Search

US-12627652-B2 - On demand tokenization processing

US12627652B2US 12627652 B2US12627652 B2US 12627652B2US-12627652-B2

Abstract

One embodiment is related to a method. The method includes receiving from a storage application server computer, a token request message comprising a user identifier associated with a storage application on a user device, and determining a token. The token is a limited use token. The method includes mapping the token to the user identifier, transmitting, a token response message comprising the token to the storage application server computer. The method includes receiving from a processing network computer, a de-tokenization request message comprising the token, after the processing network computer receives an authorization request message comprising the token from a resource provider computer via a transport computer. The method also includes determining the user identifier using the token, and transmitting the user identifier to the processing network computer.

Inventors

  • Yuexi CHEN

Assignees

  • VISA INTERNATIONAL SERVICE ASSOCIATION

Dates

Publication Date
20260512
Application Date
20240628

Claims (20)

  1. 1 . A method comprising: receiving, by a token service computer from a storage application server computer, a token request message comprising a user identifier associated with a storage application on a user device operated by user; determining, by the token service computer, a token, wherein the token is a limited use token; mapping, by the token service computer, the token to the user identifier; transmitting, by the token service computer, a token response message comprising the token to the storage application server computer, which provides the token to the storage application on the user device; receiving, by the token service computer from a processing network computer, a de-tokenization request message comprising the token, after the processing network computer receives an authorization request message comprising the token from a resource provider computer; determining, by the token service computer, the user identifier using the token; and transmitting, by the token service computer, the user identifier to the processing network computer, wherein the processing network computer transforms the authorization request message and sends the transformed authorization request message to the storage application server computer for authorization.
  2. 2 . The method of claim 1 , further comprising: receiving, by the token service computer from the processing network computer, a re-tokenization request message, after the processing network computer receives an authorization response message comprising the user identifier from the storage application server computer; determining, by the token service computer, the token using the user identifier; and transmitting, by the token service computer, the token to the processing network computer, which transforms the authorization response message to include the token and sends the transformed authorization response message to the resource provider computer.
  3. 3 . The method of claim 2 , wherein the user device provides the token to the resource provider computer to request access to a resource offered by a resource provider, and wherein the resource provider determines whether or not to grant access based on the transformed authorization response message.
  4. 4 . The method of claim 1 , wherein the authorization request message is in a first format and the transformed authorization request message is in a second format.
  5. 5 . The method of claim 4 , wherein the first format is a JSON data format and the second format is an ISO 8583 message format.
  6. 6 . The method of claim 1 , wherein the authorization request message further comprises a value for an interaction.
  7. 7 . The method of claim 6 , wherein the user device is a mobile phone.
  8. 8 . The method of claim 6 , wherein the token is valid for a certain volume of interactions.
  9. 9 . The method of claim 8 , wherein the storage application stores data.
  10. 10 . The method of claim 1 , wherein the user identifier has a different format than the token.
  11. 11 . A server computer comprising: a processor; and a computer readable medium comprising code, executable by the processor for implementing a method comprising: receiving from a storage application server computer, a token request message comprising a user identifier associated with a storage application on a user device; determining a token, wherein the token is a limited use token; mapping the token to the user identifier; transmitting a token response message comprising the token to the storage application server computer, which provides the token to the storage application on the user device; receiving from a processing network computer, a de-tokenization request message comprising the token, after the processing network computer receives an authorization request message comprising the token from a resource provider computer; determining the user identifier using the token; and transmitting the user identifier to the processing network computer, wherein the processing network computer transforms the authorization request message and sends the transformed authorization request message to the storage application server computer for authorization.
  12. 12 . The server computer of claim 11 , the method further comprising: receiving from the processing network computer, a re-tokenization request message, after the processing network computer receives an authorization response message comprising the user identifier from the storage application server computer; determining the token using the user identifier; and transmitting, the token to the processing network computer, which transforms the authorization response message to include the token and sends the transformed authorization response message to the resource provider computer.
  13. 13 . The server computer of claim 12 , wherein the user device provides the token to the resource provider computer to request access to a resource offered by a resource provider operating the resource provieder computer, and wherein the authorizing entity computer determines whether or not to grant access based on the transformed authorization response message.
  14. 14 . The server computer of claim 11 , wherein the authorization request message is in a first format and the transformed authorization request message is in a second format.
  15. 15 . The server computer of claim 14 , wherein the first format is a JSON data format and the second format is an ISO 8583 message format.
  16. 16 . A method comprising: receiving, by a token service computer from a service provider computer, a temporary user identifier request message comprising a token or a credential associated with a service provider application on a user device; determining, by the token service computer, a temporary user identifier, wherein the temporary user identifier is formatted for processing by the service provider computer, the service provider computer associated with the service provider application; mapping, by the token service computer, the token to the temporary user identifier; transmitting, by the token service computer, a temporary user identifier response message comprising the temporary user identifier to (i) the service provider computer, which provides the temporary user identifier to the service provider application on the user device or (ii) a storage application server computer; receiving, by the token service computer from a processing network computer, a temporary user identifier resolve request message comprising the temporary user identifier, after the processing network computer receives an authorization request message comprising the temporary user identifier from the user device via the storage application server computer; determining, by the token service computer, the token or credential using the temporary user identifier; and transmitting, by the token service computer, the token or the credential to the processing network computer, wherein the processing network computer transforms the authorization request message and sends the transformed authorization request message to an authorizing entity computer for authorization.
  17. 17 . The method of claim 16 , wherein the authorization request message further comprises a value for an interaction and the transformed authorization request message comprises the token or credential and the value for the interaction.
  18. 18 . The method of claim 17 , wherein the user device is a mobile phone.
  19. 19 . The method of claim 16 , wherein the temporary user identifier response message comprising the temporary user identifier is transmitted to the storage application server computer.
  20. 20 . The method of claim 16 , wherein the temporary user identifier response message comprising the temporary user identifier is transmitted to the service provider computer.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS None. BACKGROUND Interaction processing systems can vary based on factors such as region and available technology. For example, in a first country, a first interaction application may be very commonly used to process interactions while a second interaction application is most commonly used in a second country to process interactions. However, different interaction applications may be incompatible. If a sender wishes to send funds to a receiver using a digital wallet application, both parties may first need to download and register with the same digital wallet application. Also, if the sender does not have available funds in the account associated with the digital wallet application, but has available funds in another account (e.g., issuer bank account), the sender must transfer funds from the other account to the digital wallet application account prior to transferring funds to the receiver using the digital wallet. Such actions are inconvenient and use computer resources and processing time. Data security is also an issue when a user performs interactions with credentials, tokens, and user identifiers, because they can be considered sensitive information. If they are obtained by hackers or eavesdroppers when they are stored or being transmitted between computers, they can be used to conduct unauthorized transactions. Embodiments of the disclosure address these and other problems, individually and collectively. SUMMARY One embodiment is related to a computer-implemented method comprising: receiving, by a token service computer from a storage application server computer, a token request message comprising a user identifier associated with a storage application on a user device; determining, by the token service computer, a token, wherein the token is a limited use token; mapping, by the token service computer, the token to the user identifier; transmitting, by the token service computer, a token response message comprising the token to the storage application server computer, which provides the token to the storage application on the user device; receiving, by the token service computer from a processing network computer, a de-tokenization request message comprising the token, after the processing network computer receives an authorization request message comprising the token from a resource provider computer via a transport computer; determining, by the token service computer, the user identifier using the token; and transmitting, by the token service computer, the user identifier to the processing network computer, wherein the processing network computer transforms the authorization request message and sends the transformed authorization request message to the storage application server computer for authorization. Another embodiment is related to a computer-implemented method comprising receiving, by a token service computer from a service provider computer, a temporary user identifier request message comprising a token or a credential associated with a service provider application on a user device; determining, by the token service computer, a temporary user identifier, the token to the temporary user identifier; transmitting, by the token service computer, a temporary user identifier response message comprising the temporary user identifier to (i) the service provider computer, which provides the temporary user identifier to the service provider application on the user device or (ii) a storage application server computer; receiving, by the token service computer from a processing network computer, a temporary user identifier resolve request message comprising the temporary user identifier, after the processing network computer receives an authorization request message comprising the temporary user identifier from the user device via the storage application computer; determining, by the token service computer, the token or credential using the temporary user identifier; and transmitting, by the token service computer, the token or the credential to the processing network computer, wherein the processing network computer transforms the authorization request message and sends the transformed authorization request message to an authorizing entity computer for authorization. Another embodiment of the invention can include a token service computer comprising a processor, and a computer readable medium. The computer readable medium comprises code, executable by the processor, to perform the above methods. Further details regarding embodiments of the disclosure can be found in the Detailed Description and the Figures. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 shows a block diagram of a method and system for processing an interaction using a limited use token according to some embodiments. FIG. 2 shows a block diagram of an exemplary storage application server computer. FIG. 3 shows a block diagram of an exemplary token service computer. FIG. 4 shows a block diagram of an ex