Din the third data field; and
  
  processing, by the transaction processing server, the transaction message using the transaction device identifier instead of the temporary transaction device identifier in the first data field.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the processing comprises sending a modified transaction message with the temporary transaction device identifier in the first data field replaced by the transaction device identifier to a second part of the transaction processing system.
  - 3. The method of claim 2, further comprising storing an association between the temporary transaction device identifier in the first data field and the transaction device identifier.
  - 4. The method of claim 3, further comprising:
    - receiving a response message from the second part of the transaction processing system, the response message comprising a data field configured to hold a device identifier, the data field comprising the transaction device identifier;
      
      modifying the response message to replace the transaction device identifier with the temporary transaction device identifier in the first data field; and
      
      sending the modified response message to the first part of the transaction processing system.
  - 5. The method of claim 1, wherein the transaction message comprises a fifth data field configured to hold further transaction data, and the method further comprises verifying the further transaction data using the ephemeral public key P_Din the third data field.
  - 6. The method of claim 1, wherein the transaction message comprises a fifth data field configured to hold further transaction data, and wherein the further transaction data is used in decryption of the encrypted transaction device identifier.
  - 7. The method of claim 5, wherein a value uniquely associated with the transaction device identifier is used in verifying the further transaction data.
  - 8. The method of claim 1, wherein the transaction device identifier comprises data indicative of a primary account number of a financial instrument.
  - 9. The method of claim 1, wherein the temporary transaction device identifier is based on a random or pseudo-random number.

10. A computer system for processing a transaction message, wherein the transaction message conforms to an EMV standard in which the transaction message includes a first data field configured to hold a device identifier, a second data field configured to hold supplementary data, a third data field, and a fourth data field configured to hold data associated with a transaction, the computer system comprising:
- a processor; and
  
  a memory storing computer readable code, which when executed by the processor, causes the computer system to perform operations including;
  
  receiving the transaction message from a first part of a transaction processing system, the transaction message comprising a temporary transaction device identifier in the first data field, an encrypted transaction device identifier in the second data field, an ephemeral public key P_Din the third data field, and transaction data in the fourth data field;
  
  generating a shared secret S using a private key d_sof the computer system and the ephemeral public key P_Din the third data field;
  
  decrypting the encrypted transaction device identifier in the second data field using the shared secret S to generate a transaction device identifier associated with a transaction device;
  
  retrieving a hashing key K associated with the transaction device using the transaction device identifier;
  
  calculating a hash value h′
  
  of a concatenation of the transaction device identifier and the transaction data using the hashing key K;
  
  generating a system generated ephemeral public key P′
  
  _Dusing the hash value h′
  
  ;
  
  validating the transaction data by comparing the system generated ephemeral public key P′
  
  _Dwith the ephemeral public key P_Din the third data field; and
  
  processing the transaction message using the transaction device identifier instead of the temporary transaction device identifier in the first data field.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer system of claim 10, wherein the processing comprises sending a modified transaction message with the temporary transaction device identifier in the first data field replaced by the transaction device identifier to a second part of the transaction processing system.
  - 12. The computer system of claim 11, wherein the operations further include storing an association between the temporary transaction device identifier in the first data field and the transaction device identifier.
  - 13. The computer system of claim 12, wherein the operations further include:
    - receiving a response message from the second part of the transaction processing system, the response message comprising a data field configured to hold a device identifier, the data field comprising the transaction device identifier;
      
      modifying the response message to replace the transaction device identifier with the temporary transaction device identifier in the first data field; and
      
      sending the modified response message to the first part of the transaction processing system.
  - 14. The computer system of claim 10, wherein the transaction message comprises a fifth data field configured to hold further transaction data, and the operations further include verifying the further transaction data using the ephemeral public key P_Din the third data field.
  - 15. The computer system of claim 10, wherein the transaction message comprises a fifth data field configured to hold further transaction data, and wherein the further transaction data is used in decryption of the encrypted transaction device identifier.
  - 16. The computer system of claim 15, wherein a value uniquely associated with the transaction device identifier is used in verifying the further transaction data.
  - 17. The computer system of claim 10, wherein the transaction device identifier comprises data indicative of a primary account number of a financial instrument.
  - 18. The computer system of claim 10, wherein the temporary transaction device identifier is based on a random or pseudo-random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa Europe Limited (Visa, Inc.)
Original Assignee
Visa Europe Limited (Visa, Inc.)
Inventors
Sullivan, Brian
Primary Examiner(s)
Obeid, Mamon
Assistant Examiner(s)
Xiao, Zesheng

Application Number

US15/495,249
Publication Number

US 20170228728A1
Time in Patent Office

1,233 Days
Field of Search

705 71
US Class Current
CPC Class Codes

G06Q 20/3227   using secure elements embed...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/401   Transaction verification

Transaction messaging

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

600 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Transaction messaging

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

600 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links