METHOD FOR AUTHENTICATING TRANSACTIONS

US 20160203468A1
Filed: 09/01/2014
Published: 07/14/2016
Est. Priority Date: 08/30/2013
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating and authorizing a transaction involving a terminal provider of a product or a service and a mobile application of a user mobile device wherein:

during a registration process of the mobile application to a server;

operating the server to generates a set of transaction unpredictable numbers,operating the server to send said generated set of transaction unpredictable numbers to the mobile application,during the authentication and authorization of the transaction;

operating the mobile application to select a stored unused transaction unpredictable number, said selected unused transaction unpredictable number allowing to identify said transaction,operating the mobile application to elaborate a transaction authorization request message from the selected transaction unpredictable number,operating the mobile application to encode the authorization request into a simplex communication data,operating the terminal provider to receive and decode the simplex communication data,operating the terminal provider to send to the server, the decoded simplex communication data for authentication and authorization of the transaction,operating the server to verify a match of a transaction unpredictable number between the content of the decoded transaction authorization request message and the server transaction unpredictable number database,if the verification is successful, operating the server to add the matched transaction unpredictable number to the authorization request message,operating the server to send the transaction authorization request to an issuer,operating the server to receives from the issuer receiving the transaction authorization result indicating whether or not said transaction is authenticated and authorized,operating the server to forward the transaction authorization result to the terminal provider.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention generally relates to systems and methods for authenticating transactions through a simplex communication. To allow trusting the transaction with a payment by an image code such QR code, the invention proposes means to authenticate said transaction. For that, when the mobile payment application is loaded into preferably a secure element of the user mobile device a registration process is enabled. During this registration process on a server, an account of the user is created and a set of unpredictable numbers in quantity N is generated. This set of unpredictable numbers is transmitted to the mobile payment application for storage. The payment application uses the stored set of transaction unpredictable numbers for next N times transactions performed by the mobile payment application for transaction cryptogram calculation. The same transaction unpredictable number is recovered in the server side during the transaction authorization process.

16 Citations

20 Claims

1. A method for authenticating and authorizing a transaction involving a terminal provider of a product or a service and a mobile application of a user mobile device wherein:
- during a registration process of the mobile application to a server;
  
  operating the server to generates a set of transaction unpredictable numbers,operating the server to send said generated set of transaction unpredictable numbers to the mobile application,during the authentication and authorization of the transaction;
  
  operating the mobile application to select a stored unused transaction unpredictable number, said selected unused transaction unpredictable number allowing to identify said transaction,operating the mobile application to elaborate a transaction authorization request message from the selected transaction unpredictable number,operating the mobile application to encode the authorization request into a simplex communication data,operating the terminal provider to receive and decode the simplex communication data,operating the terminal provider to send to the server, the decoded simplex communication data for authentication and authorization of the transaction,operating the server to verify a match of a transaction unpredictable number between the content of the decoded transaction authorization request message and the server transaction unpredictable number database,if the verification is successful, operating the server to add the matched transaction unpredictable number to the authorization request message,operating the server to send the transaction authorization request to an issuer,operating the server to receives from the issuer receiving the transaction authorization result indicating whether or not said transaction is authenticated and authorized,operating the server to forward the transaction authorization result to the terminal provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method according to claim 1, wherein to receive the simplex communication data, a scanner terminal of the provider scans the encoded authorization request.
  - 3. The method according to claim 1, wherein the simplex communication data is an image code such a QR code or a barcode, this image code being displayed on the user mobile device to be scanned by the provider and sent to the server.
  - 4. The method according to claim 1, wherein the simplex communication data is a modulated sound, a modulated vibration or a NFC tag message.
  - 5. The method according to claim 1, wherein when the selected transaction unpredictable number is added to the elaborated transaction authorization request message:
    - comparing the received selected transaction unpredictable number to the recovered transaction unpredictable number,if the comparison is successful, adding the recovered transaction unpredictable number to the authorization request and sending it to the issuer.
  - 6. The method according to claim 1 wherein the unused transaction unpredictable number is selected according to a pre-determined sequence and wherein the transaction unpredictable number is recovered by the server according to a unique identifier of the user and the pre-determined sequence.
  - 7. The method according to claim 1, wherein the transaction unpredictable number is recovered by the server from an unique identifier of the user, an index associated to the selected transaction unpredictable number which is added to the authorization request and the pre-determined sequence.
  - 8. The method according to claim 1, wherein the unused transaction unpredictable number is selected randomly and wherein an index is associated to said selected transaction unpredictable number and wherein the transaction unpredictable number is recovered by the server from a unique identifier of the user and the index associated to the selected transaction unpredictable number.
  - 9. The method according to claim 1, wherein the transaction unpredictable number is marked as used in the storage after the selection step and the recovery step.
  - 10. The method according to claim 9, wherein when the transaction unpredictable numbers stored in the mobile payment application are all marked as used then a new set of transaction unpredictable numbers is generated by the server and sent to the mobile application for storage.
  - 11. The method according to claim 1, wherein the transmission of the generated set of transaction unpredictable numbers from the server to the mobile payment application is protected:
    - by applying an encryption algorithm which involves key(s) shared between the server and the mobile payment application, and/orby applying an integrity algorithm which involves key(s) shared between the server and the mobile payment application.
  - 12. The method according to claim 1, wherein the mobile application and the set of transaction unpredictable numbers are stored into a secure element of the mobile device.
  - 13. The method according to claim 1, wherein the server and the issuer are the same entity.
  - 14. The method according to claim 13, wherein the transaction authorization request message comprises a transaction cryptogram generated from an amount of the transaction inputted by the user on the mobile device, the selected transaction unpredictable number, user'"'"'s financial data, various keys and data elements defined by the transaction standard.
  - 15. The method according to claim 1, wherein the mobile device is a cellular or wireless phone, a tablet, a smartphone, a personal digital assistance (PDA), a pager, a portable computers.
  - 16. The method according to claim 2, wherein the simplex communication data is an image code such a QR code or a barcode, this image code being displayed on the user mobile device to be scanned by the provider and sent to the server.
  - 17. The method according to claim 2, wherein the simplex communication data is a modulated sound, a modulated vibration or a NFC tag message.
  - 18. The method according to claim 2, wherein when the selected transaction unpredictable number is added to the elaborated transaction authorization request message:
    - comparing the received selected transaction unpredictable number to the recovered transaction unpredictable number,if the comparison is successful, adding the recovered transaction unpredictable number to the authorization request and sending it to the issuer.
  - 19. The method according to claim 2 wherein the unused transaction unpredictable number is selected according to a pre-determined sequence and wherein the transaction unpredictable number is recovered by the server according to a unique identifier of the user and the pre-determined sequence
  - 20. The method according to claim 2, wherein the transaction unpredictable number is recovered by the server from an unique identifier of the user, an index associated to the selected transaction unpredictable number which is added to the authorization request and the pre-determined sequence.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thales DIS France SA
Original Assignee
Gemalto SA (Thales SA)
Inventors
CHEN, Yuexi

Granted Patent

US 10,579,987 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 20/3274   using a pictured code, e.g....

G06Q 20/385   using an alias or single-us...

G06Q 20/401   Transaction verification

G06Q 2220/00   Business processing using c...

H04L 9/50   using hash chains, e.g. blo...

METHOD FOR AUTHENTICATING TRANSACTIONS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR AUTHENTICATING TRANSACTIONS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links