US2021021590A1PendingUtilityA1

Method for secure user and transaction authentication and risk management

67
Assignee: PAYFONE INCPriority: Jan 27, 2010Filed: Aug 10, 2020Published: Jan 21, 2021
Est. expiryJan 27, 2030(~3.5 yrs left)· nominal 20-yr term from priority
Inventors:Ravi Ganesan
H04L 63/0838H04L 9/3228H04L 9/3215H04L 2463/082H04L 63/18H04L 63/20
67
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website, directly from the network site. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret.

Claims

exact text as granted — not AI-modified
1 - 20 . (canceled) 
     
     
         21 . A method comprising:
 receiving, by a network site, an indication that a transaction has been initiated at a network device;   transmitting, by the network site, transaction details capable of being received by a security server;   computing, at the network site, a first one-time password utilizing the transaction details; and   transmitting, by the network site, an approval for the initiated transaction to occur responsive to detecting a match between the first one-time password and a value entered at the network device that corresponds to a second one-time password.   
     
     
         22 . The method of  claim 21 , further comprising the security server transmitting, responsive to receiving the transaction details, the second one-time password to the network device. 
     
     
         23 . The method of  claim 22 , wherein the transmitting, by the network site, of the approval is additionally based on the security server and the network site computing in accordance with an agreed-upon operation. 
     
     
         24 . The method of  claim 22 , wherein the computing, at the network site, of the first one-time password comprises a computing operation that is independent from a computing operation of the second one-time password by the security server. 
     
     
         25 . The method of  claim 22 , further comprising the security server computing the second one-time password as a function of the transaction details. 
     
     
         26 . The method of  claim 25 , wherein the security server computes the second one-time password as a function of a secret shared with the network site. 
     
     
         27 . The method of  claim 25 , wherein the security server computes the second one-time password as a function of a time stamp or a counter value. 
     
     
         28 . The method of  claim 21 , further comprising the network site computing the first one-time password as a function of the transaction details. 
     
     
         29 . The method of  claim 28 , wherein the network site computes the first one-time password as a function of a secret shared with the network site. 
     
     
         30 . The method of  claim 28 , wherein the network site computes the first one-time password as a function of a time stamp or a counter value. 
     
     
         31 . The method of  claim 21 , further comprising:
 combining the transaction details with data received from one or more additional network sites; and   transmitting the transaction details in the data received from the one or more additional network sites to a risk engine.   
     
     
         32 . A system comprising:
 a network site adapted to:
 receive an indication that a transaction has been initiated at a network device, and to 
 transmit transaction details and the indication to a network, the network being coupled to a security server, and to 
 compute a first one-time password utilizing the transaction details, and to transmit an approval for the initiated transaction to occur responsive to detecting a match between the first one-time password and a value entered at the network device that corresponds to the first one-time password. 
   
     
     
         33 . The system of  claim 32 , wherein the security server is adapted to receive, from the network, the transaction details and to transmit, responsive to receipt of the transaction details, a second one-time password to the network device. 
     
     
         34 . The system of  claim 33 , wherein the network site is additionally adapted to compute the first one-time password via a computing operation that is independent from computation of the second one-time password by the security server. 
     
     
         35 . The system of  claim 33 , wherein the security server is additionally adapted to compute the second one-time password as a function of the transaction details. 
     
     
         36 . The system of  claim 33 , wherein the security server is additionally adapted to compute the second one-time password as a function of a secret shared with the network site. 
     
     
         37 . The system of  claim 33 , wherein the security server is additionally adapted to compute the second one-time password as a function of a time stamp or a counter value. 
     
     
         38 . The system of  claim 33 , wherein the network site and the security server are adapted to compute the first one-time password and the second one-time password responsive to computing in accordance with an agreed-upon operation. 
     
     
         39 . The system of  claim 32 , wherein the network site is additionally adapted to compute the first one-time password as a function of the transaction details. 
     
     
         40 . The system of  claim 32 , wherein the network site is additionally adapted to compute the first one-time password as a function of a secret shared with the network site. 
     
     
         41 . The system of  claim 32 , wherein the network site is additionally adapted to compute the first one-time password as a function of a time stamp or a counter value. 
     
     
         42 . The system of  claim 32 , wherein the security server is additionally adapted to combine the transaction details with data received from one or more additional network sites and to transmit a risk metric, computed utilizing the transaction details and the received data, to a risk engine.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.