CN101502031A - Verification error reduction system - Google Patents

Verification error reduction system Download PDF

Info

Publication number
CN101502031A
CN101502031A CNA2007800295538A CN200780029553A CN101502031A CN 101502031 A CN101502031 A CN 101502031A CN A2007800295538 A CNA2007800295538 A CN A2007800295538A CN 200780029553 A CN200780029553 A CN 200780029553A CN 101502031 A CN101502031 A CN 101502031A
Authority
CN
China
Prior art keywords
value
transaction
validation value
data element
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2007800295538A
Other languages
Chinese (zh)
Other versions
CN101502031B (en
Inventor
P·费斯
A·哈玛德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Visa USA Inc
Original Assignee
Visa USA Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visa USA Inc filed Critical Visa USA Inc
Priority claimed from PCT/US2007/071479 external-priority patent/WO2008016752A2/en
Publication of CN101502031A publication Critical patent/CN101502031A/en
Application granted granted Critical
Publication of CN101502031B publication Critical patent/CN101502031B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/085Payment architectures involving remote charge determination or related payment systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3672Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes initialising or reloading thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/105Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems involving programming of a portable memory device, e.g. IC cards, "electronic purses"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/204Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q2220/00Business processing using cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Development Economics (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Cash Registers Or Receiving Machines (AREA)
  • Storage Device Security (AREA)

Abstract

A method is disclosed. The method includes a) receiving a dynamic data element and a first verification value derived from the dynamic data element, wherein the first verification value is generated in response to a transaction conducted using a portable consumer device, b) determining if the dynamic data element is within a predetermined range, c) if the dynamic data element is within the predetermined range, generating a second verification value, d) determining if the second verification value matches the first verification value, or if the second verification value is otherwise acceptable, and e) initiating the approval the transaction if the second verification value matches the first verification value.

Description

Verification error reduction system
The cross reference of related application
The application requires the U.S. Provisional Patent Application No.60/815 of submission on June 19th, 2006,059, the No.60/815 that submitted on June 20th, 2006, the No.60/884 that on January 9th, 430 and 2007 submitted to, the right of 089 the applying date, these applications are included in this by reference for all purposes as describing in detail at this document.
Background
Along with the increase of the method and apparatus that is used to participate in financial transaction, continue to exist such as the swindle and the old problem of forging.
One of main source of swindle is to skim (skimming), and this is general in credit card industry.Skim the magnetic stripe data that refers to the reprography card and forge card so that make.
Skimming is the main phenomenon that torments based on the transaction of magnetic stripe.This be because place on the transactional cards back side, the magnetic stripe of store various kinds of data is a kind of by moving medium on three independent magnetic tracks.In other words, the digital content on the magnetic stripe can be duplicated by perfection, between copy and original without any difference.
Can prevent that one of main means of skimming from being the whereabouts that the consumer closely monitors its transactional cards.This can make the consumer can prevent to swipe the card by unsuitable equipment.Yet along with the appearance of non-contact card, the classical problem of skimming is also following.In fact, in wireless environment, the chance of skimming magnetic stripe data is more general.In wireless environment, potential skimmer does not need physically to hold to be wanted skimmed card, also need not to visit skim required any physical equipment (for example, POS terminal, communication line etc.) in based on wired environment.Skimmer can be tackled wireless transactions and be duplicated the data that just send to the POS terminal from card under the situation of not understanding consumer or businessman.
In order to overcome the above problems, it is dynamic card verification value that the someone proposes to use dCVV.Can use and adopt at least one counter and generate dCVV such as the algorithm of the input data of number of the account, the term of validity and other information.Whenever once conclude the business, counter can increase one.DCVV can be by the transaction portable consumer device of front end or any generation in the POS terminal, and can be sent to backend computer.Counter can send to backend computer from businessman, makes the latter know the current Counter Value that is associated with portable consumer device.In other cases, counter can be present in the backend computer place simply.In one situation of back, whenever backend computer is seen a transaction, computer promptly increases one.The backend computer that use is similar in algorithm, Counter Value and the input data of front end generation dCVV can independently generate the 2nd dCVV.If dCVV that is received and the dCVV that is generated coupling, then transaction can be considered to real.If dCVV does not match, this may indicate transaction is rogue.
Although above-mentioned dCVV process is useful, send and in the do not match various situations of corresponding counts device value of backend computer of the Counter Value that back-end server receives yet may exist from portable consumer device.For example, sometimes, businessman is not transmitted to the publisher in timely mode with transaction data.If such thing has taken place, then the transaction in consumer future of carrying out might by mistake be refused.For example, if have counter in the employed portable consumer device of consumer to the transaction number counting that is carried out, if and the counter in the backend computer (does not for example keep corresponding transaction count, because the delay from the transaction data of one or more businessmans is received and refuses to pay), then some in the consumer transaction may by mistake be refused.This is undesirable.
Various embodiments of the present invention solve these and other problem individually or jointly.
Brief overview
Embodiments of the invention have been described verification error reduction system and the method that is used for whenever use the authenticity of these payment services of dynamic authentication such as the payment services on the portable consumer device of integrated circuit credit card the time transaction utilization.
One embodiment of the present of invention are at a kind of method that may further comprise the steps: a) receive dynamic data element and from this dynamic data element (for example, count value) first validation value that obtains, wherein first validation value (dCVV) is in response to the transaction of using portable consumer device to carry out and generates; B) determine that this dynamic data element is whether in preset range; C) if this dynamic data element in preset range, then generates second validation value; D) determine whether second validation value mates first validation value, or whether second validation value can be accepted; And e) if second verification value matches, first validation value, or second validation value can accept, and then starts the approval to transaction.
An alternative embodiment of the invention is at the computer-readable medium that comprises following code: be used to receive dynamic data element and the code of first validation value that obtains from this dynamic data element, wherein first validation value is in response to the transaction of using portable consumer device to carry out and generates; Be used for determining the whether code in preset range of this dynamic data element; Be used under the situation of this dynamic data element in preset range, generating the code of second validation value; Be used for determining whether second validation value mates first validation value, or second validation value acceptable code whether; And be used under second verification value matches, first validation value or the acceptable situation of second validation value starting code to the approval of transaction.
Other embodiment of the present invention are at server computer and system.
The accompanying drawing summary
Fig. 1 has described to create encrypted data chunk for the method for using in one embodiment of this invention.
Fig. 2 has described to be used for from residing in the method for the unique key that obtains of data generation on the portable consumer device.
Fig. 3 has described to be used to extract the each several part of encrypted data chunk according to the present invention so that create the method for dynamic card verification value.
Fig. 4 has described for the exemplary record formats of using in one embodiment of this invention.
Fig. 5 has described for the replacement example format that uses in one embodiment of this invention.
Fig. 6 utilizes the validation value of dynamic creation to come the flow chart of the method for optimizing of authenticating transactions.
Fig. 7 utilizes the validation value of dynamic creation to come the flow chart of the replacement method of authenticating transactions.
Describe in detail
Before describing method of the present invention, be appreciated that to the invention is not restricted to described ad hoc approach, equipment or agreement that these methods, equipment or agreement can change.Also can understand, term as used in this specification only is in order to describe the purpose of particular version or embodiment, not to be intended to limit the scope of the present invention that is only limited by appended claims.Particularly, although described the present invention, can understand the present invention and can in any electronic exchange of data, find purposes in conjunction with financial transaction.
Notice that also as the land used that makes in this paper and the appended claims, " " of singulative, " one " and " being somebody's turn to do " comprise plural reference, unless context is pointed out in addition clearly.Therefore, for example quoting of " key " referred to one or more keys, and equivalents known to those skilled in the art etc.
Generally speaking, embodiments of the invention provide that to be used for each transaction is dynamically generated the card validation value and utilizes such value to come the validation of payment transaction be real and not skimmed through improved method and system.Dynamically the card validation value (being called as " dCVV " herein) that generates generates on portable consumer device, embeds in the payment data, and sends to point of sales terminal.In alternative embodiment, receive payment data from portable consumer device, generate validation value by point of sales terminal, and validation value is embedded in the payment data.
In one embodiment, the data that received by point of sales terminal are interpreted as payment data (the standard magnetic stripe magnetic track 1 and/or magnetic track 2 data that for example, do not have embedded dCVV) simply by point of sales terminal.Point of sales terminal is passed to payment network with the data that received, and the latter passes to the service supplier with data again.If the service supplier determines that transaction is the transaction that needs dCVV, then the service supplier independently generates validation value.If the dCVV that the validation value that is generated by the service supplier does not match and receives from portable consumer device, then transaction be identified as may be rogue and do not go through.
In alternative embodiment, data are received by point of sales terminal, and are used to generate validation value by point of sales terminal.Point of sales terminal is passed to payment network with the data that received, and the latter passes to the service supplier with data again.The service supplier independently generates validation value.If the dCVV that the validation value that is generated by the service supplier does not match and receives from point of sales terminal, then transaction be identified as may be rogue and do not go through.
As mentioned above, in some cases, can receive at the backend computer place with the dCVV that generates by portable consumer device such as the dynamic data element of count value (or data element of changeable other types).Backend computer can determine that count value is whether in preset range.If then backend computer can independently generate another dCVV.If dCVV that is received and the dCVV that is generated coupling, then transaction can be considered to real.
Backend computer can comprise processor and contain the computer-readable medium that is useful on the code of carrying out any function as herein described.For example, backend computer can comprise the computer-readable medium that comprises following code: be used to receive dynamic data element and the code of first validation value that obtains from this dynamic data element, wherein first validation value is in response to the transaction of using portable consumer device to carry out and generates; Be used for determining the whether code in preset range of this dynamic data element; Be used under the situation of this dynamic data element in preset range, generating the code of second validation value; Be used for determining whether second validation value mates the code of first validation value; And be used under the situation of second verification value matches, first validation value starting code to the approval of transaction.
The scope of the Counter Value at backend computer place provides certain tolerance, the count value that it receives from the POS terminal in case the count value at backend computer place does not match.In a preferred embodiment, the scope of Counter Value is less than about 10 or between about 2 and 10.If the count value that receives from the POS terminal and the count value of back-end server for example 10 with interior or even 5 with interior or littler, even then dCVV does not match, transaction also can be considered to real.
Advantageously, in an embodiment of the present invention since unmatched Counter Value and as the unaccepted transaction of false transaction with less.Notice,, also can use the value and the scope of other types although describe Counter Value in detail.For example, dynamic data element can be the time in one day, and scope can be the scope on date.
Be the application's purpose, term " portable consumer device " can comprise any equipment that contains the microprocessor that can use in transaction as described herein or exchanges data.Do not limiting under the aforesaid recapitulative situation, " portable consumer device " can comprise integrated circuit card (being also referred to as smart card usually), memory card, cellular phone, personal digital assistant, mobile electronic device or computer.
Be the application's purpose, " noncontact " or " wireless " can comprise any communication means or agreement, comprises proprietary protocol, wherein two exchanged between equipment data and the equipment that need not is coupled physically.Do not limiting under the aforesaid recapitulative situation, " noncontact " or " wireless " can comprise the transfer of data of being undertaken by laser, radio frequency, infrared communication, bluetooth or WLAN (wireless local area network).
Be the application's purpose, term " payment services " can be included on the portable consumer device and use, cause the Any Application that data exchange between portable consumer device and any other equipment or position.Should be understood that " payment services " are not limited to financial applications.
Be the application's purpose, " payment data " can comprise by payment services for financial applications and using carrying out those data elements of transaction, and can comprise that for non financial transaction any except that the present invention must data element.For example, when payment services were magnetic stripe credit card transaction, " payment data " can comprise magnetic track 1 and/or magnetic track 2 data, understands ground as the those of ordinary skill of credit card industry, such as primary account number, the term of validity, service codes and arbitrary data." payment data " also can comprise unique card identification number or service supplier's unique identifying number.
In an embodiment of the present invention, payment data can reside in the memory that is arranged in portable consumer device.But portable consumer device is maintenance applications transaction counter (ATC) also, and its value can be any appropriate length.ATC can be set to predetermined value by the service supplier at the beginning.Afterwards, can increase progressively ATC with each transaction.Perhaps, can ATC be successively decreased from its initial predetermined value with each transaction.In addition, but use service supplier's maintenance service supplier's of payment services the corresponding ATC of computer-accessible.As on the following ground that more goes through, this corresponding ATC is used to identify may skimmed payment services.In alternative embodiment, can replace or use password, digital signature or hashed value based on transaction data in conjunction with ATC.
When starting payment services, promptly on portable consumer device, generate dCVV and be used for authentication purpose.Fig. 1 has described according to the present invention each transaction to be generated the method for dCVV.At the beginning, create the numeric string of predetermined length.This numeric string is to create on the corresponding leftmost several numerical digits of PAN104 by ATC 102 being covered (101) in the number of the account of payment services.This numeric string is connected in series to produce concatenated value 106 with the term of validity and the service codes of payment services at right-hand member.If necessary, fill up character 108 has predetermined fixed length with formation numeric string 112 in the right-hand member serial connection (110) of concatenated value 106.In one embodiment, this numeric string 112 be 128 long, although can use the numeric string of any length.Fill up character 108 can by 0 and 1 or the stream of all known any other digital value of portable consumer device and service supplier form.Numeric string 112 is split two pieces of equal length, i.e. piece A 116 and piece B 118.Encrypt (121) with 120 couples of piece A of first encryption key 116 then.The result of encrypting step 121 is piece C 122 that length equals piece A 116.Piece C 122 then with piece B 118 XORs (XOR) (123), obtain piece D 124.Encrypt (125) with 126 couples of piece D of second encryption key 124 then, to produce piece E 128.Use 130 couples of piece E of decruption key, 127 deciphering (129) to produce piece F 132 then.Encrypt (133) with 134 couples of piece F of the 4th encryption key 132 then, to produce piece G 136.
For those of ordinary skill in the art, obviously, the value of first encryption key 120, second encryption key 126, the 3rd encryption key 130 and the 134 desirable any preliminary elections of the 4th encryption key.In an embodiment of the present invention, first encryption key 120, second encryption key 126 and the 4th encryption key 134 equate, and have the value that is different from the 3rd encryption key 130.Other of the encryption key value of being utilized in the method for Fig. 1 are arranged within the scope of the invention.
In one embodiment, first encryption key 120, second encryption key 126, the 3rd encryption key 130 and the 4th encryption key 134 are got the value of unique key that the data that exist from portable consumer device obtain.After use, dominate out key to each payment services personalization by the service provision commercialization.In batches (that is, a plurality of payment services receive the same key of dominating out) or individually payment services are used and dominated out key.Each portable consumer device can come personalized with the function that obtains the unique key of payment services.
Fig. 2 shows the method for two unique keys that are used to be used in a preferred embodiment.Contrary 204 of contrary 203, the account sequence number of number of the account 201, account sequence number 202, number of the account is serially connected to create concatenated value 210.If necessary, concatenated value 210 usable zeros or certain other value 211 are filled up and can be held the additional arbitrary data that comprises one or more data elements, to create the string of predetermined fixed length.In one embodiment, concatenated value 210 can be 128 long, although concatenated value is not limited to this length, and can hold the additional arbitrary data that comprises one or more data elements.Concatenated value 210 encrypts 220 with dominating key 221 as each encryption key of encrypting the stage then.The encryption that is utilized can comprise the encryption method of any kind.For example, this encrypting step can utilize 3-DES to encrypt.The value that obtains from encrypting step 220 is unique key that obtains or by the UDK 230 of the application program of number of the account sign.Obtain two additional keys from UDK, UDKA 240 and UDKB 241.Obtain UDKA 240 and UDKB 241 can adopt any form from UDK 230, comprise that the value that the left side of UDK 230 is half of composes to UDKA 240, and the right half of value of UDK 230 is composed to UDKB 241.Perhaps, can be by selecting alternately or obtain UDKA 240 from other predetermined bit sequence of UDK 230, and all the other positions are assigned to UDKB 241.And, do not require that UDKA 240 and UDKB 241 have equal length.
Fig. 3 has described to generate the required further processing of dCVV.Two the independent iterative process of each four hyte (groupings of 4 positions) experience that are stored in the value among the piece G 136 are with the value evaluation to each four hyte.As shown in Figure 3, from piece G 136 the highest effectively (promptly, Far Left) numerical digit begin and check each the order four hytes, be from 0 to 9 value (comprising 0 and 9) if there are four hytes to comprise scope, then extract this value (301), and the right of the value (if there is) of extracting before being concatenated into by the value that will be extracted places and is called as the new numeric string (305) that keeps string (holding string) herein.The result keeps string to comprise a series of values of from 0 to 9 (comprising 0 and 9), and they appear in the maintenance string from left to right with the same sequence that it appears among the piece G 136.
And then begin and check that each order four hyte carries out second evaluation from the highest significant position of piece G 136.If four hytes comprise the hexadecimal value that (comprises 10 and 15) from 10 (A) to 15 (F), then extract this value (310).Come the value decimal systemization by deduct hexadecimal value A from the value of being extracted then, obtain from 0 to 5 decimal value (315) being extracted.The value of this decimal systemization is concatenated into the rightmost value (320) that keeps string then on the right.
In case checked as described after twice of all four hyte among the piece G, extracted and keep the highest effectively three four hytes (325) of (that is Far Left) in the string.This 3-digit value is the dCVV of transaction.The position that can extract other numbers from check twice four hyte strings is to generate the dCVV of transaction.And, can use such as difference four hytes of rightmost four hytes dCVV as transaction.Yet leftmost three four hytes are represented preferred embodiment.
In case after generating, be about to dCVV and be embedded into from portable consumer device and send in the payment data of point of sales terminal.The data that received by point of sales terminal can be revealed as the standard payment data to point of sales terminal.In other words, point of sales terminal may not determine whether to have embedded dCVV and where such dCVV may be positioned at.Do not exist a dCVV to be embedded into indication in the data that receive from portable consumer device to point of sales terminal.
Fig. 4 has described to be used for sending to from portable consumer device the exemplary record formats of the payment data of point of sales terminal, has embedded dCVV in this payment data.The record format of Fig. 4 is connected in series with the term of validity 402 and service codes 403 by the primary account number 401 with payment services and creates.In one embodiment, primary account number 401 is that 16 numerical digits are long, and the term of validity 402 is that four numerical digits are long, and service codes 403 is that three numerical digits are long.Yet primary account number 401, the term of validity 402 and service codes 403 are not limited to these length.Then, in the field that is generally other purposes reservations, placing as indication has a dCVV to be embedded in the value of the designator 705 in this record.The value of this designator is to use on portable consumer device known to the service supplier of this application program.Then, ATC 410 is placed in the field that is generally the reservation of PIN verification msg.At last, at the right of record serial connection dCVV 415.The remainder of record can comprise additional arbitrary data.
Perhaps, Fig. 5 has described to be used for sending second exemplary record formats that it embeds the payment information that dCVV is arranged from portable consumer device to point of sales terminal.Form among Fig. 5 is created with the field of the term of validity 502, service codes 503, PVKI 504 and PIN verification msg 505 by the primary account number 501 of serial connection payment services.In one embodiment, primary account number 501 is that 16 numerical digits are long, and the term of validity 502 is that four numerical digits are long, and service codes 503 is that three numerical digits are long, and PVKI 504 is that a numerical digit is long, and PIN verification msg 505 is that four numerical digits are long.Yet primary account number 501, the term of validity 502, service codes 503, PVKI 504 and PIN verification msg 505 are not limited to these length.Then, in each individual data field 510 of the CVV of dynamic creation, ATC and service supplier are used for identifying the designator that has embedded dynamic CVV and are stored in the sequence.The remainder of record can comprise additional arbitrary data.
The authenticity that an aspect of of the present present invention is to utilize the system of the CVV of dynamic creation to allow the service supplier to align the payment services that are utilized judges.This authenticating step is not left to businessman, each point of sales terminal or other third parties or equipment.Whether skimmed Fig. 6 illustrate and how use dCVV to allow authenticity that the service supplier assesses the payment application of use on portable consumer device to make the judgement of this payment application in the noncontact environment.Although in the embodiment of the noncontact environment of Fig. 6, show, the invention is not restricted to such environment, and can be used for wherein using any method of the such data of transmission or any transaction that mode exchanges magnetic stripe magnetic track 1 and/or magnetic track 2 data.
As shown in Figure 6, portable consumer device uses said method to generate dCVV 601.DCVV is embedded in the payment data (605).In this regard, can utilize the exemplary record formats shown in Fig. 4 or Fig. 5.The payment data that has the dCVV of embedding sends to point of sales terminal (610) by data communication.Point of sales terminal is the payment data of reference format with the data identification that is received, and may data flow be passed to service provider computer (615) via the payment network (not shown).Service provider computer receives (620) and has the payment data of the dCVV of embedding, and inquires that suitable designator is to determine whether transaction is noncontact transaction (625).If it is not the noncontact transaction that service provider computer is determined transaction, then handle transaction (630) with its normal mode.If service provider computer determines that transaction is noncontact, then whether the service provider computer ATC that will receive from portable consumer device and the corresponding ATC on the service provider computer to compare with the ATC that determines to be received be next ATC 635 of expecting and/or whether in admissible scope.If but the ATC that receives from portable consumer device is not next ATC of expection or is positioned at allowed band that the payment services of then using may skimmed (640) on portable consumer device.But if receive next ATC of expection and/or be positioned at the ATC of allowed band, then service provider computer can be utilized the dCVV (645) that regenerates given transaction to above-mentioned similar or similar process independently.If the dCVV (650) that the dCVV that the service supplier generates coupling receives from portable consumer device, if but or dCVV be the dCVV that can use the ATC in allowed band to generate, then the service supplier thinks that payment application is real (655).Before using the ATC that is generated that receives from portable consumer device to replace it then, service provider computer is stored in ATC (660) on the service provider computer for subsequent authentication.This dCVV if the dCVV that the service supplier generates does not match, but or be not the dCVV that can obtain from the ATC that is positioned at allowed band, then transaction may be rogue and be terminated (665).
In conjunction with contactless transaction the method for Fig. 6 has been discussed, but this method is not limited thereto.For example, can utilize this method about the transaction on a certain threshold value.In such a case, the service supplier can become this application deployment the transaction generation dCVV that is higher than this threshold value after using application program.Can be the designator that the transaction that is higher than this threshold value is provided with inquiry in the step 625 then.Similarly, can utilize this method about any other standard of concluding the business, these criterions include but not limited to geographical position, use pattern or any other criterion.
In alternative embodiment, portable consumer device sends to point of sales terminal (701) such as credit card terminal with payment data.Point of sales terminal receives data and calculates the validation value (705) of transaction.Validation value can calculate with numerous distinct methods, includes but not limited to, unique Transaction Identification Number, time stamp that is provided by point of sales terminal or the dealing money that adds time stamp to are provided.Point of sales terminal can embed and/or be appended to payment data (710) with validation value and additional data then.Additional data may be that service provider computer checking exchange needs.Point of sales terminal can be passed to data flow service provider computer (715) then, may be via the payment network (not shown).Service provider computer receives the payment data (720) that has validation value.Whether at least a portion of the additional data that service provider computer can be randomly will be embedded or be appended by point of sales terminal compares with the data determining to be received correct (725) with being stored in corresponding data on the service provider computer, and/or is positioned within the preset range.If incorrect from the data that point of sales terminal receives, then transaction data may skimmed (730).If correct data, service provider computer can utilize the identical process that uses with point of sales terminal to regenerate the validation value (735) of given transaction.If the validation value (740) that the verification value matches that the service supplier generates receives from point of sales terminal, if or the validation value that generates (for example can be accepted, validation value is to use the dynamic data element that is positioned at tolerance interval to generate), then the service supplier thinks that payment application is real (745).Service provider computer can randomly use the additional data that receives from portable consumer device to be stored in additional data on the service provider computer before upgrading for subsequent authentication (750) then.If the validation value that the validation value that the service supplier generates does not match and receives from point of sales terminal, or unacceptable, then transaction may be rogue and be terminated (755).
Aforementioned principle of the present invention only has been described.In addition, because those skilled in the art can easily expect various modifications and change, shown in not expecting to limit the invention to and described exact configuration and operation, thereby, can take all suitable modification and equivalent way, they all fall within the scope of the present invention.

Claims (17)

1. method comprises:
A) first validation value that receives dynamic data element and obtain from described dynamic data element, wherein said first validation value is in response to the transaction of using portable consumer device to carry out and generates;
B) determine that described dynamic data element is whether in preset range;
C) generate second validation value;
D) determine whether described second validation value mates described first validation value, or whether described second validation value can be accepted; And
E) if described first validation value of described second verification value matches, if or described second validation value can accept, then start approval to described transaction.
2. the method for claim 1 is characterized in that, described dynamic data element is a Counter Value, and wherein said preset range is the counter range of being scheduled to.
3. method as claimed in claim 2 is characterized in that, described preset count device scope is between 2 and 10.
4. the method for claim 1 is characterized in that, described portable consumer device is a card.
5. the method for claim 1 is characterized in that, described portable consumer device is a phone.
6. the step a) in the method for claim 1-d) carry out by service provider computer.
7. the method for claim 1 is characterized in that, starts described approval and comprises the described transaction of approval or send message to the publisher that described publisher ratifies described transaction subsequently.
8. the method for claim 1 is characterized in that, described transaction is a purchase-transaction.
9. the method for claim 1 is characterized in that, described preset range is less than 5.
10. the method for claim 1 is characterized in that, described validation value is 4 numerical digits or following.
11. a computer-readable medium comprises:
The code of first validation value that is used to receive dynamic data element and obtains from described dynamic data element, wherein said first validation value is in response to the transaction of using portable consumer device to carry out and generates;
Be used for determining the whether code in preset range of described dynamic data element;
Be used to generate the code of second validation value;
Be used for determining whether described second validation value mates described first validation value, or described second validation value acceptable code whether; And
Be used under the situation of described first validation value of described second verification value matches, or under the acceptable situation of described second validation value, start code the approval of described transaction.
12. computer-readable medium as claimed in claim 11 is characterized in that, described dynamic data element is a Counter Value, and wherein said preset range is the range of counter of being scheduled to.
13. computer-readable medium as claimed in claim 12 is characterized in that, described preset count device scope is between 2 and 10.
14. computer-readable medium as claimed in claim 11 is characterized in that, described portable consumer device is a card.
15. computer that comprises computer-readable medium as claimed in claim 11.
16. computer as claimed in claim 15 is characterized in that, described dynamic data element is a Counter Value.
17. computer installation as claimed in claim 15 is characterized in that, the scope of described preset count device value is between 2 and 10.
CN2007800295538A 2006-06-19 2007-06-18 Verification error reduction system Active CN101502031B (en)

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
US81505906P 2006-06-19 2006-06-19
US60/815,059 2006-06-19
US81543006P 2006-06-20 2006-06-20
US60/815,430 2006-06-20
US88408907P 2007-01-09 2007-01-09
US60/884,089 2007-01-09
PCT/US2007/071479 WO2008016752A2 (en) 2006-06-19 2007-06-18 Verification error reduction system

Publications (2)

Publication Number Publication Date
CN101502031A true CN101502031A (en) 2009-08-05
CN101502031B CN101502031B (en) 2013-02-27

Family

ID=40829560

Family Applications (6)

Application Number Title Priority Date Filing Date
CN200780022875.XA Active CN101485128B (en) 2006-06-19 2007-06-15 Portable consumer device verification system
CNA2007800228745A Pending CN101473344A (en) 2006-06-19 2007-06-15 Consumer authentication system and method
CN201710173504.7A Active CN106936587B (en) 2006-06-19 2007-06-15 Consumer authentication system and method
CN2007800295538A Active CN101502031B (en) 2006-06-19 2007-06-18 Verification error reduction system
CN200780027259.3A Active CN101512957B (en) 2006-06-19 2007-06-18 Use the transaction authentication of network
CN201710270542.4A Withdrawn CN107067246A (en) 2006-06-19 2007-06-18 Use the transaction authentication of network

Family Applications Before (3)

Application Number Title Priority Date Filing Date
CN200780022875.XA Active CN101485128B (en) 2006-06-19 2007-06-15 Portable consumer device verification system
CNA2007800228745A Pending CN101473344A (en) 2006-06-19 2007-06-15 Consumer authentication system and method
CN201710173504.7A Active CN106936587B (en) 2006-06-19 2007-06-15 Consumer authentication system and method

Family Applications After (2)

Application Number Title Priority Date Filing Date
CN200780027259.3A Active CN101512957B (en) 2006-06-19 2007-06-18 Use the transaction authentication of network
CN201710270542.4A Withdrawn CN107067246A (en) 2006-06-19 2007-06-18 Use the transaction authentication of network

Country Status (1)

Country Link
CN (6) CN101485128B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102792325A (en) * 2010-04-09 2012-11-21 维萨国际服务协会 System and method for securely validating transactions
CN104969244A (en) * 2012-11-20 2015-10-07 新韩信用卡株式会社 Mobile payment system and mobile payment method using dynamic track 2 information

Families Citing this family (68)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7818264B2 (en) 2006-06-19 2010-10-19 Visa U.S.A. Inc. Track data encryption
KR102389147B1 (en) 2007-09-24 2022-04-21 애플 인크. Embedded authentication systems in an electronic device
US8600120B2 (en) 2008-01-03 2013-12-03 Apple Inc. Personal computing device control using face detection and recognition
US9715681B2 (en) 2009-04-28 2017-07-25 Visa International Service Association Verification of portable consumer devices
US8893967B2 (en) 2009-05-15 2014-11-25 Visa International Service Association Secure Communication of payment information to merchants using a verification token
US9038886B2 (en) 2009-05-15 2015-05-26 Visa International Service Association Verification of portable consumer devices
US8534564B2 (en) * 2009-05-15 2013-09-17 Ayman Hammad Integration of verification tokens with mobile communication devices
US9105027B2 (en) 2009-05-15 2015-08-11 Visa International Service Association Verification of portable consumer device for secure services
US9633351B2 (en) * 2009-11-05 2017-04-25 Visa International Service Association Encryption switch processing
US9424413B2 (en) 2010-02-24 2016-08-23 Visa International Service Association Integration of payment capability into secure elements of computers
CA2724297C (en) * 2010-12-14 2013-11-12 Xtreme Mobility Inc. System and method for authenticating transactions through a mobile device
EP2656292A4 (en) * 2010-12-23 2014-07-02 Paydiant Inc Mobile phone atm processing methods and systems
CN103733203B (en) * 2011-06-13 2017-03-29 意法半导体亚太私人有限公司 Delay or forgery and/or the clone of blocking member
US9002322B2 (en) * 2011-09-29 2015-04-07 Apple Inc. Authentication with secondary approver
EP2795428A4 (en) * 2011-12-21 2016-02-17 Mashinery Pty Ltd Gesture-based device
US10282724B2 (en) 2012-03-06 2019-05-07 Visa International Service Association Security system incorporating mobile device
EP4131036A1 (en) * 2012-06-11 2023-02-08 Samsung Electronics Co., Ltd. Mobile device and control method thereof
US9858560B2 (en) * 2012-06-28 2018-01-02 Maxim Integrated Products, Inc. Secure payments with untrusted devices
WO2014013342A2 (en) * 2012-07-16 2014-01-23 Mashinery Pty Ltd. Authorization of transactions
CN104685519A (en) * 2012-08-30 2015-06-03 黄金富 Bank card accounting system with dynamic risk management and corresponding method
KR101354388B1 (en) * 2012-12-12 2014-01-23 신한카드 주식회사 Generating method for one time code
DE102013201027A1 (en) * 2013-01-23 2014-07-24 Bundesdruckerei Gmbh Method for authenticating a user to a vending machine
WO2014143776A2 (en) 2013-03-15 2014-09-18 Bodhi Technology Ventures Llc Providing remote interactions with host device using a wireless device
CA2920661C (en) 2013-08-08 2019-05-21 Visa International Service Association Methods and systems for provisioning mobile devices with payment credentials
US9898642B2 (en) 2013-09-09 2018-02-20 Apple Inc. Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs
CN104639517B (en) * 2013-11-15 2019-09-17 阿里巴巴集团控股有限公司 The method and apparatus for carrying out authentication using human body biological characteristics
US10096027B2 (en) * 2014-03-12 2018-10-09 The Toronto-Dominion Bank System and method for authorizing a debit transaction without user authentication
US9483763B2 (en) 2014-05-29 2016-11-01 Apple Inc. User interface for payments
AU2015267671B2 (en) 2014-05-30 2018-04-19 Apple Inc. Transition from use of one device to another
CN105490810B (en) * 2014-09-19 2020-06-23 腾讯科技(深圳)有限公司 Method, device and system for processing virtual resource data
US10140615B2 (en) 2014-09-22 2018-11-27 Visa International Service Association Secure mobile device credential provisioning using risk decision non-overrides
US9317847B2 (en) * 2014-09-23 2016-04-19 Sony Corporation E-card transaction authorization based on geographic location
CN105809494A (en) * 2014-12-30 2016-07-27 航天信息股份有限公司 method and system for invoice generation and invoice verification
EP3241136B1 (en) * 2014-12-30 2020-07-29 OneSpan International GmbH User authentication based on personal access history
CN107209895A (en) * 2015-01-26 2017-09-26 维萨国际服务协会 Direct fund transfer process
US20160321627A1 (en) * 2015-04-29 2016-11-03 Ncr Corporation Biometric authentication of pre-staged self-service terminal transactions
CN106603237B (en) * 2015-10-16 2022-02-08 中兴通讯股份有限公司 Safe payment method and device
CN105610865A (en) * 2016-02-18 2016-05-25 中国银联股份有限公司 Method and device for authenticating identity of user based on transaction data
CN109313759B (en) 2016-06-11 2022-04-26 苹果公司 User interface for transactions
US10621581B2 (en) 2016-06-11 2020-04-14 Apple Inc. User interface for transactions
DK201670622A1 (en) 2016-06-12 2018-02-12 Apple Inc User interfaces for transactions
US10496808B2 (en) 2016-10-25 2019-12-03 Apple Inc. User interface for managing access to credentials for use in an operation
US11431836B2 (en) 2017-05-02 2022-08-30 Apple Inc. Methods and interfaces for initiating media playback
US10992795B2 (en) 2017-05-16 2021-04-27 Apple Inc. Methods and interfaces for home media control
CN111343060B (en) 2017-05-16 2022-02-11 苹果公司 Method and interface for home media control
US20220279063A1 (en) 2017-05-16 2022-09-01 Apple Inc. Methods and interfaces for home media control
CN107277017A (en) * 2017-06-22 2017-10-20 北京洋浦伟业科技发展有限公司 Purview certification method, apparatus and system based on encryption key and device-fingerprint
SG10201707194TA (en) * 2017-09-05 2019-04-29 Mastercard Asia Pacific Pte Ltd Methods for Authenticating a User, Input Devices, and Computer-readable Media
KR102185854B1 (en) 2017-09-09 2020-12-02 애플 인크. Implementation of biometric authentication
KR102389678B1 (en) 2017-09-09 2022-04-21 애플 인크. Implementation of biometric authentication
CN108734467A (en) * 2017-10-23 2018-11-02 福州领头虎软件有限公司 A kind of fair verification method and system of electronic evidence
CN109818906B (en) * 2017-11-21 2022-04-15 深圳市腾讯计算机系统有限公司 Equipment fingerprint information processing method and device and server
CN108038694B (en) * 2017-12-11 2019-03-29 飞天诚信科技股份有限公司 A kind of fiscard and its working method with fingerprint authentication function
US11170085B2 (en) 2018-06-03 2021-11-09 Apple Inc. Implementation of biometric authentication
US11100349B2 (en) 2018-09-28 2021-08-24 Apple Inc. Audio assisted enrollment
US10860096B2 (en) 2018-09-28 2020-12-08 Apple Inc. Device control using gaze information
CN109934709A (en) 2018-11-05 2019-06-25 阿里巴巴集团控股有限公司 Data processing method, device and server based on block chain
CA3131489A1 (en) 2019-02-27 2020-09-03 Louisiana-Pacific Corporation Fire-resistant manufactured-wood based siding
US10825023B2 (en) 2019-04-10 2020-11-03 Advanced New Technologies Co., Ltd. Verification method and apparatus for user signing fast payment with bank card
US11329832B2 (en) * 2019-05-29 2022-05-10 Visa International Service Association System and method for dynamic knowledge-based authentication
EP4134811A1 (en) 2019-05-31 2023-02-15 Apple Inc. User interfaces for audio media control
US11010121B2 (en) 2019-05-31 2021-05-18 Apple Inc. User interfaces for audio media control
CN112771829B (en) * 2019-09-03 2023-04-18 谷歌有限责任公司 System and method for authentication control of content delivery
US11816194B2 (en) 2020-06-21 2023-11-14 Apple Inc. User interfaces for managing secure operations
US11392291B2 (en) 2020-09-25 2022-07-19 Apple Inc. Methods and interfaces for media control with dynamic feedback
US11977611B2 (en) 2020-10-20 2024-05-07 Mastercard International Incorporated Digital rights management platform
US11847378B2 (en) 2021-06-06 2023-12-19 Apple Inc. User interfaces for audio routing
US11784956B2 (en) 2021-09-20 2023-10-10 Apple Inc. Requests to add assets to an asset account

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5163097A (en) * 1991-08-07 1992-11-10 Dynamicserve, Ltd. Method and apparatus for providing secure access to a limited access system
US5577121A (en) * 1994-06-09 1996-11-19 Electronic Payment Services, Inc. Transaction system for integrated circuit cards
US6850916B1 (en) * 1998-04-27 2005-02-01 Esignx Corporation Portable electronic charge and authorization devices and methods therefor
US6980660B1 (en) * 1999-05-21 2005-12-27 International Business Machines Corporation Method and apparatus for efficiently initializing mobile wireless devices
BR0112382A (en) * 2000-06-28 2005-04-12 Patentek Inc Method and system for the secure collection, storage and transmission of information
US6816058B2 (en) * 2001-04-26 2004-11-09 Mcgregor Christopher M Bio-metric smart card, bio-metric smart card reader and method of use
CN1435985A (en) * 2002-01-30 2003-08-13 鸿联九五信息产业股份有限公司 Dynamic cipher safety system and dynamic cipher generating method
CN1508746A (en) * 2002-12-18 2004-06-30 薛永嘉 Personal identity information integrating apparatus
CA2554173A1 (en) * 2004-01-23 2005-08-11 Mastercard International Incorporated System and method for secure telephone and computer transactions

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102792325A (en) * 2010-04-09 2012-11-21 维萨国际服务协会 System and method for securely validating transactions
CN102792325B (en) * 2010-04-09 2017-09-01 维萨国际服务协会 System and method for safely confirming transaction
US10373138B2 (en) 2010-04-09 2019-08-06 Visa International Service Association System and method for securely validating transactions
US11107053B2 (en) 2010-04-09 2021-08-31 Visa International Service Associate System and method for securely validating transactions
CN104969244A (en) * 2012-11-20 2015-10-07 新韩信用卡株式会社 Mobile payment system and mobile payment method using dynamic track 2 information

Also Published As

Publication number Publication date
CN101512957A (en) 2009-08-19
CN107067246A (en) 2017-08-18
CN101502031B (en) 2013-02-27
CN106936587B (en) 2020-05-12
CN101485128A (en) 2009-07-15
CN101473344A (en) 2009-07-01
CN101512957B (en) 2017-12-29
CN106936587A (en) 2017-07-07
CN101485128B (en) 2016-08-03

Similar Documents

Publication Publication Date Title
CN101502031B (en) Verification error reduction system
US11443321B2 (en) Payment service authentication for a transaction using a generated dynamic verification value
AU2007281365B2 (en) Verification error reduction system
US7740168B2 (en) Method and system for generating a dynamic verification value
US20090319430A1 (en) Mobile phone including dynamic verification value
US20100027786A1 (en) Dynamic encryption authentication
US20100179909A1 (en) User defined udk

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant