Consumer authentication system and method

US 8,135,647 B2
Filed: 06/14/2007
Issued: 03/13/2012
Est. Priority Date: 06/19/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a server computer from a merchant via an acquirer of the merchant, an authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device;

determining, by the server computer, if a challenge message is needed;

sending, by the server computer, the challenge message to the consumer, wherein the challenge message is dynamic;

receiving a challenge response message from the consumer; and

sending an authorization response message to the consumer, wherein the authorization response message indicates whether or not the transaction is authorized,wherein the authorization request message comprises a bank identification number and a transaction amount associated with the transaction,wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device,wherein the challenge response message is received from the access device via the acquirer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a consumer. The method includes receiving an authorization request message associated with a consumer conducting a transaction with a portable consumer device. A challenge message is sent to the consumer, where the challenge message is dynamic or semi-dynamic. A challenge response message is received from the consumer, and an authorization response message is sent to the consumer. The authorization response message indicates whether or not the transaction is authorized.

143 Citations

16 Claims

1. A method comprising:
- receiving, by a server computer from a merchant via an acquirer of the merchant, an authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device;
  
  determining, by the server computer, if a challenge message is needed;
  
  sending, by the server computer, the challenge message to the consumer, wherein the challenge message is dynamic;
  
  receiving a challenge response message from the consumer; and
  
  sending an authorization response message to the consumer, wherein the authorization response message indicates whether or not the transaction is authorized,wherein the authorization request message comprises a bank identification number and a transaction amount associated with the transaction,wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device,wherein the challenge response message is received from the access device via the acquirer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the portable consumer device is in the form of a card or a mobile phone.
  - 3. The method of claim 1 wherein the challenge message includes a question.
  - 4. The method of claim 1 wherein the consumer'"'"'s transaction history is used to create the challenge message.
  - 5. The method of claim 1 wherein the server is in a payment processing network, and wherein the method further comprises:
    - forwarding the authorization request message to an issuer of the portable consumer device; and
      
      receiving the authorization response message from the issuer before sending the authorization response message to the consumer.
  - 6. The method of claim 5 wherein the payment processing network is configured to process debit and credit card transactions, and perform clearing and settlement.
  - 7. The method of claim 1 wherein the authorization request message is received at an issuer, and the issuer sends the challenge message to the consumer, and receives the challenge response message from the consumer, and wherein the issuer further analyzes the challenge response message from the consumer to determine if the consumer provides a correct challenge response message before sending the authorization response message to the consumer.
  - 8. The method of claim 1 wherein the challenge message includes a question, and uses the consumer'"'"'s location to create the challenge message.

9. A non-transitory computer readable medium comprising:
- code, executable by a processor, for performing a method comprising;
  
  receiving, by a server computer from a merchant via an acquirer of the merchant, an authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device;
  
  determining, by the server computer, if a challenge message is needed;
  
  sending, by the server computer, the challenge message to the consumer, wherein the challenge message is dynamic;
  
  receiving a challenge response message from the consumer; and
  
  sending an authorization response message to the consumer, wherein the authorization response message indicates whether or not the transaction is authorized,wherein the authorization request message comprises a bank identification number and a transaction amount associated with the transaction,wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device,wherein the challenge response message is received from the access device via the acquirer.

10. A server computer comprisinga processor;
- anda computer readable medium coupled to the processor, the computer readable medium comprising code executable by the processor for performing a method comprisingreceiving, by a server computer from a merchant via an acquirer of the merchant, an authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device;
  
  determining, by the server computer, if a challenge message is needed;
  
  sending, by the server computer, the challenge message to the consumer, wherein the challenge message is dynamic;
  
  receiving a challenge response message from the consumer; and
  
  sending an authorization response message to the consumer, wherein the authorization response message indicates whether or not the transaction is authorized,wherein the authorization request message comprises a bank identification number and a transaction amount associated with the transaction,wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device, wherein the challenge response message is received from the access device via the acquirer.

11. A method comprising:
- receiving, by a server computer from a merchant via an acquirer of the merchant, a first authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the first authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device;
  
  determining by the server computer if a challenge message is needed;
  
  sending, by the server computer, the challenge message to the consumer;
  
  receiving a second authorization request message including a challenge response message from the merchant via the acquirer of the merchant; and
  
  sending an authorization response message, wherein the authorization response message indicates whether or not the transaction is authorized,wherein the first authorization request message comprises a bank identification number and a transaction amount associated with the transaction and the second authorization request message comprises the bank identification number,wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device,wherein the second authorization request message including the challenge response message is received from the access device via the acquirer.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11 wherein the second authorization request message comprises a zero dollar amount.
  - 13. The method of claim 11 wherein the server computer comprises a transaction code that links the first and second authorization requests.
  - 14. The method of claim 11 wherein the server computer is in a payment processing network that is configured to process debit and credit card transactions, and perform clearing and settlement.

15. A non-transitory computer readable medium comprising code, executable by a processor, for performing a method comprisingreceiving, by a server computer from a merchant via an acquirer of the merchant, a first authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the first authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device;
- determining by the server computer if a challenge message is needed;
  
  sending, by the server computer, the challenge message to the consumer;
  
  receiving a second authorization request message including a challenge response message from the merchant via the acquirer of the merchant; and
  
  sending an authorization response message, wherein the authorization response message indicates whether or not the transaction is authorized,wherein the first authorization request message comprises a bank identification number and a transaction amount associated with the transaction and the second authorization request message comprises the bank identification number,wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device, wherein the second authorization request message including the challenge response message is received from the access device via the acquirer.

16. A server comprising:
- a processor; and
  
  a computer readable medium comprising code, executable by the processor for performing a method comprisingreceiving, by a server computer from a merchant via an acquirer of the merchant, a first authorization request message associated with a consumer conducting a transaction with a portable consumer device, wherein the first authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device;
  
  determining by the server computer if a challenge message is needed;
  
  sending, by the server computer, the challenge message to the consumer;
  
  receiving a second authorization request message including a challenge response message from the merchant via the acquirer of the merchant; and
  
  sending an authorization response message, wherein the authorization response message indicates whether or not the transaction is authorized,wherein the first authorization request message comprises a bank identification number and a transaction amount associated with the transaction and the second authorization request message comprises the bank identification number,wherein the challenge message is sent to a phone of the consumer, and wherein the consumer thereafter enters a response to the challenge message into the access device, wherein the second authorization request message including the challenge response message is received from the access device via the acquirer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Hammad, Ayman, Faith, Patrick
Primary Examiner(s)
KUCAB, JAMIE R

Application Number

US11/763,240
Publication Number

US 20080005037A1
Time in Patent Office

1,734 Days
Field of Search

705/67, 705/75
US Class Current

705/67
CPC Class Codes

G06Q 20/085   involving remote charge det...

G06Q 20/105   involving programming of a ...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/204   comprising interface for re...

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 2220/00   Business processing using c...

G06Q 30/06   Buying, selling or leasing ...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3271   using challenge-response

Consumer authentication system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

143 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Consumer authentication system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links