Multifactor authentication using a directory server
First Claim
1. A method for authenticating an account of a consumer, the method comprising the steps of:
- receiving, by a directory server computer, a first identifier and a cryptogram from an access device, wherein the first identifier is associated with the account, and wherein the access device received the first identifier and the cryptogram from a portable consumer device to initiate a transaction, wherein the cryptogram was generated by the portable consumer device for the transaction;
identifying, by the directory server computer, an issuer computer associated with the account;
forwarding, by the directory server computer, the first identifier and the cryptogram to the issuer computer for validation;
receiving, by the directory server computer, a temporary primary account number (TPAN) from the issuer computer, wherein the temporary primary account number (TPAN) is generated by the issuer computer and associated with a validated form of the first identifier; and
sending, by the directory server computer, the temporary primary account number (TPAN) to the access device, wherein the temporary primary account number (TPAN) is subsequently sent by the access device to the issuer computer via an acquirer computer and a payment processing server computer for authorization of the transaction, wherein the issuer computer validates the temporary primary account number (TPAN), wherein the transaction is authorized when the temporary primary account number (TPAN) is validated, andwherein the steps in the method are performed in the order listed above.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and a server computer are provided for authenticating a cardholder account. The server computer implements the method, which includes obtaining a first identifier and a cryptogram from a first entity, identifying an issuer associated with the cardholder account, forwarding the first account identifier and the cryptogram to a second entity for validation, receiving a second identifier from the second entity, and sending the second identifier to the first entity. The first identifier can be associated with the cardholder account. The second identifier can be generated by the second entity and associated with a validated form of the first identifier.
-
Citations
20 Claims
-
1. A method for authenticating an account of a consumer, the method comprising the steps of:
-
receiving, by a directory server computer, a first identifier and a cryptogram from an access device, wherein the first identifier is associated with the account, and wherein the access device received the first identifier and the cryptogram from a portable consumer device to initiate a transaction, wherein the cryptogram was generated by the portable consumer device for the transaction; identifying, by the directory server computer, an issuer computer associated with the account; forwarding, by the directory server computer, the first identifier and the cryptogram to the issuer computer for validation; receiving, by the directory server computer, a temporary primary account number (TPAN) from the issuer computer, wherein the temporary primary account number (TPAN) is generated by the issuer computer and associated with a validated form of the first identifier; and sending, by the directory server computer, the temporary primary account number (TPAN) to the access device, wherein the temporary primary account number (TPAN) is subsequently sent by the access device to the issuer computer via an acquirer computer and a payment processing server computer for authorization of the transaction, wherein the issuer computer validates the temporary primary account number (TPAN), wherein the transaction is authorized when the temporary primary account number (TPAN) is validated, and wherein the steps in the method are performed in the order listed above. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
9. A directory server computer for use in an authenticated transaction, the server computer comprising:
-
a processor; and a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor to implement a method comprising the steps of; receiving a first identifier and a cryptogram from an access device, wherein the first identifier is associated with the account, and wherein the access device received the first identifier and the cryptogram from a portable consumer device to initiate a transaction, wherein the cryptogram was generated by the portable consumer device for the transaction; identifying an issuer computer associated with the account; sending the first identifier and the cryptogram to the issuer computer for validation; receiving a temporary primary account number (TPAN) from the issuer computer, wherein the temporary primary account number (TPAN) is generated by the issuer computer and associated with a validated form of the first identifier; and sending the temporary primary account number (TPAN) to the access device, wherein the temporary primary account number (TPAN) is subsequently sent by the access device to the issuer computer via an acquirer computer and a payment processing server computer for authorization of the transaction, wherein the issuer computer validates the temporary primary account number (TPAN), wherein the transaction is authorized when the temporary primary account number (TPAN) is validated, and wherein the steps in the method are performed in the order listed above. - View Dependent Claims (10)
-
-
11. A non-transitory computer readable medium comprising code executable by a processor, for implementing a method comprising the steps of:
-
receiving a first identifier and a cryptogram from an access device, wherein the first identifier is associated with an account of a consumer, wherein the access device received the first identifier and the cryptogram from a portable consumer device to initiate a transaction, wherein the cryptogram was generated by the portable consumer device for the transaction; identifying an issuer computer associated with the account; forwarding the first identifier and the cryptogram to the issuer computer for validation; receiving a temporary primary account number (TPAN) from the issuer computer, wherein the temporary primary account number (TPAN) is generated by the issuer computer and associated with a validated form of the first identifier; and sending the temporary primary account number (TPAN) to the access device, wherein the temporary primary account number (TPAN) is subsequently sent by the access device to the issuer computer via an acquirer computer and a payment processing server computer for authorization of the transaction, wherein the issuer computer validates the temporary primary account number (TPAN), wherein the transaction is authorized when the temporary primary account number (TPAN) is validated, and wherein the steps in the method are performed in the order listed above.
-
-
12. A method for authenticating a transaction on an access device, the method comprising the steps of:
-
accessing, by an access device, a merchant website; initiating the transaction on the merchant website, wherein the merchant sends a request for payment during the transaction; interfacing with a reader device associated with the access device, wherein the reader device captures a first identifier stored on a portable consumer device and a cryptogram in response to the request for payment, wherein the cryptogram was generated by the portable consumer device for the transaction; forwarding, by the access device, the first identifier and the cryptogram to a directory server computer through a merchant plug in, wherein the directory server computer communicates the first identifier and the cryptogram to an issuer computer of the portable consumer device for validation; and receiving, by the access device, a temporary primary account number (TPAN) through the MPI, wherein the temporary primary account number (TPAN) is generated by the issuer computer and associated with the validated first identifier, wherein the temporary primary account number (TPAN) is subsequently sent by the access device to the issuer computer via an acquirer computer and a payment processing server computer for authorization of the transaction, wherein the issuer computer validates the temporary primary account number (TPAN), wherein the transaction is authorized when the temporary primary account number (TPAN) is validated, and wherein the steps in the method are performed in the order listed above.
-
Specification