System and method for transaction processing based on user authentication
The contactless card system addresses the inefficiencies and security issues of conventional checkout processes by securely transmitting and verifying user data to automatically retrieve transaction information, enhancing user experience and security.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- CAPITAL ONE SERVICES LLC
- Filing Date
- 2024-06-07
- Publication Date
- 2026-07-08
Smart Images

Figure 2026522551000001_ABST
Abstract
Description
Technical Field
[0001] Cross - reference to related applications This patent application claims the benefit of priority of U.S. Patent Application No. 18 / 207,941, filed on June 9, 2023, the content of which is incorporated herein by reference in its entirety.
[0002] This disclosure relates to systems and methods for transaction processing based on user authentication.
Background Art
[0003] Online consumer transactions often complete at the checkout process. In this checkout process, users often need to enter identification information, payment information, and delivery information. Additionally, account creation may be required before completing the transaction. This conventional process is time - consuming, cumbersome, and lacks security. Even with an auto - input function, entering information into multiple input fields is cumbersome for users. This not only takes time but can also cause inaccurate checkout information, such as incorrect address entry, to be input. Such errors frustrate users and make the checkout process unpleasant.
[0004] Furthermore, the checkout process often lacks security. In conventional checkout processes, only credit card information is often required as an authentication means. If a thief has obtained the user's card, this authentication step can easily be bypassed.
Summary of the Invention
Problems to be Solved by the Invention
[0005] Such drawbacks exist. Therefore, there is a need to provide systems and methods to overcome these drawbacks.
Means for Solving the Problems
[0006] Summary of the Disclosure Embodiments of this disclosure provide a system for securely processing checkout information requests in a mobile application. This system includes a software application, which includes instructions executed on a user device. Furthermore, the software application is configured to receive checkout requests over a network and to open a communication field in response to the receipt of such checkout requests. The software application can then receive a payload from the card over the communication field, which includes encrypted user identification data and first authentication credentials. Next, the software application decrypts the encrypted user identification data and verifies the decrypted user identification data against a user account. Based on the verification against the user account, it then obtains checkout data that can satisfy the checkout request.
[0007] Embodiments of this disclosure provide a method for securely processing a checkout information request in a software application that includes instructions executed on a user device. This method includes the following steps: The software application receives a checkout request over a network and opens a communication field in response to the receipt of the checkout request. The software application then receives a payload from the card over the communication field, which includes encrypted user identification data and first authentication credentials. The software application then decrypts the encrypted user identification data and verifies the decrypted user identification data against a user account. Finally, based on the verification against the user account, it obtains checkout data that can satisfy the checkout request.
[0008] Embodiments of the present disclosure provide a computer-readable non-temporary medium which, when executed by the processor, includes computer-executable instructions that configure the processor to perform the following steps: receive a checkout request and open a communication field in response to the receipt of the checkout request. The processor then receives at least one payload from the card as the card enters the communication field, the payload containing one or more encrypted user identification data and at least one first authentication credentials. The processor then decrypts the encrypted user identification data and verifies the decrypted user identification data against an existing user account. Based on the verification against the existing user account, the processor then obtains checkout data that can satisfy the checkout request.
[0009] Further features of the systems and methods described herein, and the advantages they offer, are described in more detail below with reference to specific embodiments shown in the accompanying drawings. [Brief explanation of the drawing]
[0010] To facilitate a better understanding of the present invention, please refer to the accompanying drawings. These drawings are not intended to limit the present invention, but are solely for illustrative purposes to illustrate various aspects and embodiments of the present invention.
[0011] [Figure 1] Figure 1 is a block diagram showing a system according to one embodiment. [Figure 2] Figure 2 is a block diagram of a card according to one embodiment. [Figure 3] Figure 3 shows a contact pad according to one embodiment. [Figure 4] Figure 4 is a flowchart showing the process according to one embodiment. [Figure 5] Figure 5 shows a communication field according to one embodiment. [Figure 6] Figure 6 is a flowchart showing the process according to one embodiment. [Figure 7] Figure 7 is a flowchart showing the process according to one embodiment. [Figure 8] Figure 8 is a flowchart showing the process according to one embodiment. [Modes for carrying out the invention]
[0012] To illustrate the various features of the present invention, embodiments of the present invention are shown below. The embodiments described herein are not intended to limit the scope of the present invention, but rather to provide examples of the components, methods of use, and operation of the present invention.
[0013] Furthermore, the features, advantages, and characteristics of the described embodiments can be combined in any way as appropriate. Those skilled in the art will understand that some embodiments may be implementable without including certain features or advantages. Also, other embodiments may have additional features or advantages not common to all embodiments. Those skilled in the art will understand that the features, advantages, and characteristics described in any embodiment can be combined with those of any other embodiment.
[0014] The flowcharts and block diagrams shown in the drawings illustrate possible implementations of the architecture, functionality, and operation of the systems, methods, and computer program products according to each embodiment of the present invention. In this regard, each block in a flowchart or block diagram may represent a module, segment, or part of an instruction containing one or more executable instructions for performing a specified logical function. In alternative implementations, functions may be executed in an order different from that shown in the diagrams. For example, two blocks shown consecutively may actually be executed almost simultaneously, or in reverse order depending on the function. Furthermore, each block in a block diagram and / or flowchart, and combinations thereof, can be implemented by a dedicated hardware-based system or a combination of dedicated hardware and computer instructions that performs a particular function or operation.
[0015] This embodiment relates to a technology that makes the checkout process simpler and more secure by using contactless cards. When a user is ready to complete their purchase, for example, when checking out a cart using a mobile shopping application, the user can tap a contactless card on their device to interact with the software application. The contactless card transmits authentication credentials to the mobile application. The mobile application verifies these credentials and matches them against a registered user. Based on the verified user information, the application retrieves data necessary for checkout, such as card information, personal identification information, and shipping information.
[0016] These embodiments offer many advantages over conventional methods. For example, transactions in mobile shopping applications can be completed much faster. Instead of requiring users to manually enter checkout information or subjecting them to the risk of incorrect information being entered through autofill features, users can simply tap their contactless card, and the application can automatically fill in the necessary information. As a result, users save time and effort, and experience reduced stress.
[0017] Furthermore, this embodiment provides a more secure method for performing checkout. The communication field ensures that authentication credentials are transmitted to the merchant over a very short distance and in a short time. This reduces the risk of third parties intercepting credentials or other personal information. In addition, the server itself retrieves the checkout data after matching the personal information with the registered user. Therefore, the checkout data itself is stored only within the server.
[0018] Figure 1 is a block diagram showing a system according to one embodiment.
[0019] FIG. 1 shows a system 100 according to an example embodiment. The system 100 can include a contactless card 110, a user device 120, a server 130, a network 140, and a database 150. Although each component is shown as one in FIG. 1, the system 100 can include any number of components.
[0020] The system 100 can include one or more contactless cards 110, which will be described later with reference to FIGS. 2 and 3. In some embodiments, the contactless card 110 can wirelessly communicate with the user device 120 using, for example, NFC.
[0021] The system 100 can include a user device 120. The user device 120 can be a network-enabled computer device. Examples of network-enabled computer devices include, but are not limited to, servers, network appliances, personal computers, workstations, telephones, handheld PCs, PDAs, thin clients, fat clients, Internet browsers, mobile devices, kiosks, contactless cards, ATMs, and other computer or communication devices. For example, network-enabled devices include Apple's iPhone, iPod, iPad, and other mobile devices running Apple's iOS, devices running Microsoft's Windows Mobile, devices running Google's Android, and other smartphones, tablets, wearable mobile devices, etc.
[0022] The user device 120 may include a processor 121, memory 122, and application 123. The processor 121 is a processor, microprocessor, or other processing unit, and the user device 120 may include one or more of these. The processor 121 includes processing circuitry and may optionally include additional processors, memory, error and parity / CRC checkers, data encoders, anti-collision algorithms, controllers, command decoders, security primitives, tamper-proof hardware, etc.
[0023] The processor 121 may be connected to memory 122. Memory 122 may be read-only memory, once-write multi-read memory, or read-write memory (e.g., RAM, ROM, EEPROM), and the user device 120 may include one or more of these memories. Read-only memory may be programmed as read-only at the factory or configured as one-time programmable. One-time programmable memory can be written to once and read multiple times thereafter. Once-write multi-read memory can be programmed at any point after the memory chip leaves the factory. Once programmed, it cannot be rewritten, but it can be read multiple times. Read-write memory can be written to and rewritten multiple times after the factory, and similarly, it can be read multiple times. Memory 122 may be configured to store one or more software applications, such as application 123, or other data, such as the user's personal data or financial account information.
[0024] Application 123 may include one or more software applications that include instructions executed on user device 120, such as mobile applications or web browsers. User device 120 can enable network communication with components of system 100 and run applications for sending and receiving data and performing the functions described herein. When executed by processor 121, application 123 performs the functions described herein, in particular the steps and functions in the process flow described below. These processes may be implemented as software (such as software modules) executed on a computer or other device. Application 123 may provide a graphical user interface (GUI) for the user to browse and operate other components and devices within system 100. The GUI is presented on a display device in HTML, XML, or other appropriate format, and its format is determined, for example, as a web page, depending on the application used when the user interacts with system 100.
[0025] The user device 120 may further include a display 124 and an input device 125. The display 124 can be any type of device for presenting visual information, such as a computer monitor, a flat panel display, or a mobile device screen. This includes liquid crystal displays, LED displays, plasma panels, CRT displays, etc. The input device 125 may include any device available to and supported by the user device 120 for inputting information into the user device 120. Examples include a touchscreen, keyboard, mouse, cursor control device, microphone, digital camera, video recorder, camcorder, etc. These devices are used for inputting information and interacting with the software and other devices described herein.
[0026] System 100 may include a server 130. The server 130 may be a network-enabled computer device. Examples of network-enabled computer devices include, but are not limited to, servers, network appliances, personal computers, workstations, telephones, handheld PCs, PDAs, thin clients, fat clients, internet browsers, mobile devices, kiosks, contactless cards, and other computer or communication devices. Examples include Apple's iPhone®, iPod®, iPad®, and other mobile devices running iOS®, Microsoft's devices running Windows® Mobile, Google's devices running Android®, and other smartphones, tablets, and wearable mobile devices.
[0027] Server 130 may include a processor 131, memory 132, and application 133. Processor 131 is a processor, microprocessor, or other processing unit, and Server 130 may include one or more of these. Processor 131 includes processing circuitry and may include additional components as needed to perform the functions described herein, including additional processors, memory, error and parity / CRC checkers, data encoders, anti-collision algorithms, controllers, command decoders, security primitives, tamper-proof hardware, etc.
[0028] The processor 131 may be connected to memory 132. Memory 132 may be read-only memory, once-write multi-read memory, or read-write memory (e.g., RAM, ROM, EEPROM), and the server 130 may include one or more of these memories. Read-only memory may be programmed as read-only at the factory or configured as one-time programmable. One-time programmable memory can be written to once and read multiple times thereafter. Once-write multi-read memory can be programmed at any point after the memory chip leaves the factory. Once programmed, it cannot be rewritten, but it can be read multiple times. Read-write memory can be written to and rewritten multiple times after the factory, and similarly, it can be read multiple times. Memory 132 may be configured to store one or more software applications, such as application 133, or other data, such as user personal data or financial account information.
[0029] Application 133 may include one or more software applications that include instructions executed on Server 130. Server 130 can enable network communication with components of System 100 and execute applications for sending and receiving data and performing the functions described herein. When executed by Processor 131, Application 133 performs the functions described herein, in particular the steps and functions in the process flow described below. For example, Application 133 is used to receive web form data from User Device 120 and Card 110, maintain a web session between User Device 120 and Card 110, and mask personal data received from User Device 120 and Card 110. These processes may be implemented as software (such as software modules) executed on a computer or other device. Application 133 may provide a graphical user interface (GUI) for the user to browse and operate other components and devices within System 100. The GUI is presented on a display device in HTML, XML, or other appropriate format, and its format is determined by the application used when the user interacts with System 100.
[0030] Server 130 may further include a display 134 and an input device 135. The display 134 could be any type of device for presenting visual information, such as a computer monitor, flat panel display, or mobile device screen. This includes liquid crystal displays, LED displays, plasma panels, and CRT displays. The input device 135 could include any device available to and supported by Server 130 for inputting information into Server 130. Examples include a touchscreen, keyboard, mouse, cursor control device, microphone, digital camera, video recorder, and camcorder. These devices are used for inputting information and interacting with the software and other devices described herein.
[0031] System 100 may include one or more networks 140. For example, network 140 may be a wireless network, a wired network, or a combination thereof, and may be configured to connect user devices 120, a server 130, a database 150, and a card 110. For example, network 140 may include one or more fiber optic networks, passive optical networks, cable networks, internet networks, satellite networks, wireless LANs (LANs), GSM, PCS, PAN, WAP, MMS, EMS, SMS, TDM systems, CDMA systems, D-AMPS, Wi-Fi, fixed wireless data, IEEE 802.11b, 802.15.1, 802.11n, 802.11g, Bluetooth®, NFC, radio frequency identification (RFID), and Wi-Fi.
[0032] Furthermore, network 140 may include global networks such as telephone lines, optical fibers, IEEE Ethernet 902.3, WANs, wireless PANs, LANs, or the Internet. Network 140 may also support Internet networks, wireless communication networks, cellular networks, or any combination thereof. Network 140 may be configured as a single network, or as multiple networks operating individually or in cooperation. Network 140 may utilize one or more protocols of one or more communicatively connected network elements. Network 140 may convert from other protocols to one or more protocols of network devices, or vice versa. Although shown as a single network in the illustration, network 140 may actually consist of multiple interconnected networks such as the Internet, service provider networks, cable television networks, corporate networks (e.g., credit card association networks), and home networks. Furthermore, network 140 may include, or be configured to generate, one or more publicly accessible front channels with observable content, and one or more secure back channels that are not publicly accessible and whose content is not observable.
[0033] System 100 may include a database 150. Database 150 may be one or more databases for storing user personal data, financial accounts, user identification information, user transaction information, authenticated and unauthenticated documents, etc. Database 150 may consist of relational databases, non-relational databases, other database implementations, or a combination thereof (including multiple relational and non-relational databases). It may also be a desktop database, a mobile database, or an in-memory database. Database 150 may be hosted internally on server 130, or it may be hosted externally, such as on a cloud platform or other external storage device, that can communicate with server 130 for data.
[0034] The processing procedures described in this disclosure may be performed by a processing unit or computing device (e.g., a computer hardware configuration). This processing / computing device is a computer / processor comprising one or more microprocessors and uses instructions stored in non-temporary computer-readable media (such as RAM, ROM, hard drives, or other storage devices). For example, the computer-readable media may be part of the memory of a card 110, a user device 120, a server 130, a network 140, a database 150, etc.
[0035] A computer-readable medium (e.g., a storage device such as a hard disk, floppy disk, memory stick, CD-ROM, RAM, ROM, or a combination thereof, as described herein) may be provided (for example, in a manner that allows communication with the processing unit). Executable instructions are stored on this medium. Alternatively, a storage device may be provided separately from the computer-readable medium and configured to supply instructions to the processing unit to execute the processing procedures and methods described above.
[0036] Figure 2 shows a contactless card 200 according to one embodiment. The contactless card 200 may be issued by a service provider 205 and may include payment cards such as credit cards, debit cards, and gift cards displayed on the front or back of the card 200. The payment card may also be a dual-interface contactless payment card. Furthermore, the contactless card 200 is not limited to a payment card and may be an ID card, membership card, loyalty card, transport card, access card, etc. The card may be associated with an spending account, savings account, investment account, hybrid account, credit account, or other financial account.
[0037] The contactless card 200 may include a base material 210, which may consist of a single layer or multiple laminates made of plastic, metal, or other materials. Examples of base material materials include PVC, PVC acetate, ABS, polycarbonate, polyester, titanium anodized oxide, palladium, gold, carbon, paper, and biodegradable materials. The contactless card 200 has physical properties compliant with the ID-1 format of ISO / IEC 7810, and may also comply with ISO / IEC 14443. However, the contactless card 200 of this disclosure is not limited to these, and does not need to be implemented as a payment card.
[0038] The contactless card 200 may include identification information 215 displayed on the front or back of the card, and a contact pad 220. The contact pad 220 is configured to make contact with communication devices such as user devices, smartphones, laptops, desktops, and tablets. The contactless card 200 may also include processing circuits, antennas, and other components not shown in Figures 2 and 3. These components may be located behind the contact pad 220 or at other locations on the base material 210. Furthermore, the back of the card may include a magnetic stripe or magnetic tape (not shown in Figure 2).
[0039] Figure 3 shows the contact pad 305 of a contactless card 200 according to one embodiment.
[0040] As shown in Figure 3, the contact pad 305 includes a processing circuit 310 for storing and processing information, which includes a microprocessor 320 and memory 325. The processing circuit 310 may optionally include additional processors, memory, error and parity / CRC checkers, data encoders, anti-collision algorithms, controllers, command decoders, security primitives, tamper-proof hardware, etc.
[0041] Memory 325 may be read-only memory, once-write multi-read memory, or read-write memory (e.g., RAM, ROM, EEPROM), and contactless card 200 may include one or more of these memories. Read-only memory may be programmed as read-only at the factory or configured as one-time programmable. One-time programmable memory can be written to once and read multiple times thereafter. Once-write multi-read memory can be programmed at any time after the memory chip leaves the factory. Once programmed, it cannot be rewritten, but it can be read multiple times. Read-write memory can be written to and rewritten multiple times after the factory and can be read multiple times.
[0042] Memory 325 may be configured to store one or more applets 330, one or more counters 335, and a customer identifier 340. The applet 330 may include one or more software applications configured to run on one or more contactless cards and perform the functions described herein, such as a JavaCard applet. However, the applet 330 is not limited to a JavaCard applet and may be any software application capable of running on contactless cards or other memory-constrained devices. The counter 335 may include a numeric counter capable of storing integers. The customer identifier 340 includes a unique alphanumeric identifier assigned to a user of a contactless card 200, which is used to distinguish a user of a contactless card from a user of another contactless card. In some examples, the customer identifier 340 may also identify a customer and the accounts assigned to that customer, and further identify the contactless cards associated with those accounts.
[0043] Although the processor and memory elements in the above embodiments have been described with reference to the contact pad, this disclosure is not limited thereto. These elements may be implemented outside of the pad 305, or completely independently of the pad 305, or as additional elements in addition to the processor 320 and memory 325 within the contact pad 305.
[0044] In some examples, the contactless card 200 may include one or more antennas 315. The antennas 315 may be located within the contactless card 200 and around the processing circuit 310 of the contact pads 305. For example, the antennas 315 may be integrated with the processing circuit 310 and used in conjunction with an external booster coil. In other examples, the antennas 315 may be located outside the contact pads 305 and the processing circuit 310.
[0045] In one embodiment, the coil of the contactless card 200 can function as the secondary side of an air-core transformer. A terminal can communicate with the contactless card 200 by intermittent or amplitude modulation of power. The contactless card 200 can estimate data transmitted from the terminal by utilizing a gap in the power connection, which is functionally maintained by one or more capacitors. Furthermore, the contactless card 200 can respond by switching the load on the card's coil, i.e., by load modulation. Load modulation can be detected by the terminal-side coil through interference.
[0046] As described above, the contactless card 200 is built on a software platform that can run on smart cards or other memory-constrained devices, such as JavaCard, and can securely run one or more applications or applets. Applets can be added to the contactless card to provide one-time passwords (OTPs) for multi-factor authentication (MFA) in various use cases using mobile applications. An applet may be configured to respond to one or more requests, such as a near-field data exchange request from a reader such as a mobile NFC reader, and generate an NDEF message that encodes a cryptographically secure OTP as an NDEF (NFC Data Exchange Format) text tag.
[0047] Figure 4 is a flowchart of a key diversification method 400 related to an example of this disclosure.
[0048] In some examples, the sender and receiver may wish to exchange data via a sending device and a receiving device. In one embodiment, the sending device is a contactless card and the receiving device is a server. In another embodiment, the receiving device may be a user device. In yet another embodiment, the sending device and the receiving device may be network-enabled computer devices as described herein. One or more sending devices and one or more receiving devices may be involved, as long as the sending and receiving devices share the same shared secret symmetric key. The sending and receiving devices may be provisioned with the same master symmetric key. In another example, the sending device may be provisioned with a diversified key generated using the master key. The symmetric key may be a shared secret symmetric key that is kept confidential from all parties other than the sending and receiving devices. Also, some of the data exchanged between the sending and receiving devices may include data called a counter value. The counter value is a numerical value that changes each time data is exchanged between the sending and receiving devices. The sending and receiving devices may be configured to communicate via NFC, Bluetooth, RFID, Wi-Fi, etc.
[0049] Method 400 begins at step 405. In step 405, the transmitting and receiving devices are provisioned with the same master key (e.g., the same master symmetric key). The transmitting device updates a counter when it is ready to process sensitive data using a symmetric cryptographic operation. Furthermore, the transmitting device selects an appropriate symmetric encryption algorithm. This may include at least one of the following: a symmetric encryption algorithm, an HMAC algorithm, or a CMAC algorithm. The symmetric algorithm used to process the divergence value can be any symmetric encryption algorithm used as needed to generate a divergence symmetric key of the desired length. Examples include symmetric encryption algorithms such as 3DES and AES128, symmetric HMAC algorithms such as HMAC-SHA-256, and symmetric CMAC algorithms such as AES-CMAC.
[0050] In step 410, the transmitting device uses the selected cryptographic algorithm and processes the counter value using the master symmetric key. For example, the sender selects a symmetric encryption algorithm and uses a counter that is updated with each communication between the transmitting and receiving devices. The counter can be a numeric counter capable of storing an integer. The transmitting device can increment the counter one or more times.
[0051] In step 415, the transmitting device generates two session keys: an ENC (encryption) session key and a MAC (message authentication code) session key. The transmitting device generates the session keys by encrypting the counter value with the master symmetric key using the selected symmetric encryption algorithm.
[0052] In step 420, the transmitting device generates a MAC based on the counter, a unique customer identifier, and a shared secret MAC session key. The customer identifier is a unique alphanumeric identifier assigned to a contactless card user, and the identifier is used to distinguish a contactless card user from other contactless card users. In some examples, the customer identifier may also identify the customer and the account assigned to that customer, and further identify the contactless card associated with that account.
[0053] In step 425, the sending device encrypts the MAC with the ENC session key. The encrypted MAC can be a cryptogram. In some examples, cryptographic operations other than encryption may be performed, and multiple cryptographic operations may be performed using a diversified symmetric key before sending the protected data.
[0054] In some cases, MAC cryptograms can be used as digital signatures to verify user information. Other digital signature algorithms, such as public-key asymmetric algorithms (e.g., Digital Signature Algorithm or RSA algorithm), or zero-knowledge protocols, can also be used for this verification.
[0055] In step 430, the sending device sends a cryptogram to the receiving device. The cryptogram may include applet information, a unique customer identifier, a counter value, and an encrypted MAC. In step 435, the receiving device verifies the cryptogram. For example, the receiving device generates its own UDK (unique diversified key) using the unique customer identifier 340 and the master key. The unique customer identifier is derived from the verified cryptogram. Recall that the receiving device has already provisioned the master key. The receiving device generates two session keys: an ENC (encryption) session key and a MAC (message authentication code) session key. These session keys may be generated from the UDK and the counter value. The counter value is derived from the cryptogram. The receiving device uses the session keys to decrypt the MAC in the cryptogram sent from the sending device. The output of the cryptographic process may be the same diversified symmetric key value as generated by the sender. For example, the receiving device can use the counter to generate its own copies of the first and second diversified session keys. Next, the receiving device decrypts the protected data using the second diversification session key and obtains the output of the MAC generated by the transmitting device. The receiving device then performs MAC processing using the first diversification session key. The receiving device verifies the MAC using the MAC session key generated in step 415. The receiving device can then verify the MAC against the unique customer identifier and counter value.
[0056] Figure 5 shows a near-field communication (NFC) system according to one embodiment.
[0057] Generally, NFC is a technology that uses electromagnetic fields to transmit data, allowing two or more devices to communicate without physical contact. NFC operates at 13.56 MHz on the ISO / IEC 18000-3 air interface and supports speeds from 106 kbit / s to 424 kbit / s. When two NFC-enabled devices are placed very close together (e.g., a few centimeters), information can be exchanged. NFC is beneficial for consumer transactions because it enables instant reading of information. Since the receiving device reads the data the moment it is transmitted, human error is greatly reduced. The time required to read a card is also shortened. Instead of swiping a card, the user only needs to lightly touch the card or user device to the NFC-enabled reader. Furthermore, NFC reduces the risk of interference by unauthorized third parties. Because NFC devices communicate only over very short distances, intercepting communications is extremely difficult.
[0058] One example of NFC communication is NFC card emulation, where a smartphone acts like a smart card, enabling transactions such as payments. NFC reader / writer communication allows devices to read information stored on NFC tags embedded in labels or smart posters. Furthermore, NFC peer-to-peer communication allows two NFC-enabled devices to exchange information with each other.
[0059] The NFC standard defines communication protocols and data exchange formats, and is based on existing RFID standards, including ISO / IEC 14443 and FeliCa®. The standards include ISO / IEC 18092 and standards defined by the NFC Forum.
[0060] In Figure 5, the user device 505 and the contactless card 510 interact within the NFC field 515. See Figure 1 for the user device. See Figures 2 and 3 for the contactless card. Both devices are equipped with NFC technology and are positioned close to each other to exchange information within the communication field.
[0061] Figure 6 shows a flowchart of one embodiment. This process may include contactless cards, mobile applications or other software applications, servers, and networks. Generally, a mobile application is an application that runs on a mobile device such as a smartphone, tablet, or smartwatch, or a computer-enabled mobile device. A mobile application may be accessed via a user device as described in Figure 1. In some embodiments, a mobile application may include an SDK (Software Development Kit) configured to send and receive information over a communication field. In other embodiments, a web application may be used instead of a mobile application. In other embodiments, a software application may be associated with a merchant mobile application or merchant software application configured to perform one or more mobile transactions. A merchant mobile application or merchant software application is a software application associated with one or more merchants and accessible through a computer-enabled device. Mobile transactions may include the exchange of information from one mobile device to another mobile device, computer-enabled device, or other device.
[0062] Action 605 receives a checkout request or a checkout information request. A checkout request may be sent from the server to a mobile application over the network. In another embodiment, a checkout request may be sent from a contactless card to a mobile application via a communication field, card reader, or wireless network. Alternatively, a user may send one to a mobile application over the network via their user device. For example, a user may send a checkout request to a mobile application when they have finished shopping. Other examples of checkout requests that may be associated with experiences or activities include: dining experiences, theater performances, movie screenings, concerts, theme parks, art exhibitions, museums, shopping, home tours, hotel stays, travel experiences (airplane, bus, train, or ship), equipment purchase or rental, beauty experiences (haircut, massage, facial, pedicure, manicure, etc.), sports events (baseball, American football, basketball, hockey, etc.), and other consumer experiences.
[0063] Action 610 allows a mobile application to open a communication field. See Figure 5 for details on the communication field. The communication field may be opened via a user device, such as a network-enabled computer device, a personal computer, or other device described in Figure 1. In another embodiment, the communication field may be opened by a mobile application running on the user device and / or another device. The communication field may be at least an NFC (Near Field Communication) field, a Bluetooth field, or an RFID (Radio Frequency Identification) field. In another embodiment, multiple communication fields may be opened.
[0064] When the communication field is opened, in action 615, the mobile application can receive a payload from the contactless card. As a non-limiting example, a user may place a contactless card in the communication field and transmit a payload. The payload may include encrypted user data. User data may include user identification data, which includes encrypted personal identification information such as name, email address, telephone number, address, and other identifying information. Furthermore, encrypted user data or encrypted user identification data may include contactless card information, account information, unique customer identifiers, counters, or a combination thereof. User data may be encrypted using a hash function such as SHA-256 or a similar hash function. The proximity of encrypted user data to the communication field enhances the security of the transaction. Furthermore, the payload may include one or more secret keys required for decryption. An example of diversified key exchange is illustrated with reference to Figure 4, but is not limited thereto.
[0065] Action 620 allows the payload to be decrypted. This process may be performed by a mobile application. In another embodiment, the mobile application may send the payload to a server, where decryption may be performed. The payload may be decrypted using a secret key or other shared key sent with the payload. In some embodiments, the mobile application or software application may send the decrypted payload or decrypted user identification data to a server, the server may match the decrypted user identification data against a user account that includes at least checkout data, and then the server may send the checkout data to the mobile application.
[0066] Action 625 allows the decrypted user data to be matched against a registered user account. This process can be performed by a mobile application or a server. In some embodiments, the mobile application matches the user data against a registered user account, and in Action 630, the mobile application or server retrieves checkout data and fulfills the checkout request. Checkout data can be retrieved from a database or data storage associated with the mobile application or server. If the server retrieves the data, it sends the checkout data to the mobile application. Upon receiving the checkout data, the mobile application automatically populates or completes the information fields necessary to complete the consumer transaction. Checkout data may include card number, security code (CVV), card expiration date, etc. It may also include shipping address, name, and account number associated with the mobile application.
[0067] In some embodiments, a mobile application may provide a virtual card number (VCN) or a temporary virtual card to complete a transaction after decrypting user information and matching it with a registered user. A virtual payment card is a unique payment card that allows a user to complete a transaction without using an actually assigned card number in a main payment card account linked to one or more of their financial accounts. In some examples, a virtual payment card may be limited to one-time use. In other examples, a virtual payment card may be limited to a predetermined number of uses or unlimited use within a predetermined period. In yet another example, a virtual payment card may be restricted to use only with specific merchants, including individual merchants, individual merchants located in specific locations, or groups of merchants.
[0068] Virtual payment cards may have other features described herein. Virtual payment cards may be available through third-party mobile or web applications. They may also be sent via SMS (Short Message Service) or MMS (Multimedia Service) from the account processing system. Virtual cards may contain the same information as the physical contactless cards described in Figures 2 and 3. Virtual payment cards may expire after a certain period of time, such as 15 minutes. This time may be significantly extended or shortened.
[0069] Virtual payment cards may expire if the user device leaves a designated geographical area. For example, a virtual payment card may be limited to a specific shopping mall or store. The area is electronically bounded, and the virtual payment card expires if the user device or card leaves that area. This designated area may be determined by the management processing system, the account processing system, or the user themselves. The geographical area can vary considerably. For example, it may be limited to a small area around a specific store. Also, virtual payment cards may be limited to a specific vendor. For example, a card that can only be used at a specific vendor in a particular location. Furthermore, it may be limited to vendors within a designated area such as a mall, market, or flea market. In another example, it may be limited to an entire franchise and usable at any store belonging to that franchise.
[0070] Furthermore, virtual payment cards may be limited by their available balance. For example, a card's limit may be set at $100. This amount can vary significantly. The amount may be determined by the user, the administrative processing system, or the account processing system. A virtual payment card may combine one or more of these limitations. Later, the virtual payment card may be used for checkout when the user completes their reservation. As another example, the available balance limit may vary based on whether the user is within or outside a given geographical area, or whether it is for a particular vendor (e.g., higher amounts available within the area, higher amounts available for a particular vendor, etc.).
[0071] Figure 7 is a method flowchart illustrating a process according to one embodiment. Method 700 shows how a mobile application creates a user account during checkout processing or processing of a checkout information request. By obtaining user information, the mobile application can quickly create a user account associated with a transaction, saving time and effort. In another embodiment, a web application may be used instead of a mobile application. In yet another embodiment, the software application may be associated with a merchant mobile application or merchant software application configured to perform one or more mobile transactions. A merchant mobile application or merchant software application is a software application associated with one or more merchants and accessible through a computer-enabled device. Mobile transactions may include the exchange of information from one mobile device to another mobile device, computer-enabled device, or other device.
[0072] Action 705 involves a mobile application receiving a checkout request. The mobile application may be associated with a merchant or other provider of consumer products, services, or experiences. The checkout request may be transmitted from a server to the mobile application via a network. In another embodiment, a contactless card may transmit the request to the mobile application via a communication field, card reader, or wireless network. Alternatively, a user may transmit the request to the mobile application over a network via their user device. An example is a user sending a checkout request to the mobile application when they have finished shopping.
[0073] Action 710 allows a mobile application to open a communication field. See Figure 5 for details on communication fields. Communication fields can be opened via a user device, such as a computer-enabled mobile device, a personal computer, or other devices described in Figure 1. Communication fields include at least an NFC (Near Field Communication) field, a Bluetooth field, or an RFID (Radio Frequency Identification) field. In other embodiments, multiple communication fields may be opened. For example, the first communication field may be used to transmit a payload, and the second communication field may be used to receive an account creation request.
[0074] When the communication field is opened, in action 715, the mobile application can receive a payload from the contactless card. In a non-limiting example, the user places the contactless card in the communication field and transmits the payload. The payload may contain encrypted user data. User data may include personally identifiable information such as name, email address, phone number, and address. Furthermore, encrypted user data may include contactless card information, account information, unique customer identifiers, counters, or a combination thereof. User data may be encrypted using a hash function such as SHA-25. The proximity of the encrypted user data to the communication field enhances the security of the transaction. The payload may also contain one or more secret keys required for decryption. See Figure 4 for key diversification exchange.
[0075] Action 720 allows the payload to be decrypted. This process may be performed by a mobile application. In another embodiment, the mobile application may send the payload to a server, where decryption may be performed. The payload may be decrypted using a private key or other shared key sent with the payload. In some embodiments, the mobile application may send the decrypted payload or decrypted user identification data to the server, which may then match it against the user account and return the checkout data to the mobile application.
[0076] In some embodiments, the checkout process related to consumer transactions requires the creation of a user account in action 725. The mobile application receives the account creation request over the network. This request may be sent from the user device described in Figure 1.
[0077] In response to an account creation request, the mobile application generates a user account in action 730. The mobile application retrieves the necessary account information from a database, data storage unit, or server. User data may include information necessary for account creation, such as personal information including name and address, payment information such as contactless card information, and a randomly generated password.
[0078] Once a user account is created, action 735 allows the mobile application to proceed with the checkout process or the processing of the checkout information request. Checkout data may include card number, security code (CVV), card expiration date, etc. It may also include shipping address, name, and account number associated with the mobile application. This data allows the system to fulfill the checkout request or checkout information request received in action 705.
[0079] Figure 8 is a flowchart of Method 800. In some embodiments, the mobile application may request a second authentication credential in addition to the payload described in Figures 6 and 7. This second authentication credential improves the security of the checkout process and significantly reduces fraudulent purchases. In another embodiment, a web application may be used instead of a mobile application. In yet another embodiment, the software application may be associated with a merchant mobile application or merchant software application configured to perform one or more mobile transactions. A merchant mobile application or merchant software application is a software application associated with one or more merchants and accessible through a computer-enabled device. Mobile transactions may include the exchange of information from one mobile device to another mobile device, computer-enabled device, or other device.
[0080] Action 805 allows a mobile application to receive a checkout request or checkout information request. The mobile application may be associated with a merchant or other provider of consumer products, services, or experiences. The checkout request may be sent from a server to the mobile application over a network. In another embodiment, a contactless card may send it to the mobile application via a communication field, card reader, or wireless network. Alternatively, a user may send it to the mobile application over a network via their user device. A non-limiting example is when a user has finished shopping and has sent a checkout request to the mobile application.
[0081] Action 810 allows a mobile application to open a communication field. See Figure 5 for details on the communication field. The communication field can be opened via a user device, such as a computer-enabled mobile device, a personal computer, or other devices described in Figure 1. The communication field includes at least an NFC (Near Field Communication) field, a Bluetooth field, or an RFID (Radio Frequency Identification) field. In other embodiments, multiple communication fields may be opened.
[0082] When the communication field is opened, in action 815, the mobile application can receive a payload from the contactless card. This payload may be the first authentication credentials received by the mobile application. In a non-limiting example, the user places the contactless card in the communication field and transmits the payload. The payload may contain encrypted user data. User data may include personally identifiable information such as name, email address, phone number, and address. Furthermore, encrypted user data may include contactless card information, account information, unique customer identifiers, counters, or a combination thereof. User data may be encrypted using a hash function such as SHA-256. The proximity of the encrypted user data to the communication field enhances the security of the transaction. The payload may also contain one or more secret keys required for decryption. See Figure 4 for key diversification exchange.
[0083] Action 820 allows the payload to be decrypted. This process may be performed by the mobile application. In another embodiment, the mobile application may send the payload to a server, where decryption may be performed. Once the payload is decrypted, the mobile application can match the user data against a registered user. In another embodiment, the mobile application sends the decrypted user data to a server, which matches the user data against a registered user. This process verifies the first authentication credentials. In some embodiments, the mobile application may send the decrypted payload or decrypted user identification data to a server, which matches it against a user account (including at least the checkout data), and then returns the checkout data to the mobile application.
[0084] Action 825 allows the mobile application to send a second authentication request. This second authentication request may include an SMS containing a one-time password (OTP), a biometric authentication request, a password or PIN (personal identification number) request, or an email authentication request. Biometric authentication may include facial scanning, iris scanning, fingerprint scanning, user facial feature ratio, hand scanning, voice recognition / speech scanning, or handwriting recognition. Biometric data may be transmitted from the user device to the mobile application over the network. The second authentication request may be transmitted over the network to the user device as described in Figure 1.
[0085] Action 830 involves the mobile application receiving a second set of authentication credentials, which may be received over a network.
[0086] In action 835, the mobile application verifies the second authentication credentials. This is done by matching the credentials against a registered user. In some embodiments, the mobile application may send the credentials to a server where verification is performed. The credentials may be hashed or otherwise encrypted before being sent to the server. Once the credentials are verified, the mobile application proceeds to process the checkout or checkout information request in action 840. Checkout data may include card number, security code (CVV), card expiration date, etc. It may also include shipping address, name, and account number associated with the mobile application. This data allows the checkout request or checkout information request to be fulfilled.
[0087] One aspect of the technology described herein relates to a system for securely processing checkout information requests. This system includes: A software application that contains instructions executed on a user device. The software application is configured to perform the following: Receive checkout requests via the network. Open the communication field in response to the receipt of the checkout request. The payload is received from the card via the communication field. The payload contains encrypted user identification data and the first authentication credentials. Decrypt encrypted user identification data. The decrypted user identification data is then compared against the user account. Checkout data is retrieved based on matching. This checkout data allows the checkout request to be fulfilled.
[0088] One aspect of the technology described herein relates to a system in which a first authentication credential includes a unique customer identifier associated with a card.
[0089] One aspect of the technology described herein relates to a system in which user identification data includes a number associated with a user device.
[0090] One aspect of the technology described herein relates to a system in which the first authentication credentials include a one-time password (OTP).
[0091] One aspect of the technology described herein relates to a system in which a one-time password (OTP) is sent as an SMS (Short Message Service) to a mobile phone number associated with a user device.
[0092] One aspect of the technology described herein relates to a system in which checkout data includes at least one selected from a group consisting of address, telephone number, and email address, associated with a user account.
[0093] One aspect of the technology described herein relates to a system in which checkout data includes at least one selected from the group consisting of a card number, a security code (CVV), and a card expiration date, relating to a card.
[0094] One aspect of the technology described herein relates to a system in which checkout data is obtained from a server.
[0095] One aspect of the technology described herein relates to a system and is associated with a merchant mobile application configured to perform one or more mobile transactions.
[0096] One aspect of the technology described herein relates to a system in which the authentication credentials are a message authentication code (MAC), the card generates the MAC based on a counter value, a unique customer identifier, and a session key, and the software application decrypts the MAC by generating a private key based on a unique customer identifier and a shared master key.
[0097] One aspect of the technology described herein relates to a system, wherein the software application is configured to further perform the following: Receive an account creation request that includes checkout data. To generate a second user account in response to an account creation request.
[0098] One aspect of the technology described herein relates to a method for securely processing a checkout information request, the method comprising the following steps: A step in which a software application containing instructions to be executed on a user device receives a checkout request over a network. A step in which a software application opens a communication field in response to receiving a checkout request. The software application receives a payload from the card via a communication field (the payload includes encrypted user identification data and first authentication credentials). A step in which a software application decrypts encrypted user identification data. A step in which the software application verifies the decrypted user identification data against the user account. The software application retrieves checkout data based on matching (the checkout data satisfies the checkout request).
[0099] One aspect of the technology described herein, relating to a method, further includes the following steps: The software application receives an account creation request that includes checkout data. A second user account is generated in response to an account creation request.
[0100] One aspect of the technology described herein relates to a method, wherein the card is a contactless payment card associated with an spending account.
[0101] One aspect of the technology described herein, relating to a method, further includes the following steps: The software application sends the decrypted user identification data to the server. The server matches the decrypted user identification data against the user account and returns the checkout data to the software application based on the user account, which at least includes the checkout data.
[0102] One aspect of the technology described herein, relating to a method, further includes the following steps: The software application sends a second authentication request to the user device. The user device responds to the second authentication request by sending the second authentication credentials to the software application.
[0103] One aspect of the technology described herein relates to a method wherein the second authentication credential includes biometric information such as a fingerprint, facial scan, or voice scan.
[0104] One aspect of the technology described herein relates to a method, wherein the software application is a mobile application.
[0105] One aspect of the technology described herein relates to a method in which the communication field includes at least an NFC (Near Field Communication) field, a Bluetooth field, or an RFID (Radio Frequency Identification) field.
[0106] One aspect of the technology described herein relates to a computer-readable non-temporary medium, which includes instructions that, when executed by the processor, configure the processor to perform the following operations: Receive a checkout request. Open the communication field in response to the receipt of the checkout request. The system receives a payload from the card that has entered the communication field (the payload contains one or more encrypted user identification data and at least one first authentication credential). Decrypt encrypted user identification data. The decrypted user identification data is compared against existing user accounts. Retrieve checkout data based on matching (checkout data satisfies the checkout request).
[0107] While embodiments of the present invention have been described in the context of specific implementations in specific environments for specific purposes, those skilled in the art will understand that their usefulness is not limited thereto and that they can be beneficially implemented in other relevant environments for similar purposes. Therefore, the present invention should not be limited by the embodiments, methods, or examples described above, but rather by all embodiments belonging to the scope and spirit of the invention as described in the claims.
[0108] As used herein, “User Information,” “Personal Information,” and “Confidential Information” refer to all information relating to a user (including non-public and public information). Non-public information includes financial data (e.g., account information, balances, transaction history), personal / personally identifiable information (e.g., social security number, home or work address, date of birth, telephone number, email address, passport number, driver's license number), access information (e.g., password, security code, authorization code, biometric information), and other information that the user does not wish to disclose to third parties. Public information includes publicly available data or data that is not intended to be kept confidential.
[0109] While various embodiments of the present invention have been described with reference to the accompanying drawings, it will be apparent to those skilled in the art that various modifications and changes are possible and additional embodiments can be implemented without departing from the broad scope of the present invention as described in the claims. Therefore, the present invention and the drawings should be understood as illustrative rather than restrictive.
[0110] The present invention is not limited by the specific embodiments described herein, which are for illustrative purposes only and illustrate various aspects of the invention. Many modifications and changes are possible without departing from the spirit and scope of the invention. Beyond those described herein, functionally equivalent systems, processes, and apparatus within the scope of the invention may be apparent to those skilled in the art. These modifications and changes are intended to be within the scope of the appended claims. The present invention is limited only by the scope of the appended claims and their equivalents.
[0111] In this specification, “Application” means any software application, including mobile applications, web applications, and other applications. References to mobile applications are not limited to them and should be understood to include software applications in general.
[0112] In this specification, the terms “card” and “contactless card” are not limited to any particular type of card. Unless otherwise specified, “card” is understood to refer to contact cards, contactless cards, and other types of cards. Furthermore, this disclosure is not limited to any particular purpose (e.g., payment cards, gift cards, ID cards, membership cards), any particular type of account (e.g., credit accounts, debit accounts, membership accounts), or any particular issuer (e.g., financial institutions, government agencies, social clubs). Rather, this disclosure encompasses cards of all purposes, account-related, and issuer types.
[0113] Furthermore, the systems and methods described herein may be specifically embodied in one or more physical media, such as CDs, DVDs, floppy disks, hard drives, ROMs, and RAMs, as well as other physical media capable of storing data. Data storage may include RAM and ROMs that can be configured to access and store data and information, as well as computer program instructions. Data storage may also include storage media, or other suitable types of memory (specific non-temporary storage media such as RAM, ROMs, PROMs, EPROMs, EEPROMs, magnetic disks, optical disks, floppy disks, hard disks, removable cartridges, and flash drives), where files constituting the operating system, application programs (e.g., web browser applications, email applications, and other applications), and data files may be stored. Data storage in network-enabled computer systems can include a variety of electronic information, files, and documents stored in flat files, index files, hierarchical databases, relational databases (e.g., Oracle®, Microsoft® Excel, Microsoft® Access), solid-state storage (flash arrays, hybrid arrays, server-side products), enterprise storage (online or cloud storage), or any other storage mechanism. Furthermore, the diagrams show various components such as servers, computers, and processors individually. The functions described for each component may also be performed by other components, and these components may be integrated or separated. Other modifications are also possible.
[0114] The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to each computing / processing unit, or downloaded to an external computer or external storage device via a network (such as the Internet, LAN, WAN, or wireless network). The network may include copper wire, optical fiber, wireless communication, routers, firewalls, switches, gateway computers, edge servers, etc. The network adapter or network interface of each device receives program instructions from the network and stores them in a storage medium.
[0115] The computer-readable program instructions for performing the various operations of the present invention may be assembly instructions, instruction set architecture (ISA) instructions, machine language instructions, machine-dependent instructions, microcode, firmware instructions, state setting data, or source code or object code written in any combination of one or more programming languages, including object-oriented programming languages such as Java, Smalltalk, and C++, or conventional procedural programming languages such as C. The computer-readable program instructions may be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on both the user's computer and a remote computer, or fully on a remote computer or a server. In the latter case, the remote computer may be connected to the user's computer via any type of network, such as a LAN (Local Area Network) or WAN (Wide Area Network), or to an external computer (e.g., an Internet connection via an Internet Service Provider). In some embodiments, electronic circuits such as programmable logic circuits, field-programmable gate arrays (FPGAs), and programmable logic arrays (PLAs) may utilize state information of computer-readable program instructions to personalize the electronic circuits and execute computer-readable program instructions to perform aspects of the present invention.
[0116] These computer-readable program instructions may be provided to a processor of a general-purpose computer, a dedicated computer, or other programmable data processing device to generate a machine. In this case, the instructions executed by the processor of the computer or other programmable data processing device form means for implementing the functions defined herein. Alternatively, these computer-readable program instructions may be stored in a computer-readable storage medium that can instruct a computer, a programmable data processing device, or other device to perform a predetermined operation. In this case, the computer-readable storage medium containing the instructions stored in the storage medium constitutes a product containing instructions that implement the embodiments of the functions defined herein.
[0117] Furthermore, these computer-readable program instructions can be loaded into a computer, another programmable data processing device, or another device, and by causing the computer, other programmable data processing device, or other device to execute a series of operational steps, a computer implementation process can be generated. This allows the instructions executed by the computer, other programmable data processing device, or other device to implement the functions described herein.
Claims
1. A system for securely processing checkout information requests, The system includes a software application that includes instructions executed on a user device, The aforementioned software application is Receiving checkout requests via the network, Opening the communication field in response to receiving a checkout request, Receiving a payload from the card via the aforementioned communication field, The payload further includes encrypted user identification data and first authentication credentials, to be received. Decrypting encrypted user identification data, When encrypted user identification information is decrypted, the decrypted user identification data is compared with the user account, and, The process involves obtaining checkout data based on matching the decrypted user identification data with the user account, wherein the checkout data is capable of satisfying the checkout request. It is configured to perform system.
2. The first authentication credentials include a unique customer identifier associated with the card, The system according to claim 1.
3. The user identification data includes a number associated with the user device. The system according to claim 1.
4. The first authentication credentials include a one-time password (OTP), The system according to claim 1.
5. The aforementioned one-time password (OTP) is sent as an SMS (Short Message Service) to the mobile phone number associated with the user device. The system according to claim 4.
6. The aforementioned checkout data includes at least one selected from the group of address, telephone number, and email address associated with the user account. The system according to claim 1.
7. The aforementioned checkout data includes at least one selected from the group of card number, security code (CVV), and card expiration date. The system according to claim 1.
8. The aforementioned checkout data is obtained from the server. The system according to claim 1.
9. The aforementioned software application is associated with a merchant mobile application configured to perform one or more mobile transactions. The system according to claim 1.
10. The aforementioned authentication credentials are a message authentication code (MAC), The aforementioned card generates the MAC based on a counter value, a unique customer identifier, and a session key. The software application decrypted the MAC by generating a private key based on a unique customer identifier and a shared master key. The system according to claim 1.
11. The aforementioned software application further, Receiving an account creation request that further includes the aforementioned checkout data, and To generate a second user account in response to receiving the aforementioned account creation request. It is configured to perform The system according to claim 1.
12. A method for securely processing checkout information requests, A software application, which includes instructions executed on a user device, receives a checkout request over a network. The steps include opening a communication field by the software application in response to receiving a checkout request, The software application receives a payload from a card via a communication field, the payload further including encrypted user identification data and first authentication credentials. The software application performs the steps of decrypting the encrypted user identification data, Upon decrypting the encrypted user identification data, the software application performs the following steps:
1. Compare the decrypted user identification data with the user account; 2. A step of obtaining checkout data by the software application based on matching the decrypted user identification data with the user account, wherein the checkout data is capable of satisfying the checkout request. Methods that include...
13. The above method further, The software application receives an account creation request that further includes the checkout data, and In response to receiving the aforementioned account creation request, the software application generates a second user account. The method according to claim 12, including the method described in claim 12.
14. The aforementioned card is a contactless payment card associated with an expense account. The method according to claim 12.
15. The above method further, The software application includes the steps of sending the decrypted user identification data to the server, and The software application receives checkout data from the server, wherein the server matches the decrypted user identification information with at least the user account containing the checkout data. The method according to claim 12, including the method described in claim 12.
16. The above method further, The software application transmits a second authentication request to the user device, and The software application receives a second set of authentication credentials from the user device in response to the second authentication request. The method according to claim 12, including the method described in claim 12.
17. The second authentication credential is biometric information including at least a fingerprint, facial scan, or voice scan. The method according to claim 16.
18. The aforementioned software application is a mobile application. The method according to claim 17.
19. The communication field includes at least an NFC (Near Field Communication) field, a Bluetooth field, or an RFID (Radio Frequency Identification) field. The method according to claim 12.
20. A computer-readable non-temporary medium, which, when executed by the processor, includes computer execution instructions that constitute the processor to perform a process including various steps, The aforementioned process is, Steps include receiving a checkout request, Steps include opening a communication field in response to receiving a checkout request, A receiving step of receiving at least a payload from a card that has entered a communication field, wherein the payload further includes at least one encrypted user identification data and at least one first authentication credential, The steps include decrypting encrypted user identification data and The steps include: matching the decrypted user identification data with an existing user account, and A step of obtaining checkout data based on matching the decrypted user identification data with an existing user account, wherein the checkout data is capable of satisfying the checkout request. Computer-readable, non-temporary media, including [specific examples of such media].