One-time credit card number generator and single round-trip authentication
First Claim
1. A method of authenticating a client to a server comprising:
- generating a challenge at the client;
signing the challenge to form a signed challenge;
sending at least the signed challenge to the server, where the authenticity of the server is not in question;
verifying the signature of the challenge at the server; and
if the signature is verified, sending an indication of successful authentication to the client, where the indication of successful authentication is generated employing a single round trip authentication scheme.
11 Assignments
0 Petitions
Accused Products
Abstract
An online transaction is effected between a user system, a merchant system and an issuer system. The user system generates a one-time number (OTN) to use as a card number for a transaction with the merchant. The user system generates the OTN as a function of various parameters and sends the OTN to the issuer and to the merchant. With the issuer communication, the user is first authenticated, so the issuer can associate the received OTN with the user even if the user'"'"'s identity cannot be fully discerned from the OTN alone. In authenticating the user with the issuer, and possibly other authentications, the user sends the issuer a signed challenge where the challenge is a sequential challenge or a function of a prior challenge provided by the issuer. The issuer responds with an approval/denial message and, in the latter case, includes the next challenge to be used.
225 Citations
8 Claims
-
1. A method of authenticating a client to a server comprising:
-
generating a challenge at the client;
signing the challenge to form a signed challenge;
sending at least the signed challenge to the server, where the authenticity of the server is not in question;
verifying the signature of the challenge at the server; and
if the signature is verified, sending an indication of successful authentication to the client, where the indication of successful authentication is generated employing a single round trip authentication scheme. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of using a one-time use card number for an online transaction, comprising:
-
generating a one-time use card number at a user system using a random number generator;
authenticating the user system to an issuer system, where the authenticating employs a single round trip authentication scheme;
passing the one-time use card number from the user system to the issuer system;
passing the one-time use card number from the user system to a merchant system, wherein the merchant system is programmed to present the one-time use card number to the issuer system to effect a payment;
verifying the one-time use card number received from the merchant system with the one-time use card number received from the user system; and
if the one-time use card number is verified, approving the transaction. - View Dependent Claims (7, 8)
-
Specification
-
- Resources
-
Current AssigneeCA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.), Orphangage Incorporated
-
Original AssigneeArcot Systems, Inc. (Broadcom, Inc.)
-
InventorsVaradarajan, Rammohan, Rajasekaran, Sanguthevar
-
Primary Examiner(s)Le, Thien M.
-
Assistant Examiner(s)Caputo, Lisa M.
-
Application NumberUS10/003,847Publication NumberTime in Patent Office1,329 DaysField of Search235/379, 235/380, 705/44, 705/67, 713/155, 713/168, 713/170, 709/229US Class Current235/379CPC Class CodesG06Q 20/02 involving a neutral party, ...G06Q 20/04 Payment circuitsG06Q 20/385 using an alias or single-us...
