Secure remote payment transaction processing using a secure element
US-9646303-B2 · May 9, 2017 · US
Token provisioning utilizing a secure authentication system
US10491389B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10491389-B2 |
| Application number | US-201715649923-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 14, 2017 |
| Priority date | Jul 14, 2017 |
| Publication date | Nov 26, 2019 |
| Grant date | Nov 26, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods of the invention are directed to provisioning a token by a secure authentication system. A user may initiate a transaction that causes a resource provider computer to transmit an authentication request message to a directory server computer. The directory server computer may transmit the authentication request message to an access control server computer for authentication. Subsequent to receiving the authentication request message, the directory server computer may request a token for the transaction from a token provider computer. If authentication is successful, the token may be included in an authentication response message transmitted by the directory server computer to the resource provider computer. The token may then be utilized by the resource provider computer in lieu of sensitive user information for any suitable purpose. In some embodiments, user-specific-data provided by the access control server computer may be included in the authentication response message.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method, comprising: receiving, by a resource provider computer associated with a resource provider, transaction data corresponding to a transaction associated with a user, each portion of the transaction data being different from a token; transmitting, by the resource provider computer to a directory server computer, an authentication request message including the transaction data and a token request indicator, wherein the directory server computer subsequently transmits the authentication request message to an access control server computer associated with an authorizing entity, wherein receipt of the authentication request message causes the access control server computer to authenticate the user, generate a verification value representing the authentication, and transmit an authentication response message comprising the verification value to the directory server computer; receiving, by the resource provider computer from the directory server computer, the authentication response message comprising the verification value and a new token, wherein the new token is provisioned by a token provider computer and obtained by the directory server computer from the token provider computer based at least in part on inclusion of the token request indicator in the authentication request message, and wherein provisioning the new token comprises generating the new token and generating an association between the new token and a portion of the transaction data; transmitting, by the resource provider computer to the directory server computer, a cryptogram request message associated with the token, wherein receipt of the cryptogram request message causes the directory server computer to: transmit the cryptogram request message to the token provider computer; and receive a cryptogram response message comprising a cryptogram associated with the token from the token provider computer; and receiving, by the resource provider computer, the cryptogram response message comprising the cryptogram associated with the token, the cryptogram being associated with one or more token restrictions. 2. The computer-implemented method of claim 1 , further comprising: generating, by the resource provider computer, an authorization request message comprising the token; and transmitting, by the resource provider computer, the authorization request message comprising the token to an authorization entity computer for the transaction. 3. The computer-implemented method of claim 1 , wherein the receipt of the cryptogram request message associated with the token further causes the directory server computer to: transmit a data request message to the access control server computer; and receive, from the access control server computer, a data response message comprising user-specific data associated with the user, wherein the authentication response message received from the directory server computer further comprises the user-specific data received from the access control server computer. 4. The computer-implemented method of claim 1 , wherein receipt of the authentication request message further causes the access control server computer to provide user-specific data associated with the user within the authentication response message transmitted to the directory server computer. 5. The computer-implemented method of claim 4 , wherein the user-specific data comprises at least one of: a billing address, a phone number, an electronic mail address, an account identifier, or transaction device data associated with the user. 6. The computer-implemented method of claim 1 , wherein the authentication response message further comprises the cryptogram associated with the new token. 7. A resource provider computer, comprising: a hardware processor, and a non-transitory computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, for implementing a method comprising: receiving transaction data corresponding to a transaction associated with a user, the transaction data being different from a token; transmitting, to a directory server computer, an authentication request message including the transaction data and a token request indicator, wherein the directory server computer subsequently transmits the authentication request message to an access control server computer associated with an authorizing entity, wherein receipt of the authentication request message causes the access control server computer to authenticate the user, generate a verification value representing the authentication, and transmit an authentication response message comprising the verification value to the directory server computer; receiving, from the directory server computer, the authentication response message comprising the verification value and a new token, wherein the new token is provisioned by a token provider computer and obtained by the directory server computer from the token provider computer based at least in part on inclusion of the token request indicator in the authentication request message, and wherein provisioning the new token comprises generating the new token and generating an association between the new token and a portion of the transaction data; transmitting, to the directory server computer, a cryptogram request message associated with the token, wherein receipt of the cryptogram request message causes the directory server computer to: transmit the cryptogram request message to the token provider computer; and receive a cryptogram response message comprising a cryptogram associated with the token from the token provider computer; and receiving the cryptogram response message comprising the cryptogram associated with the token, the cryptogram being associated with one or more token restrictions. 8. The resource provider computer of claim 7 , the method further comprising: generating an authorization request message comprising the token; and transmitting the authorization request message comprising the token to an authorization entity computer for the transaction. 9. The resource provider computer of claim 7 , wherein the receipt of the cryptogram request message associated with the token further causes the directory server computer to: transmit a data request message to the access control server computer; and receive, from the access control server computer, a data response message comprising user-specific data associated with the user. 10. The resource provider computer of claim 9 , wherein the authentication response message received from the directory server computer further comprises the user-specific data received from the access control server computer. 11. The resource provider computer of claim 7 , wherein receipt of the authentication request message further causes the access control server computer to provide user-specific data associated with the user within the authentication response message transmitted to the directory server computer. 12. The resource provider computer of claim 11 , wherein the user-specific data comprises at least one of: a billing address, a phone number, an electronic mail address, an account identifier, or transaction device data associated with the user. 13. A directory server computer, comprising: a hardware processor, and a non-transitory computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, for implementing a method comprising: receiving, from a resource provider computer, an authentication request message comprising transaction data for a transaction between a user and a
Assignees
Inventors
Classifications
Biological data, e.g. fingerprint, voice or retina (network architectures or network communication protocols for supporting authentication of entities using biometrical features in a packet data network H04L63/0861) · CPC title
using challenge-response · CPC title
involving digital signatures · CPC title
Financial cryptography, e.g. electronic payment or e-cash · CPC title
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10491389B2 cover?
- Systems and methods of the invention are directed to provisioning a token by a secure authentication system. A user may initiate a transaction that causes a resource provider computer to transmit an authentication request message to a directory server computer. The directory server computer may transmit the authentication request message to an access control server computer for authentication. …
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3213. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 26 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).