IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0964992
(2013-08-12)
|
등록번호 |
US-8762279
(2014-06-24)
|
발명자
/ 주소 |
- Weller, Kevin
- Steele, Kim
- Koganti, Krishna Prasad
- Faith, Patrick
|
출원인 / 주소 |
- Visa International Service Association
|
대리인 / 주소 |
Kilpatrick Townsend Stockton LLP
|
인용정보 |
피인용 횟수 :
1 인용 특허 :
86 |
초록
▼
Embodiments of the invention enable cardholders conducting an online transaction to be authenticated in real-time using a challenge-response application. The challenge-response application can be administered by an issuer or by a third party on-behalf-of an issuer. A challenge question can be presen
Embodiments of the invention enable cardholders conducting an online transaction to be authenticated in real-time using a challenge-response application. The challenge-response application can be administered by an issuer or by a third party on-behalf-of an issuer. A challenge question can be presented to the cardholder, and the cardholder's response can be verified. The challenge question presented can be selected based on an analysis of the risk of the transaction and potentially other factors. A variety of dynamic challenge questions can be used without the need for the cardholder to enroll into the program. Additionally, there are many flexible implementation options of the challenge-response application that can be adjusted based on factors such as the location of the merchant or the location of the consumer.
대표청구항
▼
1. A method of authenticating a consumer conducting a transaction with a merchant, the method comprising: receiving, by a merchant computer, a transaction request from the consumer including information associated with an account being used to conduct the transaction;sending, by the merchant compute
1. A method of authenticating a consumer conducting a transaction with a merchant, the method comprising: receiving, by a merchant computer, a transaction request from the consumer including information associated with an account being used to conduct the transaction;sending, by the merchant computer, an enrollment request message to a server computer, wherein the server computer identifies a type of authentication available, and wherein the type of authentication available includes at least one of a password-based authentication or a challenge-response authentication;redirecting, by the merchant computer, the consumer to the server computer, wherein the server computer generates an authentication challenge and compares a response received from the consumer to an expected response when challenge-response authentication of the consumer is available;receiving, by the merchant computer, a result of the consumer authentication; andif the consumer is authenticated, submitting the transaction for processing. 2. The method of claim 1, further comprising performing the password-based authentication of the consumer conducting the transaction substantially concurrently with the challenge-response authentication. 3. The method of claim 1, wherein the challenge-response authentication is performed when the password-based authentication of the consumer conducting the transaction cannot take place. 4. The method of claim 1, wherein the challenge-response authentication is performed substantially concurrently with an enrollment process for the password-based authentication of the consumer conducting the transaction. 5. The method of claim 1, wherein the challenge-response authentication is performed substantially concurrently with a password recovery process for the password-based authentication of the consumer conducting the transaction. 6. The method of claim 1, wherein the challenge-response authentication is performed instead of a password recovery process for the password-based authentication of the consumer conducting the transaction. 7. The method of claim 1, wherein the consumer receives the expected response at a consumer device and wherein the expected response is valid for only one transaction. 8. The method of claim 1, wherein the authentication challenge is generated by a payment processing network. 9. The method of claim 1, wherein the server computer determines a risk score for the transaction and sends the risk score to a server computer associated with an issuer of the account being used to conduct the transaction, wherein the authentication challenge is generated by the server computer associated with the issuer and wherein the consumer response is received by the issuer. 10. A computer-readable medium comprising computer-executable code, executable by a processor, for performing the method of claim 1. 11. A server computer comprising a processor and the computer-readable medium of claim 10 coupled to the processor. 12. A system for authenticating a consumer conducting a transaction with a merchant, the system comprising: a challenge-response server computer, the challenge-response server computer comprising modules capable of executing on the challenge-response server computer, the modules comprising: a challenge optimizer module configured to: receive an enrollment request message sent by the merchant;identify a type of authentication available, wherein the type of authentication available includes at least one of a password-based authentication or a challenge-response based authentication;send an enrollment response message to the merchant based on the type of authentication available; andgenerate an authentication challenge and compare a response received from the consumer to an expected response when the challenge-response authentication of the consumer is available. 13. The system of claim 12, further comprising: a password-based authentication system, wherein the password-based authentication system is configured to provide the password-based authentication of the consumer conducting the transaction. 14. The system of claim 13, wherein the password-based authentication system is configured to provide authentication of the consumer substantially concurrently to the authentication provided by the challenge-response server computer. 15. The system of claim 13, wherein parameters of the authentication provided by the challenge-response server computer and parameters of the authentication provided by the password-based authentication system are determined based on information about the transaction being conducted and on information associated with an account being used to conduct the transaction. 16. The system of claim 13, wherein the authentication provided by the challenge-response server computer is provided when the password-based authentication of the consumer cannot take place. 17. The system of claim 13, wherein the challenge-response server computer is configured to authenticate the consumer substantially concurrently with an enrollment process for the password-based authentication system that occurs during the transaction. 18. The system of claim 13, wherein the challenge-response server computer authenticates the consumer substantially concurrently with a password recovery process for the password-based authentication system that occurs during the transaction. 19. The system of claim 12, wherein the challenge-response server computer further comprises: a risk analyzer module configured to obtain a risk score for the transaction, wherein the challenge-response authentication is performed when the risk score is a medium risk score, wherein no challenge is sent if the risk score is a low risk score, and wherein a transaction failure message is sent if the risk score is a high risk score. 20. The system of claim 19, wherein the risk score is further based on querying an external risk assessment system.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.