CN108780547A

CN108780547A - Agent apparatus for representing multiple certificates

Info

Publication number: CN108780547A
Application number: CN201680064409.7A
Authority: CN
Inventors: 杰弗里·伊恩·凯恩斯; 肯尼思·马格斯; 扬·德雷克; 丹尼尔·J·麦克唐纳; 斯科特·查理斯·巴斯; 阿历克斯·本杰明·英格堡; 保罗·默里; 阿兰·J·摩根
Original assignee: Wo Runxi Holdings Ltd
Current assignee: Wo Runxi Holdings Ltd
Priority date: 2015-09-10
Filing date: 2016-08-24
Publication date: 2018-11-09
Anticipated expiration: 2036-08-24
Also published as: CN108780547B; EP3347866A1

Abstract

Provide payment mechanism and the system and method using the payment mechanism safety management financial transaction.In one embodiment, portable agent apparatus includes the memory for being configured to store multiple certificates.Each in multiple certificates belongs to one of financial instruments, identity certificate or contract certificate.Portable agent apparatus further includes at least one interface, and wherein each of at least one interface is configured to one of multiple certificates being sent to external device (ED) to complete one of financial function, identification function or treaty function.

Description

Agent apparatus for representing multiple certificates

Cross reference to related applications

This application claims the equity for the U.S. Provisional Application US62/283769 that September in 2015 is submitted on the 10th, will by quoting The entire disclosure is incorporated herein.

Technical field

The disclosure relates generally to financial services, and more particularly relate to clearing financial transaction payment mechanism and System.

Background technology

In later stage the 1940s, the U.S. introduces the plastic payment cards such as credit card, most credible as bank Client pay dining and cost of trip a kind of mode, without carrying buckets of cash.Since then, thousands of banks have been Through having issued billions of Payment Cards.

However, a plurality of types of unlawful activities constitute a threat to the safety of conventional payment card system.Identity theft, personation are lived Dynamic, fraud, unwarranted account access and other unlawful activities can all endanger the integrality of system.Traditional Payment Card with And the network for authorizing and debit card is merchandised is easy the extensive attack by identity thief and other offenders.It is a kind of main Payment account fraud form be the unauthorized use payment account when carrying out e-commerce detail.Another main branch Family fraud form of paying a bill is the false card of production and is used at the point of sale of businessman (point-of-sale, POS) device.These are taken advantage of Swindleness form is that the mode of production institute of Payment Card itself is inherent.Specifically, printing or pressing on conventional plastic Payment Card The credit card number of print and other payment account details easily can be replicated or steal.In addition, the magnetic stripe of Payment Card can It is forged.In fact, the loss of bank, businessman and consumer is increasing sharply as caused by cheating Payment Card.Payment Card is taken advantage of Swindleness behavior to lose nearly 20,000,000,000 dollars in industry every year.

These behaviors are the sources for the major financial risk for causing bank and payment brand, are taken advantage of to hit personation and usurp Swindleness behavior, main hair fastener network have used new technology to ensure that legal card is used only in physical point of sale (pos).These The technology developed by payment card industry and hair fastener network alliance (EMVCo) is that plastic clip is added to kept secure and calculates energy The anti-tamper computer microchip of power.EMVCo is the payment industry alliance named with EuroPay, MasterCard and Visa, it Be the initial founder of the tissue, but further include AmericanExpress, Discover, JCB and UnionPay conduct now Equity partner.

The microchip securely store when being traded at businessman POS generate unique password signature needed for information and Program.Calculating process is all safe in each transaction and is securely executed inside embedded microchip, and its result and branch User data of paying a bill is transmitted to issuing bank by existing payment network together, identical in card using being stored at the bank of issue Information is verified.The information of storage is never disclosed by issuer, and cannot be by any practical means from microchip Extraction.Such embedded card of microchip provides disposable code for the every secondary card transaction executed in physical point of sale (pos).If all Businessman is in compliance with this new mechanism, then the risk that can manufacture false card by hijack accounts data is eliminated significantly.

The another way that issuer attempts to hit fraud is to provide with near-field communication (near field Communication, NFC) component card.Enabling the card of NFC components allows user about 10 centimetres near NFC reader Tapping or the swiped through card in range.

However, the card of the embedded card of microchip (also referred to as EMV cards or smart card) and enabling NFC also must adopted not yet It is worked in the environment of new standard.Many businessmans not yet use can activate chip card and read the end of the enabling EMV of password Hold or can be read the NFC reader of wireless communication signals.In order to ensure Payment Card is universally accepted, issuer is at the back side of card One traditional magnetic stripe is set.

In addition, in order to realize e-commerce and phone trading, issuer, which is also provided with, to be printed on card and/or is stamped in Payment accounts on plastics.Therefore, not only microchip and NFC components can be used for carrying out financial transaction, and magnetic stripe can also be used for making Phone or internet business are can also be used for the financial transaction of POS card-payment mode or account.Card sends account information to The method of merchant terminal is referred to as pattern.In other words, chip card can be used at least four different financial transaction patterns, Including such as magnetic stripe stroke pattern, use the various patterns of EMV chips, NFC patterns and manual card number input pattern.Microchip Other patterns may also be enabled, this is a reason there may be the financial transaction pattern different more than four kinds.

Even if encounter one of these new EMV or NFC payment card and within the of short duration time physical control card burglar Sensitive payment account data can also be stolen easily, without regard to embedded chip or NFC components.This can be by from magnetic Payment data is read in item to complete, to prepare the card of a forgery.Burglar can also capture card number by taking pictures to the card To steal data for fraudulent e-commerce.It should be noted that magnetic stripe data and print data be not by security hand Section such as cryptological protection.Then the data revealed may make in the less safe retailer not yet using EMV systems With or burglar can surf the Internet carry out e-commerce transaction.

Therefore, it is necessary to safer Payment Cards.To solve the above-mentioned problems and improve the satisfaction that client experiences Payment Card Degree and control force, the present invention are that Payment Card and banking network and financial transaction authorization and clearing introduce several Innovative Elements.

Invention content

The present disclosure describes the payment mechanism and related system and the sides that use payment mechanism safely to manage financial transaction Method.Payment mechanism can take for example portable agent apparatus, plastic payment cards, virtual card, wearable commerce arrangement, be embedded in The forms such as one or more of mobile device component, the application run in mobile device or computer and other payments Certificate form.According to one embodiment, portable agent apparatus includes the memory for being configured as storing multiple certificates.It is multiple Each in certificate is related with one in financial instruments, identity certificate or contract certificate.Portable agent apparatus also wraps Include at least one interface, wherein each in these interfaces be configured as by one of multiple certificates and an external device (ED) into Row communication is to complete one of financial function, identification function or treaty function.

According to another embodiment, a kind of system includes point of sale (POS) device, which is configured as can be from shifting Dynamic agent apparatus obtains at least one certificate, each at least one certificate and financial instruments, identity certificate or conjunction It is related with one of certificate.The system further includes process payment, which is configured as can receive and be filled from mobile agent At least one of set at least one certificate of acquisition and execute financial function, identification function or treaty function.

The various embodiments described in the disclosure may include other system, method, feature and advantage, possible nothing It must clearly disclose herein, but one check features as discussed above for those of ordinary skill in the art Just it will be apparent.It is intended to all these systems, method, feature and advantage include in this disclosure and by additional It is claimed.

Description of the drawings

The feature and component of the following drawings are illustrated the General Principle to emphasize the disclosure and need not be drawn to scale.For Consistency and clarity, individual features and component through attached drawing are specified by matching reference numeral.

Fig. 1 is the block diagram for showing the payment system according to each embodiment of the disclosure.

Fig. 2A and Fig. 2 B respectively illustrate the front view and backsight of the first payment mechanism according to each embodiment of the disclosure Figure.

Fig. 3 A and 3B respectively illustrate the front view and rearview of the second payment mechanism according to each embodiment of the disclosure.

Fig. 4 is the block diagram for showing the account associated apparatus shown in FIG. 1 according to each embodiment of the disclosure.

Fig. 5 is the block diagram for showing the user account module shown in Fig. 4 according to each embodiment of the disclosure.

Fig. 6 is the figure for the agent apparatus for showing the multiple cards of representative according to each embodiment of the disclosure.

Fig. 7 is the figure for the mobile agent device for showing the multiple devices of representative according to each embodiment of the disclosure.

Fig. 8 is the one of the agent apparatus of Fig. 6 and Fig. 7 for showing the optional certificate of permission according to each embodiment of the disclosure As purposes flow chart.

Fig. 9 is the one of the agent apparatus for showing Fig. 6 in a default mode and Fig. 7 according to each embodiment of the disclosure As purposes flow chart.

Figure 10 is the flow of the detailed method of operation for the payment system 10 for showing Fig. 1 according to each embodiment of the disclosure Figure.

Figure 11 is another detailed method of operation for the payment system 10 for showing Fig. 1 according to each embodiment of the disclosure Flow chart.

Figure 12 is the flow chart for the Financial Information sending method for showing the financial transaction according to each embodiment of the disclosure.

Figure 13 is the operating method for showing the tokenized process for user registration according to each embodiment of the disclosure Flow chart.

Figure 14 is the stream for the operating method for showing the tokenized process for registration according to each embodiment of the disclosure Cheng Tu.

Figure 15 shows the transaction flow framework according to each embodiment of the disclosure.

Figure 16-20 is the flow chart for the general view for showing the transaction flow process according to each embodiment of the disclosure.

Specific implementation mode

The present invention relates to payment mechanisms, for example, such as plastic payment cards, virtual card, wearable commerce arrangement, insertion Component in the mobile device, the application run in mobile device or computer and other payment certificates.The present invention also relates to And the system and method using payment mechanism progress financial transaction.The present invention may include viable commercial calculating service, movement Application program and website, and can implement together with the issuer for using Payment Card or other payment mechanisms as described herein. Invention introduces can be used by existing apparatus and valid certificate issuer to tackle several novel members in the form of various frauds Element.The term " valid certificate " that is used in this document indicates effective funding instrument, be possibly including, but not limited to credit card, Label account card, direct savings account, savings account, checking account, member card, Gift Card or other cards or device.

The present invention includes multi-mode payment mechanism, can be used for the various patterns for different types of financial transaction.Example Such as, payment mechanism described herein may include the various modes for completing transaction.Some patterns may include being related to being embedded in dress Those of microchip in setting pattern those of is related to those of near-field communication (NFC) component pattern, is related to magnetic stripe pattern, relating to And in online transaction input unit number and card validation value (CVV) pattern, and/or other patterns.The present invention includes novel Feature, mobile phone application and the adjoint website of deception are reduced to control the novel function of reducing fraud.In addition, online The service of calculating all can be used in mandate and settlement network service with retailer.

The current distribution practice of payment mechanism be payment mechanism all various patterns (that is, including magnetic stripe, EMV chips, NFC etc.) include user single primary account number (PAN) it is detailed, correspond directly to the actually active certificate of user.However, such as It is described in the disclosure, primary account number (PAN) is replaced by using account or token is substituted, it can be in businessman and the bank of issue Between be inserted into account associated apparatus to supply the safety of transaction, or called and be somebody's turn to do as a part for processing payment by the bank of issue Account associated apparatus.Before transaction authentication and clearing, payment mechanism system described herein is safely replaced and is used in a network The PAN at family is detailed.In this way, it is therefore prevented that the PAN details of user are leaked to businessman.

The present invention for each payment mechanism and/or each payment mechanism each pattern using it is multigroup it is different, it is anonymous and Uncertain replacement account is detailed.In the example of physical payment, one group of replacement account detail can be with one of EMV chips Or multiple pattern associations, another group can be with another pattern association of EMV chips, and another group of replacement account detail can be with NFC groups Part is associated with, and another group is used for magnetic stripe, and another group uses and another group for being manually entered in e-commerce.Using multigroup Different replacement account details can prevent cross-module formula payment fraud.

It includes identical PAN that current way, which is in EMV chips, which is included in magnetic stripe and is printed on dress It sets.When there are any one of various modes, financial transaction can be received, this makes cross-mode fraud becomes can Energy.For example, burglar may intercept EMV devices detail and generate the magnetic stripe devices of forgery.In addition, burglar may use device Data reader is collected simultaneously EMV and magnetic stripe account is detailed, and executes unwarranted e-commerce transaction.However, of the invention Identical PAN is not only restricted to for all patterns.On the contrary, the present invention substitutes account details corresponding to multiple effective using multigroup difference Certificate a, wherein different mode can be associated with by each substituting account.In this way, cross-module formula payment fraud can be prevented.

It should be noted that the payment mechanism described in the disclosure can be implemented as credit card, debit card, virtual card, can Object wearing device, Internet of Things (loT) device, embedded component and/or application, and/or other financial instruments in the mobile device.? In other embodiment, the payment mechanism described in the disclosure can be applied in other environment other than business use non- Payment mechanism.For example, non-pay device (for example, member card, mobile device and other non-financial certificates) can be applied to Other functions are using the letter of attorment as supplied for electronic authenticating identity, for health insurance purpose, driving license purpose etc., with The position of access safety, the image identification that user is provided and other purposes.In addition, can be associated with account detail is substituted Valid certificate may be payment and/or non-pay certificate, such as member's certificate, health insurance certificate and other finance or non-gold Melt certificate.

Fig. 1 is the block diagram of the one embodiment for showing payment system 10, and wherein issuer 28 issues such as to user The payment mechanism of credit or debit card.In other embodiments, user can be used other kinds of other than Payment Card Letter of attorment, such as mobile device.According to the embodiment of Fig. 1, payment system 10 includes public network 12, one or more users Device 14, one or more merchant terminal 16, one or more radio antennas 18, one or more mobile devices 20, with And account associated apparatus 24.

The businessman that term " merchant terminal " is used to be described as initiating payment provides physical terminal, website or other dresses of function It sets.Merchant terminal can be embedded into POS device, and can be " virtual " as in being handled in business web site.In addition, Merchant terminal can not be related to the background apparatus of device, card, client, businessman or cargo, such as pass through when starting for service When perseverance is paid, " merchant terminal " can represent other mechanism that POS device, businessman's on-line system and businessman possess/control To carry out various purchasing models.Merchant terminal may include using one or more types technology (for example, EMV chips, magnetic stripe, NFC, e-commerce etc.) for any merchant system of different payment modes.

Network 12 may include wide area network, internet, dedicated network and/or other public addressable networks.Moreover, network 12 may include LAN associated with each businessman.Network 12 also can be connected to one or more cellular networks of antenna 18 into Row communication.

User apparatus 14, merchant terminal 16 and antenna 18 can be connected to by one or more wired or wireless attachment devices Network 12, to realize the electronic communication between each component.Radio antenna 18 may include for communicating with mobile device 20 One or more cellular towers, orbiter or other wireless communication hubs.

Account associated apparatus 24 can be server, web page server, operation software on the server, hardware device, Or any suitable intermediate computations device, for providing various transactional services.Account associated apparatus 24 is also connected to network 26, net Network 26 is also connected to one or more issuers 28 and one or more databases 30 via wired or wireless attachment device. Network 26 can be dedicated network, LAN, Virtual Private Network (VPN) or the public network with high encryption level.Account Associated apparatus 24 can be configured to store information in database 30, which substitutes account by one or more and be directed to hair The real accounts that the user or client of row mechanism 28 are possessed.

During buying and operating, providing the user of payment mechanism to it can be by the payment mechanism for commodity or service Payment.Payment mechanism can show businessman at one of merchant terminal 16 place.It should be noted that multiple merchant terminals 16 can be associated with identical businessman, to obtain account information by various patterns.In fact, multiple merchant terminals 16 can be with businessman The single device used is associated with to obtain information at single POS device.POS device can be by using embedded in a device micro- The first mode of chip obtains information by other patterns from payment mechanism, this may relate to use NFC components on device Or magnetic stripe.In other transaction, such as online or phone trading, the device number for printing and/or imprinting on device can pass through Electronically or by the order of businessman represent input.

According to alternate embodiment, payment system 10 is alternatively configured to a kind of system for executing non-pay action. Instead of executing various functions related with finance account as disclosed herein, non-pay system can be handled other than issuer The other kinds of certificate of entity.

To substitute the valid certificate that account data value is associated with to user bright by arbitrary using database 30 for account associated apparatus 24 In thin detail.The arbitrary account data value and valid certificate detail of substituting can login what account associated apparatus 24 provided by user It is provided when service.In one embodiment, user can at any time using in one of mobile device 20 mobile application or make The network service provided via account associated apparatus 24 with a user apparatus 14 is associated with account is substituted effective to change Certificate is detailed, and user apparatus 14 can be traditional computer or web browser.The enabling of account associated apparatus 24 is replaced with multiple For the associated multiple valid certificates of account, valid certificate may be financial instruments or non-financial certificate.In one embodiment, Account associated apparatus 24 is so that the valid certificate from issuer 28 is associated with multiple replacement accounts.In one embodiment In, account associated apparatus 24 is so that valid certificate and multiple replacements from issuer 28 and other finance or non-financial institution Account is associated.

Account associated apparatus 24 is deployed in payment system 10 so that is shown by one of merchant terminal 16 by businessman All Activity is received by account associated apparatus 24, these transaction for for multiple replacement accounts for representing on each device it One authorizes.Account associated apparatus 24, which uses, may customize regulation engine by multiple replacement accounts and one or more user's valid certificates Associated, the customizable regulation engine is to including but not limited to the one or more true sensitive of current transaction data.It is current to hand over Easy data may include but be not limited to such as businessman's class code, Merchant ID, trading volume, substitute account, service code, equipment safety Code etc..

Account associated apparatus 24 can also access data by database 30, these data include but not limited to be replaced for specific It merchandises, for same for the previous transaction of account displaying, for the previous of another replacement account of same user-association displaying The geographical location of the leading mobile telephone of user when previously merchandising, merchandising of the other users of businessman or merchant location is demonstrated. The determination in geographical location can be for example, by global positioning system (GPS) and such as Wi-Fi^TM、Bluetooth^TM, bluetooth low energy Beacon, Zigbee^TM、Z-wave^TMOr the distance for the radio signal of these and other position sensing factor arbitrarily combined.It replaces It can be associated with valid certificate for account, unless otherwise association, otherwise their own does not have remaining sum or set credit, and cannot For settling accounts any transaction.

Payment system 10 can be used for providing safety for the use of payment mechanism.Payment system 10 may include being connected to public First merchant terminal 16 of network 12, wherein the first merchant terminal 16 is configured to from the payment mechanism possessed with user associated The first detail for substituting account is obtained in one group information.Payment system 10 may include that the second businessman for being connected to public network 12 is whole End 16, wherein the second merchant terminal 16 is configured to obtain the second replacement account from associated second group information of payment mechanism It is detailed.In this embodiment, payment system 10 further includes being connected to the account associated apparatus 24 of public network 12.Account association dress 24 are set to be configured to receive the first and second details for substituting account from the first and second merchant terminals 16 respectively.Account associated apparatus 24 be further configured to by first and second substitute accounts it is associated with the valid certificate for belonging to user.Account associated apparatus 24 is also The financial transaction between issuer 28 and the first and second merchant terminals 16 is managed, user preserves effective card from issuer 28 Book.Again, it should be noted that the first group information is preferably different from the second group information.

Payment system 10 may also include the third merchant terminal 16 for being connected to public network 12, wherein third merchant terminal 16 Can be configured to from third and preferably from detail that third replacement account is obtained in associated different groups of the information of payment mechanism.? In some embodiments, the first group information is obtained from the microchip on payment mechanism, and the second group information, which is obtained from, is embedded in payment dress NFC components in setting, the magnetic stripe and the 4th group information that third group information is obtained from payment mechanism be obtained from printing and/or The card number being stamped on payment mechanism.First, second, third, fourth information organized with other can be generated by issuer.These Certain in group information are manually entered in merchant terminal.

Alternate embodiment includes payment system 10, and wherein payment mechanism does not print and/or imprint account number.Moreover, payment Device may not have magnetic stripe or other patterns.In this case, user can use payment mechanism only at merchant terminal, only Use remaining pattern on microchip and/or NFC components or device.

Different groups of account detail can be sent to user to carry out online or phone trading.Can by computer (for example, User apparatus 14) and/or via mobile device 20 by different groups of detailed mailing, send Email or photos and sending messages to user.

In some embodiments, it may be incorporated into payment system 10 with the mobile device of user-association 20.In merchant terminal 16 One of be configurable to carry out online transaction online merchants' device, and mobile device 20 can be configured to storage, inspection One or the calculating dynamic card verification value (d-CVV) that rope is generated from account associated apparatus 24, are sent to or are manually entered To online merchants' device.In some cases, one or more merchant terminals 16 can be embedded in point of sale (POS) device.

It is configured so that family can be managed via account associated apparatus 24 with the user apparatus 14 of user-association and substitutes account And valid certificate.Account associated apparatus 24 is configured so that family can input register information, monitoring substitutes the activity of account, enables If the one or more patterns being traded with payment mechanism with disabling, payment mechanism lose or be stolen if just alarm and Information related with various valid certificates is provided.For example, account associated apparatus 24 can be provided including one or more webpages Website so that user can use user apparatus 14 browse the website.

Fig. 2A and 2B shows the payment mechanism 36 according to the first kind of various embodiments of the present invention.Fig. 2A shows payment The front 38 of device 36, and Fig. 2 B show the back side 40 of payment mechanism 36.Payment mechanism 36 can include hair on its front 38 Title 42, microchip 44, device number 46, customer name 48 and the Expiration Date 50 of row mechanism 28.In some embodiments, device Number 46 can be stamped on payment mechanism 36.In addition, the back side 40 of payment mechanism 36 may include magnetic stripe 52, signature boxes 54 and card Validation value (CVV) 56.Payment mechanism 36 can further comprise the NFC components being possibly embedded under the surface of payment mechanism 36, For realizing contactless transaction.

In one embodiment, payment mechanism 36 can be by the bank of issue according to one of several global brand payment networks Distribution rule distribution plastics EMV chip cards.Payment mechanism 36 includes configuration and personalization so that it can be in any support It is used at the businessman POS of EMV.

However, the account detail included in microchip 44 or other patterns is not the account detail of primary account number, but The arbitrary value generated by issuer.Account detail is referred to herein as " it is detailed to substitute account ".Account detail is substituted to be used as The substitute of valid certificate, but any specific user cannot be identified.And refer to the replacement account generated by issuer, but not with Any specific valid certificate is associated.

In the embodiment of fig. 2, microchip 44 and magnetic stripe 52 include to pay a bill for two different different branch for substituting account Family number, Expiration Date and other token accounts are detailed.In brief, microchip 44 and magnetic stripe 52 seem to represent entirely different branch It pays a bill family.The transaction executed using microchip 44 at the businessman for supporting EMV will include and use magnetic stripe on same device 36 The different account of merchandising executed at 52 businessman is detailed.In addition, NFC transaction can be used and EMV enabling modes and magnetic stripe pattern Different payment accounts is detailed.

In one embodiment, issuer 28 replaces to what customer's offer used in e-commerce and phone business transaction For account detail so that the detail is detailed different from the replacement account of microchip 44 or magnetic stripe 52.It is understood that can also make With the electronics and telephone communication of fax, Email and other forms.It is recordable in it will also be appreciated that substituting account detail On mail-order list by posting the transaction carried out.Depending on different embodiments, e-commerce, which substitutes account detail, to print Or be stamped on payment mechanism 36 but be provided independently to user, or also can print or be stamped on payment mechanism.

Fig. 3 A and 3B show second of payment mechanism 60 according to various embodiments of the present invention.Fig. 3 A show payment mechanism 60 front 62, and Fig. 3 B show the back side 64 of payment mechanism 60.Payment mechanism 60 can include issuing machine on its front 62 The title 66 and microchip 68 of structure.It should be noted that payment mechanism 60 not may typically appear on conventional payment device Device number and address name.The back side 64 of payment mechanism 60 can be blank, or can include simply issuer Title and address.Therefore the not traditional magnetic stripe in the back side 64 and CVV numbers.The no preprinted account of payment mechanism 60, The account data of coining, the data that expire, address name or other account datas.By keeping device anonymous and can not including the mankind The account of reading can prevent account data to be stolen easily from the front and back of device.

Currently, Visa^TMAnd MasterCard^TMContain the card and other devices issued by agreement according to its franchise operation Regulation, it is desirable that the name and account of user are shown on device.Therefore, the embodiment of Fig. 3 does not follow these current rules.Although In this way, payment mechanism 60 of the present invention can disclose carrying in the case of no loss or stolen risk, because of user Name and account are unable to vision retrieval.For online, mail-order, phone and similar transaction, can safely be stored up in user family Hide an individual device or electronic document.

In some embodiments, payment mechanism 36,60 can be formed by plastic base (" card ").First assembly is (for example, micro- core Piece 44) it may be incorporated into the plastic base on card shown in Fig. 2 and 3.First assembly can be configured to provide the valid certificate with user Associated first substitutes the detail of account.The Payment Card 36 of Fig. 2 may also include the add-on assemble being incorporated in plastic base.Additional group Part is configured to provide for the detail with other associated substitution accounts of the valid certificate of user.It includes being different from that first, which substitutes account, Second substitutes account detail and also different from the every other detail for substituting account.By first, second or other replacement accounts At least one of family is supplied to businessman's (such as using merchant terminal 16) to carry out financial transaction with businessman.

Businessman is configured to that at least one replacement account detail is transmitted to account associated apparatus 24 via network 12.Account is closed Coupling device 24 be configured at least one replacement account is associated with one of the valid certificate of user, and wherein account association dress It sets 24 and is further configured to management and the associated issuer 28 of the major financial account of user and businessman associated with businessman Financial transaction between terminal 16.

According to some embodiments, the payment mechanism 36 of Fig. 2 can further comprise the other component (example being incorporated in plastic base Such as, device number 46).Device number can be printed and/or is stamped on plastic base.In alternative embodiments, payment dress At least one of printing or coining account number, magnetic stripe and/or other patterns can be lacked by setting (for example, Payment Card 60).

First, second and the detailed of other replacement accounts can be by point of sale (POS) device of such as merchant terminal 16 from the One, second and additional assemblies in read.In order to carry out financial transaction, some embodiments may include using the shifting with user-association Dynamic device 20.

Fig. 4 is the block diagram of the one embodiment for showing account associated apparatus 24 shown in FIG. 1.In the fig. 4 embodiment, Account associated apparatus 24 connects including security module 74, one or more webpages 76, user account module 78, one or more networks Mouth 80 and transaction authentication module 82.One or more network interfaces 80 are configured to enable the communication on the first public network 12 simultaneously And also enable the communication on network 26.User account module 78 allows user or customer to execute and finance account and payment mechanism 36,60 related multiple and different actions how to be used.User account module 78 is more fully described below with reference to Fig. 5.

Security module 74 may include the random number generator for generating interim dynamic card verification value (d-CVV).d-CVV It can be transmitted to mobile device.And security module 74 may include drawing for encrypting the encryption for the data transmitted by public network 12 It holds up.Account associated apparatus 24 can be configured to a network server, and one or more users is allowed to access from webpage 76 Information simultaneously establishes secure connection to realize the transmission of sensitive data (such as user information, device number etc.).Transaction authentication module 82 are configured so that payment mechanism 36,60 carrys out certification financial transaction.

In one embodiment, it is encrypted by using the encryption key that can be provided by security module 74 to protect token Account is detailed.In one embodiment, encryption key is derived from the password that user creates.On the contrary, in another embodiment, encryption Key can be dependent on other data, the including but not limited to identity of mobile device 20, the security module 74 of account associated apparatus 24 The country of known user identity number, user's registration calculating service, the master key controlled by the biological identification of user, such as The biological rhythm pattern of fingerprint, iris scan, face or speech recognition or the one or more body rhythms of matching, the body The rhythm and pace of moving things includes but not limited to pulse frequency, epidermis conductivity, iris size, blink rate, electroencephalogram, electrocardiogram or biological as individual Label is independent or combines the other factors considered.

Common plastics card can be printed on the CVV of individual three or four in the back or front of card.E-business network It stands and often requires that the numerical value now to ensure that user possesses the card.But since CVV is the short codes being imprinted on card, so being easy to It is stolen with together with Account Data.Therefore, using can be generated by security module 74 in transaction and be only applicable to once to merchandise Dynamic CVV (d-CVV) can prevent this theft form.In some embodiments, the d-CVV generated is not just in primary Transaction, but can be applied to the associated multiple transaction of specific merchant, or can according to other standards using multiple, such as certain A date range, a few days in one week, businessman's area code, purchase classification etc..According to some embodiments, in the shifting with user-association The mobile application run on dynamic device 20 can be configured to retrieve d-CVV on demand.In another embodiment, with user-association The mobile application run in mobile device 20 can be configured to generate d-CVV on demand.Alternatively, when mobile device 20 is unavailable When, the website provided by account associated apparatus 24 is provided.Therefore, in this case, account associated apparatus 24, which produces, is somebody's turn to do d-CVV。

Other than the use during financial transaction, payment system 10 is also alternatively applied to non-pay purposes.For example, Payment system 10 may be used in token or alternate identifier replaces some form of identifier.These identifiers may include society Security number (in the U.S.), publilc health identification number, member plan, other forms account number, wherein can be deposited using true number In the risk of leakage, identity theft or other frauds.

Account associated apparatus 24 can also be found using to provide the limited transaction access to protected record group, such as medical treatment Record request, laboratory result, credit inquiry, profession license, commercial license and the identification account issued using government or enterprise Number other forms relying party inquiry.

Payment system 10 can be additionally used in the transaction of some non-pay purposes, including driving license, border control file, building Card and Gift Card are accessed with resource.In this embodiment, the one or more of non-pay purposes can be used in payment mechanism 36,60 Pattern, while one or more patterns of payment transaction still can be used, which uses individually replacement for different mode Account is detailed.

In some embodiments, account associated apparatus 24 may include at least one network interface 80, which matches It is set to and communicates with multiple merchant terminals 16 via the first public network 12 and communicated with issuer 28 via network 26.Example Such as, issuer 28 can be the bank that payment mechanism 36,60 is issued to user.Account associated apparatus 24, which may also include transaction, to be recognized Module 82 is demonstrate,proved, which is configured as replacing based on the payment mechanism 36,60 associated first by with user possessing Obtain for the first merchant terminal of account first group it is detailed, for the first merchant terminal certification first in multiple merchant terminals 16 Financial transaction.Transaction authentication module 82 can be further configured as based on the payment mechanism 36,60 by possessing with user associated Second group of different detail that two the second merchant terminals for substituting accounts obtain, for the second businessman in multiple merchant terminals 16 it is whole Hold the second financial transaction of certification.

Transaction authentication module 82 can be further configured to determine whether the replacement account corresponds to validated user certificate.Transaction Authentication module 82 can be further configured to be used to determine whether the replacement account detail received corresponds to expected payment mechanism Pattern replacement account it is detailed.Transaction authentication module 82 is further configured to management issuer 28 and the first and second businessmans Financial transaction between terminal 16.Transaction authentication module 82 is further configured to based on the payment mechanism 36,60 possessed with user Other associated other merchant terminals for substituting accounts of main account obtain other groups it is detailed, for its in multiple merchant terminals 16 Other financial transactions of his merchant terminal certification.First group of detail can be obtained from the microchip 44 on payment mechanism 36,60, second group Detail can be obtained from the magnetic stripe 52 on payment mechanism 36, and third group detail can be obtained from payment mechanism 36 and print and/or press The coding of accounts 46 of print.

Network interface 80 can be further configured for via the remote-control device of network 12 and user-association (for example, user apparatus 14 or mobile device 20) communication.Network interface 80 can be further configured to receive instruction so that user from remote-control device 14,20 Can manage with payment mechanism 36,60 associated main accounts, wherein management main account include at least one of the following：Input note Volume information 86, monitor main account activity 94, enable and disable one or more trade modes 90 carried out by payment mechanism, Report payment mechanism has been lost or has been stolen 92 and provides information related with the first and second replacement accounts 88.

Fig. 5 is the block diagram of the one embodiment for showing user account module 78 shown in Fig. 4.In this embodiment, it uses Family account module 78 includes registration module 86, supply module 88, enables module 90, reporting modules 92 and monitoring module 94.User It may be used at the mobile application run in the mobile device 20 of user or is accessed by account by using the user apparatus 14 of user The website that family associated apparatus 24 provides accesses user account module 78.

User account module 78 allows users to create and management rule, account associated apparatus 24 represent user's execution and be somebody's turn to do Rule.Such rule can be to one or more true sensitive known to user, including but not limited to payoff, Merchant ID, friendship The local zone time encoded and when date, transaction between the registered location and the geographical location of user's mobile device of businessman in easy message Distance, transaction local currency, transaction initiate country, businessman set up country, transaction whether be rendered as magnetic stripe transaction, EMV transaction or e-commerce, phone mailorder transaction and user authentication method, such as one or more of following methods It is a but be not limited to, by personal identification number (PIN) code be input to businessman's POS terminal, signature receipt, by Password Input mobile device, And fingerprint or other biological recognition methods.

Registration module 86 can be arranged so that user (wherein, it is particularly possible to be holder, valid certificate holder or distribution The individual that mechanism suitably ratifies) registrable other substitute accounts and other valid certificates.Module 90 is enabled to can be used for allowing user It is potentially based on the various uses of various standards participations according to user, enables or disables the certain patterns or type of transaction, Huo Zheyun Family allowable voluntarily enables or disables particular transaction before certification.Module 90 is enabled to can be used for allowing user in several scenes or mark It selects in standard and pays the bill for which valid certificate.If if payment mechanism 36,60 is lost or is stolen, reporting modules 92 allow user Report.One embodiment of reporting modules 92 may make account associated apparatus 24 can to user or issuer 28 manually or from Dynamic report relevant information, including all potential fraudulent activities substituted on account detail and/or payment mechanism of report.Monitoring module 94 permission users check previous transaction to monitor all activities of the device.

The replacement account that supply module 88 allows user to distinguish multiple and different groups respectively is detailed.

Traditional device publishing system may be assumed that certain data elements microchip, magnetic stripe and printing/coining account number it Between share.However, allowing usually to provide these using the data element detached with conventional equipment publishing system on the contrary, supply module 88 Each in pattern and other element and/or pattern.Supply module 88 is configured to identify these multiple and different groups respectively Replacement account data, be storable in the common supply data file transmitted during card or device provisioning step.

If payment mechanism 36,60 is lost or is stolen, user may suffer from the use of unwarranted payment mechanism.So And although can be carried out using NFC function in some cost threshold value (such as 100 dollars) limit in some national burglars Purchase, but burglar can not usually use the EMV functions of the device in the case of PIN code of not user, which can be with It is inputted during using the supply process of supply module 88.Moreover, because the different accounts of the individual trade mode are detailed, quilt It steals device and cannot be used for electronics or phone trading.

Supply module 88 can further comprise receiving the user identity information not being printed on payment mechanism 36,60.According to Some embodiments, supply module 88 can by transaction when require show user's mobile device 20, by use payment mechanism 36,60 User is arranged uses rule.In addition, the mobile application of mobile device 20 can also be used for preventing to be reported by reporting modules 92 immediately The transaction of stolen stolen device.Except non-user uses the mobile application in mobile device 20 to unlock every time, otherwise user account Module 78 can configure its rule to prevent the magnetic stripe from merchandising.Later approach will be effectively prevented using personation magnetic stripe devices.With Family account module 78 can also configure its rule to prevent the transaction from any and all different modes, or prevent to meet certain The transaction of standard, except non-user unlocks these transaction every time.

In one embodiment, a mobile application can be used in the main mobile device 20 of user.The movement can be used in user Be registered in account associated apparatus 24 using account or valid certificate is substituted by one, control valid certificate supply or with confession One or more associations for substituting account detail of payment mechanism should be given.The mobile application also allows user for by plastics The transaction of any replacement account displaying on payment mechanism enables or disables mandate, and report payment mechanism is lost or is stolen, and Report sensitivity or other of high value or high-risk transactions authentication factor.

Mobile device 20 can also store that substitute account detailed in memory, substitute account details can merchandise with " having card " and " no card " transaction is associated.These substitute account detail and are storable in memory, and can be by defeated to mobile device 20 Enter password and/or another authentication factor is re-called by user.As the means for being interacted with e-commerce website, movement is answered With e-commerce is safely preserved, to substitute account detailed, and carried out with password, bio-identification and/or other factors it is appropriate User is displayed them to when certification.In another embodiment, substitute account detail by account associated apparatus 24 transmit and by Mobile device 20 receives, then can be from user by inputting password and/or by another authentication factor by again to mobile device 20 It calls.

Fig. 6 shows the example for the agent apparatus 100 for being configured to represent multiple valid certificate 102a, 102b ..., 102n. The detail of each valid certificate 102a, 102b ..., 102n are incorporated into single agent apparatus 100, and then can use should Single agent apparatus 100 replaces any valid certificate 102a, 102b ..., 102n.Valid certificate 102 can be credit card, Debit card, accumulating card, member card, identity card, health insurance cards, Gift Card and including account information, identity information and other Other cards of categorical data.During use, the user for getting single agent apparatus 100 can select any a set of valid certificate Carry out normal use, just looks like as illustrating actually active certificate 102.In some embodiments, agent apparatus 100 may include one A or multiple microchips, one or more contactless circuit (such as NFC circuit), magnetic stripe, printing and/or coining replacement account Number, and/or CVV codes.Agent apparatus 100 may also include the printing information of identity user, the name and contact details of such as user.

Fig. 7 shows an example of mobile agent device 104, can be configured to represent as described above any amount of Valid certificate 102a, 102b ..., 102n.It is configured not in the form of credit card, mobile agent device 104 can be instead configured to Mobile phone, smart phone, tablet computer, wearable mobile device or another suitable processor-based mobile device.? In some embodiments, mobile agent device 104 may include downloading to existing mobile phone, smart phone, tablet computer, wearable Software among mobile device etc. and/or firmware.During use, mobile agent device 104 can be on the reader for supporting NFC Tapping is otherwise used according to the other methods described in the disclosure.

Fig. 8 is the flow chart of the one embodiment for showing the method 110 for enabling the transaction more than predetermined threshold.For example, The threshold value can by user or by issuer based on preference or based on user the pre-defined rule of financial stability establish.? In one example, which may be configured as 100 dollars.Therefore, any pending financial transaction more than 100 dollars will execute Fig. 8 Method.

In operation, in agent apparatus (such as proxy card 100 or mobile agent device 104) and reading associated with businessman It takes and executes read step (1) between device 112.Reader 112 can be one embodiment of merchant terminal 16 shown in FIG. 1.It reads Step (1) is taken to be related to giving agent apparatus 100,104 to cashier or client oneself and use agent apparatus 100,104.Agency Device 100,104 is brushed past the magnetic stripe sensor of reader 112, is touched, is inserted into the NFC sensor of reader 112 To being operable so that in the chip slot of reader 112 or otherwise reader 112 and can read be stored in agent apparatus 100, the Financial Information in 104.

In step (2), with agent apparatus 100,104 associated bank identification numbers (BIN) are sent to payment processing Device 114, process payment 114 can be third party's representatives, for handle and the various credits of the associated merchant bank of businessman and Debit transaction.For example, process payment 114 can be the suitable processor for handling single card or agent apparatus.In step Suddenly in (3), mandate is executed comprising payment processor 114 marks user-pay with by 116 (such as padloc of authorization module^TMOr Another authorization module) it is authorized.Transaction details are sent to authorization module 116, and authorization module 116 may include being downloaded to Application in the mobile device 20 of user.In some embodiments, mobile device 20 can be identical as mobile agent device 104 Device, both be used for initiate transaction (step (1)) be also used for receive authorize (step (3)).

The step of method 110 (4) include communicated with user it is multiple to being represented by single agent apparatus 100,104 to receive The selection of one of valid certificate 102.Authorization module 116 receive user selection and complete transaction needed for any PIN code or Other safety codes.In step (5), authorization module 116 includes that selected certificate is safely retrieved from certificate selection database 118 Detail.

In step (6), the payment information with BIN codes is sent to the issuer of selected card by authorization module 116.Branch Processor 114 is paid to receive payment information and BIN codes information and send that information to issuer appropriate to handle payment (step Suddenly (7)).

Fig. 9 is the flow for another embodiment for showing the method 120 for enabling the transaction less than the predetermined threshold described in Fig. 8 Figure.100 dollars of above-mentioned example is set as according to wherein threshold value, any pending financial transaction for being less than 100 dollars will execute Fig. 9 Method.In this embodiment, when transaction is less than the threshold value, valid certificate to be used can be pre-selected in user.With this Mode can simplify smaller transaction, without some additional steps described in Fig. 8.

Device shown in Fig. 9 can be identical as the device in Fig. 8.Moreover, the step of Fig. 9 (1) and (2) are identical as Fig. 8, this In be not repeated.However, step (3) is related to sending identified user's payment preferences, and from certificate selection database 118 Retrieve the valid certificate selected.Step (4) includes being sent with BIN codes for the issuer for the valid certificate being pre-selected Payment information is sent to process payment 114.Step (5) includes the processed as usual payment.

Figure 10 shows one embodiment of the method 130 of operations according to the instant invention.User using proxy card 100 (or Mobile agent device 104) it is traded at point of sale (POS) device 132.The transmission of POS device 132 meets at least one finance The encrypted financial message of transaction criteria, the financial transaction standard include such as ISO 8583, ISO 20022 and AS 2805.Quotient Family's acquirer 134 receives the encryption message, which can be configured to decryption message and to pay interchanger The 136 re-encrypteds message, payment interchanger 136 can be configured to handle the encrypted and/or tokenized financial transaction message. Encrypted financial transaction message is storable in encrypting database 138.

Payment interchanger 136 is configured to the original encryption message from businessman's acquirer 134 being forwarded to transactional services The transaction library of device 142 is tokenized to carry out.The transaction library of trading server 142 is decrypted origination message and this is tokenized Message send back payment interchanger 136.Trading rules engine 140 can be configured to act on behalf of exchange of token as target certificate order Board.Moreover, trading rules engine 140 can be configured to edit rule as needed.

Then the token of selected valid certificate and requested transaction editor is supplied to transaction by payment interchanger 136 The transaction guardian 146 of server 142.Transaction guardian 146 and transaction refusal rule are used to proof rule with to submission Permission, refusal or other actions are taken in transaction.If the transaction is allowed to, the guardian 146 that merchandises will be former according to editor's rule Beginning message transmission is to target spoke.The transaction library of trading server 142 will encrypt and edited transaction message returns to payment Interchanger 136.Then, payment interchanger 136 encrypts the message and encrypted message is sent to businessman's acquirer 134.

Figure 11 is for safely storing valid certificate and can be via one of the method 160 that agent apparatus accesses The flow chart of embodiment.Method 160 includes using agent apparatus (proxy card 100 or mobile agent device 104) by valid certificate Detail is loaded into the data storage 162 of account associated apparatus 24.Valid certificate detail can be used magnetic brush reading manner obtain or Any other mode is obtained from other patterns of payment mechanism substitutes account detail.It will replacement associated with used pattern Account detail is sent to certificate management device 164.Certificate management device 164 is configured to encrypted brushing card data being sent to distribution The certificate device 180 of the certificate transfer device 174 of mechanism 172.

Payment interchanger 166 exchanges inbound data 168, and and certificate with the tokenized device 176 of certificate transfer device 174 The decryption device 178 of transfer device 174 exchanges outbound data 170.Certificate transfer device 174 also by encrypted certificate data with The data storage 186 that encrypted form stores data exchanges.The decryption that certificate transfer device 174 will also be decrypted by decryption device 178 Certificate is exchanged with certificate data storage 182.Key from cipher key cache 184 is supplied to certificate transfer device 174.Key can Including pane (pod) particular certificate data storage key, the tokenized key of derivation and (swiper) key of swiping the card.High speed is deposited Reservoir HSM188 provides key of swiping the card, per the order of pane CMAC, pane particular memory key and derivation to cipher key cache 184 Board key.

Figure 12 is the Financial Information sending method 196 of financial transaction.198 upstream channels 200 of acquirer send ISO 8583 message or other type of messages.Upstream channel 200 sends 20022 message of ISO (specification) to interchanger 202.Interchanger 202 are sent to PAN and outdated information the tokenized pane 204 of account associated apparatus 24.Tokenized pane 204 is by PAN and order Board sends back to interchanger 202.ISO 20022 (white list key) is then sent to account associated apparatus 24 by interchanger 202 Map pane 206.Mapping pane 206 compares the mapping and mapping action is sent back interchanger 202, and then interchanger 202 is answered It is acted with the mapping.Then the PAN tokens of mapping are sent to the decryption pane 208 of account associated apparatus 24 by interchanger 202.Solution Then the certificate data of decryption is sent back to interchanger 202 by close pane 208.

Several steps next in some embodiments can be optional, and can be related to when related to atom ID And daily record sending function.20022 message of the mapping for having mapped and having killed virus are sent to account associated apparatus 24 by interchanger 202 Daily record pane 210.Daily record pane 210 will confirm that message send back to interchanger 202.Then interchanger 202 disappears the 20022 of mapping Breath is sent to downstream channel 212.Then 8583 message of mapping or other type of messages are sent to issuing machine by downstream channel 212 Structure 214.

Issuer 214 will send back downstream channel 212 to the response of ISO8583 message or other type of messages.Downstream Channel 212 sends 20022 message of response to interchanger 202, the inverse transformation of the mapping of interchanger 202 and then application cache.

Next several steps can also be optional, and can relate to daily record when related to atom ID and send work( Energy.As described above, 20022 message of the mapping for having mapped and having killed virus are sent to daily record pane 210, and day by interchanger 202 Will pane 210 is responded by confirmation signal.In this embodiment, then 20022 message are sent to by interchanger 202 Channel 200 is swum, and 8583 message or other type of messages are sent to acquirer 198 by upstream channel 200.

Figure 13 is the method 220 of the operation of the tokenized process for user registration.User 222 uses card reader 224, connects Be connected to mobile device 228 swipes the card attachment 226, and/or mobile device 229 to obtain effective certificate.Encrypted card information quilt It is sent to network service 230, such as account associated apparatus 24.Network service 232 includes registration application programming interfaces (API) 234 With token device 236.Registering API 234 allows user's registration one or more certificate with by certificate and agent apparatus 100,104 phases Association.Token is distributed to certificate by token device 236.The certificate and token registered are stored in database 238, such as Fig. 1 institutes In the database 30 shown.Moreover, switching cache 240 can be used for the mapping storage of token to respective certificate.

Figure 14 shows the operating method 250 of the tokenized process for registration.User 252 can pass through financial institution or hair Row mechanism 254 creates an account.In registration process, customer data is safely sent 256 from issuer 254 and is associated with to account Device 258 or other network servers.Account associated apparatus 258 can correspond to account associated apparatus 24 shown in FIG. 1, it includes Register API 260 and token device 262.Registration and token data are stored in database 264 and switching cache 266.

Figure 15 is transaction flow schematic diagram.In the first embodiment of the flow, first businessman of the user in multiple businessmans Payment mechanism 100 is shown at 302.First businessman 302 initiates payment using the first account detail from user's payment mechanism 100 Transaction, and the financial transaction is sent to acquirer 306.Financial transaction is sent to issuer's processing by acquirer 306 Device 310.Financial transaction optionally operational version 308 can be sent to issuer's processor 310 by acquirer 306.Hair Financial transaction is sent to account associated apparatus 312 by row facility processor 310, and account associated apparatus 312 substitutes account by first Detail is mapped to the first valid certificate and financial transaction is sent to the issuer of the first valid certificate 316.Account association dress Set 312 optionally can be sent to scheme 314 by financial transaction, and financial transaction is then sent to the first valid certificate by the latter 316 issuer.Response from issuer 316 is along reverse path until businessman 302.Second in the flow implements In example, user shows payment mechanism 104 at the first businessman 302 in multiple businessmans.Second businessman 304 uses from user's branch The the second account detail for paying device 104 initiates payment transaction, and the financial transaction is sent to non-buddy's acquirer 320.It is non- Financial transaction is sent to issuer's processor 310 by 320 operational version 308 of partner's acquirer.Issuer's processor 310 Financial transaction is sent to account associated apparatus 312, the second account detail is mapped to second and effectively demonstrate,proved by account associated apparatus 312 Book and the issuer that financial transaction is sent to the second valid certificate 316.SecureOne solutions 312 can be optionally Financial transaction is sent to scheme 314, financial transaction is then sent to the issuer of the second valid certificate 316 by scheme 314. Response from issuer 316 is along reverse path until businessman 304.

If transaction is carried out between those of the represented affiliate's acquirers of such as businessman A 302, account is closed Coupling device 312 exchanges certificate as partner's acquirer 306.Transaction is routed to issuer 316 simultaneously by partner's acquirer 306 As usual the transaction is settled accounts.Account associated apparatus 312 is configured to record All Activity activity.

When transaction, which is carried out at, those of such as to be represented by businessman B 304 between non-buddy's acquirer, non-buddy receives single Transaction is routed to partner's acquirer of such as acquirer 306 by mechanism 320.Account associated apparatus 312 is received single as partner Mechanism exchanges certificate and records transaction.In this case, it is possible to be applicable in second level interchange fee.

Therefore, account associated apparatus 312 can be configured to exchange certificate data, collect transaction data and settlement bargain.Account The process that family associated apparatus 312 can also carry out user policy, verification user is required to occur in transaction and can be cheated in identification Involved in consumer, issuer 316,322 and/or its other party.

Figure 16-20 is the flow chart for showing transaction flow process general view.Figure 16 can be one kind for being traded Conventional method 330.In this example, holder 332 or user are bought using agent apparatus 100,104 with businessman 334. Businessman 334 obtains Transaction Information, such as the first account information, and creates authorization requests.It is single that businessman 334 passes it to receipts Mechanism 336.Then the authorization requests are passed to the program or interchanger 338, the program or interchanger 338 by acquirer 336 Then the authorization requests are sent to issuer 340.Issuer 340 uses the mandate that businessman is sent to by reverse path It responds, respond the authorization requests from businessman 334.

In fig. 17, the method 330 of Figure 16 includes account associated apparatus 352, can correspond to account shown in Fig. 1 and closes Coupling device 24.Account associated apparatus 352 may include acting on behalf of translating equipment 354.In this embodiment, issuer 340 is both One account detail is also the issuer of the first valid certificate detail.Transaction as described in Figure 16 in the usual manner into Row, the difference is that scheme/interchanger 338 sends authorization requests to account associated apparatus 352.

First authorization requests are placed in hold mode by account associated apparatus 352.It acts on behalf of translating equipment 354 and analyzes consumer's rule Then the first account detail is mapped to replacement valid certificate.Account associated apparatus 352 creates the second authorization requests, and (it can be New financial transaction or directly to the API Calls of issuer), and account associated apparatus 352 sends the second authorization requests To issuer 340.

Issuer 340 handles the second authorization requests and sends response.Account associated apparatus 352 uses the second authorization response The response is sent to businessman 334 by request to create the response to the first authorization requests.

Method 360 is identical as the method 350 of Figure 17 in figure 18, the difference is that issuer (agency) in this embodiment 362 be the issuer of the first account detail and issuer's (certificate) 366 is the issuer of the first valid certificate detail. In method 360, transaction flow is identical as method 350, the difference is that the second authorization requests are sent to by account associated apparatus 352 Second authorization requests are sent to issuer's (certificate) 366 by scheme/interchanger 364, wherein scheme/interchanger 364.

Issuer's (certificate) 366 handles the second authorization requests and sends response.Account associated apparatus 352 is awarded using second Respond request is weighed to create the response to the first authorization requests, and the response is sent to businessman.

Method 370 is identical as the method 350 of Figure 17 in Figure 19, the difference is that third party's token pool in this embodiment 372 are included in transaction flow.In this embodiment, card holder 332 can store the first account of tokenized replacement on it The device of family detail.Businessman creates the first authorization requests for including tokenized replacement the first account detail, and with Figure 17's First authorization requests are sent to scheme/interchanger by the same way that method 350 describes.However, in method 370, scheme/friendship It changes planes and 338 tokenized replacement the first account detail is sent to third party's token pool 372, which translates into token Tokenized the first account of replacement is detailed and goes tokenized replacement the first account detail to be sent to scheme/interchanger this. Then this is gone tokenized replacement the first account detail to be sent to account associated apparatus 352 by scheme/interchanger.Receiving this After response, account association device 352 handles the response in a manner of described in method 350.

Method 380 is identical as the method 370 of Figure 20 in fig. 20, the difference is that in this embodiment, issuer's (generation Reason) 362 be the first account detail issuer and issuer's (certificate) 366 be the first valid certificate detail issuing machine Structure.In method 380, transaction flow is identical as method 370, the difference is that account associated apparatus 352 sends out the second authorization requests Second authorization requests are sent to issuer's (certificate) 366 by the scheme of giving/interchanger 364, scheme/interchanger 364.Issuing machine Structure (certificate) 366 handles the second authorization requests and sends response.Account associated apparatus 352 is created using the request of the second authorization response Response to the first authorization requests, and the response is sent to businessman in such a way that method 370 describes.

Each embodiment described herein indicates a variety of possible realization methods and example, and is not intended to and limits the disclosure It is made as any particular implementation.On the contrary, as one of ordinary skill will be understood, can to these embodiments into Row various modifications.Any such modification is intended to be included in spirit and scope of the present disclosure.

Claims

1. a kind of portable agent apparatus, including：

Memory is configured to store multiple certificates, each in the multiple certificate belongs to financial instruments, identity certificate or conjunction With one of certificate；And

At least one interface, each at least one interface are configured to one of the multiple certificate being sent to outside Device is to complete one of financial function, identification function or treaty function.

2. portable agent apparatus according to claim 1, further comprises the plastic shell made with the form of card, Described in memory and at least one interface be arranged in the plastic casing or be arranged on the plastic casing.

3. portable agent apparatus according to claim 1, further comprises mobile device, wherein the memory and extremely A few interface is arranged in the mobile device or is arranged in the mobile device.

4. portable agent apparatus according to claim 1, further comprises processing unit, be configured to it is described just The relevant configurable rule of usage of formula agent apparatus is taken to select one of the multiple certificate.

5. portable agent apparatus according to claim 4, wherein the configurable rule is filled by the portable agency At least one of the user set and issuer predefine.

6. portable agent apparatus according to claim 5, wherein the configurable rule is by computer based service Device is generated using the web browser in mobile device or computer.

7. portable agent apparatus according to claim 5, wherein the configurable rule with the issuer by closing The operator of connection generates.

8. portable agent apparatus according to claim 4, wherein the configurable rule depends on the portable generation Manage the calculating position of device.

9. portable agent apparatus according to claim 4, wherein the configurable rule includes based on ongoing The type of the constraint of the context of the type of function, the function is selected from the financial function, identification function and treaty function It selects.

10. a kind of system, including：

Point of sale (POS) device is configured to obtain at least one certificate from mobile agent device, at least one certificate Each belongs to one of financial instruments, identity certificate or contract certificate；And process payment, it is configured to receive from institute It states at least one certificate of mobile agent device acquisition and executes financial function, in identification function or treaty function at least One.

11. system according to claim 10, wherein the mobile agent device is the form of card.

12. system according to claim 10, wherein the mobile agent device is smart mobile phone.

13. portable agent apparatus according to claim 10, wherein the process payment be configured to it is described The relevant configurable rule of usage of mobile agent device selects one of the multiple certificate.

14. system as claimed in claim 13, wherein user and Fa of the configurable rule by the mobile agent device At least one of row mechanism predefines.

15. system according to claim 14, wherein the configurable rule is filled by the process payment using mobile Set or computer on web browser generate.

16. system according to claim 14, wherein the configurable rule by with the associated operation of the issuer Person generates.

17. system according to claim 13, wherein the configurable rule depends on the meter of the mobile agent device Calculate position.

18. system according to claim 13, wherein the configurable rule includes the class based on ongoing function The type of the constraint of the context of type, the function is selected from financial function, identification function and treaty function.