METHOD AND SYSTEM FOR SECURE AUTHENTICATION
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method configured to provide secure Personal Identification Number (PIN) based authentication is disclosed. A passcode or PIN associated with a customer value card can be securely authenticated by an issuer prior to authorizing payment. An Access Control Server (ACS) can receive the PIN or passcode from a customer via a secure connection over a public network. The ACS can generate an encrypted PIN and can communicate the encrypted PIN to a remote issuer for authentication. The ACS can use one or more hardware security modules to generate the encrypted PIN. The hardware security modules can be emulated in software or implemented in hardware. The system can be configured such that the PIN is not exposed in an unencrypted form in a communication link or in hardware other than the originating customer terminal.
-
Citations
52 Claims
-
1-32. -32. (canceled)
-
33. A secure passcode authentication system, the system comprising:
-
an Access Control Server (ACS) configured to receive a request for passcode authentication of a Primary Account Number (PAN), and configured to request a passcode corresponding to the PAN from a cardholder device, the request including a destination address for the passcode; a front end Host Security Module (HSM) having said destination address, coupled to the ACS, and configured to receive the passcode from the cardholder device and generate an encrypted passcode using a local encryption key, and configured to return the encrypted passcode to the cardholder device with an instruction to provide the encrypted passcode to the ACS; and a back end HSM coupled to the ACS, configured to receive the encrypted passcode from the ACS and further configured to recover a clear form of the passcode, generate a back end encrypted passcode, and communicate the back end encrypted passcode to the ACS. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A method for providing secure passcode authentication, the method comprising:
-
receiving a request for passcode authentication of a Primary Account Number (PAN); requesting a passcode corresponding to the PAN from a cardholder device, the request including a destination address corresponding to a front end Host Security Module (HSM); receiving an encrypted passcode from the cardholder device, the passcode having been encrypted by the front end HSM; sending the encrypted passcode to a back end HSM; receiving a back end encrypted passcode from the back end HSM; and sending an authentication request including the back end encrypted passcode to an authentication network. - View Dependent Claims (46, 47, 48)
-
-
49. A non-transitory, tangible, computer readable medium comprising code executable by a processor for implementing a method comprising:
-
receiving a request for passcode authentication of a Primary Account Number (PAN); requesting a passcode corresponding to the PAN from a cardholder device, the request including a destination address corresponding to a front end Host Security Module (HSM); receiving an encrypted passcode from the cardholder device, the passcode having been encrypted by the front end HSM; sending the encrypted passcode to a back end HSM; receiving a back end encrypted passcode from the back end HSM; and sending an authentication request including the back end encrypted passcode to an authentication network. - View Dependent Claims (50, 51, 52)
-
Specification