Data verification using access device

US 9,680,942 B2
Filed: 04/29/2015
Issued: 06/13/2017
Est. Priority Date: 05/01/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a server computer, portable device information and a mobile device identifier associated with a mobile device;

storing, by the server computer, the portable device information and the mobile device identifier in a database associated with the server computer;

receiving, by the server computer, first transaction data from an access device for a physical or proximity transaction conducted at the access device, wherein the physical or proximity transaction includes physically presenting the portable device to the access device to provide portable device data to the access device;

determining, by the server computer, from the first transaction data that the physical or proximity transaction is associated with the portable device;

determining, by the server computer, a location of the access device;

determining, by the server computer, a location of the mobile device associated with the mobile device identifier;

determining, by the server computer, that the location of the mobile device matches the location of the access device;

marking, by the server computer, the stored portable device information and the stored mobile device identifier as authentication verified;

generating, by the server computer, a verification value or a digital certificate indicating that the status of the portable device is authentication verified;

storing, by the server computer, the verification value or the digital certificate;

receiving, at the server computer, second transaction data from a transactor computer for a remote transaction conducted via the transactor computer, wherein the remote transaction includes providing the portable device data to the transactor computer over a network without physically presenting the portable device to an access device;

determining, by the server computer, from the second transaction data that the remote transaction is associated with the portable device;

determining, by the server computer, that the stored portable device information and the stored mobile device identifier are marked as authentication verified;

identifying, by the server computer, the stored the verification value or the digital certificate; and

sending, by the server computer, a message indicating the status of the portable device as authentication verified to the transactor computer or to an issuer, the message including the verification value or the digital certificate, wherein the verification value or the digital certificate is subsequently used in a determination as to whether the remote transaction is fraudulent.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment of the invention is directed to a method comprising receiving, at a server computer, information for a portable device that includes a mobile device identifier and storing, by the server computer, the information for the portable device that includes the mobile device identifier in a database associated with the server computer. The method further comprising receiving, by the server computer, transaction data from an access device for a transaction conducted at the access device, determining, by the server computer, from the transaction data that the transaction is associated with the portable device, determining, by the server computer, a location of the access device, determining, by the server computer, a location of a mobile device associated with the mobile device identifier, determining, by the server computer, that the location of the mobile device matches the location of the access device, and marking, by the server computer, the stored information for the portable device as authentication verified.

741 Citations

20 Claims

1. A method comprising:
- receiving, at a server computer, portable device information and a mobile device identifier associated with a mobile device;
  
  storing, by the server computer, the portable device information and the mobile device identifier in a database associated with the server computer;
  
  receiving, by the server computer, first transaction data from an access device for a physical or proximity transaction conducted at the access device, wherein the physical or proximity transaction includes physically presenting the portable device to the access device to provide portable device data to the access device;
  
  determining, by the server computer, from the first transaction data that the physical or proximity transaction is associated with the portable device;
  
  determining, by the server computer, a location of the access device;
  
  determining, by the server computer, a location of the mobile device associated with the mobile device identifier;
  
  determining, by the server computer, that the location of the mobile device matches the location of the access device;
  
  marking, by the server computer, the stored portable device information and the stored mobile device identifier as authentication verified;
  
  generating, by the server computer, a verification value or a digital certificate indicating that the status of the portable device is authentication verified;
  
  storing, by the server computer, the verification value or the digital certificate;
  
  receiving, at the server computer, second transaction data from a transactor computer for a remote transaction conducted via the transactor computer, wherein the remote transaction includes providing the portable device data to the transactor computer over a network without physically presenting the portable device to an access device;
  
  determining, by the server computer, from the second transaction data that the remote transaction is associated with the portable device;
  
  determining, by the server computer, that the stored portable device information and the stored mobile device identifier are marked as authentication verified;
  
  identifying, by the server computer, the stored the verification value or the digital certificate; and
  
  sending, by the server computer, a message indicating the status of the portable device as authentication verified to the transactor computer or to an issuer, the message including the verification value or the digital certificate, wherein the verification value or the digital certificate is subsequently used in a determination as to whether the remote transaction is fraudulent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein determining the location of the access device includes determining the location of the access device from location information included in the transaction data.
  - 3. The method of claim 1 wherein determining the location of the mobile device includes sending a message to the mobile device requesting information to confirm the location of the mobile device.
  - 4. The method of claim 3 wherein requesting information includes a request for confirmation for a recent transaction or a challenge question.
  - 5. The method of claim 1 wherein determining the location of the mobile device includes utilizing location technology to determine the geographical position of the mobile device.
  - 6. The method of claim 1 wherein storing the information for the portable device that includes the mobile device identifier further comprises indicating that the stored information for the portable device is not yet authentication verified.
  - 7. The method of claim 1, wherein the portable device information and the mobile device identifier are provided by a user during an initial transaction before the physical or proximity transaction.
  - 8. The method of claim 1, wherein the portable device information and the mobile device identifier are provided by a user via an electronic wallet.
  - 9. The method of claim 1 wherein the message indicating the status of the portable device as authentication verified is sent to the transactor computer, and wherein the method further comprises:
    - receiving, at the server computer, from the transactor computer, an authorization request message for the remote transaction, the authorization request message including the verification value or the digital certificate;
      
      determining, by the server computer, that the remote transaction is authentic based on the verification value or the digital certificate; and
      
      forwarding, by the server computer, to the issuer, the authorization request message for the remote transaction including the verification value or the digital certificate, wherein the issuer authorizes the remote transaction based on the verification value or the digital certificate.
  - 10. The method of claim 1, wherein storing the portable device information and the mobile device identifier in a database associated with the server computer causes the mobile device to be associated with the portable device at the server computer, wherein the remote transaction associated with the portable device is initiated via the mobile device, and wherein the remote transaction is considered an authentication verified transaction because it is initiated via the mobile device and the mobile device is verified as being associated with the portable device.
  - 11. The method of claim 1, wherein marking the stored portable device information and the stored mobile device identifier as authentication verified indicates that an association between the mobile device and portable device is verified, and that the portable device is eligible for use in remote transactions without having to check or compare a physical location.
  - 12. The method of claim 1, wherein a physical transaction is a contact transaction, and wherein a proximity transaction is a contactless NFC transaction.

13. A server computer comprising:
- a processor; and
  
  a non-transitory computer readable medium coupled with the processor, the computer readable medium comprising instructions executable by the processor, the instructions comprising;
  
  receiving portable device information and a mobile device identifier associated with a mobile device;
  
  storing the portable device information and the mobile device identifier in a database associated with the server computer;
  
  receiving first transaction data from an access device for a physical or proximity transaction conducted at the access device, wherein the physical or proximity transaction includes physically presenting the portable device to the access device to provide portable device data to the access device;
  
  determining from the first transaction data that the physical or proximity transaction is associated with the portable device;
  
  determining a location of the access device;
  
  determining a location of the mobile device associated with the mobile device identifier;
  
  determining that the location of the mobile device matches the location of the access device;
  
  marking the stored portable device information and the stored mobile device identifier as authentication verified;
  
  generating a verification value or a digital certificate indicating that the status of the portable device is authentication verified;
  
  storing the verification value or the digital certificate;
  
  receiving second transaction data from a transactor computer for a remote transaction conducted via the transactor computer, wherein the remote transaction includes providing the portable device data to the transactor computer over a network without physically presenting the portable device to an access device;
  
  determining from the second transaction data that the remote transaction is associated with the portable device;
  
  determining that the stored portable device information and the stored mobile device identifier are marked as authentication verified;
  
  identifying the stored the verification value or the digital certificate; and
  
  sending a message indicating the status of the portable device as authentication verified to the transactor computer or to an issuer, the message including the verification value or the digital certificate, wherein the verification value or the digital certificate is subsequently used in a determination as to whether the remote transaction is fraudulent.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The server computer of claim 13 wherein determining the location of the access device includes determining the location of the access device from location information included in the transaction data.
  - 15. The server computer of claim 13 wherein determining the location of the mobile device includes sending a message to the mobile device requesting information to confirm the location of the mobile device.
  - 16. The server computer of claim 13 wherein requesting information includes a request for confirmation for a recent transaction or a challenge question.
  - 17. The server computer of claim 13 wherein determining the location of the mobile device includes utilizing location technology to determine the geographical position of the mobile device.
  - 18. The server computer of claim 13 wherein storing the information for the portable device that includes the mobile device identifier further comprises indicating that the stored information for the portable device is not yet authentication verified.
  - 19. The server computer of claim 13 wherein the access device is an electronic cash register.

20. A computer apparatus comprising:
- a processor; and
  
  a non-transitory computer readable medium coupled with the processor, the computer readable medium comprising instructions executable by the processor, the instructions comprising;
  
  sending portable device information and a mobile device identifier associated with a mobile device, to a server computer wherein the server computer stores the portable device information and the mobile device identifier in a database associated with the server computer;
  
  receiving first transaction data for a physical or proximity transaction conducted using the portable device, wherein the physical or proximity transaction includes physically presenting the portable device to an access device to provide portable device data to the access device;
  
  sending the first transaction data to the server computer wherein the server computer determines a location of an access device associated with the mobile device identifier, determines a location of the mobile device associated with the mobile device identifier, determines that the location of the mobile device identifier matches the location of the access device, marks the stored portable device information and the stored mobile device identifier in the database as authentication verified, generates a verification value or a digital certificate indicating that the status of the portable device is authentication verified, and stores the verification value or the digital certificate;
  
  receiving second transaction data for a remote transaction, wherein the remote transaction includes providing the portable device data over a network without physically presenting the portable device to the access device; and
  
  sending the second transaction data to the server computer wherein the server computer determines from the second transaction data that the remote transaction is associated with the portable device, determines that the stored portable device information the stored mobile device identifier are marked as authentication verified, identifies the stored the verification value or the digital certificate, and sends a message indicating the status of the portable device as authentication verified, the message including the verification value or the digital certificate, wherein the verification value or the digital certificate is subsequently used in a determination as to whether the remote transaction is fraudulent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Dimmick, James
Primary Examiner(s)
Hailu, Teshome

Application Number

US14/699,767
Publication Number

US 20150319161A1
Time in Patent Office

776 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06Q 20/3224   Transactions dependent on l...

G06Q 20/40   Authorisation, e.g. identif...

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

H04L 67/52   specially adapted for the l...

H04W 12/06   Authentication

H04W 12/10   Integrity

H04W 4/025   using location based inform...

Data verification using access device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

741 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data verification using access device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

741 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links