Online challenge-response
First Claim
1. A method of authenticating a consumer conducting a transaction with a merchant, the method comprising:
- receiving, by a merchant computer, a transaction request from the consumer including information associated with an account being used to conduct the transaction;
sending, by the merchant computer, an enrollment request message to a server computer, wherein the server computer identifies a type of authentication available, and wherein the type of authentication available includes at least one of a password-based authentication or a challenge-response authentication;
redirecting, by the merchant computer, the consumer to the server computer, wherein the server computer generates an authentication challenge and compares a response received from the consumer to an expected response when challenge-response authentication of the consumer is available;
receiving, by the merchant computer, a result of the consumer authentication; and
if the consumer is authenticated, submitting the transaction for processing.
0 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention enable cardholders conducting an online transaction to be authenticated in real-time using a challenge-response application. The challenge-response application can be administered by an issuer or by a third party on-behalf-of an issuer. A challenge question can be presented to the cardholder, and the cardholder'"'"'s response can be verified. The challenge question presented can be selected based on an analysis of the risk of the transaction and potentially other factors. A variety of dynamic challenge questions can be used without the need for the cardholder to enroll into the program. Additionally, there are many flexible implementation options of the challenge-response application that can be adjusted based on factors such as the location of the merchant or the location of the consumer.
-
Citations
20 Claims
-
1. A method of authenticating a consumer conducting a transaction with a merchant, the method comprising:
-
receiving, by a merchant computer, a transaction request from the consumer including information associated with an account being used to conduct the transaction; sending, by the merchant computer, an enrollment request message to a server computer, wherein the server computer identifies a type of authentication available, and wherein the type of authentication available includes at least one of a password-based authentication or a challenge-response authentication; redirecting, by the merchant computer, the consumer to the server computer, wherein the server computer generates an authentication challenge and compares a response received from the consumer to an expected response when challenge-response authentication of the consumer is available; receiving, by the merchant computer, a result of the consumer authentication; and if the consumer is authenticated, submitting the transaction for processing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for authenticating a consumer conducting a transaction with a merchant, the system comprising:
a challenge-response server computer, the challenge-response server computer comprising modules capable of executing on the challenge-response server computer, the modules comprising; a challenge optimizer module configured to; receive an enrollment request message sent by the merchant; identify a type of authentication available, wherein the type of authentication available includes at least one of a password-based authentication or a challenge-response based authentication; send an enrollment response message to the merchant based on the type of authentication available; and generate an authentication challenge and compare a response received from the consumer to an expected response when the challenge-response authentication of the consumer is available. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
Specification