as) United States
`a2) Patent Application Publication co) Pub. No.: US 2011/0184867 Al
` Varadarajan (43) Pub. Date: Jul. 28, 2011
`
`
`
`US 20110184867A1
`
`(54) SYSTEM AND METHOD FOR GENERATING
`A DYNAMIC CARD VALUE
`
`(75)
`
`Inventor:
`
`RammohanVaradarajan,
`Cupertino, CA (US)
`
`(73) Assignee:
`
`Arcot Systems, Inc., Sunnydale,
`CA (US)
`
`(21) Appl. No.:
`
`13/013,038
`
`(22)
`
`.
`Filed:
`
`Jan.25, 2011
`
`Related U.S. Application Data
`.
`.
`(60) Provisional application No. 61/298,638, filed on Jan.
`27, 2010.
`
`Publication Classification
`
`(51)
`
`Int. Cl.
`(2006.01)
`G06Q 20/00
`(2006.01)
`G06Q 40/00
`(2006.01)
`G06K 5/00
`(52) US. CD. ceccecccccssessesscesee 705/44; 235/379; 235/382
`(57)
`ABSTRACT
`
`A methodand system is provided for generating a dynamic
`card value (DCV) from a mobile user device for use in a
`transaction between a user cardholder anda transaction pro-
`vider. The DCV maybe configuredforuse as a card verifica-
`tion value (CVV), also knownas a card security code (CSC),
`a primary account number (PAN), or a portion of a PAN. The
`DCV may be generated using a DCV generator which may
`include an algorithm and a DCV generation key. The DCV
`generation key may be camouflaged. Obtaining a DCV from
`the user device may require inputting a PIN, a device identi-
`fier, a challenge or transaction information. The DCV maybe
`used for any transaction requiring the input of a user identi-
`fication number and a verification value, including, credit
`card transactions, debit card transactions, online or tele-
`phonic transactions.
`
`400
`
`Application
`Selected on
`User Device
`
`435 ~
`
`DCV Generator
`generates and displays
`Dynamic Card Value
`
`|
`
`'
`
`3
`{DCV} on User Device bonne eee1
`
`410
`405
`ot
`Data
`|
`PIN
`inputted 1 _ + Element
`|
`to User
`|
`inputted to
`|
`| Device
`'User Device |
`POft.
`‘
`~
`.
`a
`3
`(Optional)
`Challenge
`| Transaction|
`DCVApplication
`| provided }
`|
`{nfo or
`generates veer pownne +
`Li i-__, ee 2 wong
`toUser
`|} Amount
`|
`|
`Vevicg
`igentner
`|
`|
`429-—/
`z
`
`
`}(Optional)
`User Retrieves Dynamic
`DcCVCounteris
`
`Card Value (DCV)from
`incrementedon
`
`User Device
`User Device
`
`4
`40
`
`|
`|
`
`!
`
`
`
`|
`
`445"
`
`
`DCV Counteris
`User Inputs Dynamic
`
`Card Value (DCV) into
`-------a * incremented on
`Transaction interface
`{Optional
`Server
`
`
`
`455 we Authenticating Server
`
`Regenerates DCV
`Independently and
`Evaluates
`Regenerated DCV
`and User inputted
`DCVfor Match and
`Expiration
`
`Authenticating
`Server Verifies the
`DCV and Processes
`Transaction Upon
`Match of
`Regenerated DCV
`and Unexpired User
`inputted DCV
`
`465
`
`A7O
`
`1
`
`SAMSUNG 1015
`
`SAMSUNG 1015
`
`1
`
`

`

`Patent Application Publication
`
`Jul. 28, 2011 Sheet 1 of 3
`
`US 2011/0184867 Al
`
`10
`
`x
`
`155
`
`NY 30
`
`issuing System
`Authenticating Server
`
`kI
`
`Transaction
`
`Server
`
`Transaction
`Hasting
`Sysiem
`
`FIG. 1
`
`400-
`
`
`
`
`f
`
`}
`
`105
`
`
`User [|
`Device
`
`Nf eea
`“
`,
`P aa “=
`‘ /
`Pee aOS
`‘
`
`.
`Transaction
`interface
`(Website,
`Phone, Fax,
`Order Farm}
`
`Wo
`
`
`
`
`
`
`
`
`206-
`
`;
`
`ye
`
`230
`
`240,
`
`Enrollment
`Request
`Website
`
`Request Sent
`to Provisioning F
`Server
`
`250
`
`Enrollment
`Request
`Approved
`
`220
`
`210
`
`Account
`Code
`{PAN}
`
`PIN
`Cf required}
`
`
`
`
`Activation
`Code
`Generated
`
`Activation
`Cade
`Provided
`to User
`
`User
`Retrieves
`Activation
`Cade
`
`260—
`
`570-7
`
`BO
`
`FIG. 2
`
`2
`
`

`

`Patent Application Publication
`
`Jul. 28,2011 Sheet 2 of 3
`
`US 2011/0184867 A1
`
`30
`
`300
`
`310°
`
`320
`
`330°
`
`User Device
`Accesses
`Application
`Download
`Website
`
`DCY
`Application
`Installed on
`User
`Device
`
`User Runs
`Apphcation
`“Activate
`New BC"
`
`User Inputs
`Activation Code,
`rver
`{and PIN, Se
`
`URL if required}
`
`
`|
`DCV Application generates
`|
`User Device Identifier. PIN is
`replaced with Device Identifier |
`or with a PIN/Device Identifier |
`combination
`
`DCY
`Application
`Contacts
`Provisioning
`Server
`
`340"
`
`Activation Code
`(and PIN if required)
`inputted to
`
`Provisioning Server
`
`Provisioning
`
`Iwd
`ont
`Server
`ceee OPER Camsouflages
`
`DCV Key DCV Key
`
`|
`
`345
`
`350--
`
`‘
`
`Server Creates
`DCV Generator
`USING
`
`DCV Key
`
`Server Sends
`OCV Generator
`to DCV
`
`Application
`
`
`DCV Generator
`stored on User
`Device File
`System
`
`370
`
`380
`
`390
`
`FIG. 3
`
`3
`
`

`

`Patent Application Publication
`
`Jul. 28, 2011 Sheet 3 of 3
`
`US 2011/0184867 Al
`
` i
`
`Application
`Selected on
`User Device
`t
`
`|
`i
`
`410
`405
`| Data
`|
`PIN
`inputted to + Element
`|
`to User
`|
`i
`inputted to |
`Device
`'User Device
`L__-- oO L_-~-~--~--~------!
`TTt 7—T Te3
`}
`{Optional}
`3
`
`DCV Application
`generates User
`provided |
`1
`'
`|
`infoor
`to User
`Device Identifier
`
`Amount |
`
`DCV Generator
`generates and displays
`Dynamic Card Value
`(DCV) on User Device
`
`User Retrieves Dynamic
`Card Value (DCV)}from
`User Device
`
`'
`
`|
`DCVCounteris
`incremented on
`User Device
`
`445 -—-
`
`435
`
`
`
`
`
`
`User Inputs Dynamic
`Card Value (DCV} inta
`Transaction interface
`
`DCV Counteris
`-Fr----7-ce * incrementedon
`Server
`(Optional)
`455 wa
`
`!
`|
`
`
`
`Authenticating Server
`Regenerates DCV
`independently and
`Evaluates
`Regenerated DCV
`and User inputted
`DCV for Match and
`Expiration
`
`Authenticating
`Server Verifies the
`DCV and Processes
`Transaction Upan
`Match of
`Regenerated DCV
`and Unexpired User
`inputted DCY
`
`465 -—
`
`470-"
`
`FIG. 4
`
`4
`
`

`

`US 2011/0184867 Al
`
`Jul. 28, 2011
`
`SYSTEM AND METHOD FOR GENERATING
`A DYNAMIC CARD VALUE
`
`the card’s magstripe during a legitimate transaction. The
`attackerretrieves the “skimmed”card information which can
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`[0001] This application claims the benefit of U.S. Provi-
`sional Patent Application No. 61/298,638, filed on Jan. 27,
`2010, which is hereby incorporated by reference in its
`entirety.
`
`TECHNICAL FIELD
`
`[0002] The present application relates to a system and
`methodfor generating a dynamic card value on a user device,
`where the dynamic card value is configured for use in a
`transaction between a user cardholder anda transaction pro-
`vider.
`
`BACKGROUND
`
`then be used to create a counterfeit card. The attacker, by
`transferring the skimmed information to a magstripe on a
`counterfeit card, may clone the user’s card without the need to
`decrypt the skimmed information.
`[0006] The second card verification code, known as a
`CVV2 or CVC2, is typically a three-digit or four-digit value
`and is printed on the card or signature strip, but not encoded
`into the magnetic stripe. Supplying or requiring the CVV2
`code in a transaction is intended to verify that the customer
`has the card in their possession. For example, whenthetrans-
`action is a “card not present” transaction, where the card
`cannot be swiped to obtain the encoded CVV1, such as an
`on-line or telephonetransaction, the CVV2 code can be input-
`ted through a keypad or provided verbally to confirm the
`person conducting thetransaction is in possession ofthe card,
`or at least, has knowledgeofthe cardverification code. Alter-
`natively, the CVV2 code may be required fora “card present”
`transaction in addition to the CVV1 read from the card’s
`magstripe, as a supplemental verification that the card pre-
`sented is an authentic card and not a counterfeit card produced
`from skimmeddata.
`
`[0003] Card based transactions, such as credit and debit
`card transactions, have certain security vulnerabilities. In
`order to complete a card based transaction using, for example,
`a credit card, a user must provide a primary account number
`[0007]
`For MasterCard™, Visa™, Diners Club™and Dis-
`(PAN)andaverification value, which may bereferred to as a
`cover™credit and debit cards the second card verification
`Card Verification Value (CVV or CV2), Card Verification
`code is typically a three-digit code, called the “CVC2”(card
`Code (CVC) or Card Security Code (CSC). As described
`validation code), “CVV2” (card verification value), and
`herein, the terms CVV, CVC and CSC maybe usedinter-
`“CVV,” respectively. The CVV is not embossedlike the card
`changeably. A credit or debit card typically is provided with
`two card verification values. Thefirst card verification value
`account number, and is typically the final group of numbers
`printed on the back signature panel of the card. The CVV
`value may also appear in a separate panelto the right of the
`signature strip, to prevent overwriting the CVV value when
`signing the card. American Express™ cards have a four-digit
`code printed on the front side of the card above the number,
`referred to as the CID (Card Identification Number or Unique
`Card Code). The CID is printed flat, not embossed like the
`card account number.
`
`(CVV) is encoded into the magnetic stripe on the card. The
`second CVV is printed on the front or back of the card,
`typically in humanreadable characters.
`[0004] The first card verification value (CVV), which is
`typically encoded into the magnetic stripe (“magstripe”) of
`the card, is generally used to conduct “card present” transac-
`tions, e.g., when the user presents the card in person and the
`magstripe on the card is swiped or read by a card reader to
`obtain the card data, including the CVV, to complete a trans-
`action. The CVV encoded on the magnetic stripe of the card
`is typically referred to as CVC1 or CVV1, and is a unique
`cryptogram which is generated based on card data and an
`encryption key. Ina “card present” transaction, the user’s card
`is swiped, or read, by a magnetic stripe reader, which may be
`a POSterminal, as an example. Information from the mag-
`stripe, including the account number, expiration date and
`CVV1, is sent over a networkto an authenticating system, for
`example, the financial institution or merchant that issued the
`card, where the CVV is verified as a step in authorizing the
`transaction.
`
`[0005] The security of the CVV encoded on the magstripe
`can be compromised in a number of ways. The card may be
`obtained from the user and the magstripe,
`including the
`encoded CVV1 can be easily read by a card reader and the
`data used to create a duplicate “cloned”or counterfeited card.
`For example, user cardholders freely hand overtheir cards in
`stores and restaurants, or use them in automatedpoint-of-sale
`systems such as gas pumps. For example, an attacker may
`mount a very small “skimmer” to a card reader used by a
`legitimate merchantor retailer or to a card reader on a gas
`pump, unbeknownst to the merchant, retailer or gas pump
`operator. The small “skimmer” acts as a secondary card
`reader to read and record the data which may include the
`primary account number (PAN)or bankcard number, and the
`card validation code (CVV)or card security code (CSC) from
`
`[0008] Credit and debit cards have a common numbering
`scheme for the card number, which is the primary account
`number (PAN). The PANincludesa single-digit Major Indus-
`try Identifier (MIJ), a six-digit Issuer Identification Number
`(IN), an account number, and a single digit check sum cal-
`culated using an algorithm whichis typically the Luhn algo-
`rithm. The MH is considered to be part ofthe IIN. The PANis
`typically embossed on the front surface of the credit/debit
`card.
`
`[0009] Cardholder users are subject to attacks from many
`venues, such as “phishing” attacks, where the cardholderis
`tricked into entering the PAN and/or CVV2 with other card
`details into a fraudulent website. The growth in phishing has
`reducedthe real-world effectiveness of the CVV2 as an anti-
`
`fraud device. A typical credit or debit card is good for several
`years, during which time the embossed PAN, magstripe data
`and printed CVV do not change. Thestatic nature of the
`magstripe data on a credit or debit card and the useof a static
`PAN and CVV mayaggravate the problem of fraud preven-
`tion. If an attacker obtains the static card data, including the
`PAN and/or CVV, the attacker can readily use the card to
`complete transactions without detection until the legitimate
`cardholder reviewsa billing statement, exceedsa credit limit
`or commits an overdraft, or the attacker’s illegitimate trans-
`actionstrigger a fraud detection pattern resulting in notifica-
`tion to the cardholder of suspect activity, account suspension
`or other reaction by the card issuing entity.
`
`5
`
`

`

`US 2011/0184867 Al
`
`Jul. 28, 2011
`
`[0010] When used for an onlineor other “card not present”
`transaction, the PAN and/or CVV2are provided as human
`readable characters, and are either keyed in, entered into a
`printed or faxed order form, or provided verbally. The PAN
`and/or CVV, when provided by any of these means, cannot
`typically be protected cryptographically, e.g., encoded. For
`printed, mailed or faxed orders, the cardholder’s account
`information, including the PAN and/or CVV, is only as secure
`as the merchant’s documentsecurity system. For telephone
`transactions, the account information, including the PAN
`and/or CVV, may be compromised by the customerservice
`representative recording the information. For on-line trans-
`actions, even if a merchant website or on-line shoppingcart
`is fully secure, the cardholder user’s computing device (PC,
`laptop, notebook, PDA, etc.) may not be fully secure. The
`user’s computing device may contain malicious “Trojan”
`type viruses and screen wipers that record account details
`including the PAN and/or CVV duringthe online transaction,
`for retrieval and use in subsequent attacks on the user’s
`account.
`
`SUMMARY
`
`[0011] A system for generating a dynamic card value
`(DCV) configured to be usable in a transaction between a user
`and a transaction provider is provided. The system includes a
`transaction interface configuredto receive and transmit a card
`value, a user device configured to provide a dynamic card
`value (DCV), and a transaction server configured to verify the
`dynamic card value (DCV)as an authentic user card value.
`The transaction server and transaction interface are in oper-
`able communication with each other so as to authorize a
`transaction upon verification of the dynamic card value
`(DCV). The transaction may be configured as one of a credit
`card transaction, a debit card transaction and a payment card
`transaction. The transaction interface may be an onlineinter-
`face, a secure access terminal, a telephone, a fax machine, a
`printed order form, an online order form, an online shopping
`cart, an automatic teller machine (ATM)terminal, a point of
`sale (POS) terminal, a transponder, a receptor, a scanner, a
`receiver, or a combination thereof.
`[0012] The DCV maybe configured as one of aCVC, CVV,
`CSC, PAN, account number, partial PAN and a portion of an
`account number, as those termsare defined herein. The DCV
`generator may be configured to generate at least one DCV on
`the user device, and may further include an algorithm adapted
`to generate at least one DCV. The system mayinclude a DCV
`generation key, and mayfurther include a provisioning server
`adapted to configure the DCV generatorfor the user device.
`[0013] A method for generating a DCV configured to be
`usable in a transaction between a user anda transaction pro-
`vider is provided. The method includes generating the DCV
`from a user device, wherein the DCV is configured for input
`into a transaction interface. The user device may be config-
`ured as a telephone. The method further includes inputting the
`DCVinto the transaction interface, verifying the DCV using
`a transaction system, and using the verified DCV as the user
`DCVforthe transaction. The DCV maybe configured as one
`ofa CVC, CVV, CSC, PAN,account number, partial PAN and
`a portion of an account number. Further, the DCV may be
`configured as one of a character string of one or more alpha-
`numeric or special characters, a datum or an electronic signal
`transmittable from the user device, a datum or an electronic
`signal generated by the user device; and a human-readable
`output.
`
`[0014] The method may include inputting a PIN into the
`user device to generate the DCV. A device identifier may be
`generated which uniquely identifies the user device. The
`device identifier may be input into the user device as the PIN.
`The PIN may be configured for input into the user device as
`one of or a combination of a character string of one or more
`alpha-numeric or special characters, a datum or an electronic
`signal transmittable from the user device, a datum or an
`electronic signal generated by the user device, and a biomet-
`ric parameter including one of a voice print, retinal print and
`fingerprint.
`[0015] Obtaining the DCV from the user device may
`include providing a DCV generator to the user device, and
`generating the DCV using the DCV generator, wherein the
`DCVgenerator may include a DCVgenerating algorithm. A
`DCVgeneration key may be used to generate a DCV from the
`user device. The DCV generation key may be camouflaged
`using at least one of encryption, obfuscation and crypto-
`graphic camouflage. The DCV generation key may be con-
`figured as a symmetric key, a Data Encryption Standard
`(DES) key, an Advanced Encryption Standard (AES) key, a
`non-symmetric key, a secret, a secret byte array, a Card Veri-
`fication Key (CVK), Unique DEA Key A (UDKA), a Unique
`DEA Key B (UDKB),a seed or an indexed key list. Gener-
`ating the DCV from the user device may further include
`inputting a challenge into the user device.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a schematic illustration of an exemplary
`[0016]
`system for generating and using a dynamic card value (DCV);
`[0017]
`FIG. 2 is a schematic illustration of a process to
`provide an activation code;
`[0018]
`FIG. 3 is a schematic illustration of a process to
`provide a DCV generatorto a user device;
`[0019]
`FIG. 4 is a schematic illustration of a process to
`obtain, from a user device, a DCV for a transaction.
`
`DETAILED DESCRIPTION
`
`Provided herein is a system and methodto generate
`[0020]
`a dynamic card value (DCV) or combination of DCVsfor use
`in a credit/debit card transaction as a substitute, replacement
`or equivalent value for a static card value printed, embossed
`and/or recorded onthe credit/debit card. The generated DCV
`is a dynamic card value, e.g., it is valid or usable fora limited
`numberoftransactions or limited period of time. The DCV
`may be generated, for example, as a one-time PAN or one
`time DCV, limited to use with a single transaction. Alterna-
`tively, the DCV, as described herein, may be provided for use
`for a fixed numberoftransactions or may be activated for a
`predeterminedperiodof time.
`[0021] The DCVis configured and provided in the same
`form as the static DCV for which it is being substituted. For
`example, if the static CVV is a three digit number, then the
`dynamic CVV is generated as a three digit number. If the
`static PAN is a sixteen digit number, then the dynamic PAN is
`generated as a sixteen digit number. Alternatively, the DCV
`mayrepresent a portion of the static number. For example, a
`DCVassociated with a PAN mayrepresent a portion of the
`PAN,such as the account numberandsingle digit check sum,
`which are typically the remaining ten digits of the PAN fol-
`lowing the six-digit Issuer Identification Number (IN). In
`this case, the DCV would be configured as a ten digit number,
`and the cardholder would require possession or knowledge of
`
`6
`
`

`

`US 2011/0184867 Al
`
`Jul. 28, 2011
`
`the PAN,or at least the six digit IIN of the PAN,for use in
`conjunction with the ten digit DCV account number(partial
`PAN). By providing a DCV configured in the same form as
`the static value it is representing, the generated DCV can be
`used in any context where the static DCV would have been
`used; e.g., directly inputted into a keypad; inputted for an
`online purchase; spoken or keyed in during a telephone-based
`transaction;
`inputted into an order form which may be
`printed, scanned or completed on-line and transmitted manu-
`ally, by email, facsimile or mail to the transaction provider.
`[0022]
`Inanon-limiting example, a DCV is provided for a
`card based transaction, e.g., a credit card transaction. The
`generated DCV may be a dynamic PAN or a dynamic CVV.
`The system and method may provide more than one type of
`DCV, for example, both a dynamic PAN and a dynamic CVV
`maybe generated for use in the same transaction. The system
`and method provided herein to generate and provide a DCV
`can be used in any context where any representation of an
`account code, a user identification number, a verification
`value or a security code is required for access, approval or
`authentication, e.g., for online authentication of a credit or
`debit card or approvalof a card not present (CNP)transaction,
`authorization of an online sale of securities, release of medi-
`cal records, other payment or non-payment transaction or
`other secure access scenario where a verification value may
`be used to authenticate a requestor as the legitimate card-
`holder or account owner. For example, the card may be a
`medical insurance card with a magnetic stripe and the DCV
`may be a verification value required for on-line or over-the-
`phone CNPrelease ofmedical information, authorization ofa
`prescription or authentication of the patient subscriber to the
`insurance provider. For another example, the card may be an
`account card which requires DCV authorization for some or
`all transactions, e.g., to authorize on-line or over-the-phone
`CNPstock trades, funds transfer or access to confidential
`information.
`
`Ina non-limiting example, the card may be config-
`[0023]
`ured as a credit card which maybe used, for example, for CNP
`transactions including on-line, email, mail, facsimile, tele-
`phoneor other CNPtransaction interfaces, and further includ-
`ing transactions in a “brick and mortar”institution, such as a
`retailer, merchant, restaurant, ATM or point-of-sale (POS)
`terminal where the PAN and/or CVV is required to verify or
`authenticate the cardholder. The system and method may
`provide for a meansto expire or invalidate the generated DCV
`after a limited number of uses, which maybea single use, or
`after a limited period of time, for example, 24 hours after the
`generated DCV has been provided to the user. After expira-
`tion of a DCV, the user may obtain a newly generated DCV
`from the user device for use in subsequent transaction(s) or
`for the next time period until its expiration. This effectively
`prevents or limits many attacks on credit/debit card transac-
`tions, by limiting the numberof transactions and/or time an
`attacker may use a dynamic PAN or dynamic CVV. For
`example, an attacker may obtain a user cardholder’s PAN
`and/or CVV through a “phishing” scam or “Trojan”virus, by
`intercepting the information from a printed order form, over-
`hearing a telephonetransaction or through other means. How-
`ever, if the system has been configured with DCVs, e.g., to
`require a dynamic PAN and/or dynamic CVV, the numberof
`transactions and/or length of time the particular PAN and/or
`CVV (whichthe attacker obtained) is effective will be limited
`by the accountsettings. For example, if the PAN and/or CVV
`obtained by the attacker during a transaction were configured
`
`for one-time use, the PAN and/or CVV would have been
`expired after the transaction and the attack would be foiled.
`Even if the attacker were to prevent the first (legitimate)
`transaction and use the one time DCV himself, he is limited
`to, at most, one fraudulent transaction. If the dynamic PAN
`and/or CVV were configured for expiration after a limited
`numberof usesor after a limited time period, by this method,
`the attack would be significantly prevented or severely lim-
`ited.
`
`To implement the system described herein, two
`[0024]
`components are required. First, the user must have a mecha-
`nism for generating DCVs. Secondly, the provider system,
`e.g., the entity issuing the credit or debit card, which may be
`a bank or other financial institution, must have a mechanism
`for verifying the generated DCV providedby the user during
`a transaction. The system and method provided herein
`includes both of these capabilities, providing an end-to-end
`solution that is convenient and easy for users and simple to
`implementfor the card-issuing entity or provider system.
`[0025]
`Provided herein is a system and method for DCV
`generation using a DCV generator on a handheld mobile user
`device, such as a mobile phone, a “smart” phone, PDA or
`notebook. The DCV generator may use an industry-standard
`algorithm for DCV generation, or may use a customized
`algorithm or other suitable algorithm. The algorithm may be
`recorded on tangible, non-transitory memory. The algorithm
`may be encrypted or obfuscated using any suitable means, for
`example, by cryptographic camouflaging.
`[0026] The user downloads the DCV application to his
`mobile user device, which can be virtually any hand-held
`platform. This includes so-called “smart” phones such as the
`BlackBerry™ and iPhone™,as well as simpler phones from
`many manufacturers. The DCV generator may be used with
`any computing device, including a laptop, desktop, netbook
`or other computer. To use the DCV generator, the user runs
`the DCV application on his mobile user device, and, if
`required, enters a PIN or passcode which maybethestatic
`CVV from the user’s card or another PIN. The PIN may,
`alternatively, be generated by the user device without user
`input. The application may use internally-stored keys to gen-
`erate the DCV, and the application may provide the generated
`DCVto the user or to a transaction interface to complete a
`transaction.
`
`[0027] The generated DCV is inputted to a transaction
`interface and the transaction interface provides the DCV to
`the issuing entity’s authentication system by the user. Since
`the issuing entity knowsthis user is conducting transactions
`using generated DCVs, rather than the user’s static PAN
`and/or CVV, the issuing entity system knowsto validate the
`inputted PAN and/or CVV as a generated PAN and/or CVV
`rather than as the static PAN and/or CVV recorded on the
`user’s credit/debit card.
`
`[0028] The methods and system for generating DCVspro-
`vided herein are configured for implementation on almostall
`hand-held devices, including all popular modern phones. The
`user interface is simple and easy to use, and can be branded
`with provider-specific logos, for example, the logo of the
`entity (bank,retailer, etc.) issuing the credit or debit card. The
`keys used to generate the DCVs may be protected using
`cryptographic camouflage, which may also incorporate
`machine identification techniques such as the use of a
`machine effective speed calibration parameter, or MESC.
`This provides strong protection of the DCV-generation keys,
`suchthat even if an attacker steals the user’s mobile phone, he
`
`7
`
`

`

`US 2011/0184867 Al
`
`Jul. 28, 2011
`
`cannot crack the keys and generate his own DCVs. Theresult-
`ing solution is strong, portable, and easy to use, thus provid-
`ing benefits for both the card issuing entity, e.g., the bank or
`merchant, and the enduser.
`[0029] Additional advantages can be realized with the abil-
`ity to securely host the software client (DCV generating
`application) on a variety of mobile phones and user handheld
`devices (iPhone™, Blackberry™, etc.), including increased
`user convenience, for example, by not requiring a user to
`contact the bank to obtain a replacementcredit or debit card
`whenthe user believes his PAN and/or CVV may have been
`compromised. The ability to generate a DCV (PAN or CVV),
`without a PIN input to the user device may provide an addi-
`tional user convenience. Another layer of security can be
`provided where the DCV generatoris further protected using
`a device derived identification parameter or device generated
`PIN whichis uniqueto the user device or machine used to host
`the DCVgenerating application. As would be understood, the
`system and method described herein could also be provided
`and securely hosted, for example, in JavaScript™ within a
`browser used by a desktop computer, laptop, netbook, or
`other Internet accessible computing device,
`to generate
`DCVsfor online transactions.
`
`[0030] A system and method for generating a DCV, which
`may be a dynamic PAN, a dynamic partial PAN or a dynamic
`CVV, for use in a credit or debit card transaction between a
`user and a transaction provideris provided herein. Thetrans-
`action provideror provisioning system may be a card issuing
`entity such as a bank or other financial institution,a retailer,
`merchantor other paymentservices provider. The transaction
`venue may include “brick and mortar,’ telephone or fax
`based, or on-line venues. The transaction interface may be,
`for example, an online interface or a secure access terminal, a
`telephone, an online or printed order form which may be
`faxed, mailed or e-mailed, an automatic teller machine
`(ATM), or a point of sale (POS) terminal.
`[0031] The system and methodinclude obtaining a DCV
`from a user device, where the DCV is configured for input as
`a user DCV into the transaction interface. For example, a
`dynamic CVV maytypically be configured as a 3-digit or
`4-digit number and a dynamic PAN maytypically be config-
`ured as a 16-digit number. A dynamic partial PAN may be
`configured, for example, as a 10-digit numberrepresenting
`the account code and check digit. The DCV may be config-
`ured in any form or mannerrequiredfor input as a DCV bythe
`transaction interface, for example, as one of or acombination
`of a character string of one or more alpha-numeric or special
`characters, a datum or an electronic signal transmittable from
`the user device, a datum or an electronic signal generated by
`the user device, or as a user instruction. These examples are
`not intendedto be limiting in scope, andit is understood that
`the DCV may be configured as any form of DCV which may
`be generated by a user device and inputted into a transaction
`interface.
`
`[0032] The DCV maybeinputinto a transaction interface
`by a meansor method acceptable to the transaction provider.
`The DCV may be displayed to the user in human readable
`form, to be subsequently keyed in, written or provided ver-
`bally to the transaction interface. The DCV input interface
`may be a keypad on a user device or computing device or a
`pinpad on a terminal whereby the user may use the pad to
`input the DCV, or the DCV maybe inputted to a receiver for
`an electronic signal or datum by transmitting the DCV
`directly from the user device. The transaction interface could
`
`also include a scanning device where the DCV may be an
`instruction to the user to provide a biometric parameter, for
`example, a retinal print or fingerprint, or to speak a word
`provided as the DCVas a voiceprint, to the scanner interface.
`Further, the DCV maybe providedas a signal or datum using
`any of a numberof contactless communication technologies,
`including but not limited to Bluetooth, RFID, transponders,
`proximity card communication techniques, and other meth-
`ods knownto those skilled in the art of near field communi-
`
`cation technologies.
`[0033] The transaction provider system may be configured
`to communicate with the transaction authenticating system,
`which may be the card issuing system, to verify and/or
`authenticate the generated DCVas an authorized DCVfor the
`transaction. The verifying system may include the capability
`to independently generate user DCVs, so as to provide the
`capability to match the inputted DCV to a corresponding
`DCVorlist of verified DCVsfor that user, and by doing so,
`verify the generated DCV as an authorized or authenticated
`user DCV.
`
`[0034] The methodfor obtaining a DCV from a user device
`may include providing a DCV application to the user device
`which may include a DCV generator to generate the DCVs
`(e.g., to generate PANs and/or CVVs)using an algorithm and
`a DCV key. The DCV generating algorithm may bea stan-
`dardized DCV generating algorithm, such as HOTP, EMV/
`CAP, or other OATH-approvedstandard, or may be another or
`customized DCV generating algorithm.
`[0035] The DCV key, which mayalso be referred to as a
`DCVgeneration key, may bea symmetric key, a Data Encryp-
`tion Standard (DES) key, an Advanced Encryption Standard
`(AES)key, a non-symmetric key, a secret, a secret byte array,
`a Card Verification Key (CVK), Unique DEA Key A
`(UDKA), a Unique DEA Key B (UDKB)key, a seed or an
`indexed key list. The DCV key may be camouflagedprior to
`being provided to the user device, using any of a number of
`encryption, obfuscation and cryptographic camouflaging
`techniques. For example, the DCV generation key may be
`cryptographically camouflaged using a PIN, which may be
`the user’s fixed or static account CVV, a deviceidentification
`parameter generated from the user’s device, or some other
`data element. A combination oftwo or more of a PIN, a DCV,
`a device identifier and another data element mayalso be used
`in the camouflaging process.
`[0036] The user may obtain a DCV from the user device by
`opening or selecting the DCV application on the user device,
`and if required, selecting a “generate PAN,” “generate CVV”
`or a similar command from the device menu. The DCV may
`be generated and provided without any further user input,
`e.g., the user may not be required to input a PIN. Alterna-
`tively, a PIN input into the user device may be required to
`obtain a DCV. The PIN maybeinputpassively, for example,
`it may be provided by the DCVgene