TRANSACTION AUTHORIZATION USING A VOCALIZED CHALLENGE

US 20160269415A1
Filed: 07/16/2015
Published: 09/15/2016
Est. Priority Date: 10/24/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method of transaction authorization, comprising, at a server:

receiving, from a computerized transaction system, transaction request data responsive to a user having initiated a transaction via the transaction system;

instructing to generate a single use, one-time challenge, vocalized by voice synthesis and call a computerized electronic device of the user, using an endpoint identifier linked to the user, the latter enrolled at the server, to vocally communicate the vocalized challenge to the user; and

communicating with the transaction system to validate response data sent by the user, in response to the vocalized challenge, to one or both of the server and the transaction system for validation, to authorize the transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of transaction authorization, includes, at a server: receiving, from a computerized transaction system, transaction request data responsive to a user having initiated a transaction via the transaction system; instructing to generate a single use, one-time challenge, vocalized by voice synthesis and call a computerized electronic device of the user, using an endpoint identifier linked to the user, the latter enrolled at the server, to vocally communicate the vocalized challenge to the user; and communicating with the transaction system to validate response data sent by the user, in response to the vocalized challenge, to one or both of the server and the transaction system for validation, to authorize the transaction.

Citations

20 Claims

1. A method of transaction authorization, comprising, at a server:
- receiving, from a computerized transaction system, transaction request data responsive to a user having initiated a transaction via the transaction system;
  
  instructing to generate a single use, one-time challenge, vocalized by voice synthesis and call a computerized electronic device of the user, using an endpoint identifier linked to the user, the latter enrolled at the server, to vocally communicate the vocalized challenge to the user; and
  
  communicating with the transaction system to validate response data sent by the user, in response to the vocalized challenge, to one or both of the server and the transaction system for validation, to authorize the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein communicating with the transaction system is carried out to validate response data entered by the user via an interface of the computerized electronic device in response to the vocalized challenge and electronically sent by the computerized electronic device to one or both of the server and the transaction system for validation.
  - 3. The method of claim 2, wherein communicating with the transaction system is performed to validate response data that were electronically sent by the computerized electronic device to the transaction system.
  - 4. The method of claim 1, wherein the transaction request data is received after the user has connected, via the computerized electronic device, to the transaction system, to initiate the transaction at the transaction system, the user having logged into the system.
  - 5. The method of claim 1, further comprising enrolling the user at the authorization server to link the endpoint identifier to the user, wherein enrolling the user is performed prior to receiving the transaction request data from the computerized transaction system, and wherein enrolling the user comprises logging additional data, such as a secret, and the method further comprises communicating either with the user, via the computerized electronic device, or with the transaction system, to validate additional response data provided by the user in response to an additional challenge in respect of the additional data.
  - 6. The method of claim 1, further comprising authenticating the user to the server to authorize the transaction.
  - 7. The method of claim 1, wherein expected response data is associated with a sequence of characters matching a sequence of characters vocalized in the challenge.
  - 8. The method of claim 7, wherein the characters are vocalized one after the other in the vocalized challenge.
  - 9. The method of claim 1, wherein the computerized device is a mobile device and the endpoint identifier is a mobile phone number.

10. A method of obtaining a transaction authorization, comprising, at a computerized transaction system:
- responsive to a user having initiated a transaction via the transaction system, sending transaction request data to the server;
  
  responsive to the server having, in response to the transaction request data sent, instructed to;
  
  generate a single-use, one-time challenge, vocalized by voice synthesis; and
  
  call a computerized electronic device of the user, using an endpoint identifier linked to the user, the latter enrolled at the server, to vocally communicate the vocalized challenge to the user, communicating with the server to validate response data sent by the user in response to the vocalized challenge, to authorize the transaction; and
  
  upon validation of the response data by the server, completing the transaction.
- View Dependent Claims (11, 12)
- - 11. The method of transaction of claim 10, wherein completing the transaction comprises prompting the user to complete the transaction by sending data to the computerized electronic device of the user.
  - 12. The method of transaction of claim 10, wherein the method further comprises receiving, at the transaction system, the response data, which have been electronically sent by the computerized electronic device to the transaction system, and wherein communicating with the server to validate the response data is performed upon receiving the electronically sent response data.

13. An authorization server, comprising:
- a processing device configured to;
  
  receive, from a computerized transaction system, transaction request data responsive to a user having initiated a transaction via the transaction system;
  
  instruct to generate a single use, one-time challenge, vocalized by voice synthesis and call a computerized electronic device of the user, using an endpoint identifier linked to the user, the latter enrolled at the server, to vocally communicate the vocalized challenge to the user; and
  
  communicate with the transaction system to validate response data sent by the user, in response to the vocalized challenge, to one or both of the server and the transaction system for validation, to authorize the transaction.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The authorization server of claim 13, wherein communicating with the transaction system is carried out to validate response data entered by the user via an interface of the computerized electronic device in response to the vocalized challenge and electronically sent by the computerized electronic device to one or both of the server and the transaction system for validation.
  - 15. The authorization server of claim 14, wherein communicating with the transaction system is performed to validate response data that were electronically sent by the computerized electronic device to the transaction system.
  - 16. The authorization server of claim 13, wherein the transaction request data is received after the user has connected, via the computerized electronic device, to the transaction system, to initiate the transaction at the transaction system, the user having logged into the system.
  - 17. The authorization server of claim 13, wherein the processing device is further configured to enroll the user at the authorization server to link the endpoint identifier to the user, wherein enrolling the user is performed prior to receiving the transaction request data from the computerized transaction system, and wherein enrolling the user comprises logging additional data, such as a secret, and the method further comprises communicating either with the user, via the computerized electronic device, or with the transaction system, to validate additional response data provided by the user in response to an additional challenge in respect of the additional data.
  - 18. The authorization server of claim 13, wherein the processing device is further configured to authenticate the user to the server to authorize the transaction.
  - 19. The authorization server of claim 13, wherein expected response data is associated with, a sequence of characters matching a sequence of characters vocalized in the challenge.

20. A nontransitory, computer readable storage medium having computer readable instruction stored thereon that, when executed by a computer, implement a method of transaction authorization, the method comprising:
- receiving, at a server, from a computerized transaction system, transaction request data responsive to a user having initiated a transaction via the transaction system;
  
  instructing to generate a single use, one-time challenge, vocalized by voice synthesis and call a computerized electronic device of the user, using an endpoint identifier linked to the user, the latter enrolled at the server, to vocally communicate the vocalized challenge to the user; and
  
  communicating with the transaction system to validate response data sent by the user, in response to the vocalized challenge, to one or both of the server and the transaction system for validation, to authorize the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Krueger, Oliver, Ortiz-Yepes, Diego A., Dykeman, Harold D.

Application Number

US14/800,993
Publication Number

US 20160269415A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/42   using separate channels for...

G06Q 20/3272   using an audio code

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/385   using an alias or single-us...

G06Q 20/401   Transaction verification

G06Q 20/425   using two different network...

H04L 2463/102   applying security measure f...

H04L 63/102   Entity profiles

H04L 63/126   the source of the received ...

TRANSACTION AUTHORIZATION USING A VOCALIZED CHALLENGE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TRANSACTION AUTHORIZATION USING A VOCALIZED CHALLENGE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links