Method of one time authentication response to a session-specific challenge indicating a random subset of password or PIN character positions
First Claim
1. An interactive method for authentication of a client, comprising:
- storing a client identifier (ACCOUNT NUMBER (406);
ACC#{XYZ}—
FIG. 8) for a client and an identification code (ID_PIN—
FIG. 6) for the client in a memory (606), the identification code comprising a set of password or PIN characters with each consecutive character position number in the set associated with a particular character;
supplying to the client via a data communication medium using a process (504) executed by a computer system, a prompt for entry of a client identifier;
accepting in the computer system data from the client via a data communication medium, the data indicating the client identifier (406) for the client, and verifying that the data indicating the client identifier matches the stored client identifier (502);
supplying to the client via a data communication medium using a process (508) executed by the computer system, a session-specific random subset of character position numbers from said identification code for the client, wherein the random subset of character position numbers does not include all of the character position numbers from the identification code;
accepting input data (408, ID_PIN SUBSET—
FIG. 8) in the computer system from the client via a data communication medium, the input data including a random subset of characters from the identification code, wherein the random subset of characters does not include all of the identification code; and
determining (505) in the computer system, whether the input data match characters from the stored identification code in a session-specific random subset of character positions.
0 Assignments
0 Petitions
Accused Products
Abstract
Financial institution back office computerized transaction-processing system with embedded privacy and security layer (EPSL) enables strong transaction authentication prior to a merchant or vendor contact, based on a user account number, transaction conditions like anticipated transaction time and money, user two-factor authentication with a static transaction PIN and a transaction session-specific random partial password or PIN recognition algorithm. User enters the user name and then, challenged by server with a random session-specific subset of a password or PIN character'"'"'s consecutive position numbers, enters based on cognitive association a one time authentication response. The authentication session is interactive, transaction session-specific, and followed by either a transaction denial or an alphanumeric transaction signature generated by EPSL for this specific transaction. Then, the user submits her request to a transaction counterpart along with the transaction signature. The merchant or vendor requests an authorization session with EPSL.
-
Citations
8 Claims
-
1. An interactive method for authentication of a client, comprising:
- storing a client identifier (ACCOUNT NUMBER (406);
ACC#{XYZ}—FIG. 8 ) for a client and an identification code (ID_PIN—FIG. 6 ) for the client in a memory (606), the identification code comprising a set of password or PIN characters with each consecutive character position number in the set associated with a particular character;
supplying to the client via a data communication medium using a process (504) executed by a computer system, a prompt for entry of a client identifier;
accepting in the computer system data from the client via a data communication medium, the data indicating the client identifier (406) for the client, and verifying that the data indicating the client identifier matches the stored client identifier (502);
supplying to the client via a data communication medium using a process (508) executed by the computer system, a session-specific random subset of character position numbers from said identification code for the client, wherein the random subset of character position numbers does not include all of the character position numbers from the identification code;
accepting input data (408, ID_PIN SUBSET— FIG. 8 ) in the computer system from the client via a data communication medium, the input data including a random subset of characters from the identification code, wherein the random subset of characters does not include all of the identification code; and
determining (505) in the computer system, whether the input data match characters from the stored identification code in a session-specific random subset of character positions. - View Dependent Claims (2, 3, 4)
- storing a client identifier (ACCOUNT NUMBER (406);
-
5. A transaction server, comprising:
-
memory (601, 606)) storing a client identifier (ACCOUNT NUMBER (406);
ACC#{XYZ}—FIG. 8 ) for a client and an identification code (ID_PIN—FIG. 6 ) for the client, the identification code comprising a set of password or PIN characters with each consecutive character position number in the set associated with a particular character;
a computer system coupled to the memory, the computer system including a module (504) to supply to the client via a data communication medium, a prompt for entry of a client identifier;
a module (406) to accept data indicating the client identifier from the client via a data communication medium;
a module (502) to verify that the data indicating the client identifier matches the stored client identifier for the client;
a module (505) to supply to the client a session-specific random subset of character position numbers from said identification code for the client, wherein the random subset of character position numbers does not include all of the character position numbers from the identification code;
a module (408) to accept input data (ID_PIN SUBSET— FIG. 8 ) from the client via a data communication medium, the input data including a random subset of characters from the identification code for the client, wherein the random subset of characters does not include all of the identification code; and
a module (505) to allow processing of a transaction to continue if the input data matches characters from the stored identification code for the client in the session-specific random subset of character positions. - View Dependent Claims (6, 7, 8)
-
Specification