| Patent application number | Description | Published |
|---|
| 20110066551 | Method and System for Providing Risk Information in Connection with Transaction Processing - A system for providing real-time risk mitigation for an authorization system. The system receives authorization requests from multiple merchants (or their respective acquirers) and processes such requests. Each processed request is then forwarded to its corresponding issuer for further authorization. Each processed request includes an authorization message. The authorization message can include a risk score, a number of reason codes, and a number of condition codes. The use of the risk score, reason codes and condition codes allows issuers to make better informed decisions with respect to providing authorizations. | 03-17-2011 |
| 20110106659 | Encryption Switch Processing - A method for delivering non-financial electronic data through a secure communications channel between a payment processing network and an access device is disclosed. One embodiment of the invention is directed to a method comprising receiving, at a payment processing network, a request to establish a secure communications channel between a consumer device and the payment processing network. Upon establishing a secure communications channel with the consumer device, the payment processor network receives non-financial electronic content from a merchant at the payment processing network where the non-financial electronic content is selected at the merchant by a user associated with the consumer device. The non-financial electronic content is sent to the consumer device from the payment processing network via the secure communications channel between the consumer device and the payment processing network. | 05-05-2011 |
| 20110112954 | Method and System for Providing Risk Information in Connection with Transaction Processing - A system for providing real-time risk mitigation for an authorization system. The system receives authorization requests from multiple merchants (or their respective acquirers) and processes such requests. Each processed request is then forwarded to its corresponding issuer for further authorization. Each processed request includes an authorization message. The authorization message can include a risk score, a number of reason codes, and a number of condition codes. The use of the risk score, reason codes and condition codes allows issuers to make better informed decisions with respect to providing authorizations. | 05-12-2011 |
| 20110187505 | Access Using a Mobile Device with an Accelerometer - Embodiments of the present invention are directed to systems, apparatuses and methods for using a mobile device with an accelerometer to gain access into a secured or restricted area. A first device and a second device interact by making physical contact with each other thereby generating interaction data that is representative of the physical interaction between the first and second device. The first and second device may be mobile phones. The second device may be a point of sale terminal, access point device, or any other stationary (i.e., in a fixed position) device positioned at a line, door, gate, or entrance. A server computer determines, based on interaction data, that the first device and the second device made physical contact. After determining that the first device and the second device made contact, communications may be initiated between the devices. Communications may relate an access transaction comprising an exchange of information, such as credentials, between a prospective entrant (operating the first device) and a gatekeeper (operating the second device) to verify that the prospective entrant is permitted or is not permitted access to a particular area that is secured or restricted by the gatekeeper. Other embodiments are direct to confirmation transactions. Access transaction and confirmation transactions may be combined with a financial transaction using a payment processing network. | 08-04-2011 |
| 20110187642 | Interaction Terminal - Embodiments of the present invention are directed to systems, apparatuses and methods for using a mobile device with an accelerometer to conduct a financial transaction by making contact with an interaction terminal, thereby generating interaction data that is representative of the physical contact between the mobile device and the interaction terminal. The mobile device may be a mobile phone. The interaction terminal may be a point of sale terminal, access point device, or any other stationary (i.e., in a fixed position) device positioned at a line, door, gate, or entrance. A mobile device with an accelerometer physically contacts the interaction terminal. The interaction terminal flexes, recoils, or moves and generates interaction data (e.g., accelerometer, location, time data, etc.) representative of the physical interaction between the mobile device and the interaction terminal. A server computer determines, based on interaction data, that the mobile device and the interaction terminal made physical contact. After determining that the mobile device and the interaction terminal made contact, communication may be initiated between the devices. Communications may relate to processing a payment transaction using a payment processing network. | 08-04-2011 |
| 20110189981 | Transaction Using A Mobile Device With An Accelerometer - Embodiments of the invention may use a first accelerometer to measure first acceleration data of a first device. Other interaction data, including time data and geographic location data, generated by the first device may also be recorded. First acceleration data is compared by a remote server computer to second acceleration data generated by a second accelerometer in a second device. If the first and second accelerometer data are substantially equal, it can be determined that the devices have interacted and communications can be initiated. After communications are initiated, a financial transaction is conducted. Accelerometer data may be stored and/or used as part of the authentication process in a payment processing network. Other embodiments of the invention use the accelerometer to generate movement security data to make financial transaction more secure. Accelerometer data is used for authentication, security, encryption, session keys, non-repudiation, or fraud protection. | 08-04-2011 |
| 20110191237 | Information Access Device and Data Transfer - Embodiments of the present invention are directed to systems, apparatuses and methods for using a first device with an accelerometer to transfer data by making contact with a second device with an accelerometer, thereby generating interaction data that is representative of the physical contact between the mobile device and the second device. The first device may be a mobile phone. The second device may be a mobile phone or a stationary kiosk or terminal. A first device with an accelerometer physically contacts the second device. Each of the first and second devices generate interaction data (e.g., accelerometer, location, time data, etc.) representative of the physical interaction between the first and second device. A server computer determines, based on interaction data, that the first device and the second device physically contact each other. After determining that the mobile device and the second device made contact, communications may be initiated between the devices. Communications may include customer-provided information (e.g., shopping lists) and merchant-provided information (e.g., items in stock or on sale from the consumer's shopping list). In some embodiments, at least two independent interactions between three devices transfer data from a first computing device to a second computing device, after each of the first and second computing devices independently interacts with a mobile device. | 08-04-2011 |
| Patent application number | Description | Published |
|---|
| 20100127065 | Authenticating a document with a magnetic stripe - Methods, systems, and apparatus for efficiently authenticating a document (e.g. a credit card) having a magnetic stripe are provided. The magnetic field at different points of the magnetic stripe are measured, e.g., by a checkout scanner to create a magnetic signature. Digital samples of the measurements may be transformed into coefficients of continuous basis functions, e.g., a Fourier transform. These coefficients are then compared to reference values (e.g. corresponding coefficients) to produce a measure of the authenticity of the document. The number of coefficients used can advantageously be smaller than the number of digital samples without compromising accuracy, thus using less bandwidth between a scanner and an authentication entity. | 05-27-2010 |
| 20100127071 | VERIFYING CARDHOLDER IDENTITY USING SIGNATURE OF THE CARD - Methods, systems, and apparatus for verifying the identity of a cardholder are provided. A digital representation of a magnetic characteristic of a magnetic stripe of the card is stored on a portable electronic device of the cardholder. During a transaction, the digital signature is then transmitted so that it can be compared with a reference signature. The identity may be verified, and a response sent to a party requesting the verification, e.g., during a transaction between the requesting party and the verified party. | 05-27-2010 |
| 20100127079 | UPDATING OF REFERENCE MAGNETIC SIGNATURE FOR AUTHENTICATING A DOCUMENT WITH A MAGNETIC STRIPE - Methods, systems, and apparatus for accurately authenticating a document (e.g. a credit card) having a magnetic stripe are provided. The magnetic field at different points of the magnetic stripe are measured, e.g., by a checkout scanner to create a magnetic signature. Digital samples of the measurements may be used to create a representation of the magnetic signature. The representation can then be compared to reference values to produce a measure of the authenticity of the document. The reference values are updated over time to reflect changes in the magnetic stripe of the authentic document, as may occur due to physical deterioration. For example, reference values may be optimized based on recent measurements of the authenticated document to provide a more accurate determination of authenticity for future measurements. | 05-27-2010 |
| Patent application number | Description | Published |
|---|
| 20090313134 | RECOVERY OF TRANSACTION INFORMATION - Online transaction processing over a communication network involves receiving a transaction input comprising an authorization request message for a transaction conducted over a communication network between a consumer and a merchant using a portable consumer device having a memory, wherein the authorization request message contains data comprising a transaction total amount for the transaction and additional information not stored in the memory of the portable consumer device and related to the transaction. Issuer authorization processing is performed in response to the authorization request message data, and a decision output is produced in response to the transaction input and the issuer authorization processing. Thus, a decision output is produced in an efficient manner using additional information for the issuer authorization processing, and the additional information reduces the likelihood of declining a transaction that should otherwise be authorized. | 12-17-2009 |
| 20090319638 | GATEWAY SERVICE PLATFORM - A gateway service platform is disclosed that provides access to a payment processing system via an open network such as the internet. The gateway service platform also provides access to service systems that provide a variety of services and applications offered by or affiliated with the payment processing system. The gateway service platform allows the payment processing system to reach users and to facilitate transactions on a wide variety of devices that may not otherwise be able to connect to payment processing system. Other devices, such as payment terminal devices, can also interact with a payment processing system through the gateway service platform using the same network and protocol. Embodiments of the invention allow devices on these open networks to connect with the payment processing system without having to change the existing infrastructure of the payment processing system. | 12-24-2009 |
| 20100114776 | ONLINE CHALLENGE-RESPONSE - Embodiments of the invention enable cardholders conducting an online transaction to be authenticated in real-time using a challenge-response application. The challenge-response application can be administered by an issuer or by a third party on-behalf-of an issuer. A challenge question can be presented to the cardholder, and the cardholder's response can be verified. The challenge question presented can be selected based on an analysis of the risk of the transaction and potentially other factors. A variety of dynamic challenge questions can be used without the need for the cardholder to enroll into the program. Additionally, there are many flexible implementation options of the challenge-response application that can be adjusted based on factors such as the location of the merchant or the location of the consumer. | 05-06-2010 |
| 20100299267 | DEVICE INCLUDING ENCRYPTED DATA FOR EXPIRATION DATE AND VERIFICATION VALUE CREATION - In order to make it more difficult to obtain numbers that can be used to conduct fraudulent transactions, a portion of a real account number is encrypted. The encrypted portion of the account number is used to generate a new account number, a new expiration date, and a new verification value. This information can be determined using processor that may reside in a point of sale terminal, a smart card, or a computer operated by a user. The new account number, the new expiration date, and the new verification value can be used in a payment transaction. A server computer in a central payment processing network may determine that the new account information is not the real account information, and may subsequently generate a modified authorization request message using the real account information and may send it to an issuer for approval. The transmission of data is more secure, since real account information is not sent from the merchant to the payment processing network. | 11-25-2010 |
| 20110119155 | VERIFICATION OF PORTABLE CONSUMER DEVICES FOR 3-D SECURE SERVICES - Apparatuses, methods, and systems pertaining to the verification of portable consumer devices for 3-D Secure Systems are disclosed. In one implementation, a verification token is coupled to a computer by a USB connection so as to use the computer's networking facilities. The verification token reads identification information from a user's portable consumer device (e.g., credit card) and sends the information to a validation entry over a communications network using the computer's networking facilities. The validation entity applies one or more validation tests to the information that it receives from the verification token. If a selected number of tests are passed, the validation entity sends a 3-D Secure datum to the verification token. The verification token may enter the 3-D Secure datum into a hidden field of a Purchase Authentication Page appearing on the computer's display. | 05-19-2011 |
| Patent application number | Description | Published |
|---|
| 20100246388 | REDUNDANT HOST CONNECTION IN A ROUTED NETWORK - One embodiment of the present invention provides a switch. The switch includes a management mechanism and a configuration mechanism. During operation, the management mechanism is configured to operate the switch in conjunction with the partner switch as a single logical switch. The configuration mechanism is configured to assign a virtual switch identifier to the logical switch. | 09-30-2010 |
| 20110280572 | CONVERGED NETWORK EXTENSION - One embodiment of the present invention provides a switch. The switch includes a first port configured to receive Transparent Interconnection of Lots of Links (TRILL) traffic; a second port configured to receive Fibre Channel (FC) traffic; and a third port configured to transmit received TRILL or FC traffic based on a Fibre Channel over IP (FCIP) protocol. | 11-17-2011 |
| 20110286357 | FABRIC FORMATION FOR VIRTUAL CLUSTER SWITCHING - One embodiment of the present invention provides a switch system. The switch includes a port to couple to a second switch and a control mechanism configured. During operation, the control mechanism receives from the second switch a set of configuration information. Based on the received configuration information, the control mechanism invites the second switch to join a virtual cluster switch. | 11-24-2011 |
| 20110292947 | DISTRIBUTED CONFIGURATION MANAGEMENT FOR VIRTUAL CLUSTER SWITCHING - One embodiment of the present invention provides a switch. The switch includes a port to couple to a second switch. The switch also includes a control mechanism configured to maintain a set of configuration information for a virtual cluster switch which includes a number of member switches. The set of configuration information includes global configuration information for the virtual cluster switch and switch-specific configuration information for one or more member switches. In addition, the set of configuration information is replicated and stored at each member switch. | 12-01-2011 |
| 20110299391 | TRAFFIC MANAGEMENT FOR VIRTUAL CLUSTER SWITCHING - One embodiment of the present invention provides a switch system. The switch includes one or more ports on the switch configured to transmit packets encapsulated based on a first protocol. The switch further includes a traffic management mechanism and a control mechanism. During operation, the control mechanism forms a logical switch based on a second protocol, receives an automatically assigned identifier for the logical switch without requiring manual configuration of the identifier, and joins a virtual cluster switch. | 12-08-2011 |
| 20110299402 | ADVANCED LINK TRACKING FOR VIRTUAL CLUSTER SWITCHING - One embodiment of the present invention provides a switch system. The switch includes a port that couples to a server hosting a number of virtual machines. The switch also includes a link tracking module. During operation, the link tracking module determines that reachability to at least one end host coupled to a virtual cluster switch of which the switch is a member is disrupted. The link tracking module then determines that at least one virtual machine coupled to the port is affected by the disrupted reachability, and communicates to the server hosting the affected virtual machine about the disrupted reachability. | 12-08-2011 |
| 20110299406 | PATH DETECTION IN TRILL NETWORKS - One embodiment of the present invention provides a system for detecting a path between two nodes. During operation, the system transmits a network-testing request frame, which includes a time-to-live (TTL) field within a Transparent Interconnection of Lots of Links (TRILL) header, from a source node to a destination node. In response to receiving a network-testing response frame sent from an intermediate node, the system increments the TTL value by 1 and re-transmits the network-testing frame to the destination node. In response to receiving a network-testing response frame sent from the destination node, the system determines a path between the source node and the destination node. The network-testing request or response frames is not processed on an Internet Protocol (IP) layer. | 12-08-2011 |
| 20110299409 | REACHABILITY DETECTION IN TRILL NETWORKS - One embodiment of the present invention provides a system for testing reachability between two nodes within a network. During operation, the system transmits a network-testing request frame from a source node to a destination node, and in response to receiving a network-testing response frame corresponding to the request frame, the system determines reachability of the destination node. The network-testing request or response frame is not processed on an Internet Protocol (IP) layer. | 12-08-2011 |
| 20110299413 | PORT PROFILE MANAGEMENT FOR VIRTUAL CLUSTER SWITCHING - One embodiment of the present invention provides a switch system. The switch includes a port profile which specifies a set of port configuration information. During operation, a control mechanism within the switch detects a source MAC address of an incoming frame and determines that the MAC address is associated with the port profile. The control mechanism then applies the port profile to a switch port on which the frame is received. | 12-08-2011 |
| 20110299414 | PRESERVING QUALITY OF SERVICE ACROSS TRILL NETWORKS - Systems and techniques for processing and/or forwarding packets are described. An ingress switch can use a QoS mapping mechanism to map a first set of Quality of Service (QoS) bits in a packet received from a customer to a second set of QoS bits for use in a Transparent Interconnection of Lots of Links (TRILL) packet which encapsulates the packet. The first set of QoS bits can be different from the second set of QoS bits. The TRILL packet can be processed and/or forwarded in the network based on the second set of QoS bits. At the egress switch, the TRILL packet can be decapsulated and the original packet with the original QoS bits (or QoS bits that are different from the original QoS bits) can be forwarded to the customer's network. In this manner, some embodiments of the present invention can preserve the QoS bits across a TRILL network. | 12-08-2011 |
| 20110299527 | SUPPORTING MULTIPLE MULTICAST TREES IN TRILL NETWORKS - Systems and techniques for supporting multiple multicast trees are described. Some embodiments provide a system that determines an internal multicast group identifier based on a source address, a multicast address, and a multicast tree identifier field associated with a multicast packet. The system can then forward the multicast packet based on the internal multicast group identifier. Specifically, the system can determine a first set of bits based on the source address and the multicast address of the multicast packet. The system can determine a second set of bits based on the multicast tree identifier field of the multicast packet. Next, the system can combine the first set of bits and the second set of bits to obtain the internal multicast group identifier. In some embodiments, the scope of an internal virtual network identifier does not extend beyond a switch or a forwarding module within a switch. | 12-08-2011 |
| 20110299528 | NETWORK LAYER MULTICASTING IN TRILL NETWORKS - Systems and techniques for performing network layer multicasting in a TRILL network are described. Some embodiments provide a system that receives multicast packet that includes a network-layer multicast-address. The multicast packet can be received on a first multicast tree associated with a first virtual network. Next, the system can determine, based on the network-layer multicast-address, a second multicast tree associated with a second virtual network over which the multicast packet is to be forwarded. The system can then forward the multicast packet on the first multicast tree associated with the first virtual network, and forward a copy of the multicast packet on the second multicast tree associated with the second virtual network. | 12-08-2011 |
| 20110299531 | FLOODING PACKETS ON A PER-VIRTUAL-NETWORK BASIS - Methods and techniques for flooding packets on a per-virtual-network basis are described. Some embodiments provide a method (e.g., a switch) which determines an internal virtual network identifier based on one or more fields in a packet's header. Next, the method performs a forwarding lookup operation based on the internal virtual network identifier. If the forwarding lookup operation succeeds, the method can process and forward the packet accordingly. However, if the forwarding lookup operation fails, the method can determine a set of egress ports based on the internal virtual network identifier. Next, for each egress port in the set of egress ports, the method can flood the packet if a virtual network identifier in the packet's header is associated with the egress port. Flooding packets on a per-virtual-network basis can substantially reduce the amount of resources required to flood the packet when a forwarding lookup operation fails. | 12-08-2011 |
| 20110299532 | REMOTE PORT MIRRORING - A switch that facilitates remote port mirroring is described. The switch can include an encapsulation mechanism and a forwarding mechanism. The encapsulation mechanism can be configured to encapsulate a copy of a first packet in a second packet, thereby preserving header information (e.g., a VLAN identifier and/or a TRILL header) of the first packet. The forwarding mechanism can be configured to forward the first packet using header information of the first packet, and forward the second packet using header information of the second packet. The second packet can be received at a destination switch which extracts the first packet from the second packet, and sends the first packet on a port which is coupled to a network analyzer. | 12-08-2011 |
| 20110299533 | INTERNAL VIRTUAL NETWORK IDENTIFIER AND INTERNAL POLICY IDENTIFIER - Systems and techniques for processing and forwarding packets are described. Some embodiments provide a system (e.g., a switch) which determines an internal virtual network identifier and/or an internal policy identifier for a packet based on a port on which the packet was received and/or one or more fields in the packet. The system can then process and forward the packet based on the internal virtual network identifier and/or internal policy identifier. In some embodiments, the system encapsulates the packet in a TRILL (Transparent Interconnection of Lots of Links) packet by adding a TRILL header to the packet. In some embodiments, the scope of an internal virtual network identifier and/or an internal policy identifier may not extend beyond a switch or a module within a switch. | 12-08-2011 |
| 20110299534 | VIRTUAL PORT GROUPING FOR VIRTUAL CLUSTER SWITCHING - One embodiment of the present invention provides a switch. The switch includes a port that couples to a server hosting a number of virtual machines. The switch also includes a set of virtual port grouping information and a virtual port grouping mechanism. During operation, the virtual port grouping mechanism determines whether a frame is traveling from a virtual port group to the same virtual port group. If the frame is not traveling to the same virtual port group, the virtual port grouping mechanism prevents the frame from being forwarded. | 12-08-2011 |
| 20110299535 | NAME SERVICES FOR VIRTUAL CLUSTER SWITCHING - One embodiment of the present invention provides a switch that facilitates name services in a virtual cluster switch. The switch includes a name service database indicating at least one media access control (MAC) address learned at a second switch. The switch also includes a control mechanism. During operation, the control mechanism distributes information on a locally learned MAC address to the second switch. In addition, the control mechanism receives information on a MAC address learned at the second switch. | 12-08-2011 |
