SYSTEM AND METHOD FOR TOKEN DOMAIN CONTROL

US 20150319158A1
Filed: 05/05/2015
Published: 11/05/2015
Est. Priority Date: 05/05/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a processor in a token service computer, a first token request from a first token requestor computer, wherein the first token request includes a value credential and a first domain identifier;

identifying, by the processor in the token service computer, a value token associated with the value credential;

generating, by the processor in the token service computer, a first token code associated with the value token;

assigning, by the processor in the token service computer, the value token and the first token code to the first domain identifier; and

providing, by the processor in the token service computer, the value token and the first token code to the first token requestor computer, wherein the first token requestor subsequently uses the value token for an interaction, wherein the first token requestor'"'"'s subsequent use of the value token is valid if the value token is accompanied by the first token code, and wherein the first token code is domain specific.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing a token code in conjunction with a value token is disclosed. The token code serves as a shared secret for authenticating the use of the value token. Multiple token holders can possess the same value token, but each token holder may have a different token code for use with the value token.

313 Citations

20 Claims

1. A method comprising:
- receiving, by a processor in a token service computer, a first token request from a first token requestor computer, wherein the first token request includes a value credential and a first domain identifier;
  
  identifying, by the processor in the token service computer, a value token associated with the value credential;
  
  generating, by the processor in the token service computer, a first token code associated with the value token;
  
  assigning, by the processor in the token service computer, the value token and the first token code to the first domain identifier; and
  
  providing, by the processor in the token service computer, the value token and the first token code to the first token requestor computer, wherein the first token requestor subsequently uses the value token for an interaction, wherein the first token requestor'"'"'s subsequent use of the value token is valid if the value token is accompanied by the first token code, and wherein the first token code is domain specific.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - receiving, by the processor in the token service computer, a second token request from a second token requestor computer, wherein the second token request includes the value credential and a second domain identifier;
      
      identifying, by the processor in the token service computer, the value token associated with the value credential;
      
      generating, by the processor in the token service computer, a second token code associated with the value token, wherein the second token code is different than the first token code;
      
      assigning, by the processor in the token service computer, the value token and the second token code to the second domain identifier; and
      
      providing, by the processor in the token service computer, the value token and the second token code to the second token requestor computer, wherein the second token requestor subsequently uses the value token for an interaction, wherein the second token requestor'"'"'s subsequent use of the value token is valid if the value token is accompanied by the second token code, and wherein the second token code is domain specific.
  - 3. The method of claim 2, wherein the first token code is a first hexadecimal value and the second token code is a second hexadecimal value.
  - 4. The method of claim 2, wherein the first token code is specific to a first domain, wherein the second token code is specific to a second domain, and wherein the first domain is different than the second domain.
  - 5. The method of claim 4, wherein the first domain includes e-commerce interactions and wherein the second domain includes in-person interactions.

6. A token service computer comprising:
- a processor; and
  
  a computer readable medium, the computer readable medium comprising code, executable by the processor, for implementing a method comprising;
  
  receiving a first token request from a first token requestor computer, wherein the first token request includes a value credential and a first domain identifier;
  
  identifying a value token associated with the value credential;
  
  generating a first token code associated with the value token;
  
  assigning the value token and the first token code to the first domain identifier; and
  
  providing the value token and the first token code to the first token requestor computer, wherein the first token requestor subsequently uses the value token for an interaction, wherein the first token requestor'"'"'s subsequent use of the value token is valid if the value token is accompanied by the first token code, and wherein the first token code is domain specific.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The token service computer of claim 6, wherein the method further comprises:
    - receiving a second token request from a second token requestor computer, wherein the second token request includes the value credential and a second domain identifier;
      
      identifying the value token associated with the value credential;
      
      generating a second token code associated with the value token, wherein the second token code is different than the first token code;
      
      assigning the value token and the second token code to the second domain identifier; and
      
      providing the value token and the second token code to the second token requestor computer, wherein the second token requestor subsequently uses the value token for an interaction, wherein the second token requestor'"'"'s subsequent use of the value token is valid if the value token is accompanied by the second token code, and wherein the first token code is domain specific.
  - 8. The token service computer of claim 7, wherein the first token code is a first hexadecimal value and the second token code is a second hexadecimal value.
  - 9. The token service computer of claim 7, wherein the first token code is specific to a first domain, wherein the second token code is specific to a second domain, and wherein the first domain is different than the second domain.
  - 10. The token service computer of claim 9, wherein the first domain includes e-commerce interactions and wherein the second domain includes in-person interactions.

11. A method comprising:
- receiving, by a token service system, a first authorization request message including a value token, a first token code, and a first domain identifier;
  
  determining, by the token service system, that the first token code is associated with the value token;
  
  determining, by the token service system, that the value token and the first token code are assigned to the first domain identifier, wherein the first token code is domain specific;
  
  identifying, by the token service system, a value credential associated with the value token;
  
  adding, by the token service system, the value credential to the first authorization request message;
  
  sending, by the token service system, the first authorization request message to an authorizing entity computer;
  
  receiving, by the token service system, a first authorization response message including the value credential from the authorizing entity computer;
  
  replacing, by the token service system, the value credential with the value token and the first token code in the first authorization response message; and
  
  forwarding, by the token service system, the first authorization response message.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, further comprising:
    - receiving, by the token service system, a second authorization request message including a value token, a second token code, and a second domain identifier;
      
      determining, by the token service system, that the second token code is associated with the value token;
      
      determining, by the token service system, that the value token and the second token code are assigned to the second domain identifier, wherein the second code is different than the first token code, and wherein the second token code is domain specific;
      
      identifying, by the token service system, a value credential associated with the value token;
      
      adding, by the token service system, the value credential to the second authorization request message;
      
      sending, by the token service system, the second authorization request message to the authorizing entity computer;
      
      receiving, by the token service system, a second authorization response message including the value credential from the authorizing entity computer;
      
      replacing, by the token service system, the value credential with the value token and the second token code in the authorization response message; and
      
      forwarding, by the token service system, the authorization response message.
  - 13. The method of claim 11 wherein the token service system comprises a token service computer and a transaction processing network computer.
  - 14. The method of claim 12, wherein the first token code is specific to a first domain, wherein the second token code is specific to a second domain, and wherein the first domain is different than the second domain.
  - 15. The method of claim 14, wherein the first domain includes e-commerce interactions and wherein the second domain includes in-person interactions.

16. A token service system comprising:
- a token service computer comprising a first processor and a first computer readable medium, the first computer readable medium comprising code, executable by the first processor to implement a method comprising;
  
  receiving a first value credential request from a transaction processing network computer, the first value credential request including a value token, a first token code, and a first domain identifier;
  
  determining that the first token code is associated with the value token;
  
  determining that the value token and the first token code are assigned to the first domain identifier, wherein the first token code is domain specific;
  
  identifying a value credential associated with the value token; and
  
  sending a first value credential response including the value credential to the transaction processing network computer; and
  
  a transaction processing network computer in communication with the token service computer, the transaction processing network computer comprising a second processor and a second computer readable medium, the second computer readable medium comprising code, executable by the second processor for implementing a method comprising;
  
  receiving a first authorization request message including the value token, the first token code, and the first domain identifier;
  
  sending the first value credential request to the token service computer, the first value credential request including the value token, the first token code, and the first token requestor;
  
  receiving the first value credential response including the value credential associated with the value token from the token service computer;
  
  adding the value credential to the first authorization request message;
  
  sending the first authorization request message to an authorizing entity computer;
  
  receiving a first authorization response message including the value credential from the authorizing entity computer;
  
  replacing the value credential with the value token and the first token code in the first authorization response message; and
  
  forwarding the first authorization response message;
- View Dependent Claims (17, 18, 19, 20)
- - 17. The token service system of claim 16, wherein the method implemented by the first processor further comprises:
    - receiving a second value credential request from a transaction processing network computer, the second value credential request including the value token, a second token code, and a second domain identifier;
      
      determining that the second token code is associated with the value token;
      
      determining that the value token and the second token code are assigned to the second domain identifier, wherein the second code is different than the first token code, and wherein the second token code is domain specific;
      
      identifying the value credential associated with the value token; and
      
      sending a second value credential response including the value credential to the transaction processing network computer; and
      
      wherein the method implemented by the second processor further comprises;
      
      receiving a second authorization request message including the value token, the second token code, and the second domain identifier;
      
      sending the second value credential request to the token service computer, the second value credential request including the value token, the second token code, and the second token requestor;
      
      receiving the second value credential response including the value credential associated with the value token from the token service computer;
      
      adding the value credential to the second authorization request message;
      
      sending the second authorization request message to an authorizing entity computer;
      
      receiving a second authorization response message including the value credential from the authorizing entity computer;
      
      replacing the value credential with the value token and the second token code in the second authorization response message; and
      
      forwarding the second authorization response message.
  - 18. The token service system of claim 17, wherein the first token code is a first hexadecimal value and the second token code is a second hexadecimal value.
  - 19. The token service system of claim 17, wherein the first token code is specific to a first domain, wherein the second token code is specific to a second domain, and wherein the first domain is different than the second domain.
  - 20. The token service system of claim 19, wherein the first domain includes e-commerce interactions and wherein the second domain includes in-person interactions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Kumnick, Phillip

Granted Patent

US 9,848,052 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/385   using an alias or single-us...

G06Q 20/4016   involving fraud or risk lev...

H04L 63/083   using passwords cryptograph...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/53   using third party service p...

SYSTEM AND METHOD FOR TOKEN DOMAIN CONTROL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

313 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR TOKEN DOMAIN CONTROL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

313 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links