Patent Grant
11195173
The subject matter of the present specification generally relates to the art of secure data communication, and more specifically, to securely sending sensitive information along existing rails to a targeted audience. Exemplary embodiments disclosed herein find particular application in conjunction with the secure communication of selected information or data from an identity authentication system to a transaction authorization system in connection with the processing of a credit card or other payment instrument transaction, and they will be described herein with particular reference thereto. However, it is to be appreciated that various exemplary embodiments such as those disclosed herein are also amenable to other like applications.
Generally, in connection with credit card and/or other like payment instruments transactions conducted over telecommunication networks (e.g., including without limitation wired and/or wireless networks, the Internet, WiFi, cellular networks, disparate systems, private networks, etc.), the current state of consumer authentication relies on merchants and corresponding systems in a network ecosystem to receive, maintain and forward authentication information. The authentication of cardholders in connection with commercial transactions conducted over a telecommunications network (e.g., such as the Internet) has been popularized by initiatives and/or programs such as Visa's Verified by Visa (VbV) and MasterCard's SecureCode. Such programs allow the issuer of a credit card to authenticate the identity of a cardholder prior to authorizing completion of a transaction. However, the authentication is often isolated from authorization as they are often two separate systems that only communicate via predefined messages, e.g., prescribed by the particular card network, be it Visa, MasterCard or otherwise. Accordingly, this isolation or separation tends to limit the information that can be shared between the authentication and authorization steps. This can become more important when risk based authentication is used by the issuer in the decision to authenticate, and the only information passed to the authorization system is the authentication outcome (e.g., a binary result such as positive or negative).
Accordingly, it can be desirable to bridge the authentication and authorization systems allowing additional information to be transferred and/or communicated therebetween, e.g., so that false positive and/or false negatives produced by the authorization system may be potentially reduced. However, heretofore, a suitable system, approach and/or method has not been developed and/or implemented.
Disclosed herein is a new and/or improved system and/or method for securely communicating selected information and data in enriched messages passed between an authentication system and/or step and an authorization system and/or step using existing and/or predefined protocols and/or connections (generally referred to and/or otherwise known as “rails”) established by the card networks, e.g., such as Visa, Mastercard, etc. In essence, by using the enriched message as disclosed herein, a bridge is established between authentication and authorization which is generally referred to nominally herein as an “Authentication/Authorization Bridge.” Using the enriched message and Authentication/Authorization Bridge, a merchant or Access Control Server (ACS) system or other suitable entity is able to pass certain values and/or data through the ecosystem using the existing rails that may be useful throughout the authentication and authorization steps. Suitably, the data in the enriched message is secured and compatible with a network cryptogram check, thus providing the merchant with the appropriate protection offered by consumer authentication. One example that illustrates the usage of the enriched message is the merchant making a minimally invasive change to the message enabling the issuer to better consume and use the authentication results for authorization decision making. More broadly speaking, the approach described herein facilitates the transmitting of information from someone and/or something that is submitting a transaction for settlement or the like to someone and/or something that will provide the requested settlement or the like.
This Brief Description is provided to introduce concepts related to the present specification. It is not intended to identify essential features of the claimed subject matter nor is it intended for use in determining or limiting the scope of the claimed subject matter. The exemplary embodiments described below are not intended to be exhaustive or to limit the claims to the precise forms disclosed in the following Detailed Description. Rather, the embodiments are chosen and described so that others skilled in the art may appreciate and understand the principles and practices of the subject matter presented herein.
In accordance with one aspect, a system for electronic communication includes: one or more processors of a third party configured to: create a Pre-Authentication Transaction Number (Pre-ATN) by combining a number with a Special Encode Value (SEV), wherein the SEV is a single digit integer value; encrypt the Pre-ATN using a Format Preserving Encryption (FPE) to generate an encrypted Authentication Transaction Number (ATN); and send the encrypted ATN to an access control server (ACS) to use the encrypted ATN to generate a cardholder Authentication Verification Value (CAVV) or an Accountholder Authentication Value (AAV).
In the system of the preceding paragraph, the ACS may be provisioned with FPE keys, key indexes and SEV definition tables; and the ACS may be configured to use a key index of the key indexes for both FPE and a card verification value (CVV) calculation. The ACS may be configured to use a FPE base key corresponding to a selected key index along with a Primary Account Number (PAN) to create a unique key per PAN. The SEV definition tables may relate particular SEV values to information that is being bridged between: (i) an authentication procedure that authenticates the identity of a user; and (ii) an authorization procedure that authorizes a transaction of the user. The system may further include a decoding entity configured to: perform Format Preserving Decryption (FPD) using the ATN and a Primary Account Number (PAN) unique key to generate the Pre-ATN including the SEV; and use the SEV to look up a corresponding definition in a table. The ACS may be configured to authenticate a consumer by exchanging, with the consumer, authentication credentials including a password; and the system may further comprise one or more processors of a decoding entity configured to obtain the SEV by: receiving an authorization request including the CAVV or the AAV; deconstructing the ATN and a key indicator from the CAVV or AAV; and decrypting the ATN using a Format Preserving Decryption (FPD) routine; and the one or more processors of the decoding entity may be further configured to use the SEV to look up a corresponding definition in a table. The one or more processors of the decoding entity may be further configured to use SEV definition tables to relate particular SEV values to bridge information between the authentication procedure and the authorization procedure. The number may be a random three digit number.
In accordance with another aspect, a method for electronic communication includes: with one or more processors of a third party: creating a Pre-Authentication Transaction Number (Pre-ATN) by combining a number with a Special Encode Value (SEV), wherein the SEV is a single digit integer value; encrypting the Pre-ATN using a Format Preserving Encryption (FPE) to generate an encrypted Authentication Transaction Number (ATN); and sending the encrypted ATN to an access control server (ACS); and with the ACS: using the encrypted ATN to generate a cardholder Authentication Verification Value (CAVV) or an Accountholder Authentication Value (AAV).
In a method as described in the preceding paragraph, the ACS may be provisioned with FPE keys, key indexes and SEV definition tables; and a key index of the key indexes is used for both FPE and a card verification value (CVV) calculation. A FPE base key corresponding to a selected key index may be used along with a Primary Account Number (PAN) to create a unique key per PAN. The SEV definition tables may relate particular SEV values to information that is being bridged between: (i) an authentication procedure that authenticates the identity of a user; and (ii) an authorization procedure that authorizes a transaction of the user. The method may further include: performing Format Preserving Decryption (FPD) using the ATN and a Primary Account Number (PAN) unique key to generate the Pre-ATN including the SEV; and using the SEV to look up a corresponding definition in a table. The method may further include: authenticating a consumer by exchanging, between the ACS and the consumer, authentication credentials including a password; and with one or more processors of a decoding entity, obtaining the SEV by: receiving an authorization request including the CAVV or the AAV; deconstructing the ATN and a key indicator from the CAVV or AAV; and decrypting the ATN using a Format Preserving Decryption (FPD) routine; and further with the one or more processors of the decoding entity, using the SEV to look up a corresponding definition in a table. The method may further include: as part of an authentication procedure, authenticating a consumer by exchanging, between the ACS and the consumer, authentication credentials including a password; and as part of an authorization procedure, with one or more processors of a decoding entity, obtaining the SEV by: receiving an authorization request including the CAVV or the AAV; deconstructing the ATN and a key indicator from the CAVV or AAV; and decrypting the ATN using a Format Preserving Decryption (FPD) routine; and further with the one or more processors of the decoding entity, using the SEV to look up a corresponding definition in a table to bridge information between the authentication procedure and the authorization procedure.
In accordance with another aspect, a decoding entity may include one or more processors configured to: obtain a Special Encode Value (SEV), the SEV being a single digit integer value, by: receiving an authorization request including cardholder Authentication Verification Value (CAVV) or an Accountholder Authentication Value (AAV); deconstructing a Authentication Transaction Number (ATN) and a key indicator from the CAVV or AAV; and decrypting the ATN using a Format Preserving Decryption (FPD) routine; and use the SEV to look up a corresponding definition in a table to bridge information between an authentication procedure and an authorization procedure.
Numerous advantages and benefits of the subject matter disclosed herein will become apparent to those of ordinary skill in the art upon reading and understanding the present specification. It is to be understood, however, that the detailed description of the various embodiments and specific examples, while indicating preferred and/or other embodiments, are given by way of illustration and not limitation.
The following Detailed Description makes reference to the figures in the accompanying drawings. However, the inventive subject matter disclosed herein may take form in various components and arrangements of components, and in various steps and arrangements of steps. The drawings are only for purposes of illustrating exemplary and/or preferred embodiments and are not to be construed as limiting. Further, it is to be appreciated that the drawings may not be to scale.
For clarity and simplicity, the present specification shall refer to structural and/or functional elements, relevant standards, algorithms and/or protocols, and other components, methods and/or processes that are commonly known in the art without further detailed explanation as to their configuration or operation except to the extent they have been modified or altered in accordance with and/or to accommodate the preferred and/or other embodiment(s) presented herein. Moreover, the apparatuses and methods disclosed in the present specification are described in detail by way of examples and with reference to the figures. Unless otherwise specified, like numbers in the figures indicate references to the same, similar or corresponding elements throughout the figures. It will be appreciated that modifications to disclosed and described examples, arrangements, configurations, components, elements, apparatuses, methods, materials, etc. can be made and may be desired for a specific application. In this disclosure, any identification of specific materials, techniques, arrangements, etc. are either related to a specific example presented or are merely a general description of such a material, technique, arrangement, etc. Identifications of specific details or examples are not intended to be, and should not be, construed as mandatory or limiting unless specifically designated as such. Selected examples of apparatuses and methods are hereinafter disclosed and described in detail with reference made to the figures.
With reference to
In practice, the consumer may select a number of goods, services and/or the like, e.g., by selecting and/or placing the same in a virtual shopping cart or the like. After navigating to a checkout or other like page on the merchant's website, the consumer may select to initiate a purchase of the chosen items, e.g., employing their browser to click on a designated link or option provided on the checkout page. Accordingly, the consumer is prompted to select a payment option and/or enter payment information which is in turn forwarded to the merchant. For example, the consumer may select to pay via credit card, in which case the payment information forwarded to the merchant may include the credit card number (e.g., a Primary Account Number (PAN) or dynamic PAN), expiration date, name on the credit card, etc. The forwarding of payment information from the consumer to the merchant's server is illustrated as step 1 in
In response, the merchant's server sends a request to a merchant plug-in (MPI) to create a Verify Enrollment Request (VEReq) or other like message. See step 2 in
In turn (see step 3 of
In response to the VEReq or other like message, the issuer's ACS replies with a Verify Enrollment Response (VERes) or other like message (see step 5 of
Upon receiving the VERes, the MPI uses the VERes to generate a PAReq or other like message which is forwarded to the merchant's server, e.g., as shown in step 7 of
Accordingly, upon receiving the PAReq, the merchant's server creates a form fields including the PAReq, MD and TermURL and forwards the same to the consumer's browser directing the consumer's browser to submit the data to the ACSURL (e.g., via an HTTP POST). See step 8 of
As shown in step 10, one or more requests, responses, messages, data and/or information may be exchanged between the consumer and the ACS in order to authenticate the consumer. For example, this may include the submission of various authentication credentials, including but not limited to: a password, a Personal Identification Number (PIN), biometric data (such as finger print, retinal scan, voice recognition or facial recognition data), risk criteria and calculation, etc.
Based on the outcome of the authentication, the CAVV or AAV is generated accordingly. Suitably, the ACS will generate the CAVV or AAV. More specifically, as shown in step A, a Special Encode Value (SEV) (e.g., a single digit integer value between 0 and 9) is first encoded into the ATN. The so encoded ATN is then encrypted using a Format Preserving Encryption (FPE). As shown, the encoding and encryption is carried out by a third party processor and/or hardware server. The so encrypted ATN is then passed back to the ACS and used to generate the CAVV or AAV (as the case may be) with the otherwise standard CAVV/AAV generating algorithm. Then, the PARes message is signed by the ACS. Notably, because the solution proposed herein leverages FPE, it is compatible with the industry standard cryptographic checks used by the card networks.
As shown in step 11, the issuer's ACS returns a page to the consumer's browser that will POST or otherwise submit the PARes (which includes the CAVV/AAV generated using the encoded/encrypted ATN) and MD field to the TermURL. The POSTed PARes and MD are in turn received by the merchant (see step 12 of
Suitably, the MPI verifies the signature of the PARes and returns (see step 14) the CAVV/AAV and the Electronic Commerce Indicator (ECI) to the merchant. The ECI a value which indicates the result or outcome of the authentication performed in step 10.
Having received the CAVV/AAV and ECI, to obtain authorization for the transaction, the merchant forwards the same to a transaction processor (possibly through a payment gateway—not shown). See step 15 of
The transaction processor formats a message for the specific card network (e.g., be it Visa, Mastercard, etc.) and passes the ECI and CAVV/AAV to the card network (see step 16). Suitably, the card network can validate the validity of the CAVV/AAV using the cryptographic method specified for the CAVV/AVV and/or the card network can also perform replay CAVV/AAV analysis without a problem because it is backward compatible. The foregoing feature is significantly noteworthy. Replay analysis asserts that a sample history of successful CAVV/AVV are not being reused.
Illustrated as step 17, an authorization request, including the PAN and CAVV/AAV, is sent to the issuer.
Having received the authorization request, the issuer may submit the PAN and CAVV/AAV to a Format Preserving Decryption (FPD) routine. Suitably, the routine may be executed by the issuer or a suitable third party. In any event, the ATN and a key indicator are stripped and/or deconstructed from the CAVV/AAV. The ATN is then decrypted using FPD. Accordingly, the SEV is obtained and returned to the issuer.
With reference to
In practice, the consumer may select a number of goods, services and/or the like, e.g., by selecting and/or placing the same in a virtual shopping cart or the like. After navigating to a checkout or other like page on the merchant's website, the consumer may select to initiate a purchase of the chosen items, e.g., employing their browser to click on a designated link or option provided on the checkout page. Accordingly, the consumer is prompted to select a payment option and/or enter payment information which is in turn forwarded to the merchant. For example, the consumer may select to pay via credit card, in which case the payment information forwarded to the merchant may include the credit card number (e.g., a Primary Account Number (PAN)), expiration date, name on the credit card, etc. The forwarding of payment information from the consumer to the merchant's server is illustrated as step 1 in
In response, the merchant's server sends a request to a UMP (e.g., supporting a suitable MPI) to create a Verify Enrollment Request (VEReq) or other like message. See step 2 in
In turn (see step 3 of
In response to the VEReq or other like message, the issuer's ACS replies with a Verify Enrollment Response (VERes) or other like message (see step 5 of
Upon receiving the VERes, the UMP uses the VERes to generate a PAReq or other like message which is forwarded to the merchant's server, e.g., as shown in step 7 of
Accordingly, upon receiving the PAReq, the merchant's server creates a form fields including the PAReq, MD and TermURL and forwards the same to the consumer's browser directing the consumer's browser to submit the data to the ACSURL (e.g., via an HTTP POST). See step 8 of
As shown in step 10, one or more requests, responses, messages, data and/or information may be exchanged between the consumer and the ACS in order to authenticate the consumer. For example, this may include the submission of various authentication credentials, including but not limited to: a password, a Personal Identification Number (PIN), biometric data (such as finger print, retinal scan, voice recognition or facial recognition data), risk criteria and calculation, etc.
Based on the outcome of the authentication, the CAVV or AAV is generated accordingly. Suitably, the ACS will generate the CAVV or AAV in the usual manner. As shown in step 11, the issuer's ACS returns a page to the consumer's browser that will POST or otherwise submit the PARes and MD field to the TermURL. The POSTed PARes and MD are in turn received by the merchant (see step 12 of
Suitably, the appropriate MPI supported on the UMP verifies the signature of the PARes and returns (see step 14) the CAVV/AAV (which includes the new CAVV/AAV regenerated using the encoded/encrypted ATN) and the Electronic Commerce Indicator (ECI) to the merchant.
Having received the CAVV/AAV and ECI, to obtain authorization for the transaction, the merchant forwards the same to a transaction processor (possibly through a payment gateway—not shown). See step 15 of
The transaction processor formats a message for the specific card network (e.g., be it Visa, Mastercard, etc.) and passes the ECI and CAVV/AAV to the card network (see step 16). Suitably, the card network can validate the validity of the CAVV/AAV using the cryptographic method specified for the CAVV/AVV and/or the card network can also perform replay CAVV/AAV analysis without a problem.
Illustrated as step 17, an authorization request, including the PAN and CAVV/AAV, is sent to the issuer.
Having received the authorization request, the issuer may submit the PAN and CAVV/AAV to a Format Preserving Decryption (FPD) routine. Suitably, the routine may be executed by the issuer or a suitable third party. In any event, the ATN and a key indicator are stripped from the CAVV/AAV. The ATN is then decrypted using FPD. Accordingly, the SEV is obtained and returned to the issuer.
With reference now to
The FPE base key corresponding to the selected key index is used along with the PAN (or other suitable data) to create a unique key per PAN. For example, as shown, a 256-bit Secure Hash Algorithm (SHA256) is used to generate the unique key. In practice, a secure key is derived using other suitable means, e.g., including but not limited to Hash Message Authentication Code 256 (HMAC256), etc.
Based on the authentication parameters, a SEV to be encoded into the CAVV/AAV is selected, and a Pre-ATN is created. The Pre-ATN is suitably a random three digit number combined with the SEV to form a four digit number. Alternately, the Pre-ATN is not entirely random but rather conforms to a predetermined sequence or is otherwise determined. Then, FPE is performed using the Pre-ATN and the PAN unique key to generate the encoded and encrypted ATN.
Finally, the ATN and selected key index are passed into the CAVV/AAV calculation. The same index key used for FPE is also used for the key selection used in calculating the CVV in the CAVV/AAV.
With reference now to
The FPE base key corresponding to the selected key index is used along with the PAN (or other suitable data) to create a unique key per PAN. For example, as shown, a 256-bit Secure Hash Algorithm (SHA256) is used to generate the unique key. Then, FPD (Format Preserving Decryption) is performed using the ATN and the PAN unique key to generate the Pre-ATN, including the SEV. In this way, the SEV has been communicated to the issuer. Accordingly, the issuer can use the SEV to lookup the corresponding definition in the table. Notably, the SEV and/or its meaning remains opaque, e.g., to other entities handling data and/or messages along the rails.
Various aspects of the present inventive subject matter have been described herein with reference to exemplary and/or preferred embodiments. Obviously, modifications and alterations will occur to others upon reading and understanding the preceding detailed description. It is intended that the inventive subject matter be construed as including all such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
The above methods, system, platforms, modules, processes, algorithms and/or apparatus have been described with respect to particular embodiments. It is to be appreciated, however, that certain modifications and/or alteration are also contemplated. Moreover, certain nomenclature has been used herein with reference to various massages, information and/or data (e.g., without limitation, PARes, PAReq, VERes, VEReq, etc.). Such nomenclature is merely used herein for purposes of illustration and/or example, and in practice, other like messages, information and/or data are contemplated regardless of the name or label applied thereto so long as it otherwise functions and/or represents its object similarly.
It is to be appreciated that in connection with the particular exemplary embodiment(s) presented herein certain structural and/or function features are described as being incorporated in defined elements and/or components. However, it is contemplated that these features may, to the same or similar benefit, also likewise be incorporated in other elements and/or components where appropriate. It is also to be appreciated that different aspects of the exemplary embodiments may be selectively employed as appropriate to achieve other alternate embodiments suited for desired applications, the other alternate embodiments thereby realizing the respective advantages of the aspects incorporated therein.
It is also to be appreciated that any one or more of the particular tasks, steps, processes, methods, functions, elements and/or components described herein may suitably be implemented via hardware, software, firmware or a combination thereof. In particular, various modules, components and/or elements may be embodied by processors, electrical circuits, computers and/or other electronic data processing devices that are configured and/or otherwise provisioned to perform one or more of the tasks, steps, processes, methods and/or functions described herein. For example, a processor, computer or other electronic data processing device embodying a particular element may be provided, supplied and/or programmed with a suitable listing of code (e.g., such as source code, interpretive code, object code, directly executable code, and so forth) or other like instructions or software or firmware, such that when run and/or executed by the computer or other electronic data processing device one or more of the tasks, steps, processes, methods and/or functions described herein are completed or otherwise performed. Suitably, the listing of code or other like instructions or software or firmware is implemented as and/or recorded, stored, contained or included in and/or on a non-transitory computer and/or machine readable storage medium or media so as to be providable to and/or executable by the computer or other electronic data processing device. For example, suitable storage mediums and/or media can include but are not limited to: floppy disks, flexible disks, hard disks, magnetic tape, or any other magnetic storage medium or media, CD-ROM, DVD, optical disks, or any other optical medium or media, a RAM, a ROM, a PROM, an EPROM, a FLASH-EPROM, or other memory or chip or cartridge, or any other tangible medium or media from which a computer or machine or electronic data processing device can read and use. In essence, as used herein, non-transitory computer-readable and/or machine-readable mediums and/or media comprise all computer-readable and/or machine-readable mediums and/or media except for a transitory, propagating signal.
Optionally, any one or more of the particular tasks, steps, processes, methods, functions, elements and/or components described herein may be implemented on and/or embodiment in one or more general purpose computers, special purpose computer(s), a programmed microprocessor or microcontroller and peripheral integrated circuit elements, an ASIC or other integrated circuit, a digital signal processor, a hardwired electronic or logic circuit such as a discrete element circuit, a programmable logic device such as a PLD, PLA, FPGA, Graphical card CPU (GPU), or PAL, or the like. In general, any device, capable of implementing a finite state machine that is in turn capable of implementing the respective tasks, steps, processes, methods and/or functions described herein can be used.
Additionally, it is to be appreciated that certain elements described herein as incorporated together may under suitable circumstances be stand-alone elements or otherwise divided. Similarly, a plurality of particular functions described as being carried out by one particular element may be carried out by a plurality of distinct elements acting independently to carry out individual functions, or certain individual functions may be split-up and carried out by a plurality of distinct elements acting in concert. Alternately, some elements or components otherwise described and/or shown herein as distinct from one another may be physically or functionally combined where appropriate.
In short, the present specification has been set forth with reference to preferred embodiments. Obviously, modifications and alterations will occur to others upon reading and understanding the present specification. It is intended that the inventive subject matter be construed as including all such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
This application claims the benefit of U.S. Provisional Patent Application No. 62/362,876, filed Jul. 15, 2016, which is incorporated herein by reference in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 3806874 | Ehrat | Apr 1974 | A |
| 4720860 | Weiss | Jan 1988 | A |
| 4747050 | Brachtl et al. | May 1988 | A |
| 4799156 | Shavit et al. | Jan 1989 | A |
| 4800590 | Vaughan | Jan 1989 | A |
| 4885778 | Weiss | Dec 1989 | A |
| 5168520 | Weiss | Dec 1992 | A |
| 5233655 | Shapiro | Aug 1993 | A |
| 5237614 | Weiss | Aug 1993 | A |
| 5251259 | Mosley | Oct 1993 | A |
| 5317636 | Vizcaino | May 1994 | A |
| 5361062 | Weiss et al. | Nov 1994 | A |
| 5450491 | McNair | Sep 1995 | A |
| 5478994 | Rahman et al. | Dec 1995 | A |
| 5479512 | Weiss | Dec 1995 | A |
| 5485519 | Weiss | Jan 1996 | A |
| 5490251 | Clark et al. | Feb 1996 | A |
| 5491752 | Kaufman et al. | Feb 1996 | A |
| 5513272 | Bogosian, Jr. | Apr 1996 | A |
| 5544246 | Mandelbaum et al. | Aug 1996 | A |
| 5557518 | Rosen | Sep 1996 | A |
| 5590038 | Pitroda | Dec 1996 | A |
| 5590197 | Chen et al. | Dec 1996 | A |
| 5627355 | Rahman et al. | May 1997 | A |
| 5657388 | Weiss | Aug 1997 | A |
| 5671279 | Elgamal | Sep 1997 | A |
| 5715314 | Payne et al. | Feb 1998 | A |
| 5742684 | Labaton et al. | Apr 1998 | A |
| 5757917 | Rose et al. | May 1998 | A |
| 5761306 | Lewis | Jun 1998 | A |
| 5781632 | Odom | Jul 1998 | A |
| 5790667 | Omori et al. | Aug 1998 | A |
| 5790677 | Fox et al. | Aug 1998 | A |
| 5809144 | Sirbu et al. | Sep 1998 | A |
| 5815665 | Teper et al. | Sep 1998 | A |
| 5825881 | Colvin, Sr. | Oct 1998 | A |
| 5826245 | Sandberg-Diment | Oct 1998 | A |
| 5884271 | Pitroda | Mar 1999 | A |
| 5884288 | Chang et al. | Mar 1999 | A |
| 5887065 | Audebert | Mar 1999 | A |
| 5909492 | Payne et al. | Jun 1999 | A |
| 5913203 | Wong et al. | Jun 1999 | A |
| 5917913 | Wang | Jun 1999 | A |
| 5937068 | Audebert | Aug 1999 | A |
| 5937394 | Wong et al. | Aug 1999 | A |
| 5956699 | Wong et al. | Sep 1999 | A |
| 5988497 | Wallace | Nov 1999 | A |
| 5991411 | Kaufman et al. | Nov 1999 | A |
| 5991413 | Arditti et al. | Nov 1999 | A |
| 5995626 | Nishioka | Nov 1999 | A |
| 5999624 | Hopkins | Dec 1999 | A |
| 5999626 | Mullin et al. | Dec 1999 | A |
| 6005939 | Fortenberry et al. | Dec 1999 | A |
| 6014650 | Zampese | Jan 2000 | A |
| 6018724 | Arent | Jan 2000 | A |
| 6026166 | Lebourgeois | Feb 2000 | A |
| 6029150 | Kravitz | Feb 2000 | A |
| 6070150 | Remington et al. | May 2000 | A |
| 6092053 | Boesch et al. | Jul 2000 | A |
| 6269099 | Borella | Jul 2001 | B1 |
| 6270011 | Gottfried | Aug 2001 | B1 |
| 6272492 | Kay | Aug 2001 | B1 |
| 6327578 | Linehan | Dec 2001 | B1 |
| 6366893 | Hannula et al. | Apr 2002 | B2 |
| 6519571 | Guheen et al. | Feb 2003 | B1 |
| 6529886 | Campana et al. | Mar 2003 | B1 |
| 6557759 | Zolotarev et al. | May 2003 | B1 |
| 6560581 | Fox et al. | May 2003 | B1 |
| 6675153 | Cook et al. | Jan 2004 | B1 |
| 6751735 | Schell | Jun 2004 | B1 |
| 7003480 | Fox et al. | Feb 2006 | B2 |
| 7003789 | Linehan | Feb 2006 | B1 |
| 7051002 | Keresman, III et al. | May 2006 | B2 |
| 7058611 | Kranzley et al. | Jun 2006 | B2 |
| 7089208 | Levchin et al. | Aug 2006 | B1 |
| 7111789 | Rajasekaran et al. | Sep 2006 | B2 |
| 7120609 | Kerkdijk | Oct 2006 | B1 |
| 7133645 | Thermond | Nov 2006 | B2 |
| 7133843 | Hansmann et al. | Nov 2006 | B2 |
| 7133846 | Ginter et al. | Nov 2006 | B1 |
| 7191151 | Nosek | Mar 2007 | B1 |
| 7237117 | Weiss | Jun 2007 | B2 |
| 7249094 | Levchin et al. | Jul 2007 | B2 |
| 7349557 | Tibor | Mar 2008 | B2 |
| 7469341 | Edgett et al. | Dec 2008 | B2 |
| 7499889 | Golan et al. | Mar 2009 | B2 |
| 7546944 | Goldberg et al. | Jun 2009 | B2 |
| 7647252 | Rampell et al. | Jan 2010 | B2 |
| 7693783 | Balasubramanian et al. | Apr 2010 | B2 |
| 7707120 | Dominguez et al. | Apr 2010 | B2 |
| 7788139 | Rampell et al. | Aug 2010 | B2 |
| 7801825 | Kranzley et al. | Sep 2010 | B2 |
| 7966259 | Bui | Jun 2011 | B1 |
| 7996324 | Bishop et al. | Aug 2011 | B2 |
| 8140429 | Balasubramanian et al. | Mar 2012 | B2 |
| H2270 | Le Saint | Jun 2012 | H |
| 8271395 | Dominguez et al. | Sep 2012 | B2 |
| 8396810 | Cook | Mar 2013 | B1 |
| 8966268 | Marien | Feb 2015 | B2 |
| 9990622 | Choi et al. | Jun 2018 | B2 |
| 10373138 | Hammad | Aug 2019 | B2 |
| 10521794 | Dimmick | Dec 2019 | B2 |
| 20010011256 | Hannula et al. | Aug 2001 | A1 |
| 20010032878 | TSiounis | Oct 2001 | A1 |
| 20010047334 | Nappe et al. | Nov 2001 | A1 |
| 20020032616 | Suzuki et al. | Mar 2002 | A1 |
| 20020042776 | Woo et al. | Apr 2002 | A1 |
| 20020042781 | Kranzley et al. | Apr 2002 | A1 |
| 20020103752 | Berger et al. | Aug 2002 | A1 |
| 20030093372 | Atogi et al. | May 2003 | A1 |
| 20030130958 | Narayanan et al. | Jul 2003 | A1 |
| 20030009382 | Rajasekaran et al. | Sep 2003 | A1 |
| 20030200172 | Randle et al. | Oct 2003 | A1 |
| 20030233327 | Keresman, III et al. | Dec 2003 | A1 |
| 20040002918 | McCarthy et al. | Jan 2004 | A1 |
| 20040078328 | Talbert et al. | Apr 2004 | A1 |
| 20050164739 | Goldberg et al. | Jul 2005 | A1 |
| 20050177750 | Gasparini et al. | Aug 2005 | A1 |
| 20050256802 | Ammermann et al. | Nov 2005 | A1 |
| 20060149665 | Weksler | Jul 2006 | A1 |
| 20060235758 | Schleicher | Oct 2006 | A1 |
| 20060282382 | Balasubramanian et al. | Dec 2006 | A1 |
| 20070143227 | Kranzley | Jun 2007 | A1 |
| 20080028228 | Mardikar et al. | Jan 2008 | A1 |
| 20080033878 | Krikorian et al. | Feb 2008 | A1 |
| 20080168544 | Von Krogh | Jul 2008 | A1 |
| 20080172341 | Grandeii | Jul 2008 | A1 |
| 20090313147 | Balasubramanian et al. | Dec 2009 | A1 |
| 20100153200 | Thomas | Jun 2010 | A1 |
| 20100169215 | Balasubramanian et al. | Jul 2010 | A1 |
| 20100318468 | Carr | Dec 2010 | A1 |
| 20110047054 | Ginter et al. | Feb 2011 | A1 |
| 20110103579 | Martin | May 2011 | A1 |
| 20110167002 | Balasubramanian et al. | Jul 2011 | A1 |
| 20110208658 | Makhotin | Aug 2011 | A1 |
| 20110258090 | Bosch et al. | Oct 2011 | A1 |
| 20120016728 | Ahmad et al. | Jan 2012 | A1 |
| 20120116933 | Matthews et al. | May 2012 | A1 |
| 20120197760 | Balasubramanian et al. | Aug 2012 | A1 |
| 20120297188 | van der Linden | Nov 2012 | A1 |
| 20130211934 | Balasubramanian | Aug 2013 | A1 |
| 20130243195 | Kruegel | Sep 2013 | A1 |
| 20140081863 | Balasubramanian | Mar 2014 | A1 |
| 20140089194 | Balasubramanian | Mar 2014 | A1 |
| 20140108250 | Balasubramanian | Apr 2014 | A1 |
| 20140156532 | Balasubramanian | Jun 2014 | A1 |
| 20150271150 | Barnett | Sep 2015 | A1 |
| 20160092872 | Pakash et al. | Mar 2016 | A1 |
| 20180018662 | Enright | Jan 2018 | A1 |
| 20180309735 | Barnett | Oct 2018 | A1 |
| 20180316491 | Pivovarov | Nov 2018 | A1 |
| 20200167775 | Reese | May 2020 | A1 |
| Number | Date | Country |
|---|---|---|
| 13338092 | Feb 2002 | CN |
| 1926567 | Mar 2007 | CN |
| 104838399 | Aug 2015 | CN |
| 0 668 579 | Aug 1995 | EP |
| 1 107198 | Jun 2001 | EP |
| 1 134 707 | Sep 2001 | EP |
| 2360380 | Sep 2001 | GB |
| 60 079466 | May 1985 | JP |
| WO 9304425 | Mar 1993 | WO |
| WO 9907121 | Feb 1999 | WO |
| WO 0001108 | Jan 2000 | WO |
| WO-0001108 | Jan 2000 | WO |
| WO 0118719 | Mar 2001 | WO |
| WO 0118720 | Mar 2001 | WO |
| WO-0118720 | Mar 2001 | WO |
| WO 0126062 | Apr 2001 | WO |
| WO 0146918 | Jun 2001 | WO |
| WO-0146918 | Jun 2001 | WO |
| WO 0178493 | Oct 2001 | WO |
| WO 0180100 | Oct 2001 | WO |
| WO-0178493 | Oct 2001 | WO |
| WO 0182246 | Nov 2001 | WO |
| WO 0225604 | Mar 2002 | WO |
| WO 0244976 | Jun 2002 | WO |
| WO 03107242 | Dec 2003 | WO |
| Entry |
|---|
| B.B. Zaidan, A.A. Zaidan, A.K. Al-Frajatand H.A. Jalab, 2010. On the Differences between Hiding Information and Cryptography Techniques: An Overview. Journal of Applied Sciences, 10: 1650-1655. (Year: 2010). |
| Ahmed Sechrouchni, Ahmed Sechrouchni, Mostafa Hashem Sherif, Protocols for Secure Electronic Commerce, Mar. 2000 CRC Press, Inc. (Year: 2000). |
| Bürk, et al., “Value Exchange Systems Enabling Security and Unobservability,” Elsevier Science Publishers, vol. 9, No. 8, Dec. 1990, pp. 715-721. |
| David Chaum, “Security Without Identification: Transaction Systems to Make Big Brother Obsolete,” Communications of the ACM, vol. 28, No. 10, Oct. 1985, pp. 1030-1044. |
| David Chaum, “Achieving Electronic Privacy,” Scientific American, vol. 267, No. 2, Aug. 1992, pp. 76-81. |
| Exhibit AW2 to the statutory declaration of Andrew Weller Jan. 15, 2009—Joint press release issued by Visa and other technology providers (Jun. 27, 2001). |
| Exhibit BB4 to the statutory declaration of Bahram Boutorabi Jan. 27, 2009—An Introduction to Authentication (GPayment white paper—2000-2002). |
| Exhibit BB5 to the statutory declaration of Bahram Boutorabi Jan. 27, 2009—Authentication (GPayment white paper—2000-2002). |
| Exhibit BB6 to the statutory declaration of Bahram Boutorabi Jan. 27, 2009—Smart Payment Technology (GPayment white paper—2000-2002). |
| Exhibit BB7 to the statutory declaration of Bahram Boutorabi Jan. 27, 2009—Electronic Wallets: Past, Present and Future (GPayment white paper—2000-2002). |
| Exhibit BB8 to the statutory declaration of Bahram Boutorabi Jan. 27, 2009—Pseudo Card Numbers (GPayment white paper—2000-2002). |
| Exhibit BB9 to the statutory declaration of Bahram Boutorabi Jan. 27, 2009—Cached version of www.gpayments.com (May 11, 2002). |
| Exhibit BB10 to the statutory declaration of Bahram Boutorabi Jan. 27, 2009—Presentation entitled ActiveAccess Overview (Nov. 22, 2001). |
| Exhibit BB11 to the statutory declaration of Bahram Boutorabi Jan. 27, 2009—GPayments paper outlining authentication products (May 29, 2002). |
| Exhibit BB13 to the statutory declaration of Bahram Boutorabi Apr. 7, 2009—3-D Secure Vendor Forum (Visa presentation—Nov. 2, 2000). |
| Exhibit BB14 to the statutory declaration of Bahram Boutorabi Apr. 7, 2009—3-D Secure Payment Authorisation (Visa presentation—Jan. 25, 2001). |
| Exhibit BB15 to the statutory declaration of Bahram Boutorabi Apr. 7, 2009—3-D Secure Vendor Forum (Visa presentation—Jan. 25, 2001). |
| Exhibit BB16 to the statutory declaration of Bahram Boutorabi Apr. 7, 2009—3-D Secure Interoperability Center (Visa presentation—Jan. 25, 2001). |
| Exhibit BB17 to the statutory declaration of Bahram Boutorabi Apr. 7, 2009—Wikipedia Plug-in article (as at Apr. 7, 2009). |
| Exhibit BB18 to the statutory declaration of Bahram Boutorabi Apr. 7, 2009—ActivePayment (GPayment presentation—Feb. 7, 2000). |
| Exhibit BB19 to the statutory declaration of Bahram Boutorabi Apr. 7, 2009—Eliminating Payment Fraud (GPayment presentation—Apr. 16, 2002). |
| Exhibit BB20 to the statutory declaration of Bahram Boutorabi Apr. 7, 2009—Authentication and Payment in Asia Pacific (GPayment presentation—May 2, 2002). |
| Exhibit BB21 to the statutory declaration of Bahram Boutorabi Apr. 7, 2009—VeriSign Conference Call and Online Demonstration (GPayments presentation—May 21, 2002). |
| Exhibit BB22 to the statutory declaration of Bahram Boutorabi Apr. 7, 2009—Cached version of www.cyota.com (Feb. 13, 2002). |
| Exhibit BB23 to the statutory declaration of Bahram Boutorabi Apr. 7, 2009—PC-EFTPOS website (as at Apr. 7, 2009). |
| Exhibit BB24 to the statutory declaration of Bahram Boutorabi Apr. 7, 2009—OCV Implementation Suggestions (Oct. 22, 1999). |
| Exhibit BB25 to the statutory declaration of Bahram Boutorabi Mar. 5, 2010—GPayments ActiveAccess Overview (Apr. 16, 2002). |
| Exhibit BB26 to the statutory declaration of Bahram Boutorabi Mar. 5, 2010—Screen captures from Visa-certified version of GPayments (May 23, 2002). |
| Exhibit BB27 to the statutory declaration of Bahram Boutorabi Mar. 5, 2010—Schedule of certification of ActiveMerchant and ActiveAccess (Jun. 12, 2002). |
| Exhibit BB28 to the statutory declaration of Bahram Boutorabi Mar. 5, 2010—Presentation given at Sun Microsystems (May 2002). |
| Hamann et al. “Securing E-Business Applications Using Smart Cards,” IBM Systems Journal, 2001. vol. 40, No. 3, pp. 635-647. [Accessed May 29, 2013—ProQuest] http://search.proquest.com/docview/222422057. |
| Karpinski. “IBM Payment Software to Run Atop App Server,” InternetWeek, Nov. 1999. No. 790, p. 9. [Accessed May 29, 2013—ProQuest] http://search.proquest.com/docview/226906024. |
| Kutler et al. “MasterCard, IBM Team Up for E-Wallet Distribution,” American Banker, Sep. 15, 1999. vol. 164, No. 177. [Accessed May 29, 2013—ProQuest] http://search.proquest.com/docview/249853957. |
| Malhotra. “Wireless Group Makes Strides, Still Faces Obstacles,” American Banker, Jun. 7, 2002. vol. 167, No. 109. [Accessed May 29, 2013—ProQuest] http://search.proquest.com/docview/249855144. |
| Stallings. “The SET Standard & E-Commerce,” Dr. Dobb's Journal, Nov. 2000. vol. 25, No. 11, pp. 30-36. [Accessed May 29, 2013—ProQuest] http://search.proquest.com/docview/202722072. |
| “Payments Could Be a Gold Mine Standards Remain Overriding Issue, BITS Attempts to Unite Industry,” Retail Delivery System News, Feb. 13, 1998. vol. 3, No. 3, p. 1. [Accessed May 29, 2013—ProQuest] http://search.proquest.com/docview/206583755. |
| Petition to Institute a Covered Business Method Patent Review under Section 18 of the Leahy-Smith America Invents Act and 37 C.F.R. Section 42.300 et seq. regarding U.S. Pat. No. 7,051,002 for Universal Merchant Platform for Payment Authentication, filed with the United States Patent and Trademark Office on Nov. 15, 2013. |
| Petition to Institute a Covered Business Method Patent Review under Section 18 of the Leahy-Smith America Invents Act and 37 C.F.R. Section 42.300 et seq. regarding U.S. Pat. No. 7,693,783 for Universal Merchant Platform for Payment Authentication, filed with the United States Patent and Trademark Office on Nov. 16, 2013. |
| Petition to Institute a Covered Business Method Patent Review under Section 18 of the Leahy-Smith America Invents Act and 37 C.F.R. Section 42.300 et seq. regarding U.S. Pat. No. 8,140,429 for Universal Merchant Platform for Payment Authentication, filed with the United States Patent and Trademark Office on Nov. 15, 2013. |
| Declaration of Jason Napsky in Support of Petitions for Covered Business Method Patent Review regarding U.S. Pat. No. 7,051,002, U.S. Pat. No. 7,693,783 and U.S. Pat. No. 8,140,429 for Universal Merchant Platform for Payment Authentication, executed on Nov. 13, 2013. |
| Declaration of Greg Wooten in Support of Petitions for Covered Business Method Patent Review regarding U.S. Pat. No. 7,051,002, U.S. Pat. No. 7,693,783 and U.S. Pat. No. 8,140,429 for Universal Merchant Platform for Payment Authentication, executed on Nov. 14, 2013. |
| Declaration of Sandeep Chatterjee, Ph.D. in Support of Petitions for Covered Business Method Patent Review regarding U.S. Pat. No. 7,051,002, U.S. Pat. No. 7,693,783 and U.S. Pat. No. 8,140,429 for Universal Merchant Platform for Payment Authentication. |
| Exhibit 1010 in Support of Petitions for Covered Business Method Patent Review regarding U.S. Pat. No. 7,051,002, U.S. Pat. No. 7,693,783 and U.S. Pat. No. 8,140,429 for Universal Merchant Platform for Payment Authentication, SOAP Version 1.2, W3C Working Draft Jul. 9, 2001, http://www.w3.org/TR/2001/WD-soap12-20010709/. |
| IBM & Microsoft Corp., “Web Services Framework”, Apr. 11, 2001. |
| “N Software's MPI Software”, 2002 (no document available). |
| Abad-Peiro et al., “Designing a Generic Payment System”, Nov. 26, 1996. |
| Bartolini et al., “Requirements for Automated Negotiation”, Apr. 11, 2001. |
| Best, “WSWS Position Paper”, Apr. 11, 2001. |
| Bettag, “Position Paper for W3C Workshop on Web Services”, Apr. 11, 2001. |
| Bosworth, “Developing Web Services”, Apr. 11, 2001. |
| Brown, “VeriSign Web Services Positioning Paper”., Apr. 11, 2001. |
| Brown, “Reliable Messaging”, Apr. 11, 2001. |
| Camarena, “WebMethods Position on Web Services”, Apr. 11, 2001. |
| Cutler, “Chevron Interest in Web Services Workshop”, Apr. 11, 2001. |
| Daniels, “Web Services Position Paper”, Apr. 11, 2001. |
| Derose, “Position Paper for the W3C WSDL Workshop”, Apr. 11, 2001. |
| Dornfest, “Position Paper for W3C Workshop on Web Services”, Apr. 11, 2001. |
| Douglas, “Infrastructure Requirements for Business-Class Web Services”, Apr. 11, 2001. |
| Edgar, “W3C Web Services: A Position Paper for the W3C”, Apr. 11, 2001. |
| Eisenberg, “W3C Web Services Workshop Position Paper: Preparing for the Web Services Paradigm”, Apr. 11, 2001. |
| Evans, “Transaction Internet Protocol: Facilitating Distributed Internet Applications”, Apr. 11, 2001. |
| Ferguson, “Web Services Architecture: Direction and Position Paper”, Apr. 11, 2001. |
| Frolund, et al., “Transactional Conversations”, Apr. 11, 2001. |
| Fuchs, “Commerce One Position Paper—Workshop on Web Services”, Apr. 11, 2001. |
| Gartner, “W3C Web Services Workshop—Position Paper”, Apr. 11, 2001. |
| Govindarajan et al., “Conversation Definitions: Defining Interfaces of Web Services” Apr. 11, 2001. |
| Govindarajan, et al., “Web Services Architecture Overview Paper”, Apr. 11, 2001. |
| Guardalben, “W3C Web Services Workshop Position Paper”, Apr. 11, 2001. |
| Gudgin, et al., “SOAP Version 1.2 Specification”, Jul. 9, 2001. |
| Hale, “Content Management for Web Services”, Apr. 11, 2001. |
| Hall, et al., “Web Services Workshop Intel Position”, Apr. 11, 2001. |
| Ingham et al., “Position Paper on Web Transactions”, Apr. 11, 2001. |
| Isaacson, “Web Services Workshop Position Paper”, Apr. 11, 2001. |
| Iwasa, “Fujitsu Position Paper for Workshop on Web services”, Apr. 11, 2001. |
| Jerbic, “Hewlett Packard Position Paper to the Worldwide Web Consortium Workshop on Web Services”, Apr. 11, 2001. |
| Karakashian, “BEA Position Paper on the W3C Web Services Workshop”, Apr. 11, 2001. |
| Karp, et al., “Advertising and Discovering Business Services”, Apr. 11, 2001. |
| Ketchpel, et al., “U-PAI: A Universal Payment Application Interface”, 1996. |
| Laskey, “Position Paper Regarding Web Services”, Apr. 11, 2001. |
| Machiraju, “A Peer-to-Peer Service Interface for Manageability”, Apr. 11, 2001. |
| Manes, “Enabling Open, Interoperable, and Smart Web Services: The Need for Shared Context”, Apr. 11, 2001. |
| Mitra, “Ericsson contribution to the W3C Workshop on Web Services”, Apr. 11, 2001. |
| Moberg, “Web Services, Synchronous Collaborations, and Solutions to Distributed Process Coordination Problems Reflecting Legacy Integration Latencies”, Apr. 11, 2001. |
| Morciniec, et al., “Towards the Electronic Contract”, Apr. 11, 2001. |
| Moreau et al., “Using XML for Describing Web Services”, Apr. 11, 2001. |
| Mullins, “Web Services Workshop Position Paper”, Apr. 11, 2001. |
| Newcomer, et al., “Web Services Definition Position Paper”, Apr. 11, 2001. |
| Nielsen, “SOAP Addressing and Path Modeling”, Apr. 11, 2001. |
| Nottingham, “Web Service Scalability and Performance with Optimising Intermediaries”, Apr. 11, 2001. |
| Ogbuji, “Position Paper for W3C Workshop on Web Services”, Apr. 11, 2001. |
| Orchard, “Jamcracker W3C Web Services Workshop Position Paper ”, Apr. 11, 2001. |
| Prud'Hommeaux, Eric, “Semantic Web Position Paper”, Apr. 11, 2001. |
| Reagle, Jr., XML Security:, Apr. 11, 2001. |
| Reed, “Requirements for a Global Identity Management Service”, Apr. 11, 2001. |
| Sabbouh, et al., “Interoperability: Workshop on Web Services”, Apr. 11, 2001. |
| Sankar, WebServices Framework & Assertion Exchange using SAML Apr. 11, 2001. |
| Scott, “The Road to Web Services”, Apr. 11, 2001. |
| Seaborne et al., “A Framework for Business Composition”, Apr. 11, 2001. |
| Sedukhin, “Platform for Assembly, Orchestration, and Management of Web Services”, Apr. 11, 2001. |
| Service Real Authentication Data Storage, Aug. 14, 2002. |
| Sormunen, “Position Paper to W3C Forum WorkShop Web Services”, Apr. 11, 2001. |
| Srivastava, “Oracle Dynamic Services: Oracle's Web Services Framework”, Apr. 11, 2001. |
| Tauber, “Protocol for Accessing RDF-Based Registries”, Apr. 11, 2001. |
| Tenenbaum et al., “Eco System: An Internet Commerce Architecture”, May 1997. |
| Thatte, “Message Exchange Protocols for Web Services”, Apr. 11, 2001. |
| Thompson, “Web Services—Beyond HTTP Tunneling”, Apr. 11, 2001. |
| Verified by Visa (VbV) Protocol, (NS 000580-680), 2001. |
| Virdhagriswaran, et al., “Two Level Architecture for Web Service Interactions”, Apr. 11, 2001. |
| Whitmer, “Web Services for Clients”, Apr. 11, 2001. |
| Wiechers, “SAP Position Paper”, Apr. 11, 2001. |
| Winer, “UserLand's Position on Web Services”, Apr. 11, 2001. |
| Zilles et al., “Position paper”, Apr. 11, 2001. |
| Gpayments: Visa 3-D Secure vs. MasterCard SPA, Mar. 1, 2002, pp. 1-37. |
| Number | Date | Country | |
|---|---|---|---|
| 20180018662 A1 | Jan 2018 | US |
| Number | Date | Country | |
|---|---|---|---|
| 62362876 | Jul 2016 | US |
