Securing external systems with account token substitution
First Claim
Patent Images
1. A method comprising:
- receiving, by a tokenization server, a registration request message from a merchant computer;
assigning, by the tokenization server, a merchant verification value and a token derivation key to a merchant associated with the merchant computer;
storing, by the tokenization server, the token derivation key and the merchant verification value in a database;
receiving, by the tokenization server, an authorization request message for a transaction that includes an account identifier and the merchant verification value, wherein the authorization request message is sent by the merchant computer;
sending, by the tokenization server, the authorization request message to an issuer computer for authorization of the transaction;
receiving, by the tokenization server from the issuer computer, an authorization response message indicating whether the transaction has been authorized by the issuer computer;
retrieving, by the tokenization server, the token derivation key using the merchant verification value included in the authorization request message from the database;
generating, by the tokenization server, an account token using the token derivation key by encrypting the account identifier using the token derivation key;
inserting, by the tokenization server, the account token in the authorization response message received from the issuer computer; and
sending, by the tokenization server, the authorization response message including the account token to the merchant computer, wherein the token derivation key is available only to the tokenization server.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, apparatuses, and methods for providing an account token to an external entity during the lifecycle of a payment transaction. In some embodiments, an external entity may be a merchant computer requesting authorization of a payment message. In other embodiments, the external entity may be a support computer providing a payment processing network or a merchant support functions.
93 Citations
21 Claims
-
1. A method comprising:
-
receiving, by a tokenization server, a registration request message from a merchant computer; assigning, by the tokenization server, a merchant verification value and a token derivation key to a merchant associated with the merchant computer; storing, by the tokenization server, the token derivation key and the merchant verification value in a database; receiving, by the tokenization server, an authorization request message for a transaction that includes an account identifier and the merchant verification value, wherein the authorization request message is sent by the merchant computer; sending, by the tokenization server, the authorization request message to an issuer computer for authorization of the transaction; receiving, by the tokenization server from the issuer computer, an authorization response message indicating whether the transaction has been authorized by the issuer computer; retrieving, by the tokenization server, the token derivation key using the merchant verification value included in the authorization request message from the database; generating, by the tokenization server, an account token using the token derivation key by encrypting the account identifier using the token derivation key; inserting, by the tokenization server, the account token in the authorization response message received from the issuer computer; and sending, by the tokenization server, the authorization response message including the account token to the merchant computer, wherein the token derivation key is available only to the tokenization server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A server computer comprising:
-
a processor and a non-transitory computer-readable storage medium coupled to the processor, the computer readable storage medium comprising code that, when executed by the processor, causes the processor to perform a method comprising; receiving a registration request message from a merchant computer; assigning a merchant verification value and a token derivation key to a merchant associated with the merchant computer; storing the token derivation key and the merchant verification value in a database; receiving an authorization request message for a transaction that includes an account identifier and the merchant verification value, wherein the authorization request message is sent by the merchant computer; sending the authorization request message to an issuer computer for authorization of the transaction; receiving, from the issuer computer, an authorization response message indicating whether the transaction has been authorized by the issuer computer; retrieving the token derivation key using the merchant verification value included in the authorization request message from the database; generating an account token using the token derivation key by encrypting the account identifier using the token derivation key; inserting the account token in the authorization response message received from the issuer computer; and sending the authorization response message including the account token to the merchant computer, wherein the token derivation key is available only to the server computer. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A non-transitory computer readable medium storing computer instructions when executed by a processor of a server causes the processor to perform a method comprising:
-
receiving a registration request message from a merchant computer; assigning a merchant verification value and a token derivation key to a merchant associated with the merchant computer; storing the token derivation key and the merchant verification value in a database; receiving an authorization request message for a transaction that includes an account identifier and the merchant verification value, wherein the authorization request message is sent by the merchant computer; sending the authorization request message to an issuer computer for authorization of the transaction; receiving, from the issuer computer, an authorization response message indicating whether the transaction has been authorized by the issuer computer; retrieving the token derivation key using the merchant verification value included in the authorization request message from the database; generating an account token using the token derivation key by encrypting the account identifier using the token derivation key; inserting the account token in the authorization response message received from the issuer computer; and sending the authorization response message including the account token to the merchant computer, wherein the token derivation key is available only to the server.
-
Specification