Payment system for authorizing a transaction between a user device and a terminal
First Claim
1. A method for communicating in accordance with EMV transaction protocols between a user device and a point-of-sale terminal in a transaction, the method comprising:
- receiving, at the point-of-sale terminal from the user device comprising a payment application, an EMV application expiry date parameter associated with the payment application and including an expiration day, an expiration month, and an expiration year, an issuer action code, and a certificate having data stored within one or more data fields and a hash in one of the one or more data fields, the EMV application expiry date parameter not being in any data field in the certificate and the EMV application expiry date parameter repurposed to represent an expiration date of the certificate, and wherein the hash is generated by concatenating the EMV application expiry date parameter and at least some of the data stored within the one or more data fields of the certificate;
in response to the receiving the EMV application expiry date parameter and the certificate, concatenating data including the EMV application expiry date parameter and the at least some of the data stored within the one or more data fields of the certificate;
verifying, by the point-of-sale terminal, the hash, by performing a one-way mathematical operation including a SHA-1 hash algorithm on the concatenated data including the EMV application expiry date parameter and the at least some of the data stored within the one or more data fields of the certificate to form another hash, and comparing the hash and the another hash;
determining, by the point-of-sale terminal, that the EMV application expiry date parameter is not expired by comparing the EMV application expiry date parameter to a current date; and
in response to determining and verifying, authorizing, by the point-of-sale terminal, the transaction using the issuer action code.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. The payment application is associated with a certificate and a corresponding hash. The hash is adapted to be generated on the basis of an application expiration date parameter, which is adapted to comprise data indicative of an expiration date of day level granularity associated with the certificate. During processing of the EMV transaction, the point-of-sale terminal verifies the hash, thereby establishing the authenticity of the application expiration date, and hence the validity of the certificate.
13 Citations
21 Claims
-
1. A method for communicating in accordance with EMV transaction protocols between a user device and a point-of-sale terminal in a transaction, the method comprising:
-
receiving, at the point-of-sale terminal from the user device comprising a payment application, an EMV application expiry date parameter associated with the payment application and including an expiration day, an expiration month, and an expiration year, an issuer action code, and a certificate having data stored within one or more data fields and a hash in one of the one or more data fields, the EMV application expiry date parameter not being in any data field in the certificate and the EMV application expiry date parameter repurposed to represent an expiration date of the certificate, and wherein the hash is generated by concatenating the EMV application expiry date parameter and at least some of the data stored within the one or more data fields of the certificate; in response to the receiving the EMV application expiry date parameter and the certificate, concatenating data including the EMV application expiry date parameter and the at least some of the data stored within the one or more data fields of the certificate; verifying, by the point-of-sale terminal, the hash, by performing a one-way mathematical operation including a SHA-1 hash algorithm on the concatenated data including the EMV application expiry date parameter and the at least some of the data stored within the one or more data fields of the certificate to form another hash, and comparing the hash and the another hash; determining, by the point-of-sale terminal, that the EMV application expiry date parameter is not expired by comparing the EMV application expiry date parameter to a current date; and
in response to determining and verifying, authorizing, by the point-of-sale terminal, the transaction using the issuer action code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A point of sale terminal comprising:
-
a processor; and a computer readable medium, the computer readable medium comprising code, executable by the processor for performing a method for communicating in accordance with EMV transaction protocols in a transaction, the method comprising; receiving, from a user device comprising a payment application, an EMV application expiry date parameter associated with the payment application and including an expiration day, an expiration month, and an expiration year, an issuer action code, and a certificate having data stored within one or more data fields and a hash in one of the one or more data fields, the EMV application expiry date parameter not being in any data field in the certificate, and the EMV application expiry date parameter repurposed to represent an expiration date of the certificate, and wherein the hash is generated by concatenating the EMV application expiry date parameter and at least some of the data stored within the one or more data fields of the certificate; in response to the receiving the EMV application expiry date parameter and the certificate, concatenating data including the EMV application expiry date parameter and the at least some of the data stored within the one or more data fields of the certificate verifying, the hash, by performing a one-way mathematical operation including a SHA-1 hash algorithm on the concatenated data including the EMV application expiry date parameter and the at least some of the data stored within the one or more data fields of the certificate; determining that the EMV application expiry date parameter is not expired by comparing the EMV application expiry date parameter to a current date; and in response to determining, authorizing the transaction using the issuer action code, wherein the data stored within the one or more data fields of the certificate comprises a primary account number associated with the user device, a certificate serial number associated with the certificate, and a hash algorithm indicator that identifies the one-way mathematical operation. - View Dependent Claims (19, 20, 21)
-
Specification