Secure remote authentication through an untrusted network
First Claim
1. A method for securely authenticating a user at an access device, said method comprising:
- sending to a consumer device a dynamic data element and a set of transactional information for a payment transaction conducted between the consumer device and the access device;
receiving from the consumer device, an authentication code wherein the authentication code is created by the consumer device as a function of at least a subset of the set of transactional information, the dynamic data element, and a password, wherein the subset of the set of transactional information includes an amount of the payment transaction and a terminal identifier of the access device;
sending an authentication request message to a service provider containing at least the authentication code and additional information sufficient to allow the service provider to recreate the authentication code; and
receiving from the service provider an authentication response message wherein the authentication response message indicates if the recreated authentication code corresponds to the authentication code sent in the authentication request message.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for securely authenticating a user of a consumer device at an access device comprising the following steps. First, a dynamic data element and a first set of transactional information is sent to the consumer device from the access device. Next, the consumer device creates an authentication code as a function of at least the dynamic data element, a subset of the first set of transactional information, and a password. The authentication code, along with other data, is then sent from the consumer device back to the access device. The access device then uses the authentication code to send an authentication request message to the service provider of the user. The service provider then attempts to authenticate the user by recreating the authentication code and comparing the recreated authentication code with the authentication code received from the access device.
45 Citations
27 Claims
-
1. A method for securely authenticating a user at an access device, said method comprising:
-
sending to a consumer device a dynamic data element and a set of transactional information for a payment transaction conducted between the consumer device and the access device; receiving from the consumer device, an authentication code wherein the authentication code is created by the consumer device as a function of at least a subset of the set of transactional information, the dynamic data element, and a password, wherein the subset of the set of transactional information includes an amount of the payment transaction and a terminal identifier of the access device; sending an authentication request message to a service provider containing at least the authentication code and additional information sufficient to allow the service provider to recreate the authentication code; and receiving from the service provider an authentication response message wherein the authentication response message indicates if the recreated authentication code corresponds to the authentication code sent in the authentication request message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for securely authenticating a user of a consumer device at a service provider computer in an untrusted network, said method comprising:
-
receiving at the service provider computer, an authentication request message containing at least an authentication code and additional information sufficient to allow the service provider to recreate the authentication code, wherein the authentication code is created by the consumer device by performing a function on at least three pieces of information including a dynamic data element, a password, and a subset of a set of transactional information for a payment transaction conducted between the consumer device and an access device, wherein the subset of the set of transactional information includes an amount of the payment transaction and a terminal identifier of the access device, wherein the function transforms the three pieces of information into a scrambled form for secure transmission through the untrusted network without using encryption techniques or transmitting encryption keys; recreating an authentication code as a function of at least the dynamic data element, the subset of information contained in the authentication request message, and other data locally available to the service provider, wherein the locally available data can be retrieved as a function of the data contained in the authentication request; comparing the recreated authentication code with the authentication code received in the authentication request message; authenticating the user based on the comparison of the recreated authentication code and the authentication code received in the authentication request message; and sending an authentication response message indicating the result of the authentication step to the access device. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification