Authenticating remote transactions using a mobile device
First Claim
Patent Images
1. A method comprising:
- receiving transaction details comprising a transaction amount at an authentication server computer, wherein the transaction details are for a transaction conducted by a consumer using an account associated with an issuer;
initiating, by the authentication server computer, an authentication request message to a mobile device operated by the consumer;
receiving, by the authentication server computer, a personal identifier from the mobile device,wherein the personal identifier is an encrypted personal identifier and wherein the mobile device encrypts the personal identifier using a first transport key stored in the mobile device before the personal identifier is received from the mobile device, and wherein the method further comprises;
decrypting, by the authentication server computer, the received encrypted personal identifier using a second transport key;
determining, by the authentication server computer, that the personal identifier matches a previously stored personal identifier for the consumer;
generating, by the authentication server computer, an authentication indicator indicating a positive authentication result;
generating, by the authentication server computer, a digital certificate using a key provided by the issuer;
after decrypting the encrypted personal identifier with the second transport key, encrypting the personal identifier with a first issuer key that is unique to the transaction and that is derived using a master key and an algorithm supplied by the issuer to form a re-encrypted personal identifier; and
in response to determining that the personal identifier matches the previously stored personal identifier for the consumer, sending the authentication indicator and the digital certificate to the wallet provider computer, the wallet provider computer subsequently sending an authorization request message comprising the transaction amount, an account identifier associated with the account, the re-encrypted personal identifier and the digital certificate to an issuer computer associated with the issuer, the issuer computer subsequently decrypting the re-encrypted personal identifier with a second issuer key that is unique to the transaction, and is also derived from the master key and the algorithm, wherein the issuer computer determines whether or not to authorize the transaction based on the transaction amount, the account identifier, the personal identifier and the digital certificate, andwherein the wallet provider computer generates the authorization request message in response to receiving the authentication indicator indicating the positive authentication result.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention can combine card not present transaction processing with PIN verification. A merchant or a consumer can initiate transactions using any suitable transaction initiation channel. One aspect of the invention helps facilitate payment card authentication across multiple wallet providers/merchants using an encrypted card PIN and a digital certificate. One aspect of the invention can incorporate the use of different transaction networks to perform authentication and authorization processing.
-
Citations
15 Claims
-
1. A method comprising:
-
receiving transaction details comprising a transaction amount at an authentication server computer, wherein the transaction details are for a transaction conducted by a consumer using an account associated with an issuer; initiating, by the authentication server computer, an authentication request message to a mobile device operated by the consumer; receiving, by the authentication server computer, a personal identifier from the mobile device, wherein the personal identifier is an encrypted personal identifier and wherein the mobile device encrypts the personal identifier using a first transport key stored in the mobile device before the personal identifier is received from the mobile device, and wherein the method further comprises; decrypting, by the authentication server computer, the received encrypted personal identifier using a second transport key; determining, by the authentication server computer, that the personal identifier matches a previously stored personal identifier for the consumer; generating, by the authentication server computer, an authentication indicator indicating a positive authentication result; generating, by the authentication server computer, a digital certificate using a key provided by the issuer; after decrypting the encrypted personal identifier with the second transport key, encrypting the personal identifier with a first issuer key that is unique to the transaction and that is derived using a master key and an algorithm supplied by the issuer to form a re-encrypted personal identifier; and in response to determining that the personal identifier matches the previously stored personal identifier for the consumer, sending the authentication indicator and the digital certificate to the wallet provider computer, the wallet provider computer subsequently sending an authorization request message comprising the transaction amount, an account identifier associated with the account, the re-encrypted personal identifier and the digital certificate to an issuer computer associated with the issuer, the issuer computer subsequently decrypting the re-encrypted personal identifier with a second issuer key that is unique to the transaction, and is also derived from the master key and the algorithm, wherein the issuer computer determines whether or not to authorize the transaction based on the transaction amount, the account identifier, the personal identifier and the digital certificate, and wherein the wallet provider computer generates the authorization request message in response to receiving the authentication indicator indicating the positive authentication result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a mobile device; an issuer computer associated with an issuer; a wallet provider computer; and an authentication server computer communicatively coupled to the mobile device via a first communication network, and to the issuer computer via a second communication network, wherein the authentication server computer comprises a first processor and a first computer readable medium comprising first code, executable by the first processor, for implementing a first method comprising; receiving transaction details comprising a transaction amount, wherein the transaction details are for a transaction conducted by a consumer using an account associated with the issuer; initiating an authentication request message to the mobile device operated by the consumer; receiving a personal identifier from the mobile device, wherein the personal identifier is an encrypted personal identifier and wherein the mobile device encrypts the personal identifier using a first transport key stored in the mobile device before the personal identifier is received from the mobile device, and wherein the first method further comprises; decrypting the received encrypted personal identifier using a second transport key; determining, by the authentication server computer, that the personal identifier matches a previously stored personal identifier for the consumer; generating, by the authentication server computer, an authentication indicator indicating a positive authentication result; generating, by the authentication server computer, a digital certificate using a key provided by the issuer; after decrypting the encrypted personal identifier with the second transport key, encrypting the personal identifier with a first issuer key that is unique to the transaction and that is derived using a master key and an algorithm supplied by the issuer to form a re-encrypted personal identifier; and in response to determining that the personal identifier matches the previously stored personal identifier for the consumer, sending the authentication indicator and the digital certificate to the wallet provider computer; wherein the wallet provider computer comprises a second processor and a second computer readable medium, the second computer readable medium comprising second code executable by the second processor to perform a second method comprising; generating an authorization request message in response to receiving the authentication indicator indicating the positive authentication result, and sending the authorization request message comprising the transaction amount, an account identifier associated with the account, the re-encrypted personal identifier and the digital certificate to the issuer computer; wherein the issuer computer comprises a third processor and a third computer readable medium, the third computer readable medium comprising third code executable by the third processor to perform a third method comprising; decrypting the re-encrypted personal identifier with a second issuer key that is unique to the transaction, and is also derived from the master key and the algorithm, and determining whether or not to authorize the transaction based on the transaction amount, the account identifier, the positive authentication result, the personal identifier and the digital certificate.
-
Specification