Encryption switch processing

US 9,633,351 B2
Filed: 11/04/2010
Issued: 04/25/2017
Est. Priority Date: 11/05/2009
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a key database; and

a transaction processing server computer coupled to the key database, wherein the transaction processing server computer comprises a processor and a non-transitory computer readable medium coupled to the processor, the non-transitory computer readable medium comprising code executable by the processor for implementing a method comprising;

receiving from a terminal, an envelope associated with a transaction, wherein the envelope includes unencrypted transaction details, a token derived from a key associated with a terminal and an account identifier, and at least a first portion of the transaction details in an encrypted format, the at least first portion of the transaction details encrypted using the key associated with the terminal, wherein the envelope further includes a hashed message authentication code computed using the key and the at least first portion of the unencrypted transaction details;

retrieving the key associated with the terminal from the key database;

converting the token to the account identifier using the key;

verifying that the account identifier is associated with a valid account; and

conducting an audit on the transaction, the audit ensuring that the envelope has not been modified between the terminal and the transaction processing server computer, wherein the audit includes decrypting the at least first portion of the transaction details and comparing the decrypted at least first portion of the transaction details with the unencrypted transaction details in the envelope associated with the transaction, and recalculating the hashed message authentication code using the key and the at least first portion of the unencrypted transaction details and comparing the recalculated hashed message authentication code with the hashed message authentication code received in the envelope.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for eliminating the need for merchants and acquirers to conduct Payment Card Industry (“PCI”) security audit procedures are provided. Merchants and acquirers can eliminate the operating expenses associated with conducting audits to ensure compliance with PCI Data Security Standards (“DSS”), while at the same time ensuring that cardholders'"'"' data remains secure, thus protecting the cardholders from fraudulent transactions. System security is further enhanced through the use of per transaction audits, with the scope of the audit being directly between the Point of Sale (POS) terminal and the payment processing network. PCI DSS compliance can thus be assured on a per transaction basis, as opposed to only ensuring compliance generally for a merchant or acquirer on a periodic basis. Per transaction PCI DSS compliance is assured, while at the same time eliminating the need for merchants or acquirers to conduct compliance audits.

9 Citations

View as Search Results

16 Claims

1. A system comprising:
- a key database; and
  
  a transaction processing server computer coupled to the key database, wherein the transaction processing server computer comprises a processor and a non-transitory computer readable medium coupled to the processor, the non-transitory computer readable medium comprising code executable by the processor for implementing a method comprising;
  
  receiving from a terminal, an envelope associated with a transaction, wherein the envelope includes unencrypted transaction details, a token derived from a key associated with a terminal and an account identifier, and at least a first portion of the transaction details in an encrypted format, the at least first portion of the transaction details encrypted using the key associated with the terminal, wherein the envelope further includes a hashed message authentication code computed using the key and the at least first portion of the unencrypted transaction details;
  
  retrieving the key associated with the terminal from the key database;
  
  converting the token to the account identifier using the key;
  
  verifying that the account identifier is associated with a valid account; and
  
  conducting an audit on the transaction, the audit ensuring that the envelope has not been modified between the terminal and the transaction processing server computer, wherein the audit includes decrypting the at least first portion of the transaction details and comparing the decrypted at least first portion of the transaction details with the unencrypted transaction details in the envelope associated with the transaction, and recalculating the hashed message authentication code using the key and the at least first portion of the unencrypted transaction details and comparing the recalculated hashed message authentication code with the hashed message authentication code received in the envelope.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the audit is conducted as part of a transaction authorization, the transaction authorization resulting in a decline of the transaction if the audit does not pass.
  - 3. The system of claim 1, wherein the method executable by the processor further comprises:
    - sending the account identifier and at least a second portion of transaction details to an issuer to determine if the transaction is authorized.
  - 4. The system of claim 3, wherein settlement, clearing, and chargeback processes use the token, which is converted to the account identifier prior to sending to the issuer.
  - 5. The system of claim 3 wherein the first and second portions of transaction details are the same.
  - 6. The system of claim 1 wherein a fee charged by the transaction processing server computer for processing the transaction is dependent on the pass/fail status of the audit.
  - 7. The system of claim 1 wherein the envelope includes a personal identification number associated with the account identifier, wherein the personal identification number is encrypted by the terminal with the key associated with the terminal and is decrypted by the transaction processing server computer.
  - 8. The system of claim 1, wherein a failure of the audit does not cause the transaction to be declined.

9. A method comprising:
- receiving, at a server computer, from a terminal, an envelope associated with a transaction, wherein the envelope includes unencrypted transaction details, a token derived from a key associated with a terminal and an account identifier, and at least a first portion of the transaction details in an encrypted format, the at least first portion of the transaction details encrypted using the key associated with the terminal, wherein the envelope further includes a hashed message authentication code computed using the key and the at least first portion of the unencrypted transaction details;
  
  converting the token to the account identifier;
  
  verifying that the account identifier is associated with a valid account; and
  
  conducting an audit on the transaction, the audit ensuring that the envelope has not been modified between the terminal and the server computer, wherein the audit includes decrypting the at least first portion of the transaction details and comparing the decrypted at least first portion of the transaction details with the unencrypted transaction details in the envelope associated with the transaction, and recalculating the hashed message authentication code using the key and the at least first portion of the unencrypted transaction details and comparing the recalculated hashed message authentication code with the hashed message authentication code received in the envelope.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the audit is conducted as part of a transaction authorization, the transaction authorization resulting in a decline of the transaction if the audit does not pass.
  - 11. The method of claim 9 wherein a failure of the audit does not cause the transaction to be declined.
  - 12. The method of claim 9, further comprising:
    - sending the account identifier and at least a second portion of transaction details to an issuer to determine if the transaction is authorized.
  - 13. The method of claim 12 wherein the first and second portions of transaction details are the same.
  - 14. The method of claim 12, wherein settlement, clearing, and chargeback processes use the token, which is converted to the account identifier prior to sending to the issuer.
  - 15. The method of claim 9 wherein the envelope includes a personal identification number associated with the account identifier, wherein the personal identification number is encrypted by the terminal with the key associated with the terminal and is decrypted by the server computer.
  - 16. The method of claim 9 wherein a fee charged by the server computer for processing the transaction is dependent on the pass/fail status of the audit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Reed, Judson, Faith, Patrick, Rewis, Ben
Primary Examiner(s)
Reagan, James A

Application Number

US12/939,675
Publication Number

US 20110106710A1
Time in Patent Office

2,364 Days
Field of Search

705 67
US Class Current
CPC Class Codes

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/3829   involving key management

G06Q 20/383   Anonymous user system

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

Encryption switch processing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption switch processing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links