One-Time Use Password Systems And Methods
Abstract
According to the invention, a method of using a one-time password for a transaction between a user and a merchant is disclosed. The method may include generating the one-time password. The method may also include authenticating the user by the authentication server in response to a request from the user to use the one-time password. The method may further include authorizing the use of the one-time password for the transaction in response to authenticating the user by the authentication server. The method may moreover include using the one-time password in combination with an account number to settle the transaction between the user and the merchant. The method may additionally include sending a message to the authentication server originating from the merchant, wherein the message comprises the one-time password, and wherein the message requests a determination whether the one-time password is authorized for use in the transaction. The method may also include sending a message to the merchant originating from the authentication server, wherein the message includes a determination whether the transaction should be approved in response to the authentication server determining whether the one-time password is authorized for use in the transaction.
Claims
exact text as granted — not AI-modified1 . A method of using a one-time password for a transaction by a user, comprising:
requesting an authentication server for authorization to use the one-time password in the transaction; generating a signed challenge at an electronic device based on information received from a user to sign the challenge; and sending the signed challenge from the electronic device to the authentication server to authenticate the user and authorize the use of the one-time password in the transaction.
2 . The method of claim 1 , further comprising generating the one-time password at the electronic device and sending the one-time password from the electronic device to the authentication server.
3 . The method of claim 1 , further comprising receiving the one-time password at the electronic device from the authentication server.
4 . The method of claim 1 , further comprising the electronic device generating the challenge, wherein the authentication server generates a substantially similar challenge.
5 . The method of claim 1 , further comprising receiving the challenge at the electronic device from the authentication server.
6 . The method of claim 1 , wherein the challenge comprises at least a part of the one-time password.
7 . The method of claim 1 , wherein generating a signed challenge at an electronic device based on information received from a user to sign the challenge comprises:
receiving a user access code at the electronic device; using at least the user access code to retrieve a private key from a key wallet, wherein the key wallet is configured to output a key having the appearance of the private key for at least one access code not equaling the user access code; and creating the signed challenge by encrypting the challenge with the private key.
8 . The method of claim 1 , wherein sending the signed challenge to the authentication server further comprises sending a public key that is encrypted using a key known only to the authentication server.
9 . The method of claim 1 , further comprising:
the electronic device transmitting the one-time password to a merchant; and the electronic device transmitting an account number to the merchant.
10 . A method of authorizing a one-time password by an authentication server to be used in a transaction by a user, comprising:
receiving, at the authentication server, a request originating from an electronic device to authorize the one-time password; sending a challenge via a secure communication channel from the authentication server to the electronic device of the user to authenticate the user; receiving, at the authentication server, a signed version of the challenge originating from the electronic device of the user via a secure communication channel; determining, by the authentication server, whether the user is authentic based on the signed challenge; and authorizing, by the authentication server, the one-time password for use in the transaction in response to a determination that the user is authentic based on the signed challenge.
11 . The method of claim 10 , further comprising:
receiving a request originating from an issuer server to determine if the one-time password has been authorized for use in the transaction; and in response to a determination that the one-time password is authorized for use, sending a notification to the issuer server that the one-time password is authorized.
12 . The method of claim 11 , further comprising:
in response to a determination that the one-time password is authorized for use, sending a notification to the issuer server that the one-time password is authorized.
13 . The method of claim 10 , further comprising restricting the user's access to future one-time password authorization if the user is determined not to be authentic after a predetermined number of failed authentication attempts.
14 . The method of claim 10 , further comprising receiving the one-time password in a message originating from the user.
15 . The method of claim 10 , further comprising generating the one-time password and sending it to the electronic device of the user.
16 . The method of claim 10 , wherein the step of receiving a signed challenge originating from the electronic device of the user via a secure communication channel further comprises receiving a public key this is encrypted with a key known only to the authentication server.
17 . The method of claim 16 , wherein the step of determining whether the user is authentic comprises:
decrypting the public key using the key known only to the authentication server; decrypting the signed challenge using the public key to create a decrypted challenge; determining whether the decrypted challenge matches the challenge; and determining that the user is authentic in response to determining that the decrypted challenge matches the challenge.
18 . A system for using a one-time password in a transaction, comprising:
a processor configured to:
receive a request originating from an electronic device to authorize the one-time password for use in the transaction;
send a challenge to the electronic device to authenticate a user;
receive a signed version of the challenge originating from the electronic device;
determine whether the user is authentic based on the signed version of the challenge; and
authorize the one-time password for use in the transaction in response to a determination that the user is authentic based on the signed version of the challenge.
19 . The system of claim 18 , wherein the processor is further configured to:
receive a request originating from an issuer server to determine if the one-time password has been authorized for use in the transaction; and in response to a determination that the one-time password is authorized for use, send a notification to the issuer server that the one-time password is authorized.
20 . The system of claim 19 , wherein the processor is further configured to:
in response to a determination that the one-time password is authorized for use, send a notification to the issuer server that the one-time password is authorized.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.