Token based transaction authentication

US 9,582,799 B2
Filed: 04/10/2013
Issued: 02/28/2017
Est. Priority Date: 01/19/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a server computer, a consumer payment nickname from a client computer;

receiving, by the server computer, a payment reference identifier from the client computer, wherein the payment reference identifier was previously generated by the server computer;

analyzing, by the server computer, the received payment reference identifier;

determining, by the server computer, that the received payment reference identifier matches the previously generated payment reference identifier to determine an authentication thread;

analyzing, by the server computer, the consumer payment nickname;

determining, by the server computer, an account identifier associated with the consumer payment nickname;

determining, by the server computer, an authorization computer from the account identifier;

generating, by the server computer, a message comprising the payment reference identifier and the account identifier;

sending, by the server computer, the message comprising the payment reference identifier and the account identifier associated with the consumer payment nickname to the authorization computer; and

receiving, from the authorization computer, the payment reference identifier and an authentication address, which is forwarded to the client computer and is used to authenticate a user that holds an account associated with the account identifier.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A token based transaction authentication system is disclosed. Issuer, merchants, and a payment processing network generate unique tokens or keys to authenticate messages between themselves and to authenticate a sending entity or consumer as they are redirected between entities. The tokens are also used to identify the particular authentication thread a message or sending entity is associated with. The sending entity authentication occurs over a web-based channel or a mobile based channel.

44 Citations

View as Search Results

25 Claims

1. A method comprising:
- receiving, by a server computer, a consumer payment nickname from a client computer;
  
  receiving, by the server computer, a payment reference identifier from the client computer, wherein the payment reference identifier was previously generated by the server computer;
  
  analyzing, by the server computer, the received payment reference identifier;
  
  determining, by the server computer, that the received payment reference identifier matches the previously generated payment reference identifier to determine an authentication thread;
  
  analyzing, by the server computer, the consumer payment nickname;
  
  determining, by the server computer, an account identifier associated with the consumer payment nickname;
  
  determining, by the server computer, an authorization computer from the account identifier;
  
  generating, by the server computer, a message comprising the payment reference identifier and the account identifier;
  
  sending, by the server computer, the message comprising the payment reference identifier and the account identifier associated with the consumer payment nickname to the authorization computer; and
  
  receiving, from the authorization computer, the payment reference identifier and an authentication address, which is forwarded to the client computer and is used to authenticate a user that holds an account associated with the account identifier.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the authorization computer is an issuer computer, and wherein the method further comprises:
    - receiving, by the server computer, a verify alias request from the client computer.
  - 3. The method of claim 1, wherein the method further comprises:
    - receiving, by the server computer, a merchant key from the client computer;
      
      receiving, by the server computer, a verify alias request from the client computer; and
      
      providing, by the server computer, a verify alias response to the client computer.
  - 4. The method of claim 1 wherein the client computer is a merchant computer.
  - 5. The method of claim 1 wherein the receiving the consumer payment nickname and receiving the payment reference identifier occur in the same communication.
  - 6. The method of claim 1, wherein the payment reference identifier comprises a timestamp and is analyzed by the server computer each time the server computer receives the payment reference identifier.

7. A server computer comprising:
- a processor; and
  
  a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor to implement a method comprisingreceiving, by the server computer, a consumer payment nickname from a client computer,receiving, by the server computer, a payment reference identifier from the client computer, wherein the payment reference identifier was previously generated by the server computer;
  
  analyzing, by the server computer, the received payment reference identifier;
  
  determining, by the server computer, that the received payment reference identifier matches the previously generated payment reference identifier to determine an authentication thread;
  
  analyzing, by the server computer, the consumer payment nickname;
  
  determining, by the server computer, an account identifier associated with the consumer payment nickname;
  
  determining, by the server computer, an authorization computer from the account identifier;
  
  generating, by the server computer, a message comprising the payment reference identifier and the account identifier;
  
  sending, by the server computer, the message comprising the payment reference identifier and the account identifier associated with the consumer payment nickname to the authorization computer; and
  
  receiving, from the authorization computer, the payment reference identifier and an authentication address, which is forwarded to the client computer and is used to authenticate a user that holds an account associated with the account identifier.
- View Dependent Claims (8, 9, 10)
- - 8. The server computer of claim 7 wherein the method further comprises:
    - receiving, by the server computer, a verify alias request from the client computer.
  - 9. The server computer of claim 7 wherein the method further comprises:
    - receiving, by the server computer, a verify alias request from the client computer; and
      
      providing, by the server computer, a verify alias response to the client computer.
  - 10. The server computer of claim 7 wherein the client computer is a merchant computer.

11. A system comprising:
- a server computer comprising a processor and a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor to implement a method comprisingreceiving a consumer payment nickname from a client computer,receiving a payment reference identifier from the client computer, wherein the payment reference identifier was previously generated by the server computer, analyzing, by the server computer, the received payment reference identifier, determining, by the server computer, that the received payment reference identifier matches the previously generated payment reference identifier to determine an authentication thread;
  
  determining an account identifier associated with the consumer payment nickname,determining an authorization computer from the account identifier,generating a message comprising the payment reference identifier and the account identifier,sending the message comprising the payment reference identifier and the account identifier associated with the consumer payment nickname to the authorization computer, andreceiving, from the authorization computer, the payment reference identifier and an authentication address, which is forwarded to the client computer and is used to authenticate a user that holds an account associated with the account identifier; and
  
  the client computer in communication with the server computer.
- View Dependent Claims (12)
- - 12. The system of claim 11, further comprising:
    - the authorization computer.

13. A method comprising:
- sending, by a sending entity computer, a consumer payment nickname to a merchant computer, wherein the merchant computer thereafter forwards a merchant key and a payment reference identifier to a payment processing network, and wherein the payment processing network forwards an initiate authentication request to an issuer and receives an initiate authentication response including the payment reference identifier and an issuer key from the issuer;
  
  receiving, by the sending entity computer, an authentication address for an authentication computer;
  
  sending, by the sending entity computer, a passcode to the authentication address of the authentication computer so that the authentication computer determines an authentication result;
  
  receiving from the authentication computer a message comprising the authentication result and a redirect command; and
  
  automatically redirecting, using the redirect command, the sending entity computer to the merchant computer; and
  
  generating and transmitting, by the sending entity computer, a message comprising the merchant key and the payment reference identifier to the merchant computer.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13 further comprising:
    - receiving the consumer payment nickname and a passcode request by the sending entity computer.
  - 15. The method of claim 13 wherein the sending entity computer is operated by a consumer.
  - 16. The method of claim 13 further comprising:
    - sending a consumer identity alias to the merchant computer; and
      
      receiving the consumer payment nickname.
  - 17. The method of claim 13, wherein the payment processing network is configured to process credit and debit card transactions.
  - 18. The method of claim 13 wherein the sending entity computer is a mobile phone.

19. A sending entity computer comprising:
- a processor; and
  
  a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor to implement a method comprisingsending, by the sending entity computer, a consumer payment nickname to a merchant computer, wherein the merchant computer thereafter forwards a merchant key and a payment reference identifier to a payment processing network, and wherein the payment processing network forwards an initiate authentication request to an issuer and receives an initiate authentication response including the payment reference identifier and an issuer key from the issuer,receiving, by the sending entity computer, an authentication address for an authentication computer,sending, by the sending entity computer, a passcode to the authentication address of the authentication computer so that the authentication computer determines an authentication resultreceiving from the authentication computer a message comprising the authentication result and a redirect command; and
  
  automatically redirecting, using the redirect command, the sending entity computer to the merchant computer; and
  
  generating and transmitting, by the sending entity computer, a message comprising the merchant key and the payment reference identifier to the merchant computer.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The sending entity computer of claim 19 wherein the method further comprises:
    - receiving the consumer payment nickname and a passcode request by the sending entity computer.
  - 21. The sending entity computer of claim 19 wherein the payment processing network is configured to process credit and debit card transactions.
  - 22. The sending entity computer of claim 19 wherein the method further comprises:
    - sending a consumer identity alias to the merchant computer; and
      
      receiving the consumer payment nickname.
  - 23. The sending entity computer of claim 22, wherein the payment processing network is configured to process credit and debit card transactions.
  - 24. The sending entity computer of claim 19 wherein the sending entity computer is a mobile phone.

25. A system comprising:
- a sending entity computer comprising a processor, and a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor to implement a method comprisingsending a consumer payment nickname to a merchant computer, wherein the merchant computer thereafter forwards a merchant key and a payment reference identifier to a payment processing network, and wherein the payment processing network forwards an initiate authentication request to an issuer and receives an initiate authentication response including the payment reference identifier and an issuer key from the issuer, receiving an authentication address for an authentication computer,sending, by the sending entity computer, a passcode to the authentication address of the authentication computer so that the authentication computer determines an authentication result,receiving from the authentication computer a message comprising the authentication result and a redirect command, andautomatically redirecting, using the redirect command, the sending entity computer to the merchant computer, andgenerating and transmitting, by the sending entity computer, a message comprising the merchant key and the payment reference identifier to the merchant computer; and
  
  the payment processing network in communication with the sending entity computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Lindelsee, Mike, Brand, Olivier, Dimmick, James, Dominguez, Benedicto
Primary Examiner(s)
Poinvil, Frantzy

Application Number

US13/860,402
Publication Number

US 20130232079A1
Time in Patent Office

1,420 Days
Field of Search

705 3- 44
US Class Current

1/1
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

Token based transaction authentication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Token based transaction authentication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links