Patent Issued for Authorization systems based on protected data (USPTO 11501307): United Services Automobile Association

2022 DEC 06 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent by the inventors Fernandez, Gabriel Carlos (San Antonio, TX, US), Hartshorn, Joel S. (Olalla, WA, US), Jonak, Sumita T. (San Antonio, TX, US), Krishnaswamy, Pooja (Cedar Park, TX, US), Russell, Christopher (San Antonio, TX, US), Schwarz, Jr., Thomas Wayne (Helotes, TX, US), filed on October 22, 2020, was published online on November 15, 2022, according to news reporting originating from Alexandria, Virginia, by NewsRx correspondents.

Patent number 11501307 is assigned to United Services Automobile Association (San Antonio, Texas, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “Shopping at a physical retail store involves a familiar process. A consumer first obtains one or more items from the retail store, and then the consumer stands in a checkout line to purchase the one or more items. Often, the consumer pays for the one or more items using a physical credit card or a digital credit card stored on the consumer’s mobile device.

“The drawings have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be expanded or reduced to help improve the understanding of the embodiments of the present disclosure. Similarly, some components and/or operations may be separated into different blocks or combined into a single block for the purposes of discussion of some of the embodiments of the present disclosure. Moreover, while embodiments of the present disclosure are amenable to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and are described in detail below. The intention, however, is not to limit the disclosure to the particular embodiments described. On the contrary, the disclosure is intended to cover all modifications, equivalents, and alternatives falling within the scope of the disclosure as defined by the appended claims.”

In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “Point of sale (POS) devices present security issues at least because a person may be able to hack a POS device to obtain sensitive electronic card related information provided to the POS device. To overcome at least this technical problem, among others, the embodiments of the present disclosure generally relate to systems and methods to authorize a user’s transaction based on an electronic card providing protected data (e.g., a random or encrypted card number) to a POS device. The electronic card may generate the protected data that may be used by a personal information server to identify personal information (e.g., true card number, account number and/or owner of the electronic card). For example, the POS device sends the protected data and transaction information (e.g., amount of purchase) to an authorization server that sends the protected data to a personal information server. The owner’s personal information can be obtained or derived from the protected data by the personal information server and the personal information can be returned to the authorization server. The authorization server can determine whether a transaction is authorized or unauthorized based on the transaction information obtained from the POS device and the personal information obtained from the personal information server. In some implementations, the authorization server determines the identity of the owner without requesting information from the personal information server (i.e., the authorization server is also the personal information server).”

The claims supplied by the inventors are:

“1. An authorization system, comprising: an electronic card configured to: in response to power being received by the electronic card, generate protected data based on a first value and a pre-determined value that are both known to the electronic card, wherein the protected data is an encrypted value, wherein the first value excludes personal information that identifies an owner of the electronic card, and wherein the pre-determined value includes an encryption key; send the protected data to a point-of-sale (POS) device; the POS device configured to: receive the protected data from the electronic card; and send the protected data and a purchase price of a transaction to purchase one or more items to an authorization server; the authorization server configured to: receive the protected data and the purchase price of the transaction; send the protected data to a personal information server, wherein the personal information server is configured to: (1) determine, based on the protected data, personal information that identifies the owner of the electronic card, wherein the personal information server is configured to identify a decryption key using at least some values of the protected data to obtain the personal information, and (2) send the personal information to the authorization server; and determine, based on the personal information and the purchase price, that the transaction is either authorized or unauthorized, wherein a message is sent to the POS device indicating that the transaction is either authorized or unauthorized.

“2. The system of claim 1, wherein the transaction is determined to be authorized by the authorization server being configured to: determine that the personal information is previously stored on a database associated with the authorization server; and determine that the purchase price is less than or equal to a stored purchase price limit associated with the personal information.

“3. The system of claim 1, wherein the protected data is generated by the electronic card using the pre-determined value stored in a smart chip of the electronic card.

“4. The system of claim 3, wherein the electronic card is configured to select the pre-determined value in an order from a list of pre-determined values stored in the smart chip, and wherein the order of selection and the list of pre-determined values are known to the personal information server.

“5. The system of claim 4, wherein the electronic card is configured to select the pre-determined value for each transaction for which the electronic card is used.

“6. The system of claim 4, wherein the order to select the pre-determined value is an out-of-sequence order.

“7. The system of claim 1, wherein the personal information includes any one or more of a credit card number of the owner, a name of the owner, and an account number of the owner.

“8. The system of claim 1, wherein the personal information server and the authorization server are a same server.

“9. The system of claim 1, wherein the first value is a randomly generated value known to the electronic card and the personal information server.

“10. A method for performing authorization of a transaction performed by an authorization server, the method comprising: receiving protected data and a purchase price of a transaction to purchase one or more items, wherein the protected data is based on a first value and a pre-determined value both known to an electronic card, wherein the protected data is generated by the electronic card in response to power being received by the electronic card, wherein the protected data is an encrypted value, wherein the first value excludes personal information that identifies an owner of the electronic card, and wherein the pre-determined value includes an encryption key; sending the protected data to a personal information server to determine based on the protected data, personal information that identifies an owner of the electronic card, wherein a decryption key is identified using at least some values of the protected data to obtain the personal information; receiving the personal information from the personal information server; and determining, based on the personal information and the purchase price, that the transaction is either authorized or unauthorized, wherein a message is sent to a point of sale (POS) device indicating that the transaction is either authorized or unauthorized.

“11. The method of claim 10, wherein the transaction is determined to be authorized by: determining that the personal information is previously stored on a database associated with the authorization server; and determining that the purchase price is less than or equal to a stored purchase price limit associated with the personal information.

“12. The method of claim 10, wherein the protected data is generated by the electronic card using the pre-determined value stored in a smart chip of the electronic card.

“13. The method of claim 12, wherein the electronic card selects the pre-determined value in an order from a list of pre-determined values stored in the smart chip, and wherein the order of selection and the list of pre-determined values are known to the personal information server.

“14. The method of claim 13, wherein the electronic card selects the pre-determined value for each transaction for which the electronic card is used.

“15. The method of claim 13, wherein the order to select the pre-determined value is an out-of-sequence order.

“16. The method of claim 10, wherein the personal information includes any one or more of a credit card number of the owner, a name of the owner, and an account number of the owner.

“17. The method of claim 10, wherein the first value is a randomly generated value known to the electronic card and the personal information server.

“18. A non-transitory computer readable program storage medium having code stored thereon, the code, when executed by a processor, causing the processor to implement a method comprising: receiving, by an authorization server, protected data and a purchase price of a transaction to purchase one or more items, wherein the protected data is based on a first value and a pre-determined value both known to an electronic card, wherein the protected data is generated by the electronic card in response to power being received by the electronic card, wherein the protected data is an encrypted value, wherein the first value excludes personal information that identifies an owner of the electronic card, and wherein the pre-determined value includes an encryption key; sending the protected data to a personal information to determine, based on the protected data, personal information that identifies an owner of the electronic card, wherein a decryption key is identified using at least some values of the protected data to obtain the personal information; receiving the personal information from the personal information server; and determining, based on the personal information and the purchase price, that the transaction is either authorized or unauthorized, wherein a message is sent to a point of sale (POS) device indicating that the transaction is either authorized or unauthorized.

“19. The non-transitory computer readable program storage medium of claim 18, wherein the transaction is determined by: determining that the personal information is previously stored on a database associated with the authorization server; and determining that the purchase price is less than or equal to a stored purchase price limit associated with the personal information.

“20. The non-transitory computer readable program storage medium of claim 18, wherein the protected data is generated by the electronic card using the pre-determined value stored in a smart chip of the electronic card.

“21. The non-transitory computer readable program storage medium of claim 20, wherein the electronic card selects the pre-determined value in an order from a list of pre-determined values stored in the smart chip, and wherein the order of selection and the list of pre-determined values are known to the personal information server.

“22. The non-transitory computer readable program storage medium of claim 21, wherein the electronic card selects the pre-determined value for each transaction for which the electronic card is used.

“23. The system of non-transitory computer readable program storage medium 21, wherein the order to select the pre-determined value is an out-of-sequence order.”

URL and more information on this patent, see: Fernandez, Gabriel Carlos. Authorization systems based on protected data. U.S. Patent Number 11501307, filed October 22, 2020, and published online on November 15, 2022.

(Our reports deliver fact-based news of research and discoveries from around the world.)