Multifactor Authentication Using A Directory Server

US 20110208658A1
Filed: 12/09/2010
Published: 08/25/2011
Est. Priority Date: 02/25/2010
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a cardholder account, the method comprising:

obtaining a first identifier and a cryptogram from a first entity, wherein the first identifier is associated with the cardholder account;

identifying an issuer associated with the cardholder account;

forwarding the first account identifier and the cryptogram to a second entity for validation;

receiving a second identifier from the second entity, wherein the second identifier is generated by the second entity and associated with a validated form of the first identifier; and

sending the second identifier to the first entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a server computer are provided for authenticating a cardholder account. The server computer implements the method, which includes obtaining a first identifier and a cryptogram from a first entity, identifying an issuer associated with the cardholder account, forwarding the first account identifier and the cryptogram to a second entity for validation, receiving a second identifier from the second entity, and sending the second identifier to the first entity. The first identifier can be associated with the cardholder account. The second identifier can be generated by the second entity and associated with a validated form of the first identifier.

247 Citations

21 Claims

1. A method for authenticating a cardholder account, the method comprising:
- obtaining a first identifier and a cryptogram from a first entity, wherein the first identifier is associated with the cardholder account;
  
  identifying an issuer associated with the cardholder account;
  
  forwarding the first account identifier and the cryptogram to a second entity for validation;
  
  receiving a second identifier from the second entity, wherein the second identifier is generated by the second entity and associated with a validated form of the first identifier; and
  
  sending the second identifier to the first entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the method is performed on a directory server computer.
  - 3. The method of claim 1, wherein the first identifier includes a primary account number (PAN).
  - 4. The method of claim 1, wherein the first identifier includes any one or more of an electronic mail address, a telephone number, a card authentication program (CAP) token, a dynamic passcode authentication (DPA) token, or a one time passcode (OTP) cryptogram.
  - 5. The method of claim 1, wherein the method further comprises consulting a lookup table to retrieve a primary account number (PAN) associated with the first identifier.
  - 6. The method of claim 1, wherein the second entity is an access control server computer associated with the issuer.
  - 7. The method of claim 1, wherein the first entity is an access device.
  - 8. The method of claim 7, wherein the access device is coupled to a reader that reads the first identifier from a portable consumer device.
  - 9. The method of claim 8, further comprising:
    - entering a third identifier associated with the portable consumer device, wherein the third identifier is received by the issuer in order to continue validation of the cardholder account.
  - 10. The method of claim 8, wherein the reader includes a merchant plug in (MPI).
  - 11. The method of claim 10, wherein the second identifier is any one of a temporary primary account number (TPAN) or cardholder authentication verification value (CAVV).
  - 12. The method of claim 11, wherein the merchant plug in (MPI) communicates with the reader to populate browser fields in a browser on the access device with a primary account number (PAN) and the card authentication verification value (CAVV) or the temporary primary account number (TPAN).
  - 13. The method of claim 12, further comprising sending the primary account number (PAN) and the card authentication verification value (CAVV) or the temporary primary account number (TPAN) to an acquirer, wherein the acquirer forwards the primary account number and the card authentication verification value (CAVV) to the issuer via a payment processing network for authorization of a transaction.

14. A server computer for use in an authenticated transaction, the server computer comprising:
- a processor; and
  
  a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor to implement a method comprising;
  
  receiving a first identifier and a cryptogram from an access device;
  
  identifying an issuer associated with the first identifier;
  
  sending the first identifier and the cryptogram to the issuer for validation;
  
  receiving a second identifier from the issuer, wherein the second identifier is associated with a validated form of the first identifier; and
  
  providing the second identifier to the access device, wherein the access device communicates the second identifier to a merchant to complete the authenticated transaction.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The server computer of claim 14, wherein the access device is coupled to a reader and receives the first identifier and cryptogram from a portable consumer device through any one of a contact interface or a contactless interface.
  - 16. The server computer of claim 15, wherein the reader is a universal serial bus dongle capable of interfacing with a portable consumer device.
  - 17. The server computer of claim 15, wherein the reader includes a software module with a merchant plug in.
  - 18. The server computer of claim 14, further comprising a database, wherein the database includes information used to identify an issuer associated with the first identifier.
  - 19. The server computer of claim 14, wherein the first identifier is a primary account number.

20. A computer readable medium comprising code executable by a processor, for implementing a method comprising:
- obtaining a first identifier and a cryptogram from a first entity, wherein the first identifier is associated with a cardholder account;
  
  identifying a second entity associated with the cardholder account;
  
  forwarding the first identifier and the cryptogram to the second entity for validation;
  
  receiving a second identifier from the second entity, wherein the second identifier is generated at the second entity and associated with a validated form of the first identifier; and
  
  sending the second identifier to the first entity.

21. A method for authenticating a transaction on an access device, the method comprising:
- accessing a merchant website;
  
  initiating a transaction on the merchant website, wherein the merchant sends a request for payment during the transaction;
  
  interfacing with a reader, wherein the reader captures a first identifier stored on a portable consumer device and a cryptogram in response to the request for payment;
  
  forwarding the first identifier and the cryptogram to a directory server through a merchant plug in, wherein the directory server communicates the first identifier and the cryptogram to an issuer of the portable consumer device for validation;
  
  receiving a second identifier through the MPI, wherein the second identifier is associated with the validated first identifier; and
  
  communicating the second identifier to the reader from the MPI.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Makhotin, Oleg

Granted Patent

US 10,255,601 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/75
CPC Class Codes

G06F 21/34   involving the use of extern...

G06Q 20/12   specially adapted for elect...

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3213   using tickets or tokens, e....

Multifactor Authentication Using A Directory Server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

247 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Multifactor Authentication Using A Directory Server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

247 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links