Systems and methods for secure authentication of transactions initiated at a client device

US 10,607,224 B2
Filed: 04/04/2016
Issued: 03/31/2020
Est. Priority Date: 04/04/2016
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a cardholder for a candidate purchase using an authentication system including an authentication computing device and a merchant device associated with a merchant, the authentication computing device in communication with a memory, the method comprising:

receiving, by the authentication computing device, an authentication profile associated with the cardholder during an enrollment process for an authentication service;

storing the authentication profile within the memory;

transmitting, to a user device associated with the cardholder, by the merchant device, a purchase request notification prompting the cardholder to review the candidate purchase, wherein the candidate purchase is initiated by an initiator at a client device;

receiving, from the user device, at the merchant device, a cardholder response to the purchase request notification, the cardholder response indicating that the cardholder approves the candidate purchase and that the initiator is authorized by the cardholder to make the candidate purchase;

sending, in response to the cardholder response, by the merchant computing device via a payment processing network, to the authentication computing device, an authentication request for the candidate purchase over a first communication link;

retrieving, by the authentication computing device, in response to the authentication request, the stored authentication profile from the memory;

generating, by the authentication computing device in response to the authentication request, a challenge message based on the stored authentication profile;

transmitting, by the authentication computing device, the challenge message to the user device associated with the cardholder over a second communication link to authenticate the cardholder for the candidate purchase, the first communication link different than the second communication link, the user device different than the client device, wherein the challenge message is configured to cause the user device to request a paired device to collect authentication information and transmit the collected authentication information to the user device;

receiving, by the authentication computing device, a challenge response including authentication information associated with the cardholder collected from the user device;

comparing, by the authentication computing device, the collected authentication information to the stored authentication profile; and

transmitting, by the authentication computing device, to an issuer device, a notification that the cardholder for the candidate purchase is authenticated based on the comparison.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a cardholder for a candidate purchase using an authentication computing device in communication with a memory is provided. The method includes receiving an authentication profile associated with the cardholder during an enrollment process for an authentication service, storing the authentication profile within the memory, and receiving an authentication request for the candidate purchase over a first communication link. The candidate purchase is initiated at a client device. The method further includes retrieving the stored authentication profile from the memory, generating a challenge message based on the stored authentication profile, transmitting the challenge message to a user device over a second communication link, receiving a challenge response including authentication information collected from the user device, comparing the collected authentication information to the stored authentication profile, and authenticating the cardholder for the candidate purchase based on the comparison.

43 Citations

20 Claims

1. A method for authenticating a cardholder for a candidate purchase using an authentication system including an authentication computing device and a merchant device associated with a merchant, the authentication computing device in communication with a memory, the method comprising:
- receiving, by the authentication computing device, an authentication profile associated with the cardholder during an enrollment process for an authentication service;
  
  storing the authentication profile within the memory;
  
  transmitting, to a user device associated with the cardholder, by the merchant device, a purchase request notification prompting the cardholder to review the candidate purchase, wherein the candidate purchase is initiated by an initiator at a client device;
  
  receiving, from the user device, at the merchant device, a cardholder response to the purchase request notification, the cardholder response indicating that the cardholder approves the candidate purchase and that the initiator is authorized by the cardholder to make the candidate purchase;
  
  sending, in response to the cardholder response, by the merchant computing device via a payment processing network, to the authentication computing device, an authentication request for the candidate purchase over a first communication link;
  
  retrieving, by the authentication computing device, in response to the authentication request, the stored authentication profile from the memory;
  
  generating, by the authentication computing device in response to the authentication request, a challenge message based on the stored authentication profile;
  
  transmitting, by the authentication computing device, the challenge message to the user device associated with the cardholder over a second communication link to authenticate the cardholder for the candidate purchase, the first communication link different than the second communication link, the user device different than the client device, wherein the challenge message is configured to cause the user device to request a paired device to collect authentication information and transmit the collected authentication information to the user device;
  
  receiving, by the authentication computing device, a challenge response including authentication information associated with the cardholder collected from the user device;
  
  comparing, by the authentication computing device, the collected authentication information to the stored authentication profile; and
  
  transmitting, by the authentication computing device, to an issuer device, a notification that the cardholder for the candidate purchase is authenticated based on the comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method in accordance with claim 1, wherein receiving the authentication request and generating the challenge message occur in near real-time.
  - 3. The method in accordance with claim 1, wherein each of the stored authentication profile and the collected authentication information includes at least one of biometric information and device information associated with the cardholder.
  - 4. The method in accordance with claim 1, wherein the challenge message is an encrypted message configured to be decrypted by a locked file on the user device, wherein the user device processes the challenge message to generate the challenge response.
  - 5. The method in accordance with claim 1, wherein the purchase request notification includes information associated with the candidate purchase and prompts the cardholder to approve or decline the candidate purchase.
  - 6. The method in accordance with claim 1, wherein the issuer device authorizes the candidate purchase in response to the cardholder being authenticated.
  - 7. The method in accordance with claim 1, wherein the client device is a gaming device.

8. An authentication system for authenticating a cardholder for a candidate purchase associated with the cardholder, the authentication system comprising an authentication computing device and a merchant device associated with a merchant, wherein:
- the authentication computing device is programmed to;
  
  receive an authentication profile associated with the cardholder during an enrollment process for an authentication service; and
  
  store the authentication profile within the memory;
  
  the merchant device is programmed to;
  
  transmit, to a user device associated with the cardholder a purchase request notification prompting the cardholder to review the candidate purchase, wherein the candidate purchase is initiated by an initiator at a client device;
  
  receive, from the user device, a cardholder response to the purchase request notification, the cardholder response indicating that the cardholder approves the candidate purchase and that the initiator is authorized by the cardholder to make the candidate purchase; and
  
  send, in response to the cardholder response, via a payment processing network, to the authentication computing device, an authentication request for the candidate purchase over a first communication link; and
  
  the authentication computing device is further programmed to;
  
  retrieve, in response to the authentication request, the stored authentication profile from the memory;
  
  generate, in response to the authentication request, a challenge message based on the stored authentication profile;
  
  transmit the challenge message to the user device associated with the cardholder over a second communication link to authenticate the cardholder for the candidate purchase, the first communication link different from the second communication link, the user device different than the client device, wherein the challenge message is configured to cause the user device to request a paired device to collect authentication information and transmit the collected authentication information to the user device;
  
  receive a challenge response including an authentication profile associated with the cardholder collected from the user device;
  
  compare the collected authentication profile to the stored authentication profile; and
  
  transmit, to an issuer device, a notification that the cardholder for the candidate purchase is authenticated based on the comparison.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The authentication computing device in accordance with claim 8, wherein the authentication computing device is programmed to receive the authorization request and generate the challenge message in near real-time.
  - 10. The authentication computing device in accordance with claim 8, wherein each of the stored authentication profile and the collected authentication information includes at least one of biometric information and device information associated with the cardholder.
  - 11. The authentication computing device in accordance with claim 8, wherein the challenge message is an encrypted message configured to be decrypted by a locked file on the user device, wherein the user device processes the challenge message to generate the challenge response.
  - 12. The authentication computing device in accordance with claim 8, wherein the purchase request notification includes information associated with the candidate purchase and prompts the cardholder to approve or decline the candidate purchase.
  - 13. The authentication computing device in accordance with claim 8, wherein the issuer device authorizes the candidate purchase in response to the cardholder being authenticated.
  - 14. The authentication computing device in accordance with claim 8, wherein the client device is a gaming device.

15. Non-transitory computer-readable storage media for authenticating a cardholder for a candidate purchase associated with the cardholder, the computer-readable storage media having a first set of computer-executable instructions embodied thereon for execution by an authentication computing device, and a second set of computer-executable instructions embodied thereon for execution by a merchant device associated with a merchant, wherein, when executed by the authentication computing device, the first set of computer-executable instructions cause the authentication computing device to:
- receive authentication profile associated with the cardholder from the cardholder during an enrollment process for an authentication service; and
  
  store the authentication profile in a memory in communication with the processor; and
  
  wherein the second set of computer-executable instructions, when executed by the merchant device, cause the merchant device to;
  
  transmit, to a user device associated with the cardholder, a purchase request notification prompting the cardholder to review the candidate purchase, wherein the candidate purchase is initiated by an initiator at a client device;
  
  receive, from the user device, a cardholder response to the purchase request notification, the cardholder response indicating that the cardholder approves the candidate purchase and that the initiator is authorized by the cardholder to make the candidate purchase; and
  
  send, in response to the cardholder response, via a payment processing network, to the authentication computing device, an authentication request for the candidate purchase over a first communication link; and
  
  wherein the first set of computer-executable instructions, when executed by the authentication computing device, further cause the authentication computing device to;
  
  retrieve, in response to the authentication request, the stored authentication profile associated with the cardholder from the memory;
  
  generate, in response to the authentication request, a challenge message based on the stored authentication profile;
  
  transmit the challenge message to the user device associated with the cardholder over a second communication link to authenticate the cardholder for the candidate purchase, the first communication link different from the second communication link, the user device different than the client device, wherein the challenge message is configured to cause the user device to request a paired device to collect authentication information and transmit the collected authentication information to the user device;
  
  receive a challenge response including an authentication profile associated with the cardholder collected from the user device;
  
  compare the collected authentication profile to the stored authentication profile; and
  
  transmit, to an issuer device, a notification that the cardholder for the candidate purchase based on the comparison.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable storage media in accordance with claim 15, wherein each of the stored authentication profile and the collected authentication information includes at least one of biometric information and device information associated with the cardholder.
  - 17. The computer-readable storage media in accordance with claim 15, wherein the challenge message is an encrypted message configured to be decrypted by a locked file on the user device, wherein the user device processes the challenge message to generate the challenge response.
  - 18. The computer-readable storage media in accordance with claim 15, wherein the purchase request notification includes information associated with the candidate purchase and prompts the cardholder to approve or decline the candidate purchase.
  - 19. The computer-readable storage media in accordance with claim 15, wherein the issuer device authorizes the candidate purchase in response to the cardholder being authenticated.
  - 20. The computer-readable storage media in accordance with claim 15, wherein the client device is a gaming device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Kohli, Manoneet
Primary Examiner(s)
Coppola, Jacob C.

Application Number

US15/090,370
Publication Number

US 20170286966A1
Time in Patent Office

1,457 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/3226   Use of secure elements sepa...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/40145   Biometric identity checks

G06Q 20/407   Cancellation of a transaction

G06Q 20/4097   using mutual authentication...

G06Q 20/425   using two different network...

Systems and methods for secure authentication of transactions initiated at a client device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure authentication of transactions initiated at a client device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links