Token provisioning utilizing a secure authentication system
First Claim
1. A computer-implemented method, comprising:
- receiving, by a resource provider computer associated with a resource provider, transaction data corresponding to a transaction associated with a user, each portion of the transaction data being different from a token;
transmitting, by the resource provider computer to a directory server computer, an authentication request message including the transaction data and a token request indicator, wherein the directory server computer subsequently transmits the authentication request message to an access control server computer associated with an authorizing entity, wherein receipt of the authentication request message causes the access control server computer to authenticate the user, generate a verification value representing the authentication, and transmit an authentication response message comprising the verification value to the directory server computer;
receiving, by the resource provider computer from the directory server computer, the authentication response message comprising the verification value and a new token, wherein the new token is provisioned by a token provider computer and obtained by the directory server computer from the token provider computer based at least in part on inclusion of the token request indicator in the authentication request message, and wherein provisioning the new token comprises generating the new token and generating an association between the new token and a portion of the transaction data;
transmitting, by the resource provider computer to the directory server computer, a cryptogram request message associated with the token, wherein receipt of the cryptogram request message causes the directory server computer to;
transmit the cryptogram request message to the token provider computer; and
receive a cryptogram response message comprising a cryptogram associated with the token from the token provider computer; and
receiving, by the resource provider computer, the cryptogram response message comprising the cryptogram associated with the token, the cryptogram being associated with one or more token restrictions.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods of the invention are directed to provisioning a token by a secure authentication system. A user may initiate a transaction that causes a resource provider computer to transmit an authentication request message to a directory server computer. The directory server computer may transmit the authentication request message to an access control server computer for authentication. Subsequent to receiving the authentication request message, the directory server computer may request a token for the transaction from a token provider computer. If authentication is successful, the token may be included in an authentication response message transmitted by the directory server computer to the resource provider computer. The token may then be utilized by the resource provider computer in lieu of sensitive user information for any suitable purpose. In some embodiments, user-specific-data provided by the access control server computer may be included in the authentication response message.
-
Citations
17 Claims
-
1. A computer-implemented method, comprising:
-
receiving, by a resource provider computer associated with a resource provider, transaction data corresponding to a transaction associated with a user, each portion of the transaction data being different from a token; transmitting, by the resource provider computer to a directory server computer, an authentication request message including the transaction data and a token request indicator, wherein the directory server computer subsequently transmits the authentication request message to an access control server computer associated with an authorizing entity, wherein receipt of the authentication request message causes the access control server computer to authenticate the user, generate a verification value representing the authentication, and transmit an authentication response message comprising the verification value to the directory server computer; receiving, by the resource provider computer from the directory server computer, the authentication response message comprising the verification value and a new token, wherein the new token is provisioned by a token provider computer and obtained by the directory server computer from the token provider computer based at least in part on inclusion of the token request indicator in the authentication request message, and wherein provisioning the new token comprises generating the new token and generating an association between the new token and a portion of the transaction data; transmitting, by the resource provider computer to the directory server computer, a cryptogram request message associated with the token, wherein receipt of the cryptogram request message causes the directory server computer to; transmit the cryptogram request message to the token provider computer; and receive a cryptogram response message comprising a cryptogram associated with the token from the token provider computer; and receiving, by the resource provider computer, the cryptogram response message comprising the cryptogram associated with the token, the cryptogram being associated with one or more token restrictions. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A resource provider computer, comprising:
-
a hardware processor, and a non-transitory computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, for implementing a method comprising; receiving transaction data corresponding to a transaction associated with a user, the transaction data being different from a token; transmitting, to a directory server computer, an authentication request message including the transaction data and a token request indicator, wherein the directory server computer subsequently transmits the authentication request message to an access control server computer associated with an authorizing entity, wherein receipt of the authentication request message causes the access control server computer to authenticate the user, generate a verification value representing the authentication, and transmit an authentication response message comprising the verification value to the directory server computer; receiving, from the directory server computer, the authentication response message comprising the verification value and a new token, wherein the new token is provisioned by a token provider computer and obtained by the directory server computer from the token provider computer based at least in part on inclusion of the token request indicator in the authentication request message, and wherein provisioning the new token comprises generating the new token and generating an association between the new token and a portion of the transaction data; transmitting, to the directory server computer, a cryptogram request message associated with the token, wherein receipt of the cryptogram request message causes the directory server computer to; transmit the cryptogram request message to the token provider computer; and receive a cryptogram response message comprising a cryptogram associated with the token from the token provider computer; and receiving the cryptogram response message comprising the cryptogram associated with the token, the cryptogram being associated with one or more token restrictions. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A directory server computer, comprising:
-
a hardware processor, and a non-transitory computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, for implementing a method comprising; receiving, from a resource provider computer, an authentication request message comprising transaction data for a transaction between a user and a resource provider and a token request indicator, the transaction data being different from a token; sending the authentication request message to an access control server computer at an issuer, wherein receipt of the authentication request message causes the access control server computer authenticate the user, generate a verification value representing the authentication, and transmit an authentication response message comprising the verification value to the directory server computer; receiving, by the directory server computer from the access control server computer, the authentication response message; transmitting, to a token provider computer, a token request message based at least in part on receiving the token request indicator in the authentication request message, the token request message including at least a portion of the transaction data, wherein receipt of the token request message causes the token provider computer to generate a new token corresponding to the transaction and an association between the new token and a portion of the transaction data; receiving, from the token provider computer, the new token corresponding to the transaction; and transmitting, to the resource provider computer, the authentication response message comprising the new token; receiving, from the resource provider computer, a cryptogram request message associated with the new token, wherein receipt of the cryptogram request message causes the directory server computer to transmit the cryptogram request message to the token provider computer and receive a cryptogram response message comprising a cryptogram associated with the new token from the token provider computer; and transmitting, to the resource provider computer, the cryptogram response message comprising the cryptogram associated with the new token, the cryptogram being associated with one or more token restrictions. - View Dependent Claims (14, 15, 16, 17)
-
Specification