Authenticating Remote Transactions Using a Mobile Device

US 20140164254A1
Filed: 12/10/2013
Published: 06/12/2014
Est. Priority Date: 12/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving transaction details at an authentication server computer, wherein the transaction details are for a transaction conducted by a consumer using an account associated with an issuer;

initiating, by the authentication server computer, an authentication request message to a mobile device operated by the consumer before communicating with the issuer;

receiving, by the authentication server computer, a personal identifier from the mobile device before communicating with the issuer; and

after receiving the personal identifier from the mobile device, initiating the sending of an authorization request message comprising an account identifier associated with the account to the issuer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention can combine card not present transaction processing with PIN verification. A merchant or a consumer can initiate transactions using any suitable transaction initiation channel. One aspect of the invention helps facilitate payment card authentication across multiple wallet providers/merchants using an encrypted card PIN and a digital certificate. One aspect of the invention can incorporate the use of different transaction networks to perform authentication and authorization processing.

143 Citations

24 Claims

1. A method comprising:
- receiving transaction details at an authentication server computer, wherein the transaction details are for a transaction conducted by a consumer using an account associated with an issuer;
  
  initiating, by the authentication server computer, an authentication request message to a mobile device operated by the consumer before communicating with the issuer;
  
  receiving, by the authentication server computer, a personal identifier from the mobile device before communicating with the issuer; and
  
  after receiving the personal identifier from the mobile device, initiating the sending of an authorization request message comprising an account identifier associated with the account to the issuer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising:
    - determining that the personal identifier matches a previously stored personal identifier for the consumer;
      
      generating an authentication indicator indicating a positive authentication result; and
      
      providing the authentication indicator to a wallet server computer or a merchant server computer.
  - 3. The method of claim 1 wherein the account identifier associated with the account is retrieved using a phone number.
  - 4. The method of claim 1 wherein the personal identifier is an encrypted personal identifier and wherein the mobile device encrypts the personal identifier using a first transport key stored in the mobile device before the personal identifier is received from the mobile device, and wherein the method further comprises:
    - decrypting, by the authentication server computer, the received personal identifier using a second transport key;
      
      after decrypting the personal identifier with the second transport key, encrypting the personal identifier with a first issuer key; and
      
      providing the encrypted personal identifier to the issuer, wherein the issuer subsequently decrypts the encrypted personal identifier with a second issuer key.
  - 5. The method of claim 4 wherein providing the encrypted personal identifier to the issuer comprises:
    - providing the encrypted personal identifier to the issuer via a wallet server computer or a merchant server computer.
  - 6. The method of claim 1 wherein initiating the sending of the authorization request message comprises:
    - generating the authorization request message comprising the account identifier and the personal identifier; and
      
      sending the authorization request message to the issuer.
  - 7. The method of claim 1 wherein initiating the sending of the authorization request message comprises:
    - providing the personal identifier or an authentication indicator that indicates that the received personal identifier matched a previously stored personal identifier, to a gateway computer, the gateway computer being a wallet server computer or a merchant server computer, wherein the wallet server computer or the merchant server computer is configured to;
      
      generate the authorization request message comprising the account identifier and the personal identifier; and
      
      send the authorization request message to the issuer.
  - 8. The method of claim 1 wherein initiating the sending of the authorization request message comprises:
    - providing the personal identifier or an authentication indicator that indicates that the received personal identifier matched a previously stored personal identifier, and a digital certificate, to a gateway computer, the gateway computer being a wallet server computer or a merchant server computer, wherein the wallet server computer or the merchant server computer is configured to;
      
      generate the authorization request message comprising the account identifier, and the personal identifier or the authentication indicator; and
      
      send the authorization request message to the issuer.
  - 9. The method of claim 1 wherein the personal identifier is a personal identification number (PIN) and wherein the account identifier is a primary account number (PAN).
  - 10. The method of claim 1 wherein the personal identifier is a biometric identifier.

11. An authentication server computer comprising a processor and a computer readable medium comprising code, executable by the processor, for implementing a method comprising:
- receiving transaction details, wherein the transaction details are for a transaction conducted by a consumer using an account associated with an issuer;
  
  initiating an authentication request message to a mobile device operated by the consumer before communicating with the issuer;
  
  receiving a personal identifier from the mobile device before communicating with the issuer; and
  
  after receiving the personal identifier from the mobile device, initiating the sending of an authorization request message comprising an account identifier associated with the account to the issuer.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The authentication server computer of claim 11 further comprising:
    - determining that the personal identifier matches a previously stored personal identifier for the consumer;
      
      generating an authentication indicator indicating a positive authentication result; and
      
      providing the authentication indicator to a wallet server computer or a merchant server computer.
  - 13. The authentication server computer of claim 11 wherein the account identifier associated with the account is retrieved using a phone number.
  - 14. The authentication server computer of claim 11 wherein the personal identifier is an encrypted personal identifier and wherein the mobile device encrypts the personal identifier using a first transport key stored in the mobile device before the personal identifier is received from the mobile device, and wherein the method further comprises:
    - decrypting the received personal identifier using a second transport key;
      
      after decrypting the personal identifier with the second transport key, encrypting the personal identifier with a first issuer key; and
      
      providing the encrypted personal identifier to the issuer, wherein the issuer subsequently decrypts the encrypted personal identifier with a second issuer key.
  - 15. The authentication server computer of claim 14 wherein providing the encrypted personal identifier to the issuer comprises:
    - providing the encrypted personal identifier to the issuer via a wallet server computer or a merchant server computer.

16. A system comprising:
- a mobile device; and
  
  an authentication server computer communicatively coupled to the mobile device via a first communication network, wherein the authentication server computer comprises a processor and a computer readable medium comprising code, executable by the processor, for implementing a method comprising;
  
  receiving transaction details, wherein the transaction details are for a transaction conducted by a consumer using an account associated with an issuer;
  
  initiating an authentication request message to the mobile device operated by the consumer before communicating with the issuer;
  
  receiving a personal identifier from the mobile device before communicating with the issuer; and
  
  after receiving the personal identifier from the mobile device, initiating the sending of an authorization request message comprising an account identifier associated with the account to the issuer.
- View Dependent Claims (17)
- - 17. The system of claim 16 further comprising:
    - an issuer computer associated with the issuer; and
      
      a wallet server computer communicatively coupled to the authentication server computer via a second communication network, wherein the wallet server computer sends the authorization request message to the issuer computer.

18. A method comprising:
- receiving a personal identifier by an authentication server computer;
  
  sending, by the authentication server computer, the personal identifier to an issuer computer in a zero dollar authorization request message over a first payment network;
  
  receiving an authorization response message comprising an authentication indicator from the issuer computer; and
  
  forwarding the authentication indicator to a gateway computer,wherein the gateway computer initiates a transaction authorization request message to the issuer computer including the authentication indicator over a second payment network.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18 wherein the gateway computer is a wallet server computer.
  - 20. The method of claim 18 wherein the first payment network and the second payment network are configured to process credit and debit card transactions.

21. An authentication server computer comprising a processor and a computer readable medium comprising code, executable by a processor, for implementing a method comprising:
- receiving a personal identifier;
  
  sending the personal identifier to an issuer computer in a zero dollar authorization request message over a first payment network;
  
  receiving an authorization response message comprising an authentication indicator from the issuer computer; and
  
  forwarding the authentication indicator to a gateway computer,wherein the gateway computer initiates a transaction authorization request message to the issuer computer including the authentication indicator over a second payment network.

22. A method comprising:
- receiving, by an authentication server computer, a personal identifier associated with a consumer'"'"'s account with an issuer;
  
  sending, by the authentication server computer, the personal identifier to the issuer in a zero dollar authorization request message;
  
  receiving an authorization response message comprising an authentication indicator from the issuer;
  
  initiating a request to a mobile device operated by the consumer for registering one or more biometric identifiers;
  
  receiving the one or more biometric identifiers from the mobile device; and
  
  associating, by the authentication server computer, the one or more biometric identifiers with the personal identifier.
- View Dependent Claims (23, 24)
- - 23. The method of claim 22 wherein the personal identifier is a personal identification number (PIN) and the one or more biometric identifiers include a fingerprint, a voice recording, or an image of the consumer.
  - 24. The method of claim 22 further comprisingreceiving, by the authentication server computer, the one or more biometric identifiers from the mobile device for conducting a transaction, the one or more biometric identifiers being received before communicating with the issuer regarding the transaction being conducted;
    - after receiving the one or more biometric identifiers from the mobile device, validating the one or more biometric identifiers against the registered one or more biometric identifiers;
      
      generating a verification value for the transaction being conducted; and
      
      initiating the sending of an authorization request message comprising an account identifier associated with the account and the verification value to the issuer to carry out the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Dimmick, James Dene

Granted Patent

US 10,521,794 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06Q 20/36   using electronic wallets or...

G06Q 20/3674   involving authentication

G06Q 20/385   using an alias or single-us...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4014   Identity check for transact...

Authenticating Remote Transactions Using a Mobile Device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

143 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating Remote Transactions Using a Mobile Device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links