Authentication arrangement and method for use with financial transactions

US 20050119978A1
Filed: 02/28/2003
Published: 06/02/2005
Est. Priority Date: 02/28/2002
Status: Active Grant

First Claim

Patent Images

1. A network payment system for transacting a sale of merchandise over a network using an Integrated Circuit Card for authentication, said network payment system comprising:

a merchant server in communication with said network, said merchant server having at least a first item of merchandise for sale;

a client terminal in communication with said network, said client terminal having an output device for reviewing said first item for sale, and an input device for initiating a purchase transaction to purchase said first item for sale, said client terminal being arranged to build a purchase message using information relating to a merchant identifier and financial transaction information obtained from said merchant server;

a card reader for communicating with said Integrated Circuit Card, a transaction approvals server for approving financial transactions, said client terminal having means to generate a challenge message, said challenge message being generated from the information relating to the merchant identifier and an account number, means for receiving the challenge message at the card reader and for generating a value from the challenge message;

said Integrated Circuit Card having means for generating a cryptographic message from at least a part of said value, the card reader having means to generate an authentication token from at least a part of the cryptographic message, said client terminal having means for transmitting at least part of the authentication token in a message for transmission via the network to said approvals server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication arrangement for use in a network payment system for transacting a sale of merchandise over a network using an Integrated Circuit Card is described, the arrangement comprising: a merchant server in communication with said network, said merchant server having at least a first item of merchandise for sale; a client terminal in communication with said network, said client terminal having an output device for reviewing said first item for sale, and an input device for initiating a purchase transaction to purchase said first item for sale, said client terminal being arranged to build a purchase message using information relating to a merchant identifier and financial transaction information obtained from said merchant server; a card reader for communicating with said Integrated Circuit Card, said client terminal having means to generate a challenge message, said challenge message being generated from the information relating to the merchant identifier and an account number, means for receiving the challenge message at the card reader and for generating a value from the challenge message; said Integrated Circuit Card having means for generating a cryptographic message from at least a part of said value, the card reader having means to generate an authentication token from at least a part of the cryptographic message, and said client terminal having means for transmitting at least part of the authentication token in a message for transmission via the network.

Citations

36 Claims

1. A network payment system for transacting a sale of merchandise over a network using an Integrated Circuit Card for authentication, said network payment system comprising:
- a merchant server in communication with said network, said merchant server having at least a first item of merchandise for sale;
  
  a client terminal in communication with said network, said client terminal having an output device for reviewing said first item for sale, and an input device for initiating a purchase transaction to purchase said first item for sale, said client terminal being arranged to build a purchase message using information relating to a merchant identifier and financial transaction information obtained from said merchant server;
  
  a card reader for communicating with said Integrated Circuit Card, a transaction approvals server for approving financial transactions, said client terminal having means to generate a challenge message, said challenge message being generated from the information relating to the merchant identifier and an account number, means for receiving the challenge message at the card reader and for generating a value from the challenge message;
  
  said Integrated Circuit Card having means for generating a cryptographic message from at least a part of said value, the card reader having means to generate an authentication token from at least a part of the cryptographic message, said client terminal having means for transmitting at least part of the authentication token in a message for transmission via the network to said approvals server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system according to claim 1, wherein said means to generate a challenge message is adapted to generate the challenge message from the information relating to the merchant identifier, an account number and at least one of a purchase amount and a purchase currency.
  - 3. The system according to claim 1, wherein the means for transmitting at least part of said authentication token is adapted to transmit the at least part of said authentication token to the merchant server and the merchant server is adapted to transmit the at least part of said authentication token to the transaction approvals server with purchase information in an authorization request message.
  - 4. The system according to claim 2 , wherein the means to generate a challenge message is adapted to concatenate the merchant identifier and the account number and optionally at least one of a purchase amount and a purchase currency.
  - 5. The system according to claim 1, wherein the means to generate a challenge message is adapted to compress the concatenation of the merchant identifier, and the account number and optionally at least one of a purchase amount and a purchase currency.
  - 6. The system according to claim 5, wherein the compression is a hash function.
  - 7. The system according to claim 3, wherein the approvals server rebuilds at least part of the authentication token and compares the rebuilt message with the at least part of the authentication token in the authorization request message transmitted from the merchant server.
  - 8. The system according to claim 7, wherein the transaction approvals server is adapted to send an authentication approval message to the merchant server if the comparison is positive.
  - 9. The system according to claim 1, wherein the Integrated Circuit card has a memory and a first data object stored in said memory and the means for generating an authentication token from at least a part of the cryptographic message is adapted to select a part of the part of the cryptographic message in accordance with the first data object.
  - 10. The system according to claim 4, wherein the Integrated Circuit card has a memory and a second data object stored in said memory and the means to generate a challenge message includes at least one of a purchase amount and a purchase currency in the generation of the challenge message in accordance with the second data object.

11. A method for authentication for transacting a sale of merchandise over a network using an Integrated Circuit Card, the method comprising:
- establishing a communication between a merchant server with a client terminal over said network, said merchant server having at least a first item of merchandise for sale;
  
  reviewing said first item for sale on said client terminal, initiating a purchase transaction to purchase said first item for sale and building a purchase message using information relating to a merchant identifier and financial transaction information obtained from said merchant server;
  
  generating a challenge message on the client terminal the information relating to the merchant identifier and an account number, receiving the challenge message at a card reader and for generating a value from the challenge message;
  
  establishing a communication between the Integrated Circuit card and the card reader and generating a cryptographic message from at least a part of said value, generating an authentication token on the card reader from at least a part of the cryptographic message, transmitting at least part of the authentication token in a message from the client terminal for transmission via the network to an approvals server.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method according to claim 11, wherein generating a challenge message includes generating the challenge message from the information relating to the merchant identifier, an account number and at least one of a purchase amount and a purchase currency.
  - 13. The method according to claim 11, wherein transmitting at least part of said authentication token includes transmitting the at least part of said authentication token to the merchant server and transmitting the at least part of said authentication token from the merchant server to the transaction approvals server with purchase information in an authorization request message.
  - 14. The method according to claim 12, wherein generating a challenge message comprises concatenating the merchant identifier and the account number and optionally at least one of a purchase amount and a purchase currency.
  - 15. The method according to claim 11, wherein generating a challenge message comprises compressing the concatenation of the merchant identifier, and the account number and optionally at least one of a purchase amount and a purchase currency.
  - 16. The method according to claim 15, wherein compressing includes applying a hash function.
  - 17. The method according to claim 13, rebuilding at least part of the authentication token at the approvals server and comparing the rebuilt message with the at least part of the authentication token in the authorization request message transmitted from the merchant server.
  - 18. The method according to claim 17, further comprising sending an authentication approval message to the merchant server if the comparison is positive.
  - 19. The method according to claim 11, wherein the Integrated Circuit card has a memory and a first data object stored in said memory, further comprising generating an authentication token from at least a part of the cryptographic message by selecting a part of the part of the cryptographic message in accordance with the first data object.
  - 20. The method according to claim 14, wherein the Integrated Circuit card has a memory and a second data object stored in said memory, further comprising generating a challenge message from at least one of a purchase amount and a purchase currency in accordance with the second data object.

21. An authentication system for use with a network payment system for transacting a sale of merchandise over a network using an Integrated Circuit Card for authentication, said authentication system comprising:
- a merchant server in communication with said network, said merchant server having at least a first item of merchandise for sale;
  
  a client terminal in communication with said network, said client terminal having an output device for reviewing said first item for sale, and an input device for initiating a purchase transaction to purchase said first item for sale, said client terminal being arranged to build a purchase message using information relating to a merchant identifier and financial transaction information obtained from said merchant server;
  
  a card reader for communicating with said Integrated Circuit Card, said client terminal having means to generate a challenge message, said challenge message being generated from the information relating to the merchant identifier and an account number, means for receiving the challenge message at the card reader and for generating a value from the challenge message;
  
  said Integrated Circuit Card having means for generating a cryptogram from at least a part of said value, the card reader having means to generate an authentication token from at least a part of the cryptogram, said client terminal having means for transmitting at least part of the authentication token in a message for transmission via the network towards said merchant server.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The system according to claim 21, wherein said means to generate a challenge message is adapted to generate the challenge message from the information relating to the merchant identifier, an account number and at least one of a purchase amount and a purchase currency.
  - 23. The system according to claim 21, wherein the means to generate a challenge message is adapted to concatenate the merchant identifier and the account number and optionally at least one of a purchase amount and a purchase currency.
  - 24. The system according to claim 21, wherein the means to generate a challenge message is adapted to compress the concatenation of the merchant identifier, and the account number and optionally at least one of a purchase amount and a purchase currency.
  - 25. The system according to claim 24, wherein the compression is a hash function.
  - 26. The system according to claim 21, wherein the Integrated Circuit card has a memory and a first data object stored in said memory and the means for generating an authentication token from at least a part of the cryptogram is adapted to select a part of the part of the cryptogram in accordance with the first data object.
  - 27. The system according to claim 21, wherein the Integrated Circuit card has a memory and a second data object stored in said memory and the means to generate a challenge message includes at least one of a purchase amount and a purchase currency in the generation of the challenge message in accordance with the second data object.

28. A method for authentication for transacting a sale of merchandise over a network using an Integrated Circuit Card, the method comprising:
- establishing a communication between a merchant server with a client terminal over said network, said merchant server having at least a first item of merchandise for sale;
  
  reviewing said first item for sale on said client terminal, initiating a purchase transaction to purchase said first item for sale and building a purchase message using information relating to a merchant identifier and financial transaction information obtained from said merchant server;
  
  generating a challenge message on the client terminal the information relating to the merchant identifier and an account number, receiving the challenge message at a card reader and for generating a value from the challenge message;
  
  establishing a communication between the Integrated Circuit card and the card reader and generating a cryptogram from at least a part of said value, generating an authentication token on the card reader from at least a part of the cryptogram, transmitting at least part of the authentication token in a message from the client terminal for transmission via the network to the merchant server.
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. The method according to claim 28, wherein generating a challenge message includes generating the challenge message from the information relating to the merchant identifier, an account number and at least one of a purchase amount and a purchase currency.
  - 30. The method according to claim 28, wherein generating a challenge message comprises concatenating the merchant identifier and the account number and optionally at least one of a purchase amount and a purchase currency.
  - 31. The method according to claim 28, wherein generating a challenge message comprises compressing the concatenation of the merchant identifier, and the account number and optionally at least one of a purchase amount and a purchase currency.
  - 32. The method according to claim 31, wherein compressing includes applying a hash function.
  - 33. The method according to claim 28, wherein the Integrated Circuit card has a memory and a first data object stored in said memory, further comprising generating an authentication token from at least a part of the cryptogram by selecting a part of the part of the cryptogram in accordance with the first data object.
  - 34. The method according to claim 28, wherein the Integrated Circuit card has a memory and a second data object stored in said memory, further comprising generating a challenge message from at least one of a purchase amount and a purchase currency in accordance with the second data object.

35. An authentication system for use with a network payment system for transacting a sale of merchandise over a network, said authentication system comprising:
- a merchant server in communication with said network, said merchant server having at least a first item of merchandise for sale;
  
  a client terminal in communication with said network, said client terminal having an output device for reviewing said first item for sale, and an input device for initiating a purchase transaction to purchase said first item for sale, said client terminal being arranged to build a purchase message using information relating to a merchant identifier and financial transaction information obtained from said merchant server;
  
  a hand held device, said client terminal having means to generate a challenge message, said challenge message being generated from the information relating to the merchant identifier and an account number, means for receiving the challenge message at the hand held device and for generating a value from the challenge message, the hand held device having means for generating a cryptogram from at least a part of said value;
  
  the hand held device having means to generate an authentication token from at least a part of the cryptogram, said client terminal having means for transmitting at least part of the authentication token in a message for transmission via the network towards said merchant server.

36. A method for authentication for transacting a sale of merchandise over a network using a hand held device, the method comprising:
- establishing a communication between a merchant server with a client terminal over said network, said merchant server having at least a first item of merchandise for sale;
  
  reviewing said first item for sale on said client terminal, initiating a purchase transaction to purchase said first item for sale and building a purchase message using information relating to a merchant identifier and financial transaction information obtained from said merchant server;
  
  generating a challenge message on the client terminal the information relating to the merchant identifier and an account number, receiving the challenge message at hand held device and for generating a value from the challenge message, generating a cryptogram in the hand held device from at least a part of said value;
  
  generating an authentication token on the hand held device from at least a part of the cryptogram, transmitting at least part of the authentication token in a message from the client terminal for transmission via the network to the merchant server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Ates, Fikret

Granted Patent

US 10,395,462 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3674   involving authentication

G06Q 20/388   using mutual authentication...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

Authentication arrangement and method for use with financial transactions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication arrangement and method for use with financial transactions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links