Token generating component

Description

CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a National Stage of International Application No. PCT/IB2013/060696, International Filing Date Dec. 6, 2013, and which claims the benefit of South African Patent Application No. 2012/09284, filed Dec. 7, 2012, the disclosures of both applications being incorporated herein by reference.

BACKGROUND

This invention relates to a device, system and method for generating tokens for security purposes.

Many applications utilize token generation to enhance security through the provision of session specific tokens. Token generators often require a user to carry hardware with them, such as key fobs, cards, or USB devices, which are required for the generation of the session specific token. Carrying such devices may be inconvenient to a user.

The abovementioned hardware-type token generators often use time-based encryption, wherein the current time upon generation of a session-specific token is used as an input value to the algorithm used. The use of a time as an input value is an example of dynamic key use, where a continuously changing (dynamic) key is used as an input value to the algorithm used for determining the session specific token. A dynamic key ensures that the algorithm will provide a different result each time that the result of the algorithm is determined. If the same input value is used more than once in a token generating device which utilizes a single algorithm, the same result will be obtained. By including a dynamic input value, a different result should be obtained after each calculation.

A major problem which is often encountered with hardware-type token generators which use time as an input value is that the clock which provides the time to the hardware has to be synchronized with the clock of a service provider who has to check the validity of a generated token. Should the clocks not be synchronized, a validly generated token may not be recognized as valid when it is checked by a service provider with a clock that is out-of-sync to the clock of the hardware.

Mobile banking involves the use of a mobile device to pay for goods or services at a point-of-sale (POS) of a merchant, or even remotely. Mobile payments, in turn, refer to payment services performed with the use of a mobile device. Examples of mobile payments include situations in which details of a person's financial transaction card, such as a debit or credit card, is stored on the person's mobile device, typically in the format of Track 1 or Track 2 card data. Track 1 and Track 2 are standardized formats in which properties of a financial transaction card are stored on the cards themselves.

The mobile device transfers the details of a person's financial transaction card to a POS terminal of a merchant where a user wishes to transact, for example by means of near-field communications technology. The POS terminal, in turn, transmits the details to an issuing authority that is to approve or deny payment from an account of the user held by the issuing authority. Security concerns do however still exist with regards to mobile payments, for example regarding the possibility of the interception of the details during its transfer, or the access protection offered by the mobile device with regards to the payments cards stored thereon.

BRIEF SUMMARY

In accordance with an embodiment of the invention there is provided a method for providing financial details from a mobile device of a user for use in a transaction, the method being performed on a mobile device of the user and including the steps of:

generating, on a token generating component associated with the mobile device, a session-specific token by applying an algorithm stored on the token generating component with a dynamic key;

providing financial details in a pre-determined format for use in a transaction;

incorporating the session-specific token and the financial details into a modified form of the financial details; and

transferring the modified form of the financial details in the pre-determined format from the mobile device to initiate the transaction.

Further features of the invention provide for the step of incorporating the session-specific token and the financial details into a modified form of the financial details to include inserting the session-specific token into redundant characters in the pre-determined format; and to include encrypting a portion of the characters of the financial details with the session-specific token.

Still further features of the invention provide for the algorithm stored on the token generating component to include an individual seed value for a customer; and for the modified form of the financial details to include a readable customer identifier.

Yet further features of the invention provide for the algorithm stored on the token generating component to include a seed value for an issuing authority; and for the modified form of the financial details to include a readable issuing authority identifier and an initiation vector.

In one embodiment of the invention, the dynamic key acts as the seed value. In a further embodiment, the user has a unique seed value, and the issuing authority has a database storing details relating to customer's respective unique seed values.

Further features of the invention provide for the step of generating, on a token generating component associated with the mobile device, a session-specific token by applying an algorithm stored on the token generating component with a dynamic key, generates the session-specific token offline from an issuing authority and the dynamic key is coordinated between the mobile device and the issuing authority.

A still further feature of the invention provides for the session-specific token to be generated without a communication channel to a issuing authority that is to verify the validity of the token, the issuing authority able to determine the session-specific token used, and its validity.

A yet further feature of the invention provides for the dynamic key and one of a customer identifier or an initialization vector for a customer to enable the session-specific token to be reversed by an issuing authority to authenticate a customer.

A further feature of the invention provides for the financial details to include static customer account details or one-time generated customer account details.

Still further features of the invention provide for the dynamic key to be randomly selected from a pre-calculated set of keys; and for a key serial number related to the dynamic key to be transferred along with the modified form of the financial details, wherein the key serial number is able to determine the dynamic key that was used.

Yet further features of the invention provide for the dynamic key to be a counter value which increments or changes every time the algorithm is applied; or to be a based on a time signal derived by the mobile device and at which the generation of the session-specific token is carried out.

Still further features of the invention provide for the session-specific token to be inserted in redundant characters in the pre-determined format; for the format to be compatible with a POS terminal; for the format to be the Track 1 or Track 2 data format of a financial transaction card; and for the session-specific token to be inserted at least partially in any one or more of a field normally reserved for an expiration date, a card security code, a service code, discretionary data, or a name. In one embodiment of the invention, the token is inserted into the card security code only, and the card security code can be described as a dynamic card security code.

In one embodiment of the invention, the financial details are transferred to a point-of-sale (POS) terminal of a merchant, from where it is further transferred to the issuing authority.

Further features of the invention provide for the token generating component to be a cryptographic expansion device that can be attached to a communication component of the mobile device; and for the cryptographic expansion device to be configured to be used with the mobile device without requiring any changes to the internal software or hardware of the mobile device and without requiring any modification to the communication protocols used by the mobile device.

The invention further extends to the cryptographic expansion device being a cryptographic label that includes a hardware security module (HSM) disposed therein including a secure processing unit and a public processing unit.

In one embodiment of the invention, the cryptographic label also includes a first set of electrical contacts disposed on the top side of the cryptographic label for interfacing to a mobile device, and a second set of electrical contacts disposed on the bottom side of the cryptographic label for interfacing to a communication component. A coupling element may also be provided to attach the cryptographic label to the communication component. In an exemplary embodiment, the mobile device can be a mobile phone, the communication component can be a subscriber identity module (SIM) card, and the coupling element used for attaching the cryptographic label to the communication component can be an adhesive material disposed on the cryptographic label.

The invention extends to a method for determining the validity of financial details, the method being performed at a server and including the steps of:

receiving a pre-determined format of financial details for a transaction;

extracting a session-specific token from the pre-determined format;

generating, on a token generating component associated with the server, at least one expected session-specific token by applying an algorithm with a dynamic key;

comparing the at least one expected session-specific token and the extracted session-specific token; and

in response to the extracted session-specific token matching at least one expected session-specific token, approving the received financial details for use; or,

in response to the extracted session-specific token matching none of the at least one expected session-specific tokens, rejecting the financial details for use.

A further feature of the invention provides for the step of extracting the session-specific token from the pre-determined format to include extracting the session-specific token from redundant characters in the pre-determined format.

Still further features of the invention provide for the algorithm stored on the token generating component to include an individual seed value for a customer; and for the received pre-determined format of financial details to include a readable customer identifier.

Yet further features of the invention provide for the algorithm stored on the token generating component to include a seed value for an issuing authority; and for the received pre-determined format of financial details to include a readable issuing authority identifier and an initialization vector.

Further features of the invention provide for the financial details to include static customer account details or one-time generated customer account details. In one embodiment, the pre-determined format may be a Track 1 or Track 2 data format of a financial transaction card.

Still further features of the invention provides for the financial details to include a serial number related to the dynamic key, the serial number providing an indication of the dynamic key used; the server having a database associated therewith which stores a list of keys and related serial numbers.

Yet further features of the invention provides for the server to be a server of an issuing authority at which a user has an account; and for financial details to be received from the mobile device of a user or a POS terminal of a merchant.

Further features of the invention provide for an expected session-specific token to be any token which may have been validly generated within a pre-determined amount of time; or to be any token which may have been validly generated a pre-determined amount of times since a previous transaction approval message has been transmitted.

A still further feature of the invention provides for the method to include the step of transmitting a transaction approval or a transaction rejection message to an electronic device of either the user or the merchant in response to the approval or rejection of the financial details for use.

The invention extends to a system for providing financial details from a mobile device of a user for use in a transaction, the system being provided on a mobile device of the user and including:

a token generating component associated with the mobile device for generating a session-specific token by applying an algorithm stored on the token generating component with a dynamic key;

a financial details component for providing financial details in a pre-determined format for use in a transaction

a format modifying component for incorporating the session-specific token and the financial details into a modified form of the financial details; and

a communication component for transferring the modified form of the financial details in the pre-determined format from the mobile device to initiate the transaction.

Further features of the invention provide for the format modifying component to incorporate the session-specific token and the financial details into a modified form of the financial details by inserting the session-specific token into redundant characters in the pre-determined format; or by encrypting a portion of the characters of the financial details with the session-specific token.

In one embodiment of the invention, the algorithm stored on the token generating component may include an individual seed value for a customer; and wherein the modified form of the financial details may include a readable customer identifier. In another embodiment, the algorithm stored on the token generating component may include a seed value for an issuing authority; and wherein the modified form of the financial details may include a readable issuing authority identifier and an initialization vector.

In one embodiment of the invention, the modified form of the financial details is transferred to a point-of-sale (POS) terminal of a merchant, from where it is further transferred to the issuing authority.

The invention extends to a mobile device having a hardware security module having a memory component for storing at least an algorithm, a seed value and a pre-determined format; and the token generating component applying the algorithm with input values including at least the seed value and a dynamic key.

A still further feature of the invention provide for the cryptographic expansion device to be a cryptographic label that includes a hardware security module (HSM) disposed therein including a secure processing unit and a public processing unit.

The invention extends to a system for determining the validity of financial details, the system being provided at a server and including:

a receiving component for receiving a pre-determined format of financial details for a transaction;

an extracting component for extracting a session-specific token from the pre-determined format;

a token generating component associated with the server for generating at least one expected session-specific token by applying an algorithm with a dynamic key;

a comparing component for comparing the at least one expected session-specific token and the extracted session-specific token; and

in response to the extracted session-specific token matching at least one expected session-specific token, approving the received financial details for use; or,

in response to the extracted session-specific token matching none of the at least one expected session-specific tokens, rejecting the financial details for use.

Further features of the invention provides for the server to be a server of an issuing authority at which a user has an account; and for financial details to be received from a POS terminal of a merchant.

A yet further feature of the invention provides for the system to include a transmission component for transmitting a transaction approval or a transaction rejection message to an electronic device of either the user or the merchant in response to the approval or rejection of the financial details for use.

The invention extends to a computer program product for providing financial details from a mobile device of a user for use in a transaction, the computer program product comprising a computer-readable medium having stored computer-readable program code for performing the steps of:

generating, on a token generating component associated with the mobile device, a session-specific token by applying an algorithm stored on the token generating component with a dynamic key;

providing financial details in a pre-determined format for use in a transaction;

incorporating the session-specific token and the financial details into a modified form of the financial details; and

transferring the modified form of the financial details in the pre-determined format from the mobile device to initiate the transaction.

The invention further extends to a computer program product for determining the validity of financial details, the computer program product comprising a computer-readable medium having stored computer-readable program code for performing the steps of:

receiving a pre-determined format of financial details for a transaction;

extracting a session-specific token from the pre-determined format;

generating, on a token generating component associated with the server, at least one expected session-specific token by applying an algorithm with a dynamic key;

comparing the at least one expected session-specific token and the extracted session-specific token; and

in response to the extracted session-specific token matching at least one expected session-specific token, approving the received financial details for use; or,

in response to the extracted session-specific token matching none of the at least one expected session-specific tokens, rejecting the financial details for use.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a system for providing financial details from a mobile device in accordance with an embodiment of the present invention;

FIG. 2 is an embodiment of a mobile device of the system of FIG. 1 in accordance with the present invention;

FIG. 3 a flow diagram of an embodiment of a method of operation of the system of FIG. 1;

FIG. 4 is an example of a financial detail structure used in the method of FIG. 3;

FIG. 5 is a flow diagram of an embodiment of a method performed on the mobile device of FIG. 2 in accordance with the present invention;

FIG. 6 is an embodiment of a server of the system of FIG. 1 in accordance with the present invention;

FIG. 7 is a flow diagram of an embodiment of a method in accordance with the present invention performed on the server of FIG. 6;

FIG. 8 is an embodiment of a system for providing financial details from a mobile device in accordance with a further embodiment of the invention;

FIG. 9 is a flow diagram of an embodiment of a method in accordance with the present invention performed at the server of the system of FIG. 8;

FIG. 10 is a second example of a financial detail structure used in a method of operation of the mobile device of FIG. 2;

FIG. 11 is a flow diagram of an embodiment of a method in accordance with the present invention performed on the mobile device of FIG. 2 and using the financial detail structure of FIG. 10;

FIG. 12 is an embodiment of a server of the system of FIG. 1 in accordance with the present invention;

FIG. 13 is a flow diagram of an embodiment of a method in accordance with the present invention performed at the server of FIG. 12;

FIG. 14 is an embodiment of a computing device in accordance with the present invention; and

FIG. 15 is an embodiment of a block diagram of a communication device in accordance with the present invention.

DETAILED DESCRIPTION

FIG. 1 shows a system (1) for providing financial details from a mobile device. The system includes a mobile device (100) of a user (110), a point of sale terminal (120) of a merchant, and an issuing authority (130) at which the user (110) has an account. The issuing authority has associated therewith a server (140) and a database (150). In the present embodiment, the mobile device (100) is a smartphone, however the mobile device (100) may alternatively be a feature phone.

The mobile device (100) of FIG. 1 is shown in more detail in FIG. 2. The mobile device includes an encryption component, in the present embodiment a hardware security module (HSM) (200). The HSM includes a token generating component (210), a financial details component, in the present embodiment a non-volatile memory module (220), and a format modifying component, in the present embodiment a processor (230). The mobile device also has a communication component (240) by means of which it can receive and send data.

In at least one embodiment of the invention, the mobile device differs from devices that may solely use software to encrypt communications between an electronic device and a target device or system. An electronic device that solely uses software to encrypt communications may comply with only a security level 1 of the Federal Information Processing Standard 140-2 (FIPS 140-2), which provides only a minimum level of security to protect sensitive information. In contrast, the HSM within an electronic device or controller according to some embodiments of the invention is compliant with at least a security level 2 of the FIPS 140-2 standard. More preferably, the HSM within the electronic device or controller in embodiments of the invention is compliant with security level 3 or level 4 of FIPS 140-2.

The HSM in embodiments of the invention uses hardware to encrypt data instead of solely performing the encryption in software. The HSM provides enhanced protection over software encryption technologies. For example, the HSM provides secure key management to generate cryptographic keys, sets the capabilities and security limits of keys, implements key backup and recovery, prepares keys for storage and performs key revocation and destruction. In some embodiments, the HSM is implemented as a dual processor device that includes a secure processor with storage and a public processor with storage. The HSM may also include a physical or logical separation between interfaces that are used to communicate critical security parameters and other interfaces that are used to communicate other data. The HSM can also provide a tamper-proof mechanism that provides a high risk of destroying the HSM and the cryptographic keys stored therein, if any attempt is made to remove or externally access the HSM.

FIG. 3 shows a flow diagram of an example operation of the system of FIG. 1. When a user (110) wishes to transact with a merchant, the user indicates on an input component of the mobile device (100), typically a keyboard, that he or she wishes to generate financial details required to complete the transaction in a first step (301). The financial details are generated on the mobile device (100) of the user (110) in a next step (302), and are transmitted to the POS terminal (120) in a further step (303). From the POS terminal (120), the details are transmitted to the issuing authority (130) at which the user has an account in a next step (304). At the issuing authority (130), the validity of the financial details is verified in a next step (305). Finally, the merchant is informed of the result of the verification of the details in a final step (306).

The financial details are presented in a format compliant with POS devices. In the present embodiment of the invention, that format is Track 2 financial transaction card format. By using a data format that a point of sale device is used to handling, the least number of modifications need to be made to currently in-use POS terminals and transmission protocols to allow them to facilitate the operation of the invention.

Track 2 financial transaction card data include a number of digits in a pre-determined format. An example of data included in Track 2 data is shown in FIG. 4. The data includes a personal account number (PAN) field (400), which is made up of a bank identification number (BIN) field (401) of 6 characters and an account number field (402) of the user, of 10 characters. A BIN is an identifier of an institution who issued the financial data, such as an issuing authority, or of an issuing authority at which a user has an account. The account number includes a check digit (403) of a single character. Also included in the Track 2 data is an expiry date field (404) of 4 characters and a card verification value (CVV) field (405) of 3 characters. It should be noted that FIG. 4 only shows an extract of the data fields in Track 2 data, and that the actual format includes various other fields, such as field separators, and initialization fields, a termination field, as well as other data fields.

A method performed on the mobile device for providing financial details is illustrated in the flow diagram (5) shown in FIG. 5. The method is performed on a mobile device as illustrated in FIG. 2 and the reference numerals for the components of FIG. 2 are used.

In a first step (500), a session specific token is generated on the token generating component (210) of the mobile device. It is envisaged that the mobile device will only generate a session-specific token upon a request from the user to do so.

To generate the token, the token generating device uses an algorithm which is stored on the token generating component (210) in the HSM (200). The algorithm requires a seed value as input, the seed being unique to the user (110). The seed value is stored in the memory module (220). The algorithm further requires a dynamic key as an input value. In the present embodiment, the dynamic key used is a counter value which is also stored on the memory module. After each determination of a session-specific token using the algorithm and dynamic key, the counter is increased. The initial counter value and the seed value of a user are known by the issuing authority (130).

In a next step (510), the processor (230) provides financial details relating to a payment card of the user, in the present embodiment payment card details in the form of Track 2 data may be stored in the memory module (210).

In a next step (520), the session specific token is incorporated into data fields of the Track 2 data which is available for a part of the account number and the CVV and, optionally, the expiry date. In the present embodiment, these fields are not essential for the transfer of payment credentials, and may be considered redundant. In the present embodiment, three characters of the session-specific token are incorporated in a last part (407), before the check digit (403), of the account number field (402), and three characters are incorporated in the CVV field (405).

A first part (406) of the account number field (402) is used to transmit the customer ID number, which is stored in and retrieved from the memory module (220). In combination, the last part (407) of the account number field and the CVV field (405) provide space for a 6-digit token to be inserted. The result of the incorporated of the session-specific token and the customer ID number into the Track 2 data is a modified form of the financial details.

In a final step (530), the modified form of the financial details is transferred to a POS terminal that is still in a format compatible with the POS terminal. In effect, certain numeric characters in the Track 2 data have been altered.

The point of sale device transmits the modified form of the financial details received to the issuing authority (130) in a similar manner as is currently known for transactions involving a physical payment card. The modified form of the financial details is sent along with details of the transaction, including, for example, the price payable and a merchant identifier, as is common practice in payment systems using POS terminals. The BIN number (401) indicates to the POS terminal to which issuing authority the details are to be sent.

An embodiment of the server (140) of FIG. 1 is shown in more detail in FIG. 6. The server (140) includes a token generating component (610), an extraction component, and a comparison component. In the present embodiment, the extraction component and the comparison component are provided by a processor (620). The server also has a communication component (630) by means of which data can be sent and received. The communications component functions as both a receiving component and a transmission component, for receiving and transmitting data.

A flow diagram (7) illustrating the method followed by the server (140) of a issuing authority in determining the validity of received financial details in accordance with an embodiment of the invention is illustrated in FIG. 7. In a first step (700), the issuing authority receives financial details in an expected format. In the present embodiment, the expected format is a modified form of the Track 2 data as described above.

Since a customer ID number is contained in the first part (407) of the account number field (402) in an unaltered form, the server can extract the customer ID number directly from the details received in a next step (710). Since the fields in which a session-specific token should be included are also known to the issuing authority, a token is also extracted by the server in this step (710) from the last part (406) of the account number field (402) and the CVV field (405).

The database (150) has stored thereon a list containing the details of user accounts, including the customer ID number of each user account and the counter value and seed value associated with each user account. The counter value and seed are retrieved by the server in a next step (720), by looking up the key and seed associated with the customer ID number extracted from the financial details received in the previous step (710).

In a next step (730), the server applies an algorithm related to the algorithm that is stored on the memory module (220) of the HSM (200) on the user's mobile device (100), using the seed value and counter value retrieved from the database (150), to obtain an expected session-specific token. The server utilizes its token-generating component (710) for calculating expected session-specific tokens.

The server then compares the expected session-specific token to the received token in a next step (740). If the tokens match, the transaction is approved, and an approval message is transmitted to the merchant in a final step (750) via the communication component (730). If the tokens do not match, the transaction is rejected, and a rejection or failure message is transmitted to the merchant in a final step (760) via the communication component (730). If the transaction is approved, the server is expected to deal with the transfer of money in a standard manner. After a successful comparison, the counter value stored in the database relating to the user account concerned is increased in the same manner as it would have occurred on the user's mobile device when then session-specific key was originally generated. The approval or rejection message may also be sent to the user's mobile device.

It is envisaged that the seed value may constitute the dynamic key itself. In such a situation, only the dynamic key will be used as input value for generating a session-specific token, and the server will only need to look up the dynamic key to generate the same token instead of looking up the dynamic key and the seed value.

It should be noted that in the embodiment described above, the session-specific token is generated without a direct communication channel to the issuing authority. Therefore, the token generation can be considered as offline token generation, wherein the validity of the token can be assessed by the issuing authority at a later stage.

In another embodiment of the invention, both the HSM and the database have a set of pre-calculated keys which can be used to generate a session-specific token. In such an embodiment, a section of the Track 2 data field can be used to indicate which of these keys have been used by the token generating component to generate the specific token, in effect by using a key serial number. For example, if there are ten different tokens, a single digit, with numerals 0 to 9, can be used to indicate which of the keys have been used in the encryption process. It should be noted that this digit must not be encrypted in the modified form of the financial details if it is transmitted as part of the modified form of the payment credentials. The server can then look up the key used in the database, using the serial number of the key received. Alternatively, the key used can be based on a counter value, and the token generating component will use the different keys in a standard format or according to another algorithm, both being determinable by the issuing authority's token generating component by looking the values up in its associated database. A key that changes in this manner can also be described as a dynamic key.

In the embodiment described above, tokens will need to be validated by an issuing authority in the order in which they are generated by the token generating component on the mobile device. If a generated token does not reach the issuing authority, the counter on the mobile device and the counter in the database will be out of sync, and a token generated at the server will not be the same as a token received from the POS terminal. It is envisaged that in at least some embodiments, the server will test the validity by applying a counter increased by, for example, three times' use. In such an embodiment, the server will compensate for a delay in tokens received. The server may be configured to inform the user if the counter values at the mobile device and server are suspected to be out of sync in this manner.

Also in the embodiment described above, the session-specific token has been included in redundant characters of the Track 2 data; however, it is also envisaged that some of the characters may be encrypted, either by means of a one-way hash function, an RSA token, or indeed any cryptographic function that renders a different result upon every operation performed with differing input values. A person skilled in the art would appreciate that there are indeed a large variety of cryptographic functions that can perform such a function.

It is further envisaged that the expiry date field (404) may be used as another field in which characters of the session-specific key may be stored. However, it should be noted that a POS terminal may automatically reject financial details if the details are in an invalid format, or in a format that will constitute a date that has passed, or a date that is too far in the future. Typically, any date more than 4 years in the future will be rejected. Similarly, any month field that is not from 01 to 12 will be invalid, and any day field that is not from 1 to 31 will be invalid. Some POS devices may also reject a day field if the relevant month does not have that many days, for example the second month, February, or 02, cannot have 30 days. Including the expiry date field as a field in which characters of a session-specific token may be stored will increase the possible length of the token, although the specific characters that may be used or which may be used together are limited. Any system which makes use of the expiry date field should be configured to only include acceptable characters in this field.

FIG. 8 shows an embodiment of a system (8) in which the dynamic key is time-based, instead of based on counter value as described above. This may be referred to as “time-based encryption”. The system includes a mobile device (800) of a user (810), a point of sale terminal (820) of a merchant, and an issuing authority (830). The financial system has associated therewith a server (840) and a database (850). In the present embodiment, as in the embodiment described with reference to FIG. 1, the mobile device is a smartphone. The mobile device (800) is in communication with a mobile base station which has a clock (870). The database (850) also has a clock (880) which is synchronized with the clock (870) of the base station.

Modern smartphones, and indeed the mobile device (800) of the present embodiment, are able to retrieve the current time from a clock at a mobile base station. Accordingly, upon the device being requested to generate a session-specific token, the mobile device (800) obtains the time from the clock (870) of the base station (860). At least a part of this time is used as a dynamic key for an input value in the algorithm, negating the need for a counter value as dynamic key. In the present embodiment, the hours and minutes of the current time is used as an input value. The session-specific token obtained from application of the algorithm is then handled in exactly the same way as described above, in that the token replaces some of the characters in financial details in a standard format that is stored on the HSM, and the modified financial detail is transferred to a POS terminal. Similarly, a customer ID number is included in the modified format as well. The modified financial details format is identical to the format described with reference to FIG. 4. The POS terminal transfers the modified financial details to the issuing authority as described above.

A method of determining the validity of the credentials received by the server (940) in accordance with the present embodiment of a time-based dynamic key is illustrated by the flow diagram (9) shown in FIG. 9. In a first step (900), the issuing authority receives financial details in an expected format. In the present embodiment, the expected format is a modified form of the Track 2 data as described above. The inclusion of the BIN in the modified form of the Track 2 data in an unaltered, standard format allowed the POS terminal (820) to transmit the data to an appropriate issuing authority (830).

Since a customer ID number is contained in the first part (407) of the account number field (402) in an unaltered form, the server can extract the customer ID number directly from the details received in a next step (910). Since the fields in which a session-specific token should be included are also known to the issuing authority, a token is also extracted by the server in this step (910) from the last part (406) of the account number field (402) and the CVV field (405).

The database (750) has stored thereon a list containing the details of user accounts held at the issuing authority, including the customer ID number of each user account and the counter value associated with each user account. The seed value is retrieved by the server in a next step (920), by looking up the seed associated with the customer ID number extracted from the financial details received in the previous step (900).

In a next step (930), the server applies an algorithm related to the algorithm that is stored on the memory module (220) of the HSM (200) on the user's mobile device (100), using the seed value retrieved. The server has a token-generating component associated therewith which is similar to the token-generating component (210) of the HSM (200) for calculating expected session-specific tokens. The server also uses the time of its clock (780), which is synchronized with the clock (770) of the mobile base station (760), as input value, in order to obtain an expected session-specific token. As with the generation of the original session-specific token, the hours and minutes of the current time is used. In the present embodiment, the lifetime of a session-specific key is ten minutes, and the server also generates expected tokens for the previous ten minutes. As only the current hour and minutes are used as input values, and not the seconds, ten expected tokens need to be determined for a session-specific token lifetime of ten minutes.

The server then compares the ten expected session-specific tokens to the received token in a next step (940). If the received token matches any of the expected tokens, the transaction is approved, and an approval message is transmitted to the merchant in a final step (950). If none of the expected tokens match the received token, the transaction is rejected, and a rejection or failure message is transmitted to the merchant in a final step (960). If the transaction is approved, the server is expected to deal with the transfer of money in a standard manner. It should be noted that since there is no counter value present, no alterations need to be made to the database after successful completion of a transaction.

Although it has only be described that the hour and minutes are used as input values for the time-based encryption described above, other elements of time may also be used. For example, the day, month or year of the current time may all be used, or even the seconds, milliseconds, or the like, as input values. It should be noted that the inclusion of these elements may increase the amount of expected session-specific tokens to which a received token need to be compared, depending on the lifetime of a session-specific token. For example, a session-specific token which is valid for 2 minutes and which uses seconds of time as input value to the algorithm, as there are 120 seconds in two minutes.

In FIG. 10, the example of data forming part of Track 2 data as shown in FIG. 4 is repeated. The data includes a personal account number (PAN) field (1000), which is made up of a bank identification number (BIN) field (1010) of 6 characters and an account number field (1020) of the user, of 10 characters. The account number includes a check digit (1030) of a single character. Also included in the Track 2 data is an expiry date field (1040) of 4 characters and a card verification value (CVV) field (1050) of 3 characters. It should be noted that FIG. 10 only shows an extract of the data fields in Track 2 data, and that the actual format includes various other fields, such as field separators, initialization fields, a termination field, as well as other data fields. In the present embodiment, all HSM modules issued by a specific issuing authority have the same algorithm stored thereon. This data is, however, modified differently to the data that was described with reference to FIG. 4. A flow diagram illustrating an alternative method performed on the mobile device of FIG. 2 is shown in FIG. 11. The mobile device forms part of the same system (1) that was described above with reference to FIG. 1.

In a first step (1100), the processor (230) provides financial details relating to a payment card of the user, in the present embodiment again payment card details in the form of Track 2 data may be stored in the memory module (220) of the HSM (200).

In a next step, the token generating component (1110) generates a session-specific token of up to 9 characters long, using an encryption algorithm to encrypt a customer identification number with input values including a seed value and a dynamic key. The algorithm also uses an initialization vector (IV) as input value. In the present embodiment, the IV may be a random one-time CVV value, which is determined by the token generating component (210) prior to generating the session-specific token. The algorithm and seed value is stored on the memory module (220), and are linked to the specific issuing authority which is to approve or reject the transaction. The customer identification number may also be stored on the memory module (220).

In the present embodiment of the invention, every user which has a financial account at a specific issuing authority and who makes use of the system and method of the invention is in possession of the same key and a corresponding decryption algorithm.

The up to 9 characters of the session-specific token is inserted into the account number field (1020) not including the check digit (1030) field, and the random CVV value, which is also the IV, is inserted into the CVV field (1050) in a next step (1120), to arrive at a modified form of the financial details. In a final step (1130), the modified financial details are transmitted to the POS device (120).

The point of sale device transmits the modified form of the financial details received to the issuing authority (130) in a similar manner as is currently known for transactions involving a physical payment card. The modified form of the financial details is sent along with details of the transaction, including the price payable and a merchant identifier, as is currently known. The BIN number indicates to the POS terminal to which issuing authority the details are to be sent.

A further embodiment of the server (140) of FIG. 1 is shown in more detail in FIG. 12. The server includes an extraction component, a comparing component, and a token decryption component (1200). In the present embodiment, the extraction component and the comparing component are provided by a processor (1210). The server also has a communication component (1220) by means of which data can be sent and received. The communications component functions as both a receiving component and a transmission component, for receiving or transmitting data.

A flow diagram (13) illustrating the method followed by the server (140) of an issuing authority in determining the validity of received financial details in accordance with the present embodiment of the invention is illustrated in FIG. 13. In a first step (1300), the issuing authority receives financial details in an expected format via the communication component (1220). In the present embodiment, the expected format is a modified form of the Track 2 data as described above.

Since every modified form of financial details received by an issuing authority is expected to have been encrypted with the same algorithm and seed value, a related same decryption algorithm and seed value can be used by the server to decrypt any received modified financial details.

In a next step (1310), the server extracts the IV from the CVV field and the token from the account number field with the processor (1210). In combination with the standard seed and algorithm, the IV is used to decrypt the token in the account number field, using the decryption component (1200) to extract the customer identification number in a next step (1320).

The transaction is then processed in the normal manner in a next step (1330), using the result of the decryption algorithm. If the credentials obtained using the decryption algorithm is valid, the transaction is approved, and an approval message is transmitted to the relevant merchant in a final step (1340), using the communication component (1220). If the credentials are not valid, the transaction is rejected, and a rejection or denial message is transmitted to the merchant in a final step (1350) using the communication component (1220).

It is envisaged that different algorithms may be stored on a memory module of the HSM, with each algorithm being coupled to a specific issuing authority. By selecting a specific set of financial details to use in a transaction, the HSM will use the appropriate set of details in order to produce a session-specific token with an algorithm that the specific issuing authority can decrypt or interpret.

It should also be noted that the providing of the financial details by the mobile device may be facilitated by a computer program product, such as an application or a program, operating on the mobile device. The computer program product will typically need to be stored in a computer-readable medium in the form of a computer-readable program code, and will be configured to enable the performance of the method on the mobile device as described earlier with reference to FIG. 5 and FIG. 11. Similarly, the determining of the validity of financial details on the server may be facilitated by a computer program product, such as an application or a program, operating on the server. The computer program product will typically need to be stored in a computer-readable medium in the form of a computer-readable program code, and will be configured to enable the performance of the method on the server as described earlier with reference to FIG. 6 and FIG. 12.

In at least one embodiment of the invention, the financial details are not stored on a memory element (220) of the mobile device, and are rather obtained from the issuing authority. These financial details may be one-time use financial details, often referred to as one-time personal account numbers. These one-time use financial details may then be encrypted or modified as explained above. In such an instance, the server may be configured to remember which user has requested the one-time use financial details, and check when receiving financial details that the user from which the details appear to originate has in actual fact request credentials. This may provide additional security to a user wishing to use the systems and methods described.

FIG. 14 illustrates an example of a computing device (1400) in which various aspects of the disclosure may be implemented. The computing device (1400) may be suitable for storing and executing computer program code. The various participants and elements in the previously described system diagrams may use any suitable number of subsystems or components of the computing device (1400) to facilitate the functions described herein.

The computing device (1400) may include subsystems or components interconnected via a communication infrastructure (1405) (for example, a communications bus, a cross-over bar device, or a network). The computing device (1400) may include at least one central processor (1410) and at least one memory component in the form of computer-readable media.

The memory components may include system memory (1415), which may include read only memory (ROM) and random access memory (RAM). A basic input/output system (BIOS) may be stored in ROM. System software may be stored in the system memory (1415) including operating system software.

The memory components may also include secondary memory (1420). The secondary memory (1420) may include a fixed disk (1421), such as a hard disk drive, and, optionally, one or more removable-storage interfaces (1422) for removable-storage components (1423).

The removable-storage interfaces (1422) may be in the form of removable-storage drives (for example, magnetic tape drives, optical disk drives, floppy disk drives, etc.) for corresponding removable storage-components (for example, a magnetic tape, an optical disk, a floppy disk, etc.), which may be written to and read by the removable-storage drive.

The removable-storage interfaces (1422) may also be in the form of ports or sockets for interfacing with other forms of removable-storage components (1423) such as a flash memory drive, external hard drive, or removable memory chip, etc.

The computing device (1400) may include an external communications interface (1430) for operation of the computing device (1400) in a networked environment enabling transfer of data between multiple computing devices (1400). Data transferred via the external communications interface (1430) may be in the form of signals, which may be electronic, electromagnetic, optical, radio, or other types of signal.

The external communications interface (1430) may enable communication of data between the computing device (1400) and other computing devices including servers and external storage facilities. Web services may be accessible by the computing device (1400) via the communications interface (1430).

The external communications interface (1430) may also enable other forms of communication to and from the computing device (1400) including, voice communication, near field communication, Bluetooth, etc.

The computer-readable media in the form of the various memory components may provide storage of computer-executable instructions, data structures, program modules, and other data. A computer program product may be provided by a computer-readable medium having stored computer-readable program code executable by the central processor (1410).

A computer program product may be provided by a non-transient computer-readable medium, or may be provided via a signal or other transient means via the communications interface (1430).

Interconnection via the communication infrastructure (1405) allows a central processor (1410) to communicate with each subsystem or component and to control the execution of instructions from the memory components, as well as the exchange of information between subsystems or components.

Peripherals (such as printers, scanners, cameras, or the like) and input/output (I/O) devices (such as a mouse, touchpad, keyboard, microphone, joystick, or the like) may couple to the computing device (1400) either directly or via an I/O controller (1435). These components may be connected to the computing device (1400) by any number of means known in the art, such as a serial port.

One or more monitors (1445) may be coupled via a display or video adapter (1440) to the computing device (1400).

FIG. 15 shows a block diagram of a communication device (1500) that may be used in embodiments of the disclosure. The communication device (1500) may be a cell phone, a feature phone, a smart phone, a satellite phone, or a computing device having a phone capability.

The communication device (1500) may include a processor (1505) (e.g., a microprocessor) for processing the functions of the communication device (1500) and a display (1520) to allow a user to see the phone numbers and other information and messages. The communication device (1500) may further include an input element (1525) to allow a user to input information into the device (e.g., input buttons, touch screen, etc.), a speaker (1530) to allow the user to hear voice communication, music, etc., and a microphone (1535) to allow the user to transmit his or her voice through the communication device (1500).

The processor (1510) of the communication device (1500) may connect to a memory (1515). The memory (1515) may be in the form of a computer-readable medium that stores data and, optionally, computer-executable instructions.

The communication device (1500) may also include a communication element (1540) for connection to communication channels (e.g., a cellular telephone network, data transmission network, Wi-Fi network, satellite-phone network, Internet network, Satellite Internet Network, etc.). The communication element (1540) may include an associated wireless transfer element, such as an antenna.

The communication element (1540) may include a subscriber identity module (SIM) in the form of an integrated circuit that stores an international mobile subscriber identity and the related key used to identify and authenticate a subscriber using the communication device (1500). One or more subscriber identity modules may be removable from the communication device (1500) or embedded in the communication device (1500).

The communication device (1500) may further include a contactless element (1550), which is typically implemented in the form of a semiconductor chip (or other data storage element) with an associated wireless transfer element, such as an antenna. The contactless element (1550) may be associated with (e.g., embedded within) the communication device (1500) and data or control instructions transmitted via a cellular network may be applied to the contactless element (1550) by means of a contactless element interface (not shown). The contactless element interface may function to permit the exchange of data and/or control instructions between mobile device circuitry (and hence the cellular network) and the contactless element (1550).

The contactless element (1550) may be capable of transferring and receiving data using a near field communications (NFC) capability (or near field communications medium) typically in accordance with a standardized protocol or data transfer mechanism (e.g., ISO 14443/NFC). Near field communications capability is a short-range communications capability, such as radio-frequency identification (RFID), Bluetooth, infra-red, or other data transfer capability that can be used to exchange data between the communication device (1500) and an interrogation device. Thus, the communication device (1500) may be capable of communicating and transferring data and/or control instructions via both a cellular network and near field communications capability.

The data stored in the memory (1515) may include: operation data relating to the operation of the communication device (1500), personal data (e.g., name, date of birth, identification number, etc.), financial data (e.g., bank account information, a bank identification number (BIN), credit or debit card number information, account balance information, expiration date, loyalty provider account numbers, etc.), transit information (e.g., as in a subway or train pass), access information (e.g., as in access badges), etc. A user may transmit this data from the communication device (1500) to selected receivers.

The communication device (1500) may be, amongst other things, a notification device that can receive alert messages and access reports, a portable merchant device that can be used to transmit control data identifying a discount to be applied, as well as a portable consumer device that can be used to make payments.

The foregoing description of the embodiments of the invention has been presented for the purpose of illustration; it is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Persons skilled in the relevant art can appreciate that many modifications and variations are possible in light of the above disclosure.

Some portions of this description describe the embodiments of the invention in terms of algorithms and symbolic representations of operations on information. These algorithmic descriptions and representations are commonly used by those skilled in the data processing arts to convey the substance of their work effectively to others skilled in the art. These operations, while described functionally, computationally, or logically, are understood to be implemented by computer programs or equivalent electrical circuits, microcode, or the like. The described operations may be embodied in software, firmware, hardware, or any combinations thereof.

The software components or functions described in this application may be implemented as software code to be executed by one or more processors using any suitable computer language such as, for example, Java, C++, or Perl using, for example, conventional or object-oriented techniques. The software code may be stored as a series of instructions, or commands on a non-transitory computer-readable medium, such as a random access memory (RAM), a read-only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a CD-ROM. Any such computer-readable medium may also reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.

Any of the steps, operations, or processes described herein may be performed or implemented with one or more hardware or software modules, alone or in combination with other devices. In one embodiment, a software module is implemented with a computer program product comprising a non-transient computer-readable medium containing computer program code, which can be executed by a computer processor for performing any or all of the steps, operations, or processes described.

Finally, the language used in the specification has been principally selected for readability and instructional purposes, and it may not have been selected to delineate or circumscribe the inventive subject matter. It is therefore intended that the scope of the invention be limited not by this detailed description, but rather by any claims that issue on an application based hereon. Accordingly, the disclosure of the embodiments of the invention is intended to be illustrative, but not limiting, of the scope of the invention, which is set forth in the following claims.

Claims

1. A method for providing financial details from a mobile device of a user for use in a transaction, the method being performed on the mobile device of the user and including the steps of: generating, on a token generating component associated with the mobile device, a session-specific token by applying an algorithm stored on the token generating component with a dynamic key, the session-specific token generated by encrypting a customer identification number using the dynamic key and a seed value unique to the user;retrieving, by the mobile device, financial details in a pre-determined format conforming to Track 2 data format for use in a transaction;incorporating the session-specific token and the financial details into a modified form of the financial details including encrypting a portion of characters of the financial details using the session-specific token by incorporating a first portion of the session-specific token before a check digit of the financial details, incorporating a second portion of the session-specific token before a CVV field of the financial details, and replacing data in an account number field with the customer identification number; andtransferring the modified form of the financial details in the predetermined format from the mobile device to an issuing authority to initiate the transaction, the issuing authority validating the session-specific token within the modified form of the financial details before authorizing the transaction.
2. The method as claimed in claim 1, wherein incorporating the session-specific token and the financial details into a modified form of the financial details includes: inserting the session-specific token into redundant characters in the pre-determined format.
3. The method as claimed in claim 1, wherein the seed value unique to the user is provided by the issuing authority to the mobile device.
4. The method as claimed in claim 1, wherein the seed value unique to the user is used by the issuing authority to generate an expected session-specific token, the expected session-specific token being compared to the session-specific token when validating the session-specific token.
5. The method as claimed in claim 1, wherein the session-specific token offline from an is generated while not in communication with the issuing authority and the dynamic key is coordinated between the mobile device and the issuing authority.
6. The method as claimed in claim 5, wherein the dynamic key and one of a customer identifier or an initialization vector for a customer is used by an issuing authority to generate an expected-session-specific token to be compared to the session-specific token to authenticate the user.
7. The method as claimed in claim 1, wherein the financial details include static customer account details or one-time generated customer account details.
8. The method as claimed in claim 1, wherein the dynamic key is randomly selected from a pre-calculated set of keys; and a key serial number related to the dynamic key is transferred along with the modified form of the financial details, wherein the key serial number is able to be used to determine the dynamic key that was used.
9. The method as claimed in claim 1, wherein the dynamic key is a counter value which increments or changes every time the algorithm is applied.
10. The method as claimed in claim 1, wherein the dynamic key is based on a time signal derived by the mobile device, the time signal indicating a time at which the generation of the session-specific token is carried out.
11. The method as claimed in claim 1, wherein the token generating component is a cryptographic expansion device that can be attached to a communication component of the mobile device; and the cryptographic expansion device is configured to be used with the mobile device without requiring any changes to the internal software or hardware of the mobile device and without requiring any modification to the communication protocols used by the mobile device.
12. The method as claimed in claim 1, wherein the token generating component is a hardware security module which uses hardware to generate the session-specific token.
13. The method as claimed in claim 1, wherein validating the session-specific token by the issuing authority comprises: identifying, by the issuing authority, the seed value unique to the user based on the customer identification number;determining a lifetime of the session-specific token;generating a plurality of expected session-specific tokens based on the lifetime of the session-specific token; andcomparing the session-specific token to each of the expected session-specific tokens of the plurality of expected session-specific tokens, the session-specific token being validated upon determining that the session-specific token matches one expected session-specific token of the plurality of expected session-specific tokens.
14. The method as claimed in claim 13, wherein the lifetime of the session-specific token is ten minutes and the plurality of expected session-specific tokens comprises ten expected session-specific tokens, wherein each of the plurality of expected session-specific tokens is generated to correspond to a one-minute interval of the lifetime.
15. The method as claimed in claim 1, wherein the session-specific token comprises six digits, the first portion of the session-specific token comprises a first three digits of the session-specific token, and the second portion of the session-specific token comprises a last three digits of the session-specific token.
16. A system for providing financial details from a mobile device of a user for use in a transaction, the system being provided on the mobile device of the user and including: a token generating component associated with the mobile device for generating a session-specific token by applying an algorithm stored on the token generating component with a dynamic key, the session-specific token generated by encrypting a customer identification number using the dynamic key and a seed value unique to the user;a financial details component for providing financial details in a pre-determined format conforming to Track 2 data format for use in a transaction;a format modifying component for incorporating the session-specific token and the financial details into a modified form of the financial details including encrypting a portion of characters of the financial details with the session-specific token by incorporating a first portion of the session-specific token before a check digit of the financial details, incorporating a second portion of the session-specific token before a CVV field of the financial details, and replacing data in an account number field with the customer identification number; anda communication component for transferring the modified form of the financial details in the pre-determined format from the mobile device to an issuing authority to initiate the transaction, the issuing authority being caused to validate the session-specific token within the modified form of the financial details before authorizing the transaction.
17. The system as claimed in claim 16, wherein the token generating component is a cryptographic expansion device that can be attached to a communication component of the mobile device; and the cryptographic expansion device is configured to be used with the mobile device without requiring any changes to the internal software or hardware of the mobile device and without requiring any modification to the communication protocols used by the mobile device.
18. The system as claimed in claim 17, wherein the cryptographic expansion device is a cryptographic label that includes a hardware security module (HSM) disposed therein including a secure processing unit and a public processing unit.
19. The system as claimed in claim 16, wherein the token generating component is a hardware security module which uses hardware to generate the session-specific token.
20. A computer program product for providing financial details from a mobile device of a user for use in a transaction, the computer program product comprising a computer-readable medium having stored computer-readable program code for performing the steps of: generating, on a token generating component associated with the mobile device, a session-specific token by applying an algorithm stored on the token generating component with a dynamic key, the session-specific token generated by encrypting a customer identification number using the dynamic key and a seed value unique to the user;providing financial details in a pre-determined format conforming to Track 2 data format for use in a transaction;incorporating the session-specific token and the financial details into a modified form of the financial details including encrypting a portion of characters of the financial details with the session-specific token by incorporating a first portion of the session-specific token before a check digit of the financial details, incorporating a second portion of the session-specific token before a CVV field of the financial details, and replacing data in an account number field with the customer identification number; andtransferring the modified form of the financial details in the predetermined format from the mobile device to an issuing authority to initiate the transaction, the issuing authority validating the session-specific token within the modified form of the financial details before authorizing the transaction.

Priority Claims (1)

Number	Date	Country	Kind
2012/09284	Dec 2012	ZA	national

PCT Information

Filing Document	Filing Date	Country	Kind
PCT/IB2013/060696	12/6/2013	WO	00

Publishing Document	Publishing Date	Country	Kind
WO2014/087381	6/12/2014	WO	A

US Referenced Citations (596)

Number	Name	Date	Kind
4423287	Zeidler	Dec 1983	A
5412730	Jones	May 1995	A
5613012	Hoffman	Mar 1997	A
5781438	Lee	Jul 1998	A
5883810	Franklin	Mar 1999	A
5953710	Fleming	Sep 1999	A
5956408	Arnold	Sep 1999	A
5956699	Wong	Sep 1999	A
6000832	Franklin	Dec 1999	A
6014635	Harris	Jan 2000	A
6044360	Picciallo	Mar 2000	A
6058193	Cordery	May 2000	A
6112187	Fukawa	Aug 2000	A
6163771	Walker	Dec 2000	A
6227447	Campisano	May 2001	B1
6236981	Hill	May 2001	B1
6267292	Walker	Jul 2001	B1
6327578	Linehan	Dec 2001	B1
6341724	Campisano	Jan 2002	B2
6385596	Wiser	May 2002	B1
6422462	Cohen	Jul 2002	B1
6425523	Shem Ur	Jul 2002	B1
6592044	Wong	Jul 2003	B1
6636833	Flitcroft	Oct 2003	B1
6667700	McCanne	Dec 2003	B1
6748367	Lee	Jun 2004	B1
6805287	Bishop	Oct 2004	B2
6879965	Fung	Apr 2005	B2
6891953	DeMello	May 2005	B1
6901387	Wells	May 2005	B2
6931382	Laage	Aug 2005	B2
6938019	Uzo	Aug 2005	B1
6941285	Sarcanin	Sep 2005	B2
6980670	Hoffman	Dec 2005	B1
6990470	Hogan	Jan 2006	B2
6991157	Bishop	Jan 2006	B2
6996722	Fairman	Feb 2006	B1
7011247	Drabczuk	Mar 2006	B2
7051929	Li	May 2006	B2
7069249	Stolfo	Jun 2006	B2
7069439	Chen	Jun 2006	B1
7103576	Mann, III	Sep 2006	B2
7113930	Eccles	Sep 2006	B2
7136835	Flitcroft	Nov 2006	B1
7177835	Walker	Feb 2007	B1
7177848	Hogan	Feb 2007	B2
7194437	Britto	Mar 2007	B1
7209561	Shankar et al.	Apr 2007	B1
7213766	Ryan	May 2007	B2
7264154	Harris	Sep 2007	B2
7287692	Patel	Oct 2007	B1
7292999	Hobson	Nov 2007	B2
7350230	Forrest	Mar 2008	B2
7353382	Labrou	Apr 2008	B2
7379919	Hogan	May 2008	B2
RE40444	Linehan	Jul 2008	E
7415443	Hobson	Aug 2008	B2
7430668	Chen	Sep 2008	B1
7444676	Asghari-Kamrani	Oct 2008	B1
7469151	Khan	Dec 2008	B2
7548889	Bhambri	Jun 2009	B2
7567934	Flitcroft	Jul 2009	B2
7567936	Peckover	Jul 2009	B1
7571139	Giordano	Aug 2009	B1
7571142	Flitcroft	Aug 2009	B1
7580898	Brown	Aug 2009	B2
7584153	Brown	Sep 2009	B2
7593896	Flitcroft	Sep 2009	B1
7606560	Labrou	Oct 2009	B2
7627531	Breck	Dec 2009	B2
7627895	Gifford	Dec 2009	B2
7650314	Saunders	Jan 2010	B1
7685037	Reiners	Mar 2010	B2
7702578	Fung	Apr 2010	B2
7707120	Dominguez	Apr 2010	B2
7712655	Wong	May 2010	B2
7734527	Uzo	Jun 2010	B2
7753265	Harris	Jul 2010	B2
7770789	Oder, II	Aug 2010	B2
7784685	Hopkins, III	Aug 2010	B1
7793851	Mullen	Sep 2010	B2
7801826	Labrou	Sep 2010	B2
7805376	Smith	Sep 2010	B2
7805378	Berardi	Sep 2010	B2
7818264	Hammad	Oct 2010	B2
7828220	Mullen	Nov 2010	B2
7835960	Breck	Nov 2010	B2
7841523	Oder, II	Nov 2010	B2
7841539	Hewton	Nov 2010	B2
7844550	Walker	Nov 2010	B2
7848980	Carlson	Dec 2010	B2
7849020	Johnson	Dec 2010	B2
7853529	Walker	Dec 2010	B1
7853995	Chow	Dec 2010	B2
7865414	Fung	Jan 2011	B2
7873579	Hobson	Jan 2011	B2
7873580	Hobson	Jan 2011	B2
7874010	Perlman	Jan 2011	B1
7890393	Talbert	Feb 2011	B2
7891563	Oder, II	Feb 2011	B2
7896238	Fein	Mar 2011	B2
7908216	Davis et al.	Mar 2011	B1
7922082	Muscato	Apr 2011	B2
7931195	Mullen	Apr 2011	B2
7937324	Patterson	May 2011	B2
7938318	Fein	May 2011	B2
7954705	Mullen	Jun 2011	B2
7959076	Hopkins, III	Jun 2011	B1
7996288	Stolfo	Aug 2011	B1
8025223	Saunders	Sep 2011	B2
8046256	Chien et al.	Oct 2011	B2
8060448	Jones	Nov 2011	B2
8060449	Zhu	Nov 2011	B1
8074877	Mullen	Dec 2011	B2
8074879	Harris	Dec 2011	B2
8078593	Ramarao	Dec 2011	B1
8082210	Hansen	Dec 2011	B2
8095113	Kean	Jan 2012	B2
8104679	Brown	Jan 2012	B2
RE43157	Bishop	Feb 2012	E
8109436	Hopkins, III	Feb 2012	B1
8121295	Everson	Feb 2012	B1
8121942	Carlson	Feb 2012	B2
8121956	Carlson	Feb 2012	B2
8126449	Beenau	Feb 2012	B2
8151345	Yeager	Apr 2012	B1
8171525	Pelly	May 2012	B1
8175973	Davis et al.	May 2012	B2
8190523	Patterson	May 2012	B2
8196813	Vadhri	Jun 2012	B2
8205791	Randazza	Jun 2012	B2
8219489	Patterson	Jul 2012	B2
8224702	Mengerink	Jul 2012	B2
8225385	Chow	Jul 2012	B2
8229852	Carlson	Jul 2012	B2
8265993	Chien	Sep 2012	B2
8280777	Mengerink	Oct 2012	B2
8281991	Wentker et al.	Oct 2012	B2
8307210	Duane	Nov 2012	B1
8328095	Oder, II	Dec 2012	B2
8336088	Raj et al.	Dec 2012	B2
8346666	Lindelsee et al.	Jan 2013	B2
8376225	Hopkins, III	Feb 2013	B1
8380177	Laracey	Feb 2013	B2
8387873	Saunders	Mar 2013	B2
8401539	Beenau	Mar 2013	B2
8401898	Chien	Mar 2013	B2
8402555	Grecia	Mar 2013	B2
8403211	Brooks	Mar 2013	B2
8412623	Moon	Apr 2013	B2
8412837	Emigh	Apr 2013	B1
8417642	Oren	Apr 2013	B2
8447699	Batada	May 2013	B2
8453223	Svigals	May 2013	B2
8453925	Fisher	Jun 2013	B2
8458487	Palgon	Jun 2013	B1
8484134	Hobson	Jul 2013	B2
8485437	Mullen	Jul 2013	B2
8494959	Hathaway	Jul 2013	B2
8498908	Mengerink	Jul 2013	B2
8504475	Brand et al.	Aug 2013	B2
8504478	Saunders	Aug 2013	B2
8510816	Quach	Aug 2013	B2
8433116	Davis et al.	Sep 2013	B2
8533860	Grecia	Sep 2013	B1
8538845	Liberty	Sep 2013	B2
8555079	Shablygin	Oct 2013	B2
8566168	Bierbaum	Oct 2013	B1
8567670	Stanfield	Oct 2013	B2
8571939	Lindsey	Oct 2013	B2
8577336	Mechaley, Jr.	Nov 2013	B2
8577803	Chatterjee	Nov 2013	B2
8577813	Weiss	Nov 2013	B2
8578176	Mattsson	Nov 2013	B2
8583494	Fisher	Nov 2013	B2
8584251	Mcguire	Nov 2013	B2
8589237	Fisher	Nov 2013	B2
8589271	Evans	Nov 2013	B2
8589291	Carlson	Nov 2013	B2
8595098	Starai	Nov 2013	B2
8595812	Bomar	Nov 2013	B2
8595850	Spies	Nov 2013	B2
8606638	Dragt	Dec 2013	B2
8606700	Carlson	Dec 2013	B2
8606720	Baker	Dec 2013	B1
8615468	Varadarajan	Dec 2013	B2
8620754	Fisher	Dec 2013	B2
8635157	Smith	Jan 2014	B2
8646059	Von Behren	Feb 2014	B1
8651374	Brabson	Feb 2014	B2
8656180	Shablygin	Feb 2014	B2
8751391	Freund	Jun 2014	B2
8762263	Gauthier et al.	Jun 2014	B2
8793186	Patterson	Jul 2014	B2
8838982	Carlson et al.	Sep 2014	B2
8856539	Weiss	Oct 2014	B2
8887308	Grecia	Nov 2014	B2
9065643	Hurry et al.	Jun 2015	B2
9070129	Sheets et al.	Jun 2015	B2
9100826	Weiss	Aug 2015	B2
9160741	Wentker et al.	Oct 2015	B2
9229964	Stevelinck	Jan 2016	B2
9245267	Singh	Jan 2016	B2
9249241	Dai et al.	Feb 2016	B2
9256871	Anderson et al.	Feb 2016	B2
9271110	Fultz	Feb 2016	B1
9280765	Hammad	Mar 2016	B2
9530137	Weiss	Dec 2016	B2
9860245	Ronda	Jan 2018	B2
9911117	Everhart	Mar 2018	B1
20010029485	Brody	Oct 2001	A1
20010034720	Armes	Oct 2001	A1
20010054003	Chien	Dec 2001	A1
20020007320	Hogan	Jan 2002	A1
20020016749	Borecki	Feb 2002	A1
20020029193	Ranjan	Mar 2002	A1
20020035548	Hogan	Mar 2002	A1
20020073045	Rubin	Jun 2002	A1
20020116341	Hogan	Aug 2002	A1
20020133467	Hobson	Sep 2002	A1
20020147913	Lun Yip	Oct 2002	A1
20020184511	Kolouch	Dec 2002	A1
20030028481	Flitcroft	Feb 2003	A1
20030084292	Pierce	May 2003	A1
20030130955	Hawthorne	Jul 2003	A1
20030191709	Elston	Oct 2003	A1
20030191945	Keech	Oct 2003	A1
20030212894	Buck	Nov 2003	A1
20040010462	Moon	Jan 2004	A1
20040034783	Fedronic	Feb 2004	A1
20040050928	Bishop	Mar 2004	A1
20040059682	Hasumi	Mar 2004	A1
20040093281	Silverstein	May 2004	A1
20040139008	Mascavage	Jul 2004	A1
20040143532	Lee	Jul 2004	A1
20040158532	Breck	Aug 2004	A1
20040210449	Breck	Oct 2004	A1
20040210498	Freund	Oct 2004	A1
20040232225	Bishop	Nov 2004	A1
20040260646	Berardi	Dec 2004	A1
20050037735	Coutts	Feb 2005	A1
20050069171	Rhoads	Mar 2005	A1
20050080730	Sorrentino	Apr 2005	A1
20050108178	York	May 2005	A1
20050137983	Bells	Jun 2005	A1
20050140964	Eschenauer	Jun 2005	A1
20050154923	Lok	Jul 2005	A1
20050166263	Nanopoulos	Jul 2005	A1
20050190914	Chen	Sep 2005	A1
20050199709	Linlor	Sep 2005	A1
20050246293	Ong	Nov 2005	A1
20050269401	Spitzer	Dec 2005	A1
20050269402	Spitzer	Dec 2005	A1
20050283441	Ekberg	Dec 2005	A1
20060075254	Henniger	Apr 2006	A1
20060235795	Johnson	Oct 2006	A1
20060237528	Bishop	Oct 2006	A1
20060255158	Margalit	Nov 2006	A1
20060278704	Saunders	Dec 2006	A1
20060287965	Bajan	Dec 2006	A1
20060288216	Buhler	Dec 2006	A1
20070066398	Rowan	Mar 2007	A1
20070067833	Colnot	Mar 2007	A1
20070107044	Yuen	May 2007	A1
20070129955	Dalmia	Jun 2007	A1
20070136193	Starr	Jun 2007	A1
20070136211	Brown	Jun 2007	A1
20070143227	Kranzley	Jun 2007	A1
20070150942	Cartmell	Jun 2007	A1
20070170247	Friedman	Jul 2007	A1
20070179885	Bird	Aug 2007	A1
20070208671	Brown	Sep 2007	A1
20070245414	Chan	Oct 2007	A1
20070262138	Somers	Nov 2007	A1
20070288377	Shaked	Dec 2007	A1
20070291995	Rivera	Dec 2007	A1
20080015988	Brown	Jan 2008	A1
20080029607	Mullen	Feb 2008	A1
20080035738	Mullen	Feb 2008	A1
20080052226	Agarwal	Feb 2008	A1
20080054068	Mullen	Mar 2008	A1
20080054079	Mullen	Mar 2008	A1
20080054081	Mullen	Mar 2008	A1
20080065554	Hogan	Mar 2008	A1
20080065555	Mullen	Mar 2008	A1
20080148057	Hauw	Jun 2008	A1
20080172738	Bates	Jul 2008	A1
20080201264	Brown	Aug 2008	A1
20080201265	Hewton	Aug 2008	A1
20080228646	Myers	Sep 2008	A1
20080243702	Hart	Oct 2008	A1
20080245855	Fein	Oct 2008	A1
20080245861	Fein	Oct 2008	A1
20080283591	Oder, II	Nov 2008	A1
20080302869	Mullen	Dec 2008	A1
20080302876	Mullen	Dec 2008	A1
20080313264	Pestoni	Dec 2008	A1
20090006262	Brown	Jan 2009	A1
20090010488	Matsuoka	Jan 2009	A1
20090037333	Flitcroft	Feb 2009	A1
20090037388	Cooper	Feb 2009	A1
20090043702	Bennett	Feb 2009	A1
20090048971	Hathaway	Feb 2009	A1
20090060184	Alten	Mar 2009	A1
20090106112	Dalmia	Apr 2009	A1
20090106160	Skowronek	Apr 2009	A1
20090134217	Flitcroft	May 2009	A1
20090157555	Biffle	Jun 2009	A1
20090159673	Mullen	Jun 2009	A1
20090159700	Mullen	Jun 2009	A1
20090159707	Mullen	Jun 2009	A1
20090173782	Muscato	Jul 2009	A1
20090200371	Kean	Aug 2009	A1
20090248583	Chhabra	Oct 2009	A1
20090276347	Kargman	Nov 2009	A1
20090281948	Carlson	Nov 2009	A1
20090294527	Brabson	Dec 2009	A1
20090307139	Mardikar	Dec 2009	A1
20090308921	Mullen	Dec 2009	A1
20090313318	Dye	Dec 2009	A1
20090327131	Beenau	Dec 2009	A1
20100008535	Abulafia	Jan 2010	A1
20100017867	Fascenda	Jan 2010	A1
20100024024	Siourthas	Jan 2010	A1
20100077216	Kramer	Mar 2010	A1
20100088237	Wankmueller	Apr 2010	A1
20100094755	Kloster	Apr 2010	A1
20100106644	Annan	Apr 2010	A1
20100120408	Beenau	May 2010	A1
20100133334	Vadhri	Jun 2010	A1
20100138347	Chen	Jun 2010	A1
20100145860	Pelegero	Jun 2010	A1
20100161433	White	Jun 2010	A1
20100185545	Royyuru	Jul 2010	A1
20100211505	Saunders	Aug 2010	A1
20100223186	Hogan	Sep 2010	A1
20100228668	Hogan	Sep 2010	A1
20100235284	Moore	Sep 2010	A1
20100258620	Torreyson	Oct 2010	A1
20100289627	McAllister	Nov 2010	A1
20100291904	Musfeldt	Nov 2010	A1
20100299267	Faith et al.	Nov 2010	A1
20100306076	Taveau	Dec 2010	A1
20100325041	Berardi	Dec 2010	A1
20110010292	Giordano	Jan 2011	A1
20110016047	Wu	Jan 2011	A1
20110016320	Bergsten	Jan 2011	A1
20110040640	Erikson	Feb 2011	A1
20110047076	Carlson et al.	Feb 2011	A1
20110083018	Kesanupalli	Apr 2011	A1
20110087596	Dorsey	Apr 2011	A1
20110093397	Carlson	Apr 2011	A1
20110103586	Nobre	May 2011	A1
20110125597	Oder, II	May 2011	A1
20110153437	Archer	Jun 2011	A1
20110153498	Makhotin et al.	Jun 2011	A1
20110154466	Harper	Jun 2011	A1
20110154467	Bomar	Jun 2011	A1
20110161233	Tieken	Jun 2011	A1
20110178926	Lindelsee et al.	Jul 2011	A1
20110191244	Dai	Aug 2011	A1
20110191592	Goertzen	Aug 2011	A1
20110197070	Mizrah	Aug 2011	A1
20110237224	Coppinger	Sep 2011	A1
20110238511	Park	Sep 2011	A1
20110238573	Varadarajan	Sep 2011	A1
20110246317	Coppinger	Oct 2011	A1
20110251892	Laracey	Oct 2011	A1
20110258111	Raj et al.	Oct 2011	A1
20110272471	Mullen	Nov 2011	A1
20110272478	Mullen	Nov 2011	A1
20110276380	Mullen	Nov 2011	A1
20110276381	Mullen	Nov 2011	A1
20110276424	Mullen	Nov 2011	A1
20110276425	Mullen	Nov 2011	A1
20110295745	White	Dec 2011	A1
20110302081	Saunders	Dec 2011	A1
20110307699	Fielder	Dec 2011	A1
20120023567	Hammad	Jan 2012	A1
20120028609	Hruska	Feb 2012	A1
20120030047	Fuentes et al.	Feb 2012	A1
20120035998	Chien	Feb 2012	A1
20120041881	Basu	Feb 2012	A1
20120047237	Arvidsson	Feb 2012	A1
20120060025	Cahill	Mar 2012	A1
20120066078	Kingston	Mar 2012	A1
20120072350	Goldthwaite	Mar 2012	A1
20120078735	Bauer	Mar 2012	A1
20120078798	Downing	Mar 2012	A1
20120078799	Jackson	Mar 2012	A1
20120095852	Bauer	Apr 2012	A1
20120095865	Doherty	Apr 2012	A1
20120110318	Stone	May 2012	A1
20120116902	Cardina	May 2012	A1
20120123882	Carlson	May 2012	A1
20120123940	Killian	May 2012	A1
20120129514	Beenau	May 2012	A1
20120143767	Abadir	Jun 2012	A1
20120143772	Abadir	Jun 2012	A1
20120158580	Eram	Jun 2012	A1
20120158593	Garfinkle	Jun 2012	A1
20120173431	Ritchie	Jul 2012	A1
20120179952	Tuyls	Jul 2012	A1
20120185386	Salama	Jul 2012	A1
20120197807	Schlesser	Aug 2012	A1
20120203664	Torossian	Aug 2012	A1
20120203666	Torossian	Aug 2012	A1
20120203700	Ornce	Aug 2012	A1
20120215688	Musser	Aug 2012	A1
20120215696	Salonen	Aug 2012	A1
20120221421	Hammad	Aug 2012	A1
20120221859	Marien	Aug 2012	A1
20120226582	Hammad	Sep 2012	A1
20120231844	Coppinger	Sep 2012	A1
20120233004	Bercaw	Sep 2012	A1
20120246070	Vadhri	Sep 2012	A1
20120246071	Jain	Sep 2012	A1
20120246079	Wilson et al.	Sep 2012	A1
20120265631	Cronic	Oct 2012	A1
20120271770	Harris	Oct 2012	A1
20120297446	Webb	Nov 2012	A1
20120300932	Cambridge	Nov 2012	A1
20120303503	Cambridge	Nov 2012	A1
20120303961	Kean	Nov 2012	A1
20120304273	Bailey	Nov 2012	A1
20120310725	Chien	Dec 2012	A1
20120310831	Harris	Dec 2012	A1
20120316992	Oborne	Dec 2012	A1
20120317035	Royyuru	Dec 2012	A1
20120317036	Bower	Dec 2012	A1
20130017784	Fisher	Jan 2013	A1
20130018757	Anderson et al.	Jan 2013	A1
20130019098	Gupta	Jan 2013	A1
20130031006	Mccullagh et al.	Jan 2013	A1
20130047263	Radhakrishnan	Feb 2013	A1
20130054337	Brendell	Feb 2013	A1
20130054466	Muscato	Feb 2013	A1
20130054474	Yeager	Feb 2013	A1
20130081122	Svigals	Mar 2013	A1
20130085944	Fielder	Apr 2013	A1
20130091028	Oder, II	Apr 2013	A1
20130110658	Lyman	May 2013	A1
20130111599	Gargiulo	May 2013	A1
20130117185	Collison	May 2013	A1
20130124290	Fisher	May 2013	A1
20130124291	Fisher	May 2013	A1
20130124364	Mittal	May 2013	A1
20130138525	Bercaw	May 2013	A1
20130144888	Faith	Jun 2013	A1
20130145148	Shablygin	Jun 2013	A1
20130145172	Shablygin	Jun 2013	A1
20130159178	Colon	Jun 2013	A1
20130159184	Thaw	Jun 2013	A1
20130159195	Kirillin	Jun 2013	A1
20130166402	Parento	Jun 2013	A1
20130166456	Zhang	Jun 2013	A1
20130173736	Krzeminski	Jul 2013	A1
20130185202	Goldthwaite	Jul 2013	A1
20130191286	Cronic	Jul 2013	A1
20130191289	Cronic	Jul 2013	A1
20130198071	Jurss	Aug 2013	A1
20130198080	Anderson et al.	Aug 2013	A1
20130200146	Moghadam	Aug 2013	A1
20130204787	Dubois	Aug 2013	A1
20130204793	Kerridge	Aug 2013	A1
20130212007	Mattsson	Aug 2013	A1
20130212017	Bangia	Aug 2013	A1
20130212019	Mattsson	Aug 2013	A1
20130212024	Mattsson	Aug 2013	A1
20130212026	Powell et al.	Aug 2013	A1
20130212666	Mattsson	Aug 2013	A1
20130218698	Moon	Aug 2013	A1
20130218769	Pourfallah et al.	Aug 2013	A1
20130226799	Raj	Aug 2013	A1
20130226813	Voltz	Aug 2013	A1
20130226815	Ibasco	Aug 2013	A1
20130246199	Carlson	Sep 2013	A1
20130246202	Tobin	Sep 2013	A1
20130246203	Laracey	Sep 2013	A1
20130246258	Dessert	Sep 2013	A1
20130246259	Dessert	Sep 2013	A1
20130246261	Purves et al.	Sep 2013	A1
20130246267	Tobin	Sep 2013	A1
20130254028	Salci	Sep 2013	A1
20130254052	Royyuru	Sep 2013	A1
20130254102	Royyuru	Sep 2013	A1
20130254117	Von Mueller	Sep 2013	A1
20130262296	Thomas	Oct 2013	A1
20130262302	Lettow	Oct 2013	A1
20130262315	Hruska	Oct 2013	A1
20130262316	Hruska	Oct 2013	A1
20130262317	Collinge	Oct 2013	A1
20130275300	Killian	Oct 2013	A1
20130275307	Khan	Oct 2013	A1
20130275308	Paraskeva	Oct 2013	A1
20130282502	Jooste	Oct 2013	A1
20130282575	Mullen	Oct 2013	A1
20130282588	Hruska	Oct 2013	A1
20130290719	Kaler	Oct 2013	A1
20130297501	Monk et al.	Nov 2013	A1
20130297504	Nwokolo	Nov 2013	A1
20130297508	Belamant	Nov 2013	A1
20130304649	Cronic	Nov 2013	A1
20130308778	Fosmark	Nov 2013	A1
20130311382	Fosmark	Nov 2013	A1
20130317982	Mengerink	Nov 2013	A1
20130326602	Chen	Dec 2013	A1
20130332344	Weber	Dec 2013	A1
20130339253	Sincai	Dec 2013	A1
20130346314	Mogollon	Dec 2013	A1
20140004817	Horton	Jan 2014	A1
20140007213	Sanin	Jan 2014	A1
20140013106	Redpath	Jan 2014	A1
20140013114	Redpath	Jan 2014	A1
20140013452	Aissi et al.	Jan 2014	A1
20140019352	Shrivastava	Jan 2014	A1
20140019364	Hurry	Jan 2014	A1
20140019752	Yin	Jan 2014	A1
20140025581	Calman	Jan 2014	A1
20140025585	Calman	Jan 2014	A1
20140025958	Calman	Jan 2014	A1
20140032417	Mattsson	Jan 2014	A1
20140032418	Weber	Jan 2014	A1
20140040137	Carlson	Feb 2014	A1
20140040139	Brudnicki	Feb 2014	A1
20140040144	Plomske	Feb 2014	A1
20140040145	Ozvat	Feb 2014	A1
20140040148	Ozvat	Feb 2014	A1
20140040628	Fort	Feb 2014	A1
20140041018	Bomar	Feb 2014	A1
20140046853	Spies	Feb 2014	A1
20140047551	Nagasundaram et al.	Feb 2014	A1
20140052532	Tsai	Feb 2014	A1
20140052620	Rogers	Feb 2014	A1
20140052637	Jooste	Feb 2014	A1
20140068706	Aissi	Mar 2014	A1
20140074637	Hammad	Mar 2014	A1
20140082366	Engler	Mar 2014	A1
20140108172	Weber et al.	Apr 2014	A1
20140114857	Griggs et al.	Apr 2014	A1
20140136418	Fielder	May 2014	A1
20140143137	Carlson	May 2014	A1
20140164243	Aabye et al.	Jun 2014	A1
20140188586	Carpenter et al.	Jul 2014	A1
20140294701	Dai et al.	Oct 2014	A1
20140297534	Patterson	Oct 2014	A1
20140310183	Weber	Oct 2014	A1
20140330721	Wang	Nov 2014	A1
20140330722	Laxminarayanan et al.	Nov 2014	A1
20140331265	Mozell et al.	Nov 2014	A1
20140337236	Wong et al.	Nov 2014	A1
20140344153	Raj et al.	Nov 2014	A1
20140372308	Sheets	Dec 2014	A1
20150019443	Sheets et al.	Jan 2015	A1
20150032625	Dill	Jan 2015	A1
20150032626	Dill	Jan 2015	A1
20150032627	Dill	Jan 2015	A1
20150046338	Laxminarayanan	Feb 2015	A1
20150046339	Wong et al.	Feb 2015	A1
20150052064	Karpenko et al.	Feb 2015	A1
20150088756	Makhotin et al.	Mar 2015	A1
20150106239	Gaddam et al.	Apr 2015	A1
20150112870	Nagasundaram et al.	Apr 2015	A1
20150112871	Kumnick	Apr 2015	A1
20150120472	Aabye et al.	Apr 2015	A1
20150127529	Makhotin et al.	May 2015	A1
20150127547	Powell et al.	May 2015	A1
20150128243	Roux	May 2015	A1
20150140960	Powell et al.	May 2015	A1
20150142673	Nelsen et al.	May 2015	A1
20150161597	Subramanian et al.	Jun 2015	A1
20150178724	Ngo et al.	Jun 2015	A1
20150180836	Wong et al.	Jun 2015	A1
20150186864	Jones et al.	Jul 2015	A1
20150193222	Pirzadeh et al.	Jul 2015	A1
20150195133	Sheets et al.	Jul 2015	A1
20150199679	Palanisamy et al.	Jul 2015	A1
20150199689	Kumnick et al.	Jul 2015	A1
20150220917	Aabye et al.	Aug 2015	A1
20150269566	Gaddam et al.	Sep 2015	A1
20150312038	Palanisamy	Oct 2015	A1
20150319158	Kumnick	Nov 2015	A1
20150332262	Lingappa	Nov 2015	A1
20150356560	Shastry et al.	Dec 2015	A1
20160028550	Gaddam et al.	Jan 2016	A1
20160042263	Gaddam et al.	Feb 2016	A1
20160065370	Le Saint et al.	Mar 2016	A1
20160092696	Guglani et al.	Mar 2016	A1
20160092872	Prakash et al.	Mar 2016	A1
20160103675	Aabye et al.	Apr 2016	A1
20160119296	Laxminarayanan et al.	Apr 2016	A1
20160224976	Basu	Aug 2016	A1
20170046696	Powell et al.	Feb 2017	A1
20170103387	Weber	Apr 2017	A1
20170220818	Nagasundaram et al.	Aug 2017	A1
20170228723	Taylor	Aug 2017	A1

Foreign Referenced Citations (16)

Number	Date	Country
2156397	Feb 2010	EP
2001035304	May 2001	WO
2001035304	May 2001	WO
2004042536	May 2004	WO
2006113834	Oct 2006	WO
2009032523	Mar 2009	WO
2010078522	Jul 2010	WO
2012068078	May 2012	WO
WO2012064280	May 2012	WO
2012098556	Jul 2012	WO
2012142370	Oct 2012	WO
2012167941	Dec 2012	WO
2013048538	Apr 2013	WO
2013056104	Apr 2013	WO
2013119914	Aug 2013	WO
2013179271	Dec 2013	WO

Non-Patent Literature Citations (32)

Entry
Petition for Inter Partes Review of U.S. Pat. No. 8,533,860 Challenging Claims 1-30 Under 35 U.S.C. § 312 and 37 C.F.R. § 42.104, filed Feb. 17, 2016, Before the USPTO Patent Trial and Appeal Board, IPR 2016-00600, 65 pages.
Wang, U.S. Appl. No. 62/000,288 (unpublished), Payment System Canonical Address Format filed May 19, 2014.
Sharma et al., U.S. Appl. No. 62/003,717 (unpublished), Mobile Merchant Application filed May 28, 2014.
Kalgi et al., U.S. Appl. No. 62/024,426, (unpublished) Secure Transactions Using Mobile Devices filed Jul. 14, 2014.
Prakash et al., U.S. Appl. No. 62/037,033 (unpublished), Sharing Payment Token filed Aug. 13, 2014.
Hoverson et al., U.S. Appl. No. 62/038,174 (unpublished), Customized Payment Gateway filed Aug. 15, 2014.
Wang, U.S. Appl. No. 62/042,050 (unpublished), Payment Device Authentication and Authorization System filed Aug. 26, 2014.
Gaddam et al., U.S. Appl. No. 62/053,736 (unpublished), Completing Transactions Without a User Payment Device filed Sep. 22, 2014.
Patterson, U.S. Appl. No. 62/054,346 (unpublished), Mirrored Token Vault filed Sep. 23, 2014.
Dimmick, U.S. Appl. No. 14/952,514 (unpublished), Systems Communications With Non-Sensitive Identifiers filed Nov. 25, 2015.
Dimmick, U.S. Appl. No. 14/952,444 (unpublished), Tokenization Request Via Access Device filed Nov. 25, 2015.
Prakash et al., U.S. Appl. No. 14/955,716 (unpublished), Provisioning Platform for Machine-To-Machine Devices filed Dec. 1, 2015.
Wong et al., U.S. Appl. No. 14/966,948 (unpublished), Automated Access Data Provisioning filed Dec. 11, 2015.
Stubbs et al., U.S. Appl. No. 62/103,522 (unpublished), Methods and Systems for Wallet Provider Provisioning filed Jan. 14, 2015.
McGuire, U.S. Appl. No. 14/600,523 (unpublished), Secure Payment Processing Using Authorization Request filed Jan. 20, 2015.
Flurscheim et al., U.S. Appl. No. 15/004,705 (unpublished), Cloud-Based Transactions With Magnetic Secure Transmission filed Jan. 22, 2016.
Flurscheim et al., U.S. Appl. No. 62/108,403 (unpublished), Wearables With NFC HCE filed Jan. 27, 2015.
Sabba et al., U.S. Appl. No. 15/011,366 (unpublished), Token Check Offline filed Jan. 29, 2016.
Patterson, U.S. Appl. No. 15/019,157 (unpublished), Token Processing Utilizing Multiple Authorizations filed Feb. 9, 2016.
Cash et al., U.S. Appl. No. 15/041,495 (unpublished), Peer Forward Authorization of Digital Requests filed Feb. 11, 2016.
Le Saint et al., , U.S. Appl. No. 15/008,388 (unpublished), Methods for Secure Credential Provisioning filed Jan. 27, 2016.
Kinagi, U.S. Appl. No. 62/117,291 (unpublished), Token and Cryptogram Using Transaction Specific Information filed Feb. 17, 2015.
Galland et al. U.S. Appl. No. 62/128,709 (unpublished), Tokenizing Transaction Amounts filed Mar. 5, 2015.
Rangarajan et al., U.S. Appl. No. 61/751,763 (unpublished), Payments Bridge filed Jan. 11, 2013.
Li, U.S. Appl. No. 61/894,749 (unpublished), Methods and Systems for Authentication and Issuance of Tokens in a Secure Environment filed Oct. 23, 2013.
Aissi et al., U.S. Appl. No. 61/738,832 (unpublished), Management of Sensitive Data filed Dec. 18, 2012.
Wong et al., U.S. Appl. No. 61/879,362 (unpublished), Systems and Methods for Managing Mobile Cardholder Verification Methods filed Sep. 18, 2013.
Powell, U.S. Appl. No. 61/892,407 (unpublished), Issuer Over-The-Air Update Method and System filed Oct. 17, 2013.
Powell, U.S. Appl. No. 61/926,236 (unpublished), Methods and Systems for Provisioning Mobile Devices With Payment Credentials and Payment Token Identifiers filed Jan. 10, 2014.
International Search Report dated Apr. 1, 2014 in PCT/IB2013/060696, 3 pages.
Chipman, et al., U.S. Appl. No. 15/265,282 (Unpublished), Self-Cleaning Token Vault, filed Sep. 14, 2016.
Lopez, et al., U.S. Appl. No. 15/462,658 (Unpublished), Replacing Token on a Multi-Token User Device, filed Mar. 17, 2017.

Related Publications (1)

	Number	Date	Country
	20150302390 A1	Oct 2015	US

Token generating component

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

US

CPC

International Classifications

Term Extension

Abstract

Description

Claims

Priority Claims (1)

PCT Information

US Referenced Citations (596)

Foreign Referenced Citations (16)

Non-Patent Literature Citations (32)

Related Publications (1)