[go: up one dir, main page]

WO2015120082A1 - Token verification using limited use certificates - Google Patents

Token verification using limited use certificates Download PDF

Info

Publication number
WO2015120082A1
WO2015120082A1 PCT/US2015/014504 US2015014504W WO2015120082A1 WO 2015120082 A1 WO2015120082 A1 WO 2015120082A1 US 2015014504 W US2015014504 W US 2015014504W WO 2015120082 A1 WO2015120082 A1 WO 2015120082A1
Authority
WO
WIPO (PCT)
Prior art keywords
token
certificate
access device
transaction
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2015/014504
Other languages
French (fr)
Inventor
Christian Aabye
Brian Sullivan
Dave Wilson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visa International Service Association
Original Assignee
Visa International Service Association
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visa International Service Association filed Critical Visa International Service Association
Priority to CN201580007087.8A priority Critical patent/CN105960776B/en
Priority to EP15746832.3A priority patent/EP3103084A1/en
Priority to CA2936985A priority patent/CA2936985A1/en
Priority to BR112016017947A priority patent/BR112016017947A2/en
Priority to AU2015214271A priority patent/AU2015214271B2/en
Publication of WO2015120082A1 publication Critical patent/WO2015120082A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/352Contactless payments by cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Definitions

  • Tokenization provides many advantages when conducting transactions, such as improving efficiency and security.
  • a connection to a token server e.g., a server that generated the token
  • the token may be checked for validity (e.g., to determine whether it may be used for a transaction, etc.).
  • an online connection to a token server to validate the token may be unavailable, or such an online connection may be too slow to accommodate the amount of transaction volume that takes place in a short amount of time.
  • Embodiments of the present invention address these problems and other problems individually and collectively.
  • Embodiments of the invention relate to methods, devices, and systems for verifying tokens using limited-use certificates.
  • a user device can send a token request to a token provider computer, and receive in response a token and a token certificate associated with the token.
  • the token certificate may include, for example, a hash of the token and a digital signature by the token provider computer or another trusted entity.
  • the user device can provide the token and the token certificate to an access device.
  • the access device can verify the token using the token certificate, and verify the token certificate using a digital signature. In some cases, the token and token certificate may be verified offline. The access device can then conduct a transaction using the token.
  • FIG. 1 shows an example of a system that may be used with embodiments of the invention.
  • FIG. 2 shows an example of a user device in accordance with some embodiments.
  • FIG. 3 shows an example of an access device in accordance with some aspects
  • FIG. 4 shows an example of a token system in accordance with some embodiments.
  • FIG. 5 shows an example of a token certificate in accordance with some
  • FIG. 6 shows a method of obtaining a token and a token certificate by a user device in accordance with some embodiments.
  • FIG. 7 shows a method of generating and provisioning a token by a token provider computer in accordance with some embodiments.
  • FIG. 8 shows a method of conducting a transaction by an access device using a token in accordance with some embodiments.
  • FIG. 9 shows a method of conducting a transit transaction using a token in accordance with some embodiments.
  • FIG. 10 shows an example of a portable user device.
  • FIG. 11 shows an example of a computer apparatus.
  • server computer may include a powerful computer or cluster of computers.
  • the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit.
  • the server computer may be a database server coupled to a Web server.
  • the server computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers.
  • the server computer may comprise one or more computational apparatuses and may use any of a variety of computing structures, arrangements, and compilations for servicing the requests from one or more client computers.
  • the term "public/private key pair" may include a pair of linked cryptographic keys generated by an entity.
  • the public key may be used for public functions such as encrypting a message to send to the entity or for verifying a digital signature which was supposedly made by the entity.
  • the private key on the other hand may be used for private functions such as decrypting a received message or applying a digital signature.
  • the public key will usually be authorized by a body known as a Certification Authority (CA) which stores the public key in a database and distributes it to any other entity which requests it.
  • CA Certification Authority
  • the private key will typically be kept in a secure storage medium and will usually only be known to the entity.
  • the cryptographic systems described herein may feature key recovery mechanisms for recovering lost keys and avoiding data loss.
  • Public and private keys may be in any suitable format, including those based on RSA or elliptic curve cryptography (ECC).
  • a "digital signature” may refer to the result of applying an algorithm based on a public/private key pair, which allows a signing party to manifest, and/or a verifying party to verify, the authenticity and/or integrity of a document.
  • the signing party acts by means of the private key and the verifying party acts by means of the public key. This process certifies the authenticity of the sender, the integrity of the signed document and the so-called principle of nonrepudiation, which does not allow disowning what has been signed.
  • a certificate or other data that includes a digital signature by a signing party is said to be "signed" by the signing party.
  • the digital signature may be performed in accordance with RSA public key cryptography.
  • a "certificate” may include an electronic document or data file that uses a digital signature to bind data (e.g., a token) with data associated with an identity.
  • the certificate may include one or more data fields, such as the legal name of the identity, a serial number of the certificate, a valid- from and valid-to date for the certificate, certificate-related
  • a certificate may contain a "valid-from" date indicating the first date the certificate is valid, and a "valid-to" date indicating the last date the certificate is valid.
  • a certificate may also contain a hash of data protected by the certificate including the data fields. The hash may include data contained within the certificate, and/or data that is not contained in the certificate. Hence, a hash can be used to enable the certificate to protect a data set that is larger than the certificate size (e.g., a hash of data fields in the certificate and additional data not contained in the certificate).
  • each certificate is signed by a certificate authority.
  • a certificate may be in any suitable format, such as those defined in Europay, MasterCard, and Visa (EMV) standard ISO 9796 and ITU-T standard X.509.
  • EMV Europay, MasterCard, and Visa
  • a "certificate authority" may include one or more server computers operatively coupled to issue certificates to entities.
  • the CA may prove its identity using a CA certificate, which includes the CA's public key.
  • the CA certificate may be signed by another CA's private key, or may be signed by the same CA's private key. The latter is known as a self-signed certificate.
  • the CA also typically maintains a database of all certificates issued by the CA.
  • the certificate authority receives an unsigned certificate from an entity whose identity is known.
  • the unsigned certificate includes a public key, one or more data fields, and a hash of the data in the certificate.
  • the CA signs the certificate with a private key corresponding to the public key included on the CA certificate.
  • the CA may then store the signed certificate in a database, and issue the signed certificate to the entity.
  • a "token” may include a number, string, bit sequence, and/or other data value intended to substitute for or represent account information associated with a user.
  • account information such as a primary account number (PAN)
  • PAN primary account number
  • the token may be derived from or directly related to a primary account number (PAN) or other payment account information (e.g., pseudo PAN, dynamic PAN, obfuscated PAN, partially encrypted PAN, etc.).
  • the token may include a randomly generated identifier that is associated with the user account.
  • a "token certificate” may include a digital certificate or other data that authenticates a token using a digital signature.
  • the digital signature may be generated by a token provider or other authorized entity.
  • the token certificate may include a token identifier (e.g., a hash of the token), and the digital signature of the token certificate may be generated using the token identifier.
  • the token certificate may also include other data defining the use of the token, such as an expiration date and a transaction context identifier.
  • a "token access restriction” may include a restriction or other limitation relating to the use of a token.
  • a token access restriction may include, for example, a maximum transaction value, an expiration date for the token, and a transaction context for the token.
  • a "transaction context” may include any information relating to situations in which a token may be used.
  • a transaction context may indicate access devices or merchants at which the token is valid, dates and times during which the token is valid, etc.
  • a “transaction context identifier” may include any data suitable to identify a transaction context.
  • a "transaction context” may include an indication of a context or system in which a token is valid.
  • the transaction context may indicate a provider or other system with which the token may be used.
  • a transaction context may indicate that a token is only valid for use with a particular transit provider.
  • a user device can send a token request to a token provider computer, and receive in response a token and a token certificate associated with the token.
  • the token certificate may include, for example, a hash of the token and a digital signature by the token provider computer or another trusted entity.
  • the user device can provide the token and the token certificate to an access device.
  • the access device can verify the token using the token certificate, and verify the token certificate using a digital signature. In some cases, the token and token certificate may be verified offline. The access device can then conduct a transaction using the token.
  • Embodiments can provide systems and methods for conducting transaction using tokens without requiring a connection to a validating server.
  • the use of tokens to conduct transactions provides several advantages. For example, since a token may identify an account without using an account number, tokens can be used to protect sensitive information and/or identity of a user from unscrupulous parties. In addition, tokens can be configured to be valid for limited periods of time, which limits the damage that may occur if the token is compromised.
  • embodiments can allow an access device, terminal, or other entity to determine access restrictions for the token. Further, since the token certificate may be signed by an issuer, certificate authority (CA), or other trusted party, the access device or terminal may cryptographically verify the token certificate.
  • CA certificate authority
  • embodiments can allow access restrictions on tokens to be enforced in offline environments, or where a network connection is too slow relative to transaction volume. Furthermore, embodiments can allow token verification to performed faster and more efficiently, because processing time does not depend on network latency, bandwidth, or the speed of a remote token server.
  • FIG. 1 shows an example of a system that may be used with embodiments of the invention.
  • the system comprises a user (not shown) who may operate a user device 200.
  • the user may use user device 200 to conduct transactions (e.g., payment transaction, access transaction, etc.) in communication with an access device 300.
  • a "user device” may include a mobile phone, tablet, credit card, debit card, or any other suitable device.
  • a user device may be a wearable device, such as a watch or smart watch, fitness band, ankle bracelet, ring, earring, etc.
  • Access device 300 may be connected to merchant computer 101, which may be connected to acquirer computer 102.
  • Acquirer computer 102 may be connected to issuer computer 104 via payment processing network 103.
  • an "issuer” may typically refer to a business entity (e.g., a bank) that maintains an account for a user and may issue a user device 200 such as a credit or debit card to the user, or provision a user device 200 such as a mobile phone. An issuer may also issue a token and a token certificate to user device 200.
  • a "merchant” is typically an entity that engages in transactions and can sell goods or services, or provide access to goods or services.
  • the merchant may be associated with a transit provider or other access provider.
  • the issuer and merchant may be the same entity. For example, a transit provider may both maintain accounts for users and operate access devices 300 used to conduct transactions.
  • An "acquirer” is typically a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant or other entity. Some entities can perform both issuer and acquirer functions. Some embodiments may encompass such single entity issuer-acquirers.
  • Each of the entities may comprise one or more computer apparatuses (e.g., access device 300, merchant computer 101, acquirer computer 102, payment processing network 103, and issuer computer 104) to enable communications, or to perform one or more of the functions described herein.
  • the payment processing network 103 may include data processing subsystems, networks, and operations used to support and deliver certificate authority services, authorization services, exception file services, transaction scoring services, and clearing and settlement services.
  • An exemplary payment processing network may include VisaNetTM.
  • Payment processing networks such as VisaNetTM are able to process credit card transactions, debit card transactions, and other types of commercial transactions.
  • VisaNetTM in particular, includes a VIP system (Visa Integrated Payments system) which processes authorization requests and a Base II system which performs clearing and settlement services.
  • the payment processing network 103 may include one or more server computers.
  • a server computer is typically a powerful computer or cluster of computers.
  • the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit.
  • the server computer may be a database server coupled to a Web server.
  • the payment processing network 103 may use any suitable wired or wireless network, including the Internet.
  • the user may conduct a transaction at a merchant using a user device 200.
  • the transaction may be a payment transaction (e.g., for the purchase of a good or service), an access transaction (e.g., for access to a transit system), or any other suitable transaction.
  • the user's user device 200 can interact with an access device 300 at a merchant associated with merchant computer 101.
  • the user may tap a portable user device 200 against an NFC reader in the access device 300.
  • the user may indicate account information to the merchant electronically, such as in an online transaction.
  • the user device 200 may transmit to the access device an account identifier, such as a token.
  • an online authorization of the transaction may be performed directly after the user presents account information.
  • online authorization may be deferred until a later time.
  • access device 300 or merchant computer 101 may verify user device 200 (e.g., by verifying the signature, validity of the certificate, and/or use restrictions such as time limits and/or purchase type restrictions included on a certificate) when user device 200 interfaces with access device 300 or merchant computer 101. Once user device 200 is verified, the user may receive and/or use goods or services, and/or be granted access to a location, etc., before the transaction is authorized online. Later, depending on various network access, processing time, or other constraints, an online authorization including an authorization request message may be conducted.
  • a user may tap a user device 200 such as a contactless card at access device 300 on a bus when boarding the bus.
  • Access device 300 may verify user device 200 by verifying a certificate and access restrictions on user device 200. Once the user device 200 is verified, the user may board the bus without requiring an online authorization of the transaction. Later, when the bus reaches a bus terminal, access device 300 may gain wireless connectivity and initiate online authorization for the user's transaction.
  • an authorization request message may be generated by access device 300 or merchant computer 101 and then forwarded to the acquirer computer 102. After receiving the authorization request message, the authorization request message is then sent to the payment processing network 103. The payment processing network 103 then forwards the authorization request message to the corresponding issuer computer 104 associated with an issuer associated with the user device 200.
  • An "authorization request message” may be an electronic message that is sent to a payment processing network and/or an issuer of a payment card to request authorization for a transaction.
  • An authorization request message may comply with ISO 8583, which is a standard for systems that exchange electronic transaction information associated with a payment made by a user using a payment device or payment account.
  • the authorization request message may include an issuer account identifier that may be associated with a payment device or payment account.
  • An authorization request message may also comprise additional data elements corresponding to "identification information" including, by way of example only: a service code, a CVV (card verification value), a dCVV (dynamic card verification value), an expiration date, etc.
  • An authorization request message may also comprise "transaction information," such as any information associated with a current transaction, such as the transaction amount, merchant identifier, merchant location, etc., as well as any other information that may be utilized in determining whether to identify and/or authorize a transaction.
  • the authorization request message may also include other information such as information that identifies the access device that generated the authorization request message, information about the location of the access device, etc.
  • the issuer computer 104 After the issuer computer 104 receives the authorization request message, the issuer computer 104 sends an authorization response message back to the payment processing network 103 to indicate whether the current transaction is authorized (or not authorized). The payment processing network 103 then forwards the authorization response message back to the acquirer computer 102. In some embodiments, payment processing network 103 may decline the transaction even if issuer computer 104 has authorized the transaction, for example depending on a value of the fraud risk score. The acquirer computer 102 then sends the response message back to the merchant computer 101.
  • An "authorization response message” may be an electronic message reply to an authorization request message generated by an issuing financial institution 104 or a payment processing network 103.
  • the authorization response message may include, by way of example only, one or more of the following status indicators: Approval— transaction was approved; Decline— transaction was not approved; or Call Center— response pending more information, merchant must call the toll-free authorization phone number.
  • the authorization response message may also include an authorization code, which may be a code that a credit card issuing bank returns in response to an authorization request message in an electronic message (either directly or through the payment processing network 103) to the merchant computer 101 that indicates approval of the transaction. The code may serve as proof of authorization.
  • a payment processing network 103 may generate or forward the authorization response message to the merchant.
  • the merchant computer 101 may then provide the authorization response message for the user.
  • the response message may be displayed by the access device 300, or may be printed out on a physical receipt. Alternately, if the transaction is an online transaction, the merchant may provide a web page or other indication of the authorization response message as a virtual receipt.
  • the receipts may include transaction data for the transaction.
  • a clearing process is a process of exchanging financial details between an acquirer and an issuer to facilitate posting to a customer's payment account and reconciliation of the user's settlement position.
  • FIG. 2 shows an example of a user device 200 in accordance with some
  • Examples of user devices 200 may include mobile phones, tablets, desktop and laptop computers, wearable devices (e.g., smart watches, fitness bands, ankle bracelets, rings, earrings, etc.), or any other computing device suitable for receiving, storing, and transmitting tokens.
  • User device 200 may include a processor 201 communicatively coupled to a network interface 202, a memory 203, and a computer readable medium 210.
  • the processor 201 can comprise one or more CPUs, each of which may comprise at least one processor cores operable to execute program components for executing user and/or system-generated requests.
  • the CPU may be a microprocessor such as AMD's Athlon,
  • processor 201 can include multiple CPUs coupled over a network, such as in a distributed or cluster computing system.
  • the network interface 202 may be configured to allow user device 200 to communicate with other entities such as access device 300, issuer computer 104, etc. using one or more communications networks.
  • Network interfaces may accept, communicate, and/or connect to a communications network.
  • Network interfaces may employ connection protocols such as, but not limited to: direct connect, Ethernet (thick, thin, twisted pair 10/100/1000 Base T, and/or the like), Token Ring, wireless connection such as IEEE
  • a communications network may be any one and/or the combination of the following: a direct interconnection; the Internet; a Local Area Network (LAN); a Metropolitan Area Network (MAN); a secured custom connection; a Wide Area Network (WAN); a wireless network (e.g., employing protocols such as, but not limited to a Wireless Application Protocol (WAP), I-mode, and/or the like); and/or the like.
  • WAP Wireless Application Protocol
  • the memory 203 may be used to store data and code.
  • the memory 203 may be coupled to the processor 201 internally or externally (e.g., cloud based data storage), and may comprise any combination of volatile and/or non-volatile memory, such as RAM, DRAM, ROM, flash, or any other suitable memory device.
  • the computer-readable medium 210 may be in the form of a memory (e.g., flash, ROM, etc.) and may comprise code, executable by the processor 201 for implementing the methods described herein.
  • the computer readable medium 210 may include a transit application 211, a parking meter application 212, another application 213, a token enrollment module 214, a token transaction module 215, and a token storage module 216.
  • Transit application 211 may include any program, app, software, or other code suitable to conduct transactions with a transit provider.
  • transit application 211 may be specific to a single transit provider or a group of transit providers.
  • transit application 211 can be general purpose, such as a web browser that accesses a transit provider's website.
  • Transit application 211 may include a user interface to browse for and select transit services to be purchased, and to conduct transit transactions. For example, a user may use transit application 211 to purchase one-way or round-trip tickets, fixed duration or value passes, and other goods.
  • Transit application 211 may determine a cost of the goods to be purchased, obtain a token corresponding to the purchased goods and a token certificate corresponding to the token, and send the token and token certificate to an access device in order to conduct a transaction (e.g., pay a fare or provide proof of payment of the fare).
  • a transaction e.g., pay a fare or provide proof of payment of the fare.
  • Parking meter application 212 may include any program, app, software, or other code suitable to conduct transactions with a parking provider.
  • parking meter application 212 may be specific to a parking provider or a group of parking providers.
  • parking meter application 212 can be general purpose, such as a web browser that accesses a parking provider's website.
  • Parking meter application 211 may include a user interface to browse for and select parking spaces to be purchased, and to pay for the parking spaces. For example, a user may use parking meter application 212 to purchase a certain duration of parking, parking permits, and other goods.
  • Parking meter application 211 may determine a cost of the goods to be purchased, obtain a token corresponding to the purchased goods and a token certificate corresponding to the token, and send the token and token certificate to an access device in order to conduct a transaction (e.g., pay for parking or provide proof of payment).
  • a transaction e.g., pay for parking or provide proof of payment
  • Other application 213 may include any program, app, software, or other code suitable to conduct any other type of transaction.
  • parking meter application 212 may be specific to a parking provider or a group of parking providers.
  • other application 213 may be configured to determine goods or services for a transaction, obtain a token and token certificate, and use the token and token certificate to pay for the goods or services at an access device (e.g., access device 300).
  • Token enrollment module 214 may include any program, software, or other code suitable to enroll a user device with a token provider (e.g., token provider computer 401).
  • token enrollment module 214 may be configured to communicate with a token provider computer to send a token request.
  • the token request may include account information, such as a primary account number (PAN).
  • PAN primary account number
  • token enrollment module 214 may receive a token and a token certificate corresponding to the token.
  • the token and/or the token certificate may be stored in token storage module 216.
  • an application such as applications 211-213 may interface with token enrollment module 214 to obtain a token and a token certificate from a token provider.
  • Token transaction module 215 may include any program, software, or other code suitable to conduct or initiate a transaction using a token.
  • token transaction module 215 may be configured to retrieve a token and a token certificate, provide the token and token certificate to an access device (e.g., access device 300) for a transaction, and receive a response from the access device indicating the status of the transaction.
  • an application such as applications 211-213 may interface with token transaction module 215 to conduct a transaction using a token.
  • a transit application may determine that user device 200 has moved near a contactless reader of an access device, determine an appropriate context and token (or just token), and interface with token transaction module 215 to provide the corresponding token and token certificate to the access device.
  • Token storage module 216 may include any software and/or hardware suitable to store tokens and/or token certificates. Typically, token storage module 216 may be secured, so that unauthorized entities (such as other programs running on user device 200) cannot access the stored token. In some embodiments, the security of token storage module 216 may be provided in software, such as through host card emulation (HCE). In other embodiments, the security of token storage module 216 may be provided through hardware, such as a hardware security module (HSM), secure element, trusted execution environment (TEE), etc. In yet other embodiments, the security of token storage module 216 may use a combination of software and hardware.
  • HCE host card emulation
  • HSM hardware security module
  • TEE trusted execution environment
  • FIG. 2 illustrates one example of a user device 200
  • embodiments are not limited to the shown device. Rather, a user device in accordance with embodiments may be missing one or more elements shown in FIG. 2, and may include other elements not shown. For example, embodiments are not limited to transit applications or parking meter applications.
  • FIG. 3 shows an example of an access device 300 in accordance with some embodiments.
  • access devices 200 may include mobile devices (e.g., mobile phones, tablets, wearable devices), desktop or laptop computers, point of sale (POS) terminals, or any other computing device suitable for receiving and conducting transactions using tokens.
  • Access device 300 may include a processor 301 communicatively coupled to a network interface 302, a memory 303, and a computer readable medium 310.
  • processor 301 , network interface 302, memory 303, and computer-readable medium 310 may be similar to the corresponding elements as described with reference to user device 200 of FIG. 2.
  • the computer readable medium 310 may include a device communication module 311, a certificate verification module 212, a token verification module 313, and a transaction processing module 314.
  • Device communication module 311 may include any software and/or hardware configured to communicate with user devices, such as user device 200.
  • access device 300 may communicate using a contactless or wireless protocol, such as NFC or PayWaveTM.
  • device communication module 311 may include a contactless transceiver and firmware or other software configured to send signals to and receive signals from user devices.
  • device communication module 311 may be configured to receive a token and a token certificate from a user device in one or more messages.
  • Certificate verification module 312 may include any software and/or hardware configured to verify digital certificates, such as token certificates.
  • certificate verification module 312 may include code operable to verify a digital signature included in a token certificate.
  • verifying the digital signature may include decrypting the digital signature using a trusted entity's public key and comparing the result to an expected value.
  • the expected value may be, for example, a hash of part or all of the certificate.
  • certificate verification module 312 may maintain one or more trusted certificates and/or trusted public keys corresponding to trusted entities, such as token providers. If a token certificate is signed by one of the stored trusted certificates or trusted public keys, then the token certificate may be verified offline (i.e., without any communication with other devices).
  • Token verification module 313 may include any program, software, or other code suitable to verify the legitimacy and the use of a token.
  • token verification module 313 may verify a token using data included in a valid token certificate.
  • a token certificate may include a token identifier such as a hash of the token. In such cases, verifying the token may include ensuring a hash of the token matches the token identifier of the token certificate.
  • a token certificate may also include a context identifier.
  • verifying the token may include verifying that the token is being used in an appropriate context.
  • a token certificate may indicate that a token is only valid for use at a transit provider.
  • Token verification module 313 can then ensure that access device 300 is associated with the transit provider. If the check fails, the token may be rejected as being used in the wrong context (i.e., it may be unauthorized).
  • Transaction processing module 314 may include any program, software, or other code suitable to conduct or initiate a transaction using a token.
  • transaction processing module 314 may be configured to generate and send an authorization request message for a transaction (e.g., as described with reference to FIG. 1) including a received token.
  • Transaction processing module 314 may also receive and process an authorization response message indicating the status of the transaction.
  • transaction processing may occur some time after a token has been verified (e.g., by token verification module 313). For example, if access device 300 is on a city bus that does not have a persistent network connection, authorization for a transaction may not be performed until the end of the day when the bus returns to a bus terminal with wireless internet access.
  • FIG. 3 illustrates one example of an access device 300
  • embodiments are not limited to the shown device. Rather, an access device in accordance with embodiments may be missing one or more elements shown in FIG. 3, and may include other elements not shown.
  • FIG. 3 illustrates one example of an access device 300
  • embodiments are not limited to the shown device. Rather, an access device in accordance with embodiments may be missing one or more elements shown in FIG. 3, and may include other elements not shown.
  • FIG. 4 shows an example of a token system in accordance with some embodiments.
  • the token system includes user device 200 (as further described with reference to FIG. 2), access device 300 (as further described with reference to FIG. 3), payment processing network 103 (as further described with reference to FIG. 1), and a token provider computer 401.
  • Token provider computer 401 may comprise any server computer suitable to associate account information with tokens.
  • token provider computer may be configured to receive a token request including account information, authenticate and authorize the token request, generate a token, associate the token with the account corresponding to the received account information, and return a token response including the token.
  • the token response may also include a token certificate corresponding to the token.
  • token provider computer 401 may be operated by, on behalf of, or otherwise associated with another entity.
  • token provider computer 401 may be operated by issuer computer 104 of an account.
  • token enrollment module 214 of user device 200 sends a token request to token provider computer 401.
  • the token request may include, for example, account information for a user account, and user credentials (e.g., a username and password).
  • token provider computer 401 returns a token response including a token and a token certificate to token enrollment module 214.
  • Token enrollment module 214 stores the token in token storage module 216.
  • a user may present user device 200 to access device 300 in order to conduct a transaction. For example, the user may operate an application 213 running on the user device. Application 213 may retrieve the token and the token certificate from token storage module 216. Application 213 then interfaces with token transaction module 215 to initiate a transaction with access device 300.
  • Token transaction module 215 sends a transaction request including the token and the token certificate to device communication module 311 of access device 300.
  • device communication module 311 receives the transaction request, it forwards the token certificate to certificate verification module 312 for verification. If the token certificate is verified, token verification module 313 verifies the token. Once both the token certificate and the token are verified, access device 300 may provide an indication of the verification. For example, access device 300 may grant access to a location, or may actuate a restriction mechanism (e.g., a gate or a turnstile) that allows the user access.
  • transaction processing module 314 conducts a transaction using the token. For example, transaction processing module 314 generates and sends an authorization request message to payment processing network 103. Payment processing network 103 determines if the transaction is authorized or declined, and sends an authorization response message to transaction processing module 314. Transaction processing module 314 may then indicate (e.g., display) the status of the transaction.
  • FIG. 5 shows an example of a token certificate 510 in accordance with some embodiments.
  • a token 501 may be issued to user device 200 by a token provider computer 401.
  • the token certificate 510 may comprise a token identifier 511, an expiration date 512, a transaction context identifier 513, and a digital signature 205.
  • Token identifier 511 may include any data suitable to identify a token.
  • the token identifier 511 may be the token 501 itself.
  • the token identifier 511 may store a protected form of the token 501.
  • token identifier 511 may store a cryptographic hash of the token 501.
  • Expiration date 512 may include any data suitable to define an expiration date associated with the token.
  • Expiration date 512 may indicate, for example, the last day, month, and year on which the token may be used.
  • Expiration date 512 may be stored in any suitable form, such as a UTC timestamp.
  • expiration date 512 may include a two-digit expiration day for the token.
  • Transaction context identifier 513 may include any data suitable to identify a transaction context for a token. For example, if a token may only be used at a mass transit provider, the transaction context may include an identifier for the transit provider.
  • Transaction context identifier 513 may be used, for example, to prevent a payment token from being used at a transit terminal, and to prevent a transit token from being used at a non- transit merchant's point of sale terminal. In some embodiments, transaction context identifier
  • transit provider 513 may be used to limit access to a particular transit provider, transit type (e.g., bus, rail, etc.), or be used to limit purchases to a particular merchant or product/service type (e.g., meals, clothing, etc.).
  • transit type e.g., bus, rail, etc.
  • product/service type e.g., meals, clothing, etc.
  • the token certificate 510 comprises a bank
  • the transaction context identifier 510 may be included in the BIN.
  • the BIN field may comprise six digits for a token BIN, and two or more digits for a transit provider identifier associated with the token 501.
  • Digital signature 514 may include a digital signature by a certificate authority (CA), signatory party, or other trusted entity.
  • CA certificate authority
  • digital signature may include a digital signature by a certificate authority (CA), signatory party, or other trusted entity.
  • the trusted entity used to sign the token certificate 510 may be identified using a public key index (PKI) specific to token certificates.
  • PKI public key index
  • the usage of a public key index that is specific to token certificates may be used to impose restrictions similar to those described above for transaction context identifier 513.
  • the public key index may be used to prevent a payment token from being used at a transit terminal, and to prevent a transit token from being used at a non-transit merchant's point of sale terminal.
  • FIGs. 6-8 show methods of generating and obtaining a token and a token certificate, and using the token and token certificate to conduct a transaction.
  • FIG. 6 shows a method 600 of obtaining a token and a token certificate in accordance with some embodiments.
  • method 600 may be performed by a user device, such as user device 200, which can request a token from token provider computer 401, as shown in FIG. 4.
  • a token request including account information is generated.
  • Account information may include any data sufficient for identifying a user account.
  • a user operating the user device may enter a username and password, an account number, and/or other account information.
  • the account information may be received from another device, or may have been previously stored on user device 200.
  • the token request may also indicate a transaction context or other data to be associated with the requested token.
  • the token request is sent to the token provider computer.
  • the appropriate token provider computer to direct the token request to may depend on the account information and/or the application (e.g., transit application 211, parking meter application 212, or other application 213) used to send the token request.
  • a token response including a token and a token certificate is received from the token provider computer.
  • the token may include a number, string, bit sequence, and/or other data value intended to substitute for or represent account information associated with a user.
  • account information such as a primary account number (PAN) with a token - in which case, the account information or PAN can be used as the token.
  • PAN primary account number
  • the token may be derived from or directly related to a primary account number (PAN) or other payment account information (e.g., pseudo PAN, dynamic PAN, obfuscated PAN, partially encrypted PAN, etc.).
  • the token may include a randomly generated identifier that is associated with the user account.
  • the token certificate may include a digital certificate or other data that authenticates a token using a digital signature.
  • the digital signature may be generated by a token provider or other authorized entity.
  • the token certificate may include a token identifier (e.g., a hash of the token), and the digital signature of the token certificate may be generated using the token identifier.
  • the token certificate may also include other data defining the use of the token, such as an expiration date and a transaction context identifier.
  • the token is securely stored.
  • securely storing the token may include storing the token in token storage module 216.
  • step 601 may be performed by another entity, or may not be necessary.
  • a token may be requested by a desktop computer or other computing device.
  • the token provider computer may then send the token and token certificate to the user device without requiring that the token request was received from user device 200.
  • the token and token certificate may be provisioned onto the user device 200 at the time of manufacture.
  • FIG. 7 shows a method of generating and provisioning a token in accordance with some embodiments.
  • method 700 may be performed by a token provider computer, such as token provider computer 401.
  • token provider computer 401 a token provider computer
  • some or all of the described steps may be performed by other entities, such as merchant computer 101, payment processing network 103, and issuer computer 104.
  • a token request is received including account information for a user's account.
  • the received account information may include any data sufficient for identifying a user account.
  • the account information may include a username and password, an account number, and/or other account information.
  • the token request may also include a transaction context or other data to be associated with the requested token.
  • verifying the account information may comprise verifying that the password matches a stored password (or password hash) for the username.
  • verifying the account information may include ensuring that the account is authorized to request tokens.
  • a token is generated.
  • the token may be generated in any suitable manner.
  • the token may be generated randomly or pseudo-randomly, or may be generated using a deterministic algorithm.
  • the token may be associated with the user's account.
  • the token may be stored in a database mapping the token to an account number.
  • token access restrictions associated with the token are determined.
  • the token access restrictions may include any restriction or other limitation relating to the use of a token.
  • a token access restriction may include, for example, a maximum transaction value, an expiration date for the token, and a transaction context for the token.
  • the token access restrictions may be determined based data relating to the user's account. For example, the issuer of the user's account, a credit score or security level assocaited with the user's account, and any access restriction data included in the token request may influence the determined token access restrictions.
  • a token certificate is generated using the determined token access restrictions.
  • the token certificate may include a a token identifier (e.g., a hash of the token), and other data defining the use of the token, such as an expiration date, a transaction context identifier, or other access restrictions.
  • the token certificate is signed. Signing the token certificate may involve hashing some or all of the contents of the token certificate. The resulting hash may then be encrypted using a private key of a trusted entity, such as a token provider, payment processing network, or issuer, to generate a digital signature. The digital signature may then be included in the token certificate.
  • a token response is transmitted to the user device including the token and the signed token certificate.
  • the token can be transmitted separately from the signed token certificate or in a same message.
  • FIG. 8 shows a method of conducting a transaction using a token in accordance with some embodiments.
  • method 800 may be performed by an access device, such as access device 300.
  • some or all of the described steps may be performed by other entities, such as merchant computer 101, payment processing network 103, or issuer computer 104.
  • a transaction request is received including a token and a token certificate.
  • the token may include a number, string, bit sequence, and/or other data value intended to substitute for or represent account information associated with a user.
  • the token may be derived from or directly related to a primary account number (PAN) or other payment account information (e.g., pseudo PAN, dynamic PAN, obfuscated PAN, partially encrypted PAN, etc.).
  • PAN primary account number
  • the token may be derived from or directly related to a primary account number (PAN) or other payment account information (e.g., pseudo PAN, dynamic PAN, obfuscated PAN, partially encrypted PAN, etc.).
  • the token may include a randomly generated identifier that is associated with the user account.
  • the token certificate may include a digital certificate or other data that authenticates a token using a digital signature.
  • the digital signature may be generated by a token provider or other authorized entity.
  • the token certificate may include a token identifier (e.g., a hash of the token), and the digital signature of the token certificate may be generated using the token identifier.
  • the token certificate may also include other data defining the use of the token, such as an expiration date and a transaction context identifier.
  • the transaction request may include other data, such as goods or services to be purchased, an amount of the transaction, information regarding the user, etc. For example, in transit transactions, the transaction request may indicate a fare to be paid.
  • the token certificate is verified using a digital signature included in the certificate.
  • verifying the digital signature may include decrypting the digital signature using a trusted entity's public key and comparing the result to an expected value.
  • the expected value may be, for example, a hash of part or all of the certificate.
  • one or more trusted certificates and/or trusted public keys corresponding to trusted entities may be maintained. If a token certificate is signed by one of the stored trusted certificates or trusted public keys, then the token certificate may be verified offline (i.e., without any communication with other devices).
  • a token certificate may include a token identifier such as a hash of the token.
  • verifying the token may include ensuring a hash of the token matches the token identifier of the token certificate.
  • a token certificate may include a transaction context identifier.
  • verifying the token may include verifying that the token is being used in an appropriate context.
  • a token certificate may indicate that a token is only valid for use at a transit provider. An access device or other entity performing step 804 can then confirm that the entity is associated with the transit provider. If the check fails, the token may be rejected as being used in the wrong context (i.e., it may be
  • token access restrictions such as restrictions on the date or time of use, may also be checked at step 804.
  • any goods or services associated with the token or a transaction are provided.
  • the access device may beep or provide another indication that the user is authorized to board the bus.
  • the access device is a parking meter, the parking meter may display an amount of time for which the spot is reserved.
  • the access device may actuate a restriction mechanism (such as a gate or turnstile) to allow a user access to a location.
  • a transaction is conducted using the token.
  • Conducting the transaction may include, for example, ensuring that a user's account has been billed for goods or services provided.
  • conducting a transaction may comprise sending an authorization request message for a transaction (e.g., as described with reference to FIG. 1) including the received token.
  • Transaction processing module 314 may also receive and process an authorization response message indicating the status of the transaction.
  • transaction processing may occur after a token has been verified at step 804.
  • FIG. 9 shows a method 900 of conducting a transit transaction using a token in accordance with some embodiments of the invention.
  • the steps in the method may be performed by a user device (e.g., user device 200), an access device (e.g., access device 300), a transit provider computer (e.g., payment processing network 103 or issuer computer 104), or any other suitable entity.
  • a user device e.g., user device 200
  • an access device e.g., access device 300
  • a transit provider computer e.g., payment processing network 103 or issuer computer 104
  • a user device sends a token request to a transit provider computer.
  • a transit provider computer may include any server computer associated with a transit provider.
  • the token request may include information relating to the user, such as any special statuses (e.g., child, senior, disabled) that the user qualifies for.
  • the token restrictions may be tied to differential pricing (e.g., a senior discount).
  • the transit provider computer sends a token response to the user device.
  • the token response includes a token and a token certificate.
  • the token certificate may include a token identifier that is a hash of the token, and access restrictions such as a transit provider identifier and any special statuses for the user.
  • the user device sends a transaction request to an access device.
  • the transaction request includes the token and the token certificate.
  • the access device is a contactless reader on a bus
  • the user may wave the user device past the contactless reader.
  • the access device is connected to a turnstile, gate, or other access restriction mechanism
  • the user may similarly present the user device to the access restriction mechanism.
  • the access device is a handheld reader operated by a conductor, ticket inspector, or other personnel, then the user device may be presented to the access device.
  • the access device verifies the token certificate using the digital signature. In some embodiments, the token certificate may be verified in a similar manner as described with reference to step 802 of FIG. 8. [0114] At step 905, the access device verifies the token using the token certificate. In some embodiments, the token certificate may be verified in a similar manner as described with reference to step 803 of FIG. 8.
  • the access device verifies the transit provider identifier and the token access restrictions included in the token certificate. For example, the access device can verify that it is associated with a transit provider corresponding to the transit provider identifier, that any time or date restrictions are met, etc. In addition, in some embodiments, the access device may receive confirmation from an operator that to determine that access restrictions are met. For example, if the token certificate indicates that the token is for a senior, a ticket inspector may confirm that the user is actually a senior.
  • the access device may allow access to a location. For example, if the access device is connected to a restriction mechanism (e.g., a gate or turnstile), the access device may send a signal to actuate the restriction mechanism.
  • the access device conducts a transaction using the token. In some embodiments, the transaction may occur a period of time after step 907. For example, in some embodiments, transactions conducted at the access device may be processed on an hourly, daily, or otherwise asynchronous basis. In some embodiments, conducting a transit transaction may involve sending a message (e.g., an authorization request message) including the token to a transit provider computer.
  • a message e.g., an authorization request message
  • the transit provider computer may then determine a user account associated with the token, and debit or credit a corresponding amount from the user account.
  • the access device and/or the transit provider computer may determine an amount for the transaction based on the token certificate. For example, if the token certificate indicates that the user is a senior, the access device and/or the transit provider computer may calculate a transaction amount after a senior discount is applied.
  • FIG. 10 shows an example of a portable user device 101" in the form of a card.
  • the portable user device 101" comprises a plastic substrate 101(m).
  • a contactless element 101(o) for interfacing with an access device 102 may be present on, or embedded within, the plastic substrate 101(m).
  • User information 101 (p) such as an account number, expiration date, and/or a user name may be printed or embossed on the card.
  • a magnetic stripe 101(n) may also be on the plastic substrate 101 (m).
  • the portable user device 101" may comprise a microprocessor and/or memory chips with user data stored in them.
  • the portable user device 101" may include both a magnetic stripe 101(n) and a contactless element 101(o). In some embodiments, both the magnetic stripe 101(n) and the contactless element 101(o) may be in the portable user device 101". In some embodiments, either the magnetic stripe 101(n) or the contactless element 101(o) may be present in the portable user device 101".
  • FIG. 11 is a high level block diagram of a computer system that may be used to implement any of the entities or components described above.
  • the subsystems shown in FIG. 11 are interconnected via a system bus 1175. Additional subsystems include a printer
  • Peripherals and input/output (I/O) devices which couple to I/O controller 1100, can be connected to the computer system by any number of means known in the art, such as a serial port.
  • serial port 1105 or external interface 1108 can be used to connect the computer apparatus to a wide area network such as the Internet, a mouse input device, or a scanner.
  • the interconnection via system bus 1175 allows the central processor 1102 to communicate with each subsystem and to control the execution of instructions from system memory 1101 or the fixed disk 1107, as well as the exchange of information between subsystems.
  • the system memory 1101 and/or the fixed disk may embody a computer- readable medium.
  • Storage media and computer-readable media for containing code, or portions of code can include any appropriate media known or used in the art, including storage media and communication media, such as but not limited to volatile and non- volatile, removable and non-removable media implemented in any method or technology for storage and/or transmission of information such as computer-readable instructions, data structures, program modules, or other data, including RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, data signals, data transmissions, or any other medium which can be used to store or transmit the desired information and which can be accessed by the computer.
  • RAM random access memory
  • ROM read only memory
  • EEPROM electrically erasable programmable read-only memory
  • flash memory electrically erasable programmable read-only memory
  • CD-ROM compact disc read-only memory
  • DVD digital versatile disk
  • magnetic cassettes magnetic tape
  • magnetic disk storage magnetic disk storage devices
  • data signals data transmission
  • Any of the software components or functions described in this application may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object- oriented techniques.
  • the software code may be stored as a series of instructions, or commands on a computer readable medium, such as a random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM.
  • RAM random access memory
  • ROM read only memory
  • magnetic medium such as a hard-drive or a floppy disk
  • optical medium such as a CD-ROM.
  • Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Methods, devices, and systems are provided for verifying tokens using limited-use certificates. For example, a user device can send a token request to a token provider computer, and receive in response a token and a token certificate associated with the token. The token certificate may include, for example, a hash of the token and a digital signature by the token provider computer or another trusted entity. The user device can provide the token and the token certificate to an access device. The access device can verify the token using the token certificate, and verify the token certificate using a digital signature. In some cases, the token and token certificate may be verified offline. The access device can then conduct a transaction using the token.

Description

TOKEN VERIFICATION USING LIMITED USE CERTIFICATES
CROSS-REFERENCES TO RELATED APPLICATIONS
[0001] The present application is a non-provisional application of and claims priority to U.S. Provisional Application No. 61/935,625, filed on February 4, 2014 (Attorney Docket No.: 79900-896871), the entire contents of which are hereby incorporated by reference for all purposes.
BACKGROUND
[0002] Tokenization provides many advantages when conducting transactions, such as improving efficiency and security. However, in order to verify the authenticity of a token, a connection to a token server (e.g., a server that generated the token) may be required. Once a connection to the token server is made, the token may be checked for validity (e.g., to determine whether it may be used for a transaction, etc.). However, in many situations, such as when tokens are used in a mass transit system or at some merchant locations, an online connection to a token server to validate the token may be unavailable, or such an online connection may be too slow to accommodate the amount of transaction volume that takes place in a short amount of time.
[0003] Embodiments of the present invention address these problems and other problems individually and collectively.
BRIEF SUMMARY
[0004] Embodiments of the invention relate to methods, devices, and systems for verifying tokens using limited-use certificates.
[0005] In some embodiments, a user device can send a token request to a token provider computer, and receive in response a token and a token certificate associated with the token. The token certificate may include, for example, a hash of the token and a digital signature by the token provider computer or another trusted entity. The user device can provide the token and the token certificate to an access device. The access device can verify the token using the token certificate, and verify the token certificate using a digital signature. In some cases, the token and token certificate may be verified offline. The access device can then conduct a transaction using the token.
[0006] Other embodiments are directed to systems, portable consumer devices, and computer readable media associated with methods described herein. [0007] A better understanding of the nature and advantages of embodiments of the present invention may be gained with reference to the following detailed description and the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0008] FIG. 1 shows an example of a system that may be used with embodiments of the invention.
[0009] FIG. 2 shows an example of a user device in accordance with some embodiments.
[0010] FIG. 3 shows an example of an access device in accordance with some
embodiments.
[0011] FIG. 4 shows an example of a token system in accordance with some embodiments. [0012] FIG. 5 shows an example of a token certificate in accordance with some
embodiments.
[0013] FIG. 6 shows a method of obtaining a token and a token certificate by a user device in accordance with some embodiments.
[0014] FIG. 7 shows a method of generating and provisioning a token by a token provider computer in accordance with some embodiments.
[0015] FIG. 8 shows a method of conducting a transaction by an access device using a token in accordance with some embodiments.
[0016] FIG. 9 shows a method of conducting a transit transaction using a token in accordance with some embodiments. [0017] FIG. 10 shows an example of a portable user device.
[0018] FIG. 11 shows an example of a computer apparatus. TERMS
[0019] Prior to discussing embodiments of the invention, description of some terms may be helpful in understanding embodiments of the invention.
[0020] The term "server computer" may include a powerful computer or cluster of computers. For example, the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. In one example, the server computer may be a database server coupled to a Web server. The server computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers. The server computer may comprise one or more computational apparatuses and may use any of a variety of computing structures, arrangements, and compilations for servicing the requests from one or more client computers.
[0021] The term "public/private key pair" may include a pair of linked cryptographic keys generated by an entity. The public key may be used for public functions such as encrypting a message to send to the entity or for verifying a digital signature which was supposedly made by the entity. The private key, on the other hand may be used for private functions such as decrypting a received message or applying a digital signature. The public key will usually be authorized by a body known as a Certification Authority (CA) which stores the public key in a database and distributes it to any other entity which requests it. The private key will typically be kept in a secure storage medium and will usually only be known to the entity. However, the cryptographic systems described herein may feature key recovery mechanisms for recovering lost keys and avoiding data loss. Public and private keys may be in any suitable format, including those based on RSA or elliptic curve cryptography (ECC).
[0022] A "digital signature" may refer to the result of applying an algorithm based on a public/private key pair, which allows a signing party to manifest, and/or a verifying party to verify, the authenticity and/or integrity of a document. The signing party acts by means of the private key and the verifying party acts by means of the public key. This process certifies the authenticity of the sender, the integrity of the signed document and the so-called principle of nonrepudiation, which does not allow disowning what has been signed. A certificate or other data that includes a digital signature by a signing party is said to be "signed" by the signing party. In some embodiments, the digital signature may be performed in accordance with RSA public key cryptography. [0023] A "certificate" may include an electronic document or data file that uses a digital signature to bind data (e.g., a token) with data associated with an identity. The certificate may include one or more data fields, such as the legal name of the identity, a serial number of the certificate, a valid- from and valid-to date for the certificate, certificate-related
permissions, etc. A certificate may contain a "valid-from" date indicating the first date the certificate is valid, and a "valid-to" date indicating the last date the certificate is valid. A certificate may also contain a hash of data protected by the certificate including the data fields. The hash may include data contained within the certificate, and/or data that is not contained in the certificate. Hence, a hash can be used to enable the certificate to protect a data set that is larger than the certificate size (e.g., a hash of data fields in the certificate and additional data not contained in the certificate). In some embodiments, each certificate is signed by a certificate authority. In some embodiments, a certificate may be in any suitable format, such as those defined in Europay, MasterCard, and Visa (EMV) standard ISO 9796 and ITU-T standard X.509. [0024] A "certificate authority" (CA) may include one or more server computers operatively coupled to issue certificates to entities. The CA may prove its identity using a CA certificate, which includes the CA's public key. The CA certificate may be signed by another CA's private key, or may be signed by the same CA's private key. The latter is known as a self-signed certificate. The CA also typically maintains a database of all certificates issued by the CA.
[0025] In some implementations, the certificate authority receives an unsigned certificate from an entity whose identity is known. The unsigned certificate includes a public key, one or more data fields, and a hash of the data in the certificate. The CA signs the certificate with a private key corresponding to the public key included on the CA certificate. The CA may then store the signed certificate in a database, and issue the signed certificate to the entity.
[0026] A "token" may include a number, string, bit sequence, and/or other data value intended to substitute for or represent account information associated with a user. In some embodiments, there may not be a need to substitute account information such as a primary account number (PAN) with a token - in which case, the account information or PAN can be used as the token. In some embodiments, the token may be derived from or directly related to a primary account number (PAN) or other payment account information (e.g., pseudo PAN, dynamic PAN, obfuscated PAN, partially encrypted PAN, etc.). In some embodiments, the token may include a randomly generated identifier that is associated with the user account.
[0027] A "token certificate" may include a digital certificate or other data that authenticates a token using a digital signature. The digital signature may be generated by a token provider or other authorized entity. In some cases, the token certificate may include a token identifier (e.g., a hash of the token), and the digital signature of the token certificate may be generated using the token identifier. The token certificate may also include other data defining the use of the token, such as an expiration date and a transaction context identifier.
[0028] A "token access restriction" may include a restriction or other limitation relating to the use of a token. A token access restriction may include, for example, a maximum transaction value, an expiration date for the token, and a transaction context for the token.
[0029] A "transaction context" may include any information relating to situations in which a token may be used. For exmaple, a transaction context may indicate access devices or merchants at which the token is valid, dates and times during which the token is valid, etc. A "transaction context identifier" may include any data suitable to identify a transaction context.
[0030] A "transaction context" may include an indication of a context or system in which a token is valid. In some cases, the transaction context may indicate a provider or other system with which the token may be used. For example, a transaction context may indicate that a token is only valid for use with a particular transit provider.
DETAILED DESCRIPTION
[0031] Embodiments of the invention relate to methods, devices, and systems for verifying tokens using limited-use certificates. [0032] In some embodiments, a user device can send a token request to a token provider computer, and receive in response a token and a token certificate associated with the token. The token certificate may include, for example, a hash of the token and a digital signature by the token provider computer or another trusted entity. The user device can provide the token and the token certificate to an access device. The access device can verify the token using the token certificate, and verify the token certificate using a digital signature. In some cases, the token and token certificate may be verified offline. The access device can then conduct a transaction using the token. [0033] Embodiments can provide systems and methods for conducting transaction using tokens without requiring a connection to a validating server. The use of tokens to conduct transactions provides several advantages. For example, since a token may identify an account without using an account number, tokens can be used to protect sensitive information and/or identity of a user from unscrupulous parties. In addition, tokens can be configured to be valid for limited periods of time, which limits the damage that may occur if the token is compromised.
[0034] In addition, by using a token certificate associated with token, embodiments can allow an access device, terminal, or other entity to determine access restrictions for the token. Further, since the token certificate may be signed by an issuer, certificate authority (CA), or other trusted party, the access device or terminal may cryptographically verify the
authenticity of the token certificate without network connectivity. Thus, embodiments can allow access restrictions on tokens to be enforced in offline environments, or where a network connection is too slow relative to transaction volume. Furthermore, embodiments can allow token verification to performed faster and more efficiently, because processing time does not depend on network latency, bandwidth, or the speed of a remote token server.
I. SYSTEMS
[0035] FIG. 1 shows an example of a system that may be used with embodiments of the invention. The system comprises a user (not shown) who may operate a user device 200. The user may use user device 200 to conduct transactions (e.g., payment transaction, access transaction, etc.) in communication with an access device 300. As used herein, a "user device" may include a mobile phone, tablet, credit card, debit card, or any other suitable device. In some cases, a user device may be a wearable device, such as a watch or smart watch, fitness band, ankle bracelet, ring, earring, etc. Access device 300 may be connected to merchant computer 101, which may be connected to acquirer computer 102. Acquirer computer 102 may be connected to issuer computer 104 via payment processing network 103.
[0036] As used herein, an "issuer" may typically refer to a business entity (e.g., a bank) that maintains an account for a user and may issue a user device 200 such as a credit or debit card to the user, or provision a user device 200 such as a mobile phone. An issuer may also issue a token and a token certificate to user device 200. [0037] A "merchant" is typically an entity that engages in transactions and can sell goods or services, or provide access to goods or services. In some cases, the merchant may be associated with a transit provider or other access provider. In some cases, the issuer and merchant may be the same entity. For example, a transit provider may both maintain accounts for users and operate access devices 300 used to conduct transactions.
[0038] An "acquirer" is typically a business entity (e.g., a commercial bank) that has a business relationship with a particular merchant or other entity. Some entities can perform both issuer and acquirer functions. Some embodiments may encompass such single entity issuer-acquirers. [0039] Each of the entities may comprise one or more computer apparatuses (e.g., access device 300, merchant computer 101, acquirer computer 102, payment processing network 103, and issuer computer 104) to enable communications, or to perform one or more of the functions described herein.
[0040] The payment processing network 103 may include data processing subsystems, networks, and operations used to support and deliver certificate authority services, authorization services, exception file services, transaction scoring services, and clearing and settlement services. An exemplary payment processing network may include VisaNet™. Payment processing networks such as VisaNet™ are able to process credit card transactions, debit card transactions, and other types of commercial transactions. VisaNet™, in particular, includes a VIP system (Visa Integrated Payments system) which processes authorization requests and a Base II system which performs clearing and settlement services.
[0041] The payment processing network 103 may include one or more server computers. A server computer is typically a powerful computer or cluster of computers. For example, the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. In one example, the server computer may be a database server coupled to a Web server. The payment processing network 103 may use any suitable wired or wireless network, including the Internet.
[0042] The user may conduct a transaction at a merchant using a user device 200. The transaction may be a payment transaction (e.g., for the purchase of a good or service), an access transaction (e.g., for access to a transit system), or any other suitable transaction. The user's user device 200 can interact with an access device 300 at a merchant associated with merchant computer 101. For example, the user may tap a portable user device 200 against an NFC reader in the access device 300. Alternately, the user may indicate account information to the merchant electronically, such as in an online transaction. In some cases, the user device 200 may transmit to the access device an account identifier, such as a token.
[0043] In some embodiments, an online authorization of the transaction may be performed directly after the user presents account information. In other embodiments, online authorization may be deferred until a later time. For example, in some embodiments, access device 300 or merchant computer 101 may verify user device 200 (e.g., by verifying the signature, validity of the certificate, and/or use restrictions such as time limits and/or purchase type restrictions included on a certificate) when user device 200 interfaces with access device 300 or merchant computer 101. Once user device 200 is verified, the user may receive and/or use goods or services, and/or be granted access to a location, etc., before the transaction is authorized online. Later, depending on various network access, processing time, or other constraints, an online authorization including an authorization request message may be conducted. [0044] For example, a user may tap a user device 200 such as a contactless card at access device 300 on a bus when boarding the bus. Access device 300 may verify user device 200 by verifying a certificate and access restrictions on user device 200. Once the user device 200 is verified, the user may board the bus without requiring an online authorization of the transaction. Later, when the bus reaches a bus terminal, access device 300 may gain wireless connectivity and initiate online authorization for the user's transaction.
[0045] In order to perform online authorization for a transaction, an authorization request message may be generated by access device 300 or merchant computer 101 and then forwarded to the acquirer computer 102. After receiving the authorization request message, the authorization request message is then sent to the payment processing network 103. The payment processing network 103 then forwards the authorization request message to the corresponding issuer computer 104 associated with an issuer associated with the user device 200.
[0046] An "authorization request message" may be an electronic message that is sent to a payment processing network and/or an issuer of a payment card to request authorization for a transaction. An authorization request message according to some embodiments may comply with ISO 8583, which is a standard for systems that exchange electronic transaction information associated with a payment made by a user using a payment device or payment account. The authorization request message may include an issuer account identifier that may be associated with a payment device or payment account. An authorization request message may also comprise additional data elements corresponding to "identification information" including, by way of example only: a service code, a CVV (card verification value), a dCVV (dynamic card verification value), an expiration date, etc. An authorization request message may also comprise "transaction information," such as any information associated with a current transaction, such as the transaction amount, merchant identifier, merchant location, etc., as well as any other information that may be utilized in determining whether to identify and/or authorize a transaction. The authorization request message may also include other information such as information that identifies the access device that generated the authorization request message, information about the location of the access device, etc.
[0047] After the issuer computer 104 receives the authorization request message, the issuer computer 104 sends an authorization response message back to the payment processing network 103 to indicate whether the current transaction is authorized (or not authorized). The payment processing network 103 then forwards the authorization response message back to the acquirer computer 102. In some embodiments, payment processing network 103 may decline the transaction even if issuer computer 104 has authorized the transaction, for example depending on a value of the fraud risk score. The acquirer computer 102 then sends the response message back to the merchant computer 101.
[0048] An "authorization response message" may be an electronic message reply to an authorization request message generated by an issuing financial institution 104 or a payment processing network 103. The authorization response message may include, by way of example only, one or more of the following status indicators: Approval— transaction was approved; Decline— transaction was not approved; or Call Center— response pending more information, merchant must call the toll-free authorization phone number. The authorization response message may also include an authorization code, which may be a code that a credit card issuing bank returns in response to an authorization request message in an electronic message (either directly or through the payment processing network 103) to the merchant computer 101 that indicates approval of the transaction. The code may serve as proof of authorization. As noted above, in some embodiments, a payment processing network 103 may generate or forward the authorization response message to the merchant. [0049] After the merchant computer 101 receives the authorization response message, the merchant computer 101 may then provide the authorization response message for the user. The response message may be displayed by the access device 300, or may be printed out on a physical receipt. Alternately, if the transaction is an online transaction, the merchant may provide a web page or other indication of the authorization response message as a virtual receipt. The receipts may include transaction data for the transaction.
[0050] At the end of the day, a normal clearing and settlement process can be conducted by the payment processing network 103. A clearing process is a process of exchanging financial details between an acquirer and an issuer to facilitate posting to a customer's payment account and reconciliation of the user's settlement position.
A. User Device
[0051] FIG. 2 shows an example of a user device 200 in accordance with some
embodiments. Examples of user devices 200 may include mobile phones, tablets, desktop and laptop computers, wearable devices (e.g., smart watches, fitness bands, ankle bracelets, rings, earrings, etc.), or any other computing device suitable for receiving, storing, and transmitting tokens. User device 200 may include a processor 201 communicatively coupled to a network interface 202, a memory 203, and a computer readable medium 210.
[0052] The processor 201 can comprise one or more CPUs, each of which may comprise at least one processor cores operable to execute program components for executing user and/or system-generated requests. The CPU may be a microprocessor such as AMD's Athlon,
Duron and/or Opteron; IBM and/or Motorola's PowerPC; IBM's and Sony's Cell processor; Intel's Celeron, Itanium, Pentium, Xeon, and/or XScale; and/or the like processor(s). The CPU interacts with memory through signal passing through conductive conduits to execute stored signal program code according to conventional data processing techniques. In some cases, processor 201 can include multiple CPUs coupled over a network, such as in a distributed or cluster computing system.
[0053] The network interface 202 may be configured to allow user device 200 to communicate with other entities such as access device 300, issuer computer 104, etc. using one or more communications networks. Network interfaces may accept, communicate, and/or connect to a communications network. Network interfaces may employ connection protocols such as, but not limited to: direct connect, Ethernet (thick, thin, twisted pair 10/100/1000 Base T, and/or the like), Token Ring, wireless connection such as IEEE
802.1 la-x, and/or the like. A communications network may be any one and/or the combination of the following: a direct interconnection; the Internet; a Local Area Network (LAN); a Metropolitan Area Network (MAN); a secured custom connection; a Wide Area Network (WAN); a wireless network (e.g., employing protocols such as, but not limited to a Wireless Application Protocol (WAP), I-mode, and/or the like); and/or the like.
[0054] The memory 203 may be used to store data and code. The memory 203 may be coupled to the processor 201 internally or externally (e.g., cloud based data storage), and may comprise any combination of volatile and/or non-volatile memory, such as RAM, DRAM, ROM, flash, or any other suitable memory device.
[0055] The computer-readable medium 210 may be in the form of a memory (e.g., flash, ROM, etc.) and may comprise code, executable by the processor 201 for implementing the methods described herein. The computer readable medium 210 may include a transit application 211, a parking meter application 212, another application 213, a token enrollment module 214, a token transaction module 215, and a token storage module 216.
[0056] Transit application 211 may include any program, app, software, or other code suitable to conduct transactions with a transit provider. In some embodiments, transit application 211 may be specific to a single transit provider or a group of transit providers. Alternatively, transit application 211 can be general purpose, such as a web browser that accesses a transit provider's website. Transit application 211 may include a user interface to browse for and select transit services to be purchased, and to conduct transit transactions. For example, a user may use transit application 211 to purchase one-way or round-trip tickets, fixed duration or value passes, and other goods. Transit application 211 may determine a cost of the goods to be purchased, obtain a token corresponding to the purchased goods and a token certificate corresponding to the token, and send the token and token certificate to an access device in order to conduct a transaction (e.g., pay a fare or provide proof of payment of the fare).
[0057] Parking meter application 212 may include any program, app, software, or other code suitable to conduct transactions with a parking provider. In some embodiments, parking meter application 212 may be specific to a parking provider or a group of parking providers. Alternatively, parking meter application 212 can be general purpose, such as a web browser that accesses a parking provider's website. Parking meter application 211 may include a user interface to browse for and select parking spaces to be purchased, and to pay for the parking spaces. For example, a user may use parking meter application 212 to purchase a certain duration of parking, parking permits, and other goods. Parking meter application 211 may determine a cost of the goods to be purchased, obtain a token corresponding to the purchased goods and a token certificate corresponding to the token, and send the token and token certificate to an access device in order to conduct a transaction (e.g., pay for parking or provide proof of payment).
[0058] Other application 213 may include any program, app, software, or other code suitable to conduct any other type of transaction. In some embodiments, parking meter application 212 may be specific to a parking provider or a group of parking providers. For example, other application 213 may be configured to determine goods or services for a transaction, obtain a token and token certificate, and use the token and token certificate to pay for the goods or services at an access device (e.g., access device 300).
[0059] Token enrollment module 214 may include any program, software, or other code suitable to enroll a user device with a token provider (e.g., token provider computer 401). For example, in some embodiments, token enrollment module 214 may be configured to communicate with a token provider computer to send a token request. The token request may include account information, such as a primary account number (PAN). In response, token enrollment module 214 may receive a token and a token certificate corresponding to the token. The token and/or the token certificate may be stored in token storage module 216. In some embodiments, an application, such as applications 211-213 may interface with token enrollment module 214 to obtain a token and a token certificate from a token provider.
[0060] Token transaction module 215 may include any program, software, or other code suitable to conduct or initiate a transaction using a token. For example, token transaction module 215 may be configured to retrieve a token and a token certificate, provide the token and token certificate to an access device (e.g., access device 300) for a transaction, and receive a response from the access device indicating the status of the transaction. In some embodiments, an application, such as applications 211-213 may interface with token transaction module 215 to conduct a transaction using a token. For example, in one embodiment, a transit application may determine that user device 200 has moved near a contactless reader of an access device, determine an appropriate context and token (or just token), and interface with token transaction module 215 to provide the corresponding token and token certificate to the access device.
[0061] Token storage module 216 may include any software and/or hardware suitable to store tokens and/or token certificates. Typically, token storage module 216 may be secured, so that unauthorized entities (such as other programs running on user device 200) cannot access the stored token. In some embodiments, the security of token storage module 216 may be provided in software, such as through host card emulation (HCE). In other embodiments, the security of token storage module 216 may be provided through hardware, such as a hardware security module (HSM), secure element, trusted execution environment (TEE), etc. In yet other embodiments, the security of token storage module 216 may use a combination of software and hardware.
[0062] Although FIG. 2 illustrates one example of a user device 200, it should be noted that embodiments are not limited to the shown device. Rather, a user device in accordance with embodiments may be missing one or more elements shown in FIG. 2, and may include other elements not shown. For example, embodiments are not limited to transit applications or parking meter applications.
B. Access Device
[0063] FIG. 3 shows an example of an access device 300 in accordance with some embodiments. Examples of access devices 200 may include mobile devices (e.g., mobile phones, tablets, wearable devices), desktop or laptop computers, point of sale (POS) terminals, or any other computing device suitable for receiving and conducting transactions using tokens. Access device 300 may include a processor 301 communicatively coupled to a network interface 302, a memory 303, and a computer readable medium 310. In some embodiments, processor 301 , network interface 302, memory 303, and computer-readable medium 310 may be similar to the corresponding elements as described with reference to user device 200 of FIG. 2.
[0064] The computer readable medium 310 may include a device communication module 311, a certificate verification module 212, a token verification module 313, and a transaction processing module 314. [0065] Device communication module 311 may include any software and/or hardware configured to communicate with user devices, such as user device 200. For example, in some embodiments, access device 300 may communicate using a contactless or wireless protocol, such as NFC or PayWave™. In such embodiments, device communication module 311 may include a contactless transceiver and firmware or other software configured to send signals to and receive signals from user devices. In some embodiments, device communication module 311 may be configured to receive a token and a token certificate from a user device in one or more messages.
[0066] Certificate verification module 312 may include any software and/or hardware configured to verify digital certificates, such as token certificates. For example, in some embodiments, certificate verification module 312 may include code operable to verify a digital signature included in a token certificate. In some embodiments, verifying the digital signature may include decrypting the digital signature using a trusted entity's public key and comparing the result to an expected value. The expected value may be, for example, a hash of part or all of the certificate. In some embodiments, certificate verification module 312 may maintain one or more trusted certificates and/or trusted public keys corresponding to trusted entities, such as token providers. If a token certificate is signed by one of the stored trusted certificates or trusted public keys, then the token certificate may be verified offline (i.e., without any communication with other devices). In some embodiments, some or all of the functionality of certificate verification module 312 may be performed by dedicated hardware such as an HSM or cryptoproccessor. [0067] Token verification module 313 may include any program, software, or other code suitable to verify the legitimacy and the use of a token. Typically, token verification module 313 may verify a token using data included in a valid token certificate. For example, in some cases, a token certificate may include a token identifier such as a hash of the token. In such cases, verifying the token may include ensuring a hash of the token matches the token identifier of the token certificate. In some embodiments, a token certificate may also include a context identifier. In such embodiments, verifying the token may include verifying that the token is being used in an appropriate context. For example, a token certificate may indicate that a token is only valid for use at a transit provider. Token verification module 313 can then ensure that access device 300 is associated with the transit provider. If the check fails, the token may be rejected as being used in the wrong context (i.e., it may be unauthorized).
[0068] Transaction processing module 314 may include any program, software, or other code suitable to conduct or initiate a transaction using a token. For example, transaction processing module 314 may be configured to generate and send an authorization request message for a transaction (e.g., as described with reference to FIG. 1) including a received token. Transaction processing module 314 may also receive and process an authorization response message indicating the status of the transaction. In some embodiments, transaction processing may occur some time after a token has been verified (e.g., by token verification module 313). For example, if access device 300 is on a city bus that does not have a persistent network connection, authorization for a transaction may not be performed until the end of the day when the bus returns to a bus terminal with wireless internet access.
[0069] Although FIG. 3 illustrates one example of an access device 300, it should be noted that embodiments are not limited to the shown device. Rather, an access device in accordance with embodiments may be missing one or more elements shown in FIG. 3, and may include other elements not shown.
[0070] Although FIG. 3 illustrates one example of an access device 300, it should be noted that embodiments are not limited to the shown device. Rather, an access device in accordance with embodiments may be missing one or more elements shown in FIG. 3, and may include other elements not shown.
C. Token System
[0071] FIG. 4 shows an example of a token system in accordance with some embodiments. As shown in FIG. 4, the token system includes user device 200 (as further described with reference to FIG. 2), access device 300 (as further described with reference to FIG. 3), payment processing network 103 (as further described with reference to FIG. 1), and a token provider computer 401.
[0072] Token provider computer 401 may comprise any server computer suitable to associate account information with tokens. For example, in some embodiments, token provider computer may be configured to receive a token request including account information, authenticate and authorize the token request, generate a token, associate the token with the account corresponding to the received account information, and return a token response including the token. In some embodiments, the token response may also include a token certificate corresponding to the token. [0073] In some embodiments, token provider computer 401 may be operated by, on behalf of, or otherwise associated with another entity. For example, in some embodiments, token provider computer 401 may be operated by issuer computer 104 of an account.
[0074] In one embodiment, token enrollment module 214 of user device 200 sends a token request to token provider computer 401. The token request may include, for example, account information for a user account, and user credentials (e.g., a username and password). In response, token provider computer 401 returns a token response including a token and a token certificate to token enrollment module 214. Token enrollment module 214 stores the token in token storage module 216. [0075] At a later time, a user may present user device 200 to access device 300 in order to conduct a transaction. For example, the user may operate an application 213 running on the user device. Application 213 may retrieve the token and the token certificate from token storage module 216. Application 213 then interfaces with token transaction module 215 to initiate a transaction with access device 300. Token transaction module 215 sends a transaction request including the token and the token certificate to device communication module 311 of access device 300.
[0076] Once device communication module 311 receives the transaction request, it forwards the token certificate to certificate verification module 312 for verification. If the token certificate is verified, token verification module 313 verifies the token. Once both the token certificate and the token are verified, access device 300 may provide an indication of the verification. For example, access device 300 may grant access to a location, or may actuate a restriction mechanism (e.g., a gate or a turnstile) that allows the user access. At a later time, transaction processing module 314 conducts a transaction using the token. For example, transaction processing module 314 generates and sends an authorization request message to payment processing network 103. Payment processing network 103 determines if the transaction is authorized or declined, and sends an authorization response message to transaction processing module 314. Transaction processing module 314 may then indicate (e.g., display) the status of the transaction.
D. Token Certificate [0077] FIG. 5 shows an example of a token certificate 510 in accordance with some embodiments. In some cases, a token 501 may be issued to user device 200 by a token provider computer 401. As shown in FIG. 5, the token certificate 510 may comprise a token identifier 511, an expiration date 512, a transaction context identifier 513, and a digital signature 205.
[0078] Token identifier 511 may include any data suitable to identify a token. In some cases, the token identifier 511 may be the token 501 itself. In other cases, the token identifier 511 may store a protected form of the token 501. For example, token identifier 511 may store a cryptographic hash of the token 501.
[0079] Expiration date 512 may include any data suitable to define an expiration date associated with the token. Expiration date 512 may indicate, for example, the last day, month, and year on which the token may be used. Expiration date 512 may be stored in any suitable form, such as a UTC timestamp. In some embodiments, expiration date 512 may include a two-digit expiration day for the token.
[0080] Transaction context identifier 513 may include any data suitable to identify a transaction context for a token. For example, if a token may only be used at a mass transit provider, the transaction context may include an identifier for the transit provider.
Transaction context identifier 513 may be used, for example, to prevent a payment token from being used at a transit terminal, and to prevent a transit token from being used at a non- transit merchant's point of sale terminal. In some embodiments, transaction context identifier
513 may be used to limit access to a particular transit provider, transit type (e.g., bus, rail, etc.), or be used to limit purchases to a particular merchant or product/service type (e.g., meals, clothing, etc.).
[0081] In some embodiments where the token certificate 510 comprises a bank
identification number (BIN) field, the transaction context identifier 510 may be included in the BIN. For example, the BIN field may comprise six digits for a token BIN, and two or more digits for a transit provider identifier associated with the token 501.
[0082] Digital signature 514 may include a digital signature by a certificate authority (CA), signatory party, or other trusted entity. For example, in some embodiments, digital signature
514 may be generated by a token provider computer 401 , an issuer computer 104, or a payment processing network 103. In some embodiments, the trusted entity used to sign the token certificate 510 may be identified using a public key index (PKI) specific to token certificates. [0083] In some embodiments the usage of a public key index that is specific to token certificates may be used to impose restrictions similar to those described above for transaction context identifier 513. For example, the public key index may be used to prevent a payment token from being used at a transit terminal, and to prevent a transit token from being used at a non-transit merchant's point of sale terminal.
II. METHODS
[0084] FIGs. 6-8 show methods of generating and obtaining a token and a token certificate, and using the token and token certificate to conduct a transaction.
A. User Device Obtaining Token Certificate [0085] FIG. 6 shows a method 600 of obtaining a token and a token certificate in accordance with some embodiments. Typically, method 600 may be performed by a user device, such as user device 200, which can request a token from token provider computer 401, as shown in FIG. 4. However, in some embodiments, some or all of the described steps may be performed by other entities. [0086] At step 601, a token request including account information is generated. Account information may include any data sufficient for identifying a user account. For example, in some embodiments, a user operating the user device may enter a username and password, an account number, and/or other account information. Alternatively, the account information may be received from another device, or may have been previously stored on user device 200. In some embodiments, the token request may also indicate a transaction context or other data to be associated with the requested token.
[0087] At step 602, the token request is sent to the token provider computer. In some embodiments, the appropriate token provider computer to direct the token request to may depend on the account information and/or the application (e.g., transit application 211, parking meter application 212, or other application 213) used to send the token request.
[0088] At step 603, a token response including a token and a token certificate is received from the token provider computer. The token may include a number, string, bit sequence, and/or other data value intended to substitute for or represent account information associated with a user. In some embodiments, there may not be a need to substitute account information such as a primary account number (PAN) with a token - in which case, the account information or PAN can be used as the token. In some embodiments, the token may be derived from or directly related to a primary account number (PAN) or other payment account information (e.g., pseudo PAN, dynamic PAN, obfuscated PAN, partially encrypted PAN, etc.). In some embodiments, the token may include a randomly generated identifier that is associated with the user account.
[0089] The token certificate may include a digital certificate or other data that authenticates a token using a digital signature. The digital signature may be generated by a token provider or other authorized entity. In some cases, the token certificate may include a token identifier (e.g., a hash of the token), and the digital signature of the token certificate may be generated using the token identifier. The token certificate may also include other data defining the use of the token, such as an expiration date and a transaction context identifier.
[0090] At step 604, the token is securely stored. In some embodiments, securely storing the token may include storing the token in token storage module 216.
[0091] It should be noted that although method 600 is described for illustrative purposes, in some embodiments other methods may be used to obtain a token and token certificate. For example, in some embodiments, step 601 may be performed by another entity, or may not be necessary. For example, a token may be requested by a desktop computer or other computing device. The token provider computer may then send the token and token certificate to the user device without requiring that the token request was received from user device 200. In some embodiments, the token and token certificate may be provisioned onto the user device 200 at the time of manufacture.
B. Token Provider Generating Token Certificate
[0092] FIG. 7 shows a method of generating and provisioning a token in accordance with some embodiments. Typically, method 700 may be performed by a token provider computer, such as token provider computer 401. However, in some embodiments, some or all of the described steps may be performed by other entities, such as merchant computer 101, payment processing network 103, and issuer computer 104.
[0093] At step 701, a token request is received including account information for a user's account. The received account information may include any data sufficient for identifying a user account. For example, in some embodiments, the account information may include a username and password, an account number, and/or other account information. In some embodiments, the token request may also include a transaction context or other data to be associated with the requested token.
[0094] At step 702, the account information is verified. For example, if the account information includes a username and password, verifying the account information may comprise verifying that the password matches a stored password (or password hash) for the username. In addition, in some embodiments, verifying the account information may include ensuring that the account is authorized to request tokens.
[0095] At step 703, a token is generated. The token may be generated in any suitable manner. For example, the token may be generated randomly or pseudo-randomly, or may be generated using a deterministic algorithm. Once the token is generated, it may be associated with the user's account. For example, the token may be stored in a database mapping the token to an account number.
[0096] At step 704, token access restrictions associated with the token are determined. The token access restrictions may include any restriction or other limitation relating to the use of a token. A token access restriction may include, for example, a maximum transaction value, an expiration date for the token, and a transaction context for the token. In some embodiments, the token access restrictions may be determined based data relating to the user's account. For example, the issuer of the user's account, a credit score or security level assocaited with the user's account, and any access restriction data included in the token request may influence the determined token access restrictions.
[0097] At step 705, a token certificate is generated using the determined token access restrictions. The token certificate may include a a token identifier (e.g., a hash of the token), and other data defining the use of the token, such as an expiration date,a transaction context identifier, or other access restrictions. [0098] At step 706, the token certificate is signed. Signing the token certificate may involve hashing some or all of the contents of the token certificate. The resulting hash may then be encrypted using a private key of a trusted entity, such as a token provider, payment processing network, or issuer, to generate a digital signature. The digital signature may then be included in the token certificate. In other embodiments, algorithms such as the Digital Signature Algorithm (DSA) and the Elliptic-Curve Digital Signature Algorithm (ECDSA) may be used. [0099] At step 707, a token response is transmitted to the user device including the token and the signed token certificate. In various embodiments, the token can be transmitted separately from the signed token certificate or in a same message.
C. Access Device Conducting Transaction [0100] FIG. 8 shows a method of conducting a transaction using a token in accordance with some embodiments. Typically, method 800 may be performed by an access device, such as access device 300. However, in some embodiments, some or all of the described steps may be performed by other entities, such as merchant computer 101, payment processing network 103, or issuer computer 104. [0101] At step 801, a transaction request is received including a token and a token certificate. The token may include a number, string, bit sequence, and/or other data value intended to substitute for or represent account information associated with a user. In some embodiments, there may not be a need to substitute account information such as a primary account number (PAN) with a token - in which case, the account information or PAN can be used as the token. In some embodiments, the token may be derived from or directly related to a primary account number (PAN) or other payment account information (e.g., pseudo PAN, dynamic PAN, obfuscated PAN, partially encrypted PAN, etc.). In some
embodiments, the token may include a randomly generated identifier that is associated with the user account. [0102] The token certificate may include a digital certificate or other data that authenticates a token using a digital signature. The digital signature may be generated by a token provider or other authorized entity. In some cases, the token certificate may include a token identifier (e.g., a hash of the token), and the digital signature of the token certificate may be generated using the token identifier. The token certificate may also include other data defining the use of the token, such as an expiration date and a transaction context identifier.
[0103] In addition, in some embodiments, the transaction request may include other data, such as goods or services to be purchased, an amount of the transaction, information regarding the user, etc. For example, in transit transactions, the transaction request may indicate a fare to be paid. [0104] At step 802, the token certificate is verified using a digital signature included in the certificate. In some embodiments, verifying the digital signature may include decrypting the digital signature using a trusted entity's public key and comparing the result to an expected value. The expected value may be, for example, a hash of part or all of the certificate. In some embodiments, one or more trusted certificates and/or trusted public keys corresponding to trusted entities may be maintained. If a token certificate is signed by one of the stored trusted certificates or trusted public keys, then the token certificate may be verified offline (i.e., without any communication with other devices).
[0105] At step 803, the token is verified using the token certificate. For example, in some embodiments, a token certificate may include a token identifier such as a hash of the token. In such cases, verifying the token may include ensuring a hash of the token matches the token identifier of the token certificate.
[0106] At step 804, token access restrictions included in the token certificate are checked. For example, in some embodiments, a token certificate may include a transaction context identifier. In such embodiments, verifying the token may include verifying that the token is being used in an appropriate context. For example, a token certificate may indicate that a token is only valid for use at a transit provider. An access device or other entity performing step 804 can then confirm that the entity is associated with the transit provider. If the check fails, the token may be rejected as being used in the wrong context (i.e., it may be
unauthorized). Other token access restrictions, such as restrictions on the date or time of use, may also be checked at step 804. [0107] If the token access restrictions are satisfied, any goods or services associated with the token or a transaction are provided. For example, if the access device is a terminal on a bus, the access device may beep or provide another indication that the user is authorized to board the bus. In another example, if the access device is a parking meter, the parking meter may display an amount of time for which the spot is reserved. In some cases, once the token access restrictions are verified, the access device may actuate a restriction mechanism (such as a gate or turnstile) to allow a user access to a location.
[0108] At step 805, a transaction is conducted using the token. Conducting the transaction may include, for example, ensuring that a user's account has been billed for goods or services provided. For example, in some embodiments, conducting a transaction may comprise sending an authorization request message for a transaction (e.g., as described with reference to FIG. 1) including the received token. Transaction processing module 314 may also receive and process an authorization response message indicating the status of the transaction. In some embodiments, transaction processing may occur after a token has been verified at step 804.
D. Example Transit Transaction
[0109] FIG. 9 shows a method 900 of conducting a transit transaction using a token in accordance with some embodiments of the invention. The steps in the method may be performed by a user device (e.g., user device 200), an access device (e.g., access device 300), a transit provider computer (e.g., payment processing network 103 or issuer computer 104), or any other suitable entity.
[0110] At step 901, a user device sends a token request to a transit provider computer. A transit provider computer may include any server computer associated with a transit provider. In some embodiments, in addition to account data for a transit account, the token request may include information relating to the user, such as any special statuses (e.g., child, senior, disabled) that the user qualifies for. In some embodiments, the token restrictions may be tied to differential pricing (e.g., a senior discount). [0111] At step 902, the transit provider computer sends a token response to the user device. The token response includes a token and a token certificate. The token certificate may include a token identifier that is a hash of the token, and access restrictions such as a transit provider identifier and any special statuses for the user.
[0112] At step 903, the user device sends a transaction request to an access device. The transaction request includes the token and the token certificate. For example, if the access device is a contactless reader on a bus, the user may wave the user device past the contactless reader. Alternatively, if the access device is connected to a turnstile, gate, or other access restriction mechanism, the user may similarly present the user device to the access restriction mechanism. In another example, if the access device is a handheld reader operated by a conductor, ticket inspector, or other personnel, then the user device may be presented to the access device.
[0113] At step 904, the access device verifies the token certificate using the digital signature. In some embodiments, the token certificate may be verified in a similar manner as described with reference to step 802 of FIG. 8. [0114] At step 905, the access device verifies the token using the token certificate. In some embodiments, the token certificate may be verified in a similar manner as described with reference to step 803 of FIG. 8.
[0115] At step 906, the access device verifies the transit provider identifier and the token access restrictions included in the token certificate. For example, the access device can verify that it is associated with a transit provider corresponding to the transit provider identifier, that any time or date restrictions are met, etc. In addition, in some embodiments, the access device may receive confirmation from an operator that to determine that access restrictions are met. For example, if the token certificate indicates that the token is for a senior, a ticket inspector may confirm that the user is actually a senior.
[0116] At step 907, if verification steps 904-906 are completed successfully, the access device may allow access to a location. For example, if the access device is connected to a restriction mechanism (e.g., a gate or turnstile), the access device may send a signal to actuate the restriction mechanism. [0117] At step 908, the access device conducts a transaction using the token. In some embodiments, the transaction may occur a period of time after step 907. For example, in some embodiments, transactions conducted at the access device may be processed on an hourly, daily, or otherwise asynchronous basis. In some embodiments, conducting a transit transaction may involve sending a message (e.g., an authorization request message) including the token to a transit provider computer. The transit provider computer may then determine a user account associated with the token, and debit or credit a corresponding amount from the user account. In some embodiments, the access device and/or the transit provider computer may determine an amount for the transaction based on the token certificate. For example, if the token certificate indicates that the user is a senior, the access device and/or the transit provider computer may calculate a transaction amount after a senior discount is applied.
III. COMPUTER APPARATUSES
[0118] FIG. 10 shows an example of a portable user device 101" in the form of a card. As shown, the portable user device 101" comprises a plastic substrate 101(m). In some embodiments, a contactless element 101(o) for interfacing with an access device 102 may be present on, or embedded within, the plastic substrate 101(m). User information 101 (p) such as an account number, expiration date, and/or a user name may be printed or embossed on the card. A magnetic stripe 101(n) may also be on the plastic substrate 101 (m). In some embodiments, the portable user device 101" may comprise a microprocessor and/or memory chips with user data stored in them.
[0119] As noted above and shown in FIG. 10, the portable user device 101" may include both a magnetic stripe 101(n) and a contactless element 101(o). In some embodiments, both the magnetic stripe 101(n) and the contactless element 101(o) may be in the portable user device 101". In some embodiments, either the magnetic stripe 101(n) or the contactless element 101(o) may be present in the portable user device 101".
[0120] FIG. 11 is a high level block diagram of a computer system that may be used to implement any of the entities or components described above. The subsystems shown in FIG. 11 are interconnected via a system bus 1175. Additional subsystems include a printer
1103, keyboard 1106, fixed disk 1107, and monitor 1109, which is coupled to display adapter
1104. Peripherals and input/output (I/O) devices, which couple to I/O controller 1100, can be connected to the computer system by any number of means known in the art, such as a serial port. For example, serial port 1105 or external interface 1108 can be used to connect the computer apparatus to a wide area network such as the Internet, a mouse input device, or a scanner. The interconnection via system bus 1175 allows the central processor 1102 to communicate with each subsystem and to control the execution of instructions from system memory 1101 or the fixed disk 1107, as well as the exchange of information between subsystems. The system memory 1101 and/or the fixed disk may embody a computer- readable medium.
[0121] Storage media and computer-readable media for containing code, or portions of code, can include any appropriate media known or used in the art, including storage media and communication media, such as but not limited to volatile and non- volatile, removable and non-removable media implemented in any method or technology for storage and/or transmission of information such as computer-readable instructions, data structures, program modules, or other data, including RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, data signals, data transmissions, or any other medium which can be used to store or transmit the desired information and which can be accessed by the computer. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will appreciate other ways and/or methods to implement the various embodiments.
[0122] The above description is illustrative and is not restrictive. Many variations of the invention may become apparent to those skilled in the art upon review of the disclosure. The scope of the invention may, therefore, be determined not with reference to the above description, but instead may be determined with reference to the pending claims along with their full scope or equivalents.
[0123] It may be understood that the present invention as described above can be implemented in the form of control logic using computer software in a modular or integrated manner. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art may know and appreciate other ways and/or methods to implement the present invention using hardware and a combination of hardware and software.
[0124] Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object- oriented techniques. The software code may be stored as a series of instructions, or commands on a computer readable medium, such as a random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.
[0125] One or more features from any embodiment may be combined with one or more features of any other embodiment without departing from the scope of the invention.
[0126] A recitation of "a", "an" or "the" is intended to mean "one or more" unless specifically indicated to the contrary.

Claims

WHAT IS CLAIMED IS: 1. A computer-implemented method comprising:
receiving, by an access device, a token and a token certificate associated with the token from a user device, wherein the token certificate comprises a token identifier and a digital signature generated using the token identifier;
determining, by the access device, that the token certificate is valid by verifying that the digital signature corresponds to the token identifier;
determining, by the access device, that the token is valid using the token certificate; and
conducting, by the access device, a transaction using the token.
2. The computer-implemented method of claim 1, wherein determining that the token is valid comprises determining that the digital signature is consistent with the token identifier included in the token certificate.
3. The computer-implemented method of claim 2, wherein the digital signature is generated by a token provider computer, and wherein determining that the token certificate is valid comprises:
hashing, by the access device, a subset of the token certificate including the token identifier to generate a hash of the token certificate;
decrypting, by the access device, the digital signature using a public key of the token provider computer; and
verifying, by the access device, that the decrypted digital signature matches the hash of the token certificate.
4. The computer-implemented method of claim 2, wherein the token certificate further comprises a context identifier that identifies a context in which the token certificate is valid, wherein the method further comprises:
verifying, by the access device, that the context identifier matches an expected value stored on the access device.
5. The computer-implemented method of claim 4, wherein the context identifier is associated with a transit provider, wherein the access device is also associated with the transit provider, and wherein the expected value is a transit provider identifier.
6. The computer-implemented method of claim 5, wherein the access device allows a user associated with the token access to a location upon determining that the token is valid, and wherein the access device conducts the transaction after the user is allowed access to the location.
7. The computer-implemented method of claim 5, further comprising: sending a signal to actuate a restriction mechanism upon determining that the token is valid, wherein the access device conducts the transaction after the restriction mechanism has been actuated.
8. The computer-implemented method of claim 1, wherein conducting the transaction comprises:
sending, by the access device, an authorization request message for the transaction, the authorization request message including the token; and
receiving, by the access device, an authorization response message, wherein the authorization response message indicates a status of the transaction.
9. A computer-implemented method comprising:
sending, by a user device, a token request to a token provider computer, the token request including account information for a user operating the user device;
receiving, by the user device, a token response from the token provider computer, the token response including a token associated with the account information, and a token certificate associated with the token; and
sending, by the user device, the token and the token certificate to an access device in order to conduct a transaction.
10. The computer-implemented method of claim 9, wherein the token request comprises an account number for a user account, and wherein the token is associated with the account number.
11. The computer-implemented method of claim 9, wherein the token certificate further comprises a context identifier that identifies a context in which the token certificate is valid.
12. The computer-implemented method of claim 11, wherein the context identifier is a transit provider identifier associated with a transit provider, and wherein the token provider computer is associated with the transit provider.
13. An access device comprising:
a processor; and
a non-transitory computer-readable storage medium comprising code executable by the processor for implementing a method comprising:
receiving, from a user device, a token and a token certificate associated with the token, wherein the token certificate comprises a token identifier and a digital signature generated using the token identifier;
determining that the token certificate is valid by verifying the digital signature;
determining that the token is valid using the token certificate; and conducting a transaction using the token.
14. The access device of claim 13, wherein determining that the token is valid is performed offline.
15. The access device of claim 14, wherein the token certificate further comprises a context identifier that identifies a context in which the token certificate is valid, wherein the method further comprises:
verifying that the context identifier matches an expected value.
16. The access device of claim 15, wherein the context identifier is a transit provider identifier associated with a transit provider, and wherein the token provider computer is associated with the transit provider.
17. The access device of claim 16 , wherein the access device allows a user associated with the token access to a location upon determining that the token is valid, and wherein the access device conducts the transaction after the user is allowed access to the location.
18. The access device of claim 13, wherein conducting the transaction comprises: sending an authorization request message for the transaction, the authorization request message including the token; and
receiving an authorization response message, wherein the authorization response message indicates a status of the transaction.
19. A system comprising:
the access device of claim 13; and
a user device configured to:
send the token and the token certificate to the access device.
20. The system of claim 19, wherein the user device is further configured to:
send a token request to a token provider computer, prior to sending the token and the token certificate to the access device; and
receive a token response from the token provider computer, the token response including the token and the token certificate associated with the token.
PCT/US2015/014504 2014-02-04 2015-02-04 Token verification using limited use certificates Ceased WO2015120082A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
CN201580007087.8A CN105960776B (en) 2014-02-04 2015-02-04 Token verification with limited-use certificates
EP15746832.3A EP3103084A1 (en) 2014-02-04 2015-02-04 Token verification using limited use certificates
CA2936985A CA2936985A1 (en) 2014-02-04 2015-02-04 Token verification using limited use certificates
BR112016017947A BR112016017947A2 (en) 2014-02-04 2015-02-04 METHOD IMPLEMENTED BY COMPUTER, ACCESS DEVICE, AND SYSTEM
AU2015214271A AU2015214271B2 (en) 2014-02-04 2015-02-04 Token verification using limited use certificates

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201461935625P 2014-02-04 2014-02-04
US61/935,625 2014-02-04

Publications (1)

Publication Number Publication Date
WO2015120082A1 true WO2015120082A1 (en) 2015-08-13

Family

ID=53755158

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2015/014504 Ceased WO2015120082A1 (en) 2014-02-04 2015-02-04 Token verification using limited use certificates

Country Status (7)

Country Link
US (1) US20150220917A1 (en)
EP (1) EP3103084A1 (en)
CN (1) CN105960776B (en)
AU (1) AU2015214271B2 (en)
BR (1) BR112016017947A2 (en)
CA (1) CA2936985A1 (en)
WO (1) WO2015120082A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019150275A1 (en) * 2018-01-30 2019-08-08 Entersekt International Limited System and method for conducting a trusted intermediated transaction
US10586229B2 (en) 2010-01-12 2020-03-10 Visa International Service Association Anytime validation tokens

Families Citing this family (195)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140019352A1 (en) 2011-02-22 2014-01-16 Visa International Service Association Multi-purpose virtual card transaction apparatuses, methods and systems
US8762263B2 (en) 2005-09-06 2014-06-24 Visa U.S.A. Inc. System and method for secured account numbers in proximity devices
US7739169B2 (en) 2007-06-25 2010-06-15 Visa U.S.A. Inc. Restricting access to compromised account information
US7937324B2 (en) 2007-09-13 2011-05-03 Visa U.S.A. Inc. Account permanence
US8219489B2 (en) 2008-07-29 2012-07-10 Visa U.S.A. Inc. Transaction processing using a global unique identifier
US10867298B1 (en) 2008-10-31 2020-12-15 Wells Fargo Bank, N.A. Payment vehicle with on and off function
US20100114768A1 (en) 2008-10-31 2010-05-06 Wachovia Corporation Payment vehicle with on and off function
US9715681B2 (en) 2009-04-28 2017-07-25 Visa International Service Association Verification of portable consumer devices
US8893967B2 (en) 2009-05-15 2014-11-25 Visa International Service Association Secure Communication of payment information to merchants using a verification token
US9105027B2 (en) 2009-05-15 2015-08-11 Visa International Service Association Verification of portable consumer device for secure services
US10846683B2 (en) 2009-05-15 2020-11-24 Visa International Service Association Integration of verification tokens with mobile communication devices
US9038886B2 (en) 2009-05-15 2015-05-26 Visa International Service Association Verification of portable consumer devices
US8534564B2 (en) 2009-05-15 2013-09-17 Ayman Hammad Integration of verification tokens with mobile communication devices
US10140598B2 (en) 2009-05-20 2018-11-27 Visa International Service Association Device including encrypted data for expiration date and verification value creation
US9245267B2 (en) 2010-03-03 2016-01-26 Visa International Service Association Portable account number for consumer payment account
US9342832B2 (en) 2010-08-12 2016-05-17 Visa International Service Association Securing external systems with account token substitution
CN106803175B (en) 2011-02-16 2021-07-30 维萨国际服务协会 Snapshot mobile payment device, method and system
US10586227B2 (en) 2011-02-16 2020-03-10 Visa International Service Association Snap mobile payment apparatuses, methods and systems
EP2678812A4 (en) 2011-02-22 2015-05-20 Visa Int Service Ass Universal electronic payment apparatuses, methods and systems
CN107967602A (en) 2011-03-04 2018-04-27 维萨国际服务协会 Ability to pay is bound to the safety element of computer
US9280765B2 (en) 2011-04-11 2016-03-08 Visa International Service Association Multiple tokenization for authentication
AU2012278963B2 (en) 2011-07-05 2017-02-23 Visa International Service Association Electronic wallet checkout platform apparatuses, methods and systems
US9355393B2 (en) 2011-08-18 2016-05-31 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US9582598B2 (en) 2011-07-05 2017-02-28 Visa International Service Association Hybrid applications utilizing distributed models and views apparatuses, methods and systems
WO2013019567A2 (en) 2011-07-29 2013-02-07 Visa International Service Association Passing payment tokens through an hop/sop
US10242358B2 (en) 2011-08-18 2019-03-26 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US12462245B2 (en) 2011-08-18 2025-11-04 Visa International Service Association Remote decoupled application persistent state apparatuses, methods and systems
US9710807B2 (en) 2011-08-18 2017-07-18 Visa International Service Association Third-party value added wallet features and interfaces apparatuses, methods and systems
US10825001B2 (en) 2011-08-18 2020-11-03 Visa International Service Association Multi-directional wallet connector apparatuses, methods and systems
US10223730B2 (en) 2011-09-23 2019-03-05 Visa International Service Association E-wallet store injection search apparatuses, methods and systems
US11354723B2 (en) 2011-09-23 2022-06-07 Visa International Service Association Smart shopping cart with E-wallet store injection search
US10223710B2 (en) 2013-01-04 2019-03-05 Visa International Service Association Wearable intelligent vision device apparatuses, methods and systems
WO2013103991A1 (en) 2012-01-05 2013-07-11 Visa International Service Association Data protection with translation
WO2013113004A1 (en) 2012-01-26 2013-08-01 Visa International Service Association System and method of providing tokenization as a service
AU2013214801B2 (en) 2012-02-02 2018-06-21 Visa International Service Association Multi-source, multi-dimensional, cross-entity, multimedia database platform apparatuses, methods and systems
US10282724B2 (en) 2012-03-06 2019-05-07 Visa International Service Association Security system incorporating mobile device
WO2013166501A1 (en) 2012-05-04 2013-11-07 Visa International Service Association System and method for local data conversion
US9524501B2 (en) 2012-06-06 2016-12-20 Visa International Service Association Method and system for correlating diverse transaction data
US9547769B2 (en) 2012-07-03 2017-01-17 Visa International Service Association Data protection hub
US9256871B2 (en) 2012-07-26 2016-02-09 Visa U.S.A. Inc. Configurable payment tokens
US9665722B2 (en) 2012-08-10 2017-05-30 Visa International Service Association Privacy firewall
WO2014043278A1 (en) 2012-09-11 2014-03-20 Visa International Service Association Cloud-based virtual wallet nfc apparatuses, methods and systems
US10891599B2 (en) * 2012-09-12 2021-01-12 Microsoft Technology Licensing, Llc Use of state objects in near field communication (NFC) transactions
US10176478B2 (en) 2012-10-23 2019-01-08 Visa International Service Association Transaction initiation determination system utilizing transaction data elements
US9911118B2 (en) 2012-11-21 2018-03-06 Visa International Service Association Device pairing via trusted intermediary
US10304047B2 (en) 2012-12-07 2019-05-28 Visa International Service Association Token generating component
US10740731B2 (en) 2013-01-02 2020-08-11 Visa International Service Association Third party settlement
US9741051B2 (en) 2013-01-02 2017-08-22 Visa International Service Association Tokenization and third-party interaction
US11055710B2 (en) 2013-05-02 2021-07-06 Visa International Service Association Systems and methods for verifying and processing transactions using virtual currency
WO2014186635A1 (en) 2013-05-15 2014-11-20 Visa International Service Association Mobile tokenization hub
US10878422B2 (en) 2013-06-17 2020-12-29 Visa International Service Association System and method using merchant token
WO2015013522A1 (en) 2013-07-24 2015-01-29 Visa International Service Association Systems and methods for communicating risk using token assurance data
CN115907763A (en) 2013-07-26 2023-04-04 维萨国际服务协会 Provide proof of payment to consumers
CN105612543B (en) 2013-08-08 2022-05-27 维萨国际服务协会 Method and system for provisioning payment credentials for mobile devices
US10496986B2 (en) 2013-08-08 2019-12-03 Visa International Service Association Multi-network tokenization processing
CA2927052C (en) 2013-10-11 2021-09-21 Visa International Service Association Network token system
US9978094B2 (en) 2013-10-11 2018-05-22 Visa International Service Association Tokenization revocation list
US10515358B2 (en) 2013-10-18 2019-12-24 Visa International Service Association Contextual transaction token methods and systems
US10489779B2 (en) 2013-10-21 2019-11-26 Visa International Service Association Multi-network token bin routing with defined verification parameters
US10366387B2 (en) 2013-10-29 2019-07-30 Visa International Service Association Digital wallet system and method
CN103607284B (en) * 2013-12-05 2017-04-19 李笑来 Identity authentication method and equipment and server
SG10201900964QA (en) 2013-12-19 2019-03-28 Visa Int Service Ass Cloud-based transactions methods and systems
US9922322B2 (en) 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
US10433128B2 (en) 2014-01-07 2019-10-01 Visa International Service Association Methods and systems for provisioning multiple devices
US9846878B2 (en) 2014-01-14 2017-12-19 Visa International Service Association Payment account identifier system
US12469021B2 (en) 2014-02-18 2025-11-11 Visa International Service Association Limited-use keys and cryptograms
US10026087B2 (en) 2014-04-08 2018-07-17 Visa International Service Association Data passed in an interaction
US9942043B2 (en) 2014-04-23 2018-04-10 Visa International Service Association Token security on a communication device
WO2015168334A1 (en) 2014-05-01 2015-11-05 Visa International Service Association Data verification using access device
CN106462849B (en) 2014-05-05 2019-12-24 维萨国际服务协会 System and method for token domain control
US10846694B2 (en) 2014-05-21 2020-11-24 Visa International Service Association Offline authentication
US11023890B2 (en) 2014-06-05 2021-06-01 Visa International Service Association Identification and verification for provisioning mobile application
US9780953B2 (en) 2014-07-23 2017-10-03 Visa International Service Association Systems and methods for secure detokenization
US10484345B2 (en) 2014-07-31 2019-11-19 Visa International Service Association System and method for identity verification across mobile applications
US9775029B2 (en) 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
US10140615B2 (en) 2014-09-22 2018-11-27 Visa International Service Association Secure mobile device credential provisioning using risk decision non-overrides
ES2732564T3 (en) 2014-09-26 2019-11-25 Visa Int Service Ass Remote server encrypted data provisioning system and procedures
US11257074B2 (en) 2014-09-29 2022-02-22 Visa International Service Association Transaction risk based token
US10015147B2 (en) 2014-10-22 2018-07-03 Visa International Service Association Token enrollment system and method
GB201419016D0 (en) 2014-10-24 2014-12-10 Visa Europe Ltd Transaction Messaging
CN113537988B (en) 2014-11-26 2024-05-28 维萨国际服务协会 Method and apparatus for tokenizing requests via an access device
US10257185B2 (en) 2014-12-12 2019-04-09 Visa International Service Association Automated access data provisioning
WO2016094122A1 (en) 2014-12-12 2016-06-16 Visa International Service Association Provisioning platform for machine-to-machine devices
JP6489835B2 (en) * 2015-01-09 2019-03-27 キヤノン株式会社 Information processing system, information processing apparatus control method, and program
US10096009B2 (en) 2015-01-20 2018-10-09 Visa International Service Association Secure payment processing using authorization request
US11250391B2 (en) 2015-01-30 2022-02-15 Visa International Service Association Token check offline
US10164996B2 (en) 2015-03-12 2018-12-25 Visa International Service Association Methods and systems for providing a low value token buffer
US10685349B2 (en) * 2015-03-18 2020-06-16 Google Llc Confirming physical possession of plastic NFC cards with a mobile digital wallet application
US11429975B1 (en) 2015-03-27 2022-08-30 Wells Fargo Bank, N.A. Token management system
SG10201908338TA (en) 2015-04-10 2019-10-30 Visa Int Service Ass Browser integration with cryptogram
US9998978B2 (en) 2015-04-16 2018-06-12 Visa International Service Association Systems and methods for processing dormant virtual access devices
US10552834B2 (en) 2015-04-30 2020-02-04 Visa International Service Association Tokenization capable authentication framework
US11503031B1 (en) 2015-05-29 2022-11-15 Pure Storage, Inc. Storage array access control from cloud-based user authorization and authentication
US9444822B1 (en) * 2015-05-29 2016-09-13 Pure Storage, Inc. Storage array access control from cloud-based user authorization and authentication
US11170364B1 (en) 2015-07-31 2021-11-09 Wells Fargo Bank, N.A. Connected payment card systems and methods
US11068889B2 (en) 2015-10-15 2021-07-20 Visa International Service Association Instant token issuance
CN108141433B (en) * 2015-10-22 2020-12-01 西门子股份公司 Apparatus, controller, network and method for use in a network
AU2016365425A1 (en) 2015-12-04 2018-05-10 Visa International Service Association Secure token distribution
CN113542293B (en) * 2015-12-04 2023-11-07 维萨国际服务协会 Method and computer for token verification
WO2017120605A1 (en) 2016-01-07 2017-07-13 Visa International Service Association Systems and methods for device push provisioning
EP3411846A1 (en) 2016-02-01 2018-12-12 Visa International Service Association Systems and methods for code display and use
US11501288B2 (en) 2016-02-09 2022-11-15 Visa International Service Association Resource provider account token provisioning and processing
US10007826B2 (en) * 2016-03-07 2018-06-26 ShoCard, Inc. Transferring data files using a series of visual codes
US10313321B2 (en) 2016-04-07 2019-06-04 Visa International Service Association Tokenization of co-network accounts
EP3232399A1 (en) * 2016-04-12 2017-10-18 Visa Europe Limited System for performing a validity check of a user device
US11823161B2 (en) * 2016-04-13 2023-11-21 Mastercard International Incorporated System and method for peer-to-peer assistance in provisioning payment tokens to mobile devices
US11386421B2 (en) 2016-04-19 2022-07-12 Visa International Service Association Systems and methods for performing push transactions
WO2017197130A1 (en) * 2016-05-12 2017-11-16 Boland Michael J Identity authentication and information exchange system and method
US20170337550A1 (en) * 2016-05-18 2017-11-23 Amadeus S.A.S. Secure exchange of a sensitive data over a network based on barcodes and tokens
EP3246866B1 (en) * 2016-05-18 2020-03-18 Amadeus S.A.S. Secure exchange of a sensitive data over a network based on barcodes and tokens
US11250424B2 (en) 2016-05-19 2022-02-15 Visa International Service Association Systems and methods for creating subtokens using primary tokens
JP2019522270A (en) 2016-06-03 2019-08-08 ビザ インターナショナル サービス アソシエーション Sub-token management system for connected devices
US11068899B2 (en) 2016-06-17 2021-07-20 Visa International Service Association Token aggregation for multi-party transactions
CN111899026B (en) * 2016-06-20 2024-10-01 创新先进技术有限公司 A payment method and device
AU2017281938A1 (en) 2016-06-24 2018-10-25 Visa International Service Association Unique token authentication cryptogram
US10992679B1 (en) * 2016-07-01 2021-04-27 Wells Fargo Bank, N.A. Access control tower
US11886611B1 (en) 2016-07-01 2024-01-30 Wells Fargo Bank, N.A. Control tower for virtual rewards currency
US11615402B1 (en) 2016-07-01 2023-03-28 Wells Fargo Bank, N.A. Access control tower
US11386223B1 (en) 2016-07-01 2022-07-12 Wells Fargo Bank, N.A. Access control tower
US12130937B1 (en) 2016-07-01 2024-10-29 Wells Fargo Bank, N.A. Control tower for prospective transactions
US11935020B1 (en) 2016-07-01 2024-03-19 Wells Fargo Bank, N.A. Control tower for prospective transactions
WO2018013431A2 (en) 2016-07-11 2018-01-18 Visa International Service Association Encryption key exchange process using access device
EP3488406A4 (en) 2016-07-19 2019-08-07 Visa International Service Association Method of distributing tokens and managing token relationships
JP6729145B2 (en) * 2016-08-03 2020-07-22 富士通株式会社 Connection management device, connection management method, and connection management program
US10115104B2 (en) * 2016-09-13 2018-10-30 Capital One Services, Llc Systems and methods for generating and managing dynamic customized electronic tokens for electronic device interaction
US10509779B2 (en) 2016-09-14 2019-12-17 Visa International Service Association Self-cleaning token vault
US20180082290A1 (en) * 2016-09-16 2018-03-22 Kountable, Inc. Systems and Methods that Utilize Blockchain Digital Certificates for Data Transactions
CN117009946A (en) 2016-11-28 2023-11-07 维萨国际服务协会 Access identifier supplied to application program
US11113690B2 (en) * 2016-12-22 2021-09-07 Mastercard International Incorporated Systems and methods for processing data messages from a user vehicle
US10498541B2 (en) 2017-02-06 2019-12-03 ShocCard, Inc. Electronic identification verification methods and systems
USRE49968E1 (en) 2017-02-06 2024-05-14 Ping Identity Corporation Electronic identification verification methods and systems with storage of certification records to a side chain
US10915899B2 (en) 2017-03-17 2021-02-09 Visa International Service Association Replacing token on a multi-token user device
US11556936B1 (en) 2017-04-25 2023-01-17 Wells Fargo Bank, N.A. System and method for card control
US10902418B2 (en) 2017-05-02 2021-01-26 Visa International Service Association System and method using interaction token
US11494765B2 (en) 2017-05-11 2022-11-08 Visa International Service Association Secure remote transaction system using mobile devices
WO2018236420A1 (en) 2017-06-20 2018-12-27 Google Llc CLOUD EQUIPMENT SECURITY MODULES FOR CRYPTOGRAPHIC EXTERNALIZATION OPERATIONS
US11062388B1 (en) 2017-07-06 2021-07-13 Wells Fargo Bank, N.A Data control tower
US10491389B2 (en) 2017-07-14 2019-11-26 Visa International Service Association Token provisioning utilizing a secure authentication system
US11481786B2 (en) * 2017-10-03 2022-10-25 Sony Group Corporation Genuine instance of digital goods
US10956905B2 (en) 2017-10-05 2021-03-23 The Toronto-Dominion Bank System and method of session key generation and exchange
CN117150581A (en) 2017-11-03 2023-12-01 维萨国际服务协会 Secure identity and profile management system
US11496462B2 (en) * 2017-11-29 2022-11-08 Jpmorgan Chase Bank, N.A. Secure multifactor authentication with push authentication
WO2019113552A1 (en) 2017-12-08 2019-06-13 ShoCard, Inc. Methods and systems for recovering data using dynamic passwords
US10866963B2 (en) 2017-12-28 2020-12-15 Dropbox, Inc. File system authentication
WO2019139595A1 (en) * 2018-01-11 2019-07-18 Visa International Service Association Offline authorization of interactions and controlled tasks
CN110166227B (en) * 2018-02-12 2024-03-26 开利公司 Wireless communication with non-networked controllers
CN108418821B (en) * 2018-03-06 2021-06-18 北京焦点新干线信息技术有限公司 Method and device for processing high concurrency scenarios of online snap-up system based on Redis and Kafka
CN111819555B (en) 2018-03-07 2025-07-22 维萨国际服务协会 Secure remote token issuance with online authentication
US11631085B2 (en) * 2018-03-12 2023-04-18 Visa International Service Association Digital access code
WO2019191522A1 (en) 2018-03-28 2019-10-03 Senko Advanced Components Inc Small form factor fiber optic connector with multi-purpose boot
US10783234B2 (en) * 2018-04-06 2020-09-22 The Toronto-Dominion Bank Systems for enabling tokenized wearable devices
US12086431B1 (en) 2018-05-21 2024-09-10 Pure Storage, Inc. Selective communication protocol layering for synchronous replication
US11954220B2 (en) 2018-05-21 2024-04-09 Pure Storage, Inc. Data protection for container storage
US12181981B1 (en) 2018-05-21 2024-12-31 Pure Storage, Inc. Asynchronously protecting a synchronously replicated dataset
CN108805569A (en) 2018-05-29 2018-11-13 阿里巴巴集团控股有限公司 Transaction processing method and device, electronic equipment based on block chain
CN108900471B (en) * 2018-05-31 2022-02-25 北京证大向上金融信息服务有限公司 Server, client, network system and method for transmitting data
US11256789B2 (en) 2018-06-18 2022-02-22 Visa International Service Association Recurring token transactions
CN112368730B (en) 2018-06-22 2024-10-08 维萨国际服务协会 Secure Remote Transaction Framework Using Dynamic Secure Checkout Components
WO2020010279A1 (en) * 2018-07-03 2020-01-09 Gmo Globalsign, Inc. Systems and methods for blockchain addresses and owner verification
SG11202101587SA (en) 2018-08-22 2021-03-30 Visa Int Service Ass Method and system for token provisioning and processing
US11057377B2 (en) * 2018-08-26 2021-07-06 Ncr Corporation Transaction authentication
US12028337B2 (en) 2018-10-08 2024-07-02 Visa International Service Association Techniques for token proximity transactions
CN112840594B (en) * 2018-10-15 2024-12-31 维萨国际服务协会 Technology used to securely transmit sensitive data for fundamentally different data messages
US10979227B2 (en) 2018-10-17 2021-04-13 Ping Identity Corporation Blockchain ID connect
US11082221B2 (en) 2018-10-17 2021-08-03 Ping Identity Corporation Methods and systems for creating and recovering accounts using dynamic passwords
SG11202104170PA (en) 2018-10-29 2021-05-28 Visa Int Service Ass Efficient authentic communication system and method
SG11202104169YA (en) 2018-10-30 2021-05-28 Visa Int Service Ass Account assertion
EP3881258B1 (en) 2018-11-14 2024-09-04 Visa International Service Association Cloud token provisioning of multiple tokens
CN109919607A (en) * 2018-11-23 2019-06-21 阿里巴巴集团控股有限公司 Transfer discount method and device and electronic device based on offline bus code
US11232429B2 (en) * 2018-12-19 2022-01-25 Paypal, Inc. Automated data tokenization through networked sensors
US11303450B2 (en) * 2018-12-19 2022-04-12 Visa International Service Association Techniques for securely performing offline authentication
DE102019100335A1 (en) 2019-01-08 2020-07-09 Bundesdruckerei Gmbh Method for securely providing a personalized electronic identity on a terminal
DE102019100334A1 (en) * 2019-01-08 2020-07-09 Bundesdruckerei Gmbh Method for securely providing a personalized electronic identity on a terminal
US12105789B2 (en) * 2019-03-27 2024-10-01 Visa International Service Association Enhanced consumer device validation
US11849042B2 (en) 2019-05-17 2023-12-19 Visa International Service Association Virtual access credential interaction system and method
US11513815B1 (en) 2019-05-24 2022-11-29 Hiro Systems Pbc Defining data storage within smart contracts
US10699269B1 (en) * 2019-05-24 2020-06-30 Blockstack Pbc System and method for smart contract publishing
US11657391B1 (en) 2019-05-24 2023-05-23 Hiro Systems Pbc System and method for invoking smart contracts
JP7041282B2 (en) * 2019-08-13 2022-03-23 グーグル エルエルシー Improved data integrity with trusted code proof tokens
EP3861676B1 (en) * 2019-10-21 2025-08-06 Google LLC Verifiable consent for privacy protection
CN111563733B (en) * 2020-04-28 2023-06-02 杭州云象网络技术有限公司 Ring signature privacy protection system and method for digital wallet
CN111898144A (en) * 2020-07-16 2020-11-06 广东金宇恒软件科技有限公司 Collective economy open inquiry system
US10992606B1 (en) 2020-09-04 2021-04-27 Wells Fargo Bank, N.A. Synchronous interfacing with unaffiliated networked systems to alter functionality of sets of electronic assets
US11546338B1 (en) 2021-01-05 2023-01-03 Wells Fargo Bank, N.A. Digital account controls portal and protocols for federated and non-federated systems and devices
US12141800B2 (en) 2021-02-12 2024-11-12 Visa International Service Association Interaction account tokenization system and method
US20220329577A1 (en) 2021-04-13 2022-10-13 Biosense Webster (Israel) Ltd. Two-Factor Authentication to Authenticate Users in Unconnected Devices
CN117501268A (en) 2021-06-22 2024-02-02 维萨国际服务协会 Methods and systems for processing action data
US12019752B2 (en) * 2021-10-06 2024-06-25 Hewlett Packard Enterprise Development Lp Security dominion of computing device
US11836690B1 (en) 2022-04-12 2023-12-05 Wells Fargo Bank, N.A. Systems and methods for private network issuance of digital currency
US12155641B1 (en) 2022-04-15 2024-11-26 Wells Fargo Bank, N.A. Network access tokens and meta-application programming interfaces for enhanced inter-enterprise system data promulgation and profiling
US12159281B2 (en) * 2022-08-03 2024-12-03 1080 Network, Inc. Systems, methods, and computing platforms for managing network enabled security codes
US12026457B2 (en) * 2022-11-07 2024-07-02 Microsoft Technology Licensing, Llc Utilizing dynamic interface elements to improve user interfaces
US12368708B2 (en) 2022-12-05 2025-07-22 Bank Of America Corporation Customized token rules generation system
US20240232313A1 (en) * 2023-01-05 2024-07-11 Lowe's Companies, Inc. Secure access to an online service based on a token exchange
EP4435700A1 (en) * 2023-03-22 2024-09-25 Giesecke+Devrient advance52 GmbH Method for registering of token, a token reference register, secure transaction unit, and electronic payment transaction system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120072718A1 (en) * 2008-11-04 2012-03-22 Troy Jacob Ronda System And Methods For Online Authentication
US20120143768A1 (en) * 2010-09-21 2012-06-07 Ayman Hammad Device Enrollment System and Method
US20120185697A1 (en) * 2005-11-16 2012-07-19 Broadcom Corporation Universal Authentication Token
WO2013155627A1 (en) * 2012-04-16 2013-10-24 Salt Technology Inc. Systems and methods for facilitating a transaction using a virtual card on a mobile device
US20140019364A1 (en) * 2010-01-12 2014-01-16 Simon Hurry Anytime validation tokens

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6085976A (en) * 1998-05-22 2000-07-11 Sehr; Richard P. Travel system and methods utilizing multi-application passenger cards
US6636833B1 (en) * 1998-03-25 2003-10-21 Obis Patents Ltd. Credit card system and method
US8090939B2 (en) * 2005-10-21 2012-01-03 Hewlett-Packard Development Company, L.P. Digital certificate that indicates a parameter of an associated cryptographic token
CN101043337A (en) * 2007-03-22 2007-09-26 中兴通讯股份有限公司 Interactive process for content class service
DE102010030590A1 (en) * 2010-06-28 2011-12-29 Bundesdruckerei Gmbh Procedure for generating a certificate
US9342832B2 (en) * 2010-08-12 2016-05-17 Visa International Service Association Securing external systems with account token substitution
KR101636028B1 (en) * 2012-01-20 2016-07-04 인터디지탈 패튼 홀딩스, 인크 Identity management with local functionality
US9043605B1 (en) * 2013-09-19 2015-05-26 Emc Corporation Online and offline validation of tokencodes

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120185697A1 (en) * 2005-11-16 2012-07-19 Broadcom Corporation Universal Authentication Token
US20120072718A1 (en) * 2008-11-04 2012-03-22 Troy Jacob Ronda System And Methods For Online Authentication
US20140019364A1 (en) * 2010-01-12 2014-01-16 Simon Hurry Anytime validation tokens
US20120143768A1 (en) * 2010-09-21 2012-06-07 Ayman Hammad Device Enrollment System and Method
WO2013155627A1 (en) * 2012-04-16 2013-10-24 Salt Technology Inc. Systems and methods for facilitating a transaction using a virtual card on a mobile device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3103084A4 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10586229B2 (en) 2010-01-12 2020-03-10 Visa International Service Association Anytime validation tokens
WO2019150275A1 (en) * 2018-01-30 2019-08-08 Entersekt International Limited System and method for conducting a trusted intermediated transaction

Also Published As

Publication number Publication date
CN105960776B (en) 2020-04-03
CA2936985A1 (en) 2015-08-13
BR112016017947A2 (en) 2017-08-08
AU2015214271B2 (en) 2019-06-27
EP3103084A4 (en) 2016-12-14
US20150220917A1 (en) 2015-08-06
AU2015214271A1 (en) 2016-07-21
EP3103084A1 (en) 2016-12-14
CN105960776A (en) 2016-09-21

Similar Documents

Publication Publication Date Title
AU2015214271B2 (en) Token verification using limited use certificates
US12170730B2 (en) Unique token authentication verification value
US11847643B2 (en) Secure remote payment transaction processing using a secure element
EP2933768B1 (en) Systems and methods for software based encryption
US20140207684A1 (en) Method and system for payment authorization and card presentation using pre-issued identities
JP2019525645A (en) Cryptographic authentication and tokenized transactions
US12413580B2 (en) Token processing system and method
US20240406151A1 (en) Efficient and protected data transfer system and method
WO2025006457A1 (en) Blockchain interaction method using token or credential
CN121079709A (en) Secure remote interaction using portable trading devices
AU2008254851B2 (en) Method and system for payment authorization and card presentation using pre-issued identities
Pircalab Security of Internet Payments

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15746832

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2936985

Country of ref document: CA

REEP Request for entry into the european phase

Ref document number: 2015746832

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2015746832

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2015214271

Country of ref document: AU

Date of ref document: 20150204

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112016017947

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 112016017947

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20160802