System for reducing transaction failure
US-12175472-B2 · Dec 24, 2024 · US
Online challenge-response
US9898740B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9898740-B2 |
| Application number | US-201414273331-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 8, 2014 |
| Priority date | Nov 6, 2008 |
| Publication date | Feb 20, 2018 |
| Grant date | Feb 20, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the invention enable cardholders conducting an online transaction to be authenticated in real-time using a challenge-response application. The challenge-response application can be administered by an issuer or by a third party on-behalf-of an issuer. A challenge question can be presented to the cardholder, and the cardholder's response can be verified. The challenge question presented can be selected based on an analysis of the risk of the transaction and potentially other factors. A variety of dynamic challenge questions can be used without the need for the cardholder to enroll into the program. Additionally, there are many flexible implementation options of the challenge-response application that can be adjusted based on factors such as the location of the merchant or the location of the consumer.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of authenticating a consumer conducting a transaction with a merchant, the method comprising: sending, by a client computer, a transaction request to a merchant computer, the transaction request including information associated with an account being used to conduct the transaction, wherein the merchant computer is configured to send a request message to a server computer, wherein the server computer is configured to determine that an authentication challenge will be sent to the client computer based upon a risk determination that a risk threshold has been exceeded and is configured to determine that the authentication challenge will not be sent if the risk threshold is not exceeded; receiving, by the client computer from the merchant computer, a uniform resource locator associated with the server computer to be utilized for a consumer authentication; gathering and sending characteristics of the client computer to the server computer, wherein the risk determination is based upon characteristics of the transaction and the characteristics of the client computer; sending, by the client computer using the uniform resource locator, a request to the server computer for the consumer authentication; receiving, by the client computer, the authentication challenge from the server computer after the server computer determines that the risk threshold has been exceeded, wherein the authentication challenge is received using the uniform resource locator, and wherein the authentication challenge is dynamically generated by the server computer based on transaction history associated with the account; sending, by the client computer, a challenge response to the server computer, wherein the server computer compares the challenge response to an expected response; receiving, by the client computer from the server computer, a result of the consumer authentication; and sending, by the client computer, the result of the consumer authentication to the merchant computer, wherein the merchant computer thereafter initiates authorization processing. 2. The method of claim 1 , wherein the risk determination is a risk score. 3. The method of claim 1 wherein the result of the consumer authentication is sent in a payer authentication response. 4. The method of claim 1 , wherein the merchant computer is configured to send the request message to the server computer via a directory server. 5. The method of claim 1 , wherein the transaction is a credit card transaction. 6. The method of claim 1 , further comprising: sending information regarding the result of the consumer authentication to an authentication history server. 7. The method of claim 1 , wherein the authentication challenge comprises a password challenge. 8. The method of claim 1 , wherein authorization processing occurs through an acquirer. 9. A client computer comprising a processor and the computer readable medium coupled to the processor, the computer readable medium comprising code executable by the processor to implement a method comprising: sending, by the client computer, a transaction request to a merchant computer, the transaction request including information associated with an account being used to conduct the transaction, wherein the merchant computer is configured to send a request message to a server computer, wherein the server computer is configured to determine that an authentication challenge will be sent to the client computer based upon a risk determination that a risk threshold has been exceeded and is configured to determine that the authentication challenge will not be sent if the risk threshold is not exceeded; receiving, by the client computer from the merchant computer, a uniform resource locator associated with the server computer to be utilized for a consumer authentication; gathering and sending characteristics of the client computer to the server computer, wherein the risk determination is based upon characteristics of the transaction and the characteristics of the client computer; sending, by the client computer using the uniform resource locator, a request to the server computer for the consumer authentication; receiving, by the client computer, the authentication challenge from the server computer after the server computer determines that the risk threshold has been exceeded, wherein the authentication challenge is received using the uniform resource locator, and wherein the authentication challenge is dynamically generated by the server computer based on transaction history associated with the account; sending, by the client computer, a challenge response to the server computer, wherein the server computer compares the challenge response to an expected response; receiving, by the client computer from the server computer, a result of the consumer authentication; and sending, by the client computer, the result of the consumer authentication to the merchant computer, wherein the merchant computer thereafter initiates authorization processing. 10. The client computer of claim 9 , wherein the risk determination is a risk score. 11. The client computer of claim 9 , wherein the result of the consumer authentication is sent in a payer authentication response. 12. The client computer of claim 9 , wherein the merchant computer is configured to send the request message to the server computer via a directory server. 13. The client computer of claim 9 , wherein the transaction is a credit card transaction. 14. The client computer of claim 9 , wherein the method further comprises: sending information regarding the result of the consumer authentication to an authentication history server. 15. The client computer of claim 9 , wherein the authentication challenge comprises a password challenge. 16. The client computer of claim 9 , wherein authorization processing occurs through an acquirer. 17. A system comprising: the client computer of claim 9 ; and the server computer coupled to the client computer. 18. The system of claim 17 , further comprising the merchant computer coupled to the client computer. 19. The method of claim 1 , wherein the request that is sent from the client computer to the server computer for the consumer authentication includes at least one of an IP address associated with the client computer, a browser version associated with a browser in the client computer, and a browser language associated with the browser. 20. The method of claim 1 , wherein the request that is sent from the client computer to the server computer for the consumer authentication includes the characteristics of the client computer, and wherein the characteristics of the client computer include an IP address associated with the client computer, a browser version associated with a browser in the client computer, and a browser language associated with the browser. 21. The method of claim 1 , wherein sending the characteristics of the client computer to the server computer and sending the request to the server computer for the consumer authentication occur in a single message transmission.
Assignees
Inventors
Classifications
for mutual authentication (network architectures or network communication protocols for achieving mutual authentication in a packet data network H04L63/0869) · CPC title
using a predetermined code, e.g. password, passphrase or PIN (network architectures or network communication protocols for supporting authentication of entities using passwords in a packet data network H04L63/083) · CPC title
using tickets or tokens, e.g. Kerberos (network architectures or network communication protocols for entities authentication using tickets in a packet data network H04L63/0807) · CPC title
Personal security, identity or safety · CPC title
Buying, selling or leasing transactions · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9898740B2 cover?
- Embodiments of the invention enable cardholders conducting an online transaction to be authenticated in real-time using a challenge-response application. The challenge-response application can be administered by an issuer or by a third party on-behalf-of an issuer. A challenge question can be presented to the cardholder, and the cardholder's response can be verified. The challenge question pres…
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification G06Q20/4016. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 20 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).