SEEDING CHALLENGES FOR PAYMENT TRANSACTIONS

US 20080319904A1
Filed: 06/16/2008
Published: 12/25/2008
Est. Priority Date: 06/25/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing a challenge message to a consumer, wherein a correct response to the challenge message is not known by an entity issuing the challenge message;

receiving, from the consumer, a first challenge response that is responsive to the challenge message;

repeating providing the challenge message to the consumer and receiving a subsequent challenge response from the consumer during each of one or more processes for authorizing a respective transaction requested by the consumer;

inferring a verified answer to the challenge message based at least on a similarity of the received challenge responses; and

using the challenge message, the verified answer, and another challenge response that is responsive to the challenge message in a process for determining whether the consumer is authorized to conduct another transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and apparatus are provided for authenticating a consumer using challenge questions. A response to a challenge question is verified via seeding the challenge question, receiving response, and deductively determining the answer. The verified response and challenge question may then be used to authenticate a consumer as part of an authorization process.

139 Citations

View as Search Results

23 Claims

1. A method comprising:
- providing a challenge message to a consumer, wherein a correct response to the challenge message is not known by an entity issuing the challenge message;
  
  receiving, from the consumer, a first challenge response that is responsive to the challenge message;
  
  repeating providing the challenge message to the consumer and receiving a subsequent challenge response from the consumer during each of one or more processes for authorizing a respective transaction requested by the consumer;
  
  inferring a verified answer to the challenge message based at least on a similarity of the received challenge responses; and
  
  using the challenge message, the verified answer, and another challenge response that is responsive to the challenge message in a process for determining whether the consumer is authorized to conduct another transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein none of the subsequent challenge responses are used in a determination of whether the consumer is authorized to make any of the respective transactions.
  - 3. The method of claim 1 wherein using comprises:
    - comparing the another challenge response to the verified answer; and
      
      calculating a contribution to a risk score based on the comparison, wherein the risk score is used to determine whether or not to authorize the another transaction.
  - 4. The method of claim 3 wherein calculating the contribution comprises using a confidence score associated with the verified answer as a factor in determining the contribution.
  - 5. The method of claim 4 further comprising:
    - increasing the confidence score of the verified answer when the another challenge response is similar to the verified answer.
  - 6. The method of claim 1 wherein the first challenge response is received during a process of authorizing a transaction requested by the consumer.
  - 7. The method of claim 1, further comprising:
    - inferring respective verified answers to one or more other challenge messages; and
      
      using the other challenge messages, their respective verified answers, and respective challenge responses in the determination of the another transaction.
  - 8. The method of claim 1 wherein inferring the verified answer comprises:
    - determining a consistency value for the received challenge responses;
      
      comparing the consistency value to a threshold value; and
      
      verifying the answer when a threshold criteria has been achieved.
  - 9. The method of claim 8 wherein the consistency value is a number of consecutive responses that have been similar, wherein the threshold value is an integer N, and wherein the threshold criteria is whether the consistency value is at least one of greater than N or greater than or equal to N.
  - 10. The method of claim 1 wherein the verified answer is inferred based also on one or more other criteria.
  - 11. The method of claim 10 wherein the other criteria includes a number of billing cycles that the consumer has had a portable consumer device without suspect activity.
  - 12. The method of claim 1, further comprising:
    - resetting a process of inferring the verified answer when the another challenge response is different than verified answer.

13. A computer program product comprising a computer readable medium encoded with a plurality of instructions for controlling a computing system to perform an operation for determining whether a consumer is authorized to make a transaction, the operation comprising the steps of:
- providing a challenge message to a consumer, wherein a correct response to the challenge message is not known by an entity issuing the challenge message;
  
  receiving, from the consumer, a first challenge response that is responsive to the challenge message;
  
  repeating providing the challenge message to the consumer and receiving a subsequent challenge response from the consumer during each of one or more processes for authorizing a respective transaction requested by the consumer;
  
  inferring a verified answer to the challenge message based at least on a similarity of the received challenge responses; and
  
  using the challenge message, the verified answer, and another challenge response that is responsive to the challenge message in a process for determining whether the consumer is authorized to conduct another transaction.
- View Dependent Claims (14)
- - 14. The computer program product of claim 13 wherein the computer program product includes a server computer.

15. A method comprising:
- receiving, from an entity, a challenge message for a consumer for a first time;
  
  providing, to the entity, a first challenge response that is responsive to the challenge message;
  
  repeating receiving the challenge message and providing a subsequent challenge response during each of one or more processes for authorizing a respective transaction initiated by the consumer in order to provide a verified answer to the challenge message;
  
  receiving, from the entity, the challenge message during a process for authorizing another transaction, wherein the challenge message is in response to an authorization request message that is associated with the consumer conducting the another transaction with a portable consumer device and that is sent to an issuer associated with the portable consumer device; and
  
  providing, to the entity, another challenge response suitable for determining an authorization response message that indicates whether or not the another transaction is authorized, wherein the another transaction is more likely to be authorized if the another challenge response is similar to the verified answer.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 wherein the entity is the issuer.
  - 17. The method of claim 15, further comprising:
    - during the process for authorizing the another transaction, providing, by the consumer to the entity, one or more additional challenge responses that are respectively responsive to one or more other challenge messages,wherein the transaction is more likely to be authorized if the additional challenge responses are respectively similar to previously provided challenge responses responsive to the other challenge messages.
  - 18. The method of claim 15, wherein a confidence score is associated with the challenge message, and wherein the confidence score is a measure of a likelihood that when the another challenge response is dissimilar from the verified answer that the another transaction will not be authorized.
  - 19. The method of claim 18 wherein the confidence score increases when the another response is similar to the verified answer.
  - 20. The method of claim 15, further comprising:
    - when the another challenge response is dissimilar from the verified answer, repeating receiving the challenge message and providing a subsequent challenge response during each of one or more processes for authorizing a respective transaction initiated by the consumer in order to provide a re-verified answer to the challenge message.

21. A computer program product comprising a computer readable medium encoded with a plurality of instructions for controlling a computing system to perform an operation for facilitating a consumer in an authorization process for a transaction requested by the consumer, the operation comprising the steps of:
- receiving, from an entity, a challenge message for a consumer for a first time;
  
  providing, from the consumer to the entity, a first challenge response that is responsive to the challenge message;
  
  repeating receiving the challenge message and providing a subsequent challenge response during each of one or more processes for authorizing a respective transaction initiated by the consumer in order to provide a verified answer to the challenge message;
  
  receiving, from the entity, the challenge message during a process for authorizing another transaction, wherein the challenge message is in response to an authorization request message that is associated with the consumer conducting the another transaction with a portable consumer device and that is sent to an issuer associated with the portable consumer device;
  
  providing, to the entity, another challenge response suitable for determining an authorization response message that indicates whether or not the another transaction is authorized, wherein the another transaction is more likely to be authorized if the another challenge response is similar to the verified answer.

22. A phone comprising a computer readable medium encoded with a plurality of instructions for controlling a computing system of the phone to perform an operation for facilitating a consumer in an authorization process for a transaction requested by the consumer, the operation comprising the steps of:
- receiving, at the phone being used by a consumer, a challenge message from an entity for a first time;
  
  providing, to the entity using the phone, a first challenge response that is responsive to the challenge message;
  
  repeating receiving the challenge message at the phone and providing a subsequent challenge response using the phone during each of one or more processes for authorizing a respective transaction initiated by the consumer in order to provide a verified answer to the challenge message;
  
  receiving, at the phone from the entity, the challenge message for the consumer during a process for authorizing another transaction, wherein the challenge message is in response to an authorization request message that is associated with the consumer conducting the another transaction with a portable consumer device and that is sent to an issuer associated with the portable consumer device; and
  
  providing, to the entity using the phone, another challenge response suitable for determining an authorization response message that indicates whether or not the another transaction is authorized, wherein the another transaction is more likely to be authorized if the another challenge response is similar to the verified answer.

23. A method of using a phone to facilitate an authorization process, the method comprising:
- receiving, at a phone being used by a consumer, a challenge message from an entity for a first time;
  
  providing, to the entity using the phone, a first challenge response that is responsive to the challenge message;
  
  repeating receiving the challenge message and providing a subsequent challenge response during each of one or more processes for authorizing a respective transaction initiated by the consumer in order to provide a verified answer to the challenge message;
  
  receiving, from the entity, the challenge message during a process for authorizing another transaction, wherein the challenge message is in response to an authorization request message that is associated with the consumer conducting the another transaction with a portable consumer device and that is sent to an issuer associated with the portable consumer device; and
  
  providing, to the entity, another challenge response suitable for determining an authorization response message that indicates whether or not the another transaction is authorized, wherein the another transaction is more likely to be authorized if the another challenge response is similar to the verified answer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Faith, Patrick, Carlson, Mark

Granted Patent

US 8,380,629 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/44
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/10   specially adapted for elect...

G06Q 20/382   insuring higher security of...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/403   Solvency checks

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 40/02   Banking, e.g. interest calc...

G06Q 40/12   Accounting

SEEDING CHALLENGES FOR PAYMENT TRANSACTIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

139 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

SEEDING CHALLENGES FOR PAYMENT TRANSACTIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

139 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links