Integration of payment capability into secure elements of computers

US 9,424,413 B2
Filed: 03/02/2012
Issued: 08/23/2016
Est. Priority Date: 02/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a secure element of a computer, a real account number and at least one of an expiration date, a card verification value, or a billing ZIP code of user-specific payment information, wherein the secure element is immune from being hacked by computer viruses installed on the computer, wherein the secure element comprises a processor, a memory coupled to the processor, and an input/output controller coupled to the processor, and wherein the memory stores a unique identifier identifying the secure element;

obtaining the unique identifier identifying the secure element from the memory of the secure element;

sending the received real account number, the received at least one of the expiration date, the card verification value, or the billing ZIP code, and the obtained unique identifier identifying the secure element to a validation entity server;

receiving, in response to sending the received real account number, the received at least one of the expiration date, the card verification value, or the billing ZIP code, and the obtained unique identifier identifying the secure element to the validation entity server, a pseudo account number from the validation entity server, the received pseudo account number being different from the real account number of the user-specific payment information and having the same form as the real account number; and

storing, in the memory of the secure element, the received pseudo account number, wherein the method further comprises;

encrypting, the unique identifier identifying the secure element using an encryption key stored in the secure element, prior to sending the obtained unique identifier to the validation entity server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, secure elements, validation entities, and computer program products for effecting secure communication of payment information to merchants for Internet-based purchases. Payment information for a user'"'"'s real payment information is installed in a secure element of a computer, the payment information may comprise a pseudo PAN number for the portable consumer device provided by a validation entity. The secure element is shielded from the computer'"'"'s operating system to thwart hacker attacks. The user accesses the secure element to make a purchase. In response, the secure element contacts the validation entity with the pseudo account number, and in response obtains dynamic payment information that the secure element can used to effect the payment. The dynamic payment information comprises an account number that is different from the pseudo PAN, and which has at least one difference which respect to the user'"'"'s real payment information.

626 Citations

23 Claims

1. A method comprising:
- receiving, at a secure element of a computer, a real account number and at least one of an expiration date, a card verification value, or a billing ZIP code of user-specific payment information, wherein the secure element is immune from being hacked by computer viruses installed on the computer, wherein the secure element comprises a processor, a memory coupled to the processor, and an input/output controller coupled to the processor, and wherein the memory stores a unique identifier identifying the secure element;
  
  obtaining the unique identifier identifying the secure element from the memory of the secure element;
  
  sending the received real account number, the received at least one of the expiration date, the card verification value, or the billing ZIP code, and the obtained unique identifier identifying the secure element to a validation entity server;
  
  receiving, in response to sending the received real account number, the received at least one of the expiration date, the card verification value, or the billing ZIP code, and the obtained unique identifier identifying the secure element to the validation entity server, a pseudo account number from the validation entity server, the received pseudo account number being different from the real account number of the user-specific payment information and having the same form as the real account number; and
  
  storing, in the memory of the secure element, the received pseudo account number, wherein the method further comprises;
  
  encrypting, the unique identifier identifying the secure element using an encryption key stored in the secure element, prior to sending the obtained unique identifier to the validation entity server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - sending, from the secure element of the computer, a representation of the pseudo account number to the validation entity server; and
      
      receiving, in response, dynamic payment information from the validation entity server, wherein the received dynamic payment information comprises a dynamic account number that is different from the pseudo account number.
  - 3. The method of claim 2, wherein sending the representation of the pseudo account number comprises sending the representation as a cryptogram based on the pseudo account number.
  - 4. The method of claim 2, wherein the computer is a phone.
  - 5. The method of claim 1 further comprising:
    - sending, by the computer, the pseudo account number to the validation entity server;
      
      receiving, by the computer and from the validation entity server, dynamic payment information; and
      
      providing, by the computer, the dynamic payment information to a merchant computer to conduct a payment transaction.
  - 6. The method of claim 1 further comprising:
    - sending, from the secure element of the computer, a representation of the pseudo account number to the validation entity server;
      
      receiving, in response, dynamic payment information from the validation entity server, wherein the received dynamic payment information comprises a dynamic account number that is different from the pseudo account number; and
      
      providing, by the computer, the dynamic payment information to a merchant Website to conduct a purchase transaction.
  - 7. The method of claim 6 wherein the computer comprises an additional processor, an additional memory storing a companion application, and an additional input/output controller outside of the secure element, and wherein the memory in the secure element stores a payment application.
  - 8. The method of claim 1 sending, from the secure element of the computer, a representation of the pseudo account number and a merchant identifier to the validation entity server, wherein the validation server thereafter sends the dynamic payment information from the validation entity server to a merchant server associated with the merchant identifier to conduct a transaction.

9. A computer comprising:
- a secure element comprising a data processor, wherein the secure element is immune from being hacked by computer viruses installed on the computer, wherein the secure element further comprises a memory coupled to the data processor, and an input/output controller coupled to the data processor, and wherein the memory stores a unique identifier identifying the secure element; and
  
  a computer program product coupled to the data processor, the computer program product embodied on a tangible non-transitory computer-readable medium comprising code executable the data processor of the secure element to implement a method comprisingdirecting, by the data processor to receive a real account number and at least one of an expiration date, a card verification value, or a billing ZIP code of user-specific payment information,directing the data processor to obtain the unique identifier identifying the secure element from the memory of the secure element,directing the data processor to send the received real account number, the received at least one of the expiration date, the card verification value, or the billing ZIP code, and the obtained unique identifier identifying the secure element to a validation entity server,directing the data processor to receive, in response to sending the received real account number, the received at least one of the expiration date, the card verification value, or the billing ZIP code, and the obtained unique identifier identifying the secure element to the validation entity server, a pseudo account number from the validation entity server, the received pseudo account number being different from the real account number of the user-specific payment information and having the same form as the real account number, anddirecting the data processor to store, in the memory of the secure element, the received pseudo account number, and wherein the method further comprisesdirecting the data processor to encrypt, the unique identifier identifying the secure element using an encryption key stored in the secure element, prior to sending the obtained unique identifier to the validation entity server.
- View Dependent Claims (10, 11)
- - 10. The computer of claim 9, wherein the method further comprises:
    - directing the data processor to send, from the secure element, a representation of the pseudo account number to the validation entity server; and
      
      directing the data processor to receive, in response, dynamic payment information from the validation entity server, wherein the received dynamic payment information comprises a dynamic account number that is different from the pseudo account number.
  - 11. The computer of claim 10, wherein directing the data processor to send the representation of the pseudo account number comprises directing the data processor to send the representation as a cryptogram based on the pseudo account number and the unique identifier identifying the secure element.

12. A method comprising:
- receiving, at a validation entity server, a request from a secure element of a computer to provide a pseudo account number, the request including a unique identifier identifying the secure element, and a real account number and at least one of an expiration date, a card verification value, or a billing ZIP code of an instance of user-specific payment information, wherein the secure element is immune from being hacked by computer viruses installed on the computer, wherein the secure element further comprises a data processor, a memory coupled to the data processor, and an input/output controller coupled to the data processor, and wherein the memory stores the unique identifier identifying the secure element;
  
  applying at least one validation test pertaining to the received request;
  
  sending, if the at least one validation test is passed, a pseudo account number to the secure element, wherein the pseudo account number has the same form as the real account number; and
  
  storing the pseudo account number with an indication of at least the received real account number,wherein the unique identifier identifying the secure element is encrypted using an encryption key stored in the secure element, prior to receiving the request.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, further comprising:
    - receiving, at the validation entity server, a request from the secure element of the computer to provide dynamic payment information, the request including the pseudo account number and the unique identifier identifying the secure element;
      
      applying at least one validation test pertaining to the received request; and
      
      sending, if the at least one validation test is passed, the dynamic payment information to the secure element.
  - 14. The method of claim 12, wherein the computer is a mobile phone.
  - 15. The method of claim 12, further comprising:
    - receiving, at the validation entity server, a request from the secure element of the computer to provide dynamic payment information, the request including the pseudo account number, the unique identifier identifying the secure element, and an identifier of a merchant;
      
      applying at least one validation test pertaining to the received request;
      
      sending, if the at least one validation test is passed, dynamic payment information to the secure element; and
      
      sending, if the at least one validation test is passed, said dynamic payment information and an indication of the identity of the merchant to a payment processing network.
  - 16. The method of claim 12, further comprising:
    - receiving, at the validation entity server, a request from a payment processing network to provide real payment information corresponding to an instance of dynamic payment information; and
      
      providing the requested real payment information to the payment processing network.
  - 17. The method of claim 12 further comprising:
    - receiving, the pseudo account number, by the validation entity server from the secure element; and
      
      after receiving the pseudo account number from the secure element, providing, by the validation entity server, dynamic payment information to the computer.

18. A validation entity server comprising:
- a data processor;
  
  a networking facility coupled to the processor;
  
  a computer-readable medium coupled to the processor; and
  
  a computer program product embodied on the computer-readable medium, the computer program product comprising code executable by the data processor to implement a method comprisingdirecting the data processor to receive a request from a secure element of a computer to provide a pseudo account number, the request including a unique identifier identifying the secure element, and a real account number and at least one of an expiration date, a card verification value, or a billing ZIP code of an instance of user-specific payment information, wherein the secure element is immune from being hacked by computer viruses installed on the computer, wherein the secure element further comprises a memory and an input/output controller coupled to the data processor, and wherein the memory stores the unique identifier identifying the secure element,directing the data processor to apply at least one validation test pertaining to the received request for a pseudo account number,directing the data processor to send, if the at least one validation test is passed, the pseudo account number to the secure element, wherein the pseudo account number has the same form as the real account number, anddirecting the data processor to store the pseudo account number with an indication of at least the received real account number,wherein in the method, the unique identifier identifying the secure element is encrypted using an encryption key stored in the secure element, prior to receiving the request.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The validation entity server of claim 18, wherein the method further comprises:
    - directing the data processor to receive a request from the secure element of the computer to provide dynamic payment information, the request including the pseudo account number and the unique identifier identifying the secure element;
      
      directing the data processor to apply at least one validation test pertaining to the received request for dynamic payment information; and
      
      directing the data processor to send, if the at least one validation test is passed, dynamic payment information to the secure element.
  - 20. The validation entity server of claim 19, wherein directing the data processor to apply at least one validation test pertaining to the received request for the pseudo account number comprises one or more of the following:
    - directing the data processor to compare the received identifier identifying the secure element against a database of valid identifiers to find a match;
      
      directing the data processor to compare the received identifier identifying the secure element against a database of identifiers of secure elements involved in prior fraudulent activity;
      
      ordirecting the data processor to access a database to obtain the record for the received pseudo account number, to obtain from the record the identifiers for all of the secure elements that have been previously associated with the received pseudo account number, and to compare the unique identifier identifying the secure element received in the request against each identifier in the accessed record for a match.
  - 21. The validation entity server of claim 18, wherein directing the data processor to apply at least one validation test pertaining to the received request for the pseudo account number comprises at least one of the following:
    - directing the data processor to compare the received unique identifier identifying the secure element against a database of valid identifiers to find a match; and
      
      directing the data processor to compare the received unique identifier identifying the secure element against a database of identifiers of secure elements involved in prior fraudulent activity.
  - 22. The validation entity server of claim 18, wherein directing the data processor to apply at least one validation test pertaining to the received request for the pseudo account number comprises:
    - directing the data processor to obtain the real payment information for the received account number from a database or the bank that issued the user-specific payment information; and
      
      directing the data processor to compare the received at least one of the expiration date, the card verification value, or the billing ZIP code to the real payment information for the received account number for a match.
  - 23. The validation entity server of claim 18, wherein directing the data processor to apply at least one validation test pertaining to the received request for the pseudo account number comprises:
    - directing the data processor to access a database to determine a limit on the number of secure elements that has been placed on the received real account number;
      
      directing the data processor to access a database to determine a current number of secure elements that has already been associated to the received real account number; and
      
      directing the data processor to compare the current number to the limit to determine if an additional association of a secure element would exceed the limit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Hammad, Ayman
Primary Examiner(s)
Lee, Michael G
Assistant Examiner(s)
TARDIF, DAVID P

Application Number

US13/411,400
Publication Number

US 20120226582A1
Time in Patent Office

1,635 Days
Field of Search

235/375
US Class Current

1/1
CPC Class Codes

G06F 16/2457   with adaptation to user needs

G06F 21/34   involving the use of extern...

G06F 2221/2129   Authenticate client device ...

G06Q 20/12   specially adapted for elect...

G06Q 20/227   characterised in that multi...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/42   Confirmation, e.g. check or...

G06Q 20/425   using two different network...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 63/126   the source of the received ...

H04L 63/1441   Countermeasures against mal...

H04L 9/14   using a plurality of keys o...

H04L 9/3234   involving additional secure...

Integration of payment capability into secure elements of computers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

626 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Integration of payment capability into secure elements of computers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

626 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links