Verification of portable consumer devices

US 9,904,919 B2
Filed: 04/08/2015
Issued: 02/27/2018
Est. Priority Date: 05/15/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, from a user computer at a server computer over a communications network, a request for a verification value associated with a portable consumer device associated with a user, and an encrypted message encrypted using a key stored in a security module of a verification token, the verification token in communication with the user computer, the request comprising identification information pertaining to the portable consumer device;

applying, by the server computer, at least one validation test pertaining to the received request, wherein the validation test comprises validating the encrypted message from the user computer; and

sending, by the server computer to the user computer over the communications network, after the at least one validation test is passed, a verification value to the verification token or to an entity configured to forward the verification value to the verification token.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatuses, methods, and systems pertaining to the verification of portable consumer devices are disclosed. In one implementation, a verification token is coupled to a computer by a USB connection so as to use the computer'"'"'s networking facilities. The verification token reads identification information from a user'"'"'s portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer'"'"'s networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a device verification value to the verification token, and optionally to a payment processing network. The verification token may enter the device verification value into a CVV field of a web page appearing on the computer'"'"'s display, or may display the value to the user using the computer'"'"'s display.

753 Citations

26 Claims

1. A method comprising:
- receiving, from a user computer at a server computer over a communications network, a request for a verification value associated with a portable consumer device associated with a user, and an encrypted message encrypted using a key stored in a security module of a verification token, the verification token in communication with the user computer, the request comprising identification information pertaining to the portable consumer device;
  
  applying, by the server computer, at least one validation test pertaining to the received request, wherein the validation test comprises validating the encrypted message from the user computer; and
  
  sending, by the server computer to the user computer over the communications network, after the at least one validation test is passed, a verification value to the verification token or to an entity configured to forward the verification value to the verification token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 26)
- - 2. The method of claim 1, further comprising sending, if the at least one validation test is passed, the verification value to a payment processing network.
  - 3. The method of claim 1, wherein encrypted message is an encrypted test message, and wherein the method further comprises:
    - receiving a serial number of the verification token and the encrypted test message;
      
      obtaining a key and one or more acceptable messages; and
      
      validating the encrypted test message using the encrypted test message, the obtained key, and the one or more acceptable messages.
  - 4. The method of claim 3, wherein validating the encrypted test message comprises decrypting the encrypted test message using the obtained key, and comparing the decrypted test message to the one or more acceptable messages for a match.
  - 5. The method of claim 3, wherein validating the encrypted test message comprises encrypting the obtained one or more acceptable messages with the obtained key, and comparing the encrypted test message to the one or more encrypted acceptable messages for a match.
  - 6. The method of claim 1, further comprising:
    - receiving a serial number of the verification token; and
      
      comparing the received serial number with serial numbers of suspicious tokens.
  - 7. The method of claim 1 wherein the verification token is coupled to the user computer to access a networking facility of the user computer, and wherein the method further comprises:
    - receiving one or more data messages having information specific to the user computer, the information being obtained by the verification token, andcomparing the received information with computer-specific information of suspicious computers for a match.
  - 8. The method of claim 1 wherein the request for the verification value is conveyed by way of a network packet on a communications network, and wherein the method further comprises:
    - obtaining a source IP address from the network packet; and
      
      comparing the obtained source IP address with suspect IP addresses for a match.
  - 9. The method of claim 1, wherein the received identification information includes an account number associated with the portable consumer device and a digital fingerprint, and wherein the method further comprises:
    - obtaining a valid digital fingerprint; and
      
      comparing the digital fingerprint in the received identification information to the valid digital fingerprint.
  - 10. The method of claim 1, wherein the received identification information includes an account number associated with the portable consumer device and a variable datum that varies each time the portable consumer device is used, and wherein the method further comprises:
    - obtaining one or more acceptable datum values for the portable consumer device having the account number in the received identification information; and
      
      comparing the variable datum in the received identification information to obtain one or more acceptable datum values for a match.
  - 11. The method of claim 1, wherein the received identification information includes an account number associated with the portable consumer device and a variable datum that varies each time the portable consumer device is read for its identification information, and wherein the method further comprises:
    - sending the account number and the variable datum to an issuing bank with a request for the bank to determine if the variable datum is valid; and
      
      receiving the issuing bank'"'"'s determination.
  - 12. The method of claim 1, further comprising sending, if the at least one validation test is passed, a dynamic account number to the verification token or to the entity configured to forward the dynamic account number to the verification token.
  - 13. The method of claim 12, further comprising sending, if the at least one validation test is passed, the verification value and the dynamic account number to a payment processing network.
  - 14. The method of claim 13, further comprising sending a transaction number to the payment processing network and to a personal communication device or email address associated with the account number in the received identification information.
  - 15. The method of claim 1, further comprising sending, if the at least one validation test is passed, address information to the verification token or to the entity configured to forward the address information to the verification token.
  - 16. The method of claim 1, further comprising encrypting or encoding the verification value before sending the value.
  - 17. The method of claim 1, further comprising:
    - identifying a mobile phone number or universal resource identifier of a communications device associated with the portable consumer device indicated in the received identification information, andsending a message to the portable communications device indicating that a request has been made for the verification value for the user'"'"'s portable consumer device.
  - 18. The method of claim 17, wherein the message comprises a text message sent to a cell phone.
  - 19. The method of claim 1, further comprising:
    - identifying an email address associated with the portable consumer device indicated in the received identification information, andsending a message to the identified email address indicating that the request has been made for a verification value for the user'"'"'s portable consumer device.
  - 26. The method of claim 1, wherein the verification value is a cryptogram, and wherein the encrypted message is in the request for the verification value.

20. A server computer comprising:
- a processor; and
  
  a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, for implementing a method comprising;
  
  receiving a request for a verification value associated with a portable consumer device associated with a user from a user computer over a communications network, and an encrypted message encrypted using a key stored in a security module of a verification token, the verification token in communication with the user computer, the request comprising identification information pertaining to the portable consumer device;
  
  applying at least one validation test pertaining to the received request, wherein the validation test comprises validating the encrypted message from the user computer; and
  
  sending after the at least one validation test is passed, a verification value over the communications network to the verification token or to an entity configured to forward the verification value to the verification token.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The server computer of claim 20 wherein the method further comprises:
    - receiving a serial number of the verification token; and
      
      comparing the received serial number with serial numbers of suspicious tokens.
  - 22. The server computer of claim 20 wherein the received identification information includes an account number associated with the portable consumer device and a digital fingerprint, and wherein the method further comprises:
    - obtaining a valid digital fingerprint; and
      
      comparing the digital fingerprint in the received identification information to the valid digital fingerprint.
  - 23. The server computer of claim 20 wherein the method further comprises:
    - encrypting or encoding the verification value before sending the value.
  - 24. The server computer of claim 20 wherein the method further comprises:
    - sending, if the at least one validation test is passed, a dynamic account number to the verification token or to the entity configured to forward the dynamic account number to the verification token.
  - 25. The server computer of claim 20, wherein the method further comprises:
    - sending, if the at least one validation test is passed, the verification value and a dynamic account number to a payment processing network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Hammad, Ayman
Primary Examiner(s)
Trail, Allyson

Application Number

US14/681,668
Publication Number

US 20150317625A1
Time in Patent Office

1,056 Days
Field of Search

235375, 235379, 235380, 235382, 235383, 235435, 235454, 235455, 705 36- 44, 705 67
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 2221/2129   Authenticate client device ...

G06Q 20/12   specially adapted for elect...

G06Q 20/3674   involving authentication

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/42   Confirmation, e.g. check or...

G06Q 20/425   using two different network...

G06Q 2220/00   Business processing using c...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0853   using an additional device,...

H04L 63/126   the source of the received ...

H04L 9/3234   involving additional secure...

Verification of portable consumer devices

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

753 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Verification of portable consumer devices

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

753 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links