Tokenization capable authentication framework

US 10,552,834 B2
Filed: 04/30/2015
Issued: 02/04/2020
Est. Priority Date: 04/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a first server computer, transaction data associated with a tokenized transaction initiated by a user;

determining, by the first server computer, that the transaction data includes a token, wherein the token comprises tokenized credentials;

initiating, by the first server computer, a user authentication process in connection with the tokenized transaction prior to a transaction authorization process in connection with the tokenized transaction, wherein the user authentication process includes;

identifying, by the first server computer, a token service provider among a plurality of token service providers;

sending, by the first server computer, the token to the token service provider to detokenize the token comprising the tokenized credentials to form detokenized credentials;

receiving, by the first server computer, from the token service provider, the detokenized credentials;

forwarding, by the first server computer, the detokenized credentials to a second server computer for authentication; and

receiving, by the first server computer, the detokenized credentials and an authentication value from the second server computer upon the second server computer authenticating the detokenized credentials before the transaction authorization process starts,wherein the authentication value and the token are incorporated into a transaction authorization request message after the transaction authorization process in connection with the tokenized transaction starts, andwherein the transaction authorization request message associated with the tokenized transaction includes at least the token and the authentication value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to systems and methods for performing consumer authentication in a tokenized transaction. The token in the authentication request may be resolved to corresponding credentials before the consumer authentication process is initiated. As part of an authentication system, the merchant computer may include a merchant plug-in module as a proxy between the merchant computer and an issuer access control server. The merchant plug-in module may communicate with the issuer access control server by sending verification and authentication messages to the issuer access control server via a directory server. The token may be resolved to corresponding credentials before the authentication request reaches the issuer access computer for authentication. The merchant plug-in module, the directory server or a token router coupled to the issuer access control server may each be in communication with one or more token service providers to de-tokenize the token provided by the consumer'"'"'s user device.

528 Citations

18 Claims

1. A method comprising:
- receiving, by a first server computer, transaction data associated with a tokenized transaction initiated by a user;
  
  determining, by the first server computer, that the transaction data includes a token, wherein the token comprises tokenized credentials;
  
  initiating, by the first server computer, a user authentication process in connection with the tokenized transaction prior to a transaction authorization process in connection with the tokenized transaction, wherein the user authentication process includes;
  
  identifying, by the first server computer, a token service provider among a plurality of token service providers;
  
  sending, by the first server computer, the token to the token service provider to detokenize the token comprising the tokenized credentials to form detokenized credentials;
  
  receiving, by the first server computer, from the token service provider, the detokenized credentials;
  
  forwarding, by the first server computer, the detokenized credentials to a second server computer for authentication; and
  
  receiving, by the first server computer, the detokenized credentials and an authentication value from the second server computer upon the second server computer authenticating the detokenized credentials before the transaction authorization process starts,wherein the authentication value and the token are incorporated into a transaction authorization request message after the transaction authorization process in connection with the tokenized transaction starts, andwherein the transaction authorization request message associated with the tokenized transaction includes at least the token and the authentication value.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - sending, by the first server computer, the detokenized credentials to the token service provider after receiving the detokenized credentials and the authentication value to re-tokenize the detokenized credentials; and
      
      receiving, by the first server computer, the token associated with re-tokenized credentials from the token service provider.
  - 3. The method of claim 2, the method further comprising:
    - sending, by the first server computer, the token and the authentication value to a third server computer for initiating the transaction authorization process using the token and the authentication value, wherein the first server computer is a directory server computer or a token router computer, wherein the third server computer is a merchant computer, and wherein the tokenized transaction is between the user and a merchant associated with the merchant computer.
  - 4. The method of claim 1, wherein the token in the transaction authorization request message is de-tokenized using the token service provider and sent to an authorization computer as part of the transaction authorization process.
  - 5. The method of claim 1, wherein the detokenized credentials include a unique primary account number.
  - 6. The method of claim 1, wherein the token service provider is identified among the plurality of token service providers based on a format of the token or based on one or more predetermined rules.

7. A server computer comprising:
- a processor and a computer readable medium coupled to the processor, the computer readable medium comprising instructions that, when executed by the processor, cause the processor to;
  
  receive transaction data associated with a tokenized transaction initiated by a user;
  
  determine that the transaction data includes a token, wherein the token comprises tokenized credentials;
  
  initiate a user authentication process in connection with the tokenized transaction prior to a transaction authorization process in connection with the tokenized transaction, wherein the user authentication process includes;
  
  identifying a token service provider among a plurality of token service providers;
  
  sending the token to the token service provider to detokenize the token comprising the tokenized credentials to form detokenized credentials;
  
  receiving from the token service provider the detokenized credentials;
  
  forwarding the detokenized credentials to a second server computer for authentication; and
  
  receiving the detokenized credentials and an authentication value from the second server computer upon the second server computer authenticating the detokenized credentials before the transaction authorization process starts,wherein the authentication value and the token are incorporated into a transaction authorization request message after the transaction authorization process in connection with the tokenized transaction starts, andwherein the transaction authorization request message associated with the tokenized transaction includes at least the token and the authentication value.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The server computer of claim 7, wherein the computer readable medium further comprises instructions that, when executed by the processor, cause the processor to:
    - send the detokenized credentials to the token service provider after receiving the detokenized credentials and the authentication value to re-tokenize the detokenized credentials; and
      
      receive the token associated with re-tokenized credentials from the token service provider.
  - 9. The server computer of claim 8, wherein the computer readable medium further comprises instructions that, when executed by the processor, cause the processor to:
    - send the token and the authentication value to a third server computer for initiating the transaction authorization process using the token and the authentication value, wherein the server computer is a directory server computer or a token router computer, wherein the third server computer is a merchant computer, wherein the tokenized transaction is between the user and a merchant associated with the merchant computer.
  - 10. The server computer of claim 7, wherein the detokenized credentials include a unique primary account number.
  - 11. The server computer of claim 7, wherein the token service provider is identified among the plurality of token service providers based on a format of the token or based on one or more predetermined rules.

12. A system comprising:
- a first server computer including a first processor and a first computer readable medium coupled to the first processor, the first computer readable medium comprising instructions that, when executed by the first processor, cause the first processor to;
  
  receive transaction data associated with a tokenized transaction initiated by a user;
  
  determine that the transaction data includes a token, wherein the token comprises tokenized credentials;
  
  initiate a user authentication process in connection with the tokenized transaction prior to a transaction authorization process in connection with the tokenized transaction, wherein the user authentication process includes;
  
  identifying a token service provider among a plurality of token service providers;
  
  sending the token to the token service provider to detokenize the token comprising the tokenized credentials to form detokenized credentials; and
  
  receiving from the token service provider the detokenized credentials; and
  
  a second server computer including a second processor and a second computer readable medium coupled to the second processor, the second computer readable medium comprising instructions that, when executed by the second processor, cause the second processor to;
  
  receive the detokenized credentials directly or indirectly from the first server computer for authentication;
  
  authenticate the detokenized credentials;
  
  generate an authentication value upon authenticating the detokenized credentials; and
  
  send the detokenized credentials and the authentication value to the first server computer before the transaction authorization process starts,wherein the token and the authentication value are incorporated into a transaction authorization request message after the transaction authorization process in connection with the tokenized transaction starts, andwherein the transaction authorization request message associated with the tokenized transaction includes at least the token and the authentication value.
- View Dependent Claims (13, 14)
- - 13. The system of claim 12, wherein the first computer readable medium further comprises instructions that, when executed by the first processor, cause the first processor to:
    - send the detokenized credentials to the token service provider after receiving the detokenized credentials and the authentication value to re-tokenize the detokenized credentials;
      
      receive the token associated with re-tokenized credentials from the token service provider; and
      
      send the token and the authentication value in the transaction authorization request message to a third server computer for initiating the transaction authorization process using the token and the authentication value, wherein the first server computer is a directory server computer or a token router computer, wherein the third server computer is a merchant computer, wherein the tokenized transaction is between the user and a merchant associated with the merchant computer.
  - 14. The system of claim 12, wherein the token service provider is identified among the plurality of token service providers based on a format of the token or based on one or more predetermined rules.

15. A method comprising:
- receiving, by a first server computer, transaction data associated with a tokenized transaction initiated by a user;
  
  determining, by the first server computer, that the transaction data includes a token wherein the token comprises tokenized credentials;
  
  initiating, by the first server computer, a user authentication process in connection with the tokenized transaction prior to a transaction authorization process in connection with the tokenized transaction, wherein the user authentication process includes;
  
  identifying, by the first server computer, a token service provider among a plurality of token service providers;
  
  sending, by the first server computer, the token to the token service provider to detokenize the tokenized credentials to form detokenized credentials; and
  
  receiving, by the first server computer, the detokenized credentials that were replaced with the token from the token service provider;
  
  receiving, by a second server computer, the detokenized credentials directly or indirectly from the first server computer for authentication;
  
  authenticating, by the second server computer, the detokenized credentials;
  
  generating, by the second server computer, an authentication value upon authenticating the detokenized credentials; and
  
  sending, by the second server computer, the detokenized credentials and the authentication value to the first server computer before the transaction authorization process starts,wherein the token and the authentication value are incorporated into a transaction authorization request message after the transaction authorization process in connection with the tokenized transaction starts, andwherein the transaction authorization request message associated with the tokenized transaction includes at least the token and the authentication value.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, further comprising:
    - sending, by the first server computer, the detokenized credentials to the token service provider after receiving the detokenized credentials and the authentication value to re-tokenize the detokenized credentials;
      
      receiving, by the first server computer, the token associated with re-tokenized credentials from the token service provider; and
      
      sending, by the first server computer, the token and the authentication value in the transaction authorization request message to a third server computer for the transaction authorization process using the token and the authentication value, wherein the first server computer is a directory server computer or a token router computer, wherein the third server computer is a merchant computer, wherein the tokenized transaction is between the user and a merchant associated with the merchant computer.
  - 17. The method of claim 16, wherein the token in the transaction authorization request message is de-tokenized using the token service provider and sent to an authorization computer as part of the transaction authorization process.
  - 18. The method of claim 15, wherein the token service provider is identified among the plurality of token service providers based on a format of the token or based on one or more predetermined rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Dimmick, James, Li, Shaw
Primary Examiner(s)
Nigh, James D
Assistant Examiner(s)
Neubig, Margaret M

Application Number

US14/701,437
Publication Number

US 20160321652A1
Time in Patent Office

1,741 Days
Field of Search

705 50- 79
US Class Current
CPC Class Codes

G06Q 20/382   insuring higher security of...

G06Q 20/38215   Use of certificates or encr...

G06Q 2220/00   Business processing using c...

H04L 2463/102   applying security measure f...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

Tokenization capable authentication framework

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

528 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Tokenization capable authentication framework

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

528 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links