US2021021590A1PendingUtilityA1
Method for secure user and transaction authentication and risk management
Est. expiryJan 27, 2030(~3.5 yrs left)· nominal 20-yr term from priority
Inventors:Ravi Ganesan
H04L 63/0838H04L 9/3228H04L 9/3215H04L 2463/082H04L 63/18H04L 63/20
67
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website, directly from the network site. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret.
Claims
exact text as granted — not AI-modified1 - 20 . (canceled)
21 . A method comprising:
receiving, by a network site, an indication that a transaction has been initiated at a network device; transmitting, by the network site, transaction details capable of being received by a security server; computing, at the network site, a first one-time password utilizing the transaction details; and transmitting, by the network site, an approval for the initiated transaction to occur responsive to detecting a match between the first one-time password and a value entered at the network device that corresponds to a second one-time password.
22 . The method of claim 21 , further comprising the security server transmitting, responsive to receiving the transaction details, the second one-time password to the network device.
23 . The method of claim 22 , wherein the transmitting, by the network site, of the approval is additionally based on the security server and the network site computing in accordance with an agreed-upon operation.
24 . The method of claim 22 , wherein the computing, at the network site, of the first one-time password comprises a computing operation that is independent from a computing operation of the second one-time password by the security server.
25 . The method of claim 22 , further comprising the security server computing the second one-time password as a function of the transaction details.
26 . The method of claim 25 , wherein the security server computes the second one-time password as a function of a secret shared with the network site.
27 . The method of claim 25 , wherein the security server computes the second one-time password as a function of a time stamp or a counter value.
28 . The method of claim 21 , further comprising the network site computing the first one-time password as a function of the transaction details.
29 . The method of claim 28 , wherein the network site computes the first one-time password as a function of a secret shared with the network site.
30 . The method of claim 28 , wherein the network site computes the first one-time password as a function of a time stamp or a counter value.
31 . The method of claim 21 , further comprising:
combining the transaction details with data received from one or more additional network sites; and transmitting the transaction details in the data received from the one or more additional network sites to a risk engine.
32 . A system comprising:
a network site adapted to:
receive an indication that a transaction has been initiated at a network device, and to
transmit transaction details and the indication to a network, the network being coupled to a security server, and to
compute a first one-time password utilizing the transaction details, and to transmit an approval for the initiated transaction to occur responsive to detecting a match between the first one-time password and a value entered at the network device that corresponds to the first one-time password.
33 . The system of claim 32 , wherein the security server is adapted to receive, from the network, the transaction details and to transmit, responsive to receipt of the transaction details, a second one-time password to the network device.
34 . The system of claim 33 , wherein the network site is additionally adapted to compute the first one-time password via a computing operation that is independent from computation of the second one-time password by the security server.
35 . The system of claim 33 , wherein the security server is additionally adapted to compute the second one-time password as a function of the transaction details.
36 . The system of claim 33 , wherein the security server is additionally adapted to compute the second one-time password as a function of a secret shared with the network site.
37 . The system of claim 33 , wherein the security server is additionally adapted to compute the second one-time password as a function of a time stamp or a counter value.
38 . The system of claim 33 , wherein the network site and the security server are adapted to compute the first one-time password and the second one-time password responsive to computing in accordance with an agreed-upon operation.
39 . The system of claim 32 , wherein the network site is additionally adapted to compute the first one-time password as a function of the transaction details.
40 . The system of claim 32 , wherein the network site is additionally adapted to compute the first one-time password as a function of a secret shared with the network site.
41 . The system of claim 32 , wherein the network site is additionally adapted to compute the first one-time password as a function of a time stamp or a counter value.
42 . The system of claim 32 , wherein the security server is additionally adapted to combine the transaction details with data received from one or more additional network sites and to transmit a risk metric, computed utilizing the transaction details and the received data, to a risk engine.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.