Multifactor authentication using a directory server

US 10,255,601 B2
Filed: 12/09/2010
Issued: 04/09/2019
Est. Priority Date: 02/25/2010
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating an account of a consumer, the method comprising the steps of:

receiving, by a directory server computer, a first identifier and a cryptogram from an access device, wherein the first identifier is associated with the account, and wherein the access device received the first identifier and the cryptogram from a portable consumer device to initiate a transaction, wherein the cryptogram was generated by the portable consumer device for the transaction;

identifying, by the directory server computer, an issuer computer associated with the account;

forwarding, by the directory server computer, the first identifier and the cryptogram to the issuer computer for validation;

receiving, by the directory server computer, a temporary primary account number (TPAN) from the issuer computer, wherein the temporary primary account number (TPAN) is generated by the issuer computer and associated with a validated form of the first identifier; and

sending, by the directory server computer, the temporary primary account number (TPAN) to the access device, wherein the temporary primary account number (TPAN) is subsequently sent by the access device to the issuer computer via an acquirer computer and a payment processing server computer for authorization of the transaction, wherein the issuer computer validates the temporary primary account number (TPAN), wherein the transaction is authorized when the temporary primary account number (TPAN) is validated, andwherein the steps in the method are performed in the order listed above.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a server computer are provided for authenticating a cardholder account. The server computer implements the method, which includes obtaining a first identifier and a cryptogram from a first entity, identifying an issuer associated with the cardholder account, forwarding the first account identifier and the cryptogram to a second entity for validation, receiving a second identifier from the second entity, and sending the second identifier to the first entity. The first identifier can be associated with the cardholder account. The second identifier can be generated by the second entity and associated with a validated form of the first identifier.

Citations

20 Claims

1. A method for authenticating an account of a consumer, the method comprising the steps of:
- receiving, by a directory server computer, a first identifier and a cryptogram from an access device, wherein the first identifier is associated with the account, and wherein the access device received the first identifier and the cryptogram from a portable consumer device to initiate a transaction, wherein the cryptogram was generated by the portable consumer device for the transaction;
  
  identifying, by the directory server computer, an issuer computer associated with the account;
  
  forwarding, by the directory server computer, the first identifier and the cryptogram to the issuer computer for validation;
  
  receiving, by the directory server computer, a temporary primary account number (TPAN) from the issuer computer, wherein the temporary primary account number (TPAN) is generated by the issuer computer and associated with a validated form of the first identifier; and
  
  sending, by the directory server computer, the temporary primary account number (TPAN) to the access device, wherein the temporary primary account number (TPAN) is subsequently sent by the access device to the issuer computer via an acquirer computer and a payment processing server computer for authorization of the transaction, wherein the issuer computer validates the temporary primary account number (TPAN), wherein the transaction is authorized when the temporary primary account number (TPAN) is validated, andwherein the steps in the method are performed in the order listed above.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein the first identifier includes a primary account number (PAN).
  - 3. The method of claim 1, wherein the first identifier includes any one or more of an electronic mail address, a telephone number, a card authentication program (CAP) token, a dynamic passcode authentication (DPA) token, or a one time passcode (OTP) cryptogram.
  - 4. The method of claim 1, further comprising:
    - accessing, by the directory server computer, a lookup table to retrieve a primary account number (PAN) associated with the first identifier.
  - 5. The method of claim 1, wherein the access device is coupled to a reader device that reads the first identifier from the portable consumer device.
  - 6. The method of claim 5,wherein a third identifier is received by the issuer computer in order to continue validation of the account.
  - 7. The method of claim 5, wherein the reader device includes a merchant plug in (MPI).
  - 8. The method of claim 7, wherein the merchant plug in (MPI) communicates with the reader device to populate browser fields in a browser on the access device with a primary account number (PAN) and the temporary primary account number (TPAN).
  - 13. The method of claim 1, wherein the portable consumer device is configured to receive a personal identification number from the consumer prior to generating a new cryptogram for each transaction conducted using the portable consumer device.
  - 14. The method of claim 13, wherein the access device displays a pop-up window generated by the issuer computer, allowing the consumer to input a password, after forwarding, by the directory server computer, the first identifier and the cryptogram to the issuer computer for validation.
  - 15. The method of claim 14, wherein the issuer computer is an access control server computer.
  - 16. The method of claim 1, wherein the first identifier is an alias corresponding to a personal account number (PAN).
  - 17. The method of claim 14, wherein if the password is incorrect the consumer'"'"'s online transaction session can timeout and the transaction can be terminated.
  - 18. The method of claim 1, wherein the temporary primary account number (TPAN) is not validated when the temporary primary account number (TPAN) forwarded by the merchant does not match the temporary primary account number (TPAN) previously generated by the issuer computer.
  - 19. The method of claim 1, wherein a reader device coupled to the access device generates the cryptogram received from the access device for the transaction.
  - 20. The method of claim 1, wherein the cryptogram is entered manually through an interface on the access device.

9. A directory server computer for use in an authenticated transaction, the server computer comprising:
- a processor; and
  
  a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor to implement a method comprising the steps of;
  
  receiving a first identifier and a cryptogram from an access device, wherein the first identifier is associated with the account, and wherein the access device received the first identifier and the cryptogram from a portable consumer device to initiate a transaction, wherein the cryptogram was generated by the portable consumer device for the transaction;
  
  identifying an issuer computer associated with the account;
  
  sending the first identifier and the cryptogram to the issuer computer for validation;
  
  receiving a temporary primary account number (TPAN) from the issuer computer, wherein the temporary primary account number (TPAN) is generated by the issuer computer and associated with a validated form of the first identifier; and
  
  sending the temporary primary account number (TPAN) to the access device, wherein the temporary primary account number (TPAN) is subsequently sent by the access device to the issuer computer via an acquirer computer and a payment processing server computer for authorization of the transaction, wherein the issuer computer validates the temporary primary account number (TPAN), wherein the transaction is authorized when the temporary primary account number (TPAN) is validated, andwherein the steps in the method are performed in the order listed above.
- View Dependent Claims (10)
- - 10. The directory server computer of claim 9, further comprising a database, wherein the database includes information used to identify an issuer computer associated with the first identifier.

11. A non-transitory computer readable medium comprising code executable by a processor, for implementing a method comprising the steps of:
- receiving a first identifier and a cryptogram from an access device, wherein the first identifier is associated with an account of a consumer, wherein the access device received the first identifier and the cryptogram from a portable consumer device to initiate a transaction, wherein the cryptogram was generated by the portable consumer device for the transaction;
  
  identifying an issuer computer associated with the account;
  
  forwarding the first identifier and the cryptogram to the issuer computer for validation;
  
  receiving a temporary primary account number (TPAN) from the issuer computer, wherein the temporary primary account number (TPAN) is generated by the issuer computer and associated with a validated form of the first identifier; and
  
  sending the temporary primary account number (TPAN) to the access device, wherein the temporary primary account number (TPAN) is subsequently sent by the access device to the issuer computer via an acquirer computer and a payment processing server computer for authorization of the transaction, wherein the issuer computer validates the temporary primary account number (TPAN), wherein the transaction is authorized when the temporary primary account number (TPAN) is validated, andwherein the steps in the method are performed in the order listed above.

12. A method for authenticating a transaction on an access device, the method comprising the steps of:
- accessing, by an access device, a merchant website;
  
  initiating the transaction on the merchant website, wherein the merchant sends a request for payment during the transaction;
  
  interfacing with a reader device associated with the access device, wherein the reader device captures a first identifier stored on a portable consumer device and a cryptogram in response to the request for payment, wherein the cryptogram was generated by the portable consumer device for the transaction;
  
  forwarding, by the access device, the first identifier and the cryptogram to a directory server computer through a merchant plug in, wherein the directory server computer communicates the first identifier and the cryptogram to an issuer computer of the portable consumer device for validation; and
  
  receiving, by the access device, a temporary primary account number (TPAN) through the MPI, wherein the temporary primary account number (TPAN) is generated by the issuer computer and associated with the validated first identifier,wherein the temporary primary account number (TPAN) is subsequently sent by the access device to the issuer computer via an acquirer computer and a payment processing server computer for authorization of the transaction, wherein the issuer computer validates the temporary primary account number (TPAN), wherein the transaction is authorized when the temporary primary account number (TPAN) is validated, andwherein the steps in the method are performed in the order listed above.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Makhotin, Oleg
Primary Examiner(s)
Nilforoush, Mohammad A.

Application Number

US12/964,446
Publication Number

US 20110208658A1
Time in Patent Office

3,043 Days
Field of Search

705 50-500
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

G06Q 20/12   specially adapted for elect...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3213   using tickets or tokens, e....

Multifactor authentication using a directory server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multifactor authentication using a directory server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links