One-time credit card number generator and single round-trip authentication
First Claim
1. A method of authenticating a client to a server comprising:
- generating a challenge at the client;
signing the challenge to form a signed challenge;
sending at least the signed challenge to the server;
verifying the signature of the challenge at the server; and
if the signature is verified, sending an indication of successful authentication to the client.
11 Assignments
0 Petitions
Accused Products
Abstract
An online transaction is effected between a user system, a merchant system and an issuer system. The user system generates a one-time number (OTN) to use as a card number for a transaction with the merchant. The user system generates the OTN as a function of various parameters and sends the OTN to the issuer and to the merchant. With the issuer communication, the user is first authenticated, so the issuer can associate the received OTN with the user even if the user'"'"'s identity cannot be fully discerned from the OTN alone. In authenticating the user with the issuer, and possibly other authentications, the user sends the issuer a signed challenge where the challenge is a sequential challenge or a function of a prior challenge provided by the issuer. The issuer responds with an approval/denial message and, in the latter case, includes the next challenge to be used.
132 Citations
8 Claims
-
1. A method of authenticating a client to a server comprising:
-
generating a challenge at the client;
signing the challenge to form a signed challenge;
sending at least the signed challenge to the server;
verifying the signature of the challenge at the server; and
if the signature is verified, sending an indication of successful authentication to the client. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of using a one-time use card number for an online transaction, comprising:
-
generating a one-time use card number at a user system;
authenticating the user system to an issuer system;
passing the one-time use card number from the user system to the issuer system;
passing the one-time use card number from the user system to a merchant system, wherein the merchant system is programmed to present the one-time use card number to the issuer system to effect a payment;
verifying the one-time use card number received from the merchant system with the one-time use card number received from the user system; and
if the one-time use card number is verified, approving the transaction. - View Dependent Claims (7, 8)
-
Specification