SECURE COMMUNICATION OF PAYMENT INFORMATION TO MERCHANTS USING A VERIFICATION TOKEN

US 20100327054A1
Filed: 09/09/2010
Published: 12/30/2010
Est. Priority Date: 05/15/2009
Status: Active Grant

First Claim

Patent Images

1. A verification token comprising:

a peripheral interface adapted to couple to a peripheral interface of a computer;

a reader adapted to read identification information from portable consumer devices;

a computer-readable medium;

a data processor electrically coupled to the peripheral interface of the verification token, the reader, and the computer-readable medium;

code embodied on the computer-readable medium that directs the data processor to receive identification information read from a portable consumer device by the reader;

code embodied on the computer-readable medium that directs the data processor to communicate with a computer by way of the apparatus'"'"' peripheral interface and to access to a networking facility of the computer; and

code embodied on the computer-readable medium that directs the data processor to transmit at least a portion of identification information to a validation entity by way of the networking facility of the computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are apparatuses, systems, and methods pertaining to the secure communication of payment information from portable consumer devices, such as credit cards, to online merchants using verification tokens.

158 Citations

31 Claims

1. A verification token comprising:
- a peripheral interface adapted to couple to a peripheral interface of a computer;
  
  a reader adapted to read identification information from portable consumer devices;
  
  a computer-readable medium;
  
  a data processor electrically coupled to the peripheral interface of the verification token, the reader, and the computer-readable medium;
  
  code embodied on the computer-readable medium that directs the data processor to receive identification information read from a portable consumer device by the reader;
  
  code embodied on the computer-readable medium that directs the data processor to communicate with a computer by way of the apparatus'"'"' peripheral interface and to access to a networking facility of the computer; and
  
  code embodied on the computer-readable medium that directs the data processor to transmit at least a portion of identification information to a validation entity by way of the networking facility of the computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The verification token of claim 1, further comprising:
    - code embodied on the computer-readable medium that directs the data processor to obtain merchant identification information that identifies a merchant; and
      
      wherein the code that directs the data processor to transmit at least a portion of identification information to the validation entity further directs the data processor to transmit the obtained merchant identification information by way of the networking facility of the computer.
  - 3. The verification token of claim 2, wherein the code that directs the data processor to obtain merchant identification information that identifies a merchant comprises obtaining a network address of an entity presenting a web page on a browser window of the computer.
  - 4. The verification token of claim 1, wherein the identification information includes an account number of a portable consumer device and at least one of the following:
    - a digital fingerprint of a magnetic stripe of the portable consumer device, or a variable datum that varies each time the portable consumer device is read for its identification information.
  - 5. The verification token of claim 1, wherein the code that directs the data processor to transmit at least a portion of identification information to the validation entity comprising code embodied on the computer-readable medium that directs the data processor to establish a communication session with a validation entity using the networking facility of the computer.
  - 6. The verification token of claim 5, wherein the code that directs the data processor to establish a communications session with the entity using the networking facility of the computer comprises one or more function calls to an application program interface of a network services module of the computer, the one or more function calls providing a universal resource identifier of an entity and an instruction to establish a communications session with the entity, the universal resource identifier being stored in the computer-readable medium or read from the portable consumer device.
  - 7. The verification token of claim 6, wherein the communications session is established before the data processor reads device data from the reader.
  - 8. The verification token of claim 6, further comprising code that directs the data processor to select one of a number of universal resource identifiers stored in the token based on a bank number provided in the read identification information or embedded in the account number of the read identification information.
  - 9. The verification token of claim 1 wherein the reader is further adapted to read a uniform resource identifier to the validation entity from the portable consumer device;
    - andwherein the code that directs the data processor to receive identification information read from the portable consumer device by the reader further directs the data processor to receive the uniform resource identifier; and
      
      wherein the code that directs the data processor to transmit at least a portion of identification information to the validation entity by way of the networking facility of the computer further directs the data processor to transmit the at least a portion of the identification information to the uniform resource identifier.
  - 10. The verification token of claim 1, further comprising code that directs the processor to encrypt the at least a portion of the identification information prior to transmitting it to the validation entity.
  - 11. The verification token of claim 1 further comprising a serial number and an encryption key, and wherein the verification token transmits the serial number and a message encrypted by the encryption key to the entity, the serial number and the encryption key being uniquely assigned to the verification token.
  - 12. The verification token of claim 1, further comprising:
    - code embodied on the computer-readable medium that directs the data processor to prompt a user to enter a password on a keyboard of the computer, to read a password entered by the user, and to compare the entered password against a stored password embodied on the computer-readable medium; and
      
      code embodied on the computer-readable medium that directs the data processor to prevent identification information from at least being read or sent when the read password is not the same as the stored password.
  - 13. The verification token of claim 1, further comprising:
    - code embodied on the computer-readable medium that directs the data processor to receive, after transmitting said identification information, a device verification value from the entity by way of the networking facility of the computer.

14. A method comprising:
- establishing a communication link between a verification token and a computer, the computer having a networking facility, an Internet browser, and a display having a merchant web page of a merchant displayed thereon by the Internet browser;
  
  reading identification information from a portable consumer device into the verification token;
  
  transmitting, using the networking facility of the computer, at least a portion of the read identification information from the verification token to an entity that can provide at least a portion of the read identification information to the merchant.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The method of claim 14, wherein transmitting the at least a portion of the read identification information comprises:
    - establishing a communication link between the verification token and the validation entity using the networking facility of the computer.
  - 16. The method of claim 14, further comprising obtaining a merchant identifier that identifies the merchant of the web page;
    - andtransmitting, using the networking facility of the computer, the obtained merchant identifier from the verification token to the entity that can provide at least a portion of the read identification information to the merchant.
  - 17. The method of claim 16, wherein obtaining a merchant identifier comprises displaying a dialog box on the computer'"'"'s display with a request for a user to enter the merchant identifier.
  - 18. The method of claim 16, wherein obtaining a merchant identifier comprises obtaining the universal resource locator of the merchant page and extracting the merchant identifier from the obtained universal resource locator.
  - 19. The method of claim 16, wherein obtaining a merchant identifier comprises reading a field on the merchant web page.
  - 20. The method of claim 14, further comprising:
    - obtaining a transaction identifier that identifies the transaction related to the merchant page; and
      
      transmitting, using the networking facility of the computer, the obtained transaction identifier from the verification token to the entity that can provide at least a portion of the read identification information to the merchant.
  - 21. The method of claim 20, wherein the transaction identifier comprises an IP address assigned to the computer.
  - 22. The method of claim 14, further comprising:
    - encrypting, in the verification token, at least a portion of the identification information read from the portable consumer device.
  - 23. The method of claim 14 further comprising:
    - prompting a user to enter a password into the computer;
      
      reading a password entered by the user;
      
      comparing the entered password against a password stored in the verification token; and
      
      preventing identification information from at least being read or sent when the read password is not the same as the stored password.
  - 24. The method of claim 14 further comprising:
    - transmitting from the verification token to the entity through the networking facility of the computer a serial number stored in the verification token and a message encrypted by an encryption key stored in the verification token, the serial number and the encryption key being uniquely assigned to the verification token.
  - 25. The method of claim 14 further comprising:
    - after transmitting the at least a portion of the read identification information, receiving, at the verification token, a device verification value from the entity by way of the networking facility of the computer.
  - 26. The method of claim 25 further comprising at least one of the actions of:
    - displaying the device verification value received from the entity to the user on a display of the computer; and
      
      locating a browser web page on the computer that has a form field for a device verification value, and entering the device verification value received from the entity in the form field.

27. A method comprising:
- coupling a verification token to a first computer using a peripheral interface of the first computer, the first computer having a networking facility and a display, the verification token comprising a peripheral interface adapted to couple to the peripheral interface of the first computer, a reader adapted to read identification information from portable consumer devices, a computer-readable medium, and a data processor, the verification token being configured to read identification information of a portable consumer device using the reader and to send at least a portion of the read identification information to a validation entity using the networking facility of the first computer;
  
  displaying a merchant web page on the first computer'"'"'s display, the merchant web page being provided by a second computer; and
  
  presenting a portable consumer device to the reader of the verification token to send identification information contained in the portable consumer device to the merchant via the validation entity, wherein the validation entity is different from the first and second computers.
- View Dependent Claims (28, 29, 30)
- - 28. The method of claim 27 further comprising:
    - providing a merchant identifier to the verification token by way of a dialog box presented on the first computer'"'"'s display.
  - 29. The method of claim 27 further comprising:
    - providing a transaction identifier to the verification token by way of a dialog box presented on the first computer'"'"'s display.
  - 30. The method of claim 27 further comprising:
    - providing a password to the verification token by way of a dialog box presented on the first computer'"'"'s display.

31-81. -81. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Hammad, Ayman

Granted Patent

US 8,893,967 B2
Time in Patent Office

Days
Field of Search
US Class Current

235/375
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/42   using separate channels for...

G06Q 20/105   involving programming of a ...

G06Q 20/12   specially adapted for elect...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/3255   using mobile network messag...

G06Q 20/382   insuring higher security of...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 20/4016   involving fraud or risk lev...

G06Q 20/4018   using the card verification...

G06Q 20/425   using two different network...

SECURE COMMUNICATION OF PAYMENT INFORMATION TO MERCHANTS USING A VERIFICATION TOKEN

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

158 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE COMMUNICATION OF PAYMENT INFORMATION TO MERCHANTS USING A VERIFICATION TOKEN

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

158 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links