Point of sale (POS) personal identification number (PIN) security
US-10134038-B2 · Nov 20, 2018 · US
Method, system, and computer program product for network bound proxy re-encryption and PIN translation
US11757644B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11757644-B2 |
| Application number | US-202217732989-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 29, 2022 |
| Priority date | Jan 9, 2019 |
| Publication date | Sep 12, 2023 |
| Grant date | Sep 12, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (g a ), the second value (g a ) generated based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (m i ) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (m i ); generate, with the payment network, a public key (pk i ) based on the second value (g a ), the merchant product (M), and the random merchant number (m i ) and a random key (rk i ) based on the merchant product (M) and the random merchant number (m i ) for each respective merchant bank; and communicate, with the payment network, the public key (pk i ) and the random key (rk i ) to at least one respective merchant bank.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for encrypting an authentication code, comprising: receiving, at a payment gateway, a merchant bank public key corresponding to a merchant bank private key, the merchant bank public key and the merchant bank private key associated with a merchant bank system, wherein a plurality of merchant bank public keys includes the merchant bank public key; communicating, from the payment gateway to a point-of-sale system, the merchant bank public key; receiving, at the payment gateway from the point-of-sale system, a plurality of re-encryption keys, at least one re-encryption key of the plurality of re-encryption keys based on a private key associated with the point-of-sale system and the merchant bank public key, wherein each re-encryption key of the plurality of re-encryption keys corresponds with a public key of the plurality of merchant bank public keys; receiving, at the payment gateway from the point-of-sale system, encrypted transaction data for a transaction, the encrypted transaction data comprising: (i) an encrypted code comprising an authentication code encrypted with a session key, and (ii) an encrypted session key comprising the session key encrypted with a public key associated with the point-of-sale system and corresponding to the private key associated with the point-of-sale system; determining, by the payment gateway, a re-encryption key from the plurality of re-encryption keys based on the encrypted transaction data and the merchant bank public key, the re-encryption key corresponding to the merchant bank public key; re-encrypting, by the payment gateway, the encrypted session key with the re-encryption key; communicating, by the payment gateway, the re-encrypted encrypted session key to a merchant bank system, wherein the merchant bank decrypts the re-encrypted encrypted session key based on the merchant bank private key and communicates second encrypted transaction data comprising: (i) a second encrypted code comprising the authentication code encrypted with the session key, and (ii) a second encrypted session key comprising the session key encrypted with the merchant bank public key to a transaction processing system; receiving or generating, at the transaction processing system, an issuer public key corresponding to an issuer private key, the issuer public key and the issuer private key associated with an issuer system; generating, by the transaction processing system, at least one second re-encryption key based on the issuer private key and the merchant bank private key or a second merchant bank private key; re-encrypting, by the transaction processing system, the second encrypted session key with the at least one second re-encryption key; and communicating, by the transaction processing system, the re-encrypted second encrypted session key to the issuer system, wherein the issuer system decrypts the re-encrypted second encrypted session key based on the issuer private key and authorizes the transaction based on the authentication code. 2. The method of claim 1 , wherein the point-of-sale system comprises at least one of the following: a point-of-sale terminal, a server computer associated with a merchant or merchant bank system, a server computer associated with a point-of-sale service provider, or any combination thereof. 3. The method of claim 1 , wherein the at least one re-encryption key is generated by the point-of-sale system. 4. The method of claim 1 , wherein the private key associated with the point-of-sale system corresponds to the public key associated with the point-of-sale system, and wherein the private key and public key associated with the point-of-sale system are generated by the point-of-sale system. 5. The method of claim 1 , further comprising: generating, by the merchant bank system or the payment gateway, an authorization request message in response to verifying the authentication code, wherein communicating the second encrypted transaction data comprises communicating, by the merchant bank system or the payment gateway, the authorization request message to the transaction processing system. 6. A system for encrypting an authentication code, comprising: a payment gateway; and a transaction processing system; the payment gateway comprising at least one payment gateway processor in communication with at least one payment gateway memory and programmed to: receive a merchant bank public key corresponding to a merchant bank private key, the merchant bank public key and the merchant bank private key associated with a merchant bank system, wherein a plurality of merchant bank public keys includes the merchant bank public key; communicate, to a point-of-sale system, the merchant bank public key; receive, from the point-of-sale system, a plurality of re-encryption keys, at least one re-encryption key of the plurality of re-encryption keys based on a private key associated with the point-of-sale system and the merchant bank public key, wherein each re-encryption key of the plurality of re-encryption keys corresponds with a public key of the plurality of merchant bank public keys; receive, from the point-of-sale system, encrypted transaction data for a transaction, the encrypted transaction data comprising: (i) an encrypted code comprising an authentication code encrypted with a session key, and (ii) an encrypted session key comprising the session key encrypted with a public key associated with the point-of-sale system and corresponding to the private key associated with the point-of-sale system; determine a re-encryption key from the plurality of re-encryption keys based on the encrypted transaction data and the merchant bank public key, the re-encryption key corresponding to the merchant bank public key; re-encrypt the encrypted session key with the re-encryption key; and communicate the re-encrypted encrypted session key to a merchant bank system, wherein the merchant bank decrypts the re-encrypted encrypted session key based on the merchant bank private key and communicates second encrypted transaction data comprising: (i) a second encrypted code comprising the authentication code encrypted with the session key, and (ii) a second encrypted session key comprising the session key encrypted with the merchant bank public key to a transaction processing system; and the transaction processing system comprising at least one transaction processing system processor in communication with at least one transaction processing system memory and programmed to: receive or generate an issuer public key corresponding to an issuer private key, the issuer public key and the issuer private key associated with an issuer system; generate at least one second re-encryption key based on the issuer private key and the merchant bank private key or a second merchant bank private key; re-encrypt the second encrypted session key with the at least one second re-encryption key; and communicate the re-encrypted second encrypted session key to the issuer system, wherein the issuer system decrypts the re-encrypted second encrypted session key based on the issuer private key and authorizes the transaction based on the authentication code. 7. The system of claim 6 , wherein the point-of-sale system comprises at least one of the following: a point-of-sale terminal, a server computer associated with a merchant or merchant bank system, a server computer associated with a point-of-sale service provider, or any combination thereof. 8. The system of claim 6 , wherein the at least one re-encryption key is generated by the point-of-sale system. 9. The system of claim 6 , wherein the private key associated with the point-of-sale system corresponds to the public key associated with the point-of-sale
Assignees
Inventors
Classifications
- G06Q20/12Primary
specially adapted for electronic shopping systems · CPC title
- H04L9/3226Primary
using a predetermined code, e.g. password, passphrase or PIN (network architectures or network communication protocols for supporting authentication of entities using passwords in a packet data network H04L63/083) · CPC title
Financial cryptography, e.g. electronic payment or e-cash · CPC title
Use of certificates or encrypted proofs of transaction rights · CPC title
Electronic credentials · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11757644B2 cover?
- A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (g a ), the second value (g a ) generated based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (m i ) for a respective plurality of merchant banks; determine, with the payment network, a merchant produ…
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification G06Q20/12. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 12 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).