Token aggregation for multi-party transactions

Information

  • Patent Grant
  • 11068899
  • Patent Number
    11,068,899
  • Date Filed
    Friday, June 17, 2016
    8 years ago
  • Date Issued
    Tuesday, July 20, 2021
    3 years ago
  • Inventors
  • Original Assignees
  • Examiners
    • Boveja; Namrata
    • Patel; Amit
    Agents
    • Kilpatrick Townsend & Stockton LLP
Abstract
Described herein is a system for generating a master token to be associated with a set of tokens. In some embodiments, a number of tokens may be obtained by a communication device, which may be provided to a primary authorization computer. The primary authorization computer may generate a master token to be associated with each of those tokens. When the master token is used to complete a transaction, an authorization request may be received by the primary authorization computer that includes the master token. Upon receiving this, the primary authorization computer may obtain approval from a number of secondary authorization computers associated with the tokens, and may generate an authorization response based on those approvals.
Description
BACKGROUND

There are a number of problems that are present when multiple users attempt to conduct a single transaction. For example, when multiple users at a restaurant wish to contribute different amounts to a bill, the restaurant may receive different payment devices (e.g. different credit cards) from the different users. If, for example, the different users wish to pay for different amounts on the invoice, this can be unduly burdensome for the restaurant and the restaurant may consequently not want to perform the transaction in the manner that the users want. Additionally, the server may be responsible for multiple transactions, which may lead to mistakes in bill apportioning. While one user may provide a single payment device to pay for the multi-party transaction, the one user will need to seek reimbursement from each of the other users. This again often involves a number of communications between the different users and is inefficient.


Embodiments of the invention address these and other problems, individually and collectively.


BRIEF SUMMARY

Embodiments of the disclosure are directed to systems for obtaining a set of initial tokens to be used in completing a transaction, associating a master token with the set of initial tokens, and assigning portions of a transaction for which the master token has been provided to each initial token in the set of initial tokens. In some embodiments, multiple tokens may be obtained by a primary authorization computer. The primary authorization computer generates a master token upon obtaining the set of initial tokens. The master token may then be used to complete a transaction with a resource provider.


Upon receiving an authorization request that includes the master token, the primary authorization computer may determine a portion of the transaction to be assigned to each of the initial tokens in the set of initial tokens. The primary authorization computer may then generate secondary authorization requests to be sent to a number of secondary authorization computers associated with each initial token in the set of initial tokens. Upon receiving authorization responses from each of the secondary authorization computers, the primary authorization computer may generate an authorization response for the transaction.


One embodiment of the invention is directed to a method comprising receiving a set of initial tokens from a communication device, each initial token of the set of initial tokens associated with a different account, generating a master token to be associated with the set of initial tokens, and providing the master token to the communication device. The method further comprises receiving a request to authorize a transaction from a resource provider that includes the master token, generating, for each initial token in the set of tokens, a secondary authorization request message for a portion of the requested transaction, transmitting the generated secondary authorization request messages to secondary authorization computers associated with the respective initial tokens in the set of initial tokens. Upon receiving authorization response messages from the secondary authorization computers, generating subsequent authorization response messages and transmitting them to the resource provider.


Another embodiment of the invention is directed to a mobile device comprising a processor, a short range communication device, and a memory including instructions that, when executed with the processor, cause the mobile device to receive one or more initial tokens, each of which is associated with a different account, add, to the one or more tokens, an initial token associated with the mobile device, and associate, with the one or more initial tokens and the added initial token, a master token. The instructions further cause the mobile device to upon receiving a request to complete a transaction, provide the master token such that portions of the transaction are attributed to each of the one or more initial tokens.


Another embodiment of the invention is directed to a server device comprising a processor, and a memory including instructions that, when executed by the processor, cause the server device to maintain account information associated with a user, receive, from two or more applications, two or more initial tokens, each of the two or more initial tokens associated with a different account. The instructions, when executed by the processor, further cause the server device to generate a master token to be associated with the two or more initial tokens, and provide the generated master token to the user.


These and other embodiments of the invention are described in further detail below.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 depicts a block diagram of an example system architecture capable of implementing at least some embodiments of the current disclosure;



FIG. 2 depicts a diagram of an example primary authorization computer configured to store and manage access credentials and provide authorization for multiple-party transactions in accordance with at least some embodiments;



FIG. 3 depicts a block diagram of an example data flow that may be implemented in accordance with at least some embodiments;



FIG. 4 depicts a process for aggregating tokens into a token grouping and generating a master token associated with the token grouping in accordance with at least some embodiments;



FIG. 5 depicts a process for handling an authorization request message that includes a master token in accordance with at least some embodiments;



FIG. 6 depicts a process flow for conducting and settling a multi-party transaction with a resource provider using a master token in accordance with at least some embodiments; and



FIG. 7 depicts a flow diagram illustrating a process for generating a master token and conducting a transaction using that master token in accordance with at least some embodiments.





DETAILED DESCRIPTION

In the following description, various embodiments will be described. For purposes of explanation, specific configurations and details are set forth in order to provide a thorough understanding of the embodiments. However, it will also be apparent to one skilled in the art that the embodiments may be practiced without the specific details. Furthermore, well-known features may be omitted or simplified in order not to obscure the embodiment being described.


Prior to discussing the details of some embodiments of the present invention, description of some terms may be helpful in understanding the various embodiments.


A “credential” may be any suitable information that serves as reliable evidence of worth, ownership, identity, or authority. A credential may be a string of numbers, letters, or any other suitable characters, as well as any object or document that can serve as confirmation. Examples of credentials include access credentials, value credentials, identification cards, certified documents, access cards, passcodes and other login information, etc.


An “access credential” may be any data or portion of data used to gain access to a particular resource. In some embodiments, an access credential may be a login and/or password for a user account. In some embodiments, an access credential may be include account information or a token associated with the account information, a cryptogram, a digital certificate, etc. A mobile device may store one or more access credentials associated with each communication device. In some embodiments, an access credential stored in association with a communication device may be used to conduct transactions on behalf of the communication device. In some embodiments, the mobile device may store a single access credential that may be used in each transaction initiated by the mobile device.


An “access device” may be any suitable device for communicating with a merchant computer or payment processing network, and for interacting with a payment device, a user computer apparatus, and/or a user mobile device. An access device may generally be located in any suitable location, such as at the location of a merchant. An access device may be in any suitable form. Some examples of access devices include POS devices, cellular phones, PDAs, personal computers (PCs), tablet PCs, hand-held specialized readers, set-top boxes, electronic cash registers (ECRs), automated teller machines (ATMs), virtual cash registers (VCRs), kiosks, security systems, access systems, Websites, and the like. An access device may use any suitable contact or contactless mode of operation to send or receive data from, or associated with, a communication device. In some embodiments, where an access device may comprise a POS terminal, any suitable POS terminal may be used and may include a reader, a processor, and a computer-readable medium. A reader may include any suitable contact or contactless mode of operation. For example, card readers can include radio frequency (RF) antennas, optical scanners, bar code readers, or magnetic stripe readers to interact with a communication device. In some embodiments, an access device may also be referred to as a terminal device.


“Account data” may refer to any content of an account of a user conducting a transaction. In some embodiments, account data may be payment account data that may be utilized to make a purchase. In other embodiments, account data may be any content associated with a user's non-financial account. For example, account data may include electronic files, photos, videos, and documents stored by the user's account. In some embodiments, account data may be stored by an authorization computer.


“Account information” may refer to any information surrounding an account of a user. For example, account information may include account data and one or more account identifiers. In some embodiments, the account identifier may be a PAN or primary account number. The PAN may be 14, 16, or 18 digits. Account information may also include an expiration date associated with the account, as well as a service code and/or verification values (e.g., CVV, CVV2, dCVV, and dCVV2 values).


An “authorization request message” may be an electronic message that requests authorization for a transaction. In some embodiments, it is sent to a transaction processing computer and/or an issuer of a payment card to request authorization for a transaction. An authorization request message according to some embodiments may comply with ISO 8583, which is a standard for systems that exchange electronic transaction information associated with a payment made by a user using a payment device or payment account. The authorization request message may include an issuer account identifier that may be associated with a payment device or payment account. An authorization request message may also comprise additional data elements corresponding to “identification information” including, by way of example only: a service code, a CVV (card verification value), a dCVV (dynamic card verification value), a PAN (primary account number or “account number”), a payment token, a user name, an expiration date, etc. An authorization request message may also comprise “transaction information,” such as any information associated with a current transaction, such as the transaction amount, merchant identifier, merchant location, acquirer bank identification number (BIN), card acceptor ID, information identifying items being purchased, etc., as well as any other information that may be utilized in determining whether to identify and/or authorize a transaction.


An “authorization response message” may be a message that responds to an authorization request. In some cases, it may be an electronic message reply to an authorization request message generated by an issuing financial institution or a transaction processing computer. The authorization response message may include, by way of example only, one or more of the following status indicators: Approval—transaction was approved; Decline—transaction was not approved; or Call Center—response pending more information, merchant must call the toll-free authorization phone number. The authorization response message may also include an authorization code, which may be a code that a credit card issuing bank returns in response to an authorization request message in an electronic message (either directly or through the transaction processing computer) to the merchant's access device (e.g. POS equipment) that indicates approval of the transaction. The code may serve as proof of authorization. As noted above, in some embodiments, a transaction processing computer may generate or forward the authorization response message to the merchant.


A “communication device” may be any electronic device that has a primary function related to communication. A communication device may be capable of establishing a communication session with another electronic device and transmitting/receiving data from that device. In some embodiments, a communication device may act as a proxy device between two or more other electronic devices by establishing communication sessions with each of the devices and relaying information between the devices. A mobile device may be a type of communication device.


An “issuer” may typically refer to a business entity (e.g., a bank) that maintains an account for a user that is associated with a portable communication device such as an account enrolled in a mobile application installed on a portable communication device. An issuer may also issue account parameters associated with the account to a portable communication device. An issuer may be associated with a host system that performs some or all of the functions of the issuer on behalf of the issuer.


A “token” may be a substitute for a real credential. In some embodiments, a token may include an identifier for a payment account that is a substitute for a real credential such as primary account number (PAN). For example, a token may include a series of numeric and/or alphanumeric characters that may be used as a substitute for an original account identifier. For example, a token “4900 0000 0000 0001” may be used in place of a PAN “4147 0900 0000 1234.” In some embodiments, a token may be “format preserving” and may have a numeric format that conforms to the account identifiers used in existing payment processing networks (e.g., ISO 8583 financial transaction message format). In some embodiments, a token may be used in place of a PAN to initiate, authorize, settle or resolve a payment transaction or represent the original credential in other systems where the original credential would typically be provided. In some embodiments, a token value may be generated such that the recovery of the original PAN or other account identifier from the token value may not be computationally derived. In other embodiments, a token may be mathematically derived (e.g., with an encryption key) from the real credential. Further, in some embodiments, the token format may be configured to allow the entity receiving the token to identify it as a token and recognize the entity that issued the token.


A “master token” may be a type of token that may be a substitute for a token grouping (e.g., a set of initial tokens). A master token may be associated with a token grouping stored within a token vault. For example, a token grouping may include a plurality of tokens, each of which is associated with a separate account. In this example, a master token may be associated with the token grouping such that any time that the master token is used to complete a transaction, a portion of the transaction is allocated to each of the tokens in the token grouping. In some embodiments, a master token may be associated with configuration settings that indicate how a transaction should be apportioned to each token within the token grouping. The master token and the initial tokens that it relates to may all have the same format (e.g., 16, 18, or 19 numerical digits) in some embodiments of the invention.


A “mobile device” may be any computing device capable of traveling with a user. In some embodiments, a mobile device can include any suitable computing device configured to establish communication sessions with one or more communication devices and a resource provider (either directly or via a primary authorization computer) and (in some cases) to initiate transactions with the resource provider on behalf of the communication devices. In some embodiments, the mobile device may store one or more access credentials to be used in these transactions. In some embodiments, the mobile device may be configured to store one or more protocol sets related to transactions and/or communication devices. The mobile device may be further configured to confirm that transactions are in compliance with these transaction protocols prior to initiating the transactions.


A “primary authorization computer” may be any computing device that can authorize a request. The primary authorization computer may provide any suitable service and/or processing for obtaining a set of tokens, associating a master token with the set of tokens, and authorizing transactions in accordance with the disclosure. In some embodiments, the primary authorization computer may maintain an account for one or more users. The primary authorization computer may also store one or more configuration settings related to the authorization of transactions conducted using the master token.


A “secondary authorization computer” may be any computing device that can authorize a request. In some embodiments, a secondary authorization computer is configured to authorize authorization request messages including initial tokens. A secondary authorization computer may be owned and/or operated by an entity that is unaffiliated with the primary authorization computer.


A “server computer” may include a powerful computer or cluster of computers. For example, the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. In one example, the server computer may be a database server coupled to a Web server. The server computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers. The server computer may comprise one or more computational apparatuses and may use any of a variety of computing structures, arrangements, and compilations for servicing the requests from one or more client computers.


A “resource provider” may be an entity that can provide a resource such as goods, services, information, and/or access. Examples of a resource provider includes merchants, access devices, secure data access points, etc. A “merchant” may typically be an entity that engages in transactions and can sell goods or services, or provide access to goods or services.


Details of some embodiments of the present invention will now be described.



FIG. 1 depicts an example system architecture capable of implementing at least some embodiments of the current disclosure. In FIG. 1, a primary authorization computer 102 may be in communication with one or more secondary authorization computers 104(1-N) via processing networks 106. The primary authorization computer 102 may also be in communication with a communication device 108. For example, as is described in greater detail elsewhere in the specification, the primary authorization computer 102 may receive initial tokens from the communication device 108 and may subsequently provide a master token to the communication device 108. The communication device 108 may, in turn, provide the master token to an access device 110 to complete a transaction. The access device 110 may be in communication with a resource provider computer 112, which may further be in communication with the primary authorization computer 102 via the processing network 106.


The primary authorization computer 102 may be any type of computing device, including a remotely located server computer, configured to manage a set of tokens and process and authorize transactions directed to the set of tokens. In some embodiments, the primary authorization computer 102 may perform one or more actions on behalf of the communication device 108. Additionally, it should be noted that in some embodiments, the primary authorization computer 102 may be embodied by one more virtual machines implemented in a hosted computing environment. The hosted computing environment may include one or more rapidly provisioned and released computing resources, which computing resources may include computing, networking, and/or storage devices. A hosted computing environment may also be referred to as a cloud-computing environment. In some embodiments, the primary authorization computer 102 may be configured to provide a master token to the communication device 108. In some embodiments, a primary authorization computer may be a mobile application server that supports a mobile application installed on, and executed from, the communication device 108. In some embodiments, the primary authorization computer may be a server that supports mobile payment applications. For example, an e-wallet application may be installed on the communication device 108. In this example, the set of tokens may comprise a set of payment information account tokens.


A secondary authorization computer 104 may be any computing device or plurality of computing devices configured to receive an authorization request message for a transaction, authorize or decline the transaction, and provide an authorization response message based on whether the transaction has been authorized or declined. The secondary authorization computer 104 may determine whether to authorize or decline the transaction based on information associated with the transaction. In some embodiments, the transaction information may include an initial token that may be obtained from or derived from a real credential such as a real PAN. In some embodiments, the secondary authorization computer 104 may be operated by an issuer of a payment account (e.g., a credit card). As depicted in FIG. 1, there may be a number of secondary authorization computers 104 involved in the system, each of which may be owned and/or operated by a separate entity.


In some examples, the transaction processing network 106 may include any one or a combination of many different types of networks, such as cable networks, the Internet, wireless networks, cellular networks, and other private and/or public networks. In addition, the transaction processing network 106 may comprise multiple different networks. For example, the resource provider computer 112 may utilize a 3G network to communicate with a wireless router, which may then route the communication over a public network (e.g., the Internet) to the primary authorization computer 102. In some embodiments, the transaction processing network 106 may be an electronic payment network (e.g., VisaNet) or a combination of electronic payment networks.


The communication device 108 may be any electronic device configured to receive token information and provide information related to a master token to an access device 110 to conduct a transaction. In some embodiments, the communication device 108 may be a mobile phone or any other suitable portable electronic device. The communication device 108 may include a processor 114 capable of processing user input. The communication device 108 may also include one or more input sensors 116 for collecting input. In some embodiments, the input may include user provided input. Some non-limiting examples of input sensors 116 that may be included in a communication device include keyboards, mice, microphones, cameras, motion sensors, accelerometers, cameras, pressure sensors, thermometers, a global positioning system (GPS), a barcode reader, etc.


In some embodiments, the communication device 108 may include a communication interface 118 configured to enable communication between the communication device 108 and another electronic device (e.g., access device 110 and/or the primary authorization computer 102). Examples of communication interface 118 may include one or more radio frequency (RF) transceivers configured to send and receive communications using near-field communications (NFC), or other radio frequency or wireless communication protocols such as Bluetooth, Bluetooth low-energy (BLE), a wireless local area network (e.g., WiFi), iBeacon, etc. In some embodiments, communication interface 118 may include an infrared communication device. In some embodiments, the communication interface 118 may include both long range and short range communication means. For example, the communication interface may include an antenna configured to connect to a cellular network in order to enable communication with various other components of the depicted architecture.


In some embodiments, the communication technology used by the communication device 108 may depend on the type of power source used by the communication device. For example, if the device has access to a regular, external power supply, it may include a WiFi interface. Alternatively, if the device relies on a battery instead of an external power supply, it may include a means for communication that consumes less power, such as low power Bluetooth interface, a ZigBee interface, a near field communication (NFC) or radio frequency (RF) interface, or any other suitable wireless access interface.


Embodiments of one or more modules on the communication device 108 may be stored and executed from its memory 120. Turning to the contents of the memory 120 in more detail, the memory 120 may include an operating system 122 and one or more modules configured to cause the processor 114 to carry out instructions in accordance with at least some embodiments of the disclosure. For example, the memory 120 may include an aggregation module 124 configured to work with the processor 114 to receive token information from one or more external sources and initiate one or more transactions using a master token. Additionally, the memory 120 may include information related to one or more access credentials (token data 126).


In some embodiments, the aggregation module 124 may be programmed to cause the communication device 108 to receive one or more tokens from token sources, provide the one or more received tokens to a primary authorization computer 102, and receive a master token in return. The aggregation module 124 may also be programmed to cause the communication device 108 to provide the master token to an access device 110 to complete a transaction. In some embodiments, the aggregation module 124 may be implemented as an application installed on, and executed from, the communication device 108. In some embodiments, the primary authorization computer 102 may provide backend support for the aggregation module 124. For example, the primary authorization computer 102 may perform at least some processing tasks required by the aggregation module 124. In some embodiments, the aggregation module 124 may further include instructions for communicating securely with the primary authorization computer 102. For example, the aggregation module 124 may include encryption protocols and/or encryption keys utilized by the primary authorization computer 102.


The memory 120 of communication device 108 may include a secure execution environment such as a secure memory (e.g., Smartcard based technology available in low-power devices). In some embodiments, the secure memory may include a secure element. A secure element (SE) can be a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (e.g. key management) in accordance with the rules and security requirements set forth by a set of well-identified trusted authorities. Sensitive information (e.g., token data 126 or other suitable access credential data) provisioned onto the communication device 108 may be stored in the secure memory.


The communication device 108 may also establish a connection with a primary authorization computer 102 that provides back end support for the communication device 108 by maintaining and managing token mappings. In some embodiments, upon initiation of a transaction by the user, the communication device 108 may transmit information related to the communication device 108 to the primary authorization computer 102. The primary authorization computer 102 may retrieve token information to be associated with the communication device 108 and/or transaction and may send that token information to the communication device 108. In this way, the token information may be provisioned onto the communication device 108. The token information may include an access credential (e.g., a master token), consumer identifier, access credential expiration conditions, and/or any other suitable information relevant to the communication device 108.


The access device 110 may be any computing device that controls access to a resource (e.g., a good or service). In some embodiments, the access device 110 may be owned and/or operated by a merchant or service provider. For example, the access device 110 may be a point of sale (POS) device (e.g., a cash register) used to complete transactions on behalf of the merchant or service provider.


Resource provider computer 112 may be a computing device configured to receive a transaction request and initiate a transaction. In some embodiments, the resource provider computer 112 may be associated with an electronic commerce site. For example, the resource provider may maintain a catalog of items and/or services available for purchase. The resource provider may also be associated with a utility company or other resource provider. In some embodiments, the resource provider may enable a user to pay a bill or other outstanding debt related to resource acquisition. The resource provider computer 112 may also be configured to complete a transaction upon receiving an authorization response message indicating that a transaction has been approved.


In some embodiments, the resource provider computer 112 may be in communication with an acquirer computer. An acquirer computer may be any computing device or plurality of computing devices configured to process transaction information received from the resource provider computer 112 and generate an authorization request message to be transmitted to the primary authorization computer 102. In some embodiments, the acquirer computer may be owned and/or operated by a banking institute with which the operator of the resource provider 110 maintains an account. In some embodiments, the resource provider may be an acquirer computer.


For simplicity of illustration, a certain number of components are shown in FIG. 1. It is understood, however, that embodiments of the invention may include more than one of each component. In addition, some embodiments of the invention may include fewer than or greater than all of the components shown in FIG. 1. In addition, the components in FIG. 1 may communicate via any suitable communication medium (including the internet), using any suitable communications protocol.



FIG. 2 depicts an example primary authorization computer 102 configured to store and manage access credentials and provide authorization for multiple-party transactions in accordance with at least some embodiments. The depicted primary authorization computer may be an example primary authorization computer 102 of FIG. 1.


As described above, the primary authorization computer 102 may be any type of computing device, including a remotely located server computer, configured to manage a set of tokens and process and authorize transactions directed to the set of tokens. In at least some embodiments, the computing device may include at least one memory 202 and a processing unit (or processor(s)) 204. The processor(s) 204 may be implemented as appropriate in hardware, computer-executable instructions, firmware or combinations thereof. Computer-executable instruction or firmware embodiments of the processor(s) 204 may include computer-executable or machine executable instructions written in any suitable programming language to perform the various functions described.


The memory 202 may store program instructions that are loadable and executable on the processor(s) 204, as well as data generated during the execution of these program instructions. Depending on the configuration and type of computing device, the memory 202 may be volatile (such as random access memory (RAM)) and/or non-volatile (such as read-only memory (ROM), flash memory, etc.). The computing device may also include additional storage 206, such as either removable storage or non-removable storage including, but not limited to, magnetic storage, optical disks, and/or tape storage. The disk drives and their associated computer-readable media may provide non-volatile storage of computer-readable instructions, data structures, program modules, and other data for the mobile device. In some embodiments, the memory 202 may include multiple different types of memory, such as static random access memory (SRAM), dynamic random access memory (DRAM) or ROM.


Turning to the contents of the memory 202 in more detail, the memory 202 may include an operating system 208 and one or more application programs or services for implementing the features disclosed herein including at least a token management module 210 for managing access credentials (e.g., sets of tokens and corresponding master tokens) and/or an authorization processing module 212 for responding to authorization requests in accordance with authorization requests received from secondary authorization computers. The memory 202 may also include a token vault 214, which provides data associated with one or more token relationships and configuration data 216, which provides information on transaction protocols for access credentials.


In some embodiments, the token management module 210 may, in conjunction with the processor 204, be configured to receive tokens from a communication device and store the received tokens as a token grouping in a token vault. The token management module 210 may also, in conjunction with the processor 204, be configured to generate a master token to be associated with the token grouping within the token vault and provide the master token to the communication device in response to receiving the tokens. In some embodiments, the master token may be mathematically derived from the initial tokens that are associated with it. In other embodiments, there is no mathematical relationship between the master token and the initial tokens that are associated with it.


In some embodiments, the authorization processing module 212 may, in conjunction with the processor 204, be configured to receive an authorization request from a resource provider that includes a master token, determine a token grouping associated with the master token, generate secondary authorization requests to secondary authorization computers associated with each of the tokens in the token grouping, and generate an authorization response in accordance with secondary responses received from each of the secondary authorization computers. In some embodiments, the authorization processing module 212 may also, in conjunction with the processor 204, be configured to determine a portion of a transaction to be assigned to each token within a token grouping.


The primary authorization computer 102 may also contain communications interface(s) 218 that enable the primary authorization computer 102 to communicate with a stored database, another computing device or server, one or more terminal devices, communication devices, and/or other electronic devices on a network. The primary authorization computer 102 may also include input/output (I/O) device(s) and/or ports 220, such as for enabling connection with a keyboard, a mouse, a pen, a voice input device, a touch input device, a display, speakers, a printer, etc.



FIG. 3 depicts an example data flow 300 that may be implemented in accordance with at least some embodiments. The data flow depicted in FIG. 3, may be implemented at least by the components of the example architecture depicted in FIG. 1.


In data flow 300, a communication device 302 operated by a first user may receive tokens 304 from a number of token sources. In some embodiments, the communication device 302 may receive tokens from other communication devices (not shown) operated by other users. For example, each of the other communication devices may transmit an initial token to the communication device 302. In some embodiments, this transmission may occur via a short range communication mechanism such as near-field communications (NFC), Bluetooth, Bluetooth low-energy (BLE), wireless local area network (WLAN) (e.g., WiFi), iBeacon, ZigBee, radio frequency (RF), infrared transmission (IR), or any other suitable means of communicating at close proximity. In some embodiments, the communication device 302 may include a barcode reader and tokens may be received by scanning a machine readable code displayed on the other communication devices.


The communication device 302 may send the received initial tokens 304 to a primary authorization computer 102. In some embodiments, the initial tokens 304 may be aggregated into a set of initial tokens and provided to the primary authorization computer 102. In some embodiments, the initial tokens may be provided to the primary authorization computer 102 as they are received by the communication device 302. The primary authorization computer 102 may also receive an indication that each of the received initial tokens 304 is to be stored in relation to the same master token. For example, a user may, upon executing an aggregation module stored in memory of the communication device 302, interact with a graphical user interface (GUI) to initiate creation of a token grouping. The communication device 302 may then initiate collection of the initial tokens 304 from the various token sources. Upon collecting all of the initial tokens 304 to be included in a token grouping, the user may indicate that all initial tokens 304 have been received. The received initial tokens may then be stored by the primary authorization computer 102 as a token grouping within a token vault. In addition, the primary authorization computer 102 may add an initial token associated with the user of the communication device 302 to the token grouping.


Once the creation of the token grouping has been initiated (or once a token grouping has been created), the primary authorization computer 102 may generate a master token 306. The master token 306 is stored in relation to the token grouping maintained by the primary authorization computer 102. Upon generation of the master token 306, it may be provided to the communication device 302 by the primary authorization computer 102. In some embodiments, the master token 306 may be provided to a specific application installed on the communication device 302. For example, the communication device 302 may include an e-wallet application that includes the aggregation module and is configured to cause the communication device 302 to transmit the master token 306 to an access device 308 in order to complete a transaction.


After receiving the master token 306, the communication device 302 may provide the master token 306 to an access device 308 to conduct a transaction. For example, a merchant may initiate a transaction for goods and or services with the user of the communication device 302. The user may present the master token 306 to the merchant via the access device 308 in order to complete the transaction. Upon receiving the master token 306, the access device 308 may communicate the master token 306 to a resource provider computer 310. The resource provider computer 310 may subsequently generate an authorization request message that include information related to the transaction as well as the master token 306. The authorization request message may then be provided to the primary authorization computer 102 (e.g., via a transaction processing network).


Upon receiving an authorization request message that includes the master token 306, the primary authorization computer 102 may identify the token grouping associated with the master token 306 by querying the token vault. Once the token grouping has been identified, secondary authorization computers 312 may be identified for each of the initial tokens in the token grouping. In some cases, the secondary authorization computer 312 may be the same for multiple tokens within the token grouping. The primary authorization computer 102 may subsequently generate secondary authorization request messages to each of the identified secondary authorization computers 312 for each token in the token grouping, the secondary authorization request messages each being for authorization of a portion of the transaction and each containing at least an initial token that is associated with the master token. In some embodiments, the portion of the transaction allocated to each token may be determined based on configuration settings stored in relation to the token grouping. This will be described in greater detail elsewhere in the specification. The generated secondary authorization request messages may be provided to each of the relevant secondary authorization computers via one or more transaction processing networks.


The primary authorization computer 102 may receive, from each of the secondary authorization computers 312, an secondary authorization response message indicating whether the corresponding portion of the transaction is approved. Prior to doing so, each secondary authorization computer 312 may determine the real credentials (e.g., primary account numbers) are associated with the initial token in the authorization request message that is received. The secondary authorization computer 312 may do this by searching its own initial token vault or reaching out to an external token vault. Using the real credentials, the secondary authorization computer 312 may determine if the transaction is authorized by authenticating information in the authorization request message and/or the user, and determining if there are sufficient funds in the account associated with the real credential. In other embodiments, if the secondary authorization computer 312 is a payment processor, then the secondary authorization computer 312 may then generate another authorization request message with the real credential and may then forward that authorization request message to an issuer of the real credential for approval.


Upon receiving secondary authorization response messages for all of the generated secondary authorization request messages, the primary authorization computer 102 may generate an authorization response message to the received authorization request message to be provided to the resource provider computer 310. If each of the received secondary authorization request messages indicate that their portion of the transaction is approved, then the primary authorization computer may generate a subsequent authorization response message indicating that the transaction is approved. If, on the other hand, one or more of the received secondary authorization response messages may indicate that a portion of the transaction is declined, then the authorization response message generated by the primary authorization computer 102 may indicate that the transaction is declined. In some embodiments, the primary authorization computer 102 may provide a notification to the communication device 302 indicating any declined portion of the transaction.


In other embodiments, if the secondary authorization computer 312 is a payment processor, then the secondary authorization computer 312 may receive an authorization response message with the real credential from the issuer of the real credential, and may then forward that authorization response message with the real credential to the primary authorization computer 102.



FIG. 4 depicts a process for aggregating initial tokens into a token grouping and generating a master token associated with the token grouping in accordance with at least some embodiments. In FIG. 4, a communication device 108 may be in communication with one or more token sources 402, which may provide initial tokens to the communication device 108. In some embodiments, the initial token sources may be separate communication devices. Each of the initial token sources 402 may be associated with a token service 404. For example, in the case that each of the initial token sources 402 is a mobile device, each mobile device may have installed a token service application (e.g., an ewallet application). The token service applications installed on each mobile device may be different, or they may be a separate instance of the same token service application. Token service 404 may be any system capable of being used to generate, process, and maintain tokens and related account information such as dynamic keys.


By way of illustrative example, in a first scenario, a first mobile device may have installed a Visa Mobile Payments application configured to provide a Visa token in order to complete a transaction. A second mobile device may include an Android Pay application configured to provide an Android Pay token in order to complete a transaction. In this scenario, the first mobile device may provide a Visa token to the communication device 108 and the second mobile device may provide an Android Pay token to the communication device 108. In a second scenario, both a first and second mobile device may have an instance of a Visa Mobile Payments application installed. In this scenario, each of the mobile devices may provide different Visa tokens to the communication device 108.


Initial tokens may be conveyed to the communication device 108 in a variety of ways. For example, in some cases, the initial token may be transmitted to the communication device via a short-range wireless communication protocol. In another example, the initial token may be displayed on a display screen of a communication device as a machine-readable code, from which it may be scanned by a barcode scanner included in the communication device 108. In another example, an initial token may be manually entered (e.g., keyed) into the communication device 108. In this example, a token source 402 may display an initial token and a user may be required to enter the initial token into a field of a GUI executed on the communication device 108. In some embodiments, an initial token may be conveyed to the communication device via a text message or email communication.


Receipt of the initial tokens by a communication device 108 may be initiated by a user via execution of a mobile application installed on the communication device 108. For example, the user may execute a mobile application (e.g., an e-wallet application) installed on the communication device 108. Upon execution of the mobile application, the user may be prompted to at least select an existing master token to be used in a transaction or to create a new token grouping to be associated with a new master token to be used in future transactions. Upon selecting the option to create a new grouping, the mobile application may cause various input sensors installed on the communication device 108 to monitor for incoming token information. In some embodiments, the user may specify the way in which a token is to be received by the communication device 108. For example, the user may initiate a barcode reader in communication with the mobile application. Each token received by the communication device 108 may subsequently be provided to the authorization computer 102.


In some embodiments, an initial token associated with the user of the mobile device (e.g., depicted as token 3) may be added to the token grouping. For example, in some embodiments, a default token may be added to each token grouping affiliated with a particular user or communication device 108 that represents an account to be used by that user. In some embodiments, a user may select an account to be associated with the token grouping and an initial token associated with that account may be added to the token grouping.


Upon receiving the initial tokens, a user may be provided with the ability to provide configuration settings to be associated with a token grouping. For example, the user may be given, via the GUI, an ability to indicate a portion of future transactions 406 that should be associated with each received initial token. In some embodiments, the user may select a percentage or fraction to be associated with each initial token within the initial token grouping. In some embodiments, a user may select a maximum, minimum, or exact amount to be assigned to a particular token. In some embodiments, one token may be associated with a remainder for each transaction (e.g., any portion of a transaction left unassigned). In some embodiments, the user may be required to assign portions to each initial token in the token grouping such that the assigned portions total the entire transaction. In some embodiments, the configuration settings may include a default that dictates portions of a transaction are to be assigned so that they are evenly proportioned to each token in the token grouping unless otherwise indicated.


The primary authorization computer 102 may store the initial tokens received from the communication device 108 in a token vault 214 as a token grouping. A master token may be generated and may be associated with the token grouping. Specifically, token vault 214 may maintain a mapping between a master token and the set of initial tokens represented by the master token. During transaction processing, token vault 214 may be queried to retrieve the set of tokens associated with the master token. Upon its creation, the master token 408 may be provided to the communication device 108.


In some embodiments, a user may be provided the ability to add initial tokens to, remove tokens from, or otherwise update, the token grouping. For example, the user may be provided with the ability to select an initial token to be removed from the token grouping via the communication device 108 or another client device. In this example, a new master token may or may not be generated. In addition, the user may be provided with the ability to edit the configuration settings stored in relation to the token grouping. For example, the user may edit a percentage portion of a future transaction that will be assigned to each token in the token grouping.


In some embodiments, the master token and/or the token grouping may be associated with a user account maintained by the primary authorization computer 102. A user may access information from the user account by logging into a secure network site hosted by the primary authorization computer 102 or another server associated with the primary authorization computer 102. For example, the user may log into his or her account via a website operated on behalf of the primary authorization computer 102. In another example, the user may log into his or her account via a mobile application installed on, and executed by, the communication device. In this example, the mobile application may be instantiated and/or operated on behalf of the primary authorization computer 102. The user may be provided with the ability to edit token groupings, edit configuration settings associated with token groupings, create a new token grouping, request a new master token, set up automatic payments using a master token, or make any other suitable changes to the user account.



FIG. 5 depicts a process for handling an authorization request message that includes a master token in accordance with at least some embodiments. The primary authorization computer 102 depicted in FIG. 5 may be an example primary authorization computer 102 of FIG. 1.


The primary authorization computer 102 may receive an authorization request 502 associated with a transaction to be completed. As described elsewhere in this specification, the authorization request message 502 may be received from a resource provider computer. Upon receiving the authorization request message, the primary authorization computer 102 may identify a master token 504 within the request. For example, the authorization request may comprise particular data fields and may be in a particular format. In this example, the authorization request message 502 may identify the master token 504 with a specified data field.


Once the primary authorization computer 102 has identified the master token associated with the authorization request message, it may query a token vault for a token grouping associated with the master token 504. In some embodiments, the primary authorization computer 102 may also query configuration data 216 to identify a set of configuration settings associated with the master token 504. Once the primary authorization computer has identified the relevant token grouping and configuration settings, it may determine an appropriate portion of the transaction to be associated with each token and may subsequently generate secondary authorization request messages for each of the initial tokens in the identified token grouping.


The primary authorization computer 102 may determine an appropriate portion of the transaction to be associated with each initial token according to the identified configuration settings. For example, a set of configuration settings may indicate a percentage, fraction, or dollar amount to be associated with each token within the token grouping. In some embodiments, the primary authorization computer 102 may assign an equal portion of the transaction to each of the tokens in the token grouping. In some embodiments, the primary authorization computer 102, upon receiving the authorization request message 502, may communicate information related to the transaction to a user associated with the master token and may subsequently receive, from the user, an assignment of portions of the transaction for each initial token in the token grouping.


In some embodiments, the portions of the transaction assigned to each initial token in the token grouping may sum to an amount that is greater than the transaction itself. For example, the primary authorization computer 102 may charge an additional fee for the use of the token aggregation service, which may be distributed amongst the initial tokens in the token grouping. In another example, the primary authorization computer 102 may identify any relevant service fees that will be charged by each of the secondary authorization computers that maintain the tokens. These fees may be aggregated by the primary authorization computer 102 and it may be determined whether the fees are greater than a maximum fee threshold (e.g., the most that the originator of the authorization request 502 should be charged for using the service). If the aggregated fees are greater than the maximum fee threshold, then any overage may also be distributed amongst the tokens in the token grouping.


For each of the initial tokens 1-N in the token grouping, the primary authorization computer 102 may generate an authorization request message to be sent to a secondary authorization computer associated with that initial token. In some embodiments, the primary authorization computer 102 may generate each secondary authorization request for the portion of the transaction determined to be assigned to the initial token associated with the secondary authorization request. In some embodiments, a secondary authorization request may be generated by the primary authorization computer 102 for an amount greater than its determined portion of the transaction. For example, the primary authorization computer 102 may seek to gain pre-approval using an initial token for an amount greater than the portion of the transaction assigned to that initial token.


In some embodiments, the primary authorization computer 102 may include information indicating the originator of the authorization request message in each secondary authorization request message. For example, if an authorization request message is received by the primary authorization computer 102 from Restaurant A, then the secondary authorization requests generated by the primary authorization computer may each indicate that the originator is Restaurant A. This enables the users to better track purchases and allows users to participate in programs that reward users for shopping at specific merchants or types of merchants. In some embodiments, the originator of the authorization request may be removed from the secondary authorization requests. This would enable a user to increase the privacy of his or her purchase history by preventing visibility of embarrassing purchases. In some embodiments, these settings may be included in the configuration settings editable by the user.


After transmitting secondary authorization requests to each relevant secondary authorization computer, the primary authorization computer 102 may monitor responses 506. Upon receiving a response 506 for each of the generated secondary authorization requests, the primary authorization computer 102 may determine a status for the transaction and may generate an authorization response 508. For example, if each of the responses is an approval, then the primary authorization computer 102 may generate an authorization response message 508 that indicates that the transaction is approved. If one or more of the responses 506 indicates that a portion of the transaction is declined, then the primary authorization computer 102 may generate an authorization response message 508 that indicates the transaction is declined.



FIG. 6 depicts a process flow 600 for conducting and settling a multi-party transaction with a resource provider using a master token in accordance with at least some embodiments. In process flow 600, a communication device 108 may be in communication with a primary authorization computer 102. For example, the communication device 108 may have an e-wallet application installed, that when executed, establishes a communication session with an e-wallet service provider executed on the primary authorization computer 102. The communication device may be configured to communicate with an access device in communication with a resource provider computer 112. The resource provider computer 112 may be in communication with the primary authorization computer 102 via a transaction processing network 106. The primary authorization computer 102 may be in communication with a number of secondary authorization computers 104 via the transaction processing network 106.


The process flow 600 may begin at S602, when the communication device 108 provides a set of initial tokens to the primary authorization computer 102. In some embodiments, the communication device 108 may communicate the set of initial tokens over a communication session encrypted using an encryption protocol specific to the e-wallet application. Upon receiving the set of initial tokens, the primary authorization computer 102 may store the set of initial tokens in a token vault maintained by the primary authorization computer 102. The primary authorization computer 102 may generate a master token to be mapped to the set of initial tokens within the token vault. In some cases, the initial tokens that were received by the communication device 108 from external token sources may be automatically deleted after a predetermined period of time.


At S604, the primary authorization computer 102 may transmit the master token to the communication device 108. In some embodiments, the master token may be provided to the communication device via the same communication session established above. In some embodiments, the primary authorization computer 102 may establish a new communication session over which the master token is to be provided to the communication device 108. In some embodiments, the master token may be encrypted using a different encryption key than that which the set of tokens were encrypted.


At S606, the communication device 108 may provide the master token to a resource provider computer 112 (e.g., via an access device) to complete a transaction. For example, the communication device 108 may present the master token to an access device (e.g., via a contactless reader) to complete a transaction. The access device may transmit the master token, as well as transaction information, to the resource provider computer 112 to initiate the transaction.


At S608, the resource provider computer 112 may generate an authorization request message associated with the transaction. The generated authorization request message may include the master token as well as information related to the transaction to be completed. The generated authorization request may be provided to a transaction processing network 106 to be routed to an appropriate primary authorization computer 102.


At S610, the transaction processing network 106 may, upon receiving the authorization request, determine the primary authorization computer 102 is the authorizing entity for the received transaction request. In some embodiments, the transaction processing network 106 may make this determination based on a format of the master token included within the authorization request message. Upon determining that the primary authorization computer 102 is the authorizing entity for the authorization request message, the transaction processing network 106 may route the authorization request message to the primary authorization computer 102.


At S612, the primary authorization computer may identify the master token within the received authorization request message and may query the token vault for the set of tokens associated with the master token. The primary authorization computer 102 may then determine an appropriate portion of the transaction to be associated with each token in the set of tokens and may subsequently generate secondary authorization request messages for each initial token in the set of initial tokens. Each of the generated secondary authorization request messages may include its associated initial token as well as some or all of the information related to the transaction. In some embodiments, each secondary authorization request may include an identifier (e.g., a transaction identifier or the master token) that is used to map the secondary authorization request to the transaction. In some embodiments, each of the generated secondary authorization requests may include different identifiers. In some embodiments, an identifier included in a secondary authorization request may be formatted to include a transaction identifier followed by a token identifier. For example, if the transaction identifier is 12345678 and the token identifier is C, then the secondary identifier may be 12345678C, indicating that it is related to token C from transaction 12345678. This identifier may be used to map each of the secondary request messages generated to its corresponding transaction and/or token.


At S614, the primary authorization computer 102 may provide the generated secondary authorization request messages to the transaction processing network 106 to be routed to their appropriate secondary authorization computers 104. Upon receiving the requests, the transaction processing network 106 may determine an appropriate secondary authorization computer 104 for each of the secondary authorization requests. In some embodiments, the transaction processing network 106 may make this determination based on a format of the token included in each of the secondary authorization request messages.


At S616, the transaction processing network may route each of the secondary authorization request messages to its corresponding secondary authorization computer 104. In some embodiments, multiple secondary authorization request messages may be routed to the same secondary authorization computer 104 for separate authorization. In some embodiments, some or all of the secondary authorization requests may be routed to different secondary authorization computers 104 for authorization.


At S618, each of the secondary authorization computers 104 may resolve the initial tokens into their associated real credentials and may determine whether or not to approve the portion of the transaction associated with the secondary authorization request. For example, the secondary authorization computer 104 may decline the secondary authorization request if there is a high likelihood of fraud. In another example, the secondary authorization computer 104 may decline the transaction if a payment account associated with the token included in the secondary authorization request has insufficient funds. The secondary authorization computers 104 may generate authorization response messages based on whether the portion of the transaction is to be approved or declined. Each of the generated authorization responses may represent pre-approval for a portion of the transaction. In some embodiments, an identifier that was present in the secondary request message may be included in the secondary response message so that the secondary response message may be tied to its corresponding transaction by the primary authorization computer 102.


At S620, each of the secondary authorization computers 104 may provide the generated authorization response message to the transaction processing network 106 to be routed to the primary authorization computer 102. Upon receipt, the transaction processing network 106 may route each of the received authorization responses to the primary authorization computer 102 at S622.


At S624, the primary authorization computer 102 may monitor for, and assess, each authorization response received in order to determine if the transaction is to be approved. The primary authorization computer 102 may map each secondary response message to its corresponding transaction via the identifier included in the secondary response message. In some embodiments, the primary authorization computer 102 may decline the transaction if one or more portions of the transaction are declined. In some embodiments, the primary authorization computer may determine that the transaction should be approved as long as it is an amount that is greater than a total amount associated with the transaction. For example, the portions of the transaction associated with each token may sum to an amount greater than an amount associated with the transaction itself. In this example, the primary authorization computer may approve the transaction as long as an amount associated with the approved authorization responses are sufficient to cover the amount of the transaction.


At S626, the authorization response message may be transmitted to the transaction processing network 106. Upon receiving the authorization response message, the transaction processing network 106 may route the authorization response message to the resource provider computer 112 at S628.


At S630, a settlement and clearing process may be initiated by the resource provider computer 112. In the settlement and clearing process, the resource provider computer 112 (or an acquirer associated with the resource provider that operates the resource provider computer 112) may provide a request for funds to be transferred to an account associated with and/or maintained by, the resource provider. The request for funds may be provided to the primary authorization computer 102. In some embodiments, the request may be provided directly to the primary authorization computer 102. In some embodiments, the request may be provided to the transaction processing network 106 and forwarded to the primary authorization computer 102 at S632.


At S634, upon receiving the request for funds, the primary authorization computer 102 may generate separate requests for funds to be provided to each of the secondary authorization computers. The separate requests for funds may each be for the portion of the transaction associated with each of the tokens. The requests for funds may be sent to each of the secondary authorization computers associated with those tokens. In some embodiments, the separate requests for funds may include instructions to transfer funds to an account associated with and/or operated by the primary authorization computer. In some embodiments, the requests for funds may include instructions to transfer funds directly to the account associated with the resource provider computer 112.


At S636, in some embodiments, each of the secondary authorization computers 104 may transfer funds to the account associated with the primary authorization computer 102. Upon detecting that all of the requested funds had been transferred to the account associated with the primary authorization computer 102, the primary authorization computer may initiate a fund transfer to the account associated with the resource provider computer 112 at S638. In some embodiments, each of the secondary authorization computers 104 may transfer funds to the account associated with the resource provider computer 112 at S638. In other embodiments, the secondary authorization computers 104 may settle directly with the resource provider computer 112 or its acquirer, without using the primary authorization computer 102.


By way of illustrative example, consider a scenario in which multiple parties attend a gathering at a restaurant. In this example, the multiple parties may wish to split a bill for the food that was ordered at the restaurant. In this scenario, one of the parties may collect payment tokens from each of the other multiple parties using an application installed on his or her mobile phone. In this scenario, the tokens may represent payment information for a number of different payment account types. The application may transmit each of the received tokens to a mobile application server (in this example, the primary authorization computer). Upon receiving the tokens, the mobile application server may generate a master token and push it to the application on the mobile device.


In this example, the owner of the mobile device may use the master token to pay the bill. The restaurant, upon receiving the master token to complete a transaction for the purchased food, would treat the master token as it would any other payment information (e.g., by generating an authorization request to an authorization entity of the master token), by providing it to an acquirer. In this illustrative example, the acquirer would seek authorization from the mobile application server (which is acting as the authorization entity) and the mobile application server would then seek authorization from authorization entities associated with each of the tokens in the set of tokens (i.e., the secondary authorization computers). In this example, once authorization is received from each of the authorization entities associated with the set of tokens, the mobile application server may generate an authorization response for the transaction to be provided to the acquirer. In this illustrative example, the user with the mobile application on his or her mobile device may collect the tokens from the other parties immediately prior to paying the bill, or far in advance. For example, the user may receive the master token before going to the restaurant. In some embodiments, the master token may be used in multiple transactions. For example, the user may utilize the same master token each time that the multiple parties meet up. If one or more of those parties are absent, the user may simply elect to assign no portion of the transaction to the absent parties.


In another illustrative example, multiple users may each share a living space and may each be responsible for a portion of rent. In this example, one of the users may collect tokens from each of his or her roomates. The user may provide these tokens to a primary authorization computer via a web browser. Upon receiving these tokens, the primary authorization computer may generate a master token and provide it to the user. The master token may subsequently be used to complete a number of transactions. For example, the master token may be used to pay for rent, utilities, and/or groceries. In some embodiments, the master token may be used to set up an auto-pay notification. In this illustrative example, each of the transaction would automatically be split up between each of the parties responsible for the transaction.


In yet another illustrative example, a single user may wish to distribute transactions between a number of credit cards or other payment accounts. For example, the user may wish to conduct a transaction for an amount that exceeds his or her current transaction limits. In this example, the user may provide tokens associated with multiple payment accounts to a primary authorization computer and may also indicate how a transaction is to be divided amongst those accounts. A master token may then be generated and associated with those payment accounts. In this example, the user may conduct a single transaction and that transaction may be divided amongst different payment accounts.


In some embodiments, the token information may represent something other than payment information. For example, multiple parties may wish to board a train or attend a concert. In this example, the multiple parties may each have a token that represents a ticket. The multiple parties may each present their separate tickets to a single user's mobile device. Information associated with the tickets may then be aggregated at a remote server, which may in turn provide a master token. In this scenario, the master token may be presented by the user in order to gain entry for each of the multiple parties to the ticketed venue.



FIG. 7 depicts a flow diagram illustrating a process 700 for generating a master token and conducting a transaction using that master token in accordance with at least some embodiments. In some embodiments, the process 700 may be conducted by a primary authorization computer 102 depicted in FIG. 1.


The process 700 may begin at 702, when a set of initial tokens is provided to a primary authorization computer. In some embodiments, the set of initial tokens may be provided to the authorization computer by a communication device.


At 704, a master token may be generated and associated with the set of tokens. The master token may be stored in the token vault in association with the set of received tokens. For example, the master token may be stored in a database table with an indication that it is related to the set of initial tokens. The master token may be provided to a communication device at 706.


At 708, the primary authorization computer may receive an authorization request message that includes the master token. Upon receiving this authorization request message, the primary authorization computer may identify the set of initial tokens associated with the master token at 710. For example, the primary authorization computer may query a token vault for the master token.


Upon identifying the set of tokens associated with the master token, the primary authorization computer may determine a portion of the transaction to be associated with each of the tokens at 712. For each initial token in the set of initial tokens, the primary authorization computer may generate a secondary authorization request to be sent to an authorization computer associated with the initial token for the portion of the transaction associated with the initial token at 714. Each of the generated secondary authorization requests including the respective initial tokens may be transmitted to their corresponding secondary authorization computers via a transaction processing network.


The primary authorization computer may receive responses from each of the secondary authorization computers to which the secondary authorization requests have been sent. Based on these received responses, the primary authorization computer may generate an authorization response message at 716. The generated authorization response message may include an indication as to whether the transaction is to be approved or declined. Once generated, the authorization response message may be provided in response to the received authorization request at 718.


Embodiments of the invention provide for a number of technical advantages. For example, embodiments of the invention enable a group of users to split a transaction amongst the group, and allows a user to specify exact proportions to be allocated to each token. In most other transaction-splitting systems, a single user often settles the transaction with the merchant, and other users reimburse that single user for their portion. However, in these systems, the single user may end up being responsible for a larger portion of the transaction if one or more of the reimbursements are declined. In the described transaction-splitting system, preapproval is obtained for each of the additional parties prior to authorizing the transaction. This significantly reduces the risk that any single user will be responsible for a larger portion of the transaction.


Additionally, some transaction-splitting systems provide a set of tokens to a merchant for payment and require the merchant to allocate portions of the transaction to each of the provided tokens. In the described transaction-splitting system, the master token is presented to the merchant as any other token would be (e.g., via any other type of e-wallet application), which appears to the merchant as a single token. The merchant is able to treat the master token as it would any other token, and need not adopt any special software or hardware. Accordingly, the described transaction-splitting system may be used at any merchant that already accepts payment tokens. Furthermore, the described transaction-splitting system may be made token agnostic. For example, the described transaction-splitting system may accept a wide range of tokens, which enables consumers to utilize payment accounts at a merchant that may or may not be typically accepted by that merchant, because the merchant need only accept the master token.


It should be understood that any of the embodiments of the present invention can be implemented in the form of control logic using hardware (e.g. an application specific integrated circuit or field programmable gate array) and/or using computer software with a generally programmable processor in a modular or integrated manner. As used herein, a processor includes a single-core processor, multi-core processor on a same integrated chip, or multiple processing units on a single circuit board or networked. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will know and appreciate other ways and/or methods to implement embodiments of the present invention using hardware and a combination of hardware and software.


Any of the software components or functions described in this application may be implemented as software code to be executed by a processor using any suitable computer language such as, for example, Java, C, C++, C#, Objective-C, Swift, or scripting language such as Perl or Python using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions or commands on a computer readable medium for storage and/or transmission, suitable media include random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a compact disk (CD) or DVD (digital versatile disk), flash memory, and the like. The computer readable medium may be any combination of such storage or transmission devices.


Such programs may also be encoded and transmitted using carrier signals adapted for transmission via wired, optical, and/or wireless networks conforming to a variety of protocols, including the Internet. As such, a computer readable medium according to an embodiment of the present invention may be created using a data signal encoded with such programs. Computer readable media encoded with the program code may be packaged with a compatible device or provided separately from other devices (e.g., via Internet download). Any such computer readable medium may reside on or within a single computer product (e.g. a hard drive, a CD, or an entire computer system), and may be present on or within different computer products within a system or network. A computer system may include a monitor, printer, or other suitable display for providing any of the results mentioned herein to a user.


The above description is illustrative and is not restrictive. Many variations of the invention will become apparent to those skilled in the art upon review of the disclosure. The scope of the invention should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the pending claims along with their full scope or equivalents. For example, although the described embodiments mention the use of tokens for purchase transactions, tokens can also be used to access data or other services. For example, multiple people may have tickets or other access credentials used to gain access to a location or service (e.g., a train ride or concert). In this example, the tickets for the multiple people may be aggregated under a single master token.


One or more features from any embodiment may be combined with one or more features of any other embodiment without departing from the scope of the invention.


A recitation of “a”, “an” or “the” is intended to mean “one or more” unless specifically indicated to the contrary.


All patents, patent applications, publications, and descriptions mentioned above are herein incorporated by reference in their entirety for all purposes. None is admitted to be prior art.

Claims
  • 1. A method comprising: receiving, by a primary authorization computer, a set of initial tokens from a first communication device associated with a first user, wherein the first communication device is configured to collect the set of initial tokens from at least one second communication device different from the first communication device via a short range communication channel established between the first communication device and the at least one second communication device, wherein each initial token of the set of initial tokens is associated with a different account maintained by one or more authorization computers, wherein at least one initial token of the set of initial tokens received by the first communication device from the at least one second communication device is not associated with the primary authorization computer;generating, by the primary authorization computer, a master token to be associated with the set of initial tokens;providing, by the primary authorization computer, the master token to the first communication device;receiving, by the primary authorization computer, a request to authorize a transaction from a resource provider, the request including the master token;determining, by the primary authorization computer, for each initial token in the set of initial tokens, a portion of the requested transaction to be assigned to the respective initial token;generating, by the primary authorization computer, for each initial token in the set of initial tokens, a secondary authorization request for pre-approval of an amount which is greater than the respective portion of the requested transaction;transmitting, by the primary authorization computer, the generated secondary authorization requests to secondary authorization computers of the one or more authorization computers associated with each initial token in the set of initial tokens;receiving, by the primary authorization computer, an authorization response from each of the secondary authorization computers;upon determining that pre-approval has been received for each of the initial tokens of the set of initial tokens, generating a subsequent authorization response and transmitting the subsequent authorization response to the resource provider.
  • 2. The method of claim 1, wherein the portion of the requested transaction is determined based at least in part on configuration settings associated with the master token.
  • 3. The method of claim 2, wherein the configuration settings associated with the master token are maintained by the primary authorization computer in association with an account associated with the first communication device.
  • 4. The method of claim 3, wherein the configuration settings are updateable by a user associated with the account.
  • 5. The method of claim 1, wherein each token of the set of initial tokens represents a different payment account.
  • 6. A server device comprising: one or more processors; anda memory including instructions that, when executed by the one or more processors, cause the server device to: maintain account information associated with a user;receive, from a first mobile application installed on a first mobile device associated with a first user, one or more initial tokens, wherein the first mobile device is configured to collect the one or more initial tokens from at least one second communication device different from the first mobile device via a short range communication channel established between the first mobile device and the at least one second communication device, wherein each of the one or more initial tokens associated with a different account, at least one initial token of the one or more initial tokens received by the first mobile application from at least one second mobile application installed on a second mobile device;identify an initial token associated with the user;add the identified initial token to the one or more initial tokens;generate a master token to be associated with the one or more initial tokens;provide the generated master token to the first mobile application installed on the first mobile device;upon receiving a request to complete a transaction that includes the master token, determine, for each initial token in the one or more initial tokens, a portion of the requested transaction to be assigned to the respective initial token;generate for each initial token in the one or more initial tokens, a secondary authorization request for pre-approval of an amount which is greater than the respective portion of the requested transaction; andtransmit each secondary authorization request for pre-approval to one of the one or more authorization computers associated with each initial token in the one or more initial tokens.
  • 7. The server device of claim 6, wherein the instructions further cause the server device to: upon receiving an authorization request message that includes the master token, generate secondary authorization request messages to be provided to authorization computers associated with each of the one or more initial tokens for a portion of the authorization request message.
  • 8. The server device of claim 7, wherein the instructions further cause the server device to: upon receiving secondary authorization response from each of the authorization computers associated with each of the one or more initial tokens, generate an authorization response message to the received authorization request message.
  • 9. The server device of claim 8, wherein upon determining that at least one of the received secondary authorization response messages includes a declination of the portion of the transaction, the authorization response message to the received authorization request message is generated to include instructions to decline the transaction.
  • 10. The server device of claim 8, wherein upon determining that each of the received secondary authorization response messages includes an approval of the portion of the transaction, the authorization response message to the received authorization request message is generated to include instructions to approve the transaction.
  • 11. The server device of claim 6, wherein the identified initial token is identified based on input provided by the user.
  • 12. The server device of claim 6, wherein each of the one or more initial tokens is associated with a ticket to a ticketed venue and the master token may be used to gain access to the ticketed venue for secondary users associated with each of the one or more initial tokens.
  • 13. The method of claim 1, wherein information identifying the resource provider is removed from each secondary authorization request.
US Referenced Citations (611)
Number Name Date Kind
5280527 Gullman Jan 1994 A
5613012 Hoffman Mar 1997 A
5781438 Lee Jul 1998 A
5883810 Franklin Mar 1999 A
5914472 Foladare Jun 1999 A
5930767 Reber Jul 1999 A
5953710 Fleming Sep 1999 A
5956699 Wong Sep 1999 A
6000832 Franklin Dec 1999 A
6014635 Harris Jan 2000 A
6044360 Picciallo Mar 2000 A
6163771 Walker Dec 2000 A
6227447 Campisano May 2001 B1
6236981 Hill May 2001 B1
6267292 Walker Jul 2001 B1
6327578 Linehan Dec 2001 B1
6341724 Campisano Jan 2002 B2
6385596 Wiser May 2002 B1
6422462 Cohen Jul 2002 B1
6425523 Shem Ur Jul 2002 B1
6453301 Niwa Sep 2002 B1
6592044 Wong Jul 2003 B1
6636833 Flitcroft Oct 2003 B1
6748367 Lee Jun 2004 B1
6805287 Bishop Oct 2004 B2
6879965 Fung Apr 2005 B2
6891953 DeMello May 2005 B1
6901387 Wells May 2005 B2
6931382 Laage Aug 2005 B2
6938019 Uzo Aug 2005 B1
6941285 Sarcanin Sep 2005 B2
6980670 Hoffman Dec 2005 B1
6990470 Hogan Jan 2006 B2
6991157 Bishop Jan 2006 B2
7051929 Li May 2006 B2
7069249 Stolfo Jun 2006 B2
7103576 Mann, III Sep 2006 B2
7113930 Eccles Sep 2006 B2
7136835 Flitcroft Nov 2006 B1
7177835 Walker Feb 2007 B1
7177848 Hogan Feb 2007 B2
7194437 Britto Mar 2007 B1
7209561 Shankar et al. Apr 2007 B1
7264154 Harris Sep 2007 B2
7287692 Patel Oct 2007 B1
7292999 Hobson Nov 2007 B2
7343335 Olliphant Mar 2008 B1
7350230 Forrest Mar 2008 B2
7353382 Labrou Apr 2008 B2
7363264 Doughty Apr 2008 B1
7379919 Hogan May 2008 B2
RE40444 Linehan Jul 2008 E
7415443 Hobson Aug 2008 B2
7444676 Asghari-Kamrani Oct 2008 B1
7469151 Khan Dec 2008 B2
7548889 Bhambri Jun 2009 B2
7567934 Flitcroft Jul 2009 B2
7567936 Peckover Jul 2009 B1
7571139 Giordano Aug 2009 B1
7571142 Flitcroft Aug 2009 B1
7580898 Brown Aug 2009 B2
7584153 Brown Sep 2009 B2
7593896 Flitcroft Sep 2009 B1
7606560 Labrou Oct 2009 B2
7627531 Breck Dec 2009 B2
7627895 Gifford Dec 2009 B2
7650314 Saunders Jan 2010 B1
7685037 Reiners Mar 2010 B2
7702578 Fung Apr 2010 B2
7707120 Dominguez Apr 2010 B2
7712655 Wong May 2010 B2
7734527 Uzo Jun 2010 B2
7753265 Harris Jul 2010 B2
7770789 Oder, II Aug 2010 B2
7784685 Hopkins, III Aug 2010 B1
7793851 Mullen Sep 2010 B2
7801826 Labrou Sep 2010 B2
7805376 Smith Sep 2010 B2
7805378 Berardi Sep 2010 B2
7818264 Hammad Oct 2010 B2
7828220 Mullen Nov 2010 B2
7835960 Breck Nov 2010 B2
7841523 Oder, II Nov 2010 B2
7841539 Hewton Nov 2010 B2
7844550 Walker Nov 2010 B2
7848980 Carlson Dec 2010 B2
7849020 Johnson Dec 2010 B2
7853529 Walker Dec 2010 B1
7853995 Chow Dec 2010 B2
7865414 Fung Jan 2011 B2
7873579 Hobson Jan 2011 B2
7873580 Hobson Jan 2011 B2
7890393 Talbert Feb 2011 B2
7891563 Oder, II Feb 2011 B2
7896238 Fein Mar 2011 B2
7908216 Davis et al. Mar 2011 B1
7922082 Muscato Apr 2011 B2
7931195 Mullen Apr 2011 B2
7937324 Patterson May 2011 B2
7938318 Fein May 2011 B2
7954705 Mullen Jun 2011 B2
7959076 Hopkins, III Jun 2011 B1
7996288 Stolfo Aug 2011 B1
8025223 Saunders Sep 2011 B2
8046256 Chien Oct 2011 B2
8060448 Jones Nov 2011 B2
8060449 Zhu Nov 2011 B1
8074877 Mullen Dec 2011 B2
8074879 Harris Dec 2011 B2
8082210 Hansen Dec 2011 B2
8095113 Kean Jan 2012 B2
8104679 Brown Jan 2012 B2
RE43157 Bishop Feb 2012 E
8109436 Hopkins, III Feb 2012 B1
8121942 Carlson Feb 2012 B2
8121956 Carlson Feb 2012 B2
8126449 Beenau Feb 2012 B2
8132723 Hogg et al. Mar 2012 B2
8171525 Pelly May 2012 B1
8175973 Davis et al. May 2012 B2
8190523 Patterson May 2012 B2
8196813 Vadhri Jun 2012 B2
8205791 Randazza Jun 2012 B2
8219489 Patterson Jul 2012 B2
8224702 Mengerink Jul 2012 B2
8225385 Chow Jul 2012 B2
8229852 Carlson Jul 2012 B2
8265993 Chien Sep 2012 B2
8280777 Mengerink Oct 2012 B2
8281991 Wentker et al. Oct 2012 B2
8328095 Oder, II Dec 2012 B2
8336088 Raj et al. Dec 2012 B2
8346666 Lindelsee et al. Jan 2013 B2
8376225 Hopkins, III Feb 2013 B1
8380177 Laracey Feb 2013 B2
8387873 Saunders Mar 2013 B2
8401539 Beenau Mar 2013 B2
8401898 Chien Mar 2013 B2
8402555 Grecia Mar 2013 B2
8403211 Brooks Mar 2013 B2
8412623 Moon Apr 2013 B2
8412837 Emigh Apr 2013 B1
8417642 Oren Apr 2013 B2
8447699 Batada May 2013 B2
8453223 Svigals May 2013 B2
8453925 Fisher Jun 2013 B2
8458487 Palgon Jun 2013 B1
8484134 Hobson Jul 2013 B2
8485437 Mullen Jul 2013 B2
8494959 Hathaway Jul 2013 B2
8498908 Mengerink Jul 2013 B2
8504475 Brand et al. Aug 2013 B2
8504478 Saunders Aug 2013 B2
8510816 Quach Aug 2013 B2
8433116 Davis et al. Sep 2013 B2
8528067 Hurry et al. Sep 2013 B2
8533860 Grecia Sep 2013 B1
8538845 Liberty Sep 2013 B2
8555079 Shablygin Oct 2013 B2
8566168 Bierbaum Oct 2013 B1
8567670 Stanfield Oct 2013 B2
8571939 Lindsey Oct 2013 B2
8577336 Mechaley, Jr. Nov 2013 B2
8577803 Chatterjee Nov 2013 B2
8577813 Weiss Nov 2013 B2
8578176 Mattsson Nov 2013 B2
8583494 Fisher Nov 2013 B2
8584251 Mcguire Nov 2013 B2
8589237 Fisher Nov 2013 B2
8589271 Evans Nov 2013 B2
8589291 Carlson Nov 2013 B2
8595098 Starai Nov 2013 B2
8595812 Bomar Nov 2013 B2
8595850 Spies Nov 2013 B2
8606638 Dragt Dec 2013 B2
8606700 Carlson Dec 2013 B2
8606720 Baker Dec 2013 B1
8615468 Varadarajan Dec 2013 B2
8620754 Fisher Dec 2013 B2
8635157 Smith Jan 2014 B2
8646059 Von Behren Feb 2014 B1
8651374 Brabson Feb 2014 B2
8656180 Shablygin Feb 2014 B2
8751391 Freund Jun 2014 B2
8751642 Vargas Jun 2014 B2
8762263 Gauthier et al. Jun 2014 B2
8793186 Patterson Jul 2014 B2
8838982 Carlson et al. Sep 2014 B2
8856539 Weiss Oct 2014 B2
8887308 Grecia Nov 2014 B2
9065643 Hurry et al. Jun 2015 B2
9070129 Sheets et al. Jun 2015 B2
9100826 Weiss Aug 2015 B2
9160741 Wentker et al. Oct 2015 B2
9229964 Stevelinck Jan 2016 B2
9245267 Singh Jan 2016 B2
9249241 Dai et al. Feb 2016 B2
9256871 Anderson et al. Feb 2016 B2
9280765 Hammad Mar 2016 B2
9530137 Weiss Dec 2016 B2
9646303 Karpenko May 2017 B2
9680942 Dimmick Jun 2017 B2
20010029485 Brody Oct 2001 A1
20010034720 Armes Oct 2001 A1
20010054003 Chien Dec 2001 A1
20020007320 Hogan Jan 2002 A1
20020016749 Borecki Feb 2002 A1
20020029193 Ranjan Mar 2002 A1
20020035548 Hogan Mar 2002 A1
20020073045 Rubin Jun 2002 A1
20020116341 Hogan Aug 2002 A1
20020133467 Hobson Sep 2002 A1
20020147913 Lun Yip Oct 2002 A1
20030028481 Flitcroft Feb 2003 A1
20030130955 Hawthorne Jul 2003 A1
20030191709 Elston Oct 2003 A1
20030191945 Keech Oct 2003 A1
20040010462 Moon Jan 2004 A1
20040050928 Bishop Mar 2004 A1
20040059682 Hasumi Mar 2004 A1
20040093281 Silverstein May 2004 A1
20040139008 Mascavage Jul 2004 A1
20040143532 Lee Jul 2004 A1
20040158532 Breck Aug 2004 A1
20040210449 Breck Oct 2004 A1
20040210498 Freund Oct 2004 A1
20040232225 Bishop Nov 2004 A1
20040236632 Maritzen Nov 2004 A1
20040260646 Berardi Dec 2004 A1
20050037735 Coutts Feb 2005 A1
20050080730 Sorrentino Apr 2005 A1
20050108178 York May 2005 A1
20050199709 Linlor Sep 2005 A1
20050246293 Ong Nov 2005 A1
20050269401 Spitzer Dec 2005 A1
20050269402 Spitzer Dec 2005 A1
20060235795 Johnson Oct 2006 A1
20060237528 Bishop Oct 2006 A1
20060278704 Saunders Dec 2006 A1
20070107044 Yuen May 2007 A1
20070129955 Dalmia Jun 2007 A1
20070136193 Starr Jun 2007 A1
20070136211 Brown Jun 2007 A1
20070170247 Friedman Jul 2007 A1
20070179885 Bird Aug 2007 A1
20070208671 Brown Sep 2007 A1
20070245414 Chan Oct 2007 A1
20070288377 Shaked Dec 2007 A1
20070291995 Rivera Dec 2007 A1
20080015988 Brown Jan 2008 A1
20080029607 Mullen Feb 2008 A1
20080035738 Mullen Feb 2008 A1
20080052226 Agarwal Feb 2008 A1
20080054068 Mullen Mar 2008 A1
20080054079 Mullen Mar 2008 A1
20080054081 Mullen Mar 2008 A1
20080065554 Hogan Mar 2008 A1
20080065555 Mullen Mar 2008 A1
20080201264 Brown Aug 2008 A1
20080201265 Hewton Aug 2008 A1
20080228646 Myers Sep 2008 A1
20080243702 Hart Oct 2008 A1
20080245855 Fein Oct 2008 A1
20080245861 Fein Oct 2008 A1
20080283591 Oder, II Nov 2008 A1
20080302869 Mullen Dec 2008 A1
20080302876 Mullen Dec 2008 A1
20080313264 Pestoni Dec 2008 A1
20090006262 Brown Jan 2009 A1
20090010488 Matsuoka Jan 2009 A1
20090037333 Flitcroft Feb 2009 A1
20090037388 Cooper Feb 2009 A1
20090043702 Bennett Feb 2009 A1
20090048971 Hathaway Feb 2009 A1
20090106112 Dalmia Apr 2009 A1
20090106160 Skowronek Apr 2009 A1
20090134217 Flitcroft May 2009 A1
20090157555 Biffle Jun 2009 A1
20090159673 Mullen Jun 2009 A1
20090159700 Mullen Jun 2009 A1
20090159707 Mullen Jun 2009 A1
20090173782 Muscato Jul 2009 A1
20090200371 Kean Aug 2009 A1
20090248583 Chhabra Oct 2009 A1
20090271262 Hammad Oct 2009 A1
20090276347 Kargman Nov 2009 A1
20090281948 Carlson Nov 2009 A1
20090294527 Brabson Dec 2009 A1
20090307139 Mardikar Dec 2009 A1
20090308921 Mullen Dec 2009 A1
20090327131 Beenau Dec 2009 A1
20100008535 Abulafia Jan 2010 A1
20100088237 Wankmueller Apr 2010 A1
20100094755 Kloster Apr 2010 A1
20100106644 Annan Apr 2010 A1
20100120408 Beenau May 2010 A1
20100133334 Vadhri Jun 2010 A1
20100138347 Chen Jun 2010 A1
20100145860 Pelegero Jun 2010 A1
20100161433 White Jun 2010 A1
20100185545 Royyuru Jul 2010 A1
20100211505 Saunders Aug 2010 A1
20100223186 Hogan Sep 2010 A1
20100228668 Hogan Sep 2010 A1
20100235284 Moore Sep 2010 A1
20100258620 Torreyson Oct 2010 A1
20100291904 Musfeldt Nov 2010 A1
20100299267 Faith et al. Nov 2010 A1
20100306076 Taveau Dec 2010 A1
20100325041 Berardi Dec 2010 A1
20110010292 Giordano Jan 2011 A1
20110016047 Wu Jan 2011 A1
20110016320 Bergsten Jan 2011 A1
20110040640 Erikson Feb 2011 A1
20110047076 Carlson et al. Feb 2011 A1
20110083018 Kesanupalli Apr 2011 A1
20110087596 Dorsey Apr 2011 A1
20110093397 Carlson Apr 2011 A1
20110125597 Oder, II May 2011 A1
20110153437 Archer Jun 2011 A1
20110153498 Makhotin et al. Jun 2011 A1
20110154466 Harper Jun 2011 A1
20110161233 Tieken Jun 2011 A1
20110178926 Lindelsee et al. Jul 2011 A1
20110191237 Faith Aug 2011 A1
20110191244 Dai Aug 2011 A1
20110238511 Park Sep 2011 A1
20110238573 Varadarajan Sep 2011 A1
20110246317 Coppinger Oct 2011 A1
20110258111 Raj et al. Oct 2011 A1
20110272471 Mullen Nov 2011 A1
20110272478 Mullen Nov 2011 A1
20110276380 Mullen Nov 2011 A1
20110276381 Mullen Nov 2011 A1
20110276424 Mullen Nov 2011 A1
20110276425 Mullen Nov 2011 A1
20110295745 White Dec 2011 A1
20110302081 Saunders Dec 2011 A1
20120023567 Hammad Jan 2012 A1
20120028609 Hruska Feb 2012 A1
20120030047 Fuentes et al. Feb 2012 A1
20120035998 Chien Feb 2012 A1
20120041881 Basu Feb 2012 A1
20120047237 Arvidsson Feb 2012 A1
20120066078 Kingston Mar 2012 A1
20120072350 Goldthwaite Mar 2012 A1
20120078735 Bauer Mar 2012 A1
20120078798 Downing Mar 2012 A1
20120078799 Jackson Mar 2012 A1
20120095852 Bauer Apr 2012 A1
20120095865 Doherty Apr 2012 A1
20120116902 Cardina May 2012 A1
20120123882 Carlson May 2012 A1
20120123940 Killian May 2012 A1
20120129514 Beenau May 2012 A1
20120143754 Patel Jun 2012 A1
20120143767 Abadir Jun 2012 A1
20120143772 Abadir Jun 2012 A1
20120158580 Eram Jun 2012 A1
20120158593 Garfinkle Jun 2012 A1
20120173431 Ritchie Jul 2012 A1
20120185386 Salama Jul 2012 A1
20120197807 Schlesser Aug 2012 A1
20120203664 Torossian Aug 2012 A1
20120203666 Torossian Aug 2012 A1
20120209749 Hammad Aug 2012 A1
20120215688 Musser Aug 2012 A1
20120215696 Salonen Aug 2012 A1
20120221421 Hammad Aug 2012 A1
20120226582 Hammad Sep 2012 A1
20120231844 Coppinger Sep 2012 A1
20120233004 Bercaw Sep 2012 A1
20120246070 Vadhri Sep 2012 A1
20120246071 Jain Sep 2012 A1
20120246079 Wilson et al. Sep 2012 A1
20120265631 Cronic Oct 2012 A1
20120271770 Harris Oct 2012 A1
20120297446 Webb Nov 2012 A1
20120300932 Cambridge Nov 2012 A1
20120303503 Cambridge Nov 2012 A1
20120303961 Kean Nov 2012 A1
20120304273 Bailey Nov 2012 A1
20120310725 Chien Dec 2012 A1
20120310831 Harris Dec 2012 A1
20120316992 Oborne Dec 2012 A1
20120317035 Royyuru Dec 2012 A1
20120317036 Bower Dec 2012 A1
20130017784 Fisher Jan 2013 A1
20130018757 Anderson et al. Jan 2013 A1
20130019098 Gupta Jan 2013 A1
20130031006 Mccullagh et al. Jan 2013 A1
20130054337 Brendell Feb 2013 A1
20130054413 Brendell Feb 2013 A1
20130054466 Muscato Feb 2013 A1
20130054474 Yeager Feb 2013 A1
20130081122 Svigals Mar 2013 A1
20130091028 Oder ("J. D."), II Apr 2013 A1
20130110658 Lyman May 2013 A1
20130111599 Gargiulo May 2013 A1
20130117185 Collison May 2013 A1
20130124290 Fisher May 2013 A1
20130124291 Fisher May 2013 A1
20130124364 Mittal May 2013 A1
20130138525 Bercaw May 2013 A1
20130144888 Faith Jun 2013 A1
20130145148 Shablygin Jun 2013 A1
20130145172 Shablygin Jun 2013 A1
20130159178 Colon Jun 2013 A1
20130159184 Thaw Jun 2013 A1
20130166402 Parento Jun 2013 A1
20130166456 Zhang Jun 2013 A1
20130173736 Krzeminski Jul 2013 A1
20130185202 Goldthwaite Jul 2013 A1
20130191227 Pasa et al. Jul 2013 A1
20130191286 Cronic Jul 2013 A1
20130191289 Cronic Jul 2013 A1
20130198071 Jurss Aug 2013 A1
20130198080 Anderson et al. Aug 2013 A1
20130200146 Moghadam Aug 2013 A1
20130204787 Dubois Aug 2013 A1
20130204793 Kerridge Aug 2013 A1
20130212007 Mattsson Aug 2013 A1
20130212017 Bangia Aug 2013 A1
20130212019 Mattsson Aug 2013 A1
20130212024 Mattsson Aug 2013 A1
20130212026 Powell et al. Aug 2013 A1
20130212666 Mattsson Aug 2013 A1
20130218698 Moon Aug 2013 A1
20130218769 Pourfallah et al. Aug 2013 A1
20130226799 Raj Aug 2013 A1
20130226802 Hammad Aug 2013 A1
20130226813 Voltz Aug 2013 A1
20130246199 Carlson Sep 2013 A1
20130246202 Tobin Sep 2013 A1
20130246203 Laracey Sep 2013 A1
20130246258 Dessert Sep 2013 A1
20130246259 Dessert Sep 2013 A1
20130246261 Purves et al. Sep 2013 A1
20130246267 Tobin Sep 2013 A1
20130254028 Salci Sep 2013 A1
20130254052 Royyuru Sep 2013 A1
20130254102 Royyuru Sep 2013 A1
20130254117 Von Mueller Sep 2013 A1
20130262296 Thomas Oct 2013 A1
20130262302 Lettow Oct 2013 A1
20130262315 Hruska Oct 2013 A1
20130262316 Hruska Oct 2013 A1
20130262317 Collinge Oct 2013 A1
20130275300 Killian Oct 2013 A1
20130275307 Khan Oct 2013 A1
20130275308 Paraskeva Oct 2013 A1
20130282502 Jooste Oct 2013 A1
20130282575 Mullen Oct 2013 A1
20130282588 Hruska Oct 2013 A1
20130297501 Monk et al. Nov 2013 A1
20130297504 Nwokolo Nov 2013 A1
20130297508 Belamant Nov 2013 A1
20130304649 Cronic Nov 2013 A1
20130308778 Fosmark Nov 2013 A1
20130311382 Fosmark Nov 2013 A1
20130317982 Mengerink Nov 2013 A1
20130332344 Weber Dec 2013 A1
20130339253 Sincai Dec 2013 A1
20130346305 Mendes Dec 2013 A1
20130346314 Mogollon Dec 2013 A1
20140007213 Sanin Jan 2014 A1
20140013106 Redpath Jan 2014 A1
20140013114 Redpath Jan 2014 A1
20140013452 Aissi et al. Jan 2014 A1
20140019352 Shrivastava Jan 2014 A1
20140025581 Calman Jan 2014 A1
20140025585 Calman Jan 2014 A1
20140025958 Calman Jan 2014 A1
20140032417 Mattsson Jan 2014 A1
20140032418 Weber Jan 2014 A1
20140040137 Carlson Feb 2014 A1
20140040139 Brudnicki Feb 2014 A1
20140040144 Plomske Feb 2014 A1
20140040145 Ozvat Feb 2014 A1
20140040148 Ozvat Feb 2014 A1
20140040628 Fort Feb 2014 A1
20140041018 Bomar Feb 2014 A1
20140046853 Spies Feb 2014 A1
20140047551 Nagasundaram et al. Feb 2014 A1
20140052532 Tsai Feb 2014 A1
20140052620 Rogers Feb 2014 A1
20140052637 Jooste Feb 2014 A1
20140068706 Aissi Mar 2014 A1
20140074637 Hammad Mar 2014 A1
20140100931 Sanchez Apr 2014 A1
20140108172 Weber et al. Apr 2014 A1
20140114857 Griggs et al. Apr 2014 A1
20140143137 Carlson May 2014 A1
20140156517 Argue Jun 2014 A1
20140164234 Coffman Jun 2014 A1
20140164243 Aabye et al. Jun 2014 A1
20140172704 Atagun et al. Jun 2014 A1
20140188586 Carpenter Jul 2014 A1
20140222663 Park Aug 2014 A1
20140249945 Gauthier Sep 2014 A1
20140279098 Ham Sep 2014 A1
20140294701 Dai et al. Oct 2014 A1
20140297534 Patterson Oct 2014 A1
20140310183 Weber Oct 2014 A1
20140324690 Allen et al. Oct 2014 A1
20140330721 Wang Nov 2014 A1
20140330722 Laxminarayanan et al. Nov 2014 A1
20140331265 Mozell et al. Nov 2014 A1
20140337236 Wong et al. Nov 2014 A1
20140344153 Raj et al. Nov 2014 A1
20140351130 Cheek Nov 2014 A1
20140372308 Sheets Dec 2014 A1
20150019443 Sheets et al. Jan 2015 A1
20150032625 Dill Jan 2015 A1
20150032626 Dill Jan 2015 A1
20150032627 Dill Jan 2015 A1
20150046338 Laxminarayanan Feb 2015 A1
20150046339 Wong et al. Feb 2015 A1
20150052064 Karpenko et al. Feb 2015 A1
20150073988 Hosny Mar 2015 A1
20150081346 Charles Mar 2015 A1
20150081544 Wong et al. Mar 2015 A1
20150088756 Makhotin et al. Mar 2015 A1
20150106239 Gaddam et al. Apr 2015 A1
20150112870 Nagasundaram et al. Apr 2015 A1
20150112871 Kumnick Apr 2015 A1
20150120472 Aabye et al. Apr 2015 A1
20150127529 Makhotin et al. May 2015 A1
20150127547 Powell et al. May 2015 A1
20150140960 Powell et al. May 2015 A1
20150142673 Nelsen et al. May 2015 A1
20150161597 Subramanian et al. Jun 2015 A1
20150178724 Ngo et al. Jun 2015 A1
20150180836 Wong et al. Jun 2015 A1
20150186864 Jones et al. Jul 2015 A1
20150193222 Pirzadeh et al. Jul 2015 A1
20150195133 Sheets et al. Jul 2015 A1
20150199679 Palanisamy et al. Jul 2015 A1
20150199689 Kumnick et al. Jul 2015 A1
20150220917 Aabye et al. Aug 2015 A1
20150242834 Goldsmith Aug 2015 A1
20150269566 Gaddam et al. Sep 2015 A1
20150278799 Palanisamy Oct 2015 A1
20150286998 Thackray Oct 2015 A1
20150287037 Salmon Oct 2015 A1
20150302384 Aadi Oct 2015 A1
20150310408 Anderson Oct 2015 A1
20150312038 Palanisamy Oct 2015 A1
20150319158 Kumnick Nov 2015 A1
20150324736 Sheets Nov 2015 A1
20150332262 Lingappa Nov 2015 A1
20150356560 Shastry et al. Dec 2015 A1
20150363781 Badenhorst Dec 2015 A1
20150379516 Yingst Dec 2015 A1
20160028550 Gaddam et al. Jan 2016 A1
20160036790 Shastry et al. Feb 2016 A1
20160042263 Gaddam et al. Feb 2016 A1
20160065370 Le Saint et al. Mar 2016 A1
20160092696 Guglani et al. Mar 2016 A1
20160092872 Prakash et al. Mar 2016 A1
20160092874 O'Regan Mar 2016 A1
20160103675 Aabye et al. Apr 2016 A1
20160119296 Laxminarayanan et al. Apr 2016 A1
20160132878 O'Regan May 2016 A1
20160140545 Flurscheim et al. May 2016 A1
20160148197 Dimmick May 2016 A1
20160148212 Dimmick May 2016 A1
20160171479 Prakash et al. Jun 2016 A1
20160173483 Wong et al. Jun 2016 A1
20160197725 Hammad Jul 2016 A1
20160210628 McGuire Jul 2016 A1
20160217461 Gaddam Jul 2016 A1
20160218875 Le Saint et al. Jul 2016 A1
20160224976 Basu Aug 2016 A1
20160224977 Sabba et al. Aug 2016 A1
20160232527 Patterson Aug 2016 A1
20160239842 Cash et al. Aug 2016 A1
20160269391 Gaddam et al. Sep 2016 A1
20160308995 Youdale et al. Oct 2016 A1
20170046696 Powell et al. Feb 2017 A1
20170076288 Awasthi Mar 2017 A1
20170103387 Weber Apr 2017 A1
20170109745 Al-Bedaiwi Apr 2017 A1
20170148013 Rajurkar May 2017 A1
20170163617 Narayan Jun 2017 A1
20170163629 Law Jun 2017 A1
20170186001 Reed et al. Jun 2017 A1
20170200156 Karpenko Jul 2017 A1
20170200165 Narayan Jul 2017 A1
20170201520 Chandoor Jul 2017 A1
20170220818 Nagasundaram et al. Aug 2017 A1
20170221054 Flurscheim Aug 2017 A1
20170221056 Karpenko Aug 2017 A1
20170228723 Taylor Aug 2017 A1
20170236113 Chitalia Aug 2017 A1
20170293914 Girish Oct 2017 A1
20170295155 Wong et al. Oct 2017 A1
20170364903 Lopez Dec 2017 A1
20170373852 Cassin Dec 2017 A1
20180006821 Kinagi Jan 2018 A1
20180075081 Chipman Mar 2018 A1
20180247303 Raj Aug 2018 A1
20180262334 Hammad Sep 2018 A1
20180268399 Spector Sep 2018 A1
20180268405 Lopez Sep 2018 A1
20180285875 Law Oct 2018 A1
20180324184 Kaja Nov 2018 A1
20180324584 Lopez Nov 2018 A1
20190020478 Girish Jan 2019 A1
20190066069 Faith Feb 2019 A1
20190147439 Wang May 2019 A1
Foreign Referenced Citations (20)
Number Date Country
1028401 Aug 2000 EP
2156397 Feb 2010 EP
2000014648 Mar 2000 WO
2001035304 May 2001 WO
2001035304 May 2001 WO
2004051585 Nov 2003 WO
2004042536 May 2004 WO
2005001751 Jun 2004 WO
2006113834 Oct 2006 WO
2009032523 Mar 2009 WO
2010078522 Jul 2010 WO
2012068078 May 2012 WO
2012098556 Jul 2012 WO
2012142370 Oct 2012 WO
2012167941 Dec 2012 WO
2013048538 Apr 2013 WO
2013056104 Apr 2013 WO
2013068765 May 2013 WO
2013119914 Aug 2013 WO
2013179271 Dec 2013 WO
Non-Patent Literature Citations (3)
Entry
PCT/US2017/033502, “International Search Report and Written Opinion”, dated Aug. 29, 2017, 11 pages.
Petition for Inter Partes Review of U.S. Pat. No. 8,533,860 Challenging Claims 1-30 Under 35 U.S.C. § 312 and 37 C.F.R. § 42.104, filed Feb. 17, 2016, Before the USPTO Patent Trial and Appeal Board, IPR 2016-00600, 65 pages.
Dean, et al., U.S. Appl. No. 16/311,144 (unpublished), “Encryption Key Exhange Process Using Access Device,” filed Dec. 18, 2018.
Related Publications (1)
Number Date Country
20170364914 A1 Dec 2017 US