Consumer authentication system and method
First Claim
Patent Images
1. A method comprising:
- receiving, by a server computer from a merchant via an acquirer of the merchant, an authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device;
determining, by the server computer, if a challenge message is needed;
sending, by the server computer, the challenge message to the consumer, wherein the challenge message is dynamic;
receiving a challenge response message from the consumer; and
sending an authorization response message to the consumer, wherein the authorization response message indicates whether or not the transaction is authorized,wherein the authorization request message comprises a bank identification number and a transaction amount associated with the transaction,wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device,wherein the challenge response message is received from the access device via the acquirer.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating a consumer. The method includes receiving an authorization request message associated with a consumer conducting a transaction with a portable consumer device. A challenge message is sent to the consumer, where the challenge message is dynamic or semi-dynamic. A challenge response message is received from the consumer, and an authorization response message is sent to the consumer. The authorization response message indicates whether or not the transaction is authorized.
143 Citations
16 Claims
-
1. A method comprising:
-
receiving, by a server computer from a merchant via an acquirer of the merchant, an authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device; determining, by the server computer, if a challenge message is needed; sending, by the server computer, the challenge message to the consumer, wherein the challenge message is dynamic; receiving a challenge response message from the consumer; and sending an authorization response message to the consumer, wherein the authorization response message indicates whether or not the transaction is authorized, wherein the authorization request message comprises a bank identification number and a transaction amount associated with the transaction, wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device, wherein the challenge response message is received from the access device via the acquirer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer readable medium comprising:
-
code, executable by a processor, for performing a method comprising; receiving, by a server computer from a merchant via an acquirer of the merchant, an authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device; determining, by the server computer, if a challenge message is needed; sending, by the server computer, the challenge message to the consumer, wherein the challenge message is dynamic; receiving a challenge response message from the consumer; and sending an authorization response message to the consumer, wherein the authorization response message indicates whether or not the transaction is authorized, wherein the authorization request message comprises a bank identification number and a transaction amount associated with the transaction, wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device, wherein the challenge response message is received from the access device via the acquirer.
-
-
10. A server computer comprising
a processor; - and
a computer readable medium coupled to the processor, the computer readable medium comprising code executable by the processor for performing a method comprising receiving, by a server computer from a merchant via an acquirer of the merchant, an authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device; determining, by the server computer, if a challenge message is needed; sending, by the server computer, the challenge message to the consumer, wherein the challenge message is dynamic; receiving a challenge response message from the consumer; and sending an authorization response message to the consumer, wherein the authorization response message indicates whether or not the transaction is authorized, wherein the authorization request message comprises a bank identification number and a transaction amount associated with the transaction, wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device, wherein the challenge response message is received from the access device via the acquirer.
- and
-
11. A method comprising:
-
receiving, by a server computer from a merchant via an acquirer of the merchant, a first authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the first authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device; determining by the server computer if a challenge message is needed; sending, by the server computer, the challenge message to the consumer; receiving a second authorization request message including a challenge response message from the merchant via the acquirer of the merchant; and sending an authorization response message, wherein the authorization response message indicates whether or not the transaction is authorized, wherein the first authorization request message comprises a bank identification number and a transaction amount associated with the transaction and the second authorization request message comprises the bank identification number, wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device, wherein the second authorization request message including the challenge response message is received from the access device via the acquirer. - View Dependent Claims (12, 13, 14)
-
-
15. A non-transitory computer readable medium comprising code, executable by a processor, for performing a method comprising
receiving, by a server computer from a merchant via an acquirer of the merchant, a first authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the first authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device; -
determining by the server computer if a challenge message is needed; sending, by the server computer, the challenge message to the consumer; receiving a second authorization request message including a challenge response message from the merchant via the acquirer of the merchant; and sending an authorization response message, wherein the authorization response message indicates whether or not the transaction is authorized, wherein the first authorization request message comprises a bank identification number and a transaction amount associated with the transaction and the second authorization request message comprises the bank identification number, wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device, wherein the second authorization request message including the challenge response message is received from the access device via the acquirer.
-
-
16. A server comprising:
-
a processor; and a computer readable medium comprising code, executable by the processor for performing a method comprising receiving, by a server computer from a merchant via an acquirer of the merchant, a first authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the first authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device; determining by the server computer if a challenge message is needed; sending, by the server computer, the challenge message to the consumer; receiving a second authorization request message including a challenge response message from the merchant via the acquirer of the merchant; and sending an authorization response message, wherein the authorization response message indicates whether or not the transaction is authorized, wherein the first authorization request message comprises a bank identification number and a transaction amount associated with the transaction and the second authorization request message comprises the bank identification number, wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device, wherein the second authorization request message including the challenge response message is received from the access device via the acquirer.
-
Specification