SEEDING CHALLENGES FOR PAYMENT TRANSACTIONS
First Claim
Patent Images
1. A method comprising:
- providing a challenge message to a consumer, wherein a correct response to the challenge message is not known by an entity issuing the challenge message;
receiving, from the consumer, a first challenge response that is responsive to the challenge message;
repeating providing the challenge message to the consumer and receiving a subsequent challenge response from the consumer during each of one or more processes for authorizing a respective transaction requested by the consumer;
inferring a verified answer to the challenge message based at least on a similarity of the received challenge responses; and
using the challenge message, the verified answer, and another challenge response that is responsive to the challenge message in a process for determining whether the consumer is authorized to conduct another transaction.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and apparatus are provided for authenticating a consumer using challenge questions. A response to a challenge question is verified via seeding the challenge question, receiving response, and deductively determining the answer. The verified response and challenge question may then be used to authenticate a consumer as part of an authorization process.
139 Citations
23 Claims
-
1. A method comprising:
-
providing a challenge message to a consumer, wherein a correct response to the challenge message is not known by an entity issuing the challenge message; receiving, from the consumer, a first challenge response that is responsive to the challenge message; repeating providing the challenge message to the consumer and receiving a subsequent challenge response from the consumer during each of one or more processes for authorizing a respective transaction requested by the consumer; inferring a verified answer to the challenge message based at least on a similarity of the received challenge responses; and using the challenge message, the verified answer, and another challenge response that is responsive to the challenge message in a process for determining whether the consumer is authorized to conduct another transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer program product comprising a computer readable medium encoded with a plurality of instructions for controlling a computing system to perform an operation for determining whether a consumer is authorized to make a transaction, the operation comprising the steps of:
-
providing a challenge message to a consumer, wherein a correct response to the challenge message is not known by an entity issuing the challenge message; receiving, from the consumer, a first challenge response that is responsive to the challenge message; repeating providing the challenge message to the consumer and receiving a subsequent challenge response from the consumer during each of one or more processes for authorizing a respective transaction requested by the consumer; inferring a verified answer to the challenge message based at least on a similarity of the received challenge responses; and using the challenge message, the verified answer, and another challenge response that is responsive to the challenge message in a process for determining whether the consumer is authorized to conduct another transaction. - View Dependent Claims (14)
-
-
15. A method comprising:
-
receiving, from an entity, a challenge message for a consumer for a first time; providing, to the entity, a first challenge response that is responsive to the challenge message; repeating receiving the challenge message and providing a subsequent challenge response during each of one or more processes for authorizing a respective transaction initiated by the consumer in order to provide a verified answer to the challenge message; receiving, from the entity, the challenge message during a process for authorizing another transaction, wherein the challenge message is in response to an authorization request message that is associated with the consumer conducting the another transaction with a portable consumer device and that is sent to an issuer associated with the portable consumer device; and providing, to the entity, another challenge response suitable for determining an authorization response message that indicates whether or not the another transaction is authorized, wherein the another transaction is more likely to be authorized if the another challenge response is similar to the verified answer. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A computer program product comprising a computer readable medium encoded with a plurality of instructions for controlling a computing system to perform an operation for facilitating a consumer in an authorization process for a transaction requested by the consumer, the operation comprising the steps of:
-
receiving, from an entity, a challenge message for a consumer for a first time; providing, from the consumer to the entity, a first challenge response that is responsive to the challenge message; repeating receiving the challenge message and providing a subsequent challenge response during each of one or more processes for authorizing a respective transaction initiated by the consumer in order to provide a verified answer to the challenge message; receiving, from the entity, the challenge message during a process for authorizing another transaction, wherein the challenge message is in response to an authorization request message that is associated with the consumer conducting the another transaction with a portable consumer device and that is sent to an issuer associated with the portable consumer device; providing, to the entity, another challenge response suitable for determining an authorization response message that indicates whether or not the another transaction is authorized, wherein the another transaction is more likely to be authorized if the another challenge response is similar to the verified answer.
-
-
22. A phone comprising a computer readable medium encoded with a plurality of instructions for controlling a computing system of the phone to perform an operation for facilitating a consumer in an authorization process for a transaction requested by the consumer, the operation comprising the steps of:
-
receiving, at the phone being used by a consumer, a challenge message from an entity for a first time; providing, to the entity using the phone, a first challenge response that is responsive to the challenge message; repeating receiving the challenge message at the phone and providing a subsequent challenge response using the phone during each of one or more processes for authorizing a respective transaction initiated by the consumer in order to provide a verified answer to the challenge message; receiving, at the phone from the entity, the challenge message for the consumer during a process for authorizing another transaction, wherein the challenge message is in response to an authorization request message that is associated with the consumer conducting the another transaction with a portable consumer device and that is sent to an issuer associated with the portable consumer device; and providing, to the entity using the phone, another challenge response suitable for determining an authorization response message that indicates whether or not the another transaction is authorized, wherein the another transaction is more likely to be authorized if the another challenge response is similar to the verified answer.
-
-
23. A method of using a phone to facilitate an authorization process, the method comprising:
-
receiving, at a phone being used by a consumer, a challenge message from an entity for a first time; providing, to the entity using the phone, a first challenge response that is responsive to the challenge message; repeating receiving the challenge message and providing a subsequent challenge response during each of one or more processes for authorizing a respective transaction initiated by the consumer in order to provide a verified answer to the challenge message; receiving, from the entity, the challenge message during a process for authorizing another transaction, wherein the challenge message is in response to an authorization request message that is associated with the consumer conducting the another transaction with a portable consumer device and that is sent to an issuer associated with the portable consumer device; and providing, to the entity, another challenge response suitable for determining an authorization response message that indicates whether or not the another transaction is authorized, wherein the another transaction is more likely to be authorized if the another challenge response is similar to the verified answer.
-
Specification