Multiple tokenization for authentication

US 9,280,765 B2
Filed: 04/10/2012
Issued: 03/08/2016
Est. Priority Date: 04/11/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving at a first entity computer operated by a first entity, a first token from a consumer;

determining, by the first entity computer, a second token associated with the first token; and

sending, by the first entity computer, the second token to a server computer at a second entity, wherein the server computer determines an account identifier associated with the second token and,wherein the method further comprises generating, by the first entity computer, an authorization request message comprising the second token; and

wherein sending the second token to the server computer at the second entity comprisessending, by the first entity computer, the authorization request message to the server computer at the second entity, wherein the server computer receives the authorization request message, determines the account identifier by electronically searching a database for an account identifier associated with the second token, modifies the authorization request message to include the account identifier, and sends the modified authorization request message to an account issuer computer to authorize the transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention are directed generally to systems, methods, and apparatuses for authenticating a cardholder using multiple tokenization authentication. Embodiments of the invention are directed at a method. The method includes receiving at a first entity a first token from a consumer and determining a second token associated with the first token. Once the second token is determined, the second token is sent to a server computer at a second entity. The server computer then determines an account identifier associated with the second token and processes a transaction using the account identifier.

655 Citations

26 Claims

1. A method comprising:
- receiving at a first entity computer operated by a first entity, a first token from a consumer;
  
  determining, by the first entity computer, a second token associated with the first token; and
  
  sending, by the first entity computer, the second token to a server computer at a second entity, wherein the server computer determines an account identifier associated with the second token and,wherein the method further comprises generating, by the first entity computer, an authorization request message comprising the second token; and
  
  wherein sending the second token to the server computer at the second entity comprisessending, by the first entity computer, the authorization request message to the server computer at the second entity, wherein the server computer receives the authorization request message, determines the account identifier by electronically searching a database for an account identifier associated with the second token, modifies the authorization request message to include the account identifier, and sends the modified authorization request message to an account issuer computer to authorize the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the first entity is a merchant and the second entity is an acquirer.
  - 3. The method of claim 1 wherein determining the second token associated with the first token further comprises generating the second token by altering information from the first token, wherein the second token is derived from a first entity identifier, and wherein the second entity uses the first entity identifier to determine the account identifier associated with the second token.
  - 4. The method of claim 3 wherein altering information from the first token further comprises using a predetermined algorithm to generate the second token, and wherein the second entity uses the first entity identifier to determine the predetermined algorithm, and wherein the second entity uses the predetermined algorithm to convert the second token into a recognizable value associated with the first token, and wherein the recognizable value associated with the first token is used by the server computer to electronically search the database for the account identifier.
  - 5. The method of claim 1 wherein determining the second token associated with the first token further comprises electronically searching a second token database for the second token associated with the first token, wherein the second token is derived from a first entity identifier, and wherein the second entity uses a predetermined algorithm to determine the account identifier associated with the second token.
  - 6. The method of claim 1 wherein the second token is in a format of a payment card number, wherein the format of the payment card number comprises a payment processing network indicator and a check sum digit.
  - 7. The method of claim 1 wherein the database is a first database and wherein determining the second token associated with the first token further comprises electronically searching a second database to determine the second token associated with the first token, wherein the second token was generated during consumer registration, and wherein the second token is not generated by altering data in the first token.
  - 8. The method of claim 7 wherein the first token includes information that is less sensitive than information of the second token.
  - 9. The method of claim 1 wherein the server computer is in a payment processing network.
  - 10. The method of claim 9 wherein the payment processing network is configured to process credit and debit card transactions.
  - 11. The method of claim 10 further comprising:
    - receiving an authorization response message from the account issuer computer.
  - 12. The method of claim 1 wherein the first entity computer includes a POS terminal.
  - 13. The method of claim 12 wherein the first token is an e-mail address.

14. An apparatus comprising:
- a processor and a non-transitory computer-readable storage medium coupled to the processor, the computer-readable storage medium comprising code executable by the processor for implementing a method comprising;
  
  receiving a first token from a consumer;
  
  determining a second token associated with the first token; and
  
  sending the second token to a server computer at a second entity, wherein the server computer determines an account identifier associated with the second token,wherein the method further comprises generating an authorization request message comprising the second token, and wherein sending the second token to the server computer at the second entity further comprisessending the authorization request message to the server computer at the second entity, wherein the server computer receives the authorization request message, determines the account identifier by electronically searching a database for an account identifier associated with the second token, modifies the authorization request message to include the account identifier, and sends the modified authorization request message to an account issuer computer to authorize the transaction.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14 wherein determining the second token associated with the first token further comprises generating the second token by altering information from the first token, wherein the second token is derived from a first entity identifier, and wherein the second entity uses the first entity identifier to determine the account identifier associated with the second token.
  - 16. The method of claim 14 wherein the database is a first database and wherein determining the second token associated with the first token further comprises electronically searching a second database to determine the second token associated with the first token, wherein the second token was generated during consumer registration, and wherein the second token is not generated by altering data in the first token.
  - 17. The apparatus of claim 14 wherein the first token includes information that is less sensitive than information of the second token.

18. A method comprising:
- receiving a second token at a second entity server computer operated by a second entity from a first entity computer operated by a first entity, wherein the second token is associated with a first token that is received by the first entity computer from a consumer;
  
  determining, by the second entity server computer, an account identifier associated with the second token; and
  
  processing, by the second entity server computer, a transaction using the account identifier,wherein receiving the second token further comprises receiving an authorization request message comprising the second token and wherein processing the transaction using the account identifier further comprises modifying, by the second entity server computer, the authorization request message to include the account identifier and sending the modified authorization request message to an account issuer computer to authorize the transaction.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The method of claim 18 wherein the first entity is a merchant and the second entity is an acquirer.
  - 20. The method of claim 18 wherein determining the account identifier associated with the second token further comprises:
    - determining a first entity identifier from the second token; and
      
      using the first entity identifier to determine the account identifier associated with the second token.
  - 21. The method of claim 20 wherein using the first entity identifier to determine the account identifier associated with the second token further comprises:
    - using the first entity identifier to electronically search for a corresponding predetermined algorithm;
      
      using the predetermined algorithm to convert the second token into a recognizable value associated with the first token, andsearching a consumer account database for the account identifier associated with the recognizable value associated with the first token.
  - 22. The method of claim 18 wherein the second token is in a format of a payment card number, wherein the format of the payment card number comprises a payment processing network indicator and a check sum digit.
  - 23. The method of claim 18 wherein the first token includes information that is less sensitive than information of the second token.

24. An apparatus comprising:
- a processor and a non-transitory computer-readable storage medium coupled to the processor, the computer-readable storage medium comprising code executable by the processor for implementing a method comprising;
  
  receiving a second token from a first entity computer operated by a first entity, wherein the second token is associated with a first token that is received by the first entity computer from a consumer;
  
  determining an account identifier associated with the second token; and
  
  processing a transaction using the account identifier,wherein receiving the second token further comprises receiving an authorization request message comprising the second token and wherein processing the transaction using the account identifier further comprises modifying the authorization request message to include the account identifier and sending the modified authorization request message to an account issuer computer to authorize the transaction.
- View Dependent Claims (25, 26)
- - 25. The apparatus of claim 24 wherein the method further comprises:
    - determining a first entity identifier from the second token; and
      
      using the first entity identifier to determine the account identifier associated with the second token, wherein using the first entity identifier to determine the account identifier associated with the second token further comprises;
      
      using the first entity identifier to electronically search for a corresponding predetermined algorithm;
      
      using the predetermined algorithm to convert the second token into a recognizable value associated with the first token, andsearching a consumer account database for the account identifier associated with the recognizable value associated with the first token.
  - 26. The apparatus of claim 24 wherein the first token includes information that is less sensitive than information of the second token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Hammad, Ayman
Primary Examiner(s)
Rankins, William

Application Number

US13/443,737
Publication Number

US 20120259782A1
Time in Patent Office

1,428 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 9/30196   using decoder, e.g. decoder...

G06F 9/3822   Parallel decoding, e.g. par...

G06Q 20/12   specially adapted for elect...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/405   Establishing or using trans...

H04L 9/32   including means for verifyi...

Multiple tokenization for authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

655 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple tokenization for authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

655 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links