Point of sale (POS) personal identification number (PIN) security
US-10134038-B2 · Nov 20, 2018 · US
Method, system, and computer program product for network bound proxy re-encryption and PIN translation
US11736295B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11736295-B2 |
| Application number | US-202017421608-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 9, 2020 |
| Priority date | Jan 9, 2019 |
| Publication date | Aug 22, 2023 |
| Grant date | Aug 22, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (ga), the second value (ga) based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (mi); generate, with the payment network, a public key (pki) based on the second value (ga), the merchant product (M), and the random merchant number (mi) and a random key (rki) based on the merchant product (M) and the random merchant number (mi) for each respective merchant bank; and communicate, with the payment network, the public key (pki) and the random key (rki) to at least one respective merchant bank.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for verifying a user identity based on encryption and re-encryption of a transaction message, comprising: generating, with a payment network, a first value (a) and a second value (g a ), the second value (g a ) generated based on the first value (a) and a generator value (g); generating, with the payment network, a plurality of random merchant numbers (m i ) for a respective plurality of merchant banks; determining, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (m i ) for the respective plurality of merchant banks, wherein the merchant product (M) comprises a result of multiplication of the plurality of random merchant numbers (m i ); generating, with the payment network, a public key (pk i ) based on the second value (g a ), the merchant product (M), and the random merchant number (m i ) and a random key (rk i ) based on the merchant product (M) and the random merchant number (m i ) for each respective merchant bank of the plurality of merchant banks; communicating, with the payment network, the public key (pk i ) and the random key (rk i ) to at least one respective merchant bank of the plurality of merchant banks; generating, with the at least one respective merchant bank of the plurality of merchant banks, a plurality of random payment gateway numbers (p i ) for a respective plurality of payment gateways; generating, with the at least one respective merchant bank of the plurality of merchant banks, a payment gateway public key based on the second value (g a ), the merchant product (M), and the random payment gateway number (p i ) and a payment gateway random key based on the random payment gateway number (p i ) for each respective payment gateway of the plurality of payment gateways; generating, with the at least one respective merchant bank of the plurality of merchant banks, a plurality of terminal numbers (t i ) for a respective plurality of point-of-sale (POS) terminals; generating, with the at least one respective merchant bank of the plurality of merchant banks, a terminal public key based on the second value (g a ), the merchant product (M), the random payment gateway number (p i ), and the terminal number (t i ) and a terminal random key based on the random payment gateway number (p i ) and the terminal number (t i ) for each respective POS terminal of the plurality of POS terminals; generating, with at least one POS terminal, a random number (r) for a transaction message (m) associated with a transaction, wherein the transaction message (m) contains sensitive data, and wherein the sensitive data comprises an identification number associated with a user; generating, with the at least one POS terminal, a first ciphertext associated with the transaction, the first ciphertext comprising: i) a first ciphertext value associated with the transaction message (m), the first ciphertext value encrypted based on the random number (r), a generator value (g), and the transaction message (m); and ii) a second ciphertext value associated with the random number (r), the second ciphertext value encrypted based on the random number (r), and the terminal public key; communicating, with the at least one POS terminal, the first ciphertext to at least one payment gateway; re-encrypting, with the at least one payment gateway, the second ciphertext value based on the terminal random key to transform the second ciphertext value to a re-encrypted second ciphertext value based on the second value (g a ), the merchant product (M), and the random number (r); communicating, with the at least one payment gateway, the re-encrypted second ciphertext value and the first ciphertext value to the at least one respective merchant bank of the plurality of merchant banks; re-encrypting, with the at least one respective merchant bank of the plurality of merchant banks, the re-encrypted second ciphertext value to transform the re-encrypted second ciphertext value to a second re-encrypted second ciphertext value; communicating, with the at least one merchant bank, the second re-encrypted second ciphertext value and the first ciphertext value to the payment network; decrypting, with the payment network, the first ciphertext value to form the transaction message (m) based on the second re-encrypted second ciphertext value, the merchant product (M), the random merchant number (m i ), and the first ciphertext value; communicating, with the payment network, the transaction message (m) associated with the transaction to a consumer bank; verifying, with the consumer bank, the identification number associated with the user; and in response to verifying the identification number, authorizing, with the consumer bank, the transaction. 2. The computer-implemented method of claim 1 , further comprising: communicating, with the at least one respective merchant bank of the plurality of merchant banks, the terminal public key and the terminal random key to at least one payment gateway; and communicating, with the at least one payment gateway, the terminal public key to at least one POS terminal. 3. The computer-implemented method of claim 1 , wherein the identification number is one of a personal identification number (PIN), a card verification number, or a card number. 4. A system for verifying a user identity based on encryption and re-encryption of a transaction message, comprising: a payment network including one or more processors, wherein the payment network is programmed and/or configured to: generate a first value (a) and a second value (g a ), the second value (g a ) generated based on the first value (a) and a generator value (g); generate a plurality of random merchant numbers (m i ) for a respective plurality of merchant banks; determine a merchant product (M) based on a product of the plurality of random merchant numbers (m i ) for the respective plurality of merchant banks, wherein the merchant product (M) comprises a result of multiplication of the plurality of random merchant numbers (m i ); generate a public key (pk i ) based on the second value (g a ), the merchant product (M), and the random merchant number (m i ) and a random key (rk i ) based on the merchant product (M) and the random merchant number (m i ) for each respective merchant bank of the plurality of merchant banks; and communicate the public key (pk i ) and the random key (rk i ) to at least one respective merchant bank of the plurality of merchant banks; the at least one respective merchant bank of the plurality of merchant banks including one or more processors, wherein the at least one respective merchant bank of the plurality of merchant banks is programmed or configured to: generate a plurality of random payment gateway numbers (p i ) for a respective plurality of payment gateways; generate a payment gateway public key based on the second value (g a ), the merchant product (M), and the random payment gateway number (p i ) and a payment gateway random key based on the random payment gateway number (p i ) for each respective payment gateway of the plurality of payment gateways; generate a plurality of terminal numbers (t i ) for a respective plurality of point-of-sale (POS) terminals; and generate a terminal public key based on the second value (g a ), the merchant product (M), the random payment gateway number (p i ), and the terminal number (t i ) and a terminal random key based on the random payment gateway number (p i ) and the terminal number (t i ) for each respective POS terminal of the plurality of POS terminals; at least one POS terminal including one or more processors, wherein the at least one POS terminal is programmed or configured to: generate a random number (r) for a transaction message (m) associated with a transaction, wherei
Assignees
Inventors
Classifications
- H04L9/3226Primary
using a predetermined code, e.g. password, passphrase or PIN (network architectures or network communication protocols for supporting authentication of entities using passwords in a packet data network H04L63/083) · CPC title
involving a payment switch or gateway · CPC title
Remote banking, e.g. home banking · CPC title
Interconnection or interaction of plural electronic cash registers [ECR] or to host computer, e.g. network details, transfer of information from host to ECR or from ECR to ECR · CPC title
comprising security or operator identification provisions, e.g. password entry · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11736295B2 cover?
- A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (ga), the second value (ga) based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on …
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3226. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 22 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).