Authentication system
First Claim
1. An authentication service for authenticating a consumer to a client using a remote authentication service provider that is adapted to respond to authentication requests from a plurality of different clients, in which the authentication service provider carries out the steps of:
- receiving an authentication request, the authentication request including a consumer name and a unique consumer code;
accessing at least one authentication data store containing consumer data associated with the consumer name;
determining the validity of the unique consumer code in dependence on the consumer data; and
, transmitting an authentication reply to the client confirming whether or not the consumer has been authenticated.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention allows clients to authenticate consumers using a trusted authentication service provider. The system addresses the concerns of consumers and business organisations alike. The objective is to assure clients of the authentication service of the true identity of the consumer. The remote authentication service provider maintains consumer data to facilitate a fast authentication of the consumer on the basis of a consumer name and a unique consumer code. In a preferred system, the unique consumer code is a one-time password (OTP) generated by a hardware token held by the consumer. The remote authentication service provider confirms that any password generated by the token is valid.
266 Citations
20 Claims
-
1. An authentication service for authenticating a consumer to a client using a remote authentication service provider that is adapted to respond to authentication requests from a plurality of different clients, in which the authentication service provider carries out the steps of:
-
receiving an authentication request, the authentication request including a consumer name and a unique consumer code;
accessing at least one authentication data store containing consumer data associated with the consumer name;
determining the validity of the unique consumer code in dependence on the consumer data; and
,transmitting an authentication reply to the client confirming whether or not the consumer has been authenticated. - View Dependent Claims (2, 3)
-
-
4. An authentication engine for providing a remote authentication service for a plurality of different clients requiring authentication of consumers prior to completing a transaction or granting access to a service or application provided by the client, the authentication engine comprising:
-
a communications interface for accepting an authentication request from a client, the authentication request including a consumer name and a unique consumer code;
at least one authentication data store containing consumer data associated with the consumer name; and
,a processing system adapted for accessing the at least one authentication data store and determining the validity of the unique personal code in dependence on the consumer data, and for generating an authentication reply to the client confirming whether or not the consumer has been authenticated. - View Dependent Claims (5)
-
-
6. A method of authentication in which a consumer requests a transaction or access to a service or resource provided by a client, in which the client carries out the steps of:
-
obtaining a consumer name and a unique consumer code from the consumer, transmitting an authentication request to a remote authentication service provider that is accessible by a number of different clients, the authentication request including the consumer name and the unique consumer code;
receiving an authentication reply from the remote authentication service provider identifying whether or not the consumer has been authenticated; and
,if the consumer is authenticated, proceeding with the transaction or providing the access or service requested by the consumer. - View Dependent Claims (7)
-
-
8. A payment authorisation service in which a client transmits a payment authorisation request in respect of a consumer transaction to a remote service provider adapted to respond to payment authorisation requests from a number of different clients, in which the remote service provider carries out the steps of:
-
receiving a payment authorisation request from a client, the payment authorisation request including a consumer and a unique consumer code;
accessing at least one data store containing consumer data associated with the consumer name and determining the validity of the unique consumer code in dependence on the consumer data, thereby authenticating the consumer; and
,executing a payment process to fulfil the payment authorisation request and thereby complete an authorised transaction. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A payment authorisation engine for providing a hosted remote payment authorisation service for a plurality of different clients transacting with consumers, the payment authorisation engine comprising:
-
a communications interface for receiving a payment authorisation request from a client, the payment authorisation request including a consumer name and a uniqu consumer code;
a number of data stores containing consumer data, including details of consumer payment cards; and
a processing system including a number of payment modules that enabl authorised payments according to a predetermined protocol, the processing system being adapted for accessing at least one data store containing consumer data associated with the consumer name and determining the validity of the uniqu consumer code, thereby authenticating the consumer, and execute a payment process using a selected payment module to fulfil the payment authorisation request and thereby complete an authorised transaction. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification