ONE-TIME USE PASSWORD SYSTEMS AND METHODS
First Claim
1. A method of using a one-time password for a transaction between a user and a merchant, comprising:
- generating the one-time password;
authenticating the user by the authentication server in response to a request from the user to use the one-time password;
authorizing the use of the one-time password for the transaction in response to authenticating the user by the authentication server;
using the one-time password in combination with an account number to settle the transaction between the user and the merchant;
sending a message to the authentication server originating from the merchant, wherein the message comprises the one-time password, and wherein the message requests a determination whether the one-time password is authorized for use in the transaction; and
sending a message to the merchant originating from the authentication server, wherein the message includes a determination whether the transaction should be approved in response to the authentication server determining whether the one-time password is authorized for use in the transaction.
2 Assignments
0 Petitions
Accused Products
Abstract
According to the invention, a method of using a one-time password for a transaction between a user and a merchant is disclosed. The method may include generating the one-time password. The method may also include authenticating the user by the authentication server in response to a request from the user to use the one-time password. The method may further include authorizing the use of the one-time password for the transaction in response to authenticating the user by the authentication server. The method may moreover include using the one-time password in combination with an account number to settle the transaction between the user and the merchant. The method may additionally include sending a message to the authentication server originating from the merchant, wherein the message comprises the one-time password, and wherein the message requests a determination whether the one-time password is authorized for use in the transaction. The method may also include sending a message to the merchant originating from the authentication server, wherein the message includes a determination whether the transaction should be approved in response to the authentication server determining whether the one-time password is authorized for use in the transaction.
147 Citations
50 Claims
-
1. A method of using a one-time password for a transaction between a user and a merchant, comprising:
-
generating the one-time password; authenticating the user by the authentication server in response to a request from the user to use the one-time password; authorizing the use of the one-time password for the transaction in response to authenticating the user by the authentication server; using the one-time password in combination with an account number to settle the transaction between the user and the merchant; sending a message to the authentication server originating from the merchant, wherein the message comprises the one-time password, and wherein the message requests a determination whether the one-time password is authorized for use in the transaction; and sending a message to the merchant originating from the authentication server, wherein the message includes a determination whether the transaction should be approved in response to the authentication server determining whether the one-time password is authorized for use in the transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of using a one-time password for a transaction by a user, comprising:
-
requesting authorization from an authentication server to use the one-time password in the transaction; signing a challenge to create a signed challenge; and sending the signed challenge to the authentication server to authenticate the user and authorize the use of the one-time password in the transaction. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method of processing a password and an account number by an issuer server, the password and account number being used in a transaction, the method comprising:
-
receiving the password and the account number from a device of a merchant as part of the transaction; in response to receiving the password and the account number, associating the account number with an account of a customer of the issuer server; determining whether the password is a one-time password; in response to a determination that the password is a one-time password, sending the password to an authentication server to verify that the password is authorized for the transaction; receiving a determination from the authentication server as to whether the password is authorized for use in the transaction by an authenticated user; and in response to the determination from the authentication server as to whether the password is authorized, sending the device of the merchant a determination as to whether the transaction should be approved. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A method of authorizing a one-time password by an authentication server to be used in a transaction by a user, comprising:
-
receiving a request originating from a device of the user to authorize the one-time password; sending a challenge via a secure communication channel to the device of the user to authenticate the user; receiving a signed challenge originating from the device of the user via a secure communication channel; determining whether the user is authentic; and authorizing the one-time password for use in the transaction in response to a determination that the user is authentic. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38)
-
-
39. A system for using a one-time password in a transaction, comprising:
-
a device of a user; a device of a merchant configured to receive the one-time password and an account number from the device of the user; an authentication server configured to receive a request originating from the device of the user to authorize the one-time password for use in the transaction; an issuer server configured to communicate with the device of the merchant to determine whether the one-time password is authorized for use in the transaction, and configured to communicate with the authentication server to determine whether the one-time password is authorized for use in the transaction; and wherein the authentication server is configured to communicate with the issuer server to determine whether the one-time password is authorized for use in the transaction. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46)
-
-
47. A computer program product on a machine-readable medium for an issuer server including a processor, comprising:
-
code that directs the processor to receive a message originating from a device of a merchant, the message comprising a password and an account number; code that directs the processor to associate the account number with an account of a customer of the issuer server; code that directs the processor to determine whether the password is a one-time password; code that directs the processor to send a message comprising the password to an authentication server to determine whether the password is authorized as a one-time password for the transaction; code that directs the processor to receive a message from the authentication server indicating whether the one-time password is authorized by an authenticated user; and code that directs the processor to send a message to the merchant including a determination whether the transaction is approved. - View Dependent Claims (48, 49, 50)
-
Specification