WO2020123191A1 - Methods, systems and computer program products for token based payment transactions - Google Patents

Abstract

The invention provides methods, systems and computer program products for dynamic token based payment transactions. The invention comprises (i) responsive to a request for implementing a payment transaction, encoding at a POS terminal, a first electronic token comprising information corresponding to the payment transaction under implementation, and payee information, (ii) receiving from a payor terminal, a second electronic token generated upon extraction of information from the first electronic token at the payor terminal, and comprising payor payment account information, and payor transaction history information, (iii) extracting from the second electronic token, the payor payment account information and payor transaction history information, (iv) comparing information extracted from the second electronic token with information encoded within the first electronic token, and (v) authenticating the payment transaction under implementation based on the comparison.

Description

METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR TOKEN BASED PAYMENT TRANSACTIONS

CROSS-REFERENCE TO RELATED APPLICATION

This application claims the benefit of, and priority to, Indian Patent Application No. 201811047172 filed on December 13, 2018. The entire disclosure of the above application is incorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates to the domain of electronic payment transactions, and more particularly to methods, systems and computer program products for dynamic electronic token based payment transactions.

BACKGROUND OF THE INVENTION

Electronic payment transactions involving payors’ paying merchants, retailers or service providers electronically for goods or services received are increasingly common. A popular type of electronic payment transaction involves initiating payment based on a token that identifies the source of funding (i.e. the payor’s payment instrument and other payment details). Payment tokens typically contain static information such as a payor’s account number and payment account information - identifying the source of payment. When a credit card (which is a form of a physical token) is swiped at a point-of-sale (POS) terminal, the card number is directly or indirectly transmitted to a centralized payment processing system (for example a payment network). Before authorizing payment, the centralized payment processing system may verify whether the account exists and is active, whether the account can fund the transaction or whether the transaction appears to be fraudulent.

Physical tokens such as credit cards cannot be easily modified or replaced (in case of loss) - and need to be carried by the payor to enable initiation of payment. Consequently, systems that allow a payor to pay for a transaction at a POS terminal by using a mobile device to display an electronic token comprising a machine readable object (for example, a barcode or a QR code) are gaining wider acceptance. The POS terminal reads the electronic token, extracts the payor’s payment instrument information and other payment details and transmits this information to the centralized payment processing system along with other details of the payment transaction (for example the transaction amount and the payee’s payment account details) for execution of the transaction.

Static electronic tokens do however present disadvantages - including susceptibility to fraudulent transactions by any unauthorized party that manages to obtain an image of the electronic token or who manages to spoof the electronic token. Additionally, in situations where a centralized payment processing system or a payee or a POS terminal does not have network access (for example due to a network problem, power outage, or other issues), the electronic token cannot be accepted without undertaking a significant risk of fraud - since the payee has no way of confirming that the electronic token is a valid token. While a payee may choose to save the electronic token, provide the goods or services to the customer, and subsequently attempt to process the payment after network access is restored, the payee runs the risk of not getting paid if the token is a fraud. Additionally, each time a payor’s electronic token is read by a payee, the payor runs the risk of payment token theft or misappropriation by or through the payee.

There is accordingly a requirement for electronic token based payments that are secure, reduce the risk of fraud and token theft, and which enable completion of transactions even in the absence of network access.

SUMMARY

The invention provides methods, systems and computer program products for dynamic token based payment transactions.

In an embodiment, the invention comprises a method for implementing an electronic token based payment transaction. The method comprises the steps of (i) responsive to a request for implementing a payment transaction, encoding at a POS terminal, a first electronic token comprising information corresponding to the payment transaction under implementation, and payee information, (ii) receiving from a payor terminal, a second electronic token generated upon extraction of information from the first electronic token at the payor terminal, wherein the second electronic token comprises payor payment account information, and payor transaction history information, (iii) extracting from the second electronic token, the payor payment account information and payor transaction history information, (iv) comparing information extracted from the second electronic token with information encoded within the first electronic token, and (v) authenticating the payment transaction under implementation and proceeding to implement a transfer of payment from a payor to a payee, in response to determining that the information extracted from the second electronic token includes information encoded within the first electronic token.

The information corresponding to the payment transaction under implementation that is encoded within the first electronic token may include at least one of the transaction amount and the payee’s payment account information.

In an embodiment of the method, the first electronic token includes payee transaction history information.

In a further method embodiment, at least a sub-set of information within the first electronic token is extracted at the payor terminal and is included within an upated payor transaction history record. The sub-set of information within the first electronic token may be included within the updated payor transaction history record prior to generation of the second electronic token.

In a particular embodiment, the second electronic token comprises information retrieved from the updated payor transaction history record.

The payment transaction under implementation may be authenticated in response to determining that the payor transaction history information extracted from the second electronic token includes the information corresponding to the payment transaction under implementation that has been encoded within the first electronic token.

In a specific embodiment of the method, at least one of the first electronic token and the second electronic token is a machine readable object comprising any of a code, cipher, machine readable data representation, 1- dimensional bar code, 2-dimensional bar code, linear bar code or QR code.

The invention additionally provides a system for implementing an electronic token based payment transaction. The system includes a point-of-sale (POS) terminal comprising at least one processor configured to (i) respond to a request for implementing a payment transaction, by encoding at the POS terminal, a first electronic token comprising information corresponding to the payment transaction under implementation, and payee information, (ii) receive from a payor terminal, a second electronic token generated upon extraction of information from the first electronic token at the payor terminal, wherein the second electronic token comprises payor payment account information, and payor transaction history information, (iii) extract from the second electronic token, the payor payment account information and payor transaction history information, (iv) compare information extracted from the second electronic token with information encoded within the first electronic token, and (v) authenticate the payment transaction under implementation and proceed to implement a transfer of payment from a payor to a payee, in response to determining that the information extracted from the second electronic token includes information encoded within the first electronic token.

The POS terminal may be configured such that information corresponding to the payment transaction under implementation that is encoded within the first electronic token includes at least one of the transaction amount and the payee’s payment account information.

In an embodiment, the POS terminal is configured such that the first electronic token includes payee transaction history information.

In a specific embodiment of the system, at least a sub-set of information within the first electronic token is extracted at the payor terminal and is included within an upated payor transaction history record.

The sub-set of information within the first electronic token may be included within the updated payor transaction history record prior to generation of the second electronic token.

In an embodiment of the system, the second electronic token comprises information retrieved from the updated payor transaction history record.

The POS terminal may be configured such that the payment transaction under implementation is authenticated in response to determining that the payor transaction history information extracted from the second electronic token includes the information corresponding to the payment transaction under implementation that has been encoded within the first electronic token.

In a particular system embodiment, at least one of the first electronic token and the second electronic token is a machine readable object comprising any of a code, cipher, machine readable data representation, 1 -dimensional bar code, 2- dimensional bar code, linear bar code or QR code.

The invention further provides a computer program product for implementing an electronic token based payment transaction, comprising a non- transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code comprising instructions for (i) responsive to a request for implementing a payment transaction, encoding at a POS terminal, a first electronic token comprising information corresponding to the payment transaction under implementation, and payee information, (ii) receiving from a payor terminal, a second electronic token generated upon extraction of information from the first electronic token at the payor terminal, wherein the second electronic token comprises payor payment account information, and payor transaction history information, (iii) extracting from the second electronic token, the payor payment account information and payor transaction history information, (iv) comparing information extracted from the second electronic token with information encoded within the first electronic token, and (v) authenticating the payment transaction under implementation and proceeding to implement a transfer of payment from a payor to a payee, in response to determining that the information extracted from the second electronic token includes information encoded within the first electronic token.

BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS

Figure 1 illustrates a prior art system environment for implementing electronic token based payment transactions.

Figure 2 illustrates a system environment configured in accordance with the teachings of the present invention for enabling dynamic electronic token based payment transactions.

Figure 3 illustrates a method for implementing a dynamic electronic token based payment transactions.

Figure 4 is a communication flow diagram illustrating communication flow between system entities for implementing the Figure 3 method for dynamic electronic token based payment transactions.

Figure 5 illustrates an exemplary first dynamic electronic token of a kind generated in implementing the method of Figure 3.

Figure 6 illustrates an exemplary second dynamic electronic token of a kind generated in implementing the method of Figure 3.

Figure 7 illustrates method steps that are implemented at a payor terminal in a specific embodiment of the method of Figure 3.

Figure 8 illustrates method steps that are implemented at a POS terminal in a specific embodiment of the method of Figure 3.

Figure 9 illustrates an exemplary computer system according to which various embodiments of the present invention may be implemented. DETAILED DESCRIPTION

The invention provides methods, systems and computer program products for dynamic electronic token based payment transactions.

For the purposes of the present invention, the term“electronic token” shall be understood to refer to any machine-readable object that encodes transaction information, payee information or payor information - and may comprise any code, cipher, machine readable data representation, or 1 -dimensional or 2-dimensional bar codes (including by way of example linear bar codes or QR codes) that is optically readable by an appropriately configured machine reader.

For the purposes of the invention the terms“payor”,“consumer” and “customer” may be used interchangeably to designate an individual or entity making an electronic payment, and the terms“payee” and“merchant” may be used interchangeably to designate an individual or entity receiving an electronic payment.

Figure 1 illustrates a prior art system environment 100 for implementing electronic token based payment transactions. System environment 100 comprises a payor 102 having access to payor terminal 104, a POS terminal 108, network 110, acquirer 112 and issuer 114.

Payor terminal 104 may comprise any communication terminal configured for network based communication. In specific embodiments, payor terminal 104 may comprise a mobile communication device or a smartphone. Said payor terminal 104 may include a display 1042, a user interface 1044, processor 1046, communication transceiver 1048 and memory 1050, which memory 1050 may include transitory memory and / or non-transitory memory. In an exemplary embodiment, memory 1050 may have stored therewithin, (i) an operating system 1052 configured for managing device hardware and software resources and that provides common services for software programs implemented within payor terminal 104, (ii) a mobile wallet application (or a software payment application) 1050 configured to enable electronic payments from payor terminal 104, and (iii) a token generator 1056.

Token generator 1056 may comprise an electronic token generator configured to generate an electronic token comprising an encoded machine readable object (for example a barcode or QR code) that encodes payor’s payment account information. In response to a payment instruction received from the payor 102 through user interface 1044, mobile wallet application 1054 may initiate generation of an electronic token 106 at token generator 1056 - which electronic token 106 may comprise an encoded machine readable representation of one or more transaction details (for example, the transaction amount) and payor’s payment account information (for example, payor’s payment account number, name or identifier of a payment institution with which the payor’s payment account is held, and payor’s authentication information).

In an embodiment, the generated electronic token 106 may be displayed on display 1042 of payor terminal 1042 - from where it can be scanned, imaged or otherwise captured and parsed by POS terminal 108. POS terminal 108 may in various embodiments comprise any of a computer implemented point-of-sale device 1082, a mobile communication device implemented point-of-sale device 1084, or a cash register implemented point-of-sale device 1086. Said POS terminal 108 may include one or more scanning or imaging devices configured to capture or read electronic token 106 - whereafter information encoded within electronic token 106 may be decoded and the payor’s payment account information and transaction details extracted from electronic token 106 may be used by POS terminal 108 to initiate the requested payment transaction.

As shown in Figure 1, POS terminal 108 may conclude the requested payment transaction by sending a transaction request through network 110 (for example, a card payment network or a data network) to an acquirer institution 112 (with which the payee holds a payment account). Acquirer institution 112 may thereafter identify an issuer institution 114 (with which the payor’s payment account is held), and forward the payment request and information regarding the payee and payee’s payment account to said issuer institution for conclusion of the payment transaction. Subject to the payor’s payment account having sufficient funds to conclude the payment transaction, and authentication of the payor identity and the payment request, issuer institution 114 may debit the transaction amount from the payor’s payment account, and the debited transaction amount may be credited to the payee’s payment account held with acquirer institution 112. One or both of the payor and the payee may thereafter be notified of conclusion of the transaction.

As discussed above, system environments of the type illustrated in Figure 1 are susceptible to fraudulent transactions by third parties who manage to obtain the payor’s electronic token or to spoof the payor’s electronic token. Such solutions are additionally ineffective in circumstances where POS terminal 108 does not have network access and is therefore unable to authenticate the payor’s identity prior to execution of the transaction.

Figure 2 illustrates a system environment 200 in accordance with the present invention for implementing secure electronic token based payment transactions regardless of whether the POS terminal has network access.

System environment 200 includes a payor 202 having access to payor terminal 204, a POS terminal 208, network 210, acquirer 212 and issuer 214.

Payor terminal 204 may comprise any communication terminal configured for network based communication. In specific embodiments, payor terminal 204 may comprise a mobile communication device or a smartphone. Said payor terminal 204 may include a mobile wallet application (or a software payment application) 2042 configured to enable electronic payments from payor terminal 204, a token generator 2044 configured to generate electronic tokens, a token reader 2046 configured to extract information from electronic tokens, and hardware 2048 comprising one or more of a display, user interface, processor, communication transceiver and memory. Flardware 2048 may additionally include one or more sensors (for example image sensors) configured to capture or acquire electronic tokens for the purposes of extracting information from such electronic tokens.

POS terminal 208 may comprise a payment register 2082 configured to process payment instructions or payment transactions sought to be executed at said terminal, a token reader 2084 configured to extract information from electronic tokens, a token generator 2086 configured to generate electronic tokens, and hardware 2088 comprising one or more of a display, user interface, processor, communication transceiver and memory. In an embodiment of the invention, token reader 2084 within POS terminal 208 may be configured to parse and extract information from electronic token(s) 218 generated by token generator 2044 within payor terminal 204, while token generator 2086 within POS terminal 208 may be configured to generate electronic token(s) 216 from which information can be parsed and extracted by token reader 2046 within payor terminal 204. Generation of electronic tokens 216 and 218 and extraction of information from said electronic tokens 216 and 218 are described in more detail in connection with Figures 3 to 8.

As in the ease of Figure 1, POS terminal 208 may be in network communication with acquirer institution 212 and issuer institution 214 through communication network / payment network 210. Figure 3 illustrates a method for dynamic electronic token based payment transactions in accordance with the teachings of the present invention. The method of Figure 3 is implemented within the system environment 200 of Figure 2 and involves steps implemented at both of POS terminal 208 and payor terminal 206.

The method commences at step 302 in response to receiving instructions or a request for initiating a payment transaction involving POS terminal 208 and payor terminal 204. The instructions or request for initiating a payment transaction may include transaction information (for example the transaction amount) and may be received at POS terminal 208 through a user interface within POS terminal 208 or alternatively may be transmitted to POS terminal 208 from payor terminal 204. At step 302, POS terminal 208 retrieves payee information from a payee digital identity database. Payee digital identity database may comprise a memory or database located within or outside of POS terminal 208 and is configured to store data defining the payee’s identity, and including one or more data items that are uniquely associated with the payee who controls or accepts payments through POS terminal 208. In an embodiment, payee identity information retrieved from the payee digital identity database may include a unique payee identifier, payee payment account information and payee transaction history information. In an embodiment, payee transaction history information may comprise information defining one or more past transactions carried out by the payee. In an embodiment, payee transaction history information may include payor information, payee information, payment amount(s), payment instrument(s) and payment timestamp information associated with one or more past transactions involving the payee. It will be understood that payee transaction history information serves as a unique identifier of each payee, since the probabilities of two payees having an identical transaction history are exceedingly low and tending towards insignificant.

Step 304 comprises generating at token generator 2086 within POS terminal 208, a first electronic token 216 comprising a machine readable object that includes encoded payee information and transaction information. The payee information encoded within the first electronic token 216 may include one or more of a payee identifier, payee payment account information and payee digital identity information. In a specific embodiment, the payee information encoded within the first electronic token 216 includes payee transaction history information. The transaction information encoded within the first electronic token 216 includes information corresponding to the transaction under execution, and may include one or more of the transaction amount and goods or services associated with the transaction.

In a specific embodiment of the invention, the information encoded within the first electronic token 216 includes one or more of:

• Payee payment account number

• Information representing a transaction history of the payee or of the payee’s payment account

• A time stamp associated with the current payment transaction

• A time stamp associated with the last payment transaction involving the payee or the payee’s payment account and / or elapsed time since the last payment transaction involving the payee or the payee’s payment account

• A credit or debit limit associated with the payee’s payment account

• An account balance associated with the payee’s payment account

• Payee’s name

• Payee’s registered address

• Unique identifier or government issued identifier associated with the payee

• Identifier information associated with the goods / services involved in the payment transaction

• Transaction amount or transaction cost

• Payee contact information Step 306 comprises receiving the generated first electronic token 216 at payor terminal 204. The generated first electronic token 216 may be transmitted to or received at payor terminal 204 in a variety of ways. In one, the first electronic token 216 is displayed on a display associated with POS terminal 208 and is imaged by an imaging sensor coupled with payor terminal 204. In another embodiment, first electronic token 216 may be electronically transmitted by a transceiver within POS terminal 208 to a transceiver within payor terminal 204. The information encoded within the received first electronic token 216 may be extracted or decrypted by token reader 2046 within payor terminal 204. Thereafter, step 308 comprises implementing at payor terminal 204, the step of retrieving payor information from a payor digital identity database. The payor digital identity database may comprise a memory or database located within or outside of payor terminal 204 and is configured to store data defining the payor’s identity, including one or more data items that are uniquely associated with the payor 202. In an embodiment, payor identity information retrieved from payor digital identity database may include a unique payor identifier, payor payment account information and payor transaction history information. The payor transaction history information may comprise information defining one or more past transactions carried out by the payor. In an embodiment, payor transaction history information may include payor information, payee information, payment amount(s), payment instrument(s) and payment timestamp information associated with one or more past transactions carried out by the payor. It will be understood that the payor transaction history information serves as a unique identifier of each payor, since the likelihood of two payors having an identical transaction history is extremely low and tending towards insignificant.

Step 310 comprises generating a second electronic token 218 at payor terminal 204. The second electronic token 218 may comprise a machine readable object that includes encoded payor information and at least one of payee information and transaction information that has been extracted from the first electronic token 216. In a specific embodiment, the second electronic token 218 comprises encoded payor information and also payee information that has been extracted from first electronic token 216. In a more specific embodiment, the second electronic token 218 comprises encoded payor information and payee transaction history information that has been extracted from the first electronic token 216. The payor information encoded within the second electronic token 218 may include one or more of a payor identifier, payor payment account information and payor digital identity information.

In a specific embodiment of the invention, the information encoded within the second electronic token 218 includes one or more of:

• Payor payment account number

• Information representing a transaction history of the payor or of the payor’s payment account • A time stamp associated with the current payment transaction

• A time stamp associated with the last payment transaction involving the payor or the payor’s payment account and / or elapsed time since the last payment transaction involving the payor or the payor’s payment account

• A credit or debit limit associated with the payor’s payment account

• An account balance associated with the payor’s payment account

• Payor’s name

• Payor’s registered address

• Unique identifier or government issued identifier associated with the payor

• Identifier information associated with the goods / services involved in the payment transaction

• Transaction amount or transaction cost

• Payor contact information

• One or more items of information extracted from first electronic token 216

Step 312 comprises receiving the generated second electronic token 218 at POS terminal 208. The generated second electronic token 218 may be transmitted to or received at POS terminal 208 in a variety of ways. In one, the second electronic token 218 is displayed on a display associated with payor terminal 204 and is imaged by an imaging sensor coupled with POS terminal 208. In another embodiment, the second electronic token 218 may be electronically transmitted by a transceiver within payor terminal 204 to a transceiver within POS terminal 208. The information encoded within the received second electronic token 218 may be extracted or decrypted by token reader 2084 within POS terminal 208.

At step 314, POS terminal 208 authenticates the requested payment transaction based on information extracted from the second electronic token 218 that has been received at POS terminal 208. Authentication of the requested payment transaction may involve extraction of information encoded within the second electronic token 218, and assessing the extracted information against one or more authentication rules. In an embodiment, the authentication at step 314 may include ascertaining whether the second electronic token 218 includes one or more data items within first electronic token 216. In a specific embodiment, the authentication at step 314 may include ascertaining whether the second electronic token 218 includes at least one of payee information and payee transaction history information encoded within the first electronic token 218. In an embodiment, the POS terminal 208 may successfully authenticate the requested payment transaction responsive to a determination that the second electronic token 218 includes one or more specific data items that have been encoded by POS terminal 208 within the first electronic token 216.

Since the second electronic token 218 generated by payor terminal 204 is encoded to include information received from POS terminal 208 within first electronic token 216, said second electronic token 218 is dynamically generated for each new transaction involving payor terminal 204. Additionally, by including payor transaction history information (which, as discussed subsequently in connection with Figure 7, may also change with each payment transaction that is implemented using payor terminal 204) within the second electronic token 218, the method of Figure 3 ensures that each second electronic token 218 is unique - making it impossible to reuse an electronic token for more than one transaction or for a transaction that it was not specifically generated for.

Additionally, since POS terminal 208 can verify the authenticity of the second electronic token 218 by ascertaining whether said second electronic token 218 includes information extracted from the first electronic token 216 (which first electronic token 216 has been generated at POS terminal 208 itself), POS terminal 208 can carry out the authentication of step 314 even without network access.

Assuming a POS terminal 208 does not have network access during implementation of the purchase transaction, the POS terminal 208 simply requires to authenticate the second electronic token 218 in accordance with the method of Figure 3, and if authentication is successful, the merchant may release the concerned goods or services to the payor. The transaction payment request may subsequently be forwarded by POS terminal 208 to the acquirer institution 212 (and onward to the issuer institution 214) through network 210 after network access is restored and the payment transaction may be completed at that stage. Figure 4 illustrates a communication flow between system entities for implementing the Figure 3 method for dynamic electronic token based payment transactions.

Step 4022 of Figure 4 involves receiving transaction information at POS terminal 402 - for example through a user interface within POS terminal 402 or through a data transmission from payor terminal 404 to POS terminal 402.

Step 4024 involves retrieving payee identity information from a payee digital identity database - which payee identity information may include one or more of a unique payee identifier, payee payment account information and payee transaction history information - and which payee transaction history information may comprise information defining one or more past transactions carried out by the payee.

POS terminal 402 thereafter generates a first electronic token (e.g. first electronic token 216) - which may comprise a machine readable object that includes encoded payee information and transaction information. The payee information encoded within the first electronic token may include one or more of a payee identifier, payee payment account information and payee digital identity information. The payee information encoded within the first electronic token may include payee transaction history information.

At step 4026, the first electronic token generated at POS terminal 402 is received at payor terminal 404. The generated first electronic token may be transmitted to or received at payor terminal 404 in a variety of ways. In one, the first electronic token is displayed on a display associated with POS terminal 402 and is imaged by an imaging sensor coupled with payor terminal 404. In another embodiment, the first electronic token may be electronically transmitted by a transceiver within POS terminal 402 to a transceiver within payor terminal 404.

Payor terminal 404 extracts information encoded within the received first electronic token.

At step 4028, payor terminal 404 retrieves payor information from a payor digital identity database - which payor information may include data defining the payor’s identity, including one or more of a unique payor identifier, payor payment account information and payor transaction history information comprising information defining one or more past transactions carried out by the payor. Payor terminal 404 thereafter generates a second electronic token (for example second electronic token 218) - which includes encoded payor information (and in a particular embodiment, payor transaction history information) and at least one of payee information and transaction information that has been extracted from the first electronic token (and in a particular embodiment payee transaction history information extracted from the first electronic token).

At step 4030, the second electronic token generated at payor terminal 404 is received at POS terminal 402. The generated second electronic token may be transmitted to or received at POS terminal 402 in a variety of ways. In one, the second electronic token is displayed on a display associated with payor terminal 404 and is imaged by an imaging sensor coupled with POS terminal 402. In another

embodiment, the second electronic token may be electronically transmitted by a transceiver within payor terminal 404 to a transceiver within POS terminal 402.

POS terminal 402 thereafter extracts information from the second electronic token, and authenticates the requested payment transaction based on information extracted from the second electronic token (for example in accordance with step 314 of Figure 3). Subject to authentication of the requested payment transaction, POS terminal 402 transmits information corresponding to the requested payment transaction to a payment network and onward to the relevant acquirer institution and issuer institution for implementing the requested payment transaction.

Figure 5 illustrates an exemplary first electronic token 216 of the type illustrated and discussed in connection with Figures 2 to 4. In the illustrated embodiment, first electronic token 216 may include one or more of (and in an embodiment, all of) transaction information 2162, payee account information 2164 and payee transaction history information. In a specific embodiment, first electronic token 216 is a first QR code.

Figure 6 illustrates an exemplary second electronic token 218 of the type illustrated and discussed in connection with Figures 2 to 4. In the illustrated embodiment, second electronic token 218 may include one or more of (and in an embodiment, all of) information extracted from first electronic token 216, payor account information 2184 and payor transaction history information 2186. In a specific embodiment, second electronic token 218 is a second QR code. Figure 7 illustrates method steps that are implemented at a payor terminal in a specific embodiment of the method of Figure 3 for the purposes of generating the second electronic token.

Step 702 comprises receiving the first electronic token generated by POS terminal 208 at payor terminal 204. At step 704, payor terminal 204 extracts transaction information and payee information from the first electronic token. In an embodiment, the extracted payee information may include payee transaction history information.

Step 706 comprises updating the payor transaction history record within a payor digital identity database with information extracted from the first electronic token. In a specific embodiment, the payor transaction history record is updated with the transaction information extracted from the first electronic token at step 704. By updating the payor transaction history record with transaction information each time a first electronic token is received at the payor terminal, the invention ensures that the payor transaction history record is dynamic and is updated with each new transaction.

At step 708, payor terminal 204 generates a second electronic token, the second electronic token comprising encoded payor account information and payor transaction history information extracted from the updated payor transaction history record (i.e. the payor transaction history record updated at step 706). By ensuring that the second electronic token includes the payor transaction history information as updated at step 706, the invention embodiment ensures that the second electronic token encodes transaction information corresponding to the payment transaction under implementation - which ensures that each second electronic token that is generated is transaction specific and cannot be used for authenticating any other payment transaction.

Figure 8 illustrates method steps that are implemented at a POS terminal in specific embodiments of the method of Figure 3 for the purposes of authenticating the payment transaction under execution.

Step 802 comprises receiving the second electronic token generated by payor terminal 204, at POS terminal 208. At step 804, POS terminal 208 extracts payor account information and payor transaction history information from the received second electronic token. Step 806 comprises parsing the extracted payor transaction history information to determine whether said payor transaction history information includes transaction information or payee transaction history information that was encoded by POS terminal 208 within the first electronic token corresponding to the transaction under execution.

Step 808 comprises authenticating the transaction in response to determining that the extracted payor history information includes transaction information or payee transaction history information encoded within the first electronic token.

Responsive to authentication of the transaction at step 808, step 810 comprises processing the payment transaction under execution based on information received within the second electronic token. In an embodiment, said processing of the payment transaction is based on at least the payor payment account information encoded within the second electronic token. By authenticating the transaction responsive to determining that the payor history information included within the second electronic token includes at least the transaction information or the payee transaction history information that was encoded by the POS terminal 208 within the first electronic token, the method of Figure 8 ensures that a spoof electronic token or an electronic token that has been generated for another transaction cannot be used to fraudulently authenticate a transaction.

Figure 9 illustrates an exemplary system 900 for implementing the present invention.

System 900 includes computer system 902 which in turn comprises one or more processors 904 and at least one memory 906. Processor 904 is configured to execute program instructions - and may be a real processor or a virtual processor. It will be understood that computer system 902 does not suggest any limitation as to scope of use or functionality of described embodiments. The computer system 902 may include, but is not be limited to, one or more of a general-purpose computer, a programmed microprocessor, a micro-controller, an integrated circuit, and other devices or arrangements of devices that are capable of implementing the steps that constitute the method of the present invention. Exemplary embodiments of a computer system 902 in accordance with the present invention may include one or more servers, desktops, laptops, tablets, smart phones, mobile phones, mobile communication devices, tablets, phablets and personal digital assistants. In an embodiment of the present invention, the memory 906 may store software for implementing various embodiments of the present invention. The computer system 902 may have additional components. For example, the computer system 902 may include one or more communication channels 908, one or more input devices 910, one or more output devices 912, and storage 914. An interconnection mechanism (not shown) such as a bus, controller, or network, interconnects the components of the computer system 902. In various embodiments of the present invention, operating system software (not shown) provides an operating environment for various software(s) executing in the computer system 902 using a processor 904, and manages different functionalities of the components of the computer system 902.

The communication channel(s) 908 allow communication over a communication medium to various other computing entities. The communication medium provides information such as program instructions, or other data in a communication media. The communication media includes, but is not limited to, wired or wireless methodologies implemented with an electrical, optical, RF, infrared, acoustic, microwave, Bluetooth or other transmission media.

The input device(s) 910 may include, but is not limited to, a touch screen, a keyboard, mouse, pen, joystick, trackball, a voice device, a scanning device, or any another device that is capable of providing input to the computer system 902.

In an embodiment of the present invention, the input device(s) 910 may be a sound card or similar device that accepts audio input in analog or digital form. The output device(s) 912 may include, but not be limited to, a user interface on CRT, LCD, LED display, or any other display associated with any of servers, desktops, laptops, tablets, smart phones, mobile phones, mobile communication devices, tablets, phablets and personal digital assistants, printer, speaker, CD/DVD writer, or any other device that provides output from the computer system 902.

The storage 914 may include, but not be limited to, magnetic disks, magnetic tapes, CD-ROMs, CD-RWs, DVDs, any types of computer memory, magnetic stripes, smart cards, printed barcodes or any other transitory or non- transitory medium which can be used to store information and can be accessed by the computer system 902. In various embodiments of the present invention, the storage 914 may contain program instructions for implementing any of the described embodiments. In an embodiment of the present invention, the computer system 902 is part of a distributed network or a part of a set of available cloud resources.

The present invention may be implemented in numerous ways including as a system, a method, or a computer program product such as a computer readable storage medium or a computer network wherein programming instructions are communicated from a remote location.

The present invention may suitably be embodied as a computer program product for use with the computer system 902. The method described herein is typically implemented as a computer program product, comprising a set of program instructions that is executed by the computer system 902 or any other similar device. The set of program instructions may be a series of computer readable codes stored on a tangible medium, such as a computer readable storage medium (storage 914), for example, diskette, CD-ROM, ROM, flash drives or hard disk, or transmittable to the computer system 902, via a modem or other interface device, over either a tangible medium, including but not limited to optical or analogue communications channel(s) 908. The implementation of the invention as a computer program product may be in an intangible form using wireless techniques, including but not limited to microwave, infrared, Bluetooth or other transmission techniques. These instructions can be preloaded into a system or recorded on a storage medium such as a CD-ROM, or made available for downloading over a network such as the Internet or a mobile telephone network. The series of computer readable instructions may embody all or part of the functionality previously described herein.

Based on the above, it would be apparent that the present invention offers significant advantages - including enabling electronic token based payment transactions that are secure, and that reduce the risk of fraud and token theft, while simultaneously enabling completion of transactions even in the absence of network access.

While the exemplary embodiments of the present invention are described and illustrated herein, it will be appreciated that they are merely illustrative. It will be understood by those skilled in the art that various modifications in form and detail may be made therein without departing from or offending the spirit and scope of the invention as defined by the appended claims. Additionally, the invention illustratively disclose herein suitably may be practiced in the absence of any element which is not specifically disclosed herein - and in a particular embodiment that is specifically contemplated, the invention is intended to be practiced in the absence of any one or more element which are not specifically disclosed herein.

Claims

CLAIMS:

1. A method for implementing an electronic token based payment transaction, comprising the steps of:

responsive to a request for implementing a payment transaction, encoding at a POS terminal, a first electronic token comprising information corresponding to the payment transaction under implementation, and payee information;

receiving from a payor terminal, a second electronic token generated upon extraction of information from the first electronic token at the payor terminal, wherein the second electronic token comprises payor payment account information, and payor transaction history information;

extracting from the second electronic token, the payor payment account information and payor transaction history information;

comparing information extracted from the second electronic token with information encoded within the first electronic token; and

authenticating the payment transaction under implementation and proceeding to implement a transfer of payment from a payor to a payee, in response to determining that the information extracted from the second electronic token includes information encoded within the first electronic token.

2. The method as claimed in claim 1, wherein the information corresponding to the payment transaction under implementation that is encoded within the first electronic token includes at least one of the transaction amount and the payee’s payment account information.

3. The method as claimed in claim 2, wherein the first electronic token includes payee transaction history information.

4. The method as claimed in claim 1, wherein at least a sub-set of information within the first electronic token is extracted at the payor terminal and is included within an upated payor transaction history record.

5. The method as claimed in claim 4 wherein the sub-set of information within the first electronic token is included within the updated payor transaction history record prior to generation of the second electronic token.

6. The method as claimed in claim 5, wherein the second electronic token comprises information retrieved from the updated payor transaction history record.

7. The method as claimed in claim 1, wherein the payment transaction under implementation is authenticated in response to determining that the payor transaction history information extracted from the second electronic token includes the information corresponding to the payment transaction under implementation that has been encoded within the first electronic token.

8. The method as claimed in claim 1, wherein at least one of the first electronic token and the second electronic token is a machine readable object comprising any of a code, cipher, machine readable data representation, 1- dimensional bar code, 2-dimensional bar code, linear bar code or QR code.

9. A system for implementing an electronic token based payment transaction, comprising:

a point-of-sale (POS) terminal comprising at least one processor configured to:

respond to a request for implementing a payment transaction, by encoding at the POS terminal, a first electronic token comprising information corresponding to the payment transaction under implementation, and payee information;

receive from a payor terminal, a second electronic token generated upon extraction of information from the first electronic token at the payor terminal, wherein the second electronic token comprises payor payment account information, and payor transaction history information;

extract from the second electronic token, the payor payment account information and payor transaction history information; compare information extracted from the second electronic token with information encoded within the first electronic token; and

authenticate the payment transaction under implementation and proceed to implement a transfer of payment from a payor to a payee, in response to determining that the information extracted from the second electronic token includes information encoded within the first electronic token.

10. The system as claimed in claim 9, wherein the POS terminal is configured such that information corresponding to the payment transaction under implementation that is encoded within the first electronic token includes at least one of the transaction amount and the payee’s payment account information.

11. The system as claimed in claim 10, wherein the POS terminal is configured such that the first electronic token includes payee transaction history information.

12. The system as claimed in claim 9, wherein at least a sub-set of information within the first electronic token is extracted at the payor terminal and is included within an upated payor transaction history record.

13. The system as claimed in claim 12 wherein the sub-set of information within the first electronic token is included within the updated payor transaction history record prior to generation of the second electronic token.

14. The system as claimed in claim 13, wherein the second electronic token comprises information retrieved from the updated payor transaction history record.

15. The system as claimed in claim 9, wherein the POS terminal is configured such that the payment transaction under implementation is authenticated in response to determining that the payor transaction history information extracted from the second electronic token includes the information corresponding to the payment transaction under implementation that has been encoded within the first electronic token.

16. The system as claimed in claim 9, wherein at least one of the first electronic token and the second electronic token is a machine readable object comprising any of a code, cipher, machine readable data representation, 1- dimensional bar code, 2-dimensional bar code, linear bar code or QR code.

17. A computer program product for implementing an electronic token based payment transaction, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code comprising instructions for:

responsive to a request for implementing a payment transaction, encoding at a POS terminal, a first electronic token comprising information corresponding to the payment transaction under implementation, and payee information;

receiving from a payor terminal, a second electronic token generated upon extraction of information from the first electronic token at the payor terminal, wherein the second electronic token comprises payor payment account information, and payor transaction history information;

extracting from the second electronic token, the payor payment account information and payor transaction history information;

comparing information extracted from the second electronic token with information encoded within the first electronic token; and

authenticating the payment transaction under implementation and proceeding to implement a transfer of payment from a payor to a payee, in response to determining that the information extracted from the second electronic token includes information encoded within the first electronic token.