WO2014147399A1 - A method and system for transferring data - Google Patents

A method and system for transferring data Download PDF

Info

Publication number
WO2014147399A1
WO2014147399A1 PCT/GB2014/050866 GB2014050866W WO2014147399A1 WO 2014147399 A1 WO2014147399 A1 WO 2014147399A1 GB 2014050866 W GB2014050866 W GB 2014050866W WO 2014147399 A1 WO2014147399 A1 WO 2014147399A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
node
payment
protocol
processing system
Prior art date
Application number
PCT/GB2014/050866
Other languages
French (fr)
Inventor
Boris Taratine
Original Assignee
Visa Europe Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visa Europe Limited filed Critical Visa Europe Limited
Priority to CN201480017318.9A priority Critical patent/CN105051769B/en
Priority to EP14718448.5A priority patent/EP2976739B1/en
Priority to ES14718448T priority patent/ES2791185T3/en
Priority to KR1020157029687A priority patent/KR102202549B1/en
Priority to MX2015012717A priority patent/MX2015012717A/en
Priority to CA2907515A priority patent/CA2907515C/en
Priority to AU2014234005A priority patent/AU2014234005A1/en
Publication of WO2014147399A1 publication Critical patent/WO2014147399A1/en
Priority to US14/858,185 priority patent/US10348805B2/en
Priority to US16/418,542 priority patent/US11381632B2/en
Priority to US17/690,686 priority patent/US11924270B2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion

Definitions

  • the present invention relates to systems and methods for transferring data where data of a first type is transferred to a node using a protocol, and where second data, of a type not included in the protocol, is made available for retrieval by the node.
  • protocols are defined to enable the transfer of data between different network nodes. Any given protocol may specify a number of aspects of how data is to be transferred. Data of a first type, included in the protocol, can be transferred using that protocol. Data of a second type, not included in the protocol, may not be transferable.
  • a given protocol may specify certain data fields. Data capable of being transferred according to the protocol, i.e. data of the first type, must correspond to one of the specified fields. Data which does not correspond to a specified field, i.e. data of the second type, is not included in the protocol and therefore cannot be easily transferred.
  • the typical solution is to update the protocol to include this second type of data; in other words by updating a legacy protocol standard to include new fields.
  • any given first node the sending node
  • the data is transferred from the first to the second node via one or more third nodes. Therefore, updating the protocol requires updating not only the first and second nodes, but all the third nodes as well. This can be difficult, especially when the third nodes are operated by organisations other than those operating the first and second nodes.
  • methods, devices, systems and software are provided for supporting or implementing functionality to transfer data.
  • a method of transferring data in a communications system comprising at least one first node arranged to send data to a plurality of second nodes using a first protocol, the first protocol allowing the transfer of data of a first type, and wherein at least one of said plurality of second nodes further requires data of a second type, not included in the data sent according to the first protocol, the method comprising: transferring first data to a plurality of the second nodes using the first protocol, the first data being of the first type; storing second data in a memory, the second data being of the second type; and responsive to a request, providing access to at least a part of the second data to the second node.
  • protocols are set up to allow for data to be transferred from one node to another.
  • the protocols establish the type of the content which may be transferred using the protocol. Once established, protocols become difficult to change, as each node needs to be updated to be able to use a modified protocol. Accordingly it is difficult to change the types of data which can be transferred (i.e. by adding new fields, or expanding existing fields).
  • Embodiments configured to perform the above method overcome this problem by using a first protocol to transfer first data of a first type supported by the first protocol, while storing second data, which is not included in the data sent according to the first protocol, in a memory. This second data can then be retrieved by a second node as required. This provides the advantage that additional data, i.e. data of the second type, can be provided without having to modify the protocol.
  • the first data may comprise a plurality of first data items
  • the second data may comprise a plurality of second data items associated with corresponding first data items.
  • the request may comprise data identifying at least one second data item. This data identifying at least one second data item may correspond to an identity of said at least one second node. Alternatively or additionally, the data identifying at least one second data item may correspond to data included in a corresponding first data item.
  • the first data items may comprise identifiers, and the at least one second data item may be stored in association with an identifier of a corresponding first data item.
  • data items within the first data are associated with data items within the second data. This may be enabled using identifiers shared between corresponding first and second data items. This in turn enables a second node to easily retrieve second data corresponding to first data received using the first protocol.
  • the identity of the second node may be used to access the data, with a plurality of second data parts being provided to the second node based on that identity.
  • the method may comprise generating at least a part of a second data item using at least a part of a corresponding first data item as an input to a data processing algorithm.
  • the data processing algorithm may compute a hash function.
  • the data processing algorithm may compute a digital signature. This digital signature may be computed using a cryptographic key.
  • the first data may be used to generate the second data.
  • the second data may subsequently be used to determine whether the first data has been modified in transit between the first and second nodes.
  • the first node may sign the data, and/or generate a hash function of the data (which may have been and/or may subsequently be signed).
  • the hashed and/or signed data may then be stored in the memory.
  • the first node and the second node may have a trust relationship. Furthermore, the first data may be sent via at least a third node which does not have a trust relationship with the first and the second node.
  • the first data sent using the first protocol may be sent in accordance with a format, said format being one that can be interpreted by the third node.
  • the first, the second and the third node may be arranged to cooperate in an interaction for which both the second node and the third node require said first data.
  • the at least one second node knows that data sent, and stored in the memory, by the first node can be trusted, i.e. is correct and can be relied upon.
  • the third node may require the data to be readable because the first, at least one second and at least one third nodes are arranged to cooperate in an interaction or which the first data is required. It will be apparent that when the second data is encrypted or hashed, and optionally signed, the memory can be made publicly available, and the second data may be sent via an alternative route which involves transmitting data to and from untrusted nodes
  • the first data may be transferred to the plurality of second nodes via one or more further network nodes, each supporting the first protocol. At least one of the one or more further network nodes may not support a protocol capable of transferring data of the second type.
  • the network and in particular the nodes between the first and second nodes, do not need to be able to support the second type of data, and indeed may not do so.
  • the first protocol may define a plurality of fields, and the first data may comprise data corresponding to at least one of the fields. Furthermore, the second data may comprise at least some data which does not correspond to the fields of the first protocol.
  • the network may comprise a payment processing network, and the first data may comprise transaction data.
  • the first node may comprise one or more of: a trusted intermediary arranged to provide transaction data on behalf of a customer; a merchant data processing system; a payment service provider (PSP); and an acquiring bank data processing system.
  • the network may comprise one or more third nodes between the first and second nodes, the one or more nodes may comprise at least one of: a merchant data processing system; a payment service provider (PSP); an acquiring bank data processing system; and a card system data processing system.
  • the at least one second node may comprise one or more of: an issuing bank computing system; a fraud detection processing system; and an accounting system.
  • a method of processing payment data associated with payment transactions conducted via a network comprising, at least one acquiring bank data processing system, at least a first network node arranged to provide payment data to at least one said acquiring bank data processing system and at least a second network node arranged to receive payment data from at least one said acquiring bank data processing system, wherein, during a given payment transaction, payment data associated with the payment transaction is sent from the first network node to the second network node via at least one said acquiring bank data processing system, the method comprising: storing, at a network node other than the at least one acquiring bank data processing system, further data associated with the transaction from the first network node, at least some of the further data being other than the payment data; and allowing access to the further data by the second network node.
  • the payment data associated with the payment transaction may be sent from the first network node to the second network node via at least one said acquiring bank data processing system using at least a first protocol, and the further data may comprise data not included in the first protocol.
  • a computer program product comprising a non-transitory computer-readable storage medium having computer readable instructions stored thereon, the computer readable instructions being executable by a computerized device to cause the computerized device to perform a method of transferring data in a communications system, wherein the communications system comprises at least one first node arranged to send data to a plurality of second nodes using a first protocol, the first protocol allowing the transfer of data of a first type, and wherein at least one of said plurality of second nodes further requires data of a second type, not included in the data sent according to the first protocol, the method comprising: transferring first data to a plurality of the second nodes using the first protocol, the first data being of the first type; storing second data in a memory, the second data being of the second type; and responsive to a request, providing access to at least a part of the second data to the second node.
  • a computer program product comprising a non-transitory computer-readable storage medium having computer readable instructions stored thereon, the computer readable instructions being executable by a computerized device to cause the computerized device to perform a method of processing payment data associated with payment transactions conducted via a network, the network comprising, at least one acquiring bank data processing system, at least a first network node arranged to provide payment data to at least one said acquiring bank data processing system and at least a second network node arranged to receive payment data from at least one said acquiring bank data processing system, wherein, during a given payment transaction, payment data associated with the payment transaction is sent from the first network node to the second network node via at least one said acquiring bank data processing system, the method comprising: storing, at a network node other than the at least one acquiring bank data processing system, further data associated with the transaction from the first network node, at least some of the further data being other than the payment data; and allowing access to the further data by the second network
  • apparatus for transferring data in a communications system, wherein the communications system comprises at least one first node arranged to send data to a plurality of second nodes using a first protocol, the first protocol allowing the transfer of data of a first type, and wherein at least one of said plurality of second nodes further requires data of a second type, not included in the data sent according to the first protocol, the apparatus configured to: transfer first data to a plurality of the second nodes using the first protocol, the first data being of the first type; store second data in a memory, the second data being of the second type; and responsive to a request, provide access to at least a part of the second data to the second node.
  • apparatus for processing payment data associated with payment transactions conducted via a network, the network comprising, at least one acquiring bank data processing system, at least a first network node arranged to provide payment data to at least one said acquiring bank data processing system and at least a second network node arranged to receive payment data from at least one said acquiring bank data processing system, wherein, during a given payment transaction, payment data associated with the payment transaction is sent from the first network node to the second network node via at least one said acquiring bank data processing system, the apparatus configured to: store, at a network node other than the at least one acquiring bank data processing system, further data associated with the transaction from the first network node, at least some of the further data being other than the payment data; and allow access to the further data by the second network node.
  • Figure 1 shows a schematic diagram of a communications system in which embodiments of the invention may be practised
  • Figure 2 illustrates a method according to an embodiment
  • FIG. 3 shows a further schematic diagram of a communications system in which embodiments of the invention may be practised
  • FIG. 4 shows a system in which payment data may be transferred and in which embodiments of the invention may be practised.
  • Figure 5 shows a schematic diagram of a network node which may be used in embodiments of the invention.
  • Figure 1 shows a communications system 10 in which data of a first type can be sent from a first node 11 to a plurality of second nodes 12A and 12B using a first protocol, and in which data of a second type, not included in the first protocol, can be transferred to one of the second nodes 12 A.
  • the first node 11 is connected to the second nodes 12A and 12B via a network 13.
  • the network 13 may comprise any number of third nodes, with one, node 14, being shown.
  • First node 11 is connected to the third node 14, which in turn is connected to second nodes 12A and 12B. All of first, second and third nodes 11, 12A/12B and 14 are capable of transferring data according to a first protocol.
  • the first node 11, and second node 12A have connections to a memory 16.
  • the communications system comprises a first node 11 which is arranged to send data to the second nodes 12A and 12B.
  • the first node 11 may generate, identify or otherwise determine data to be sent to second node 12 A. While some of the data will be sent using a first protocol, the second node 12A requires data which is not included in this first protocol. As such, the data may be separated into two types, a first type of data which can be sent using the first protocol, and a second type, at least a part of which is not included in the first protocol and therefore cannot be sent using the first protocol.
  • Step 21 may include the steps of identifying that the data is to be sent to a second node 12A which requires the second data, and separating the data accordingly.
  • first data being of the first type included in the protocol
  • second data being of the second type and not included in the protocol
  • the second node 12A may access the second data stored in the memory 16.
  • the second node 12A may, in step 25, determine that first data has been received, and accordingly, in step 26, request access to the second data in the memory 16.
  • the first node 11 may transfer data to a further second node 12B.
  • This further second node 12B does not require data of the second type.
  • the first node 11 in step 27, analogous to step 21, the first node 11 generates the data to be sent to the further second node 12B.
  • This step may include the first node 11 identifying the further second node 12B, and determining that the further second node 12B does not require data of the second type, i.e. data not included in the protocol.
  • the first node 11 may transfer first data (of the first type) to the third node 14, from where, in step 29, it is transferred to the further second node 12B.
  • the first and second data may comprise a plurality of first and second data items respectively.
  • the second data items may be associated with corresponding first data items.
  • the second node 12A may make a request comprise data identifying one or more of the second data items which are desired by the second node 12 A.
  • This identifying data may be the identity of the second node 12A.
  • the memory 16 may provide all second data items which are associated with first data items sent to that particular second node 12 A.
  • the identifying data may correspond to data included in a corresponding first data item.
  • the second node 12 A in step 25, may use a received first data item to determine the identifying data to be provided in the request in step 26.
  • One method by which this may be done is to include an identifier in the first data item, and store the second data item in association with the provided identifier.
  • the first protocol may define a plurality of fields, and the first data accordingly may comprise data corresponding to at least one of the fields.
  • the second data may comprise at least some data which does not correspond to the fields of the first protocol.
  • This out-of-protocol data may include information which is only relevant to the second node 12A.
  • the second data items may be generated from the first data items.
  • a second data item may be generated using at least a part of a corresponding first data item as an input to a data processing algorithm.
  • This data processing algorithm may compute a hash function of the first data.
  • the data processing algorithm may compute a digital signature.
  • the first node may use a private key.
  • the first and the second node may share a secret and the digital signature may be computed using the shared secret.
  • the second node 12A is able to determine whether the first data has been modified in transit between the first and second nodes, i.e. by the third node 14.
  • the hashed/signed data may be stored in association with an identifier which is provided in the corresponding first data item.
  • the first data item (Di) may have the following format:
  • Di ⁇ ID, Fi, F 2 , F 3 , ... , F N ⁇
  • ID is an identifier and Fi etc. represent fields within the first data. As will be apparent, these fields are included in the first protocol.
  • the second node 12A may subsequently be able to confirm that the first data received using the protocol via the network 13 was the same as that originally sent by the first node 11. This is because the digital signing will be performed using the first node's private key, and therefore only the first node's public key will return the appropriate first data (or hash of the first data, which can be compared against a similarly generated hash of the received first data).
  • the first node may also encrypt the second data, using the public key of the second node 12 A.
  • the first node may also sign the second data using the private key of the first node 11), this can be done to ensure that only the second node 12A is able to interpret the second data. Encryption may not be necessary where the only objective is for the second node 12A to be able to confirm the first data has not been modified, as a hash of the first data - from which the first data cannot be derived - may be sufficient.
  • the second data may be encrypted to ensure that this data cannot be read by any node other than the second node 12 A.
  • the first node and the second node have a trust relationship.
  • the third node or nodes 14, via which the first data is sent may not have a trust relationship with the first and the second node.
  • the second node 12A can trust the second data in the memory 16
  • the second node cannot trust the first data sent via the untrusted third nodes 14.
  • This may be particularly relevant when the first data, sent using the first protocol, is sent in accordance with a format which can be interpreted by the third node 14. This requirement may be specified by the first protocol.
  • the third node 14 may additionally modify the data.
  • One reason for the third node 14 being able to interpret the data is because the first, the second and the third node are arranged to cooperate in an interaction for which both the second node and the third node require the first data.
  • the memory 16 itself may be publicly available, as only the first node can create the appropriately signed or encrypted data. It will be appreciated that if non-repudiation - that is the ability to confirm the source of the data - is required, then the second data may be signed. Equally if confidentiality is required, then the data may be encrypted. It will be apparent that one or both may be used together.
  • the first data is transferred to the second nodes 12A and 12B via one or more third network nodes 14.
  • each third node 14 will support the first protocol.
  • the one or more third nodes 14 do not support a protocol capable of transferring data of the second type.
  • any such third node 14 does not require modification for the second data to be transferred to the second node 12 A. This makes it easier to transfer the second data, as the modifications to the existing system are small.
  • the first node 1 1 transfers data to the second nodes 12A and 12B via a network 13.
  • the network in turn comprises third node 14 and a fourth node 15.
  • Fourth node 15 differs from third node 14 in that the fourth node 15 comprises memory 16'.
  • the first node 11 transmits the first data to the third node 14, and the second data to the fourth node 15.
  • the fourth node 15 may maintain the second data in the memory 16' until it is requested by the second node 12A.
  • the fourth node 15 may combine the first and second data and provide the combination to the second node 12A, i.e. the fourth node allows access to the second data by sending the same to the second node 12 A with the corresponding first data.
  • This arrangement allows the third node 14 to be bypassed by the second data, which may be required if the third node 14 is not trusted, or is incapable of handling the second data - i.e. if the third node 14 only supports protocols which are incapable of transferring the second data.
  • the communications system comprises a payment processing network.
  • the first data may comprise transaction data.
  • An example of a payment processing system 40 in which embodiments may be practised will be described with reference to Figure 4.
  • transaction data - is sent from a first node 11 to second nodes 12A and 12B via a network 13.
  • the data comprise first data, sent using a first protocol and second data which is stored in a memory 16.
  • the first node 11 may be a source of transaction data or payment data.
  • the first node may be a trusted intermediary arranged to provide transaction data on behalf of a customer.
  • the trusted intermediary may store details of payment methods, such as a primary account number or PAN from a credit card, and may be accessed by a customer as part of an online transaction.
  • the first node 11 may be a payment device, capable of communicating both the first and second data.
  • a mobile telephone may be arranged to provide the first data to a merchant to effect a transaction. This first data may, for example, be transferred using near-field communications.
  • the first node 11 may provide second data via a mobile communications network.
  • the above are only two examples, and other entities or systems capable of providing the first and second data according to embodiments will be apparent to the skilled person.
  • the second nodes 12A and 12B may be issuing bank payment processing systems (henceforth issuing banks).
  • the network 13 comprises a plurality of Payment Service
  • PSPs Providers, or PSPs, 41 A and 4 IB; a plurality of acquiring bank payment processing systems 42A and 42B (henceforth acquiring bank); and a card system data processing system 43.
  • acquiring bank payment processing systems 42A and 42B depleted bank
  • card system data processing system 43 card system data processing system
  • the first node 11 is connected to the plurality of PSPs 41 A and 41B.
  • the PSPs 41A and 41B are in turn each connected to acquiring banks 42A and 42B.
  • a given PSP is connected to multiple acquiring banks, and a given acquiring bank will be connected to multiple PSPs. This leads to the overlap in connections shown.
  • the acquiring banks 42A and 42B are connected to the card system data processing system 43, which is connected to the issuing banks 12A and 12B.
  • payment data i.e. the first data described above
  • the payment data is typically transmitted via one PSP and one acquiring bank to the card system, and from there to the issuing banks 12A and 12B. This process is known in the art and need not be described in detail. Nevertheless, since the choice of PSP and acquiring bank is typically made by a merchant, for any given transaction, any combination of PSP and acquiring bank may transfer the first data.
  • First data - the payment data - is sent via the conventional payment network 13 and can therefore be processed in the conventional manner to effect a transaction.
  • second data may be stored in the memory 16, and subsequently retrieved by a second node 12A (i.e. an issuing bank).
  • the second data may be used to verify the first data.
  • the second data may be a signed hash of the first data (or similar, as described above). Accordingly, an issuing bank, receiving payment data, will be able to verify that the first data was generated by the first node 11, and that the first data has not been altered in transit.
  • the trust relationship between the first and second nodes described above may be used to enable the second node to trust the first node.
  • the first node may for example comprise any, or some, of:
  • the trusted intermediary arranged to provide transaction data on behalf of a customer as mentioned above; - a payment device capable of independently providing second data to the memory;
  • PDP payment service provider
  • the second nodes 12A and 12B may alternatively or additionally comprise:
  • any data, related to a transaction, but which is not conventionally processed by existing payment processing systems within network 13, may be stored in the memory 16.
  • a copy of the receipt, or of the information contained on a receipt may be provided.
  • This information may include a detailed description of the goods or services purchased, a location of the point of sale, an address for delivery, whether any discounts were applied, a geolocation of the payment instrument in relation to any point of sale device used, a device identifier of the point of sale device, an IP address of a point of sale device or of a computer used to make an online purchase, spatial movements, biometric information, etc.
  • this data may be combined with the actual payment data transmitted via the payment network 13.
  • the second node is an accounting system, or an accounting program provided by an issuing bank
  • the data may be input into an accounting program, enabling customers to review spending in detail.
  • memory 16 has been shown separately, it will be appreciated that the memory may be combined with any of the network nodes.
  • the memory may be combined with the card payment system 43. This might be similar to the arrangement for node 15 shown in Figure 3.
  • embodiments may provide a method of processing payment data associated with payment transactions conducted via a network, where the network comprises,
  • - at least one acquiring bank data processing system - at least a first network node, which may be, for example, a trusted intermediary as described above, arranged to provide payment data to at least one of the acquiring bank data processing systems, and
  • a second network node which may be, for example, an issuing bank data processing system as described above, arranged to receive payment data from at least one of the acquiring bank data processing system.
  • payment data associated with the payment transaction may be sent from the first network node to the second network node via the acquiring bank data processing system.
  • further data associated with the transaction at least some of the further data being other than the payment data, may be stored at a network node other than the at least one acquiring bank data processing system. Subsequently, access to the further data, by the second network node, may be allowed.
  • the payment data associated with the payment transaction may be sent from the first network node to the second network node via at least one said acquiring bank data processing system using at least a first protocol, and the further data may comprises data not included in the first protocol.
  • the data stored in the memory 16 may, in some cases, not be retrieved.
  • the second node 12A may be selective over what data is retrieved.
  • the first node 11 may store second data irrespective of the second node to which the corresponding first data is sent - in other words, the identifying step 21 and 27 may be simplified or omitted. Only second nodes which require the second data, or desire second data for a particular instance, may retrieve the second data. However, in such circumstances, the first node does not require information on which nodes require data and which do not.
  • the memory may store data with a limited lifetime. That is data may be deleted irrespective of whether it has been retrieved after a predetermined period of time.
  • the network nodes may comprise computerised hardware as is known in the art. Nevertheless, for completeness, a exemplary computerised system 50, capable of performing the method steps described above, will now be described with reference to
  • the computerised system 50 comprises a processing system 51, such as a CPU, or an array of CPUs.
  • the processing system 51 is connected to a memory 52, such as volatile memory (e.g. RAM) or non-volatile memory, for example a solid state (SSD) memory or hard disk drive memory.
  • the memory 52 stores computer readable instructions 53.
  • the system 50 may also comprise an interface 54, capable of transmitting and/or receiving data from other network nodes.
  • the processing system 51 may retrieve the computer instructions 53 from memory 52 and execute these instructions whereby to perform the steps described above. In so doing, the processing system 51 may cause the interface to transmit or receive data as required. This data may itself be stored in memory 52, and retrieved as required - for example to be transmitted via the interface.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Communication Control (AREA)

Abstract

Systems, methods and computer programs for transferring data in a communications system are described. The communications systemh as a first node arranged to send data to a plurality of second nodes using a first protocol. The first protocol allows the transfer of data of a first type. At least one of the second nodes additionally requires data of a second type, which is not included in the data sent according to the first protocol. First data, of the first type, is transferred to a plurality of the second nodes using the first protocol. Second data, of the second type, is stored in a memory. Subsequently, in response to a request, access to the second data is provided to the second node.

Description

A Method and System for Transferring Data
Field of the Invention
The present invention relates to systems and methods for transferring data where data of a first type is transferred to a node using a protocol, and where second data, of a type not included in the protocol, is made available for retrieval by the node.
Background
In communications systems, protocols are defined to enable the transfer of data between different network nodes. Any given protocol may specify a number of aspects of how data is to be transferred. Data of a first type, included in the protocol, can be transferred using that protocol. Data of a second type, not included in the protocol, may not be transferable.
Any number of factors may differentiate the data of the first type from that of the second. For example, a given protocol may specify certain data fields. Data capable of being transferred according to the protocol, i.e. data of the first type, must correspond to one of the specified fields. Data which does not correspond to a specified field, i.e. data of the second type, is not included in the protocol and therefore cannot be easily transferred.
When it is desired for data of this second type to be transferred from a first to a second node, the typical solution is to update the protocol to include this second type of data; in other words by updating a legacy protocol standard to include new fields. However this can be difficult for a number of reasons. For example, any given first node (the sending node) may need to be able to communicate with multiple second (receiving) nodes. Where only a subset of the second nodes require the data of the second type, ensuring compatibility between the first node and all of the second nodes can be difficult. Additionally, in some systems, the data is transferred from the first to the second node via one or more third nodes. Therefore, updating the protocol requires updating not only the first and second nodes, but all the third nodes as well. This can be difficult, especially when the third nodes are operated by organisations other than those operating the first and second nodes.
Therefore, it is desirable to provide methods and systems which enable the transfer of such data. Summary of the Invention
In accordance with at least one embodiment, methods, devices, systems and software are provided for supporting or implementing functionality to transfer data.
This is achieved by a combination of features recited in each independent claim.
Accordingly, dependent claims prescribe further detailed implementations of various embodiments.
According to a first aspect of the invention there is provided a method of transferring data in a communications system, the communications system comprising at least one first node arranged to send data to a plurality of second nodes using a first protocol, the first protocol allowing the transfer of data of a first type, and wherein at least one of said plurality of second nodes further requires data of a second type, not included in the data sent according to the first protocol, the method comprising: transferring first data to a plurality of the second nodes using the first protocol, the first data being of the first type; storing second data in a memory, the second data being of the second type; and responsive to a request, providing access to at least a part of the second data to the second node.
In many communications systems, protocols are set up to allow for data to be transferred from one node to another. The protocols establish the type of the content which may be transferred using the protocol. Once established, protocols become difficult to change, as each node needs to be updated to be able to use a modified protocol. Accordingly it is difficult to change the types of data which can be transferred (i.e. by adding new fields, or expanding existing fields).
Embodiments configured to perform the above method overcome this problem by using a first protocol to transfer first data of a first type supported by the first protocol, while storing second data, which is not included in the data sent according to the first protocol, in a memory. This second data can then be retrieved by a second node as required. This provides the advantage that additional data, i.e. data of the second type, can be provided without having to modify the protocol.
Moreover, only second nodes which desire the second type of data need retrieve the second data. Any second node which does not desire the additional second type of data, does not need to change any part of its operation, as the data provided by the first protocol will still be provided in the usual manner. The first data may comprise a plurality of first data items, and the second data may comprise a plurality of second data items associated with corresponding first data items. Furthermore, the request may comprise data identifying at least one second data item. This data identifying at least one second data item may correspond to an identity of said at least one second node. Alternatively or additionally, the data identifying at least one second data item may correspond to data included in a corresponding first data item. In some embodiments, the first data items may comprise identifiers, and the at least one second data item may be stored in association with an identifier of a corresponding first data item.
In other words, data items within the first data are associated with data items within the second data. This may be enabled using identifiers shared between corresponding first and second data items. This in turn enables a second node to easily retrieve second data corresponding to first data received using the first protocol. In some embodiments, the identity of the second node may be used to access the data, with a plurality of second data parts being provided to the second node based on that identity.
The method may comprise generating at least a part of a second data item using at least a part of a corresponding first data item as an input to a data processing algorithm. The data processing algorithm may compute a hash function. Alternatively or additionally, the data processing algorithm may compute a digital signature. This digital signature may be computed using a cryptographic key.
In embodiments, the first data, that is the data which is supported by the first protocol, may be used to generate the second data. The second data may subsequently be used to determine whether the first data has been modified in transit between the first and second nodes. To generate this data, the first node may sign the data, and/or generate a hash function of the data (which may have been and/or may subsequently be signed). The hashed and/or signed data may then be stored in the memory.
The first node and the second node may have a trust relationship. Furthermore, the first data may be sent via at least a third node which does not have a trust relationship with the first and the second node. The first data sent using the first protocol may be sent in accordance with a format, said format being one that can be interpreted by the third node. The first, the second and the third node may be arranged to cooperate in an interaction for which both the second node and the third node require said first data. By having a trust relationship, the at least one second node knows that data sent, and stored in the memory, by the first node can be trusted, i.e. is correct and can be relied upon. However this may not be the case for the third node, and therefore any data sent via the third node cannot be trusted. This is particularly significant when the protocol specifies that the data is readable, and therefore editable, by the third node (this can be contrasted with a network node which merely routes the data on towards the second node). The third node may require the data to be readable because the first, at least one second and at least one third nodes are arranged to cooperate in an interaction or which the first data is required. It will be apparent that when the second data is encrypted or hashed, and optionally signed, the memory can be made publicly available, and the second data may be sent via an alternative route which involves transmitting data to and from untrusted nodes
The first data may be transferred to the plurality of second nodes via one or more further network nodes, each supporting the first protocol. At least one of the one or more further network nodes may not support a protocol capable of transferring data of the second type.
As described above, the network, and in particular the nodes between the first and second nodes, do not need to be able to support the second type of data, and indeed may not do so. This means that with changes only to the first node, and any relevant second node, both the first and second types of data may be transferred to the second node. This makes it easier to transfer the second data, as the modifications to the existing system are small and, in some cases, may not be required at all.
The first protocol may define a plurality of fields, and the first data may comprise data corresponding to at least one of the fields. Furthermore, the second data may comprise at least some data which does not correspond to the fields of the first protocol.
In embodiments, the network may comprise a payment processing network, and the first data may comprise transaction data. As such, the first node may comprise one or more of: a trusted intermediary arranged to provide transaction data on behalf of a customer; a merchant data processing system; a payment service provider (PSP); and an acquiring bank data processing system. Furthermore, the network may comprise one or more third nodes between the first and second nodes, the one or more nodes may comprise at least one of: a merchant data processing system; a payment service provider (PSP); an acquiring bank data processing system; and a card system data processing system. Additionally, the at least one second node may comprise one or more of: an issuing bank computing system; a fraud detection processing system; and an accounting system.
According to a second aspect of the invention there is provided a method of processing payment data associated with payment transactions conducted via a network, the network comprising, at least one acquiring bank data processing system, at least a first network node arranged to provide payment data to at least one said acquiring bank data processing system and at least a second network node arranged to receive payment data from at least one said acquiring bank data processing system, wherein, during a given payment transaction, payment data associated with the payment transaction is sent from the first network node to the second network node via at least one said acquiring bank data processing system, the method comprising: storing, at a network node other than the at least one acquiring bank data processing system, further data associated with the transaction from the first network node, at least some of the further data being other than the payment data; and allowing access to the further data by the second network node.
The payment data associated with the payment transaction may be sent from the first network node to the second network node via at least one said acquiring bank data processing system using at least a first protocol, and the further data may comprise data not included in the first protocol.
According to a third aspect of the invention there is provided a computer program product comprising a non-transitory computer-readable storage medium having computer readable instructions stored thereon, the computer readable instructions being executable by a computerized device to cause the computerized device to perform a method of transferring data in a communications system, wherein the communications system comprises at least one first node arranged to send data to a plurality of second nodes using a first protocol, the first protocol allowing the transfer of data of a first type, and wherein at least one of said plurality of second nodes further requires data of a second type, not included in the data sent according to the first protocol, the method comprising: transferring first data to a plurality of the second nodes using the first protocol, the first data being of the first type; storing second data in a memory, the second data being of the second type; and responsive to a request, providing access to at least a part of the second data to the second node.
According to a fourth aspect of the invention there is provided a computer program product comprising a non-transitory computer-readable storage medium having computer readable instructions stored thereon, the computer readable instructions being executable by a computerized device to cause the computerized device to perform a method of processing payment data associated with payment transactions conducted via a network, the network comprising, at least one acquiring bank data processing system, at least a first network node arranged to provide payment data to at least one said acquiring bank data processing system and at least a second network node arranged to receive payment data from at least one said acquiring bank data processing system, wherein, during a given payment transaction, payment data associated with the payment transaction is sent from the first network node to the second network node via at least one said acquiring bank data processing system, the method comprising: storing, at a network node other than the at least one acquiring bank data processing system, further data associated with the transaction from the first network node, at least some of the further data being other than the payment data; and allowing access to the further data by the second network node.
According to a fifth aspect of the invention there is provided apparatus for transferring data in a communications system, wherein the communications system comprises at least one first node arranged to send data to a plurality of second nodes using a first protocol, the first protocol allowing the transfer of data of a first type, and wherein at least one of said plurality of second nodes further requires data of a second type, not included in the data sent according to the first protocol, the apparatus configured to: transfer first data to a plurality of the second nodes using the first protocol, the first data being of the first type; store second data in a memory, the second data being of the second type; and responsive to a request, provide access to at least a part of the second data to the second node.
According to a sixth aspect of the invention there is provided apparatus for processing payment data associated with payment transactions conducted via a network, the network comprising, at least one acquiring bank data processing system, at least a first network node arranged to provide payment data to at least one said acquiring bank data processing system and at least a second network node arranged to receive payment data from at least one said acquiring bank data processing system, wherein, during a given payment transaction, payment data associated with the payment transaction is sent from the first network node to the second network node via at least one said acquiring bank data processing system, the apparatus configured to: store, at a network node other than the at least one acquiring bank data processing system, further data associated with the transaction from the first network node, at least some of the further data being other than the payment data; and allow access to the further data by the second network node.
Further features and advantages will become apparent from the following description of preferred embodiments, given by way of example only, which is made with reference to the accompanying drawings.
Brief Description of the Drawings
Systems, apparatuses and methods will now be described as embodiments, by way of example only, with reference to the accompanying figures in which:
Figure 1 shows a schematic diagram of a communications system in which embodiments of the invention may be practised;
Figure 2 illustrates a method according to an embodiment;
Figure 3 shows a further schematic diagram of a communications system in which embodiments of the invention may be practised;
Figure 4 shows a system in which payment data may be transferred and in which embodiments of the invention may be practised; and
Figure 5 shows a schematic diagram of a network node which may be used in embodiments of the invention.
Some parts, components and/or steps of the embodiments appear in more than one Figure; for the sake of clarity the same reference numeral will be used to refer to the same part, component or step in all of the Figures.
Detailed Description of Illustrative Embodiments
Figure 1 shows a communications system 10 in which data of a first type can be sent from a first node 11 to a plurality of second nodes 12A and 12B using a first protocol, and in which data of a second type, not included in the first protocol, can be transferred to one of the second nodes 12 A. The first node 11 is connected to the second nodes 12A and 12B via a network 13. The network 13 may comprise any number of third nodes, with one, node 14, being shown. First node 11 is connected to the third node 14, which in turn is connected to second nodes 12A and 12B. All of first, second and third nodes 11, 12A/12B and 14 are capable of transferring data according to a first protocol. In addition, the first node 11, and second node 12A have connections to a memory 16.
A method of transferring data in the communications system 10 will now be described with reference to Figure 2. As stated above, the communications system comprises a first node 11 which is arranged to send data to the second nodes 12A and 12B.
In a first step 21, the first node 11 may generate, identify or otherwise determine data to be sent to second node 12 A. While some of the data will be sent using a first protocol, the second node 12A requires data which is not included in this first protocol. As such, the data may be separated into two types, a first type of data which can be sent using the first protocol, and a second type, at least a part of which is not included in the first protocol and therefore cannot be sent using the first protocol. Step 21 may include the steps of identifying that the data is to be sent to a second node 12A which requires the second data, and separating the data accordingly.
Subsequently, in steps 22 and 23, first data, being of the first type included in the protocol, is transferred from the first node 11 to the second node 12 A via the third node 14. In addition, as shown by step 24, the second data, being of the second type and not included in the protocol, is stored in the memory 16. Following these steps, in steps 25 and 26, the second node 12A may access the second data stored in the memory 16. To enable this access, the second node 12A may, in step 25, determine that first data has been received, and accordingly, in step 26, request access to the second data in the memory 16.
In addition, the first node 11 may transfer data to a further second node 12B. This further second node 12B does not require data of the second type. As such, in step 27, analogous to step 21, the first node 11 generates the data to be sent to the further second node 12B. This step may include the first node 11 identifying the further second node 12B, and determining that the further second node 12B does not require data of the second type, i.e. data not included in the protocol. Following step 27, in step 28, the first node 11 may transfer first data (of the first type) to the third node 14, from where, in step 29, it is transferred to the further second node 12B.
As such, it is possible to transfer the data of the second type to the second node 12A which requires it, without any other changes in the protocol. In particular, neither the further second node 12B, nor the third node or nodes 14 in the network 13 required modification for the above to operate.
To enable the effective transfer of the data, the first and second data may comprise a plurality of first and second data items respectively. The second data items may be associated with corresponding first data items. As such, in step 26, the second node 12A may make a request comprise data identifying one or more of the second data items which are desired by the second node 12 A.
This identifying data may be the identity of the second node 12A. In response, the memory 16 may provide all second data items which are associated with first data items sent to that particular second node 12 A. Alternatively, the identifying data may correspond to data included in a corresponding first data item. As such, the second node 12 A, in step 25, may use a received first data item to determine the identifying data to be provided in the request in step 26. One method by which this may be done is to include an identifier in the first data item, and store the second data item in association with the provided identifier.
The first protocol may define a plurality of fields, and the first data accordingly may comprise data corresponding to at least one of the fields. As such, the second data may comprise at least some data which does not correspond to the fields of the first protocol. This out-of-protocol data may include information which is only relevant to the second node 12A.
However, in some embodiments, the second data items may be generated from the first data items. For example, at least a part of a second data item may be generated using at least a part of a corresponding first data item as an input to a data processing algorithm. This data processing algorithm may compute a hash function of the first data. Alternatively, or additionally, the data processing algorithm may compute a digital signature. In order to generate the signature, the first node may use a private key. Alternatively, the first and the second node may share a secret and the digital signature may be computed using the shared secret. By storing this hashed and/or signed data in the memory 16, the second node 12A is able to determine whether the first data has been modified in transit between the first and second nodes, i.e. by the third node 14. The hashed/signed data may be stored in association with an identifier which is provided in the corresponding first data item. For example, the first data item (Di) may have the following format:
Di = { ID, Fi, F2, F3, ... , FN }
where ID is an identifier and Fi etc. represent fields within the first data. As will be apparent, these fields are included in the first protocol.
The corresponding second data item (D2) may have the following format: D2 = {ID, S( H( Di ) ) }
where the functions S( ) and H( ) represent functions for generating a digital signature and hashing respectively.
By signing the first data, or a hash of the first data, the second node 12A may subsequently be able to confirm that the first data received using the protocol via the network 13 was the same as that originally sent by the first node 11. This is because the digital signing will be performed using the first node's private key, and therefore only the first node's public key will return the appropriate first data (or hash of the first data, which can be compared against a similarly generated hash of the received first data).
The first node may also encrypt the second data, using the public key of the second node 12 A. In addition, if data integrity and non-repudiation is important, the first node may also sign the second data using the private key of the first node 11), this can be done to ensure that only the second node 12A is able to interpret the second data. Encryption may not be necessary where the only objective is for the second node 12A to be able to confirm the first data has not been modified, as a hash of the first data - from which the first data cannot be derived - may be sufficient. However, where the second data contains data which is not supported by the first protocol (i.e. additional data), then the second data may be encrypted to ensure that this data cannot be read by any node other than the second node 12 A.
In some embodiments, the first node and the second node have a trust relationship. Moreover, the third node or nodes 14, via which the first data is sent, may not have a trust relationship with the first and the second node. As such, while the second node 12A can trust the second data in the memory 16, the second node cannot trust the first data sent via the untrusted third nodes 14. This may be particularly relevant when the first data, sent using the first protocol, is sent in accordance with a format which can be interpreted by the third node 14. This requirement may be specified by the first protocol. It will be apparent that, being able to interpret the first data, the third node 14 may additionally modify the data. One reason for the third node 14 being able to interpret the data is because the first, the second and the third node are arranged to cooperate in an interaction for which both the second node and the third node require the first data.
It will be apparent that if encryption and/or signing are used, then the memory 16 itself may be publicly available, as only the first node can create the appropriately signed or encrypted data. It will be appreciated that if non-repudiation - that is the ability to confirm the source of the data - is required, then the second data may be signed. Equally if confidentiality is required, then the data may be encrypted. It will be apparent that one or both may be used together.
As mentioned above, the first data is transferred to the second nodes 12A and 12B via one or more third network nodes 14. It will be apparent that each third node 14 will support the first protocol. As such, it may be the case that the one or more third nodes 14 do not support a protocol capable of transferring data of the second type. Nevertheless, any such third node 14 does not require modification for the second data to be transferred to the second node 12 A. This makes it easier to transfer the second data, as the modifications to the existing system are small.
An alternative to system 10 will be described with reference to Figure 3. Many components of system 10 are the same, and therefore have the same reference numerals. In this alternative system 10', the first node 1 1 transfers data to the second nodes 12A and 12B via a network 13. The network in turn comprises third node 14 and a fourth node 15. Fourth node 15 differs from third node 14 in that the fourth node 15 comprises memory 16'.
In use, the first node 11 transmits the first data to the third node 14, and the second data to the fourth node 15. The fourth node 15 may maintain the second data in the memory 16' until it is requested by the second node 12A. However, in some embodiments, the fourth node 15 may combine the first and second data and provide the combination to the second node 12A, i.e. the fourth node allows access to the second data by sending the same to the second node 12 A with the corresponding first data. This arrangement allows the third node 14 to be bypassed by the second data, which may be required if the third node 14 is not trusted, or is incapable of handling the second data - i.e. if the third node 14 only supports protocols which are incapable of transferring the second data.
In some embodiments, the communications system comprises a payment processing network. As such, the first data may comprise transaction data. An example of a payment processing system 40 in which embodiments may be practised will be described with reference to Figure 4.
As with the above description, data - in this case transaction data - is sent from a first node 11 to second nodes 12A and 12B via a network 13. The data comprise first data, sent using a first protocol and second data which is stored in a memory 16.
The first node 11 may be a source of transaction data or payment data. For example, the first node may be a trusted intermediary arranged to provide transaction data on behalf of a customer. The trusted intermediary may store details of payment methods, such as a primary account number or PAN from a credit card, and may be accessed by a customer as part of an online transaction. Alternatively the first node 11 may be a payment device, capable of communicating both the first and second data. For example, a mobile telephone may be arranged to provide the first data to a merchant to effect a transaction. This first data may, for example, be transferred using near-field communications. Additionally, the first node 11 may provide second data via a mobile communications network. The above are only two examples, and other entities or systems capable of providing the first and second data according to embodiments will be apparent to the skilled person.
The second nodes 12A and 12B may be issuing bank payment processing systems (henceforth issuing banks).
In this embodiment, the network 13 comprises a plurality of Payment Service
Providers, or PSPs, 41 A and 4 IB; a plurality of acquiring bank payment processing systems 42A and 42B (henceforth acquiring bank); and a card system data processing system 43. It will be understood that this list of possible entities making up the nodes is not limiting, and the nodes within the network may include, for example, a merchant processing system.
In this example, the first node 11 is connected to the plurality of PSPs 41 A and 41B. The PSPs 41A and 41B are in turn each connected to acquiring banks 42A and 42B. Typically a given PSP is connected to multiple acquiring banks, and a given acquiring bank will be connected to multiple PSPs. This leads to the overlap in connections shown. The acquiring banks 42A and 42B are connected to the card system data processing system 43, which is connected to the issuing banks 12A and 12B.
In use, payment data, i.e. the first data described above, may be transmitted from the first node 11 via the network 13 to the issuing banks 12A and 12B using known protocols for transmitting payment data. The payment data is typically transmitted via one PSP and one acquiring bank to the card system, and from there to the issuing banks 12A and 12B. This process is known in the art and need not be described in detail. Nevertheless, since the choice of PSP and acquiring bank is typically made by a merchant, for any given transaction, any combination of PSP and acquiring bank may transfer the first data.
This illustrates a problem with a typical payment processing system. An extension of the existing protocols for transmitting additional data would need to be implemented by all, or at least the majority, of the PSPs, acquiring banks and the card system 43. Since the PSPs, acquiring banks and card system 43 may each be operated by a different company, effecting this implementation of a change in the protocol would be difficult, and require substantial coordination between organisations.
By contrast, embodiments provide a more convenient alternative. First data - the payment data - is sent via the conventional payment network 13 and can therefore be processed in the conventional manner to effect a transaction. In addition, second data may be stored in the memory 16, and subsequently retrieved by a second node 12A (i.e. an issuing bank).
In one particular embodiment, the second data may be used to verify the first data. As such, the second data may be a signed hash of the first data (or similar, as described above). Accordingly, an issuing bank, receiving payment data, will be able to verify that the first data was generated by the first node 11, and that the first data has not been altered in transit. The trust relationship between the first and second nodes described above may be used to enable the second node to trust the first node.
The above is only one implementation of the invention within a payment processing system, and in embodiments, the first node may for example comprise any, or some, of:
- the trusted intermediary arranged to provide transaction data on behalf of a customer as mentioned above; - a payment device capable of independently providing second data to the memory;
- a merchant data processing system;
- a payment service provider (PSP); and
- an acquiring bank data processing system.
Moreover, the second nodes 12A and 12B, as an alternative (or in addition) to comprising an issuing bank data processing system, may alternatively or additionally comprise:
a fraud detection processing system;
an acquiring bank data processing system; and/or
an accounting system.
Whatever the nature of the first and the second nodes, it will be apparent that any data, related to a transaction, but which is not conventionally processed by existing payment processing systems within network 13, may be stored in the memory 16. For example, a copy of the receipt, or of the information contained on a receipt, may be provided. This information may include a detailed description of the goods or services purchased, a location of the point of sale, an address for delivery, whether any discounts were applied, a geolocation of the payment instrument in relation to any point of sale device used, a device identifier of the point of sale device, an IP address of a point of sale device or of a computer used to make an online purchase, spatial movements, biometric information, etc.
Subsequently, this data may be combined with the actual payment data transmitted via the payment network 13. Where the second node is an accounting system, or an accounting program provided by an issuing bank, the data may be input into an accounting program, enabling customers to review spending in detail.
While the memory 16 has been shown separately, it will be appreciated that the memory may be combined with any of the network nodes. For example the memory may be combined with the card payment system 43. This might be similar to the arrangement for node 15 shown in Figure 3.
As such, in summary, embodiments may provide a method of processing payment data associated with payment transactions conducted via a network, where the network comprises,
- at least one acquiring bank data processing system, - at least a first network node, which may be, for example, a trusted intermediary as described above, arranged to provide payment data to at least one of the acquiring bank data processing systems, and
- at least a second network node, which may be, for example, an issuing bank data processing system as described above, arranged to receive payment data from at least one of the acquiring bank data processing system.
During a given payment transaction, payment data associated with the payment transaction may be sent from the first network node to the second network node via the acquiring bank data processing system. In addition, further data associated with the transaction, at least some of the further data being other than the payment data, may be stored at a network node other than the at least one acquiring bank data processing system. Subsequently, access to the further data, by the second network node, may be allowed.
The payment data associated with the payment transaction may be sent from the first network node to the second network node via at least one said acquiring bank data processing system using at least a first protocol, and the further data may comprises data not included in the first protocol.
It will be understood that the data stored in the memory 16 may, in some cases, not be retrieved. As such, the second node 12A may be selective over what data is retrieved. Alternatively, the first node 11 may store second data irrespective of the second node to which the corresponding first data is sent - in other words, the identifying step 21 and 27 may be simplified or omitted. Only second nodes which require the second data, or desire second data for a particular instance, may retrieve the second data. However, in such circumstances, the first node does not require information on which nodes require data and which do not. The memory may store data with a limited lifetime. That is data may be deleted irrespective of whether it has been retrieved after a predetermined period of time.
The network nodes, including those described in relation to the payment system and the memory 16, may comprise computerised hardware as is known in the art. Nevertheless, for completeness, a exemplary computerised system 50, capable of performing the method steps described above, will now be described with reference to
Figure 5. The computerised system 50 comprises a processing system 51, such as a CPU, or an array of CPUs. The processing system 51 is connected to a memory 52, such as volatile memory (e.g. RAM) or non-volatile memory, for example a solid state (SSD) memory or hard disk drive memory. The memory 52 stores computer readable instructions 53. The system 50 may also comprise an interface 54, capable of transmitting and/or receiving data from other network nodes.
In use the processing system 51 may retrieve the computer instructions 53 from memory 52 and execute these instructions whereby to perform the steps described above. In so doing, the processing system 51 may cause the interface to transmit or receive data as required. This data may itself be stored in memory 52, and retrieved as required - for example to be transmitted via the interface.
It is to be understood that any feature described in relation to any one embodiment may be used alone, or in combination with other features described, and may also be used in combination with one or more features of any other of the embodiments, or any combination of any other of the embodiments. Furthermore, equivalents and modifications not described above may also be employed without departing from the scope of the invention, which is defined in the accompanying claims. The features of the claims may be combined in combinations other than those specified in the claims.

Claims

Claims
1. A method of transferring data in a communications system, the communications system comprising at least one first node arranged to send data to a plurality of second nodes using a first protocol, the first protocol allowing the transfer of data of a first type, and wherein at least one of said plurality of second nodes further requires data of a second type, not included in the data sent according to the first protocol, the method comprising:
transferring first data to a plurality of the second nodes using the first protocol, the first data being of the first type;
storing second data in a memory, the second data being of the second type; and responsive to a request, providing access to at least a part of the second data to the second node.
2. The method of claim 1, wherein the first data comprises a plurality of first data items, and the second data comprises a plurality of second data items associated with corresponding first data items.
3. The method of claim 2, wherein the request comprises data identifying at least one second data item.
4. The method of claim 3, wherein the data identifying at least one second data item corresponds to an identity of said at least one second node.
5. The method of claim 3 or claim 4, wherein the data identifying at least one second data item corresponds to data included in a corresponding first data item.
6. The method of claim 5, wherein the first data items comprise identifiers, and the at least one second data item is stored in association with an identifier of a corresponding first data item.
7. The method of any of claims 2 to 6, comprising generating at least a part of a second data item using at least a part of a corresponding first data item as an input to a data processing algorithm.
8. The method of claim 7, wherein the data processing algorithm computes a hash function.
9. The method of claim 7 or claim 8, wherein the data processing algorithm computes a digital signature
10. The method of claim 9, wherein the digital signature is computed using cryptographic key.
11. The method of any of the preceding claims, wherein the first node and the second node have a trust relationship.
12. The method of claim 11, wherein the first data is sent via at least a third node which does not have a trust relationship with the first and the second node.
13. The method of claim 12, wherein the first data sent using the first protocol is sent in accordance with a format, said format being one that can be interpreted by the third node.
14. The method of claim 12 or claim 13, wherein the first, the second and the third node are arranged to cooperate in an interaction for which both the second node and the third node require said first data.
15. The method of any of the preceding claims, wherein the first data is transferred to the plurality of second nodes via one or more further network nodes, each supporting the first protocol.
16. The method of claim 15, wherein at least one of the one or more further network nodes does not support a protocol capable of transferring data of the second type.
17. The method of any of the preceding claims, wherein the first protocol defines a plurality of fields, and the first data comprises data corresponding to at least one of the fields, and wherein the second data comprises at least some data which does not correspond to the fields of the first protocol.
18. The method of any of the preceding claims, wherein the network comprises a payment processing network, and the first data comprises transaction data.
19. The method of claim 18, wherein the first node comprises one or more of:
a trusted intermediary arranged to provide transaction data on behalf of a customer;
a merchant data processing system;
a payment service provider (PSP); and
an acquiring bank data processing system.
20. The method of claim 18 or claim 19, wherein the network comprises one or more third nodes between the first and second nodes, the one or more nodes comprising at least one of:
a merchant data processing system;
a payment service provider (PSP);
an acquiring bank data processing system; and
a card system data processing system.
21. The method of any of claims 18 to 20, wherein said at least one second node comprises one or more of:
an issuing bank computing system;
a fraud detection processing system; and
an accounting system.
22. A method of processing payment data associated with payment transactions conducted via a network, the network comprising, at least one acquiring bank data processing system, at least a first network node arranged to provide payment data to at least one said acquiring bank data processing system and at least a second network node arranged to receive payment data from at least one said acquiring bank data processing system, wherein, during a given payment transaction, payment data associated with the payment transaction is sent from the first network node to the second network node via at least one said acquiring bank data processing system, the method comprising:
storing, at a network node other than the at least one acquiring bank data processing system, further data associated with the transaction from the first network node, at least some of the further data being other than the payment data; and
allowing access to the further data by the second network node.
23. The method of claim 22, wherein the payment data associated with the payment transaction is sent from the first network node to the second network node via at least one said acquiring bank data processing system using at least a first protocol, and wherein the further data comprises data not included in the first protocol.
24. A computer program product comprising a non-transitory computer- readable storage medium having computer readable instructions stored thereon, the computer readable instructions being executable by a computerized device to cause the computerized device to perform a method of transferring data in a communications system, wherein the communications system comprises at least one first node arranged to send data to a plurality of second nodes using a first protocol, the first protocol allowing the transfer of data of a first type, and wherein at least one of said plurality of second nodes further requires data of a second type, not included in the data sent according to the first protocol, the method comprising:
transferring first data to a plurality of the second nodes using the first protocol, the first data being of the first type;
storing second data in a memory, the second data being of the second type; and responsive to a request, providing access to at least a part of the second data to the second node.
25. A computer program product comprising a non-transitory computer- readable storage medium having computer readable instructions stored thereon, the computer readable instructions being executable by a computerized device to cause the computerized device to perform a method of processing payment data associated with payment transactions conducted via a network, the network comprising, at least one acquiring bank data processing system, at least a first network node arranged to provide payment data to at least one said acquiring bank data processing system and at least a second network node arranged to receive payment data from at least one said acquiring bank data processing system, wherein, during a given payment transaction, payment data associated with the payment transaction is sent from the first network node to the second network node via at least one said acquiring bank data processing system, the method comprising:
storing, at a network node other than the at least one acquiring bank data processing system, further data associated with the transaction from the first network node, at least some of the further data being other than the payment data; and
allowing access to the further data by the second network node.
26. Apparatus for transferring data in a communications system, wherein the communications system comprises at least one first node arranged to send data to a plurality of second nodes using a first protocol, the first protocol allowing the transfer of data of a first type, and wherein at least one of said plurality of second nodes further requires data of a second type, not included in the data sent according to the first protocol, the apparatus being configured to:
transfer first data to a plurality of the second nodes using the first protocol, the first data being of the first type;
store second data in a memory, the second data being of the second type; and responsive to a request, provide access to at least a part of the second data to the second node.
27. Apparatus for processing payment data associated with payment transactions conducted via a network, the network comprising, at least one acquiring bank data processing system, at least a first network node arranged to provide payment data to at least one said acquiring bank data processing system and at least a second network node arranged to receive payment data from at least one said acquiring bank data processing system, wherein, during a given payment transaction, payment data associated with the payment transaction is sent from the first network node to the second network node via at least one said acquiring bank data processing system, the apparatus being configured to:
store, at a network node other than the at least one acquiring bank data processing system, further data associated with the transaction from the first network node, at least some of the further data being other than the payment data; and
allow access to the further data by the second network node.
PCT/GB2014/050866 2013-03-19 2014-03-19 A method and system for transferring data WO2014147399A1 (en)

Priority Applications (10)

Application Number Priority Date Filing Date Title
CN201480017318.9A CN105051769B (en) 2013-03-19 2014-03-19 It is used for transmission the method and system of data
EP14718448.5A EP2976739B1 (en) 2013-03-19 2014-03-19 A method and system for transferring data
ES14718448T ES2791185T3 (en) 2013-03-19 2014-03-19 Method and system to transfer data
KR1020157029687A KR102202549B1 (en) 2013-03-19 2014-03-19 A method and system for transferring data
MX2015012717A MX2015012717A (en) 2013-03-19 2014-03-19 A method and system for transferring data.
CA2907515A CA2907515C (en) 2013-03-19 2014-03-19 A method and system for transferring data
AU2014234005A AU2014234005A1 (en) 2013-03-19 2014-03-19 A method and system for transferring data
US14/858,185 US10348805B2 (en) 2013-03-19 2015-09-18 Method and system for transferring data
US16/418,542 US11381632B2 (en) 2013-03-19 2019-05-21 Method and system for transferring data
US17/690,686 US11924270B2 (en) 2013-03-19 2022-03-09 Method and system for transferring data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1305040.6 2013-03-19
GB1305040.6A GB2512080A (en) 2013-03-19 2013-03-19 A method and system for transferring data

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/858,185 Continuation US10348805B2 (en) 2013-03-19 2015-09-18 Method and system for transferring data

Publications (1)

Publication Number Publication Date
WO2014147399A1 true WO2014147399A1 (en) 2014-09-25

Family

ID=48226687

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2014/050866 WO2014147399A1 (en) 2013-03-19 2014-03-19 A method and system for transferring data

Country Status (10)

Country Link
US (3) US10348805B2 (en)
EP (1) EP2976739B1 (en)
KR (1) KR102202549B1 (en)
CN (1) CN105051769B (en)
AU (1) AU2014234005A1 (en)
CA (1) CA2907515C (en)
ES (1) ES2791185T3 (en)
GB (1) GB2512080A (en)
MX (1) MX2015012717A (en)
WO (1) WO2014147399A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10348805B2 (en) 2013-03-19 2019-07-09 Visa Europe Limited Method and system for transferring data

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681329A (en) * 2016-02-29 2016-06-15 浪潮(苏州)金融技术服务有限公司 Data processing method and device
CN109584066B (en) * 2018-10-31 2020-09-01 阿里巴巴集团控股有限公司 Privacy transaction based on block chain and application method and device thereof
CN112416036B (en) * 2020-10-23 2022-06-10 重庆电子工程职业学院 Greenhouse environment monitoring system
US20240323127A1 (en) * 2021-07-16 2024-09-26 Beijing Xiaomi Mobile Software Co., Ltd. Data transmission method, data transmission device, and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020178122A1 (en) * 2001-05-23 2002-11-28 International Business Machines Corporation System and method for confirming electronic transactions
US20100017334A1 (en) * 2008-07-16 2010-01-21 Masayuki Itoi Authentication system and authentication method
US20120072346A1 (en) * 2010-09-16 2012-03-22 Yomir Sp System and method for securing and authenticating purchase transactions
WO2012073014A1 (en) * 2010-11-29 2012-06-07 Mobay Technologies Limited A system for verifying electronic transactions

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5198975A (en) * 1989-11-30 1993-03-30 Valley National Bank Apparatus and method for processing of check batches in banking operations
US5783808A (en) * 1996-01-11 1998-07-21 J. D. Carreker And Associates, Inc. Electronic check presentment system having transaction level reconciliation capability
US5691524A (en) * 1991-07-17 1997-11-25 J.D. Carreker And Associates, Inc. Electronic check presentment system having a non-ECP exceptions notification system incorporated therein
US5237159A (en) * 1991-07-17 1993-08-17 J. D. Carreker And Associates Electronic check presentment system
US6181837B1 (en) * 1994-11-18 2001-01-30 The Chase Manhattan Bank, N.A. Electronic check image storage and retrieval system
US5717868A (en) * 1995-03-07 1998-02-10 Huntington Bancshares Inc. Electronic payment interchange concentrator
US6301379B1 (en) * 1996-01-17 2001-10-09 Carreker-Antinori, Inc. Electronic check presentment systems and methods employing volatile memory datastore access techniques
EP0917119A3 (en) * 1997-11-12 2001-01-10 Citicorp Development Center, Inc. Distributed network based electronic wallet
US8266266B2 (en) * 1998-12-08 2012-09-11 Nomadix, Inc. Systems and methods for providing dynamic network authorization, authentication and accounting
US6327578B1 (en) * 1998-12-29 2001-12-04 International Business Machines Corporation Four-party credit/debit payment protocol
US6398646B1 (en) 2000-01-06 2002-06-04 Melange Computer Services, Inc. Method and system for storing preselected numbers for use in games of bingo
US7584125B2 (en) * 2000-06-26 2009-09-01 Jpmorgan Chase Bank, N.A. Electronic check presentment system and method having an item sequence capability
US20080147564A1 (en) * 2001-06-26 2008-06-19 Tara Chand Singhal Security in use of bankcards that protects bankcard data from merchant systems in a payment card system
US7136840B2 (en) * 2001-04-20 2006-11-14 Intertrust Technologies Corp. Systems and methods for conducting transactions and communications using a trusted third party
FR2824407B1 (en) * 2001-05-07 2003-07-25 Cegetel METHOD FOR SECURING A PAYMENT FROM A CUSTOMER TO A MERCHANT, LOCATION CENTER AND CORRESPONDING SYSTEM
US7099845B2 (en) * 2001-08-16 2006-08-29 Ncr Corporation Electronic check presentment with image interchange system and method of operating an electronic check presentment with image interchange system
US7058612B2 (en) * 2002-06-04 2006-06-06 Bottomline Technologies, (De) Inc. System and method for producing and verifying secure negotiable instruments
US7644019B2 (en) 2003-04-21 2010-01-05 Buysafe, Inc. Safe transaction guaranty
EP1697816A4 (en) * 2003-11-26 2008-12-17 Fx Alliance Llc Protocol-independent asset trading system and methods
US7165723B2 (en) * 2003-12-31 2007-01-23 Bank Of America Corporation System and method for the processing of MICR documents that produce read errors
AU2005259948A1 (en) * 2004-06-25 2006-01-12 Chockstone, Inc. Payment processing method and system
US7447347B2 (en) * 2005-02-17 2008-11-04 Vectorsgi, Inc. Method and system for retaining MICR code format
KR20070120125A (en) * 2005-04-19 2007-12-21 마이크로소프트 코포레이션 Network commercial transactions
US7451481B2 (en) * 2005-04-29 2008-11-11 Merchant Link, Llc Database system and method for encryption and protection of confidential information
US10032160B2 (en) * 2005-10-06 2018-07-24 Mastercard Mobile Transactions Solutions, Inc. Isolating distinct service provider widgets within a wallet container
US20070204157A1 (en) * 2006-02-07 2007-08-30 Lecroy Corporation Method and apparatus for using out of band captured protocol traffic to facilitate in band traffic capturing
US8923827B2 (en) 2007-01-09 2014-12-30 Visa U.S.A. Inc. Mobile payment management
US8121942B2 (en) 2007-06-25 2012-02-21 Visa U.S.A. Inc. Systems and methods for secure and transparent cardless transactions
GB0904877D0 (en) * 2009-03-20 2009-05-06 Global Refund Holdings Ab Interface module, system and method
US20110213711A1 (en) 2010-03-01 2011-09-01 Entrust, Inc. Method, system and apparatus for providing transaction verification
BR112014014587A8 (en) * 2011-12-13 2017-07-04 Visa Int Service Ass method for processing a message and server computer
US10949815B2 (en) * 2011-12-13 2021-03-16 Visa International Service Association Integrated mobile trusted service manager
EP2672442A1 (en) * 2012-06-05 2013-12-11 Nxp B.V. Multi-protocol communication circuit
GB2512080A (en) 2013-03-19 2014-09-24 Visa Europe Ltd A method and system for transferring data
US11055710B2 (en) * 2013-05-02 2021-07-06 Visa International Service Association Systems and methods for verifying and processing transactions using virtual currency
US20140358789A1 (en) * 2013-05-30 2014-12-04 B. Scott Boding Acquirer facing fraud management system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020178122A1 (en) * 2001-05-23 2002-11-28 International Business Machines Corporation System and method for confirming electronic transactions
US20100017334A1 (en) * 2008-07-16 2010-01-21 Masayuki Itoi Authentication system and authentication method
US20120072346A1 (en) * 2010-09-16 2012-03-22 Yomir Sp System and method for securing and authenticating purchase transactions
WO2012073014A1 (en) * 2010-11-29 2012-06-07 Mobay Technologies Limited A system for verifying electronic transactions

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10348805B2 (en) 2013-03-19 2019-07-09 Visa Europe Limited Method and system for transferring data
US11381632B2 (en) 2013-03-19 2022-07-05 Visa Europe Limited Method and system for transferring data
US11924270B2 (en) 2013-03-19 2024-03-05 Visa Europe Limited Method and system for transferring data

Also Published As

Publication number Publication date
EP2976739B1 (en) 2020-05-06
EP2976739A1 (en) 2016-01-27
ES2791185T3 (en) 2020-11-03
US20220201064A1 (en) 2022-06-23
US20190273774A1 (en) 2019-09-05
GB2512080A (en) 2014-09-24
CA2907515A1 (en) 2014-09-25
CN105051769B (en) 2019-12-03
KR102202549B1 (en) 2021-01-13
KR20150131318A (en) 2015-11-24
CN105051769A (en) 2015-11-11
US10348805B2 (en) 2019-07-09
US20160014195A1 (en) 2016-01-14
AU2014234005A1 (en) 2015-10-15
US11924270B2 (en) 2024-03-05
CA2907515C (en) 2021-11-02
MX2015012717A (en) 2016-07-26
US11381632B2 (en) 2022-07-05
GB201305040D0 (en) 2013-05-01

Similar Documents

Publication Publication Date Title
US11924270B2 (en) Method and system for transferring data
US11876905B2 (en) System and method for generating trust tokens
US11483157B2 (en) Management of cryptographically secure exchanges of data using permissioned distributed ledgers
US10956901B2 (en) Methods, apparatus and computer program products for securely accessing account data
KR102479086B1 (en) Static Token System and Method for Representing Dynamic Real Credentials
US11250391B2 (en) Token check offline
US10164996B2 (en) Methods and systems for providing a low value token buffer
AU2017267715A1 (en) Systems and methods for creating subtokens using primary tokens
US20160125402A1 (en) Method and device for payment using token
US20150262164A1 (en) Cloud-based secure storage
US20220245262A1 (en) Secure information storage, transfer and computing
WO2019246040A1 (en) Instant digital issuance
US11716200B2 (en) Techniques for performing secure operations
US20190260715A1 (en) Computer system, connection apparatus, and processing method using transaction
US20200175512A1 (en) Key Generation in Secure Electronic Payment Systems
WO2021204042A1 (en) Registration of organization identification number
JP6719006B1 (en) Information processing device, information processing method, and program
WO2024062480A1 (en) Platform and method for encrypted interaction

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201480017318.9

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14718448

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: MX/A/2015/012717

Country of ref document: MX

ENP Entry into the national phase

Ref document number: 2907515

Country of ref document: CA

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2014718448

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2014234005

Country of ref document: AU

Date of ref document: 20140319

Kind code of ref document: A

Ref document number: 20157029687

Country of ref document: KR

Kind code of ref document: A