In-Card Access Control and Monotonic Counters for Offline Payment Processing System

US 20130226791A1
Filed: 02/29/2012
Published: 08/29/2013
Est. Priority Date: 02/29/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for verifying a withdrawal transaction history for a smart card device, comprising:

detecting a smart card device by a mobile communication device;

establishing, by the mobile communication device, a communication channel with the smart card device in response to detecting the smart card device;

receiving, by the mobile communication device, counter information from the smart card device, the counter information comprising a value corresponding to a sum of previous withdrawals using the smart card device, wherein the value is increased each time the smart card device is used for a withdrawal transaction;

receiving, by the mobile communication device, a transaction history from the smart card device, the transaction history comprising information regarding at least one previous withdrawal record associated with the smart card device;

calculating, by the mobile communication device, a record sum of withdrawals based on the information regarding the at least one previous withdrawal record, the record sum of withdrawals equaling a total amount of withdrawals in previous withdrawal records;

determining, by the mobile communication device, whether the value in the counter information matches the record sum of withdrawals; and

authorizing, by the mobile communication device, a transaction with the smart card device based on a determination that the value in the counter information matches the record sum of withdrawals.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Preventing fraud during an offline transaction by encoding a randomly-generated card verification code onto a smart card. The verification code is transmitted to a contactless device during each transaction, wherein it is cross-referenced with the account number to ensure presence of the card. Also, every transaction record is signed by an access key resident on the contactless device and certified by a signing key resident on a remote system. Funds may be deposited onto the card when the contactless device creates a deposit request, signs the request using an access key and transmits it to the remote system, which in turn processes the request and certifies it with a signing key. Funds may be withdrawn when the contactless device creates a withdrawal record and signs it using an access key. The remote system verifies the signatures and certifies the records using a signing key when the records are later transmitted.

173 Citations

23 Claims

1. A computer-implemented method for verifying a withdrawal transaction history for a smart card device, comprising:
- detecting a smart card device by a mobile communication device;
  
  establishing, by the mobile communication device, a communication channel with the smart card device in response to detecting the smart card device;
  
  receiving, by the mobile communication device, counter information from the smart card device, the counter information comprising a value corresponding to a sum of previous withdrawals using the smart card device, wherein the value is increased each time the smart card device is used for a withdrawal transaction;
  
  receiving, by the mobile communication device, a transaction history from the smart card device, the transaction history comprising information regarding at least one previous withdrawal record associated with the smart card device;
  
  calculating, by the mobile communication device, a record sum of withdrawals based on the information regarding the at least one previous withdrawal record, the record sum of withdrawals equaling a total amount of withdrawals in previous withdrawal records;
  
  determining, by the mobile communication device, whether the value in the counter information matches the record sum of withdrawals; and
  
  authorizing, by the mobile communication device, a transaction with the smart card device based on a determination that the value in the counter information matches the record sum of withdrawals.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented method of claim 1, wherein the counter comprises a total amount of withdrawal transactions.
  - 3. The computer-implemented method of claim 1, further comprising:
    - incrementing, by the mobile communication device, the counter, wherein the counter is incremented by an access key resident on the mobile communication device, and wherein the counter may only be incremented, not decremented.
  - 4. The computer-implemented method of claim 1, wherein the communication channel is established using a near field communication (NFC) protocol.
  - 5. The computer-implemented method of claim 1, wherein the mobile communication device is a mobile telephone.
  - 6. The computer-implemented method of claim 1, wherein the mobile communication device comprises a stand-alone card reader.
  - 7. The computer-implemented method of claim 1, wherein calculating the record sum of withdrawals comprises:
    - sorting withdrawal transactions in order of withdrawal from a previous withdrawal W(n−
      
      1) to a latest withdrawal W(n); and
      
      reviewing the latest withdrawal transaction to identify the current sum of withdrawals.
  - 8. The computer-implemented method of claim 1, wherein calculating the record sum of withdrawals comprises:
    - sorting withdrawal transactions in order of withdrawal from a previous withdrawal W(n−
      
      1) to a latest withdrawal W(n); and
      
      adding the latest withdrawal transaction to the previous withdrawal to identify the current sum of withdrawals.
  - 9. The computer-implemented method of claim 1, further comprising:
    - receiving, by the mobile communication device, a transaction history from the smart card device, the transaction history comprising information regarding at least one previous deposit record associated with the smart card device; and
      
      calculating, by the mobile communication device, a smart card balance, the smart card balance comprising a difference obtained by subtracting the record sum of withdrawals from a record sum of deposits, the record sum of deposits equaling a total amount of deposits in previous deposit records.
  - 10. The computer-implemented method of claim 1, further comprising:
    - processing, by the mobile communication device, an offline debit transaction to debit a transaction amount from the smart card device without a network connection to a remote computer management system that manages an account associated with the smart card device, the transaction amount being equal to or less than a balance of funds on the smart card device;
      
      transmitting, by the mobile communication device, a transaction record to the smart card device, the transaction record indicating the transaction amount debited from the smart card device; and
      
      storing, by the mobile communication device, the smart card identification information, the transaction history, and the transaction record.
  - 11. The computer-implemented method of claim 10, further comprising:
    - establishing, by the mobile communication device, a network connection with the remote computer management system; and
      
      transmitting, by the mobile communication device, the card identification information, the transaction history, and the transaction record to the remote computer management system via the network connection to update the account managed by the remote computer management system.

12. A computer program product, comprising:
- a non-transitory computer-readable medium having computer-readable program code embodied therein for verifying a withdrawal transaction history for a smart card device, the computer-readable medium comprising;
  
  computer-readable program code for receiving counter information from the smart card device, the counter information comprising a value corresponding to a sum of previous withdrawals using the smart card device, wherein the value is increased each time the smart card device is used for a withdrawal transaction;
  
  computer-readable program code for receiving a transaction history from the smart card device, the transaction history comprising information regarding at least one previous withdrawal record associated with the smart card device;
  
  computer-readable program code for calculating, a record sum of withdrawals based on the information regarding the at least one previous withdrawal record, the record sum of withdrawals equaling a total amount of withdrawals in previous withdrawal records;
  
  computer-readable program code for determining whether the value in the counter information matches the record sum of withdrawals; and
  
  computer-readable program code for authorizing a transaction with the smart card device based on a determination that the value in the counter information matches the record sum of withdrawals.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The computer program product of claim 12, further comprising:
    - computer-readable program code for incrementing the counter, wherein the counter is incremented by an access key resident on the mobile communication device, and wherein the counter may only be incremented, not decremented.
  - 14. The computer program product of claim 12, wherein calculating the record sum of withdrawals comprises:
    - computer-readable program code for sorting withdrawal transactions in order of withdrawal from a previous withdrawal W(n−
      
      1) to a latest withdrawal W(n); and
      
      computer-readable program code for reviewing the latest withdrawal transaction to identify the current sum of withdrawals.
  - 15. The computer program product of claim 12, wherein calculating the record sum of withdrawals comprises:
    - computer-readable program code for sorting withdrawal transactions in order of withdrawal from a previous withdrawal W(n−
      
      1) to a latest withdrawal W(n); and
      
      computer-readable program code for adding the latest withdrawal transaction to the previous withdrawal to identify the current sum of withdrawals.
  - 16. The computer program product of claim 12, further comprising:
    - computer-readable program code for receiving a transaction history from the smart card device, the transaction history comprising information regarding at least one previous deposit record associated with the smart card device; and
      
      computer-readable program code for calculating a smart card balance, the smart card balance comprising a difference obtained by subtracting the record sum of withdrawals from a record sum of deposits, the record sum of deposits equaling a total amount of deposits in previous deposit records.
  - 17. The computer program product of claim 12, further comprising:
    - computer-readable program code for processing an offline debit transaction to debit a transaction amount from the smart card device without a network connection to a remote computer management system that manages an account associated with the smart card device, the transaction amount being equal to or less than a balance of funds on the smart card device;
      
      computer-readable program code for transmitting a transaction record to the smart card device, the transaction record indicating the transaction amount debited from the smart card device; and
      
      computer-readable program code for storing the smart card identification information, the transaction history, and the transaction record.
  - 18. The computer program product of claim 17, further comprising:
    - computer-readable program code for establishing a network connection with the remote computer management system; and
      
      computer-readable program code for transmitting the card identification information, the transaction history, and the transaction record to the remote computer management system via the network connection to update the account managed by the remote computer management system.

19. A system for verifying a withdrawal transaction history for a smart card device, the system comprising:
- one or more information processing units for executing programs; and
  
  an engine executable on the one or more information processing units, the engine comprising;
  
  instructions for receiving counter information from the smart card device, the counter information comprising a value corresponding to a sum of previous withdrawals using the smart card device, wherein the value is increased each time the smart card device is used for a withdrawal transaction;
  
  instructions for receiving a transaction history from the smart card device, the transaction history comprising information regarding at least one previous withdrawal record associated with the smart card device;
  
  instructions for calculating a record sum of withdrawals based on the information regarding the at least one previous withdrawal record, the record sum of withdrawals equaling a total amount of withdrawals in previous withdrawal records;
  
  instructions for determining whether the value in the counter information matches the record sum of withdrawals; and
  
  instructions for authorizing a transaction with the smart card device based on a determination that the value in the counter information matches the record sum of withdrawals.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The system of claim 19, wherein the engine further comprises:
    - instructions for incrementing the counter, wherein the counter is incremented by an access key resident on the mobile communication device, and wherein the counter may only be incremented, not decremented.
  - 21. The system of claim 19, wherein the engine further comprises:
    - instructions for receiving a transaction history from the smart card device, the transaction history comprising information regarding at least one previous deposit record associated with the smart card device; and
      
      instructions for calculating a smart card balance, the smart card balance comprising a difference obtained by subtracting the record sum of withdrawals from a record sum of deposits, the record sum of deposits equaling a total amount of deposits in previous deposit records.
  - 22. The system of claim 19, wherein the engine further comprises:
    - instructions for processing an offline debit transaction to debit a transaction amount from the smart card device without a network connection to a remote computer management system that manages an account associated with the smart card device, the transaction amount being equal to or less than a balance of funds on the smart card device;
      
      instructions for transmitting a transaction record to the smart card device, the transaction record indicating the transaction amount debited from the smart card device; and
      
      instructions for storing the smart card identification information, the transaction history, and the transaction record.
  - 23. The system of claim 22, wherein the engine further comprises:
    - instructions for establishing a network connection with the remote computer management system; and
      
      instructions for transmitting the card identification information, the transaction history, and the transaction record to the remote computer management system via the network connection to update the account managed by the remote computer management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Springer, Michael William, PAYA, Ismail Cem, LISOWIEC, Malgorzata Monika, OKONKWO, Aneto Pablo, LEUNG, Patrick Pui Wah, JIANG, Fan

Granted Patent

US 8,898,088 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/41
CPC Class Codes

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/343   Cards including a counter

G06Q 20/353   Payments by cards read by M...

G06Q 20/367   involving electronic purses...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/4018   using the card verification...

G06Q 40/12   Accounting

H04B 5/77   for interrogation

In-Card Access Control and Monotonic Counters for Offline Payment Processing System

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

173 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

In-Card Access Control and Monotonic Counters for Offline Payment Processing System

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

173 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links