Techniques for token proximity transactions

Information

  • Patent Grant
  • 12028337
  • Patent Number
    12,028,337
  • Date Filed
    Tuesday, October 8, 2019
    5 years ago
  • Date Issued
    Tuesday, July 2, 2024
    4 months ago
Abstract
Systems and methods are provided to enable a user to conduct a transaction using their credentials stored on a secure server computer (e.g., a computer associated with a partner such as another merchant) by merely presenting their authentication data at a physical location via an auxiliary device. An auxiliary device may be provided for interfacing with a partners backend server (e.g., the secure server computer). In some embodiments, biometric authentication may provide a mechanism for a true seamless and potentially frictionless (in the case of modalities that do not require physical contact) interaction. Payment can occur without any need for a card, phone, wearable, or any other user device as long as the auxiliary device is able to recognize the user and retrieve a credential that can be linked to that user.
Description
BACKGROUND

A user can utilize a user device such as a mobile phone to perform transactions. A user device is used to perform a token provisioning process that enables a token to be stored at the user device. The user may cause the user device to interact with an access device, and may pass the token to the access device to conduct a transaction. During the transaction, a real credential associated with the user may replace the token during an authorization process. Separately, to perform a transaction using the user device, the user needs to authenticate himself or herself. The user may authenticate himself or herself with a personal identification number or other authentication data. Consequently, performing a transaction with a user device can involve a number of steps with is cumbersome.


In addition, physical user devices are often needed to conduct transactions at access devices. The need to have a physical user device to access a resource at an access device is also cumbersome. For example, a user may not be in possession of a physical user device when the user wants to conduct a transaction, yet may wish to conduct a transaction nonetheless.


Still further, existing physical access devices may be legacy access devices, that may not be capable of conducting transactions using tokens or credentials that originate from a source other than a user device. As such, legacy access devices may be incapable of running certain types of transactions that would otherwise be desirable to conduct.


Embodiments of this disclosure address these and other problems, individually and collectively.


SUMMARY

One embodiment of the invention is directed to a method. The method may comprise receiving, by an auxiliary device in communication with an access device, authentication data from a user. The method may further comprise initiating, by the auxiliary device, verifying the authentication data. The method may further comprise requesting, by the auxiliary device, a token from a secure server computer. The method may further comprise receiving, by the auxiliary device, the token and a transaction authentication verification value. The method may further comprise providing, by the auxiliary device, the token and the transaction authentication verification value to the access device, wherein the access device generates an authorization request message.


Another embodiment of the invention is directed to an auxiliary device. The auxiliary device may be in communication with An access device. The auxiliary may comprise a processor and a computer readable medium coupled to the processor, the computer readable medium comprising code executable by the processor to cause the auxiliary device to perform operations. The operations may comprise receiving authentication data associated with a user. The operations may further comprise verifying the authentication data. The operations may further comprise requesting a token from a secure server computer. The operations may further comprise receiving the token from the secure server computer. The operations may further comprise obtaining a verification value for the token. The operations may further comprise providing the token and the verification value to the access device, wherein the access device generates an authorization request message.


Another embodiment of the invention is directed to another method. The method may comprise receiving, by a processing network computer from an access device, an authorization request message comprising data in a first transaction data format. The method may further comprise converting, by the processing network computer, the data in the first transaction data format to a second transaction data format. The method may further comprise transmitting, by the processing network computer, an authorization request message including data in the second transaction data format to an authorizing entity computer for authorization.


Another embodiment of the invention is directed to a processing network computer comprising a processor and a computer readable medium coupled to the processor, the computer readable medium comprising code executable by the processor to cause the processing network computer to perform operations. The operations may comprise receiving an authorization request message comprising data in a first transaction data format. The operations may comprise converting the data in the first transaction data format to a second transaction data format. The operations may comprise transmitting an authorization request message including data in the second transaction data format to an authorizing entity computer for authorization.


Another embodiment of the invention is directed to another method. The method may comprise generating, by a first computer, a request for a plurality of cryptograms for transactions involving tokens. The method may comprise transmitting the request to a second computer. The method may comprise receiving, by the first computer from the second computer, the plurality of cryptograms. The method may comprise storing, by the first computer, the plurality of cryptograms for subsequent use. In some embodiments, the first computer is a token provider computer and the second computer is a secure server computer.


Another embodiment of the invention is directed to a token provider computer comprising a processor and a computer readable medium coupled to the processor, the computer readable medium comprising code executable by the processor to cause the token provider computer to perform operations. The operations may comprise receiving, from a token requestor computer, a request for a token. The operations may comprise generating the token. The operations may comprise receiving, from the token requestor computer, a cryptogram request for a number of cryptograms associated with the token. The operations may comprise obtaining profile data for a token requestor corresponding to the token requestor computer. The operations may comprise determining that the token requestor associated with the token requestor computer is authorized to pre-fetch multiple cryptograms in a single request. The operations may comprise transmitting a response with a plurality of cryptograms to the token requestor computer.


Another embodiment of the invention is directed to another method. The method may comprise receiving, by a device in communication with an access device, a token and a single use value associated with a credential of a user. The method may comprise receiving, by the device from the access device, access device data comprising at least an unpredictable value. The method may comprise generating, by the device, an authorization request cryptogram. The method may comprise transmitting, by the device, the token and the authorization request cryptogram to the access device. In some embodiments, the access device generates an authorization request message and transmits the authorization request message to an authorizing computer for authorization. In some embodiments, the device may be an auxiliary device.


Another embodiment of the invention is directed to a device comprising a processor and a computer readable medium coupled to the processor, the computer readable medium comprising code executable by the processor to cause the device to perform operations. In some embodiments, the device is in communication with an access device. The operations may comprise receiving a single use value and a token associated with a credential of a user. The operations may comprise receiving access device data comprising at least an unpredictable value. The operations may comprise generating an authorization request cryptogram. The operations may comprise transmitting the token and the authorization request cryptogram to an access device in communication with the device. In some embodiments, the access device generates an authorization request message and transmits the authorization request message to an authorizing computer for authorization. In some embodiments, the device is an auxiliary device or a secure element device.


Another embodiment of the invention is directed to another method. The method may comprise receiving, by a secure element device in communication with an auxiliary device and an access device, a token and a cryptographic key associated with a credential of a user. In some embodiments, the token and cryptographic key may be received from the auxiliary device. The method may further comprise receiving, by the secure element device from the access device, access device data comprising at least an unpredictable value. The method may further comprise generating, by the secure element device, an interaction cryptogram. The method may further comprise transmitting, by the secure element device, the token and the interaction cryptogram to the access device. In some embodiments, the access device generates an authorization request message and transmits the authorization request message to an authorizing computer for authorization.


Another embodiment of the invention is directed to a secure element device comprising a secure memory space, a processor, and a computer readable medium coupled to the processor, the computer readable medium comprising code executable by the processor to cause the secure element device to perform operations. In some embodiments, the secure element device may be in communication with an access device and an auxiliary device. The operations may comprise receiving, from the auxiliary device, a token and cryptographic key associated with a credential of a user. The operations may comprise storing the token and the cryptographic key in the secure memory space. The operations may comprise receiving access device data comprising at least an unpredictable value. The operations may comprise generating an interaction cryptogram. The operations may comprise transmitting the token and the interaction cryptogram to an access device in communication with the secure element device. In some embodiments, the access device generates an authorization request message and transmits the authorization request message to an authorizing computer for authorization.


Further details regarding embodiments of the invention can be found in the Detailed Description and the Figures.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 shows an exemplary system and a process flow diagram, in accordance with at least one embodiment.



FIG. 2 shows an exemplary system and a process flow diagram illustrating a token and/or cryptogram provisioning process, in accordance with at least one embodiment.



FIGS. 3-6 shows exemplary methods for authenticating a user, in accordance with at least one embodiment.



FIG. 7 shows an process flow diagram for an exemplary process for generating multiple cryptograms, in accordance with at least one embodiment.



FIG. 8 shows an exemplary process flow diagram for performing a biometric enrollment process, in accordance with at least one embodiment.



FIG. 9 shows an exemplary system and process flow diagram for performing a biometric enrollment process during a transaction, in accordance with at least one embodiment.



FIG. 10 shows an exemplary process flow diagram for performing a transaction utilizing biometric data associated with a user, in accordance with at least one embodiments.



FIG. 11 shows an exemplary system and process flow diagram illustrating a limited-use key provisioning process, according to some embodiments.



FIG. 12 shows an exemplary system and process flow diagram illustrating use case in which an auxiliary device is used to emulate a user device, according to some embodiments.



FIG. 13 shows an exemplary process flow diagram illustrating a use case in which secure element device is used to perform a transaction, according to some embodiments.



FIG. 14 shows an exemplary process flow diagram for utilizing a single use value for generating a cryptogram, according to at least on embodiment.



FIG. 15 shows an exemplary process flow diagram for utilizing a single use value for generating a cryptogram, according to at least on embodiment.



FIG. 16 shows an exemplary auxiliary device, in accordance with at least one embodiment.



FIG. 17 shows an exemplary secure server computer, in accordance with at least one embodiment.



FIG. 18 shows an exemplary secure element, in accordance with at least one embodiment.





DETAILED DESCRIPTION

Prior to discussing embodiments of the invention, some terms can be described in further detail.


A “user” may include an individual or a computing device. In some embodiments, a user may be associated with one or more personal accounts and/or mobile devices. In some embodiments, the user may be a cardholder, account holder, or consumer.


A “computing device” may be any suitable electronic device that can process and communicate information to other electronic devices. The computing device may include a processor and a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor. The computing device may also each include an external communication interface for communicating with each other and other entities. Examples of computing devices may include user devices, access devices, mobile devices, auxiliary devices, server computers, resource provider computers, processing network computers, authorizing entity computers, transport computers, token provider computers, and the like.


A “user device” may be any suitable device operated by a user. User devices may be in any suitable form. Some examples of user devices include cellular phones, smartphones, mobile phones, payment cards, smartcards, PDAs, personal computers (PCs), tablet computers, and the like. In some embodiments, where a user device is a mobile device, the mobile device may include a display, a memory, a processor, a computer-readable medium, and any other suitable component.


A “mobile device” may comprise any suitable electronic device that may be transported and operated by a user, which may also provide remote communication capabilities to a network. A mobile device such as a mobile communication device may communicate using a mobile phone (wireless) network, wireless data network (e.g. 3G, 4G or similar networks), Wi-Fi, Bluetooth, Bluetooth Low Energy (BLE), Wi-Max, or any other communication medium that may provide access to a network such as the Internet or a private network. Examples of mobile devices include mobile phones (e.g. cellular phones), PDAs, tablet computers, net books, laptop computers, wearable devices (e.g., watches), vehicles such as automobiles and motorcycles, personal music players, hand-held specialized readers, etc. A mobile device may comprise any suitable hardware and software for performing such functions, and may also include multiple devices or components (e.g. when a device has remote access to a network by tethering to another device—i.e. using the other device as a modem—both devices taken together may be considered a single mobile device).


An “access device” may be any suitable device for providing access to an external computer system. An access device may be in any suitable form. Some examples of access devices include point of sale (POS) devices, cellular phones, PDAs, personal computers (PCs), tablet PCs, hand-held specialized readers, set-top boxes, electronic cash registers (ECRs), automated teller machines (ATMs), virtual cash registers (VCRs), kiosks, security systems, access systems, Websites, and the like. An access device may use any suitable contact or contactless mode of operation to send or receive data from, or associated with, a mobile device. In some embodiments, where an access device may comprise a POS terminal, any suitable POS terminal may be used and may include a reader, a processor, and a computer-readable medium. A reader may include any suitable contact or contactless mode of operation. For example, exemplary card readers can include radio frequency (RF) antennas, optical scanners, bar code readers, or magnetic stripe readers to interact with a mobile device.


An “auxiliary device” may include any suitable computing device that provides supporting functionality to a process. By way of example, an auxiliary device may provide supporting functionality to a payment process.


A “secure element device” may include any suitable computing device that includes a secure element such as secure memory. “Secure memory” refers to any suitable memory of the computing device that is protected such that processes and/or entities not allocated to the secure memory may not access the secure memory. An example of secure memory may include an enclave (e.g., memory that is encrypted and managed by a chipset of the computing device). In some embodiments, information stored in secure memory may be encrypted.


An “application” may be a computer program that is used for a specific purpose.


“Authentication data” may include any data suitable for authenticating a user or device. Authentication data may be obtained from a user or a device that is operated by the user. Examples of authentication data obtained from a user may include PINs (personal identification numbers), biometric data (e.g., fingerprint, facial scan, retina scan, etc.), passwords, etc. Examples of authentication data that may be obtained from a device may be include device serial numbers, hardware secure element identifiers, device fingerprints, phone numbers, IMEI numbers, etc.


“Access data” may include any suitable data that can be used to access a resource or create data that can access a resource. In some embodiments, access data may be account information for a payment account. Account information may include a PAN (primary account number), payment token, expiration date, verification values (e.g., CVV, CVV2, dCVV, dCVV2), etc. In other embodiments, access data may be data that can be used to activate account data. For example, in some cases, account information may be stored on a mobile device, but may not be activated until specific information is received by the mobile device. In other embodiments, access data could include data that can be used to access a location. Such access data may be ticket information for an event, data to access a building, transit ticket information, etc. In yet other embodiments, access data may include data used to obtain access to sensitive data. Examples of access data may include codes or other data that are needed by a server computer to grant access to the sensitive data.


An “access request” may include a request for access to a resource. The resource may be a physical resource (e.g., good), digital resources (e.g., electronic document, electronic data, etc.), or services. In some cases, an access request may be submitted by transmission of an access request message that includes access request data. Typically a device associated with a requestor may transmit the access request message to a device associated with a resource provider.


“Access request data” may include any information surrounding or related to an access request. Access request data may include access data. Access request data may include information useful for processing and/or verifying the access request. For example, access request data may include details associated with entities (e.g., resource provider computer, processor server computer, authorization computer, etc.) involved in processing the access request, such as entity identifiers (e.g., name, etc.), location information associated with the entities, and information indicating the type of entity (e.g., category code). Exemplary access request data may include information indicating an access request amount, an access request location, resources received (e.g., products, documents, etc.), information about the resources received (e.g., size, amount, type, etc.), resource providing entity data (e.g., resource provider data, document owner data, etc.), user data, date and time of an access request, a method utilized for conducting the access request (e.g., contact, contactless, etc.), and other relevant information. Access request data may also be known as access request information, transaction data, transaction information, or the like.


A “digital wallet” can include an electronic device that allows an individual to conduct electronic commerce transactions. A digital wallet may store user profile information, credentials, bank account information, one or more digital wallet identifiers and/or the like and can be used in a variety of transactions, such as, but not limited to, e-commerce transactions, social network transactions, money transfer/personal payment transactions, mobile commerce transactions, proximity payment transactions, gaming transactions, etc. A digital wallet may be designed to streamline the purchase and payment process. A digital wallet may allow the user to load one or more payment cards onto the digital wallet so as to make a payment without having to enter an account number or present a physical card. A provider (e.g., an entity that hosts the digital wallet) may be referred to as a “digital wallet provider.”


A “biometric” may be any human characteristic that is unique to an individual. For example, a biometric may be a person's fingerprint, voice sample, face, DNA, retina, etc.


A “biometric reader” may include a device for capturing data from an individual's biometric sample. Examples of biometric readers may include fingerprint readers, front-facing cameras, microphones, and iris scanners.


A “biometric sample” may include data obtained by a biometric reader. The data may be either an analog or digital representation of the user's biometric, generated prior to determining distinct features needed for matching. For example, a biometric sample of a user's face may be image data. In another example, a biometric sample of a user's voice may be audio data.


A “biometric template” or “biometric sample template” may include a file containing distinct characteristics extracted from a biometric sample that may be used during a biometric authentication process. For example, a biometric template may be a binary mathematical file representing the unique features of an individual's fingerprint, eye, hand or voice needed for performing accurate authentication of the individual.


“Biometric data” includes data that can be used to uniquely identify an individual based upon one or more intrinsic physical or behavioral traits. For example, biometric data may include fingerprint data and retinal scan (e.g. eye scan) data. Further examples of biometric data include digital photographic data (e.g., facial recognition data), deoxyribonucleic acid (DNA) data, palm print data, hand geometry data, and iris recognition data.


A “credential” may be any suitable information that serves as reliable evidence of worth, ownership, identity, or authority. A credential may be a string of numbers, letters, or any other suitable characters, as well as any object or document that can serve as confirmation. Examples of credentials include value credentials, identification cards, certified documents, access cards, passcodes and other login information, etc. Other examples of credentials include PANs (primary account numbers), PII (personal identifiable information) such as name, address, and phone number, and the like.


“Payment credentials” may include any suitable information associated with an account (e.g. a payment account and/or payment device associated with the account). Such information may be directly related to the account or may be derived from information related to the account. Examples of account information may include a PAN (primary account number or “account number”), user name, expiration date, CVV (card verification value), dCVV (dynamic card verification value), CVV2 (card verification value 2), CVC3 card verification values, etc. CVV2 is generally understood to be a static verification value associated with a payment device. CVV2 values are generally visible to a user (e.g., a consumer), whereas CVV and dCVV values are typically embedded in memory or authorization request messages and are not readily known to the user (although they are known to the issuer and payment processors). Payment credentials may be any information that identifies or is associated with a payment account. Payment credentials may be provided in order to make a payment from a payment account. Payment credentials can also include a user name, an expiration date, a gift card number or code, and any other suitable information.


An “authorizing entity” may be an entity that authorizes a request, typically using an authorizing computer to do so. An authorizing entity may be an issuer, a governmental agency, a document repository, an access administrator, etc. An “issuer” may typically include a business entity (e.g., a bank) that maintains an account for a user. An issuer may also issue payment credentials stored on a user device, such as a cellular telephone, smart card, tablet, or laptop to the user. A computing device operated by or on behalf of an authorizing entity may be referred to as an “authorizing entity computer.”


A “resource provider” can be any suitable entity that provides resources (e.g., goods, services, access to secure data, access to locations, or the like). For example, a resource providing entity can be a merchant, a payment processor, a digital wallet provider, a venue operator, a building owner, a governmental entity, etc. A “merchant” may typically be an entity that engages in transactions and can sell goods or services, or provide access to goods or services. A computing device operated by or on behalf of a resource provider may be referred to as a “resource provider computer.”


A “partner” can be an entity such as a resource provider such as a merchant (or computers operated by such entities). A “partner device” can be any suitable computing device operating by or on behalf of a partner.


A “secure server computer” can be a server computer that securely stores data. As a non-limiting example, a secure server computer can be part of a partner's cloud-computing environment. A “cloud-computing environment” may include a network of one or more server computers hosted on a network (e.g., the Internet) that are utilized to store, manage, and process data.


An “acquirer” may typically be a business entity (e.g., a commercial bank) that has a business relationship with a resource provider. Some entities can perform both issuer and acquirer functions. Some embodiments may encompass such single entity issuer-acquirers. A computing device operated by or on behalf of a resource provider may be referred to as a “transport computer.”


A “token provider computer” can include an electronic device that services payment tokens and/or cryptograms. In some embodiments, a token provider computer can facilitate requesting, determining (e.g., generating) and/or issuing (provisioning, transmitting, etc.) tokens and/or cryptograms, as well as maintaining an established mapping of tokens to primary account numbers (PANs) (e.g., real account identifiers) and/or cryptograms in a repository. In some embodiments, the token provider computer may establish a token assurance level for a given token to indicate the confidence level of the token to PAN binding. The token provider computer may include or be in communication with a token data store wherein the generated tokens/cryptograms are stored. The token provider computer may support token processing of payment transactions submitted using tokens by de-tokenizing the token to obtain the actual PAN. In some embodiments, a token provider computer may include a tokenization computer alone, or in combination with other computers such as a transaction processing computer. Various entities of a tokenization ecosystem may assume the roles of the token provider computer. For example, payment networks and issuers or their agents may become the token provider computer by implementing the token services according to embodiments of the present invention.


A “processing network computer” may include a server computer used for processing transactions from a network. In some embodiments, the processing network computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers or user devices. The processing network computer may comprise one or more computational apparatuses and may use any of a variety of computing structures, arrangements, and compilations for servicing the requests from one or more client computers or user devices. In some embodiments, the processing network computer may operate multiple server computers. In such embodiments, each server computer may be configured to process a transaction for a given region or handles transactions of a specific type based on transaction data.


The processing network computer may include data processing subsystems, networks, and operations used to support and deliver authorization services, exception file services, and clearing and settlement services. An exemplary processing network computer may include VisaNet™. Networks that include VisaNet™ are able to process credit card transactions, debit card transactions, and other types of commercial transactions. VisaNet™, in particular, includes an integrated payments system (Integrated Payments system) which processes authorization requests and a Base II system, which performs clearing and settlement services. The processing network computer may use any suitable wired or wireless network including the Internet.


The processing network computer may process transaction-related messages (e.g., authorization request messages and authorization response messages) and determine the appropriate destination computer (e.g., issuer computer/authorizing entity computer) for the transaction-related messages. In some embodiments, the processing network computer may authorization transactions on behalf of an issuer. The processing network computer may also handle and/or facilitate the clearing and settlement of financial transactions.


A “cryptographic key” (also referred to as a “key”) may include a piece of information that is used in a cryptographic algorithm to transform data into another representation. A cryptographic algorithm can be an encryption algorithm that transforms original data into an alternate representation, or a decryption algorithm that transforms encrypted information back to the original data. Examples of cryptographic algorithms may include triple data encryption standard (TDES), data encryption standard (DES), advanced encryption standard (AES), etc.


A “limited use key” may include a cryptographic key for which use is limited. By way of example, a limited use key may be a cryptographic key associated with a limited use threshold. A limited-use threshold may be exceeded or exhausted when an underlying condition is met. For example, a limited-use threshold may include a time-to-live that indicates an amount of time for which a piece of information (e.g., a limited use key) is valid, and once that amount of time has elapsed, the limited-use threshold is exceeded or exhausted, and the piece of information (e.g., the limited use key) may become invalid and may no longer be used. As another example, a limited-use threshold may include a number of times that a piece of information (e.g., the limited use key) can be used, and once the piece of information (e.g., the limited use key) has been used for that number of times, the limited-use threshold is exceeded or exhausted, and the piece of information (e.g., the limited use key) may become invalid and may no longer be used. A limited use key may be derived from account data of a user, and may be provided to a user device operated by a user. It may alternatively be generated by the user device.


A “cryptogram” may include an encrypted representation of some information. A cryptogram may include a token authentication verification value (TAW) associated with a token. A cryptogram can be used by a recipient to determine if the generator of the cryptogram is in possession of a proper key, for example, by encrypting the underlying information with a valid key, and comparing the result to the received cryptogram. A cryptogram may include encrypted characters. Cryptograms can be of any suitable length and may be formed using any suitable data transformation process. Exemplary data transformation processes include encryption, and encryption processes such as DES, triple DES, AES, and ECC may be used. Keys used with such encryption process can be of any appropriate length and may have any suitable characteristics. In some embodiments, a cryptogram may include encrypted token data associated with a token (e.g., a token domain, a token expiry date, etc.). In some embodiments, a cryptogram may be used to validate the token. For example, a cryptogram may be used to validate that the token is being used within a token domain and/or by a token expiry date associated with the token. In some embodiments, a cryptogram may be used in a payment process, and may be generated by a card or device with the unique derivation key (UDK) or a limited-use key (LUK) and additional information (e.g., a primary account number, token, and/or information from a chip and point-of-sale (POS)). Different types of payment cryptograms can be used in different settings.


An “interaction cryptogram” may include a cryptogram that is generated in response to an interaction between entities. In some embodiments, an interaction cryptogram may be generated using a limited-use key, an encryption algorithm, and inputs. An “ARQC” (also referred to as an authorization request cryptogram” may include a cryptogram that is generated utilizing a single use value. A “single use value” may be a value that may be used only once. In some embodiments, a single use value may be a counter, an unpredictable number, etc.


A “token domain” may indicate an area and/or circumstance in which a token can be used. Examples of the token domain may include, but are not limited to, payment channels (e.g., e-commerce, physical point of sale (POS), etc.), POS entry modes (e.g., contactless, magnetic stripe, etc.), and resource provider identifiers (e.g., merchant identifiers) to uniquely identify where the token can be used. A set of parameters (i.e. token domain restriction controls) may be established as part of token issuance by the token service provider that may allow for enforcing appropriate usage of the token in transactions. For example, the token domain restriction controls may restrict the use of the token with particular presentment modes, such as contactless or e-commerce presentment modes. In some embodiments, the token domain restriction controls may restrict the use of the token at a particular resource provider (e.g., a merchant) that can be uniquely identified. Some exemplary token domain restriction controls may require the verification of the presence of a token cryptogram that is unique to a given transaction. In some embodiments, a token domain can be associated with a token requestor.


“Token expiry date” may include the expiration date/time of the token. The token expiration date may be a numeric value (e.g. a 4-digit numeric value). In some embodiments, the token expiry date can be expressed as a time duration as measured from the time of issuance.


A “digital signature” may include the result of applying an algorithm based on a public/private key pair, which allows a signing party to manifest, and/or a verifying party to verify, the authenticity and/or integrity of a document. The signing party acts by means of the private key and the verifying party acts by means of the public key. This process certifies the authenticity of the sender, the integrity of the signed document and the so-called principle of nonrepudiation, which does not allow disowning what has been signed. A certificate or other data that includes a digital signature by a signing party is said to be “signed” by the signing party. In some embodiments, the digital signature may be performed in accordance with RSA public key cryptography.


A “master derivation key” (MDK) can be a key used to generate other keys. An MDK may be managed by an issuer of an account. MDKs may be managed on a per bank identification number (BIN) basis. The MDK may be used for card production, payment processing, etc. In some embodiments, an MDK may be managed by a processor computer that performs token management functions. Such an MDK may be used for token management and validation.


A “cryptogram generation key,” (e.g., a unique derivation key (UDK)), can be a key for generating cryptograms. A cryptogram generation key may generated from an MDK, directly or by way of another key. In some embodiments, a cryptogram generation key is a per-card key. The cryptogram generation key may be stored on a chip on a card or a device (e.g. mobile phone).


A “real account identifier” may include an original account identifier associated with a payment account. For example, a real account identifier may be a primary account number (PAN) issued by an issuer fora card account (e.g., credit card, debit card, etc.). For instance, in some embodiments, a real account identifier may include a sixteen digit numerical value such as “4147 0900 0000 1234.” The first six digits of the real account identifier (e.g., “414709”), may represent a real issuer identifier (BIN) that may identify an issuer associated with the real account identifier.


A “token” may be a substitute value for a credential. A token may be a string of numbers, letters, or any other suitable characters. Examples of tokens include payment tokens, access tokens (e.g., for accessing a location), personal identification tokens, etc.


A “payment token” may include an identifier for a payment account that is a substitute for an account identifier, such as a primary account number (PAN). For example, a token may include a series of alphanumeric characters that may be used as a substitute for an original account identifier. For example, a token “4900 0000 0000 0001” may be used in place of a PAN “4147 0900 0000 1234.” In some embodiments, a token may be “format preserving” and may have a numeric format that conforms to the account identifiers used in existing transaction processing networks (e.g., ISO 8583 financial transaction message format). In some embodiments, a token may be used in place of a PAN to initiate, authorize, settle or resolve a payment transaction or represent the original credential in other systems where the original credential would typically be provided. In some embodiments, a token value may be generated such that the recovery of the original PAN or other account identifier from the token value may not be computationally derived. Further, in some embodiments, the token format may be configured to allow the entity receiving the token to identify it as a token and recognize the entity that issued the token.


A “token request message” may be an electronic message for requesting a token. A token request message may include information usable for identifying a payment account (e.g., a real account identifier) or a service provider account (e.g., a digital wallet account), and/or information for generating a token (e.g., a payment token) and/or a unique cryptogram (e.g., a TAW).


A “token response message” may be a message that responds to a token request message. A token response message may include an indication that a token request was approved or denied. A token response message may also include a token (e.g., a payment token), a cryptogram (e.g., a TAVV), and/or any other suitable information.


A “cryptogram request message” may be an electronic message for requesting a cryptogram. A cryptogram request message may include information usable for identifying a payment account (e.g., a real account identifier) or a service provider account (e.g., a digital wallet account), and/or information for generating a cryptogram. A cryptogram request message may be in the same or a different format than a token request message.


A “cryptogram response message” may be a message that responds to a cryptogram request message. A cryptogram response message may include an indication that a cryptogram request was approved or denied. A cryptogram response message may include a cryptogram (e.g., a TAW), and/or any other suitable information. A cryptogram response message may be in the same or a different format than a token response message.


An “enrollment request message” may be an electronic message for requesting enrollment. An enrollment request message may be in any suitable form and may include any suitable data.


An “enrollment response message” may be a message that responds to an enrollment request message. A enrollment response message may include an indication that enrollment was successful or unsuccessful. An enrollment response message may be in any suitable form and may include any suitable data.


An “encryption key request message” may be an electronic message for requesting an encryption key. An encryption key request message may be in any suitable form and may include any suitable data.


An “encryption key response message” may be a message that responds to an encryption key request message. A enrollment response message may include an indication that enrollment was successful or unsuccessful. An enrollment response message may be in any suitable form and may include any suitable data.


The term “authentication” and its derivatives may include a process by which the credential of an endpoint (including but not limited to applications, people, devices, processes, and systems) can be verified to ensure that the endpoint is who they are declared to be.


The term “verification” and its derivatives may include a process that utilizes information to determine whether an underlying subject is valid under a given set of circumstances. Verification may include any comparison of information to ensure some data or information is correct, valid, accurate, legitimate, and/or in good standing.


An “authorization request message” may be an electronic message that is sent to a payment processing network and/or an issuer of a payment card to request authorization for a transaction. An authorization request message according to some embodiments may comply with ISO 8583, which is a standard for systems that exchange electronic transaction information associated with a payment made by a user using a payment device or payment account. The authorization request message may include an issuer account identifier that may be associated with a payment device or payment account. An authorization request message may also comprise additional data elements corresponding to “identification information” including, by way of example only: a service code, a OW (card verification value), a dCVV (dynamic card verification value), an expiration date, etc. An authorization request message may also comprise “transaction information,” such as any information associated with a current transaction, such as the transaction amount, merchant identifier, merchant location, etc., as well as any other information that may be utilized in determining whether to identify and/or authorize a transaction.


An “authorization response message” may be an electronic message reply to an authorization request message generated by an issuing financial institution or a payment processing network. The authorization response message may include, by way of example only, one or more of the following status indicators: Approval—transaction was approved; Decline—transaction was not approved; or Call Center—response pending more information, merchant must call the toll-free authorization phone number. The authorization response message may also include an authorization code, which may be a code that a credit card issuing bank returns in response to an authorization request message in an electronic message (either directly or through the payment processing network) to the merchant's access device (e.g., POS equipment) that indicates approval of the transaction. The code may serve as proof of authorization. As noted above, in some embodiments, a payment processing network may generate or forward the authorization response message to the merchant.


A “transaction data format” may include a data format utilized for a transaction. By way of example, a transaction data format may include a format utilized for an authorization request message and/or authorization response message. In some embodiments, the transaction data format may comply with ISO 8583. Some example transaction data formats may depend on a type of transaction. By way of example, a card-on-file transaction may have the same or different data format as a card-not-present. That is a card-on-file transaction may include the same or a different set of data fields in a same or different order as a card-not-present transaction.


A “server computer” is typically a powerful computer or cluster of computers. For example, the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. In one example, the server computer may be a database server coupled to a Web server.


A “processor” may include any suitable data computation device or devices. A processor may comprise one or more microprocessors working together to accomplish a desired function. The processor may include CPU comprises at least one high-speed data processor adequate to execute program components for executing user and/or system-generated requests. The CPU may be a microprocessor such as AMD's Athlon, Duron and/or Opteron; IBM and/or Motorola's PowerPC; IBM's and Sony's Cell processor; Intel's Celeron, Itanium, Pentium, Xeon, and/or XScale; and/or the like processor(s).


A “memory” may be any suitable device or devices that can store electronic data. A suitable memory may comprise a non-transitory computer readable medium that stores instructions that can be executed by a processor to implement a desired method. Examples of memories may comprise one or more memory chips, disk drives, etc. Such memories may operate using any suitable electrical, optical, and/or magnetic mode of operation.


Embodiments can improve partner systems by providing rapid integration with a token service computer. They can provide token service integration options for partners that allow them to leverage in-store access devices such as NFC (near field communication) point of sale terminals to initiate transactions that use credentials stored in the cloud, rather than credentials stored on portable user devices. Transactions conducted using credentials stored in the cloud may be characterized as CNP (card not present) transactions in some instances. This can be an integration option with a token service system to simplify purchase solutions provided by the partners. In some embodiments, a partner may initiate token transactions such as a card-on-file transaction (e.g., in a first transaction data format) at point of sale terminals in stores. These transaction can be converted to card-not-present transactions (e.g., in a second transaction data format) before sending them to the issuers for payment transaction processing. Embodiments increase the number different types of transactions that can be conducted at merchant access devices (e.g., card not present and card present) without modifying existing legacy access devices or building new access devices.


Embodiments provide the flexibility to the merchant partners to send card present NFC contactless transactions (e.g., payWave transactions) using card-on-file tokens (e.g., tokens that have been previously associated with a card on file) to a payment processing network such as VisaNet™ and convert them to card-not-present token transactions before sending them to the issuer/issuer processor. This can help particular merchants and allow them to send the COF token transactions as if they are card present transactions to reduce the level of integration changes between the merchant and the partner.


In some embodiments, a user (e.g., a consumer) may walk into a partner's physical store. The partner may provide/operate an auxiliary device in the store that enables the consumer to use an existing card-on-file (e.g., payment credential previously provided via a partner's website, credentials stored at a secure server computer, etc.) to use for payments in store. In some embodiments, the user may provide biometric data via the auxiliary device (e.g., via a biometric reader connected to or include in the auxiliary device). The user may be authenticated (e.g., at the auxiliary device, at the secure server computer, etc.) utilizing the biometric data. If verified, the partner can make a request for a card-on-file (COF) token and/or a cryptogram associated with the user/token. The token and/or cryptogram may be associated with a credential of the user (e.g., a payment credential such as a real account identifier). In some embodiments, the secure server computer can request and store more than one cryptogram associated with the user/token at a time. In some embodiments, the auxiliary device may retrieve all cryptograms associated with the user/token from the secure server computer. The auxiliary device may provide the COF token and a cryptogram to another computer device (e.g., an access device). According to various embodiments, the COF token and the pre-fetched cryptograms may not be stored (or stored permanently) locally on the auxiliary device. In some embodiments, such information may only be stored on the secure server computer.


In some embodiments, the access device (or another resource provider computer) sends an authorization request message for a card present (CP) transaction to a processing network computer via a transport computer associated with an acquirer. The payment processing network may convert the authorization request message from a first transaction data format (e.g., a CP transaction format) to a second transaction data format (e.g., a card-not-present (CNP) transaction format). The authorization request message may be then sent to an authorizing entity computer (e.g., operated by or on behalf of an issuer associated with the credential). According to various embodiments, the processing network computer may include a transaction-by-identity identifier (e.g. flag) to the authorization request message. Upon receiving a transaction authorization response message from the issuer for the CNP transaction, the processing network computer may convert the authorization response message from the second transaction data format to the first transaction data format before sending the response to the resource provider (e.g., the access device) via the transport computer.


In some embodiments, a secure element device may be disposed between an auxiliary device and an access device. The auxiliary device may provide the token and/or or any suitable data for generating a cryptogram to the secure element device. By way of example, a limited-use key may be retrieved from a token provider computer by a secure server computer and provided to an auxiliary device. In some embodiments, the limited-use key may be provided by the auxiliary device to a secure element device where it may be stored (at least for a time). The limited-use key and the token may not be stored at the auxiliary device. In some embodiments, the auxiliary device may further provide the secure element device transaction information. The secure element device may receive additional access device data. According to various embodiments, the cryptograms may be associated with security features such as they can be limited to one-time use or a limited time use (associated with an expiration date/time). There may also be sequence limits/restrictions on how the cryptograms may be fetched.


As provided above, according to various embodiments, a secure server computer may retrieve from a token provider computer, a COF token and one or more cryptograms stored in connection with a credential of a user (e.g., a consumer). The token provider computer may store multiple cryptograms associated with a credential (e.g., a real account identifier) of the user. The secure server computer may retrieve and cache the pre-fetched cryptogram(s) to ensure that the token and cryptogram(s) are on hand (e.g., accessible without transmitting another request to the token provider computer) when a customer is standing at the checkout counter at the time of a transaction.


Embodiments may provide a new API to enable a token requestor (e.g. a partner device such as a secure server computer operated by or on behalf of a partner) to obtain a list of cryptograms. In some embodiments, only transaction authentication verification value (TAVV) cryptograms may be supported. In some embodiments, no token or payment instrument information is returned to the partner device. Embodiments may determine and incorporate an attribute to the partner profile at the payment processing network to indicate a maximum number of cryptograms that the partner device can retrieve per API call (e.g. 3, 5, 10, etc.).



FIG. 1 shows an exemplary system 100 and a process flow diagram, in accordance with at least one embodiment. The system 100 includes a user 102 operating a user device (not depicted), an auxiliary device 104, a secure server computer 108, a token provider computer 110, an access device 112, a transport computer 114, a processing network computer 116, and an authorizing entity computer 118. In some embodiments, the access device 112 may be coupled to the auxiliary device 104 or otherwise in communication with the auxiliary device. The secure server computer 108 can communicate with the user device (not depicted), the auxiliary device 104, and the token provider computer 110. In some embodiments, the auxiliary device 104 may have an API that allows it to communicate with the secure server computer 108. The access device 112 may be in communication with a processing network computer 116 and an authorizing entity computer 118 via a transport computer 114 (e.g., a computer operated on behalf of the acquirer of a merchant/provider of the access device 112).


The auxiliary device 104 and the access device 112 may be operatively coupled to each other in any suitable manner. For example, the auxiliary device 104 can be coupled to the access device 112 through a wired or wireless connection.


One method that can be performed by the system in FIG. 1 may include receiving, by an auxiliary device 104 in communication with an access device, authentication data from a user. In some embodiments, the auxiliary device 104 may request a token from the secure server computer 108 and may receive from the secure server computer 108 the token and a cryptogram (e.g., a transaction authentication verification value (TAW) generated by the token provider computer 110 in response to its request. The auxiliary device 104 may provide the token and the TAW to the access device 112, where the access device 112 can generate an authorization request message that may be transmitted to the authorizing entity computer 118 via the transport computer 114 and the processing network computer 116.


In some embodiments, the user 102 may walk into a partner's store and initiate a transaction. For example, the user 102 may select a number of items and an agent of the partner may scan the items to obtain a total amount owed by the user 102 to the partner. The total amount may include a total price for the items plus any suitable taxes and/or fees. The process flow described in connection with FIG. 1 may be utilized by the user 102 to provide payment for the transaction.


An exemplary process is illustrated in FIG. 1. At step 1, a credential (e.g., a real account identifier which has been tokenized) can be stored at the secure server computer 108. As an example, the user 102 may utilize a user device (not depicted) to access a website and/or an application hosted by a partner to provide the credential as part of an enrollment process performed by the user. As an example, the user may associate a payment credential (e.g., a credit card, a debit card, a banking account number, etc.) with their user account associated with the partner's website. The payment credential can be stored at the secure server computer 108 (e.g., the partner's or another entity's cloud-computing environment) for subsequent use.


At step 2, the user 102 can then conduct an authentication process with the auxiliary device 104. By way of example, the user 102 can enter (e.g., via a keyboard, touchpad, biometric reader, etc.) a username and password, a PIN, biometric data, or any suitable data with which the user can be authenticated (e.g., any suitable data that can be compared to previous data stored at the secure server computer 108 and associated with the user 102).


At step 3, the auxiliary device 104 may initiate verification of the authentication data. In some embodiments, the auxiliary device 104 may store authentication data in local memory and may verify the authentication data at the auxiliary device 104. In the example depicted, the auxiliary device 104 initiates verification by requesting verification be conducted by the secure server computer 108. In some embodiments, the auxiliary device 104 may request verification by requesting verification when requesting a token and/or a cryptogram from the secure server computer 108. Advantageously, a single message may be sent from the auxiliary device 104 to the secure server 108 to perform two functions including authenticating the user 102 and requesting the token. This advantageously reduces the number of steps relative to conventional transaction processing.


Verifying the authentication data received at the auxiliary device 104 may include comparing the received authentication data to previously stored authentication data associated with the user. As an example, the user 102 may provide a username and password, a PIN, biometric data, or the like at the auxiliary device 104 and the provided data transmitted to the secure server computer 108 and is compared to data stored at the secure server computer 108. If the received data matches the previously stored data, the user may be authenticated and the process may continue to step 4. If the received data does not match the previously stored data, the user 102 may not be authenticated and access to the token and/or cryptogram may be denied (e.g., a message may be transmitted from the secure server computer 108 to the auxiliary device 104 indicating authentication failed and an indication may be presented at the auxiliary device 104).


At step 4, the secure server computer 108 may request a token (e.g., a payment token corresponding to a credential stored at the secure server computer 108 and associated with the recently authenticated user 102) and/or a cryptogram (e.g., a transaction authentication verification value) from the token provider computer 110. A TAVV cryptogram can be one that accompanies a payment token in an authorization request message. In some embodiments, the TAVV may only be valid for a particular type of transaction channel (e.g., only e-commerce or only physical point of sale transactions). If the token is received during a transaction and the correct TAW does not accompany the token, then the transaction may be denied (e.g., by the processing network computer 116 operated by or on behalf of a processing network).


The token provider computer 110 can generate a token and a TAVV using issuer provided cryptographic keys, an encryption algorithm, and input data such as data associated with a real credential or token. It should be appreciated that the secure server computer 108 may transmit a request for the token in a separate message (e.g., a token request message) and then transmit a request for the cryptogram (e.g., a cryptogram request message). In some embodiments, the secure server computer 108 can request multiple cryptograms (e.g., multiple TAVVS) for the same token. Each cryptogram may be individually be utilized in a subsequent transactions. A cryptogram request for multiple cryptograms may utilize a same or different message than a token request message and/or cryptogram request message. Methods for requesting multiple cryptograms may be discussed further with respect to FIG. 7.


At step 5, the token provider computer 110 can transmit the generated token and cryptogram(s) to the secure server computer 108. The secure server computer 108 can store the token and cryptogram(s) in memory at the secure server computer 108 (and/or at another storage location accessible to the secure server computer 108).


At step 6, the secure server computer 108 may transmit the token and a cryptogram (e.g., a TAVV) to the auxiliary device 104.


At step 7, the auxiliary device 104 can generate (e.g., via an application operating at the auxiliary device 104) a near field communications (NFC) payload incorporating the token and the cryptogram and can initiate an NFC transaction with the access device 112. It should be appreciated that the auxiliary device 104 can utilize any suitable data communication not necessarily NFC to transmit the token and the cryptogram to the access device 112. In some embodiments, the auxiliary device 104 may emulate a payment card (e.g., a smartcard) and may exchange data with the access device 112. Card emulation may be discussed in more detail with respect to FIG. 11. Still alternatively, the auxiliary device 104 may be hardwired or connected via a cable connector to the access device 112 in other embodiments.


At step 8, the access device 112 may send an authorization request message (e.g., an authorization request message indicating a card present transaction) to the transport computer 114 operated by an acquirer. The authorization request message can include data in a first transaction data format such as a card present contactless transaction data format.


At step 9, the transport computer 114 may transmit the authorization request message to the processing network computer 116. The processing network computer 116 can extract the cryptogram (e.g., the TAVV) and can validate the TAVV cryptogram. The TAW can be validated by obtaining cryptogram inputs (e.g., a token, counter, etc.) from the authorization request message, and then the inputs may be encrypted using a cryptographic key corresponding to the cryptographic key used to form the TAVV. The generated TAW can then be compared to the TAW in the authorization request message. If they match, the TAW is validated and the transaction may continue to proceed. If they do not match, then the transaction may be declined. In other embodiments, the TAW can be validated by decrypting the TAW in the authorization request message using a corresponding cryptographic key to obtain the inputs to the TAW. The recovered inputs may be compared with the inputs in the authorization request message to validate the TAW.


At step 10, the processing network computer 116 may detokenize the token to obtain a real account identifier (e.g., a personal account number (PAN) associated with the token. In this regard, the processing network computer 116 may communicate with the token provider computer 110. For example, the processing network computer 116 may provide the token and the cryptogram to the token provider computer 110. The token provider computer 110 may verify that the token and the cryptogram are associated with one another. If so, the token provider computer 110 may respond with the real account identifier associated with the token and cryptogram.


At step 11, the processing network computer 116 may convert the authorization request message to a second transaction data format (e.g., a card not present or e-commerce transaction data format). In some embodiments, the second transaction data format may include an indicator (e.g., an e-commerce (EC) 17 indicator). As an example, the processing network computer 116 may be configured to utilize the following table for performing conversions between a first and second transaction data format.













1st transaction data format
2nd transaction data format


(card present)
(card-not-present)







Field 22: POS Entry Mode
Field 22-POS Entry Mode Code = 01


Code = 07



Field 35-Track 2 Data
No field 35


Field 44.5-CVV/ICVV
No field 44.5


Results Code



Field 45-Track 1 Data
No field 45


Field 55-Cryptogram Chip Data
No field 55


No filed 44.13
Filed 44.13-CAVV Results Code


Field 60.8-Electronic Commerce
Field 60-Electronic Commerce


Indicator = 5
Indicator = 7


TLV Field 123, Usage 2, Dataset
TLV Field 123, Usage 2, Dataset


ID 66-AVS Data
ID 66-AVS Data


TLV Field 123, Usage 2, Dataset
TLV Field 123, Usage 2, Dataset


ID 68-AVS Data
ID 68-AVS Data


No field 126.9
Field 126.9, Usage 3, Position 7, 3-D



Secure CAVV, Revised Format (e.g.,



moved from field 55 of 1st transaction



data format)









At step 12, the processing network computer 116 may transmit the converted authorization request message to the authorizing entity computer 118. The authorizing entity computer 118 receives the authorization request message with the PAN, the TAW, and an EC17 indicator. An EC17 indicator may be an indicator that the TAVV and/or the authorization request message was validated.


At step 13, the authorizing entity computer 118 can approve or decline the authorization request message and can transmit an authorization response message back to processing network computer 116. The authorization response message may be in any suitable format (e.g., the second transaction data format).


At step 14, the processing network computer 116 may transmit the authorization response message to the transport computer 114. It should be appreciated that, in some embodiments, the processing network computer 116 may convert the authorization response message from a second transaction data format to a first transaction data format prior to the transmission.


At step 15, the transport computer 114 may transmit the authorization response message to the access device 112.


At step 16, the auxiliary device 104 can then delete the token and/or cryptogram from memory. It should be appreciated that this deletion can occur at any suitable time after performance of the operations of step 7. In some embodiments, the access device 112 can transmit an indication that the authorization response message of step 15 was received, which can cause the auxiliary device 104 to delete the token and cryptogram from memory. Deletion of the data in the auxiliary device 104 can occur manually (e.g., in response to a user selecting a button on the auxiliary device 104) or automatically (e.g., in response to receiving an authorization response message for the transaction or after a predetermined period of time (e.g., 10 minutes).


At a subsequent time, a clearing and settlement process can be conducted between the transport computer 114, the processing network computer 116, and the authorizing entity computer 118.



FIG. 2 shows an exemplary system 200 and a process flow diagram illustrating a token and/or cryptogram provisioning process, in accordance with at least one embodiment. In some embodiments, some parts the process illustrated in FIG. 2 (e.g., steps 1-7, steps 1-10, etc.) may be performed prior to the process depicted in FIG.


At step 1, a user 102 may utilize an enrollment device 202 to input payment card data (e.g., a credit card number, a debit card number, an expiration date, a cardholder name, a CVV, etc.). In some embodiments, the enrollment device 202 may be an example of the auxiliary device 104 of FIG. 1 and the enrollment device 202 may be located in a physical store (e.g., a merchant's store). The enrollment device 202 may, in that use case, be provided by a partner (e.g., a merchant) for interfacing with the partner's backend system (e.g., the secure server computer 108). As another example, the enrollment device 202 may be a user device of the user 102 and the enrollment device 202 may be utilized to access the partner's website (e.g., hosted by the secure server computer 108 or another suitable system) in order to provide the payment card data.


In either scenario, at step 2, the enrollment device 202 may be utilized to provide the payment card data to the secure server computer 108. The payment card data may be stored at the secure server computer 108 and associated with the user 102 (e.g., via a user account associated with the user 102 and managed by the secure server computer 108).


At step 3, the secure server computer 108 may submit a token request to a token provider computer 110 for a token (e.g., for a card on file token). The token request may be in any suitable form (e.g., a token request message).


At step 4, the token provider computer 110 may perform an eligibility check. By way of example, the token provider computer 110 may transmit a message (e.g., a token request message or any suitable message) to the authorizing entity computer 118 to check for the issuer's participation and/or to request tokenization. In some embodiments, the token provider computer 110 may request approval to generate the token from the authorizing entity computer 118 without performing identification and/or verification of the user 102. Accordingly, in some embodiments, the token provider computer 110 may rely on authentication efforts and/or an assertion that the user 102 has been authentication as provided by the secure server computer 108.


At step 5, the authorizing entity computer 118 may use the data received at step 4 to determine whether to approve or decline the request. The authorizing entity computer 118 may transmit a response (e.g., a token response message or any suitable message) to the token provider computer 110 indicating the request has been approved or declined.


At step 6, based on receiving an indication that the request was approved, the token provider computer 110 may generate a token for the payment data and maintain an association (e.g., a mapping) between the token and the payment card data in memory. In some embodiments, the token provider computer 110 may be configured to generate one or more cryptograms for the newly generated token. If so, the cryptogram(s) (e.g., multiple TAVVs) may also be associated with (e.g., mapped to) the token and the payment card data in memory. In some embodiments, the token provider computer 110 may generate one or more cryptograms as part of a separate request (e.g., in response to receiving a cryptogram request message).


At step 7, the token provider computer 110 may provide the token (and if cryptogram(s) were generated, the cryptogram(s)) to the secure server computer 108 (e.g., via a token response message).


In some embodiments, the secure server computer 108 can request one or more cryptograms via a separate request. For example, at step 8, the secure server computer 108 can transmit a cryptogram request message to the token provider computer 110. The cryptogram request message may be in any suitable form. In some embodiments, the cryptogram request message may utilize a particular predefined API specifically for requesting a list of cryptograms. In some embodiments, the cryptogram request message may include a token identifier for the token and/or a number of cryptograms requested. In some embodiments, if a number is not provided, the token provider computer 110 may default the request to one cryptogram being requested. The cryptogram request message may include a transaction type (e.g., an e-commerce transaction type to be used for transaction initiated online via a website, a recurring payment transaction type, a point-of-sale transaction type, etc.).


At step 9, the token provider computer may perform a process for generating one or more cryptograms (e.g., TAVVs). This process may be discussed further below in connection with FIG. 7.


At step 10, the token provider computer 110 may provide the one or more cryptograms to the secure server computer 108 via a cryptogram response message. In some embodiments, the cryptogram response message may include the token identifier, the token, a list of the one or more cryptograms, an e-commerce indicator, an error code, or any suitable combination of the above. In some embodiments, the token provider computer 110 may provide a cryptogram response message that includes an error code rather than the one or more cryptograms requested. By way of example, the token provider computer 110 may provide a cryptogram response message that indicate the token requestor (e.g., the secure server computer 108) is not authorized to use the particular API for requesting multiple cryptograms. As another example, the token provider computer 110 may provide a cryptogram response message that includes an error code that indicates the requested action is not allowed.



FIGS. 3-6 shows exemplary methods for authenticating a user, in accordance with at least one embodiment.



FIG. 3 shows an exemplary method 300 for authenticating a user with a one-time password after the process described in FIG. 2 has been completed, in accordance with at least one embodiment. In some embodiments, the user 102 may be authenticated using a one-time password after enrollment has occurred and a token has been generated (e.g., by the token provider computer 110).


At step 1, the token provider computer 110 may generate a one-time password. The one-time password may be associated with the user 102 (e.g., via a mapping maintained by the token provider computer 110 including, for example, an identifier for the user 102, the credential of the user (e.g., payment card data), the token generated for the credential, and the one-time password). The token provider computer 110 may be configured to maintain a record that indicates that the token is active (e.g., available for use) or inactive (e.g., unavailable for use) based on whether the user has been verified with a one-time password. If the user 102 has not been verified with a one-time password, the token may be inactive. If the user 102 has been verified with a one-time password, the token may be recorded as being active.


At step 2, the token provider computer 110 may transmit the one-time password to the authorizing entity computer 118. The authorizing entity computer 118 may be configured to maintain one or more contact data for the user 102. By way of example, the authorizing entity computer 118 may include a phone number (e.g., for SMS messaging) and/or an email address (e.g., for electronic mail).


At step 3, the authorizing entity may prompt the user (e.g., via the enrollment device 202) to indicate a preferred contact method (e.g., email, SMS messaging, etc.).


At step 4, the user 102 may select a preferred contact method (e.g., SMS messaging). As in FIG. 2, the enrollment device may be a user device associated with the user 102 or the auxiliary device 104 of FIG. 1, but generally the enrollment device 202 may be the device utilized by the user 102 to perform the enrollment process of FIG. 2.


At step 5, the selection may be transmitted back to the authorizing entity computer 118.


At step 6, the authorizing entity computer 118 may transmit the one-time password using the selected preferred contact method (e.g., SMS messaging). The one-time password may, for example, be transmitted via SMS message to the user device 302 using a phone number known to the authorizing entity computer 118 and associated with the user 102. It should be appreciated that, in some embodiments, the user device 302 may be the same device as the enrollment device 202.


At step 7, the user may enter the one-time password received at user device 302 into an interface provided at the enrollment device 202 (e.g., the auxiliary device 104). The input may be transmitted to the authorizing entity computer 118 at step 8 and forwarded to the token provider computer 110 at step 9. The token provider computer 110 may be configured to activate the token for use if the one-time password received at step 9 matches the one-time password generated at step 1.



FIG. 4 shows an exemplary method 400 for authenticating a user with a one-time password during a transaction, in accordance with at least one embodiment. In some embodiments, the user 102 may have performed the enrollment process described in FIG. 2 but has not yet authenticated himself using a one-time password as described in FIG. 3. In some embodiments, the user 102 may be prompted during a transaction for the one-time password. Thus, prior to performing the method 400, the secure server computer 108 may store a token corresponding to a credential (e.g., payment data) associated with the user 102.


At step 1, the user 102 can then authenticate to the auxiliary device 104. By way of example, the user 102 can enter (e.g., via a keyboard, touchpad, biometric reader, etc.) authentication data (e.g., a username and password, a PIN, biometric data, or any suitable data with which the user can be authenticated) into the auxiliary device 104.


At step 2, the auxiliary device 104 may initiate verification of the authentication data. In the example depicted, the auxiliary device 104 initiates verification by requesting verification be conducted by the secure server computer 108. In some embodiments, the auxiliary device 104 may request verification of the authentication data at the same time that the auxiliary device 104 requests a token and/or a cryptogram from the secure server computer 108. In some embodiments, the secure server computer 108 stores the token associated with the credential of the user 102. In some embodiments, the token is inactive. Verifying the authentication data received at the auxiliary device 104 may include comparing the received authentication data to previously stored authentication data associated with the user. If the received authentication data matches the previously stored data, the user may be authenticated by the secure server computer 108 and the process may continue to step 4. If the received data does not match the previously stored data, the user 102 may not be authenticated and access to the token and/or cryptogram may be denied (e.g., a message may be transmitted from the secure server computer 108 to the auxiliary device 104 indicating authentication failed and an indication may be presented at the auxiliary device 104).


At step 4, the secure server computer 108 may request (e.g., from the token provider computer 110) a cryptogram corresponding to the token stored at the secure server computer 108. A TAVV cryptogram can be one that accompanies a payment token in an authorization request message. In some embodiments, the TAVV may only be valid for a particular type of transaction channel (e.g., only e-commerce or only physical point of sale transactions). If the token is received during a transaction and the correct TAW does not accompany the token, then the transaction may be denied (e.g., by the processing network computer 116 operated by or on behalf of a processing network).


At step 5, the token provider computer 110 can determine that the token is in an inactive state and may generate a one-time passcode. The token provider computer 110 can provide the one-time password to the authorizing entity computer 118 at step 6.


At step 7, the authorizing entity computer 118 may transmit the one-time password using a previously selected preferred contact method (e.g., SMS messaging) or utilizing one or more contact methods (e.g., SMS messaging, email, etc.) based at least in part on contact data previously provided to the authorizing entity by the user 102. The one-time password may, for example, be transmitted via email message to an email address known to the authorizing entity computer 118 and associated with the user 102. The email message may be viewable from the user device 302.


At step 8, the user may enter the one-time password received at user device 302 into an interface provided at the auxiliary device 104. In some embodiments, the token provider computer 110 may transmit (e.g., in response to receiving the request at step 4) an indication to the secure server computer 108 that the user 102 has not been authenticated via a one-time password. In response to receiving this indication, the secure server computer 108 may cause the auxiliary device 104 to provide the interface. The input provided via the interface may be transmitted to the secure server computer 108 at step 9 and forwarded to the token provider computer 110 at step 10. The token provider computer 110 may be configured to activate the token for use if the one-time password received at step 10 matches the one-time password generated at step 5.


If the token is activated, the steps 11-22 may be performed. Steps 11-22 of FIG. 4 may correspond to steps 5-16 of FIG. 1 and will not be repeated here for brevity.



FIG. 5 shows an exemplary method 500 for authenticating a user with a one-time password, in accordance with at least one embodiment. In some embodiments, the user 102 may have performed the enrollment process described in FIG. 2, but has not yet authenticated himself using a one-time password. In some embodiments, a token may be generated as described in connection with FIG. 1. However, the token may be activated for limited use. By way of example, a number of limited use thresholds may be associated with the token by the token provider computer 110 such that the token may be activated for a time period or for a certain number of transactions (e.g., 1, 2, 5, etc.) before it is inactivated if the user has not been authenticated with a one-time password prior to expiration of the limited use thresholds.



FIG. 5 depicts a use case in which the one-time password is prompted by the partner and provided via an interface associated with the partner. The method 500 may be performed as part of the process of FIG. 1 (e.g., after the token is provided to the secure server computer 108 at step 5).


At step 1 of method 500, the secure server computer 108 may request a one-time password from the token provider computer 110.


At step 2, the token provider computer 110 may generate a one-time passcode. The token provider computer 110 can provide the one-time password to the authorizing entity computer 118 at step 3.


At step 4, the authorizing entity computer 118 may transmit the one-time password using a previously selected preferred contact method (e.g., SMS messaging) or utilizing one or more contact methods (e.g., SMS messaging, email, etc.) based at least in part on contact data previously provided to the authorizing entity by the user 102. The one-time password may, for example, be transmitted via SMS message to phone number known to the authorizing entity computer 118 and associated with the user 102. The SMS message may be viewable from the user device 402.


At step 6, the user may utilize the user device 402 (or another suitable computing device) to access an interface provided by the secure server computer 108 (e.g., a webpage interface hosted by the partner via the secure server computer 108 or another suitable web server computer). The user 102 may enter the one-time password received at user device 302 into an interface provided by the secure server computer 108. The input may be received by the secure server computer 108 via the interface.


At step 7, the secure server computer 108 may forward the input to the token provider computer 110.


At step 8, the token provider computer 110 may be configured to activate the token for use if the one-time password received at step 7 matches the one-time password generated at step 2.



FIG. 6 shows another exemplary method 600 for authenticating a user via an issuer application, in accordance with at least one embodiment. In some embodiments, the user 102 may have performed the enrollment process described in FIG. 2, but has not yet authenticated himself via an issuer application. In some embodiments, a token may be generated as described in connection with FIG. 1. However, the token may be activated for limited use. By way of example, a number of limited use thresholds may be associated with the token by the token provider computer 110 such that the token may be activate for a time period or for a certain number of transactions (e.g., 1, 2, 5, etc.) before it is inactivated if the user has not been authenticated via an issuer application prior to expiration of the limited use thresholds.



FIG. 6 depicts a use case in which authentication is prompted by the issuer and provided via an interface associated with the issuer. The method 600 may be performed as part of the process of FIG. 2 (e.g., after step 4 when an approval for generating a token is received by the authorizing entity computer 118) or at any suitable time.


At step 1, the authorizing entity computer 118 may transmit instructions to the user device 602 for performing authentication utilizing a one-time password. The instructions may be received by the user device 602 via a client application 604 executing on the user device 602 and hosted by the issuer.


At step 2, the user 102 may review instructions (e.g., from the authorizing entity computer 118) via an client application 604 associated with the issuer and operating at the user device 602. By way of example, the user 102 may receive a hyperlink and instructions to complete an authentication process via an interface of the client application 604. The instructions may detail that the user 102 is to login to his account via the client application 604.


At step 3, the user 102 may attempt to login to an account associated with the issuer utilizing the client application 604 by providing a credential (e.g., a username and password, a PIN, biometric data, or the like).


At step 4, the credential may be transmitted to the authorizing entity computer 118 (the computer hosting the client application 604). If the credential matches one stored by the issuer and associated with the user 102, the authorizing entity computer 118 may determine the user 102 is authenticated and the method 600 may proceed to step 5.


At step 5, the authorizing entity computer 118 may transmit an indication that the user 102 has been verified. This indication may be included in the message transmitted at step 5 of FIG. 2 in some embodiments. The token provider computer 110 may be configured to activate the token upon receiving the indication at step 5.



FIG. 7 shows an process flow diagram for an exemplary process 700 for generating multiple cryptograms, in accordance with at least one embodiment. The process depicted in FIG. 7 may be performed by the token provider computer 110 of FIG. 2.


The process 700 may begin at 702, where a cryptogram request may be received (e.g., via a cryptogram request message). By way of example, the token provider computer 110 may receive a cryptogram request message from a token requestor (e.g., the secure server computer 108 of FIG. 2).


At 704, the token provider computer 110 may obtain a profile associated with the token requestor. As a non-limiting example, a token requestor (e.g., a partner associated with the secure server computer 108) may have previously performed an enrollment process and/or entered into an agreement with the token provider associated with the token provider computer 110. The token provider computer 110 may be configured to store profile data for one or more token requestors that include data corresponding to that enrollment process and/or agreement. By way of example, the profile data may include data such as a number of cryptograms that are allowed to be requested by the token requestor in a given request (or a number of cryptograms allowed to be requested by the token requestor for a given token). In some embodiments, the partner may be an electronic wallet provider that provides an electronic wallet application at the auxiliary device 104 of FIG. 2 that is hosted by the secure server computer 108.


At 706, the token provider computer 110 may determine whether the token requestor may pre-fetch cryptograms (e.g., whether the token requestor is allowed to request multiple cryptograms for a given token and/or for a given request).


If the token requestor (e.g., the secure server computer 108) is not allowed to pre-fetch cryptograms (e.g., as indicated in the profile data associated with the secure server computer 108/the partner), the flow may proceed to 708, where an error code indicating the request is not allowed and the process 700 may end.


Alternatively, if the token requestor (e.g., the secure server computer 108) is not allowed to pre-fetch cryptograms (e.g., as indicated in the profile data associated with the secure server computer 108/the partner), the flow may proceed to 710. At 710, the token provider computer 110 may determine whether a number of requested cryptograms included in the cryptogram request message is less than a maximum number of cryptograms allowed for the token requestor (and/or for a single token).


If the number of cryptograms requested in the request is greater than or equal to the maximum number of cryptograms allowed for the token requestor (and/or for a single token) the flow may proceed to 712. At 712, the requested number of cryptograms may be set to the maximum number of cryptograms allowed and the flow may proceed to 714. If the number of cryptograms requested in the request is less than the maximum number of cryptograms allowed for the token requestor (and/or for a single token) the flow may proceed directly to 714.


At 714, the token provider computer 110 may obtain a cryptogram (e.g., generate a cryptogram such as a TAW) using any suitable cryptogram generation process.


At 716, the token provider computer 110 may add the obtained cryptogram to a list of cryptograms and the flow may proceed to 718.


At 718, the token provider computer 110 may be configured to determine whether the requested number of cryptograms have been obtained. If the requested number of cryptograms has been obtained, the flow may proceed to 720 where a cryptogram response message may be transmitted to the token requestor (e.g., the secure server computer 108). The cryptogram response message may include the list of cryptograms. If the requested number of cryptograms has not been obtained, the flow may proceed back to 714. Steps 714 through 718 may be repeated any suitable number of times corresponding to the number of cryptograms requested (or the number of cryptograms requested after 712).



FIG. 8 shows an exemplary system 800 (e.g., the system 100 of FIG. 1) and a process flow diagram for performing a biometric enrollment process, in accordance with at least one embodiment. In some embodiments, at least some portion of the process illustrated in FIG. 8 may be performed prior to the process depicted in FIG. 1.


At step 1, a user 102 may utilize a computing device 802 to provide biometric data (e.g., a fingerprint, a retina scan, an facial image, etc.). In some embodiments, the computing device 802 may be an example of a user device or an auxiliary device (e.g., the auxiliary device 104 of FIG. 1). The computing device 802 may include one or more input devices configured to receive biometric data. For example, the computing device 802 may include a biometric reader, a camera, a retina scanner, and/or the like. The computing device 802 may, in some cases, be provided by a partner (or a merchant) for interfacing with the partner's backend system (e.g., the secure server computer 108). As another example, the computing device 802 may be a user device of the user 102 and the computing device 802 may be utilized to access the partner's website (e.g., hosted by the secure server computer 108 or another suitable system) in order to provide biometric data.


According to various embodiments, the computing device 802 (e.g., the auxiliary device 104 of FIG. 1) may be a biometric capable device that meets the security, functional, and/or biometric capture requirements defined by one or more of a token provider, a processing network, and/or an issuer. Generally, the computing device 802 can be capable of capturing one or more of the biometric modalities (e.g. fingerprint, facial imprint, eye/retina scan, voice sample). The computing device 802 may also protect and transmit the captured biometric data to the secure server computer 108 (e.g., for storage) and the computing device 802 may protect cardholder data and payment credentials (PCI and PII). In addition, some embodiments may use an existing access device (e.g., a POS device) to process payment transaction. For such embodiments, the computing device 802 may include hardware capable of interacting with the existing access devices (NFC, QR Code, Magnetic stripe, etc.). Depending on the biometric modality or modalities, the hardware may also have additional sensors to detect the proximity of consumers in order to assist in determining whether, and which, consumer is intending to make a payment.


Systems discussed in connection with various embodiments may also include client applications (e.g. application software) developed to run on the computing device 802. During enrollment, the application may guide a user through the enrollment process and interact with the necessary biometric credential and payment credential repositories (e.g., the secure server computer 108). For example, the client application may instruct the user how to interact in order that sufficient biometric data for a modality is captured. For example, if using a fingerprint modality, the client application may instruct the consumer to roll a finger on the sensor or present the same finger multiple times and at multiple angles. The client application may further be configured to provide the necessary data to link the biometric to a payment credential. In some embodiments, the client application may be configured to complete all necessary identification and/or verification processes to authenticate the user 102.


At step 2, the computing device 802 may be utilized to provide the biometric data to the secure server computer 108. In some embodiments, the biometric data may be provided with a credential (e.g., a username/password, a PIN, etc.) associated with a previously existing user account. In some embodiments, the credential (e.g., payment card data) may be captured from a physical card (e.g., via NFC, a camera, a chip, a magstripe payment card, etc.) to be linked to the captured biometric data.


At step 3, the secure server computer 108 may create a user account (or access a previously existing user account with the credential provided) in response to receiving the biometric data. The biometric data may be stored at the secure server computer 108 and associated with the user 102 (e.g., via the user account managed by the secure server computer 108).


At step 4, the computing device 802 may be utilized by the user 102 to provide a payment data (e.g., an account identifier, a PAN, a credit card number, a debit card number, etc.) to the secure server computer 108. In some embodiments, the user account accessed at step 3 may already be associated with payment data. Thus, in some examples, step 4 would not necessarily be performed. It should also be appreciated that step 4 may, in some embodiments, be performed before step 2 and that the user account, if created, may be created response to receiving the credential. Thus, either the credential or the biometric data may be received first.


At step 5, the secure server computer 108 may submit a token request to a token provider computer 110 for a token (e.g., for a card on file token). The token request may be in any suitable form (e.g., a token request message).


At step 6, the token provider computer 110 may perform an eligibility check. By way of example, the token provider computer 110 may transmit a message (e.g., a token request message or any suitable message) to the authorizing entity computer 118 to check for the issuer's participation and/or to request tokenization. In some embodiments, the token provider computer 110 may request approval to generate the token from the authorizing entity computer 118 without performing identification and/or verification of the user 102. Accordingly, in some embodiments, the token provider computer 110 may rely on authentication efforts and/or an assertion that the user 102 has been authentication as provided by the secure server computer 108.


At step 7, the authorizing entity computer 118 may use the data received at step 6 to determine whether to approve or decline the request. The authorizing entity computer 118 may transmit a response (e.g., a token response message or any suitable message) to the token provider computer 110 indicating the request has been approved or declined.


At step 8, based on receiving an indication that the request was approved, the token provider computer 110 may generate a token for the payment data and maintain an association (e.g., a mapping) between the token, the payment card data, and the biometric data in memory.


In some embodiments, the token provider computer 110 may be configured to generate one or more cryptograms for the newly generated token. If so, the cryptogram(s) (e.g., multiple TAVVs) may also be associated with (e.g., mapped to) the token and the payment card data in memory. In some embodiments, the token provider computer 110 may generate one or more cryptograms as part of a separate request (e.g., in response to receiving a cryptogram request message).


At step 9, the token provider computer 110 may provide the token (and if cryptogram(s) were generated, the cryptogram(s)) to the secure server computer 108 (e.g., via a token response message). The token (and cryptogram(s)) may be stored at the secure server computer 108.


In some embodiments, the secure server computer 108 can request one or more cryptograms via a separate request. For example, operations corresponding to steps 8-10 of FIG. 2 may be performed to obtain one or more cryptograms corresponding to the token.



FIG. 8 merely shows one example biometric enrollment process. In the enrollment process described above, sufficient biometric data may be captured to be able to perform a near real-time identification and match of biometric data. While not necessarily performed on the same device as used to capture the biometric data, a key component of enrollment is the ability to verify the identity of the user 102. Thus, in some embodiments one or more of the secure server computer 108, the token provider computer 110, or the authorizing entity computer 118 may perform an identification and verification process with the user 102. Embodiments disclosed herein assure that there is a strong link between the cardholder, their biometric data, and their chosen credential(s).



FIG. 9 shows an exemplary system 900 (e.g., the system 100 of FIG. 1) and process flow diagram for performing a biometric enrollment process during a transaction, in accordance with at least one embodiment. In some embodiments, a partner (e.g., a merchant different from a merchant associated with the access device 112) may provide a computing device (e.g. auxiliary device 104) for the user 102 to use in order to utilize an existing payment credential (e.g., a payment credential such as a payment card previously provided via a website hosted by the partner and stored at the secure server computer 108) for payments in a physical store (e.g., a store operated by the merchant associated with the access device 112).


At step 1, the user 102 may provide a credential associated with a user account managed by the secure server computer 108. For example, the user 102 may enter a username and password, a PIN, or any suitable credential associated with the user account. Additionally, the user 102 may provide biometric data at a biometric device (e.g., a biometric scanner, a biometric reader, etc.) of the auxiliary device 104 (e.g., or a biometric device in communication with the auxiliary device 104). By way of example, the user 102 may provider his fingerprint via a fingerprint scanner of the auxiliary device 104. As another example, the user 102 may utilize a camera of the auxiliary device 104 to provide an image of his face.


At step 2, the auxiliary device 104 may transmit an enrollment request including the credential and the biometric data to the secure server computer 108 for enrollment. The credential and biometric data may be transmitted via any suitable message (e.g., an enrollment request message) of any suitable format.


At step 3, the secure server computer 108 may authenticate the user 102 by comparing the credential to previously stored credentials (e.g., credentials associated with the user's account and previously provided at a partner website). If the credentials provided do not match the previously stored credentials, the enrollment request may be denied and the user 102 may be notified (e.g., via the auxiliary device 104) that the enrollment failed. If the credentials received match the previously stored credentials, the secure server computer 108 may associate the biometric data with the user account and/or credentials.


Steps 4-16 of FIG. 9 substantially match steps 4-16 discussed in connection with FIG. 1 and will not be repeated here for brevity.



FIG. 10 shows a system 1000 (e.g., the system 100 of FIG. 1) and an exemplary process flow diagram for performing a transaction utilizing biometric data associated with a user, in accordance with at least one embodiments. In some embodiments, the user 102 may walk into a partner's store and initiate a transaction. For example, the user 102 may select a number of items and an agent of the partner may scan the items to obtain a total amount owed by the user 102 to the partner. The total amount may include a total price for the items plus any suitable taxes and/or fees. The process flow described in connection with FIG. 10 may be utilized by the user 102 to provide payment for the transaction.


At step 1, the user 102 may authenticate himself using biometric data provided at a biometric device (e.g., a biometric scanner, a biometric reader, etc.) of the auxiliary device 104 (e.g., or a biometric device in communication with the auxiliary device 104). By way of example, the user 102 may provider his fingerprint via a fingerprint scanner of the auxiliary device 104. As another example, the user 102 may utilize a camera of the auxiliary device 104 to provide an image of his face.


At step 2, the auxiliary device 104 may transmit a token request (e.g., a token request message) to request a token and a cryptogram (e.g., a TAW). In some embodiments, the token request may include the biometric data obtained at step 1. In some embodiments, the biometric data may be transmitted first to the secure server computer 108 via another message (e.g., a validation request message) prior to the transmission of the token request. In some embodiments, the biometric data may be authenticated prior to token operations. The biometric data may be transmitted via any suitable message format. In some embodiments, the biometric data may be provided in a request for a token transmitted to the secure server computer 108.


Although not depicted, it should be appreciated that, in some embodiments, the auxiliary device 104 may store biometric data of the user 102 previously provided to the secure server computer 108. If so, the auxiliary device 104 may authenticate the user 102 by comparing the received biometric data to the biometric data stored at the auxiliary device 104 and associated with the user 102. In these examples, the biometric data may not be sent to the secure server computer 108.


At step 3, the secure server computer 108 may authenticate the user 102 by comparing the received biometric data to previously stored biometric data. If the credentials provided do not match the previously stored credentials, the token request may be denied and the user 102 may be notified (e.g., via the auxiliary device 104) that the transaction failed. If the credentials received match the previously stored credentials, the process may proceed to step 4.


At step 4, the secure server computer 108 may transmit the token and a cryptogram (e.g., a TAVV) to the auxiliary device 104 in response to authenticating the biometric identity of the user 102.


Steps 5-14 of FIG. 9 substantially match steps 7-16 discussed in connection with FIG. 1 and will not be repeated here for brevity.



FIG. 11 shows an exemplary system 1100 and process flow diagram illustrating a limited-use key provisioning process, according to some embodiments. The computers of FIG. 11 may be examples of the corresponding computers of FIG. 1.


In some embodiments, the user 102 may walk into a partner's store and initiate a transaction. For example, the user 102 may select a number of items and an agent of the partner may scan the items to obtain a total amount owed by the user 102 to the partner. The total amount may include a total price for the items plus any suitable taxes and/or fees. The process flow described in connection with FIG. 10 may be utilized by the user 102 to provide payment for the transaction.


Steps 1-4 of FIG. 11 may correspond to steps 1-4 of FIG. 8. That is, a process for providing biometric data and a credential may be performed in order to create a user account and to generate and maintain a mapping between the user 102, the biometric data and the credential.


At step 5, the secure server computer 108 may be configured to generate an authorization request message that includes zero amount. The authorization may be transmitted to the transport computer 114.


At step 6, the transport computer 114 may transmit the zero amount authorization request message to the processing network computer 116.


At step 7, the processing network computer 116 may transmit the zero amount authorization request message to the authorizing entity computer 118. Upon receipt, the authorizing entity computer 118 may determine whether to approve or decline the authorization request message. In some embodiments, a zero amount authorization request message may be considered by the authorizing entity computer 118 to be an indication that the user has provided biometric data. The authorizing entity computer 118 may be configured to perform any suitable authentication of the user 102 based at least in part on the data provided in the authorization request message.


At step 8, the authorizing entity computer 118 may generate an authorization response message indicating that the request was approved or declined. The authorization response message may also include a zero amount. The authorizing entity computer 118 may transmit the authorization response message to the processing network computer 116.


At step 9, the processing network computer 116 may transmit the zero amount authorization response message to the transport computer 114.


At step 10, the transport computer 114 may transmit the zero amount authorization response message to the secure server computer 108. The secure server computer 108 may determine that the authorization response message indicates that the authorization request was authorized (e.g., indicating that the user 102 was authenticated).


At step 11, the secure server computer 108 may transmit a token request (e.g., via a token request message) to the token provider computer 110. In some embodiments, the token request message may indicate a particular type of data. For example, the token request message may indicate a request for a cryptographic key (e.g., a limited-use key).


At step 12, the token provider computer 110 may perform an eligibility check. By way of example, the token provider computer 110 may transmit a message (e.g., a token request message or any suitable message) to the authorizing entity computer 118 to check for the issuer's participation and/or to request tokenization. In some embodiments, the token provider computer 110 may request approval to generate the token (e.g., a cryptographic key such as a limited-use key) from the authorizing entity computer 118 without performing identification and/or verification of the user 102. Accordingly, in some embodiments, the token provider computer 110 may rely on authentication efforts and/or an assertion that the user 102 has been authentication as provided by the secure server computer 108.


At step 13, the authorizing entity computer 118 may use the data received at step 12 to determine whether to approve or decline the token request. The authorizing entity computer 118 may transmit a response (e.g., a token response message or any suitable message) to the token provider computer 110 indicating the request has been approved or declined.


If the request is approved, the token provider computer 110 may be configured to generate a limited-use key (LUK 1104) and a token (e.g., a token for the credential/payment data) at step 14. By way of example, in some embodiments, the token provider computer 110 may implement a set of key management functions that manages issuer master derivation keys (MDKs) from which the limited-use keys (LUKs) for cloud-based transactions are derived. In some embodiments, the token provider computer 110 may use a master derivation key (MDK) associated with issuer (e.g., the issuer associated with the authorizing entity computer 118) to generate the LUK 1104. In some embodiments, authorizing entity computer 118 may provide the token provider computer 110 with the issuer's MDK if the MDK is maintained or managed by authorizing entity computer 118, or authorizing entity computer 118 may generate the LUK 1104 and provide the token provider computer 110 with the LUK 1104. In either case, the LUK 1104 can be generated based on a key index (e.g., a counter) that acts as a seed for the generation of the LUK, and the key index can be shared between token provider computer 110 and the authorizing entity computer 118 to facilitate processing of transactions using the LUK. The token provider computer 110 (and/or the authorizing entity computer 118) may maintain and enforce a number of limited-use threshold that limit usage of the LUK 1104 (e.g., fora threshold time period, for a threshold number of transactions, etc.). In some embodiments, once the usage of the LUK 1104 has exhausted or exceeded the set of one or more limited-use thresholds, a further transaction conducted using that LUK 1104 will be declined even if the underlying account is still in good standing. The set of one or more limited-use thresholds to enforce can be determined, for example, by an issuer of the account (and provided in the token response message from the authorizing entity computer 118) or by the token provider computer 110.


The set of one or more limited-use thresholds may include at least one of a time-to-live indicating the duration of time for which the LUK 1104 is valid, a predetermined number of transactions for which the LUK 1104 is valid, and/or a cumulative transaction amount indicating the total transaction amount summed across one or more transactions for which the LUK 1104 is valid, or any combination thereof. For example, the LUK 1104 may be valid for a time-to-live of five days, and a transaction conducted using that LUK 1104 after five days have elapsed since the LUK 1104 was generated may be declined. As another example, a LUK 1104 may be valid fora predetermined number of five transactions, and a sixth transaction (and any subsequent transaction) conducted using that LUK 1104 may be declined. As a further example, a LUK 1104 may be valid for a cumulative transaction amount of five hundred dollars, and a transaction conducted using the LUK 1104 after that LUK 1104 has already been used for transactions totaling more than five hundred dollars may be declined.


It should be understood that the limited usage values described above are just examples, and that other usage limits can be used. For example, the number of transactions usage limit can be set to a number in the range of 2 to 10 transactions, or a number in the range of 5 to 50 transactions, etc., and the cumulative transaction amount can be set to a value in the range of $100 to $5,000, or a value in the range of $10 to $1000, etc.


It should also be noted that in some embodiments, the number of transactions limited-use threshold can be set to one transaction such each LUK 1104 is valid for only one transaction. However, in some embodiments, the network bandwidth available to a portable communication device may be limited, or the portable communication device may not always have uninterrupted network connectivity. As such, the number of transactions limited-use threshold can be set to more than one transaction (e.g., five transactions) in some embodiments, for example, to reduce the frequency and amount of LUK replenishments over time, and hence reduce the amount of network traffic used by the portable communication device over time.


In some embodiments, the set of one or more limited-use thresholds may also include an international usage threshold and a domestic usage threshold indicating separate limits for international transactions versus domestic transactions. For example, the number of transactions that a LUK (e.g., the LUK 1104) may be valid for can be higher for domestic transactions than for international transactions, if international transactions are deemed to be more risky. The set of one or more limited-use thresholds may also include a low value transaction threshold and a high value transaction threshold indicating separate limits for low value transactions versus high value transactions. For example, the number of transactions that a LUK may be valid for can be higher for low value transactions (e.g., LUK valid for ten transactions under $20) than for high value transactions (e.g., LUK valid for five transactions over $20) such that low value transactions will trigger replenishment of the LUK less frequently than high value transactions.


In some embodiments, the set of one or more limited-use thresholds associated with an account may change when the LUK is replenished such that a new LUK replacing a previous LUK may have one or more different usage limits than the previous LUK. This may occur, for example, based on changes in the consumer spending habits, the location of the portable communication device, or the time of the year, etc. For example, a new LUK may have a higher usage limit if the user has a recent pattern of conducting many high value transactions, or when it is during the holiday season when transaction activity is expected to increase. As another example, a new LUK may have a lower usage limit if the location of the portable communication device indicates that the user may have traveled to a high risk country where fraud is prevalent.


In embodiments in which a LUK (e.g., LUK 1104) is associated with more than one limited-use thresholds, the usage of the LUK (e.g., LUK 1104) can be exhausted when any one of the limited-use thresholds is exceeded, or when some combination of the limited-use thresholds is exceeded. Hence, replenishment of the LUK may be triggered when any one of the limited-use thresholds is exceeded or is about to be exceeded, or when some combination of the limited-use thresholds is exceeded or is about to be exceeded.


At step 15, the token provider computer 110 may transmit the LUK 1104, the corresponding key index, and the generated token to the secure server computer 108 where the LUK 1104 and token may be stored. The LUK 1104 may be utilized (e.g., by the auxiliary device 104 of FIG. 12 or the secure element device 1302 of FIG. 3) during a transaction to calculate a transaction cryptogram or limited-use dynamic data such as a verification value to support transactions that use verification values (e.g., dynamic card verification value (dCVV)).



FIG. 12 shows an exemplary system 1200 and process flow diagram illustrating use case in which an auxiliary device is used to emulate a user device (e.g., a payment card), according to some embodiments. The computers of FIG. 12 may be examples of the corresponding computers of FIG. 1.


Embodiments depicted in FIG. 12 may identify and prevent a skimming attempts between the auxiliary device 104 and the access device 112. In some embodiments, the messages exchanged between the auxiliary device 104 and the access device 112 may be similar to the messages exchanged between a payment card and the access device 112, such that the auxiliary device may emulate a payment card. The auxiliary device 104 may act as an entry point for a transaction (e.g. the auxiliary device 104 retrieves the LUK 1104 of FIG. 11 from the secure server computer 108, initiates the transaction with the access device 112, etc.). The pickpocketing/skimming risk may originate during the transmission of the credentials (e.g. payment data, card data, account data) from the partner standalone device (e.g. the auxiliary device 104) to the access device 112 using a skimming device. Embodiments may prohibit out of band key sharing with the partner (neither Merchant's key nor Issuer Key). Embodiments may also prohibit additional storage of any variable from the processing network side.


In some embodiments, the user 102 may walk into a partner's store and initiate a transaction. For example, the user 102 may select a number of items and an agent of the partner may scan the items to obtain a total amount owed by the user 102 to the partner. The total amount may include a total price for the items plus any suitable taxes and/or fees. The process flow described in connection with FIG. 10 may be utilized by the user 102 to provide payment for the transaction. In some embodiments, the auxiliary device 104 (or an application operating on the auxiliary device 104) may communicate with the access device 112 using card emulation APIs of an operating system of the auxiliary device 104. Thus, a transaction can be carried out without requiring the use of a secure element (although a secure element can be used as described in FIG. 13).


At step 1, the user 102 may authenticate himself using biometric data provided at a biometric device (e.g., a biometric scanner, a biometric reader, etc.) of the auxiliary device 104 (e.g., or a biometric device in communication with the auxiliary device 104). By way of example, the user 102 may provider his fingerprint via a fingerprint scanner of the auxiliary device 104. As another example, the user 102 may utilize a camera of the auxiliary device 104 to provide an image of his face.


At step 2, the auxiliary device 104 may transmit a token request (e.g., a token request message) to request data such as the token, the LUK 1104, and the key index associated with the LUK 1104. In some embodiments, the token request may include the biometric data obtained at step 1.


At step 3, the secure server computer 108 may authenticate the user 102 by comparing the received biometric data to previously stored biometric data. If the received biometric data does not match previously provided biometric data, the token request may be denied and the user 102 may be notified (e.g., via the auxiliary device 104) that the transaction has failed. If the biometric data matches previously stored biometric data the process may proceed to step 4.


At step 4, the secure server computer 108 may transmit the token, the LUK 1104, and the corresponding key index to the auxiliary device 104 in response to authenticating the biometric identity of the user 102.


At step 5, the auxiliary device 104 may utilize the LUK to calculate a cryptogram (also referred to as an “interaction cryptogram”) or limited-use dynamic data such as a verification value to support legacy transactions that use verification values (e.g., dynamic card verification value (dCVV)).


At step 6, the auxiliary device 104 transmit track-2 equivalent data and the cryptogram generated with the LUK to the access device 112. In some embodiments, the track-2 equivalent data may include an account identifier (e.g., the token), an expiry date, a service code, a PIN verification field, track-2 discretionary data, etc. In some embodiments, the LUK and the corresponding key index may be embedded in the track-2 discretionary data included in the authorization request message.


In some embodiments, the key index associated with the LUK may be the key index include information pertaining to the generation of the LUK as described herein. For example, the key index may be a seed that was used to generate the LUK, and may include time information (e.g., a timestamp) indicating when the LUK was generated, and/or may include a replenishment counter value indicating the number of times that the LUK has been renewed or replenished for a particular account, mobile application, or portable communication device. In some embodiments, the key index may include an application transaction counter value indicating the number of transactions that has been previously conducted by a mobile application of the portable communication device at the time the LUK is generated, or may include a pseudo random number generated by the token provider computer 110 or by a suitable entity such as an issuer involved in processing the transaction.


At step 7, the access device 112 may generate and send an authorization request message to the transport computer 114 operated by an acquirer. The authorization request message can include the track-2 equivalent data, the LUK, the key index, and the token.


At step 8, the transport computer 114 may transmit the authorization request message to the processing network computer 116.


At step 9, the processing network computer 116 may detokenize the token to obtain a real account identifier (e.g., a personal account number (PAN) associated with the token. In this regard, the processing network computer 116 may communicate with the token provider computer 110. For example, the processing network computer 116 may provide the token and the cryptogram to the token provider computer 110. The token provider computer 110 may verify that the token and the cryptogram are associated with one another. If so, the token provider computer 110 may respond with the real account identifier associated with the token and cryptogram.


At step 10, the processing network computer 116 may forward the authorization request message to the authorizing entity computer 118 (an issuer associated with the real account identifier. After authorizing entity computer 118 receives the authorization request message, the authorization request message may be parsed, and the information in the authorization request message may be verified. For example, authorizing entity computer 118 may verify that the transaction cryptogram was generated by a valid LUK, and that the set of one or more limited-use thresholds associated with the LUK has not been exceeded. In some embodiments, some or all of the information in the authorization request message can also be sent to the token provider computer 110 for verification and processing. For example, if authorizing entity computer 118 does not have the capability to verify the cryptogram, the processing network computer 116 and/or the authorizing entity computer 118 may forward the cryptogram to the token provider computer 110 for verification.


At step 11, the authorizing entity computer 118 can approve or decline the authorization request message and can transmit an authorization response message back to processing network computer 116.


At step 12, the processing network computer 116 may transmit the authorization response message to the transport computer 114.


At step 13, the transport computer 114 may transmit the authorization response message to the access device 112.


At step 14, the auxiliary device 104 can delete the token, the LUK 1104, the key index, and/or cryptogram from memory. It should be appreciated that this deletion can occur at any suitable time after performance of the operations of step 6. In some embodiments, the access device 112 can transmit an indication that the authorization response message of step 14 was received, which can cause the auxiliary device 104 to delete the token, the LUK 1104, the key index, and/or cryptogram from memory.



FIG. 13 shows an exemplary system 1300 and a process flow diagram illustrating a use case in which secure element device is used to perform a transaction, according to some embodiments. In some embodiments, a secure element device 1302 may be disposed between an auxiliary device 104 and an access device 112. In some embodiments, the secure element device 1302 may be configured to communicate with the auxiliary device 104 and/or the access device 112 via a short-range wireless communications protocol (e.g., Bluetooth®). The auxiliary device may provide the token and/or or any suitable data for generating a cryptogram to the secure element device. By way of example, a token, the LUK 1104, and a corresponding key index used to generate the LUK 1104 may be retrieved from the secure server computer 108 and provided to an auxiliary device 104. In some embodiments, the token, the LUK 1104, and the corresponding key index used to generate the LUK 1104 may be provided by the auxiliary device 104 to the secure element device 1302 where they may be stored (at least for a time). In some embodiments, the auxiliary device may further provide the secure element device 1302 additional transaction information (e.g., such as track-2 equivalent data). The secure element device 1302 may receive additional access device data (e.g., a terminal identifier, etc.). The remaining computers of FIG. 13 may be examples of the corresponding computers of FIG. 1.


Embodiments depicted in FIG. 13 may identify and prevent a skimming attempts between the secure element device 1302 and the access device 112. In some embodiments, the messages exchanged between the secure element device 1302 and the access device 112 may be similar to the messages exchanged between a payment card and the access device 112, such that the secure element device 1302 may emulate a payment card. The pickpocketing/skimming risk may originate during the transmission of data between the secure element device 1302 and the access device 112 using a skimming device.


In some embodiments, the user 102 may walk into a partner's store and initiate a transaction. For example, the user 102 may select a number of items and an agent of the partner may scan the items to obtain a total amount owed by the user 102 to the partner. The total amount may include a total price for the items plus any suitable taxes and/or fees. The process flow described in connection with FIG. 10 may be utilized by the user 102 to provide payment for the transaction.


At step 1, the user 102 may authenticate himself using biometric data provided at a biometric device (e.g., a biometric scanner, a biometric reader, etc.) of the auxiliary device 104 (e.g., or a biometric device in communication with the auxiliary device 104). By way of example, the user 102 may provider his fingerprint via a fingerprint scanner of the auxiliary device 104. As another example, the user 102 may utilize a camera of the auxiliary device 104 to provide an image of his face.


At step 2, the auxiliary device 104 may transmit a token request (e.g., a token request message) to request data such as the token, the LUK 1104, and the key index associated with the LUK 1104. In some embodiments, the token request may include the biometric data obtained at step 1.


At step 3, the secure server computer 108 may authenticate the user 102 by comparing the received biometric data to previously stored biometric data. If the received biometric data does not match previously provided biometric data, the token request may be denied and the user 102 may be notified (e.g., via the auxiliary device 104) that the transaction has failed. If the biometric data matches previously stored biometric data the process may proceed to step 4.


At step 4, the secure server computer 108 may transmit the token, the LUK 1104, and the corresponding key index to the auxiliary device 104 in response to authenticating the biometric identity of the user 102.


At step 5, the auxiliary device 104 may transmit the token, the LUK 1104, and the corresponding key index to the secure element device 1302.


At step 6, the secure element device 1302 may request and receive additional transaction data from the access device 112 (e.g., such as a terminal identifier, transaction data such as a total price, a merchant identifier, etc.).


At step 7, the secure element device 1302 may utilize the LUK 1104 to calculate a cryptogram (an interaction cryptogram) or limited-use dynamic data such as a verification value to support legacy transactions that use verification values (e.g., dynamic card verification value (dCVV)). The secure element device 1302 may transmit track-2 equivalent data and the cryptogram generated with the LUK 1104 to the access device 112. In some embodiments, the track-2 equivalent data may include an account identifier (e.g., the token), an expiry date, a service code, a PIN verification field, track-2 discretionary data, etc. In some embodiments, the LUK and the corresponding key index may be embedded in the track-2 discretionary data included in the authorization request message. In some embodiments, the key index associated with the LUK may be the key index include information pertaining to the generation of the LUK as described herein. For example, the key index may be a seed that was used to generate the LUK, and may include time information (e.g., a timestamp) indicating when the LUK was generated, and/or may include a replenishment counter value indicating the number of times that the LUK has been renewed or replenished for a particular account, mobile application, or portable communication device. In some embodiments, the key index may include an application transaction counter value indicating the number of transactions that has been previously conducted by a mobile application of the portable communication device at the time the LUK is generated, or may include a pseudo random number generated by the token provider computer 110 or by a suitable entity such as an issuer involved in processing the transaction.


At step 8, the secure element device 1302 may delete the token, the LUK 1104, and the key index from memory.


Steps 9-15 of FIG. 13 substantially match steps 7-13 of FIG. 12 and will not be repeated here for brevity.



FIG. 14 shows an exemplary system 1400 and process flow diagram for utilizing a single use value to generate a cryptogram, according to at least on embodiment. In some embodiments, a single use value (e.g., a cryptographic key that is derived differently from a limited-use key) may be utilized to generate a cryptogram (e.g., an authorization request cryptogram, also referred to as an “ARQC”). FIG. 14 depicts a process for generating a cryptogram to prevent a pickpocketing/skimming risk at the partner level for transaction processing. In the example depicted in FIG. 14, the user 102 is presumed to have previously performed a biometric (authentication data) enrollment process that has already linked authentication data (e.g., biometric data) to a credential (e.g., a payment account identifier) associated with the user 102. Additionally, the secure server computer 108 is presumed to have previously requested a token for the credential from the token provider computer 110. The token may already be stored at the secure server computer 108 prior to the process depicted in FIG. 14.


At step 1, a user 102 may utilize the auxiliary device 104 to provide authentication data (e.g., a username/password, PIN, biometric data such as a fingerprint, a retina scan, an facial image). In some embodiments, the auxiliary device 104 may include one or more input devices configured to receive the authentication data. For example, the auxiliary device 104 may include a biometric reader, a camera, a retina scanner, and/or the like. The auxiliary device 104 may, in some cases, be provided by a partner (or a merchant) for interfacing with the partner's backend system (e.g., the secure server computer 108).


According to various embodiments, the auxiliary device 104 may be a biometric capable device that meets the security, functional, and/or biometric capture requirements defined by one or more of a token provider, a processing network, and/or an issuer. Generally, the auxiliary device 104 can be capable of capturing one or more of the biometric modalities (e.g. fingerprint, facial imprint, eye/retina scan, voice sample). The auxiliary device 104 may also protect (e.g., encrypt) and transmit the captured biometric data to the secure server computer 108 (e.g., for storage) and the auxiliary device 104 may protect (e.g., encrypt) cardholder data and payment credentials (PCI and PII data). In addition, some embodiments may use an existing POS to process payment transaction. For such embodiments, the auxiliary device 104 may include hardware capable of interacting with an access device 112 using any suitable communications protocol. Depending on the biometric modality or modalities, the hardware may also have additional sensors to detect the proximity of consumers in order to assist in determining whether, and which, consumer is intending to make a payment. Systems discussed in connection with various embodiments may also include client applications (e.g. application software) developed to run on the auxiliary device 104.


At step 2, the auxiliary device 104 may be utilized (e.g., via the client application) to provide the authentication data (e.g., the biometric data) to the secure server computer 108. In some embodiments, the authentication data may be encrypted by the auxiliary device 104 and decrypted by the secure server computer 108 (e.g., using a shared secret, etc.).


At step 3, the secure server computer 108 compare the received authentication data (e.g., the biometric data) to previously stored authentication data (e.g., biometric data associated with the user 102). If the received authentication data matches previously stored authentication data associated with the user 102, the process may proceed to step 4. Otherwise, the user 102 may be notified (e.g., via the auxiliary device 104) that the authentication has failed.


At step 4, the secure server computer 108 may request payment data by calling the token provider computer 110 using a dedicated application programming interface (e.g., a GetPaymentData API). The token provider computer 110 may be configured to generate a transaction authentication verification value (TAW) and a single use value (SUV) (e.g., an encryption key, SUV 1402) based at least in part on receiving a request via the dedicated API. The token provider computer 110 (or another suitable component of system 1400) may derive SUV 1402 from a Unique Derivation Key (UDK) (e.g., associated with an issuer) and a transaction counter. In some embodiments, the token provider computer 110 may include, or be in communication with a hardware security module (HSM) (not depicted) within which the SUV may be derived.


At step 5, the token server 306 may send a TAW, a token expiry date associated with the token (e.g., the token already stored at the secure server computer 108), and the SUV to the secure server computer 108. The secure server computer 108 may store the TAVV and the SUV in memory for subsequent use.


At step 6, the secure server computer 108 sends the token, the TAW, a token expiry date, and SUV 1402 to the auxiliary device 104.


At step 7, the auxiliary device 104 may receive at least an unpredictable number from the access device 112. The unpredictable number may be received in command data of a particular message such as a GPO (Get Processing Options) command message.


At step 8, the auxiliary device 104 may compute a hash value of dynamic data (e.g., the unpredictable number and the SUV 1402) and transmit some portion of the hash value to the access device 112. In some embodiments, the auxiliary device 104 may compute the hash value by extracting the unpredictable number (UN) from the command data (e.g. the last 4 bytes of the command data). Once extracted, the unpredictable number may be concatenated with the SUV 1402. The concatenated value may be utilized as input into a hashing algorithm to generate a hash value. In some embodiments, the auxiliary device 104 may be configured to utilize only a portion of the calculated hash value as an authorization request cryptogram (ARQC). By way of example, the auxiliary device 104 may extract the leading 8 bytes of the hash value and utilize those 8 bytes as an ARQC. The auxiliary device 104 may transmit any suitable combination of the token, the transaction counter, the ARQC, the unpredictable number, and transaction data to the access device 112 at step 8.


At step 9, the access device 112 may generate an authorization request message including the token, the transaction counter, the ARQC, the unpredictable number, and transaction data. The access device 112 may transmit the authorization request message to the transport computer 114.


At step 10, the transport computer 114 may transmit the authorization request message including the ARQC and other information to the processing network computer 116. According to various embodiments, the token provider computer 110 and the processing network computer 116 may be managed by or integrated with a same entity (e.g., a payment processor).


At step 11, the processing network computer 116 may retrieve the SUV 1402 (e.g., from the token provider computer 110) and may compute the hash value in the manner described above in connection with step 8. In some embodiments, the processing network computer 116 may provide the transaction counter to the token provider computer 110. The token provider computer 110 may increment and store the counter such that the next single use value may be derived using a different counter value (thus ensuring uniqueness between single use values). The processing network computer 116 may compare a portion of the computed hash value (e.g., the computed ARQC) with the ARQC received in the authorization request message. If the values match, the process may proceed to step 12. Otherwise, the authorization request message may be declined. In some embodiments, the processing network computer 116 may perform a conversion from a first transaction data format to a second transaction data format as discussed above in connection with FIG. 1 prior to step 12.


At step 12, the processing network computer 116 may transmit the authorization request message to the authorizing entity computer 118.


At step 13, the authorizing entity computer 118 can approve or decline the authorization request message and can transmit an authorization response message back to processing network computer 116. The authorization response message may be in any suitable format (e.g., the second transaction data format).


At step 14, the processing network computer 116 may transmit the authorization response message to the transport computer 114. It should be appreciated that, in some embodiments, the processing network computer 116 may convert the authorization response message from a second transaction data format to a first transaction data format prior to the transmission.


At step 15, the transport computer 114 may transmit the authorization response message to the access device 112.


At step 16, the auxiliary device 104 can delete the token, the SUV 1402, the token expiry date, and/or the ARQC from memory. It should be appreciated that this deletion can occur at any suitable time after performance of the operations of step 8. In some embodiments, the access device 112 can transmit an indication that the authorization response message of step 15 was received, which can cause the auxiliary device 104 to delete this data from memory.


By utilizing the single use key and an unpredictable number from the access device 112 to derive unique ARQCs, the system 1400 can protect against replay and relay attacks.



FIG. 15 shows another exemplary system 1500 and process flow diagram for utilizing a single use value to generate a cryptogram, according to at least on embodiment. In the example depicted in FIG. 15, the user 102 is presumed to have previously performed a biometric (authentication data) enrollment process that has already linked authentication data (e.g., biometric data) to a credential (e.g., a payment account identifier) associated with the user 102. Additionally, the secure server computer 108 is presumed to have previously requested a token for the credential from the token provider computer 110. The token may already be stored at the secure server computer 108 prior to the process depicted in FIG. 15. Steps 1-3 of FIG. 15 are substantially similar to steps 1-3 of FIG. 14 and will not be repeated here for brevity.


At step 4, the secure server computer 108 (e.g. a backend server for the partner, the token requestor) sends a request (e.g., via a dedicated API, via a specific message such as an encryption key request message) to the token provider computer 110 requesting an encryption key. The request may include, among other things, the token associated with the credential of user 102 and an application transaction counter (ATC)). According to some embodiments, the secure server computer 108 may track the ATC as the credential is utilized for transaction over time.


At step 5, the token provider computer 110 may derive a single use key (SUK) (e.g., SUK 1502). In some embodiments, the SUK may be derived in a hardware security module (HSM) of the token provider computer 110 (not depicted). According to various embodiments, SUK 1502 may be derived from a Unique Derivation Key (UDK) associated with the issuer and the ATC provided by the secure server computer 108. The token provider computer 110 may transmit the SUK 1502 to the secure server computer 108 (e.g., via an encryption key response message). The secure server computer 108 may store the SUK 1502 for subsequent use. In some embodiments, the secure server computer 108 can pre-fetch SUKs ahead of time. For example, multiple SUKs can be obtained and stored at the secure server computer 108. The process for obtaining multiple SUKs may be substantially similar to the process for obtaining multiple cryptograms discussed in connection with FIG. 7.


At step 6, the auxiliary device 104 in communication with the access device 112 may send a request for payment details to the access device 112. The access device 112 may respond with an unpredictable number, among other terminal data (e.g., transaction amount), at step 7.


At step 8, the auxiliary device 104 may transmit the data received from the access device 112 to the secure server computer 108 to request a cryptogram from the secure server computer 108.


At step 9, the secure server computer 108 may generate a cryptogram (e.g., an ARQC), using the SUK 1502, the token, the ATC, and the unpredictable number in the manner described above in connection with FIG. 14. In some embodiments, an ARQC may be generated using the SUK 1502, the token, the ATC, the unpredictable number, and a transaction amount provided by the access device 112. The secure server computer 108 may return the cryptogram to the auxiliary device 104.


Steps 10-17 of FIG. 15 are substantially similar to steps 9-16 of FIG. 14 and will not be repeated here for brevity.


It should be appreciated that, in the examples provided in FIGS. 1-15, data transmitted between any two components (e.g., any suitable combination of computers or devices) may be encrypted using a using a transport key (e.g. a symmetric transport key or an asymmetric transport key). For example, the transmitter of the data may encrypt the data using a symmetric transport key and the receiver of the data may utilize the symmetric transport key to decrypt. It should be appreciated that different transport keys may be utilized between each pair of devices in communication with one another.



FIG. 16 shows an exemplary auxiliary device 1600, in accordance with at least one embodiment. Auxiliary device 1600 may be an example of the auxiliary device 104 of the figures above. The auxiliary device 1600 may comprise a processor 1600A, a network interface 1600B, a data store 1600C, input/output devices 1600D, and a computer readable medium 1600E.


The network interface 1600B may be any suitable interface that enables the auxiliary device 1600 to communicate with access devices, secure server computers, secure element devices, and the like.


In some embodiments, the input/output devices 1600D may include a keyboard, touchpad, mouse, printer, biometric device(s) (e.g., biometric reader, retina scanner, fingerprint scanner, etc.).


The computer readable medium 1600E may comprise a data processing module 1600F, an enrollment module 1600G, a transaction module 1600H, a cryptogram generation module 1600I, and an interface module 1600J, and any other suitable software module. The computer readable medium 1600E may also comprise code, executable by the processor 1600A for implementing any of functions described herein with respect to an auxiliary device.


The data processing module 1600F may comprise code that causes the processor 1600A to process data. By way of example, the data processing module 1600F may be configured to cause the processor 1600A to receive any suitable data. By way of example, the data processing module 1600F may be configured to receive any suitable authentication data (e.g., username/password, biometric data, one-time passwords, etc.). In some embodiments, the data processing module 1600F may comprise code that causes the processor 1600A to compare received authentication data to stored authentication data (e.g., authentication data store in data store 1600C or obtained by the data processing module 1600F from another source accessible to the secure server computer 1700).


The enrollment module 1600G may comprise code that causes the processor 1600A to perform any suitable operations associated with an auxiliary device and discussed above in the enrollment processes of FIGS. 2, 8, and 9, for example.


The transaction module 1600H may comprise code that causes the processor 1600A to perform transaction. For example, the transaction module 1600H may contain logic that causes the processor 1600A to request authentication of a user via authentication data received from user input. The transaction module 1600H may be able request a token and/or a cryptogram from a remote system (e.g., the secure server computer 108 of FIG. 1). The transaction module 1600H may include code that, when executed, causes the processor 1600A to call code associated with the cryptogram generation module 1600I. The transaction module 1600H may include code that causes the processor 1600A to transmit data to a secure server computer, an access device, or a secure element device. In some embodiments, the transaction module 1600H may be configured to cause the processor 1600A to exchange data with an access device in a similar manner as a payment card. In some embodiments, the transaction module 1600H may be configured to cause the processor 1600A to transmit and/or receive data to/from a secure server computer and/or an access device.


In some embodiments, the cryptogram generation module 1600I may be configured to cause the processor 1600A to receive a limited-use key and/or a single key (e.g., from a secure server computer). The cryptogram generation module 1600I may be configured with code that may cause the processor 1600A to generate one or more cryptograms (e.g., an interaction cryptogram, an ARQC, etc.) utilizing at least a limited-use key or a single use key. For example, the cryptogram generation module 1600I may cause the processor 1600A to generate a cryptogram according to the methods discussed above in connection with FIGS. 12 and 14.


In some embodiments, the interface module 1600J may comprise code that causes the processor 1600A to provide one or more interfaces associated with the functions described above in connection with an auxiliary. By way of example, the interface module 1600J may provide interfaces for providing authentication data (e.g., a credential such as payment data, a one-time password, biometric data, or other suitable user input for enrollment or authentication purposes). The interface module 1600J may cause the processor 1600A to provide any suitable interface to enable the processor 1600A to perform the functions described above in connection with the FIGS. 1-15.



FIG. 17 shows an exemplary secure server computer, in accordance with at least one embodiment. Secure server computer 1700 may be an example of the secure server computer 108 of the figures above. The secure server computer 1700 may comprise a processor 1700A, a network interface 1700B, a data store 1700C, and a computer readable medium 1700E.


The data store 1700C may be configured to store one or more tokens, cryptograms, cryptographic keys (e.g., a limited-use key, a single use value, etc.), user account data, biometric data, authentication data, or any suitable data for performing the functions described above in connection with FIGS. 1-16.


The computer readable medium 1700E may comprise a data processing module 1700F, an enrollment module 1700G, a transaction module 1700H, a cryptogram generation module 1700I, and an interface module 1700J, and any other suitable software module. The computer readable medium 1700E may also comprise code, executable by the processor 1700A for implementing any of functions described herein with respect to a secure server computer.


The network interface 1700B may be any suitable interface that enables the secure server computer 1700 to communicate with auxiliary devices, token provider computers, and the like.


The data processing module 1700F may comprise code that causes the processor 1700A to process data. By way of example, the data processing module 1700F may be configured to cause the processor 1700A to receive any suitable data. By way of example, the data processing module 1700F may be configured to receive any suitable authentication data (e.g., username/password, biometric data, one-time passwords, etc.). In some embodiments, the data processing module 1700F may comprise code that causes the processor 1700A to compare received authentication data to stored authentication data (e.g., authentication data store in data store 1700C or obtained by the data processing module 1700F from another source accessible to the secure server computer 1700).


The enrollment module 1700G may comprise code that causes the processor 1600A to perform any suitable operations associated with a secure server computer and discussed above in the enrollment processes of FIGS. 2, 8, and 9, for example.


The transaction module 1700H may comprise code that causes the processor 1700A to perform transaction. For example, the transaction module 1700H may contain logic that causes the processor 1700A to request a token and/or a cryptogram from a remote system (e.g., the secure server computer 108 of FIG. 1). The transaction module 1700H may include code that, when executed, causes the processor 1700A to call code associated with the cryptogram generation module 1700I. In some embodiments, the transaction module 1700H may be configured to cause the processor 1700A to transmit and/or receive data to/from an auxiliary device and/or a token provider computer.


In some embodiments, the cryptogram generation module 1600I may be configured to cause the processor 1700A to receive a limited-use key and/or a single key (e.g., from a secure server computer). The cryptogram generation module 1600I may be configured with code that may cause the processor 1700A to generate one or more cryptograms (e.g., an interaction cryptogram, an ARQC, etc.) utilizing at least a limited-use key or a single use key. For example, the cryptogram generation module 1700I may cause the processor 1700A to generate a cryptogram according to the methods discussed above in connection with FIGS. 12 and 15.


In some embodiments, the interface module 1700J may comprise code that causes the processor 1700A to provide one or more interfaces associated with the functions described above in connection with a secure server computer. By way of example, the interface module 1700J may provide interfaces associated with an online website associated with a partner (e.g., an electronic marketplace provider, a merchant, etc.). These interfaces may enable the user to enter user account data (e.g., authentication data, payment data, etc.). The user account data may be stored in the data store 1700C for subsequent use (e.g., for authentication purposes, to retrieve payment data, etc.).



FIG. 18 shows an exemplary secure element device, in accordance with at least one embodiment. Secure element device 1800 may be an example of the secure element device 1302 of FIG. 13. The secure element device 1800 may comprise a processor 1800A, a network interface 1800B, a secure data store 1800C, and a computer readable medium 1800E.


The secure data store 1800C may be configured to store one or more tokens, cryptograms, cryptographic keys (e.g., a limited-use key, a single use value, etc.), transaction data, access device data, or any suitable data for performing the functions described above in connection with FIG. 13. Generally, any data for generating any cryptogram discussed above may be stored in the secure data store 1800C. Data stored in the secure data store 1800C may be encrypted or otherwise protected such that only the processor 1800A and/or the components of the secure element device 1800 may access the stored data.


The computer readable medium 1800E may comprise a data processing module 1800F and a cryptogram generation module 1800G, and any other suitable software module. The computer readable medium 1800E may also comprise code, executable by the processor 1800A for implementing any of functions described herein with respect to a secure element device.


The network interface 1800B may be any suitable interface that enables the secure element device 1800 to communicate with auxiliary devices, access devices, and the like.


The data processing module 1800F may comprise code that causes the processor 1800A to process data. By way of example, the data processing module 1800F may be configured to cause the processor 1800A to receive any suitable data such as transaction data, token data (e.g., a token, a token expiry date, etc.), one or more cryptographic keys (e.g., a limited-use key, a single use key, etc.). In some embodiments, the data processing module 1800F may comprise code that causes the processor 1800A to store the received data in the secure data store 1800C.


In some embodiments, the cryptogram generation module 1800G may be configured to cause the processor 1800A to receive a limited-use key and/or a single key (e.g., from an auxiliary device). The cryptogram generation module 1800G may be configured with code that may cause the processor 1800A to generate one or more cryptograms (e.g., an interaction cryptogram, an ARQC, etc.) utilizing at least a limited-use key or a single use key. For example, the cryptogram generation module 1800G may cause the processor 1800A to generate a cryptogram according to the methods discussed above in connection with FIGS. 12 and 15. In some embodiments, the generated cryptogram may be transmitted to an auxiliary device and/or an access device.


TECHNICAL ADVANTAGES

As provided above, a consumer may conduct a transaction using their credentials stored on the partner server (e.g., a secure server computer) by merely presenting their authentication data at a physical location (e.g., via an auxiliary device). For example, biometrics, and specifically biometrics that are not matched on the consumer's device, may provide a mechanism for a true seamless and potentially frictionless (in the case of modalities that do not require physical contact) interaction at a point of sale. Payment can occur without any need for a card, phone, wearable, or any other consumer device as long as the point of interaction is able to recognize the consumer and retrieve a credential that can be linked to that consumer. Embodiments discussed herein for match-in-cloud biometric solutions aids device manufacturers, software developers, payment service providers, merchants, and acquirers in providing a reliable, convenient, secure payment experience.


As discussed above, physical user device are often needed to conduct transaction at access device, but the need to carry a physical user device to access a resource at an access device can be cumbersome. Utilizing the techniques provided herein, a transaction may be conducted without the need of a physical user device, utilizing the systems discussed herein.


Furthermore, embodiments provide that existing legacy access devices may be utilized for transactions despite these devices lacking the capability of conducting transactions using token or credentials that originate from a source other than a user device. By utilizing the techniques disclosed herein, these legacy access devices can be used to perform a greater number of different types of transactions than would otherwise be available.


The techniques disclosed herein provide for a number of efficiency advantages. By way of example, traditionally, authentication requests and requests for tokens may be conducted utilizing processes and initiated using separate messages. Embodiments provide efficiency benefits by initiating both authentication and token procurement utilizing a single message. As another efficiency example, the ability to pre-fetch a number of cryptograms and stored those cryptograms for subsequent use enables transactions to be conducted quicker as a separate token request for each token would no longer be required. By utilizing previously obtained tokens stored at the secure server computer, each subsequent transaction may be performed in less time by retrieving the token from the secure server computer rather than requesting a new token upon each transaction.


Any of the computing devices described herein may be an example of a computer system that may be used to implement any of the entities or components described above. The subsystems of such a computer system may be are interconnected via a system bus. Additional subsystems include a printer, keyboard, storage device, and monitor, which is coupled to display adapter. Peripherals and input/output (I/O) devices, which couple to I/O controller, can be connected to the computer system by any number of means known in the art, such as a serial port. For example, I/O port or external interface can be used to connect the computer apparatus to a wide area network such as the Internet, a mouse input device, or a scanner. The interconnection via system bus may allow the central processor to communicate with each subsystem and to control the execution of instructions from system memory or the storage device, as well as the exchange of information between subsystems. The system memory and/or the storage device may embody a computer-readable medium.


As described, the inventive service may involve implementing one or more functions, processes, operations or method steps. In some embodiments, the functions, processes, operations or method steps may be implemented as a result of the execution of a set of instructions or software code by a suitably-programmed computing device, microprocessor, data processor, or the like. The set of instructions or software code may be stored in a memory or other form of data storage element which is accessed by the computing device, microprocessor, etc. In other embodiments, the functions, processes, operations or method steps may be implemented by firmware or a dedicated processor, integrated circuit, etc.


Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C++ or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a computer readable medium, such as a random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer readable medium may reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.


The above description is illustrative and is not restrictive. Many variations of the invention may become apparent to those skilled in the art upon review of the disclosure. The scope of the invention can, therefore, be determined not with reference to the above description, but instead can be determined with reference to the pending claims along with their full scope or equivalents.


One or more features from any embodiment may be combined with one or more features of any other embodiment without departing from the scope of the invention.


A recitation of “a”, “an” or “the” is intended to mean “one or more” unless specifically indicated to the contrary.


All patents, patent applications, publications, and descriptions mentioned above are herein incorporated by reference in their entirety for all purposes. None is admitted to be prior art.

Claims
  • 1. A method, comprising: receiving, by an auxiliary device in communication with an access device, authentication data from a user;initiating, by the auxiliary device, verifying the authentication data;requesting, by the auxiliary device, a token from a secure server computer, wherein the token is a payment token;receiving, by the auxiliary device, the token and a transaction authentication verification value; andproviding, by the auxiliary device, the token and the transaction authentication verification value to the access device, wherein the access device subsequently generates an authorization request message, wherein the authorization request message is a payment authorization request message, and wherein the method further comprises:receiving, by the auxiliary device from the secure server computer, an indication that the user has yet to be authenticated according to a supplementary authentication scheme;prompting, by the auxiliary device, the user for user input;receiving, by the auxiliary device, subsequent user input; andtransmitting, by the auxiliary device, the subsequent user input to the secure server computer, wherein the secure server computer transmits the subsequent user input to a token provider computer, wherein the token provider computer is programmed to activate the token based at least in part on determining that the user has been authenticated according to the supplementary authentication scheme.
  • 2. The method of claim 1, wherein requesting the token from the secure server computer causes the secure server computer to: generate a request for the token from the token provider computer, wherein the token provider computer generates a one-time password and provides the one-time password to an authorizing entity computer, which then provides the one-time password to a client device.
  • 3. The method of claim 2, wherein the token provider computer activates the token in response to receiving, from the authorizing entity computer, an indication the user has been authenticated using the one-time password.
  • 4. The method of claim 2, wherein the token provider computer activates the token based at least in part on determining that the subsequent user input matches the one-time password.
  • 5. The method of claim 2, wherein the auxiliary device provides the token and the transaction authentication verification value to the access device in response to receiving an indication from the secure server computer that the user has been authenticated using the one-time password.
  • 6. The method of claim 1, wherein requesting the token from the secure server computer causes the secure server computer to: generate a request for a plurality of cryptograms for transactions involving tokens;transmit the request to the token provider computer;receive the plurality of cryptograms; andstore the plurality of cryptograms.
  • 7. The method of claim 1, wherein the authentication data is biometric data of the user, and wherein verifying the authentication data comprises: transmitting, by the auxiliary device, the biometric data to the secure server computer; andreceiving, by the auxiliary device, an indication that the biometric data was verified by the secure server computer, wherein the auxiliary device generates the authorization request message based at least in part on receiving the indication that the biometric data was verified by the secure server computer.
  • 8. The method of claim 1, wherein the authorization request message is generated in a first data format, wherein the access device transmits the authorization request message to a processing network computer, the processing network computer converting the authorization request message from the first data format to a second data format.
  • 9. The method of claim 1, wherein the access device is a POS system.
  • 10. A method, comprising: receiving, by an auxiliary device in communication with an access device, authentication data from a user;initiating, by the auxiliary device, verifying the authentication data;requesting, by the auxiliary device, a token from a secure server computer, wherein the token is a payment token;receiving, by the auxiliary device, the token and a transaction authentication verification value; andproviding, by the auxiliary device, the token and the transaction authentication verification value to the access device, wherein the access device subsequently generates an authorization request message, wherein the authorization request message is a payment authorization request message, wherein the method further comprises:receiving, by the auxiliary device from the secure server computer, a single use value, the secure server computer receiving the single use value from a token provider computer;receiving, by the auxiliary device, an unpredictable value from the access device,generating, by the auxiliary device, an authorization request cryptogram using the unpredictable value and the single use value, andtransmitting, by the auxiliary device, the authorization request cryptogram to the access device, wherein the access device generates the authorization request message to comprise the authorization request cryptogram and transmits the authorization request message to a payment processing network through an acquirer computer, wherein the payment processing network obtains the single use value from the token provider computer, computes a new cryptogram using the unpredictable value and the single use value, and processes the authorization request message if the new cryptogram matches the authorization request cryptogram.
  • 11. An auxiliary device in communication with an access device, the auxiliary device comprising: a processor; anda computer readable medium coupled to the processor, the computer readable medium comprising code executable by the processor to cause the auxiliary device to: receive authentication data associated with a user;verify the authentication data;request a token from a secure server computer, wherein the token is a payment token;receive the token from the secure server computer;obtain a verification value for the token; andprovide the token and the verification value to the access device, wherein the access device generates an authorization request message, wherein the authorization request message is a payment authorization request message, and wherein the computer readable medium further comprises code executable by the processor to:receive, from the secure server computer, an indication that the user has yet to be authenticated according to a supplementary authentication scheme;prompt the user for user input;receive subsequent user input; andtransmit the subsequent user input to the secure server computer, wherein the secure server computer is programmed to transmit the subsequent user input to a token provider computer, which is programmed to activate the token based at least in part on determining that the user has been authenticated according to the supplementary authentication scheme.
  • 12. The auxiliary device of claim 11, wherein the computer readable medium further comprises code, executable by the processor to further cause the auxiliary device to receive, with the token, a cryptogram of a plurality of cryptograms stored at the secure server computer, the plurality of cryptograms being requested and stored at the secure server computer in response to receiving the request for the token.
  • 13. The auxiliary device of claim 11, wherein the computer readable medium further comprises code, executable by the processor to further cause the auxiliary device to provide payment credentials from the secure server computer, wherein the auxiliary device provides the payment credentials to the access device with the token and the verification value.
  • 14. The auxiliary device of claim 11, wherein the computer readable medium further comprises code, executable by the processor to further cause the auxiliary device to: identify that a one-time password authentication process is required;prompt the user for a one-time password, the one-time password being communicated to the user utilizing a user device associated with the user; andauthenticate the user based at least in part on the one-time password.
  • 15. The auxiliary device of claim 14, wherein the token is limited for use in a threshold number of transactions until the user is authenticated with the one-time password.
  • 16. The auxiliary device of claim 11, wherein the computer readable medium further comprises code, executable by the processor to further cause the auxiliary device to: obtain, from the secure server computer, a cryptographic key;receive, from the access device, terminal data comprising an amount and an identifier; andencrypt, by the auxiliary device, the terminal data utilizing the cryptographic key to generate an interaction cryptogram.
  • 17. The auxiliary device of claim 16, wherein the interaction cryptogram is included in the authorization request message.
  • 18. The auxiliary device of claim 16, wherein the cryptographic key is a limited use key.
  • 19. The auxiliary device of claim 16, wherein the authorization request message is authorized based at least in part on verifying, by a remote server, the interaction cryptogram.
  • 20. The auxiliary device of claim 16, wherein the verification value is a transaction authentication verification value.
CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a National Stage of International Application No. PCT/US2019/055233, filed Oct. 8, 2019, which claims priority to U.S. Patent Application No. 62/742,818, filed on Oct. 8, 2018, U.S. Patent Application No. 62/813,686, filed Mar. 4, 2019, and U.S. Patent Application No. 62/816,752, filed Mar. 11, 2019, the disclosures of which are herein incorporated by reference in their entirety for all purposes.

PCT Information
Filing Document Filing Date Country Kind
PCT/US2019/055233 10/8/2019 WO
Publishing Document Publishing Date Country Kind
WO2020/076854 4/16/2020 WO A
US Referenced Citations (643)
Number Name Date Kind
5280527 Gullman Jan 1994 A
5613012 Hoffman Mar 1997 A
5781438 Lee Jul 1998 A
5883810 Franklin Mar 1999 A
5930767 Reber Jul 1999 A
5953710 Fleming Sep 1999 A
5956699 Wong Sep 1999 A
6000832 Franklin Dec 1999 A
6014635 Harris Jan 2000 A
6044360 Picciallo Mar 2000 A
6163771 Walker Dec 2000 A
6227447 Campisano May 2001 B1
6236981 Hill May 2001 B1
6267292 Walker Jul 2001 B1
6327578 Linehan Dec 2001 B1
6341724 Campisano Jan 2002 B2
6385596 Wiser May 2002 B1
6422462 Cohen Jul 2002 B1
6425523 Shem Jul 2002 B1
6453301 Niwa Sep 2002 B1
6592044 Wong Jul 2003 B1
6636833 Flitcroft Oct 2003 B1
6748367 Lee Jun 2004 B1
6805287 Bishop Oct 2004 B2
6879965 Fung Apr 2005 B2
6891953 DeMello May 2005 B1
6901387 Wells May 2005 B2
6931382 Laage Aug 2005 B2
6938019 Uzo Aug 2005 B1
6941285 Sarcanin Sep 2005 B2
6980670 Hoffman Dec 2005 B1
6990470 Hogan Jan 2006 B2
6991157 Bishop Jan 2006 B2
7051929 Li May 2006 B2
7069249 Stolfo Jun 2006 B2
7103576 Mann, III Sep 2006 B2
7113930 Eccles Sep 2006 B2
7136835 Flitcroft Nov 2006 B1
7177835 Walker Feb 2007 B1
7177848 Hogan Feb 2007 B2
7194437 Britto Mar 2007 B1
7209561 Shankar et al. Apr 2007 B1
7264154 Harris Sep 2007 B2
7287692 Patel Oct 2007 B1
7292999 Hobson Nov 2007 B2
7350230 Forrest Mar 2008 B2
7353382 Labrou Apr 2008 B2
7379919 Hogan May 2008 B2
RE40444 Linehan Jul 2008 E
7415443 Hobson Aug 2008 B2
7444676 Asghari-Kamrani Oct 2008 B1
7469151 Khan Dec 2008 B2
7548889 Bhambri Jun 2009 B2
7567934 Flitcroft Jul 2009 B2
7567936 Peckover Jul 2009 B1
7571139 Giordano Aug 2009 B1
7571142 Flitcroft Aug 2009 B1
7580898 Brown Aug 2009 B2
7584153 Brown Sep 2009 B2
7593896 Flitcroft Sep 2009 B1
7606560 Labrou Oct 2009 B2
7627531 Breck Dec 2009 B2
7627895 Gifford Dec 2009 B2
7650314 Saunders Jan 2010 B1
7685037 Reiners Mar 2010 B2
7702578 Fung Apr 2010 B2
7707120 Dominguez Apr 2010 B2
7712655 Wong May 2010 B2
7734527 Uzo Jun 2010 B2
7753265 Harris Jul 2010 B2
7770789 Oder, II Aug 2010 B2
7784685 Hopkins, III Aug 2010 B1
7793851 Mullen Sep 2010 B2
7801826 Labrou Sep 2010 B2
7805376 Smith Sep 2010 B2
7805378 Berardi Sep 2010 B2
7818264 Hammad Oct 2010 B2
7828220 Mullen Nov 2010 B2
7835960 Breck Nov 2010 B2
7841523 Oder, II Nov 2010 B2
7841539 Hewton Nov 2010 B2
7844550 Walker Nov 2010 B2
7848980 Carlson Dec 2010 B2
7849020 Johnson Dec 2010 B2
7853529 Walker Dec 2010 B1
7853995 Chow Dec 2010 B2
7865414 Fung Jan 2011 B2
7873579 Hobson Jan 2011 B2
7873580 Hobson Jan 2011 B2
7890393 Talbert Feb 2011 B2
7891563 Oder, II Feb 2011 B2
7896238 Fein Mar 2011 B2
7908216 Davis et al. Mar 2011 B1
7922082 Muscato Apr 2011 B2
7931195 Mullen Apr 2011 B2
7937324 Patterson May 2011 B2
7938318 Fein May 2011 B2
7954705 Mullen Jun 2011 B2
7959076 Hopkins, III Jun 2011 B1
7996288 Stolfo Aug 2011 B1
8025223 Saunders Sep 2011 B2
8046256 Chien Oct 2011 B2
8060448 Jones Nov 2011 B2
8060449 Zhu Nov 2011 B1
8074877 Mullen Dec 2011 B2
8074879 Harris Dec 2011 B2
8082210 Hansen Dec 2011 B2
8095113 Kean Jan 2012 B2
8104679 Brown Jan 2012 B2
RE43157 Bishop Feb 2012 E
8109436 Hopkins, III Feb 2012 B1
8121942 Carlson Feb 2012 B2
8121956 Carlson Feb 2012 B2
8126449 Beenau Feb 2012 B2
8132723 Hogg et al. Mar 2012 B2
8171525 Pelly May 2012 B1
8175973 Davis et al. May 2012 B2
8190523 Patterson May 2012 B2
8196813 Vadhri Jun 2012 B2
8205791 Randazza Jun 2012 B2
8219489 Patterson Jul 2012 B2
8224702 Mengerink Jul 2012 B2
8225385 Chow Jul 2012 B2
8229852 Carlson Jul 2012 B2
8265993 Chien Sep 2012 B2
8280777 Mengerink Oct 2012 B2
8281991 Wentker et al. Oct 2012 B2
8328095 Oder, II Dec 2012 B2
8336088 Raj et al. Dec 2012 B2
8346666 Lindelsee et al. Jan 2013 B2
8376225 Hopkins, III Feb 2013 B1
8380177 Laracey Feb 2013 B2
8387873 Saunders Mar 2013 B2
8401539 Beenau Mar 2013 B2
8401898 Chien Mar 2013 B2
8402555 Grecia Mar 2013 B2
8403211 Brooks Mar 2013 B2
8412623 Moon Apr 2013 B2
8412837 Emigh Apr 2013 B1
8417642 Oren Apr 2013 B2
8447699 Batada May 2013 B2
8453223 Svigals May 2013 B2
8453925 Fisher Jun 2013 B2
8458487 Palgon Jun 2013 B1
8484134 Hobson Jul 2013 B2
8485437 Mullen Jul 2013 B2
8494959 Hathaway Jul 2013 B2
8498908 Mengerink Jul 2013 B2
8504475 Brand et al. Aug 2013 B2
8504478 Saunders Aug 2013 B2
8510816 Quach Aug 2013 B2
8528067 Hurry et al. Sep 2013 B2
8533116 Davis et al. Sep 2013 B2
8533860 Grecia Sep 2013 B1
8538845 Liberty Sep 2013 B2
8555079 Shablygin Oct 2013 B2
8566168 Bierbaum Oct 2013 B1
8567670 Stanfield Oct 2013 B2
8571939 Lindsey Oct 2013 B2
8577336 Mechaley, Jr. Nov 2013 B2
8577803 Chatterjee Nov 2013 B2
8577813 Weiss Nov 2013 B2
8578176 Mattsson Nov 2013 B2
8583494 Fisher Nov 2013 B2
8584251 Mcguire Nov 2013 B2
8589237 Fisher Nov 2013 B2
8589271 Evans Nov 2013 B2
8589291 Carlson Nov 2013 B2
8595098 Starai Nov 2013 B2
8595812 Bomar Nov 2013 B2
8595850 Spies Nov 2013 B2
8606638 Dragt Dec 2013 B2
8606700 Carlson Dec 2013 B2
8606720 Baker Dec 2013 B1
8615468 Varadarajan Dec 2013 B2
8620754 Fisher Dec 2013 B2
8635157 Smith Jan 2014 B2
8646059 Von Behren Feb 2014 B1
8651374 Brabson Feb 2014 B2
8656180 Shablygin Feb 2014 B2
8751391 Freund Jun 2014 B2
8751642 Vargas Jun 2014 B2
8762263 Gauthier et al. Jun 2014 B2
8793186 Patterson Jul 2014 B2
8838982 Carlson et al. Sep 2014 B2
8856539 Weiss Oct 2014 B2
8887308 Grecia Nov 2014 B2
8924297 Kumnick et al. Dec 2014 B2
9065643 Hurry et al. Jun 2015 B2
9070129 Sheets et al. Jun 2015 B2
9100826 Weiss Aug 2015 B2
9160741 Wentker et al. Oct 2015 B2
9229964 Stevelinck Jan 2016 B2
9245267 Singh Jan 2016 B2
9249241 Dai et al. Feb 2016 B2
9256871 Anderson et al. Feb 2016 B2
9280765 Hammad Mar 2016 B2
9530011 French Dec 2016 B2
9530137 Weiss Dec 2016 B2
9646303 Karpenko May 2017 B2
9680942 Dimmick Jun 2017 B2
10242357 Dorogusker Mar 2019 B1
10318952 Wade Jun 2019 B1
10373149 Sather Aug 2019 B1
10475024 Behren Nov 2019 B1
10581611 Osborn Mar 2020 B1
10878402 Blackie Dec 2020 B1
10997583 Blackie May 2021 B1
11087301 Razaghi Aug 2021 B1
11195159 Alkasimi Dec 2021 B1
11514437 Jarosch Nov 2022 B1
11636468 Jarosch Apr 2023 B1
20010029485 Brody Oct 2001 A1
20010034720 Armes Oct 2001 A1
20010054003 Chien Dec 2001 A1
20020007320 Hogan Jan 2002 A1
20020016749 Borecki Feb 2002 A1
20020029193 Ranjan Mar 2002 A1
20020035548 Hogan Mar 2002 A1
20020073045 Rubin Jun 2002 A1
20020096570 Wong Jul 2002 A1
20020116341 Hogan Aug 2002 A1
20020133467 Hobson Sep 2002 A1
20020147913 Lun Yip Oct 2002 A1
20030028481 Flitcroft Feb 2003 A1
20030130955 Hawthorne Jul 2003 A1
20030191709 Elston Oct 2003 A1
20030191945 Keech Oct 2003 A1
20040010462 Moon Jan 2004 A1
20040050928 Bishop Mar 2004 A1
20040059682 Hasumi Mar 2004 A1
20040093281 Silverstein May 2004 A1
20040139008 Mascavage Jul 2004 A1
20040143532 Lee Jul 2004 A1
20040151353 Topping Aug 2004 A1
20040158532 Breck Aug 2004 A1
20040210449 Breck Oct 2004 A1
20040210498 Freund Oct 2004 A1
20040232225 Bishop Nov 2004 A1
20040236632 Maritzen Nov 2004 A1
20040260646 Berardi Dec 2004 A1
20050037735 Coutts Feb 2005 A1
20050080730 Sorrentino Apr 2005 A1
20050108178 York May 2005 A1
20050199709 Linlor Sep 2005 A1
20050246293 Ong Nov 2005 A1
20050269401 Spitzer Dec 2005 A1
20050269402 Spitzer Dec 2005 A1
20060235795 Johnson Oct 2006 A1
20060237528 Bishop Oct 2006 A1
20060278704 Saunders Dec 2006 A1
20070107044 Yuen May 2007 A1
20070129955 Dalmia Jun 2007 A1
20070136193 Starr Jun 2007 A1
20070136211 Brown Jun 2007 A1
20070170247 Friedman Jul 2007 A1
20070179885 Bird Aug 2007 A1
20070208671 Brown Sep 2007 A1
20070245414 Chan Oct 2007 A1
20070288377 Shaked Dec 2007 A1
20070291995 Rivera Dec 2007 A1
20080015988 Brown Jan 2008 A1
20080029607 Mullen Feb 2008 A1
20080035738 Mullen Feb 2008 A1
20080052226 Agarwal Feb 2008 A1
20080054068 Mullen Mar 2008 A1
20080054079 Mullen Mar 2008 A1
20080054081 Mullen Mar 2008 A1
20080065554 Hogan Mar 2008 A1
20080065555 Mullen Mar 2008 A1
20080128513 Hammad Jun 2008 A1
20080201264 Brown Aug 2008 A1
20080201265 Hewton Aug 2008 A1
20080203152 Hammad Aug 2008 A1
20080203170 Hammad Aug 2008 A1
20080228646 Myers Sep 2008 A1
20080243702 Hart Oct 2008 A1
20080245855 Fein Oct 2008 A1
20080245861 Fein Oct 2008 A1
20080283591 Oder, II Nov 2008 A1
20080302869 Mullen Dec 2008 A1
20080302876 Mullen Dec 2008 A1
20080313264 Pestoni Dec 2008 A1
20090006262 Brown Jan 2009 A1
20090010488 Matsuoka Jan 2009 A1
20090037333 Flitcroft Feb 2009 A1
20090037388 Cooper Feb 2009 A1
20090043702 Bennett Feb 2009 A1
20090048971 Hathaway Feb 2009 A1
20090106112 Dalmia Apr 2009 A1
20090106160 Skowronek Apr 2009 A1
20090134217 Flitcroft May 2009 A1
20090157555 Biffle Jun 2009 A1
20090159673 Mullen Jun 2009 A1
20090159700 Mullen Jun 2009 A1
20090159707 Mullen Jun 2009 A1
20090173782 Muscato Jul 2009 A1
20090200371 Kean Aug 2009 A1
20090248583 Chhabra Oct 2009 A1
20090276347 Kargman Nov 2009 A1
20090281948 Carlson Nov 2009 A1
20090294527 Brabson Dec 2009 A1
20090307139 Mardikar Dec 2009 A1
20090308921 Mullen Dec 2009 A1
20090327131 Beenau Dec 2009 A1
20100008535 Abulafia Jan 2010 A1
20100088237 Wankmueller Apr 2010 A1
20100094755 Kloster Apr 2010 A1
20100106644 Annan Apr 2010 A1
20100120408 Beenau May 2010 A1
20100133334 Vadhri Jun 2010 A1
20100138347 Chen Jun 2010 A1
20100145860 Pelegero Jun 2010 A1
20100161433 White Jun 2010 A1
20100185545 Royyuru Jul 2010 A1
20100211505 Saunders Aug 2010 A1
20100223186 Hogan Sep 2010 A1
20100228668 Hogan Sep 2010 A1
20100235284 Moore Sep 2010 A1
20100258620 Torreyson Oct 2010 A1
20100291904 Musfeldt Nov 2010 A1
20100299267 Faith et al. Nov 2010 A1
20100306076 Taveau Dec 2010 A1
20100325041 Berardi Dec 2010 A1
20110010292 Giordano Jan 2011 A1
20110016047 Wu Jan 2011 A1
20110016320 Bergsten Jan 2011 A1
20110040640 Erikson Feb 2011 A1
20110047076 Carlson et al. Feb 2011 A1
20110083018 Kesanupalli Apr 2011 A1
20110087596 Dorsey Apr 2011 A1
20110093397 Carlson Apr 2011 A1
20110125597 Oder, II May 2011 A1
20110153437 Archer Jun 2011 A1
20110153498 Makhotin et al. Jun 2011 A1
20110154466 Harper Jun 2011 A1
20110161233 Tieken Jun 2011 A1
20110178926 Lindelsee et al. Jul 2011 A1
20110191244 Dai Aug 2011 A1
20110238511 Park Sep 2011 A1
20110238573 Varadarajan Sep 2011 A1
20110246317 Coppinger Oct 2011 A1
20110258111 Raj et al. Oct 2011 A1
20110272471 Mullen Nov 2011 A1
20110272478 Mullen Nov 2011 A1
20110276380 Mullen Nov 2011 A1
20110276381 Mullen Nov 2011 A1
20110276424 Mullen Nov 2011 A1
20110276425 Mullen Nov 2011 A1
20110295745 White Dec 2011 A1
20110302081 Saunders Dec 2011 A1
20110314539 Horton Dec 2011 A1
20120023567 Hammad Jan 2012 A1
20120028609 Hruska Feb 2012 A1
20120030047 Fuentes et al. Feb 2012 A1
20120035998 Chien Feb 2012 A1
20120041881 Basu Feb 2012 A1
20120047237 Arvidsson Feb 2012 A1
20120066078 Kingston Mar 2012 A1
20120072350 Goldthwaite Mar 2012 A1
20120078735 Bauer Mar 2012 A1
20120078798 Downing Mar 2012 A1
20120078799 Jackson Mar 2012 A1
20120095852 Bauer Apr 2012 A1
20120095865 Doherty Apr 2012 A1
20120116902 Cardina May 2012 A1
20120123882 Carlson May 2012 A1
20120123940 Killian May 2012 A1
20120129514 Beenau May 2012 A1
20120136732 McMillen May 2012 A1
20120143754 Patel Jun 2012 A1
20120143767 Abadir Jun 2012 A1
20120143772 Abadir Jun 2012 A1
20120158580 Eram Jun 2012 A1
20120158593 Garfinkle Jun 2012 A1
20120173431 Ritchie Jul 2012 A1
20120185386 Salama Jul 2012 A1
20120197807 Schlesser Aug 2012 A1
20120203664 Torossian Aug 2012 A1
20120203666 Torossian Aug 2012 A1
20120215688 Musser Aug 2012 A1
20120215696 Salonen Aug 2012 A1
20120221421 Hammad Aug 2012 A1
20120226582 Hammad Sep 2012 A1
20120231844 Coppinger Sep 2012 A1
20120233004 Bercaw Sep 2012 A1
20120246070 Vadhri Sep 2012 A1
20120246071 Jain Sep 2012 A1
20120246079 Wilson Sep 2012 A1
20120265631 Cronic Oct 2012 A1
20120271770 Harris Oct 2012 A1
20120297446 Webb Nov 2012 A1
20120300932 Cambridge Nov 2012 A1
20120303503 Cambridge Nov 2012 A1
20120303961 Kean Nov 2012 A1
20120304273 Bailey Nov 2012 A1
20120310725 Chien Dec 2012 A1
20120310831 Harris Dec 2012 A1
20120316992 Oborne Dec 2012 A1
20120317035 Royyuru Dec 2012 A1
20120317036 Bower Dec 2012 A1
20130017784 Fisher Jan 2013 A1
20130018757 Anderson et al. Jan 2013 A1
20130019098 Gupta Jan 2013 A1
20130031006 Mccullagh et al. Jan 2013 A1
20130054337 Brendell Feb 2013 A1
20130054466 Muscato Feb 2013 A1
20130054474 Yeager Feb 2013 A1
20130081122 Svigals Mar 2013 A1
20130091028 Oder, II Apr 2013 A1
20130110658 Lyman May 2013 A1
20130111599 Gargiulo May 2013 A1
20130117185 Collison May 2013 A1
20130124290 Fisher May 2013 A1
20130124291 Fisher May 2013 A1
20130124364 Mittal May 2013 A1
20130138525 Bercaw May 2013 A1
20130144888 Faith Jun 2013 A1
20130145148 Shablygin Jun 2013 A1
20130145172 Shablygin Jun 2013 A1
20130159178 Colon Jun 2013 A1
20130159184 Thaw Jun 2013 A1
20130166402 Parento Jun 2013 A1
20130166456 Zhang Jun 2013 A1
20130173736 Krzeminski Jul 2013 A1
20130185202 Goldthwaite Jul 2013 A1
20130191227 Pasa et al. Jul 2013 A1
20130191286 Cronic Jul 2013 A1
20130191289 Cronic Jul 2013 A1
20130198071 Jurss Aug 2013 A1
20130198080 Anderson et al. Aug 2013 A1
20130200146 Moghadam Aug 2013 A1
20130204787 Dubois Aug 2013 A1
20130204793 Kerridge Aug 2013 A1
20130212007 Mattsson Aug 2013 A1
20130212017 Bangia Aug 2013 A1
20130212019 Mattsson Aug 2013 A1
20130212024 Mattsson Aug 2013 A1
20130212026 Powell et al. Aug 2013 A1
20130212666 Mattsson Aug 2013 A1
20130218698 Moon Aug 2013 A1
20130218769 Pourfallah et al. Aug 2013 A1
20130226799 Raj Aug 2013 A1
20130226802 Hammad Aug 2013 A1
20130226813 Voltz Aug 2013 A1
20130246199 Carlson Sep 2013 A1
20130246202 Tobin Sep 2013 A1
20130246203 Laracey Sep 2013 A1
20130246258 Dessert Sep 2013 A1
20130246259 Dessert Sep 2013 A1
20130246261 Purves et al. Sep 2013 A1
20130246267 Tobin Sep 2013 A1
20130254028 Salci Sep 2013 A1
20130254052 Royyuru Sep 2013 A1
20130254102 Royyuru Sep 2013 A1
20130254117 Von Mueller Sep 2013 A1
20130262296 Thomas Oct 2013 A1
20130262302 Lettow Oct 2013 A1
20130262315 Hruska Oct 2013 A1
20130262316 Hruska Oct 2013 A1
20130262317 Collinge Oct 2013 A1
20130275300 Killian Oct 2013 A1
20130275307 Khan Oct 2013 A1
20130275308 Paraskeva Oct 2013 A1
20130282502 Jooste Oct 2013 A1
20130282575 Mullen Oct 2013 A1
20130282588 Hruska Oct 2013 A1
20130297501 Monk et al. Nov 2013 A1
20130297504 Nwokolo Nov 2013 A1
20130297508 Belamant Nov 2013 A1
20130304649 Cronic Nov 2013 A1
20130308778 Fosmark Nov 2013 A1
20130311382 Fosmark Nov 2013 A1
20130317982 Mengerink Nov 2013 A1
20130332344 Weber Dec 2013 A1
20130339253 Sincai Dec 2013 A1
20130346305 Mendes Dec 2013 A1
20130346314 Mogollon Dec 2013 A1
20140007213 Sanin Jan 2014 A1
20140013106 Redpath Jan 2014 A1
20140013114 Redpath Jan 2014 A1
20140013452 Aissi et al. Jan 2014 A1
20140019352 Shrivastava Jan 2014 A1
20140025581 Calman Jan 2014 A1
20140025585 Calman Jan 2014 A1
20140025958 Calman Jan 2014 A1
20140032417 Mattsson Jan 2014 A1
20140032418 Weber Jan 2014 A1
20140040137 Carlson Feb 2014 A1
20140040139 Brudnicki Feb 2014 A1
20140040144 Plomske Feb 2014 A1
20140040145 Ozvat Feb 2014 A1
20140040148 Ozvat Feb 2014 A1
20140040628 Fort Feb 2014 A1
20140041018 Bomar Feb 2014 A1
20140046853 Spies Feb 2014 A1
20140047551 Nagasundaram et al. Feb 2014 A1
20140052532 Tsai Feb 2014 A1
20140052620 Rogers Feb 2014 A1
20140052637 Jooste Feb 2014 A1
20140068706 Aissi Mar 2014 A1
20140074637 Hammad Mar 2014 A1
20140108172 Weber et al. Apr 2014 A1
20140114857 Griggs et al. Apr 2014 A1
20140143137 Carlson May 2014 A1
20140164243 Aabye et al. Jun 2014 A1
20140188586 Carpenter et al. Jul 2014 A1
20140249945 Gauthier Sep 2014 A1
20140294701 Dai et al. Oct 2014 A1
20140297534 Patterson Oct 2014 A1
20140310183 Weber Oct 2014 A1
20140324690 Allen et al. Oct 2014 A1
20140330721 Wang Nov 2014 A1
20140330722 Laxminarayanan et al. Nov 2014 A1
20140331265 Mozell et al. Nov 2014 A1
20140337236 Wong et al. Nov 2014 A1
20140344153 Raj et al. Nov 2014 A1
20140372308 Sheets Dec 2014 A1
20150019443 Sheets et al. Jan 2015 A1
20150032625 Dill Jan 2015 A1
20150032626 Dill Jan 2015 A1
20150032627 Dill Jan 2015 A1
20150046338 Laxminarayanan Feb 2015 A1
20150046339 Wong et al. Feb 2015 A1
20150052064 Karpenko et al. Feb 2015 A1
20150066768 Williamson Mar 2015 A1
20150081544 Wong et al. Mar 2015 A1
20150088756 Makhotin et al. Mar 2015 A1
20150106239 Gaddam et al. Apr 2015 A1
20150112870 Nagasundaram et al. Apr 2015 A1
20150112871 Kumnick Apr 2015 A1
20150120472 Aabye et al. Apr 2015 A1
20150127529 Makhotin et al. May 2015 A1
20150127547 Powell May 2015 A1
20150140960 Powell et al. May 2015 A1
20150142673 Nelsen et al. May 2015 A1
20150161597 Subramanian et al. Jun 2015 A1
20150178724 Ngo et al. Jun 2015 A1
20150180836 Wong et al. Jun 2015 A1
20150186864 Jones et al. Jul 2015 A1
20150193222 Pirzadeh et al. Jul 2015 A1
20150195133 Sheets et al. Jul 2015 A1
20150199679 Palanisamy et al. Jul 2015 A1
20150199689 Kumnick et al. Jul 2015 A1
20150220917 Aabye et al. Aug 2015 A1
20150269566 Gaddam et al. Sep 2015 A1
20150278799 Palanisamy Oct 2015 A1
20150287037 Salmon Oct 2015 A1
20150295921 Cao Oct 2015 A1
20150312038 Palanisamy Oct 2015 A1
20150319158 Kumnick Nov 2015 A1
20150324736 Sheets Nov 2015 A1
20150332262 Lingappa Nov 2015 A1
20150356560 Shastry et al. Dec 2015 A1
20150363781 Badenhorst Dec 2015 A1
20160028550 Gaddam et al. Jan 2016 A1
20160036790 Shastry et al. Feb 2016 A1
20160042263 Gaddam et al. Feb 2016 A1
20160048828 Lee Feb 2016 A1
20160065370 Le Saint et al. Mar 2016 A1
20160092696 Guglani et al. Mar 2016 A1
20160092872 Prakash et al. Mar 2016 A1
20160092874 O'Regan Mar 2016 A1
20160103675 Aabye et al. Apr 2016 A1
20160119296 Laxminarayanan et al. Apr 2016 A1
20160132878 O'Regan May 2016 A1
20160140545 Flurscheim et al. May 2016 A1
20160148197 Dimmick May 2016 A1
20160148212 Dimmick May 2016 A1
20160171479 Prakash et al. Jun 2016 A1
20160173483 Wong et al. Jun 2016 A1
20160197725 Hammad Jul 2016 A1
20160210628 McGuire Jul 2016 A1
20160217461 Gaddam Jul 2016 A1
20160218875 Le Saint et al. Jul 2016 A1
20160224976 Basu Aug 2016 A1
20160224977 Sabba et al. Aug 2016 A1
20160232513 Purves Aug 2016 A1
20160232527 Patterson Aug 2016 A1
20160239842 Cash et al. Aug 2016 A1
20160253651 Park Sep 2016 A1
20160269391 Gaddam et al. Sep 2016 A1
20160301683 Laxminarayanan Oct 2016 A1
20160308995 Youdale et al. Oct 2016 A1
20160335639 Merz Nov 2016 A1
20160379208 Deliwala et al. Dec 2016 A1
20170046696 Powell et al. Feb 2017 A1
20170061422 Castinado et al. Mar 2017 A1
20170076288 Awasthi Mar 2017 A1
20170103387 Weber Apr 2017 A1
20170109745 Al-Bedaiwi Apr 2017 A1
20170148013 Rajurkar May 2017 A1
20170161733 Koletsky Jun 2017 A1
20170163617 Narayan Jun 2017 A1
20170163629 Law Jun 2017 A1
20170186001 Reed et al. Jun 2017 A1
20170200156 Karpenko Jul 2017 A1
20170200165 Narayan Jul 2017 A1
20170201520 Chandoor Jul 2017 A1
20170220818 Nagasundaram et al. Aug 2017 A1
20170221054 Flurscheim Aug 2017 A1
20170221056 Karpenko Aug 2017 A1
20170228723 Taylor Aug 2017 A1
20170228728 Sullivan Aug 2017 A1
20170236113 Chitalia Aug 2017 A1
20170293914 Girish Oct 2017 A1
20170295155 Wong et al. Oct 2017 A1
20170337542 Kim Nov 2017 A1
20170337549 Wong Nov 2017 A1
20170345000 Kohli Nov 2017 A1
20170364903 Lopez Dec 2017 A1
20170364914 Howard Dec 2017 A1
20170373852 Cassin Dec 2017 A1
20180005227 Sandeløv et al. Jan 2018 A1
20180006821 Kinagi Jan 2018 A1
20180063152 Erich Mar 2018 A1
20180075081 Chipman Mar 2018 A1
20180165680 Sharma et al. Jun 2018 A1
20180247303 Raj Aug 2018 A1
20180262334 Hammad Sep 2018 A1
20180268399 Spector Sep 2018 A1
20180268405 Lopez Sep 2018 A1
20180276647 Geupel Sep 2018 A1
20180285875 Law Oct 2018 A1
20180324184 Kaja Nov 2018 A1
20180324584 Lopez Nov 2018 A1
20190020478 Girish Jan 2019 A1
20190034934 Trelin Jan 2019 A1
20190066069 Faith Feb 2019 A1
20190080075 Ekberg Mar 2019 A1
20190102773 Dawley Apr 2019 A1
20190147439 Wang May 2019 A1
20190356489 Palanismy Nov 2019 A1
20190361901 Purves Nov 2019 A1
20190384896 Jones Dec 2019 A1
20190392431 Chitalila Dec 2019 A1
20200013059 Mariappan Jan 2020 A1
20200052897 Girish Feb 2020 A1
20200267153 Kang Aug 2020 A1
20200314644 Dean Oct 2020 A1
20210117988 Kresge Apr 2021 A1
20210182835 Kurylko Jun 2021 A1
20210182852 Sukhija Jun 2021 A1
Foreign Referenced Citations (21)
Number Date Country
1028401 Aug 2000 EP
2156397 Feb 2010 EP
2000014648 Mar 2000 WO
2001035304 May 2001 WO
2001035304 May 2001 WO
2004051585 Nov 2003 WO
2004042536 May 2004 WO
2005001751 Jun 2004 WO
2006113834 Oct 2006 WO
2009032523 Mar 2009 WO
2010078522 Jul 2010 WO
2012068078 May 2012 WO
2012098556 Jul 2012 WO
2012142370 Oct 2012 WO
2012167941 Dec 2012 WO
2013048538 Apr 2013 WO
2013056104 Apr 2013 WO
2013119914 Aug 2013 WO
2013179271 Dec 2013 WO
2017201301 Nov 2017 WO
2018125444 Jul 2018 WO
Non-Patent Literature Citations (5)
Entry
EP19870317.5 , “Office Action”, dated Mar. 2, 2023, 5 pages.
SG11202103377W , “Written Opinion”, dated Feb. 13, 2023, 9 pages.
Application No. EP19870317.5 , Extended European Search Report, dated Oct. 15, 2021, 7 pages.
PCT/US2019/055233 , “International Search Report and Written Opinion”, dated Apr. 10, 2020, 27 pages.
PCT/US2019/055233 , “Invitation to Pay Additional Fees and, Where Applicable, Protest Fee”, dated Jan. 10, 2020, 7 pages.
Related Publications (1)
Number Date Country
20210344672 A1 Nov 2021 US
Provisional Applications (3)
Number Date Country
62816752 Mar 2019 US
62813686 Mar 2019 US
62742818 Oct 2018 US