Online challenge-response
First Claim
1. A method of authenticating a consumer conducting a transaction with a merchant, the method comprising:
- sending, by a client computer, a transaction request to a merchant computer, the transaction request including information associated with an account being used to conduct the transaction, wherein the merchant computer is configured to send a request message to a server computer, wherein the server computer is configured to determine that an authentication challenge will be sent to the client computer based upon a risk determination that a risk threshold has been exceeded and is configured to determine that the authentication challenge will not be sent if the risk threshold is not exceeded;
receiving, by the client computer from the merchant computer, a uniform resource locator associated with the server computer to be utilized for a consumer authentication;
gathering and sending characteristics of the client computer to the server computer, wherein the risk determination is based upon characteristics of the transaction and the characteristics of the client computer;
sending, by the client computer using the uniform resource locator, a request to the server computer for the consumer authentication;
receiving, by the client computer, the authentication challenge from the server computer after the server computer determines that the risk threshold has been exceeded, wherein the authentication challenge is received using the uniform resource locator, and wherein the authentication challenge is dynamically generated by the server computer based on transaction history associated with the account;
sending, by the client computer, a challenge response to the server computer, wherein the server computer compares the challenge response to an expected response;
receiving, by the client computer from the server computer, a result of the consumer authentication; and
sending, by the client computer, the result of the consumer authentication to the merchant computer, wherein the merchant computer thereafter initiates authorization processing.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention enable cardholders conducting an online transaction to be authenticated in real-time using a challenge-response application. The challenge-response application can be administered by an issuer or by a third party on-behalf-of an issuer. A challenge question can be presented to the cardholder, and the cardholder'"'"'s response can be verified. The challenge question presented can be selected based on an analysis of the risk of the transaction and potentially other factors. A variety of dynamic challenge questions can be used without the need for the cardholder to enroll into the program. Additionally, there are many flexible implementation options of the challenge-response application that can be adjusted based on factors such as the location of the merchant or the location of the consumer.
-
Citations
21 Claims
-
1. A method of authenticating a consumer conducting a transaction with a merchant, the method comprising:
-
sending, by a client computer, a transaction request to a merchant computer, the transaction request including information associated with an account being used to conduct the transaction, wherein the merchant computer is configured to send a request message to a server computer, wherein the server computer is configured to determine that an authentication challenge will be sent to the client computer based upon a risk determination that a risk threshold has been exceeded and is configured to determine that the authentication challenge will not be sent if the risk threshold is not exceeded; receiving, by the client computer from the merchant computer, a uniform resource locator associated with the server computer to be utilized for a consumer authentication; gathering and sending characteristics of the client computer to the server computer, wherein the risk determination is based upon characteristics of the transaction and the characteristics of the client computer; sending, by the client computer using the uniform resource locator, a request to the server computer for the consumer authentication; receiving, by the client computer, the authentication challenge from the server computer after the server computer determines that the risk threshold has been exceeded, wherein the authentication challenge is received using the uniform resource locator, and wherein the authentication challenge is dynamically generated by the server computer based on transaction history associated with the account; sending, by the client computer, a challenge response to the server computer, wherein the server computer compares the challenge response to an expected response; receiving, by the client computer from the server computer, a result of the consumer authentication; and sending, by the client computer, the result of the consumer authentication to the merchant computer, wherein the merchant computer thereafter initiates authorization processing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 19, 20, 21)
-
-
9. A client computer comprising a processor and the computer readable medium coupled to the processor, the computer readable medium comprising code executable by the processor to implement a method comprising:
-
sending, by the client computer, a transaction request to a merchant computer, the transaction request including information associated with an account being used to conduct the transaction, wherein the merchant computer is configured to send a request message to a server computer, wherein the server computer is configured to determine that an authentication challenge will be sent to the client computer based upon a risk determination that a risk threshold has been exceeded and is configured to determine that the authentication challenge will not be sent if the risk threshold is not exceeded; receiving, by the client computer from the merchant computer, a uniform resource locator associated with the server computer to be utilized for a consumer authentication; gathering and sending characteristics of the client computer to the server computer, wherein the risk determination is based upon characteristics of the transaction and the characteristics of the client computer; sending, by the client computer using the uniform resource locator, a request to the server computer for the consumer authentication; receiving, by the client computer, the authentication challenge from the server computer after the server computer determines that the risk threshold has been exceeded, wherein the authentication challenge is received using the uniform resource locator, and wherein the authentication challenge is dynamically generated by the server computer based on transaction history associated with the account; sending, by the client computer, a challenge response to the server computer, wherein the server computer compares the challenge response to an expected response; receiving, by the client computer from the server computer, a result of the consumer authentication; and sending, by the client computer, the result of the consumer authentication to the merchant computer, wherein the merchant computer thereafter initiates authorization processing. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification