EP2476088A4 - Secure communication of payment information to merchants using a verification token - Google Patents

Secure communication of payment information to merchants using a verification token

Info

Publication number: EP2476088A4
Authority: EP; European Patent Office
Prior art keywords: merchants; payment information; secure communication; verification token; token
Prior art date: 2009-09-10
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.): Withdrawn

Application number

EP10816167.0A

Other languages

German (de)

French (fr)

Other versions

EP2476088A2 (en

Inventor

Ayman Hammad

Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)

Visa International Service Association

Original Assignee

Visa International Service Association

Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)

2009-09-10

Filing date

2010-09-10

Publication date

2014-01-15

2010-02-24 Priority claimed from US12/712,148 external-priority patent/US7891560B2/en

2010-05-14 Priority claimed from US12/780,657 external-priority patent/US9038886B2/en

2010-09-10 Application filed by Visa International Service Association filed Critical Visa International Service Association

2012-07-18 Publication of EP2476088A2 publication Critical patent/EP2476088A2/en

2014-01-15 Publication of EP2476088A4 publication Critical patent/EP2476088A4/en

Status Withdrawn legal-status Critical Current

Links

Classifications

- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/385—Payment protocols; Details thereof using an alias or single-use codes
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
- G06Q20/425—Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data

EP10816167.0A 2009-09-10 2010-09-10 Secure communication of payment information to merchants using a verification token Withdrawn EP2476088A4 (en)

Applications Claiming Priority (4)

Application Number	Priority Date	Filing Date	Title
US24136709P	2009-09-10	2009-09-10
US12/712,148 US7891560B2 (en)	2009-05-15	2010-02-24	Verification of portable consumer devices
US12/780,657 US9038886B2 (en)	2009-05-15	2010-05-14	Verification of portable consumer devices
PCT/US2010/048455 WO2011031988A2 (en)	2009-09-10	2010-09-10	Secure communication of payment information to merchants using a verification token

Publications (2)

Publication Number	Publication Date
EP2476088A2 EP2476088A2 (en)	2012-07-18
EP2476088A4 true EP2476088A4 (en)	2014-01-15

Family

ID=43733107

Family Applications (1)

Application Number	Title	Priority Date	Filing Date
EP10816167.0A Withdrawn EP2476088A4 (en)	2009-09-10	2010-09-10	Secure communication of payment information to merchants using a verification token

Country Status (5)

Country	Link
EP (1)	EP2476088A4 (en)
AU (1)	AU2010292125B2 (en)
BR (1)	BR112012005419A2 (en)
CA (1)	CA2773543A1 (en)
WO (1)	WO2011031988A2 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
US9715681B2 (en)	2009-04-28	2017-07-25	Visa International Service Association	Verification of portable consumer devices
US9105027B2 (en)	2009-05-15	2015-08-11	Visa International Service Association	Verification of portable consumer device for secure services
US8534564B2 (en)	2009-05-15	2013-09-17	Ayman Hammad	Integration of verification tokens with mobile communication devices
US9038886B2 (en)	2009-05-15	2015-05-26	Visa International Service Association	Verification of portable consumer devices
US8893967B2 (en)	2009-05-15	2014-11-25	Visa International Service Association	Secure Communication of payment information to merchants using a verification token
CN107967602A (en)	2011-03-04	2018-04-27	维萨国际服务协会	Ability to pay is bound to the safety element of computer
US10282724B2 (en)	2012-03-06	2019-05-07	Visa International Service Association	Security system incorporating mobile device
WO2015161699A1 (en) *	2014-04-25	2015-10-29	天地融科技股份有限公司	Secure data interaction method and system
CN109191116B (en) *	2018-07-27	2023-05-12	创新先进技术有限公司	Resource management method and system and payment management method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
US5365586A (en) *	1993-04-09	1994-11-15	Washington University	Method and apparatus for fingerprinting magnetic media
WO2002001520A1 (en) *	2000-06-26	2002-01-03	Covadis S.A.	Device for carrying out secure transactions in a communications network
US20060016879A1 (en) *	2004-07-26	2006-01-26	First Data Corporation	Presentation instrument security arrangement and methods
EP2098985A2 (en) *	2008-03-03	2009-09-09	Broadcom Corporation	Secure financial reader architecture

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
US6983882B2 (en) *	2003-03-31	2006-01-10	Kepler, Ltd.	Personal biometric authentication and authorization device
US7761374B2 (en)	2003-08-18	2010-07-20	Visa International Service Association	Method and system for generating a dynamic verification value
US7740168B2 (en)	2003-08-18	2010-06-22	Visa U.S.A. Inc.	Method and system for generating a dynamic verification value
KR20050019674A (en) *	2003-08-20	2005-03-03	엘지전자 주식회사	Payment method for mobile credit card using mobile communication device
US7584153B2 (en) *	2004-03-15	2009-09-01	Qsecure, Inc.	Financial transactions with dynamic card verification values
US8934865B2 (en) *	2006-02-02	2015-01-13	Alcatel Lucent	Authentication and verification services for third party vendors using mobile devices
KR100899477B1 (en) *	2006-12-05	2009-05-27	백승한	Authentication system and method for approval

2010
- 2010-09-10 CA CA2773543A patent/CA2773543A1/en not_active Abandoned
- 2010-09-10 AU AU2010292125A patent/AU2010292125B2/en active Active
- 2010-09-10 EP EP10816167.0A patent/EP2476088A4/en not_active Withdrawn
- 2010-09-10 WO PCT/US2010/048455 patent/WO2011031988A2/en active Application Filing
- 2010-09-10 BR BR112012005419A patent/BR112012005419A2/en not_active IP Right Cessation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
US5365586A (en) *	1993-04-09	1994-11-15	Washington University	Method and apparatus for fingerprinting magnetic media
WO2002001520A1 (en) *	2000-06-26	2002-01-03	Covadis S.A.	Device for carrying out secure transactions in a communications network
US20060016879A1 (en) *	2004-07-26	2006-01-26	First Data Corporation	Presentation instrument security arrangement and methods
EP2098985A2 (en) *	2008-03-03	2009-09-09	Broadcom Corporation	Secure financial reader architecture

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO2011031988A2 *

Also Published As

Publication number	Publication date
AU2010292125B2 (en)	2014-11-06
AU2010292125A1 (en)	2012-04-26
EP2476088A2 (en)	2012-07-18
BR112012005419A2 (en)	2016-04-12
WO2011031988A3 (en)	2011-07-21
WO2011031988A2 (en)	2011-03-17
CA2773543A1 (en)	2011-03-17

Legal Events

Date	Code	Title	Description
2012-06-15	PUAI	Public reference made under article 153(3) epc to a published international application that has entered the european phase	Free format text: ORIGINAL CODE: 0009012
2012-07-18	17P	Request for examination filed	Effective date: 20120330
2012-07-18	AK	Designated contracting states	Kind code of ref document: A2 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR
2012-12-19	DAX	Request for extension of the european patent (deleted)
2014-01-15	A4	Supplementary search report drawn up and despatched	Effective date: 20131217
2014-01-15	RIC1	Information provided on ipc code assigned before grant	Ipc: G06F 21/35 20130101ALI20131211BHEP Ipc: H04L 29/06 20060101ALI20131211BHEP Ipc: G06Q 20/32 20120101ALI20131211BHEP Ipc: G06F 21/31 20130101ALI20131211BHEP Ipc: G06Q 20/42 20120101ALI20131211BHEP Ipc: G06Q 20/20 20120101ALI20131211BHEP Ipc: G06Q 20/12 20120101ALI20131211BHEP Ipc: H04L 9/32 20060101ALI20131211BHEP Ipc: G06F 21/34 20130101ALI20131211BHEP Ipc: G06Q 20/40 20120101ALI20131211BHEP Ipc: G06Q 20/00 20120101AFI20131211BHEP Ipc: G06F 21/00 20130101ALI20131211BHEP Ipc: G06Q 20/38 20120101ALI20131211BHEP
2014-02-19	17Q	First examination report despatched	Effective date: 20140120
2014-10-24	STAA	Information on the status of an ep patent application or granted ep patent	Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN
2014-11-26	18W	Application withdrawn	Effective date: 20141021

Publication	Publication Date	Title
EP2476088A4 (en)	2014-01-15	Secure communication of payment information to merchants using a verification token
GB2473400B (en)	2013-02-13	Real time authentication of payment cards
EP2526517A4 (en)	2014-08-06	Token based transaction authentication
EP2156397A4 (en)	2011-10-05	Secure payment card transactions
EP2248093A4 (en)	2012-10-10	Financial transaction token
GB2470281B (en)	2016-10-19	Purchase transaction system with encrypted transaction information
EP2119076A4 (en)	2011-03-02	Authentication of a data card using a transit verification value
GB201309968D0 (en)	2013-07-17	Purchase transaction system with encrypted payment card data
HUE037029T2 (en)	2018-08-28	Secure transaction authentication
SG10201405002VA (en)	2014-10-30	Location controls on payment card transactions
EP2394388A4 (en)	2013-08-28	Network transaction verification and authentication
EP2507761A4 (en)	2013-10-16	Using social network and transaction information
EP2478479A4 (en)	2013-11-13	Facilitating e-commerce payments using non-accepted customer payment methods
EP2561470A4 (en)	2014-01-22	Third party transaction payment prcessing
GB201214024D0 (en)	2012-09-19	Transaction auditing for data security devices
EP2485184A4 (en)	2016-07-20	Credit card fraud prevention system
EP2656280A4 (en)	2015-09-02	Fuel dispensing payment system for secure evaluation of cardholder data
HK1127482A2 (en)	2009-09-25	A financial transaction card
SG10201500686YA (en)	2015-04-29	Authentication framework extension to verify identification information
GB2488486B (en)	2013-01-09	Payment card
GB0905388D0 (en)	2009-05-13	Verification of a payment card transaction
GB0905150D0 (en)	2009-05-06	Decreasing credit card fraud
EP2521994A4 (en)	2014-06-18	Authentication of transactions in a network
ZA201100774B (en)	2011-10-26	Security measures for credit card
PT2325806E (en)	2013-03-06	Method for generating toll transactions