One-time use password systems and methods
First Claim
1. A method of using a one-time password for a transaction between a user and a merchant, comprising:
- generating the one-time password by an electronic device;
performing an authentication process of the user by an authentication server in response to a request from the user to use the one-time password, the user is authenticated based on information other than the one-time password;
authorizing the use of the one-time password for the transaction in response to successfully authenticating the user by the authentication server;
determining that the use of the one-time password is not authorized for the transaction in response to authentication of the user by the authentication server failing;
receiving the one-time password in combination with an account number at an electronic device of the merchant;
sending a first electronic message to the authentication server, wherein the first electronic message comprises the one-time password, and wherein the first electronic message requests a determination whether the one-time password is authorized for use in the transaction based on successful verification of the user;
sending a second electronic message to the electronic device of the merchant, wherein the second electronic message includes a determination whether the transaction should be approved, the determination is based in part on whether the authentication server indicates the one-time password is authorized for use in the transaction based on successful verification of the user.
2 Assignments
0 Petitions
Accused Products
Abstract
According to the invention, a method of using a one-time password for a transaction between a user and a merchant is disclosed. The method may include generating the one-time password. The method may also include authenticating the user by the authentication server in response to a request from the user to use the one-time password. The method may further include authorizing the use of the one-time password for the transaction in response to authenticating the user by the authentication server. The method may moreover include using the one-time password in combination with an account number to settle the transaction between the user and the merchant. The method may additionally include sending a message to the authentication server originating from the merchant, wherein the message comprises the one-time password, and wherein the message requests a determination whether the one-time password is authorized for use in the transaction. The method may also include sending a message to the merchant originating from the authentication server, wherein the message includes a determination whether the transaction should be approved in response to the authentication server determining whether the one-time password is authorized for use in the transaction.
19 Citations
22 Claims
-
1. A method of using a one-time password for a transaction between a user and a merchant, comprising:
-
generating the one-time password by an electronic device; performing an authentication process of the user by an authentication server in response to a request from the user to use the one-time password, the user is authenticated based on information other than the one-time password; authorizing the use of the one-time password for the transaction in response to successfully authenticating the user by the authentication server; determining that the use of the one-time password is not authorized for the transaction in response to authentication of the user by the authentication server failing; receiving the one-time password in combination with an account number at an electronic device of the merchant; sending a first electronic message to the authentication server, wherein the first electronic message comprises the one-time password, and wherein the first electronic message requests a determination whether the one-time password is authorized for use in the transaction based on successful verification of the user; sending a second electronic message to the electronic device of the merchant, wherein the second electronic message includes a determination whether the transaction should be approved, the determination is based in part on whether the authentication server indicates the one-time password is authorized for use in the transaction based on successful verification of the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for using a one-time password in a transaction, comprising:
-
a device of a merchant configured to receive the one-time password and an account number from a device of a user; an authentication server configured to receive a request originating from the device of the user to authorize the one-time password for use in the transaction in response to authenticating the user based on information other than the one-time password; an issuer server configured to communicate with the authentication server to determine whether the one-time password is authorized for use in the transaction based on the user being authenticated on the information other than the one-time password, and to communicate with the device of the merchant to determine whether the transaction has been approved or denied based, at least in part, on whether the one-time password is authorized for use in the transaction. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A method of using a one-time password for a transaction between a user and a merchant, comprising:
-
performing an authentication process of the user by an authentication server, the authentication process comprising receiving information from the user other than a one-time password and authenticating the user based on the information other than the one-time password; storing an indication by the authentication server whether the one-time password is valid or invalid for use in the transaction between the user and the merchant depending upon whether the user is successfully authenticated; receiving the one-time password in combination with an account number at an electronic device of the merchant; sending a request from an electronic device of the merchant to an electronic device of an issuer to determine whether the transaction should be authorized or denied in response to receiving the one-time password in combination with an account number at an electronic device of the merchant; sending a first electronic message the authentication server from an electronic device of the issuer, wherein the first electronic message comprises the particular one-time password, and wherein the first electronic message requests a determination whether the particular one-time password is authorized for use in the transaction based on successful authentication of the user; receiving a response at an electronic device of the issuer from the authentication server of whether the one-time password is valid or invalid for use in the transaction between the user and the merchant depending upon whether the user is successfully authenticated; determining by an electronic device of the issuer whether the transaction should be approved or denied based in part on whether the authentication server indicates the particular one-time password is authorized for use in the transaction based on successful verification of the user; and sending a second electronic message from an electronic device of the issuer to the electronic device of the merchant, wherein the second electronic message includes a determination whether the transaction should be approved or denied.
-
Specification