| CPC H04L 63/12 (2013.01) [G06Q 20/3821 (2013.01); G06Q 20/4018 (2013.01); G06Q 20/409 (2013.01); H04W 12/106 (2021.01); H04W 12/122 (2021.01)] | 20 Claims |
|
1. A method of conducting a transaction involving a communication device and an access device using a communication channel, the method comprising:
receiving, by the communication device from the access device via the communication channel, an information request associated with transaction level data, the transaction level data comprising data relating to application selection and/or transaction processing;
generating a random value, by the communication device;
hashing the random value to form a hashed random value;
generating, by the communication device using a cryptogram generation module in a memory in the communication device, a cryptogram by encrypting at least the transaction level data, and the hashed random value;
transmitting, by the communication device via the communication channel, the transaction level data, the hashed random value, and a tag assigned for interoperability level data to the access device, the hashed random value preceded by the tag; and
transmitting, by the communication device via the communication channel, the cryptogram to the access device,
wherein the access device or a remote server computer in communication with the access device validates the cryptogram before allowing the transaction to proceed, by
decrypting the cryptogram to obtain the transaction level data, and the hashed random value, and
comparing, the received transaction level data, and the hashed random value received from the communication device with the transaction level data, and the hashed random value obtained from the cryptogram to determine if the received cryptogram is valid; and
allows the transaction to proceed if the received cryptogram is valid.
|