	US 11,741,462 B2
	Authentication to authorization bridge using enriched messages
Erik Nils Enright, Willoughby Hills, OH (US); Adam Ratica, Mentor, OH (US); Michael A. Keresman, III, Kirtland Hills, OH (US); Francis M. Sherwin, Cleveland Heights, OH (US); and Chandra S. Balasubramanian, Shaker Heights, OH (US)
Assigned to CardinalCommerce Corporation, Mentor, OH (US)
Filed by CardinalCommerce Corporation, Mentor, OH (US)
Filed on Sep. 17, 2021, as Appl. No. 17/478,158.
Application 17/478,158 is a continuation of application No. 15/650,510, filed on Jul. 14, 2017, granted, now 11,195,173.
Claims priority of provisional application 62/362,876, filed on Jul. 15, 2016.
Prior Publication US 2022/0005030 A1, Jan. 6, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06Q 20/38 (2012.01); H04L 9/32 (2006.01); G06Q 20/40 (2012.01)

CPC G06Q 20/3829 (2013.01) [G06Q 20/4018 (2013.01); H04L 9/3228 (2013.01); H04L 2209/56 (2013.01)]

20 Claims

1. A system for electronic communication, comprising:

an issuer Access Control Server (ACS) operated by an issuer;

at least one processor of a decoding entity; and

at least one processor of an encoding entity,

wherein the at least one processor of the encoding entity is programmed or configured to:

create a Pre-Authentication Transaction Number (Pre-ATN), wherein, when creating the Pre-ATN, the at least one processor of the encoding entity is programmed or configured to:

select a key index from a plurality of key indexes, wherein the key index corresponds to a Format Preserving Encryption (FPE) base key;

create a unique key that is associated with a Primary Account Number (PAN) that is involved in an online payment transaction;

select a Special Encode Value (SEV) from a first SEV definition table based on a definition, wherein the definition comprises information that is being bridged between an authentication procedure that authenticates an identity of a consumer associated with the PAN during the online payment transaction and an authorization procedure that authorizes the online payment transaction involving the consumer associated with the PAN during the online payment transaction; and

combine a number with the SEV to create the Pre-ATN, wherein the SEV is a single digit integer value;

encrypt the Pre-ATN using the unique key to generate an encrypted Authentication Transaction Number (ATN); and

send the encrypted ATN and the key index to the issuer ACS, wherein the issuer ACS is programmed or configured to:

generate a Cardholder Authentication Verification Value (CAVV) or an Accountholder Authentication Value (AAV) based on the encrypted ATN and the key index,

wherein the at least one processor of the decoding entity is programmed or configured to:

obtain the unique key;

obtain the SEV as part of the authorization procedure associated with the online payment transaction, wherein, when obtaining the SEV, the at least one processor of the decoding entity is programmed or configured to:

receive, from the issuer ACS, an authorization request for the online payment transaction including the CAVV or the AAV,

deconstruct the encrypted ATN and the key index from the CAVV or AAV, and

decrypt the encrypted ATN using a Format Preserving Decryption (FPD) routine and the unique key, wherein, when decrypting the encrypted ATN using the FPD routine, the at least one processor of the decoding entity is programmed or configured to:

perform the FPD routine using the encrypted ATN and the unique key associated with the PAN to generate the Pre-ATN including the SEV; and

use a second SEV definition table to determine the information that is being bridged between the authentication procedure that authenticates the identity of the consumer associated with the PAN and the authorization procedure that authorizes the online payment transaction involving the consumer associated with the PAN.