CN101473344A - Consumer authentication system and method - Google Patents

Consumer authentication system and method Download PDF

Info

Publication number
CN101473344A
CN101473344A CN 200780022874 CN200780022874A CN101473344A CN 101473344 A CN101473344 A CN 101473344A CN 200780022874 CN200780022874 CN 200780022874 CN 200780022874 A CN200780022874 A CN 200780022874A CN 101473344 A CN101473344 A CN 101473344A
Authority
CN
China
Prior art keywords
challenge
message
consumer
authorization
response message
Prior art date
Application number
CN 200780022874
Other languages
Chinese (zh)
Inventor
A·哈玛德
M·卡尔森
P·费斯
Original Assignee
维萨美国股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US81505906P priority Critical
Priority to US60/815,059 priority
Priority to US60/815,430 priority
Priority to US60/884,089 priority
Application filed by 维萨美国股份有限公司 filed Critical 维萨美国股份有限公司
Publication of CN101473344A publication Critical patent/CN101473344A/en

Links

Abstract

A method for using a secondary PAN is disclosed. The method includes providing a secondary PAN associated with a primary PAN, where the secondary PAN has at least one end portion that is the same as the primary PAN, but has a middle portion of that is different than the primary PAN.

Description

消费者认证系统和方法 Consumer Authentication system and method

相关申请的交叉引用 Cross-Reference to Related Applications

本申请是2006年6月19日提交的美国临时专利申请60/815,059号、2006 年6月20日提交的美国临时专利申请60/815,430号、以及2007年1月9日提交的美国临时专利申请60/884,089号的非临时专利申请,并要求这些临时申请的提交日期的优先权。 This application is US Provisional Patent 2006 June 19 filed Application No. 60 / 815,059, US Provisional Patent 2006 June 20 filed / No. 815,430 60, and US Provisional Patent 2007 January 9 filed No. 60 / 884,089 is non-provisional patent application, provisional application and claims the priority date of submission. 此处的所有这些申请出于所有目的通过整体引用结合于此。 All of these applications for all purposes herein incorporated by reference in its entirety.

些旦冃豕 Xiedanmaoshi

拥有确保正在使用诸如信用卡等便携式消费者设备的消费者确实是与该信用卡相关联的消费者的机制是合乎需要的。 Has to ensure that such consumers are using credit cards and other portable consumer devices is indeed associated with the credit card consumers mechanism is desirable. 欺诈活动对商家、便携式消费者设备发行商、以及其他人来说代价可能是非常高昂的。 Fraudulent activities of businesses, the portable consumer device publishers, as well as the expense of other people who may be very high.

公知有多种消费者认证机制。 There are many well-known consumer authentication mechanisms. 在常规消费者认证过程的一个示例中,消费者可以使用其信用卡在煤气站购买煤气。 In one example of a conventional consumer authentication process, consumers can use their credit cards to buy gas at a gas station. 在该消费者被允许购买煤气之前和在认证请求消息被发送给便携式消费者设备的发行商之前,煤气泵可以请求消费者提供其邮政编码。 Before the consumer is allowed to purchase gas and the authentication request message is sent to the publisher before the portable consumer devices, gas pumps can be requested to provide consumers with their zip code. 该认证请求可以由商家来提供作为确保消费者实际上是与该信用卡相关联的消费者的一种方式。 The authentication request can be provided as a way to ensure that consumers and the consumer is actually associated with a credit card by a merchant. 煤气站想要验证消费者是可信的,因为煤气站可能承受由在该煤气站进行的购买所引起的任何欺诈活动的某些风险。 Gas station wants to verify that the consumer is credible, because some gas stations may bear the risk of any fraudulent activities carried out by the purchaser at the gas station caused.

尽管这种常规的认证方法是有效的,但可以做出多种改进。 While such conventional authentication method is effective, but it can make a variety of improvements. 例如,常规的认证请求通常是静态的。 For example, conventional authentication request is generally static. 例如,如果某人偷了消费者的便携式消费者设备并且知道该消费者的邮政编码,则该人仍然能够使用该可信便携式消费者设备进行欺诈交易。 For example, if someone stole the consumer's portable consumer device and know the consumer's zip code, the person will still be able to use the trusted portable consumer devices fraudulent transactions. 此外,商家拥有关于该消费者的有限的信息,并且可在消费者处提供的质询的类型是有限的。 In addition, businesses have limited information about the consumer, and the consumer Types at question is limited.

需要更好的使用便携式消费者设备来认证消费者的方式。 The need for better use of portable consumer devices to authenticate the consumer's way. 本发明的各实施例单独地或共同地解决以上问题和其它问题。 Embodiments of the present invention to solve the above problems individually or collectively, and other problems.

6发明概述本发明的各实施例可以认证消费者。 Summary of the Invention Embodiments of the invention 6 can authenticate the consumer.

本发明的一实施例针对包括接收与使用便携式消费者设备进行交易的消费者相关联的认证请求消息的方法。 A method for the authentication request message comprises receiving using a portable consumer device of consumer transactions associated with embodiments of the present invention. 向该消费者发送质询消息,其中该质询消息是动态的或半动态的。 Sending a challenge message to the consumer, wherein the challenge message is dynamic or semi dynamic. 从该消费者接收质询响应消息,并且向该消费者发送授权响应消息。 The consumer receives the challenge response message, and sends an authorization response message to the consumer. 该授权响应消息指示该交易是否被授权。 The authorization response message indicating whether the transaction is authorized.

本发明的另一实施例针对一种方法,该方法包括发起授权请求消息,其中该授权请求消息与用便携式消费者设备进行交易的消费者相关联并且被发送给与该便携式消费者设备相关联的发行商;接收质询消息,其中该质询消息是动态的或半动态的;以及随后发起质询响应消息,其中该质询响应消息是响应于该质询消息的。 Another embodiment of the present invention is directed to a method comprising initiating an authorization request message, wherein the authorization request message consumer transactions associated with the portable consumer device and transmitted to the portable consumer device is associated give publisher; receiving a challenge message, wherein the inquiry message is dynamic or semi-dynamic; and then initiate the challenge response message, wherein the challenge response message is a response to the challenge message. 接收授权响应消息,其中该授权响应消息指示该交易是否被授权。 Receiving an authorization response message, wherein the authorization response message indicating whether the transaction is authorized.

本发明的又一实施例针对一种方法,该方法包括在发行商处接收从接入设备发送的授权请求消息。 A further embodiment of the present invention is directed to a method comprising receiving a transmission from the access device at the issuer authorization request message. 响应于接收到该授权请求消息,在授权消费者进行的交易之前,将一个或多个动态质询问题提供给该消费者。 In response to receiving the authorization request message, the transaction authorization before consumers will provide one or more dynamic challenge question to the consumer.

本发明的又一实施例针对一种方法,该方法包括接收与用便携式消费者设备进行交易的消费者相关联的第一授权请求消息,向该消费者发送质询消息, 接收包括质询响应消息的第二授权请求消息,以及向该消费者发送授权响应消息,其中该授权响应消息指示该交易是否被授权。 A further embodiment of the present invention is directed to a method that includes receiving a first consumer transaction authorization request message associated with a portable consumer device, sending a challenge message to the consumer, receiving a challenge response message the second authorization request message, and transmitting the authorization response message to the consumer, wherein the authorization response message indicating whether the transaction is authorized.

本发明的又一实施例针对一种方法,该方法包括发送与用便携式消费者设备进行交易的消费者相关联的第一授权请求消息,接收质询消息,发送包括质询响应消息的第二授权请求消息,以及接收授权响应消息,其中该授权响应消息指示该交易是否被授权。 A further embodiment of the present invention is directed to a method, the method includes sending a first authorization consumer associated with the transaction request message to the portable consumer device, receiving a challenge message, sending a second authorization request includes the challenge response message message, and receiving the authorization response message, wherein the authorization response message indicating whether the transaction is authorized.

本发明的其它实施例针对与上述方法相关联的系统、便携式消费者设备、 以及计算机可读介质。 Other embodiments of the invention related to the above-described method for linking systems, portable consumer devices, and computer readable media.

以下参考附图和详细描述更详细地描述了本发明的这些和其它实施例。 The following description with reference to the drawings and detailed description of these and other embodiments of the present invention in more detail.

附图说明 BRIEF DESCRIPTION

图1示出根据本发明的一实施例的系统的框图。 Figure 1 shows a block diagram of a system according to an embodiment of the present embodiment of the invention. 图2示出一种类型的便携式消费者设备的框图。 Figure 2 shows a block diagram of a portable consumer device type.

图3示出第二类型的便携式消费者设备的平面图。 Figure 3 shows a plan view of a portable consumer device of the second type.

图4示出例示根据本发明一实施例的方法的流程图。 Figure 4 shows a flowchart illustrating a method according to an embodiment of the present invention.

图5示出例示根据本发明一实施例的另一方法的另一流程图。 FIG 5 shows another embodiment of a flow chart illustrating another method according to an embodiment of the present invention.

图6示出本发明的各实施例的某些认证方面的框图。 Figure 6 shows a block diagram illustrating certain aspects of the certification of the various embodiments of the present invention.

图7示出计算机装置的框图。 Figure 7 shows a block diagram of a computer apparatus.

详细描述 Detailed Description

当前,使用质询问题的消费者认证通常在商家处执行。 Currently, the use of challenge questions Consumer Authentication is typically performed in the business office. 在允许用便携式消费者设备的购买交易进行之前,商家向消费者要求如驾驶执照等标识。 Before allowing a purchase portable consumer devices, business to consumer demands such as a driver's license and other identification. 在某些情况下,提供更"后端"的消费者认证过程可能更好,以便发行商和/或支付处 In some cases, provide a more "back-end" consumers certification process may be better for publishers and / or payment of the

理组织(如,维萨(Visa))能验证消费者的身份。 Management organizations (such as Visa (Visa)) to verify the identity of consumers. 发行商和/或支付处理组织比商家拥有关于该消费者的更多的数据,从而处于更好的位置来认证该消费者。 Publisher and / or payment processing organization has more data about the consumer than business, thus in a better position to authenticate the consumer. 例如,发行商拥有诸如消费者的地址、母亲的娘家姓等信息。 For example, publishers have as consumers address, mother's maiden name and other information. 另外,发行商和支付处理组织拥有诸如最近的购买信息和消费者购买行为等信息。 In addition, publishers and payment processing organizations with information such as the recent purchase information and consumer buying behavior. 任何这种信息都可被用来帮助在购买交易中认证消费者。 Any such information may be used to help consumers in the purchase transaction authentication.

因此,在本发明的各实施例中,具有关于消费者的信息的支付处理组织、 发行商、或任何其它非商家实体都可以向消费者提出质询问题来认证该消费者。 Accordingly, in various embodiments of the present invention, a payment processing organization has information about the consumer, the publisher, or any other non-business entities may submit questions to challenge consumers to authenticate the consumer. 质询问题可以是静态的,其中对每一购买交易询问同样的问题,或者是动态的,其中随时间流逝可以询问不同的问题。 Challenge questions can be static, where each purchase ask the same question, or dynamic, which over time can ask different questions.

所询问的问题也可以具有静态的或动态的(半动态的或全动态的)回答。 (Semi-dynamic or full-motion) by asking questions can also have a static or dynamic responses. 例如,问题"你的生日是哪天?"要求静态回答,因为回答不会改变。 For example, the question "Your birthday?" Requirement static to answer, because the answer will not change. 问题"你的邮政编码是多少?"要求半动态的回答,因为它可以改变或可偶尔改变。 Question "What is your zip code?" Semi-dynamic requirements of the answer, because it may change or be changed occasionally. 最后,问题"你昨天下午4点购买了什么?"将要求动态回答,因为回答频繁改变。 Finally, the question "what you bought yesterday 16:00?" Will require dynamic answer, because the answer changes frequently. 因此,在各优选实施例中,质询问题优选地基于发行商最可能拥有的"实时"信息。 Therefore, in the preferred embodiment, preferably challenge questions "real-time" information on issuers most likely to have. 例如,消费者可能被问到更具体的问题,如"你昨晚出去在Mexican 餐厅吃饭吗?"通过提供基于更具体知识的消费者质询,确保了对消费者的认证。 For example, consumers may be asked more specific questions, such as "You go out to dinner last night at the Mexican restaurant right?" By providing knowledge based on more specific question of consumers, ensure the authentication of consumers.

在一实施例中,该方法包括使用便携式消费者设备进行.诸如购买交易等交易。 In one embodiment, the method includes the use of a portable consumer device. Such as purchase transactions. 便携式消费者设备可以是信用卡或类似设备。 Portable consumer device may be a credit card or similar device. 购买交易可以发生在拥有诸如销售点终端等接入设备的商家处。 Purchase transaction can take place at the business office has access devices such as point of sale terminals and the like.

消费者可以使用该便携式消费者设备来与诸如销售点终端等接入设备进行交互并启动该过程。 Consumers can use the portable consumer device to a point of sale terminal, such as access device to interact and initiate the process. 销售点终端可以发起并随后生成认证请求消息,该消息此后可被发送给支付处理网络,并随后被发送给该便携式消费者设备的发行商。 Point of sale terminal may initiate and subsequently generates an authentication request message, after which the message may be sent to the payment processing network, and then sent to the issuer of the portable consumer device. 在支付处理网络或发行商接收到该认证请求消息时,分析该消息。 When the issuer or payment processing network receives the authentication request message, it analyzes the message. 随后生成本质上可以是动态的或半动态的质询消息,并将其发送给消费者。 Essentially then generated may be dynamic or semi-dynamic challenge message and send it to the consumer. 质询消息可被发送回接入设备,或发送给消费者的便携式消费者设备(例如,在便携式消费者设备是移动电话的情况下)。 The portable consumer device challenge message may be sent back to the access device, or sent to the consumer (e.g., in the portable consumer device is a mobile telephone).

该消费者随后提供对该质询消息的响应。 The consumer then provide a response to the challenge message. 从该消费者接收该质询响应消息。 Receiving the challenge response message from the consumer. 该质询响应消息随后被验证并且如果其被验证,则分析授权响应消息以确定该交易是否被授权(例如,该消费者的帐户中存在足够资金或该消费者的帐户中存在足够的信用额度)。 The challenge response message is then verified and if it is verified, the authorization response message analysis to determine whether the transaction is authorized (for example, the consumer's account exists there is enough credit or enough money in the consumer's account) . 如果该交易被授权,则发行商并且还有支付处理网络向该消费者发送授权响应消息。 If the transaction is authorized, the publisher and also send a payment processing network authorization response message to the consumer. 该授权响应消息指示该交易是否被授权。 The authorization response message indicating whether the transaction is authorized.

在以上和以下所描述的各具体实施例中,详细地描述了质询问题,但本发明的各实施例不限于此。 In the above specific embodiments and described below in detail, the problem described in the question, but the embodiment is not limited thereto various embodiments of the present invention. 本发明的各实施例一般可以涉及使用可以包括质询问题的质询消息。 Embodiments of the present invention may involve the use generally include a challenge message may challenge questions. 在某些实施例中,如下将更详细地描述的,质询消息可由或不可由消费者来读取,并可以用直接或间接的方式来质询消费者的真实性。 In certain embodiments, described in more detail below, the challenge message may or may not be read by the consumer, and can be used directly or indirectly to challenge the authenticity of the consumer. 质询问题的示例包括涉及消费者的便携式消费者设备的问题(例如,你的卡背面的CVV2或卡校验值是什么?)、消费者的位置(例如,你的邮政编码是什么?)、 消费者的移动或固定电话(例如,你的移动电话号码是什么?)、消费者的个人信息(例如,你母亲的娘家姓是什么?)等。 Examples of the challenge questions include issues involving consumer portable consumer devices (eg, CVV2 card verification value or the back of your card what is?), The consumer's location (for example, what is your zip code?), consumers of mobile or fixed phone (for example, your mobile phone number what is?), the consumer's personal information (for example, your mother's maiden name what is?) and so on. 不是由消费者明确回答的问题的质询消息的示例包括向电话自动地查询其位置或电话号码并取回这一信息的消息。 Examples challenge message is not a clear answer to the question by the consumer, including automatically inquire about their location or phone number to call and retrieve the news information. 质询消息的另一示例可以是向电话提供代码(或其它认证令牌)的消息,并且在哮入设备处使用该代码将认证该用户。 Another example is to provide a challenge message may be a message code (or other authentication token) to the phone and use the code in the asthma will authenticate the user of the device.

I.系统 I. System

图1示出例示根据本发明一实施例的示例性系统20。 1 illustrates illustrates a system 20 in accordance with an exemplary embodiment of the present invention. 根据本发明的其它实 According to other embodiments of the present invention.

施例的其它系统可以包括比图1所示出的更多或更少的组件。 Other embodiments of the system may include more or fewer components than shown in FIG.

图1中示出的系统20包括商家22和与商家22相关联的收单方24。 1 shown in FIG. 20, the system 2222 includes a merchant associated with the merchant and the acquirer 24. 在典型的支付交易中,消费者30可以使用便携式消费者设备32在商家22处购买商品或服务。 In a typical payment transaction, the consumer can use the portable consumer device 30 32 purchase goods or services at the merchant 22. 商家22可以是实体商家或电子商家(e-merchant)。 Merchant 22 may be solid or merchant electronic merchant (e-merchant). 收单方24 可以经由支付处理网络26与发行商28进行通信。 The acquirer 26 and issuer 24 can communicate via 28 payment processing network. 商家22可以另选地直接连接到支付处理网络26。 Business 22 may alternatively be connected directly to the payment processing network 26.

消费者30可以是个人或诸如能够购买商品或服务的公司等组织。 Consumers such as 30 may be individuals or companies to purchase a good or service organization. 在其它实施例中,消费者30可以仅仅是想要进行诸如汇款交易或在ATM处的交易等某种其它类型的交易的个人。 In other embodiments, the consumer 30 may just want to make money, such as trade or in some other type of individual transactions and other transactions at the ATM. 消费者30可以任选地操作无线电话34。 Consumers 30 can optionally operate the radiotelephone 34.

便携式消费者设备32可以是任何合适的形式。 The portable consumer device 32 may be any suitable form. 例如,合适的便携式消费者设备可以是手持式且是小型的,以便其可以适合消费者的钱包和/或口袋(例如,袖珍型的)。 For example, suitable portable consumer device can be hand-held and is compact, so that it can fit the consumer's wallet and / or pocket (e.g., pocket-sized). 它们可以包括智能卡、普通信用卡或借记卡(具有磁条而没有微处理器)、钥匙链设备(如可从Exxon-Mobil公司买到的Speedpass™)等。 They may include smart cards, ordinary credit or debit cards (with a magnetic strip and without a microprocessor), a keychain device (e.g., available from Exxon-Mobil Corporation Speedpass ™) and the like. 便携式消费者设备的其它示例包括蜂窝电话(例如,上述电话34)、个人数字助理(PDA)、寻呼机、支付卡、安全卡、赊购卡、智能介质、应答器等。 Other examples of portable consumer devices include cellular phones (such as the telephone 34), a personal digital assistant (PDA), pagers, payment cards, security cards, access cards, smart media, transponders and so on. 便携式消费者设备还可以是借记设备(例如,借记卡)、贷记设备(例如,信用卡)、或储值设备(例如,储值卡)。 The portable consumer devices can also be debit devices (eg, debit cards), credit devices (for example, credit card), or stored value devices (for example, stored value cards).

电话形式的示例性便携式消费者设备32'可以包括计算机可读介质和如图2所示的机体。 In the form of telephone exemplary portable consumer device 32 'may include a body and a computer-readable medium shown in FIG. 2. (图2示出多个组件,且根据本发明的各实施例的便携式消费者设备可以包括这些组件的任何合适的组合或子集。)计算机可读介质32(b) 可存在于机体32(h)中,或可与其分离。 (FIG. 2 shows a plurality of components, and the portable consumer device in accordance with various embodiments of the present invention may comprise any suitable combination or a subset of these components.) The computer-readable medium 32 (b) may be present in the body 32 ( h), or may be separate therefrom. 机体32(h)可以是塑料衬底、外壳、或其它结构的形式。 Body 32 (h) may be a plastic substrate, housing, or other structures form. 计算机可读介质32(b)可以是存储数据的存储器且可以是任何合适的形式,包括磁条、存储器芯片等。 The computer-readable medium 32 (b) may be a memory for storing data and may be in any suitable form including a magnetic stripe, a memory chip. 存储器优选地存储诸如金融信息、通行信息(例如,在地铁或火车关口)、出入信息(例如,在出入证件中)等信息。 The memory preferably stores such as financial information, traffic information (e.g., in a subway or train pass), access information (e.g., the document in and out) and other information. 金融信息可以包括诸如银行帐户信息、银行标识号(BIN)、信用卡或借记卡号信息、帐户余额信息、有效期、诸如名字、生日等消费者信息等信息。 Financial information may include information such as bank account information, bank identification number (BIN), credit card or debit card information, account balance information, expiration date, such as name, date of birth and other consumer information. 任何这些信息都可由便携式消费者设备32来发送。 Any information may be transmitted by the portable consumer device 32.

存储器中的信息还可以是传统上与信用卡相关联的数据磁道的形式。 Information storage may also be in the form of a traditional credit card data associated with tracks. 这些磁道包括磁道1和磁道2。 These tracks comprises a track 1 and the track 2. 磁道1 ("国际航空运输协会")比磁道2存储更多信息,并且包含持卡人的名字以及帐号和其它任意数据。 Track 1 ( "International Air Transport Association") to store more information than the track 2, and include the name and account number and any other data of the cardholder. 该磁道有时由航空公司在用信用卡确保保留座位时来使用。 The track is sometimes used by the airlines to ensure that at the time held the seat with a credit card. 磁道2 ("美国银行协会")是当前最普遍使用的。 Track 2 ( "American Bankers Association") is the most commonly used. 这是由ATM和信用卡检验器所读取的磁道。 This is a track inspection by the ATM and credit card by the reader. ABA (美国银行协会)设计了该磁道的规范且全世界银行都必须遵守它。 ABA (American Bankers Association) designed the specifications of the track and the world banks must abide by it. 其包含持卡人帐户、 经加密的PIN数据、加上其它任意数据。 Comprising cardholder account, encrypted PIN data, plus any other data. 便携式消费者设备32还可以包括非接触式元件32(g),其通常以具有相关联的诸如天线等无线传输(例如,数据传输)元件的半导体芯片(或其它数据 The portable consumer device 32 may further comprise a non-contact element 32 (G), which typically has an associated antenna or the like, such as a radio transmission (e.g., data transfer) of the semiconductor element chip (or other data

存储元件)的形式实现。 The storage element) is achieved. 非接触式元件32(g)与便携式消费者设备32相关联(例如,嵌入在其中)且经由蜂窝网络所发送的数据或控制指令可通过非接触式元件接口(未示出)来应用于非接触式元件32(g)。 Non-contact element 32 (G) 32 with the portable consumer device is associated with (e.g., embedded therein) and the data or control instructions transmitted via a cellular network (not shown) via the contactless interface element is applied to the non- contactless element 32 (g). 非接触式元件接口用以准许在移动设备电路(并且因此蜂窝网络)和可任选非接触式元件32(g)之间交换数据和/或控制指令。 Contactless element interface to permit the exchange of data in the mobile device circuitry (and therefore the cellular network) and optionally a non-contact element 32 (g) between and / or control instructions.

非接触式元件32(g)能够使用近场通信("NFC")能力(或近场通信介质) 通常根据标准化协议或数据传输机制(例如,ISO 14443/NFC)来发送和接收数据。 Non-contact element 32 (g) capacity (or near field communications medium) typically send and receive data in accordance with a standardized protocol or data transfer mechanism (e.g., ISO 14443 / NFC) can be used near field communications ( "NFC"). 近场通信能力是近程通信能力,如RFID、 Bluetooth"™ (蓝牙)、红外、 或可被用来在便携式消费者设备32和询问设备之间交换数据的其它数据传输能力。因此,便携式消费者设备32能够经由蜂窝网络和近场通信能力两者来传递和传输数据和/或控制指令。 ' Near field communication is a short-range communication capabilities capability, such as RFID, Bluetooth "™ (Bluetooth), infrared, or may be used between the portable consumer device and the interrogation device 32 to exchange other data transmission capacity of data. Thus, the portable consumer It can be transmitted by device 32 and transmitting data and / or control instructions via both a cellular network and a near field communication capabilities. '

便携式消费者设备32还可以包括用于处理便携式消费者设备32的功能的处理器32(c)(例如,微处理器)和允许消费者查看电话号码和其它信息和消息的显示器32(d)。 The portable consumer device 32 may further include a processor for processing functions of the portable consumer device 32 32 (C) (e.g., a microprocessor), and allows the consumer to view the phone numbers and other information, and message display 32 (d) . 便携式消费者设备32还可以包括允许消费者向该设备输入信息的输入元件32(e)、允许消费者听到语音通信、音乐等的扬声器32(f)、以及允许消费者通过便携式消费者设备32发送其语音的话筒32(i)。 The portable consumer device 32 may further comprise an input device to allow a consumer to enter information apparatus 32 (E), allowing the consumer to hear voice communications, music, a speaker 32 (F), and a portable consumer device allows consumers 32 sends its speech microphone 32 (i). 便携式消费者设备32还可以包括用于无线数据传输(例如,数据传输)的天线32(a)。 The portable consumer device 32 may also include a wireless data transmission (e.g., data transmission) antenna 32 (a).

如果便携式消费者设备是借记卡、信用卡、或智能卡的形式,则该便携式消费者设备还可以任选地具有诸如磁条等特征。 If the portable consumer device is in the form of a debit card, credit card, or smart card, the portable consumer device may also optionally have features such as magnetic strips. 这种设备能够以接触式或非接触式的模式来操作。 Such a device can be a contact or non-contact mode to operate.

卡片形式的便携式消费者设备32"的示例在图3中示出。图3示出塑料衬底32(m)。用于与接入设备34进行接口的非接触式元件32(0)可存在于塑料衬底32(m)上或嵌入于其中。诸如帐号、有效期、以及消费者名字等消费者信息32(p)可被打印或压印在卡片上。同样,磁条32(n)也可在塑料衬底32(m)上。 Exemplary form of a card of the portable consumer device 32 'is shown in Figure 3. Figure 3 shows the plastic substrate 32 (m). Noncontact element for interfacing with the access device 34 32 (0) may be present the plastic substrate 32 (m) or embedded therein. such as account number, expiration date, consumer name, and other consumer information 32 (P) may be printed or embossed on the card. Likewise, the magnetic stripe 32 (n-) also It may be a plastic substrate 32 (m) on.

如图3所示,便携式消费者设备32"可以包括磁条32(n)和非接触式元件32(0)两者。在其它实施例中,磁条32(n)和非接触式元件32(o)两者都可以在便携式消费者设备32"中。 3, the portable consumer device 32 'may include a magnetic stripe 32 (n-) and non-contact element 32 (0) both. In other embodiments, the magnetic stripe 32 (n-) and non-contact element 32 (o) both of which may in the portable consumer device 32. " 在其它实施例中,或者磁条32(n)或者非接触式元件32(o) 可以存在于便携式消费者设备32"中。 In other embodiments, the magnetic stripe 32 or (n-) or a non-contact element 32 (O) may be present in 32 "in the portable consumer device.

支付处理网络26可以包括被用来支持和传递授权服务、异常文件服务、以及清算和结算服务等数据处理子系统、网络、和操作。 The payment processing network 26 may include be used to support and deliver authorization services, exception file services, and clearing and settlement services such as data processing subsystems, networks, and operations. 示例性支付处理网络 An exemplary payment processing network

可以包括VisaNet™。 It may include VisaNet ™. 诸如VisaNetTM等支付处理网络能够处理信用卡交易、借记卡交易、以及其它类型的商业交易。 Such as VisaNetTM and other payment processing network capable of processing credit card transactions, debit card transactions, and other types of commercial transactions. 具体地,VisaNetTM包括处理授权请求的VIP系统(Visa集成支付系统)和执行清算和结算服务的BaseII系统。 Specifically, VisaNetTM including VIP treatment system (Visa Integrated Payment System) and implementation of clearing and settlement services BaseII system authorization request.

支付处理网络26可以包括服务器计算机。 The payment processing network 26 may include a server computer. 服务器计算机通常是功能强大的计算机或计算机群。 The server computer is typically a powerful computer or cluster of computers. 例如,服务器计算机可以是大型计算机、小型计算机群、 或作为一个单元来运作的服务器组。 For example, the server computer may be a mainframe computer, a minicomputer cluster, or group of servers functioning as a unit. 在一示例中,服务器计算机可以是耦合到web服务器的数据库服务器。 In one example, the server computer may be a database server coupled to a web server. 支付处理网络26可以使用任何合适的有线或无线网络,包括因特网。 The payment processing network 26 may use any suitable wired or wireless networks, including the Internet. ' '

如图1所示,支付处理网络26可以包括服务器26(a),其可以包括质询问题引擎26(a)-l。 1, the payment processing network 26 may include a server 26 (A), which may include a challenge question engine 26 (a) -l. 服务器26(a)还可以与交易历史数据库26(b)和质询问题数据库26(c)通信。 Server 26 (a) can also deal with the historical database 26 (b) and challenge questions database 26 (c) communications. 如下将更详细地描述的,质询问题引擎26(a)-l可以简单地从质询问题数据库26(c)中提取质询问题。 As will be described in detail, the challenge question engine 26 (a) -l simply from the challenge question database 26 (c) extracting challenge questions. 另选地或另外地,质询问题引擎26(a)-l可以使用交易历史数据库26(b)中的信息来生成质询问题。 Alternatively or additionally, the challenge question engine 26 (a) -l can use the information 26 (b) in the transaction history database to generate the challenge questions.

如下将更详细地解释的,质询问题本质上可以是静态的或动态的。 As will be explained in detail, in essence, challenge questions may be static or dynamic. 例如, 质询问题引擎26(a)-l可以接收授权请求消息,且该授权请求消息可以包括消费者的帐号以及购买金额。 For example, the challenge question engine 26 (a) -l authorization request message may be received, and the authorization request message may include the consumer's account number, and purchase amount. 其随后可以查找消费者的帐号和与该消费者的帐号相关联的任何消费者信息。 It can then look for any consumer information consumer and the consumer's account number associated with the account. 其此后可以从质询问题数据库26(c)中检索合适的问题或可以独立地生成合适的质询问题。 Which can thereafter be retrieved from question appropriate challenge question database 26 (c) or may be generated independently of suitable challenge question. 例如,在某些情况下,在接收到授权请求消息之后,质询问题引擎26(a)-l可以从质询问题数据库26(c)中检索问题"你的移动电话号码是什么?"。 For example, in some cases, after receiving the authorization request message, the challenge question engine 26 (a) -l from the challenge question database retrieval problems 26 (c), "Your mobile phone number what is?." 另选地,质询问题引擎26(a)-l可以生成诸如"你昨晚在麦当劳使用该信用卡了吗?"等动态问题。 Alternatively, the challenge question engine 26 (a) -l can generate, such as "Do you use the credit card at McDonald's last night yet?" And other dynamic problems. 关于消费者30前天所在的特定餐厅的信息可以从交易历史数据库26(b)中检索到。 Information about a particular restaurant where the consumer can be 30 the day before yesterday (b) retrieved from the database transaction history to 26.

质询问题数据库26(c)可以用任何合适类型的问题来填充。 Challenge question database 26 (c) may be filled with any suitable type of problem. 这些问题可以涉及过去的位置(例如,消费者当前的住地、消费者最近参观的城市)或当前位置(消费者当前所在的商店的当前位置)、消费者正在逗留或过去已经参观的商家的类型和名称、消费者的家庭或个人数据(例如,名字、电话号码、社会保障号码等),等等。 These issues may relate to past locations (for example, the current residence of the consumer, the consumer recently visited the city) or the current position (current position of consumers shop is currently located), consumers are staying or visiting in the past has been the type of business and the name of the consumer's home or personal data (eg, name, phone number, social security number, etc.), and so on. 质询问题数据库26(c)中的问题可由质询问题引擎26(a)-l 来生成并随后被存储在质询问题数据库26(c)中。 Challenge question database 26 (c) The problem in question by the engine 26 (a) -l generated and then stored in the challenge question database 26 (c),.

另选地,或另外地,质询问题可以从外部源生成并随后被存储在质询问题数据库26(c)中。 Alternatively, or additionally, the challenge question may be generated and subsequently stored in the challenge question database 26 (c) from an external source. 例如,消费者30可以使用个人计算机或类似设备上的浏览器 For example, consumers 30 can use a browser on a personal computer or similar device

12经由诸如因特网等通信介质(未示出)来向服务器26(a)提供具体的质询问题。 12 to provide a particular challenge question to the server 26 (a) via a communication medium such as a (not shown) such as the Internet. 在某些实施例中,消费者可以确定询问他或她自己的质询问题的种类和/ 或数量。 In some embodiments, the consumer can ask to determine his or her own kind of challenge questions and / or quantity. 例如,消费者可以指定如果该消费者去珠宝店则该消费者想要被询问三个质询问题,但如果该消费者去快餐店则只问一个问题。 For example, consumers can specify that if the consumer go to the jewelry store the consumers want to be asked three questions, but if the consumers to fast-food restaurant only to ask a question. 消费者所提出的问题的类型可以基于商家类型、购买频率等。 The type of issues raised by the consumer can be based on the type of business, purchase frequency. 涉及用户定义的授权参数的某些方 Authorization relates to user-defined parameters of certain aspects of

面在2005年3月5日提交的美国专利申请10/093,002号中描述,其出于所有目的通过整体引用结合与此。 In the face of US patent March 5, 2005 filed Application No. 10 / 093,002 describes, for all purposes by reference in conjunction with this overall.

在各优选实施例中,质询问题是从交易历史数据库26(b)中的过去的交易数据中导出的。 In preferred embodiments, the challenge question was trading data from the transaction history database 26 (b) is derived in the past. 随时间流逝,消费者30可能用支付处理网络26 (和/或发行商28)进行许多许多交易。 Over time, the consumer 30 may be many, many transactions with payment processing network 26 (and / or distributor 28). 随时间流逝,该支付交易信息可被存储在交易历史数据库26(b)中,并且可以使用交易信息来生成质询问题。 Over time, the payment transaction information can be stored in the transaction history database 26 (b), and transaction information can be used to generate the challenge questions. 过去的交易信息提供了用于认证消费者30的良好的基础,因为消费者30将知道消费者30过去进行了什么交易。 Past transaction information provides a good basis for the certification of 30 consumers, because consumers 30 consumers will know what were the last 30 transactions. 例如,消费者30前天在纽约可能使用其信用卡来支付酒店房间, 并在下一天可能被询问诸如"你昨天呆在纽约的一个酒店里吗?"等问题。 For example, consumers may use 30 the day before yesterday in New York, his credit card to pay for a hotel room, and the next day may be asked, such as "Yesterday you stay at a hotel in New York do?" And so on. 在另一示例中,消费者30前天可能购买了超过$2000的物品,并且在下一天可能被询问"你昨天进行了超过$2000的购物吗?"呈现给消费者30的问题/回答本质上可以是自由形式和/或可以包括诸如多选或真-假回答等用户可以从中选择的预格式化的回答。 In another example, consumers may have purchased more than 30 day before items of $ 2000, and the next day may be asked, "You were more than $ 2000 shopping yesterday?" Question presented to the consumer 30 / answer may be essentially free answered false answer preformatted like the user can choose to - form and / or may include information such as multiple choice or true.

商家22也可以拥有可以与便携式消费者设备32进行交互的接入设备34 或可以从其接收通信。 Merchant 22 may also have access device may interact with the portable consumer device 3234 or may receive communications therefrom. 根据本发明的各实施例的接入设备可以是任何合适的形式。 The access device embodiments of the present invention may be in any suitable form. 接入设备的示例包括销售点(POS)设备、蜂窝电话、PDA、个人计算机(PC)、写字板PC、手持式专用阅读器、机顶盒、电子收款机(ECR)、自动提款机(ATM)、虚拟收款机(VCR)、公共电话亭、安全系统、接入系统等。 Examples of access devices include point of sale (POS) device, a cellular phone, PDA, personal computer (PC), the PC tablet, a dedicated hand-held reader, set top box, electronic cash registers (the ECR), the cash dispenser (ATM ), virtual cash registers (VCR), public telephone booths, security systems, access systems. ~ ~

如果接入设备34是销售点终端,则任何合适的销售点终端都可以使用, 包括读卡器。 If the access device 34 is a point of sale terminal, any suitable point of sale terminal may be used, include a card reader. 读卡器可以包括任何合适的接触式或非接触式操作模式。 Reader may comprise any suitable contact or contactless mode of operation. 例如, 示例性读卡器可以包括与便携式消费者设备32进行交互的RF (射频)天线、 磁条阅读器等。 For example, the exemplary card reader may comprise RF (radio frequency) antenna, magnetic stripe reader, etc. interact with portable consumer device 32.

发行商28可以是可以具有与消费者30相关联的帐户的银行或其它组织。 Publisher 28 may be a bank or other organization may have accounts associated with the consumer 30. 发行商26可以操作可以具有质询问题引擎28(a)-l的服务器28(a)。 Publishers can operate 26 may have a challenge question engine 28 (a) -l server 28 (a). 交易历史数据库26(b)和质询问题数据库28(c)可以与服务器28(a)通信。 Transaction history database 26 (b) and challenge questions database 28 (c) may be the server 28 (a) communications. 发行商服务器28(a)、质询问题引擎28(a)-l、交易历史数据库26(b)、和质询问题数据库28(c) 能够以与支付处理网络服务器28(a)、质询问题引擎28(a)-l、交易历史数据库28(b)、和质询问题数据库28(c)相同的方式或不同的方式来操作。 Publisher server 28 (a), challenge question engine 28 (a) -l, transaction history database 26 (b), and challenge questions database 28 (c) is capable of and payment processing network server 28 (a), challenge question engine 28 (a) -l, transaction history database 28 (b), and challenge questions database 28 (c) in the same way or different ways to operate. 以上关于元件26(a)、 26(a)-l、 26(b)和26(c)的描述可以适用于元件28(a)、 28(a)-l、 28(b) 和28(c)。 Above with respect to elements 26 (a), 26 (a) -l, 26 (b) and 26 (c) may be applied to the described element 28 (a), 28 (a) -l, 28 (b) and 28 (c ).

本发明的各实施例不限于上述各实施例。 Embodiments of the present invention is not limited to the above embodiments. 例如,尽管为发行商、支付处理网络、和收单方示出单独的功能框,但某些实体执行这些功能的全部或任何合 For example, although the issuers, the payment processing network, and the acquirer shows separate functional blocks, some entities perform all or any combination of these functions

适的组合并可被包括在本发明的各实施例中。 Suitable compositions may be included in various embodiments of the present invention. 另外的组件也可被包括在本发明的各实施例中。 Additional components may also be included in the embodiment of the present invention.

图7示出计算机装置的典型组件或子系统。 Figure 7 shows a typical computer device components or subsystems. 这些组件或这些组件的任何子集可以存在于图1示出的各组件中,'包括接入设备34、服务器计算机26(a)、 28(a)等。 These components, or any subset of these components may be present in each of the components shown in FIG. 1, 'includes the access device 34, the server computer 26 (a), 28 (a) and the like. 图7中示出的各个子系统经由系统总线775来互连。 Figure 7 illustrates the various subsystems are interconnected via a system bus 775. 示出了诸如打印机774、键盘778、固定盘779、耦合到视频适配器782的监视器776等另外的子系统。 Shows such as a printer 774, keyboard 778, fixed disk 779, is coupled to another subsystem 776 monitors video adapter 782 and the like. 耦合到I/0控制器771的外围和输入/输出(I/O)设备可通过诸如串行端口777等本领域公知的任何数量的手段来连接到计算机系统。 To connect to the computer system and an input coupled to a peripheral I / 0 controller 771 / output (I / O) device by any number of means, such as a serial port 777 is known in the art. 例如,串行端口777或外部接口781可被用来将计算机装置连接到诸如因特网等广域网、鼠标输入设备、或扫描仪。 For example, a serial port 777 or external interface 781 may be used to connect a computer to the device wide area network such as the Internet, a mouse input device, or a scanner. 经由系统总线775的互连允许中央处理器773与每一子系统通信并控制来自系统存储器772或固定盘779的指令的执行以及各子系统之间的信息交换。 Allows the central processor 773 in communication with each subsystem interconnected via a system bus 775 and controls the exchange of information between various subsystems and performing an instruction from system memory 772 or fixed disk 779. 系统存储器772和/或固定盘779可以具体化为计算机可读介质。 The system memory 772 and / or the fixed disk 779 may be embodied as a computer-readable medium.

II.方法 II. Methods

可以参考图l和图4来描述根据本发明的各实施例的方法。 4 may be described with reference to various embodiments of the method of the present invention according to FIGS. L and FIG. 在典型的购买交易中,消费者30使用诸如信用卡等便携式消费者设备32在商家22处购买商品或服务。 In a typical purchase transaction, consumers use 32 30 22 purchase at the merchant for goods or services, such as credit cards and other portable consumer devices. 消费者的便携式消费者设备32可以与商家22处的诸如POS (销售点)终端等接入设备34进行交互(步骤102)。 The consumer's portable consumer device 32 can interact (step 102) such as a merchant at a POS access device 22 34 (point of sale) terminals. 例如,消费者30可以持信用卡并可以将其刷过POS终端中的适当的槽。 For example, the consumer 30 may hold a credit card and it may be appropriate brush grooves of the POS terminal. 另选地,POS终端可以是非接触式阅读器,且便携式消费者设备32可以是诸如非接触式卡片等非接触式设备。 Alternatively, POS terminal may be a contactless reader and the portable consumer device 32 may be a non-contact card, such as a non-contact type devices.

第一授权请求消息随后被转发给收单方24。 A first authorization request message is then forwarded to the acquirer 24. 在收单方24接收到该第一授权请求消息之后,该第一授权请求消息随后被发送到支付处理网络26 (步骤 After acquirer 24 receives authorization request message to the first, the first authorization request message is then sent to the payment processing network 26 (step

14104)。 14104). 该第一授权请求消息随后在支付处理网络服务器26(a)处被接收到并且支付处理网络服务器26(a)随后确定是否需要质询。 The first payment authorization request message is then processed in the network server 26 (a) is received at the server and the payment processing network 26 (a) then determines whether to challenge.

可以使用各种准则来确定是否需要质询。 You can use various criteria to determine whether a challenge. 例如,支付处理网络服务器26(a) 可以确定特定交易是高价值交易(例如,超过$1000)并且因此质询是适当的。 For example, payment processing network server 26 (a) can determine whether a particular transaction is a high-value transactions (for example, more than $ 1000) and therefore the question is appropriate. 在另一示例中,支付处理网络服务器26(a)可以确定对当前交易有某种怀疑并可以据此确定质询是适当的。 In another example, the payment processing network server 26 (a) may determine there is some doubt about the current transaction and can determine whether the question is appropriate. 例如,支付处理网络服务器26(a)可以确定便携式消费者设备32当前正在与消费者的家乡州不同的位置处被使用,并且消费者的最近购买历史显示该消费者未在旅行。 For example, payment processing network server 26 (a) may determine whether the portable consumer device 32 is currently at the consumer's home state different locations are used, and the consumer's recent history shows that consumers not to purchase travel.

一旦其确定对当前交易来说质询是适当的,则质询问题引擎26(a)-l随后可以读取(本地或远程)质询问题(步骤108)。 Once it determines the current question is appropriate for the transaction, the problem engine 26 (a) -l question may then read the (local or remote) challenge question (step 108). 在某些实施例中,质询问题引擎26(a)-l可以从质询问题数据库26(c)中检索问题。 In certain embodiments, the challenge question engine 26 (a) -l can 26 (c) in question issues from the database retrieval problems.

在该点处,并非向发行商26发送第一授权请求消息,支付处理网络26经由商家22和收单方24将第一授权响应消息发回接入设备34 (步骤110)。 At this point, 26 is not transmitted to the issuer of the first authorization request message, the payment processing network 26 authorization response message 24 back to the first access device 34 (step 110) and the merchant 22 via the acquirer. 第一授权响应消息可以包含表示质询问题引擎26(a)-l先前所获得的质询请求的数据。 The first authorization response message may contain data requested challenge challenge question engine 26 (a) -l previously obtained representation. 该质询请求可以是由后端所发送的质询问题,或是对接入设备的、基于接入设备中一组预加载的问题发出质询的命令。 The challenge request can be sent by the challenge questions rear end, or the access device issues challenges based access device issues a set of pre-loaded command. 该第一授权响应消息可被表征为初步谢绝,因为其未指示批准交易。 The first authorization response message may be characterized as a preliminary declined, because it does not indicate approval of the transaction.

一旦在接入设备34处接收到该质询问题,则消费者30向接入设备34提供质询响应。 Upon receiving the challenge question at the access device 34, the consumer 30 provides access to the device 34 in response to a challenge. 可以用任何合适的方式将质询响应提供给接入设备34 (例如,通过小键盘、非接触式阅读器等)。 It may be used in any suitable manner to provide a challenge response access device 34 (e.g., via a keypad, a non-contact reader, etc.). 一旦接入设备34接收到该质询响应,则接入设备34随后经由商家22和收单方24将该质询响应转发到支付处理网络服务器26(a),并且其被它们所接收(步骤122)。 Once the access device 34 receives the challenge response, the access device 34 is then forwarded via merchant acquirer 22 and 24 in response to the challenge to a payment processing network server 26 (a), and it is they are received (step 122). 该质询响应(或质询和响应或质询指针和响应)消息可以是第二授权请求消息的一部分。 The challenge response (or challenge and response or challenge and response pointer) message may be a part of the second authorization request message.

支付处理网络服务器26(a)随后确认该质询响应消息(步骤114)。 Payment processing network server 26 (a) then confirms that the challenge response message (step 114). 如果该质询响应消息未被确认,则支付处理网络服务器26(a)可以向接入设备34发回指示该交易未被批准的响应消息。 If the challenge response message is not acknowledged, then the payment processing network server 26 (a) can send back a response message indicating that the transaction is not approved to the access device 34. 另选地或另外地,支付处理网络服务器26(a) 可以向接入设备34发送另一质询问题。 Alternatively or additionally, the payment processing network server 26 (a) may send another access device 34 to issue a challenge. 另一方面,如果该质询被确认,则支付处理网络服务器26(a)可以向发行商28发送第二授权请求消息(步骤116), 以及消费者30已满足支付处理网络26所提出的任何质询的指示。 On the other hand, if the challenge is confirmed, the payment processing network server 26 (a) may send a second authorization request message to the issuer 28 (step 116), and consumer meet any challenge 30 has been raised by the payment processing network 26 instructions.

在发行商28接收到该第二授权请求后,发行商28使用发行商服务器28(a) 来确定该交易是被授权的还是不被授权的(步骤118)。 After the publisher 28 receives the second authorization request, issuer 28 using the issuer server 28 (a) to determine whether the transaction is authorized or not authorized (step 118). 该交易可以因为消费者30没有足够的资金或信用额度而不被授权。 The transaction may be because consumers 30 do not have enough funds or credit line without being authorized. 如果消费者30拥有足够的资金 If consumers have enough funds 30

或信用额度,则发行商28随后可以经由支付处理网络26、收单方24和商家22向接入设备34发回指示该交易被授权的第二授权响应消息(步骤122)。 Or credit, the issuer 28 may then be via a payment processing network 26, merchant acquirer 24 and 22 back to the access device 34 indicates that the transaction is authorized second authorization response message (step 122).

在结帐时,交易处理系统26可以进行正常的清算和结算过程。 At checkout, transaction processing system 26 can be a normal clearing and settlement process. 清算过程是在收单方和发行商之间交换金融明细以便于向消费者的帐户过帐和与消费者的结算位置对帐的过程。 Liquidation process between the acquirer and the issuer exchange financial details to facilitate the posting and settlement position with consumers reconciliation process to the consumer's account. 清算和结算可以同时发生。 Clearing and settlement can take place simultaneously.

多个替换实施例也是可能的。 A plurality of alternative embodiments are also possible. 例如,发行商28可以生成质询问题,并且除了或取代支付处理网络26,可以将其发送给消费者30。 For example, publishers can generate 28 challenge questions, and in addition to or substitution payment processing network 26, can be sent to the consumer 30. 发行商28所操作的质询问题引擎28(b)-l、交易历史数据库28(b)、以及质询问题数据库26(c)可以用与上述由支付处理网络26所操作的质询问题引擎26(b)-l、交易历史数据库26(b)、以及质询问题数据库26(c)相同或不同的方式使用。 Publisher 28 operated challenge question engine 28 (b) -l, transaction history database 28 (b), and the challenge question database 26 (c) can be a problem with the engine to the question by the payment processing network 26 operations 26 (b using the same or different) -l, transaction history database 26 (b), and the challenge question database 26 (c) of the way.

在上述各实施例中,有两个授权请求消息被发送给支付处理网络26 (和/ 或发行商28)。 In the above embodiments, there are two authorization request message is sent to the payment processing network 26 (and / or distributor 28). 这是合乎需要的,因为现有支付处理网络具有在支付授权过程期间在接入设备34和发行商28之间的各点处设置的"计时器"。 This is desirable because the existing payment processing network having a "timer" is set at the device 34 and the access points between the publisher 28 during the payment authorization process. 该计时器对支付授权过程期间各事件应当发生多长时间进行计时。 The timer during the payment authorization process for how long each event should be timed to occur. 该计时器在收单方24、 支付处理网络26和发行商28处可被设置和实现为计算机代码。 The timer 24 acquirer, issuer 26 and 28 may be implemented as computer code set and a payment processing network. 例如,收单方24、支付处理网络26、和发行商28处的计时器可被相应地设置为3秒、6秒、 和10秒。 For example, the acquirer 24, a payment processing network 26, and a timer at the issuer 28 may be appropriately set to 3 seconds, 6 seconds, and 10 seconds. 如果未在这些相应的时间内接收到授权请求消息,则某些事件可被触发。 If the authorization request message is not received within the corresponding time, some events may be triggered. 例如,如果10秒内在发行商28处未接收到授权请求消息,则错误消息可被发回接入设备34,要求商家22重新提交授权请求消息。 For example, if the issuer within 10 seconds at 28 is not receiving the authorization request message, the error message may be sent back to the access device 34, 22 required to resubmit merchant authorization request message. 如果在授权过程期间质询请求被创建并在该授权请求消息到达发行商28之前,则发行商的计时器可以触发指示已发生错误的事件。 If during the authorization process challenge request is created and the authorization request message before it reaches 28, the publisher publishers timer can be triggered to indicate an error event has occurred. 在单个授权过程期间创建质询请求和响应可能与支付系统中预存在的计时器相冲突。 Create a challenge request and response during a single authorization process may conflict with pre-existing payment system timer.

通过在两个单独的授权过程中使用至少两个授权请求消息,上述计时器有利地未受影响。 By using at least two authorization request message in two separate authorization process, the timer is advantageously unaffected. 计时器不必被改变来向消费者30发送质询问题。 The timer does not have to be altered to challenge questions sent to consumers 30. 这允许本发明的各实施例与现有支付基础结构一起使用且在本发明的各实施例中无需做广泛的改变。 This allows the various embodiments of the present invention used with existing payment infrastructure and, in various embodiments of the present invention do not need extensive change. 作为比较,如果在支付授权过程期间发生使用单个授权请求消息的质询问题检索,则其可能延迟该授权请求消息并可能使对支付处理系统中存在的计时器的改变成为必要。 As a comparison, if the challenge question single authorization request message occurs during the process of retrieving payment authorization, it may delay the authorization request message can make changes to the existing payment processing system timer becomes necessary.

该至少两个授权请求消息可以具有诸如BIN (银行标识号)、交易金额、 帐号、服务代码等信息。 At least two of the authorization request message may have information such as BIN (Bank Identification Number), transaction amount, account number, service codes. 其还可以包含关于正在进行的交易的同一交易金额和/或不同的交易金额。 It may also contain the same amount of the transaction and / or a different amount of the transaction on ongoing transactions. 例如,第一授权请求消息可以具有实际的交易金额,而第二授权请求消息可以具有0美元金额或其它标识符以指示具有交易金额的先前授权请求已被提交。 For example, a first authorization request message may have an actual transaction amount, and the second authorization request message may have a dollar value 0 or other identifier to indicate that the transaction amount has previously authorized the request has been submitted. 在某些实施例中,可使用交易代码来链接第一和第二授权请求。 In certain embodiments, the transaction code may be used to link the first and second authorization request.

参考图4所描述的方法可被表征为"暗渠(closed channel)"过程,因为接入设备34接收质询问题并提供对该质询问题的响应。 The method described with reference to FIG. 4 may be characterized as "underdrain (closed channel)" process, since the access device 34 receives the challenge questions and provide responses to the challenge question. 然而,本发明的其它实施例可以使用明渠(open channel)解决方案,藉此质询问题可被发送给除了发送第一授权响应消息的接入设备之外的设备。 However, other embodiments of the present invention may be used in open channels (open channel) solution, whereby the challenge questions may be sent to devices other than the first transmission authorization response message access device.

可参考图1和图5来描述根据本发明的各实施例的明渠方法的示例。 Example 1 may be described with reference to FIG. 5 and FIG open channel in accordance with various embodiments of the method of the embodiment of the present invention. 在典型的购买交易中,消费者30使用诸如信用卡等便携式消费者设备32在商家22 处购买商品或服务。 In a typical purchase transaction, consumers use 32 30 22 purchase at the merchant for goods or services, such as credit cards and other portable consumer devices. 消费者的便携式消费者设备32可以与商家22处的诸如POS (销售点)终端等接入设备34进行交互(步骤202)。 The consumer's portable consumer device 32 can interact (step 202) such as a merchant at a POS access device 22 34 (point of sale) terminals. 例如,消费者30可以持信用卡并可以将其刷过POS终端中的适当的槽。 For example, the consumer 30 may hold a credit card and it may be appropriate brush grooves of the POS terminal. 另选地,POS终端可以是非接触式阅读器,且便携式消费者设备32可以是诸如非接触式卡片等非接触式设备。 Alternatively, POS terminal may be a contactless reader and the portable consumer device 32 may be a non-contact card, such as a non-contact type devices.

第一授权请求消息随后被转发给收单方24。 A first authorization request message is then forwarded to the acquirer 24. 在接收到该第一授权请求消息之后,该第一授权请求消息随后被发送到支付处理网络26 (204)。 After receiving the first authorization request message, the first authorization request message is then sent to the payment processing network 26 (204). 该第一授权请求消息在支付处理网络服务器26(a)处被接收到并且支付处理网络服务器26(a)随后确定是否需要质询。 The first authorization request message (a) is received at a payment processing network server 26 and a payment processing network server 26 (a) then determines whether to challenge.

可以使用各种准则来确定是否需要质询。 You can use various criteria to determine whether a challenge. 例如,支付处理网络服务器26(a) 可以确定特定交易是高价值交易(例如,超过$1000)并且因此质询是适当的。 For example, payment processing network server 26 (a) can determine whether a particular transaction is a high-value transactions (for example, more than $ 1000) and therefore the question is appropriate. 在另一示例中,支付处理网络服务器26(a)可以确定对当前交易有某种怀疑并可以据此确定质询是适当的。 In another example, the payment processing network server 26 (a) may determine there is some doubt about the current transaction and can determine whether the question is appropriate.

一旦其确定对当前交易来说质询是适当的,则质询问题引擎26(a)-l随后可以读取(本地或远程)质询问题(步骤208)。 Once it determines the current question is appropriate for the transaction, the problem engine 26 (a) -l question may then read the (local or remote) challenge question (step 208). 在某些实施例中,质询问题引擎26(a)-l可以从质询问题数据库26(c)中检索问题。 In certain embodiments, the challenge question engine 26 (a) -l can 26 (c) in question issues from the database retrieval problems.

并非向发行商26发送第一授权请求消息,且并非将第一授权响应消息发回接入设备34,支付处理网络26将第一授权响应消息发回消费者的移动电话34 (步骤210)或其它类型的接入设备。 26 is not transmitted to the issuer of the first authorization request message, and not the first authorization response message back to the access device 34, a first payment processing network 26 authorization response message back to the consumer's mobile phone 34 (step 210), or other types of access devices. 该第一授权响应消息可被发回消费者的移动电话34。 The first authorization response message may be sent back to the consumer's mobile phone 34. 这可直接或通过某一中间实体来完成。 This may be accomplished directly or by some intermediate entity. 第一授权响应消息可以包含表示先前由质询问题引擎26(a)-l所获得的质询请求的数据。 The first authorization response message may contain data previously requested by the challenge challenge question engine 26 (a) -l obtained is represented. 该第一授权响应消息可被表征为初步谢绝,因为其未指示批准交易。 The first authorization response message may be characterized as a preliminary declined, because it does not indicate approval of the transaction.

一旦在移动电话34处接收到该质询问题,则消费者30向接入设备34提供质询响应(步骤212)。 Upon receiving the challenge question mobile phone 34, the consumer 30 provides challenge response (step 212) to the access device 34. 接入设备34随后经由商家22和收单方24将该质询响应转发到支付处理网络服务器26(a),并且其被它们所接收(步骤214)。 The access device 34 acquirer 24 then forwards the challenge response to the payment processing network server 26 (a) and 22 received via the merchant, and it is that they are received (step 214). 质询响应消息可以是第二授权响应消息的一部分。 Challenge response message may be a part of the second authorization response message.

注意,虽然参考图5详细地描述了用户主动地回答的质询问题,但其它类型的质询请求也可被发送到移动电话34。 Note that, although described with reference to FIG user actively challenge questions answered in detail, other types of challenge request may also be sent to the mobile phone 34. 例如,在某些情况下,质询请求可能不要求消费者30主动地提供的回答。 For example, in some cases, a request may not be required to answer the question 30 the consumer actively provided. 可以提供对质询请求的被动回答。 It can provide passive answers to interrogatories request. 例如, 在某些实施例中,被提供给移动电话34的质询请求可以是关于移动电话34的物理位置的查询。 For example, in certain embodiments, is provided to the mobile phone 34 may be a challenge request query about the physical location of the mobile phone 34. 移动电话34可以具有GPS设备或其它定位设备并且该信息(或诸如密码等其它信息)可被发送到支付处理网络26,且支付处理网络26 可以使用该位置信息来认证消费者34。 Mobile phone 34 may have a GPS or other positioning device and the device (or other information such as a password, etc.) This information may be sent to the payment processing network 26, and the payment processing network 26 may use the position information to authenticate the consumer 34.

一旦支付处理网络服务器26(a)接收到质询响应消息,则支付处理网络服务器26(a)随后确认该质询响应消息(步骤216)。 26 (a) Once the payment processing network server receives the challenge response message, then the payment processing network server 26 (a) then confirms that the challenge response message (step 216). 如果该质询响应消息未被确认, 则支付处理网络服务器26(a)可以向接入设备34发回指示该交易未被批准的响应消息。 If the challenge response message is not acknowledged, then the payment processing network server 26 (a) can send back a response message indicating that the transaction is not approved to the access device 34. 另选地或另外地,支付处理网络服务器26(a)可以向接入设备34禾口/ 或移动电话34发送另一质询消息。 Alternatively or additionally, the payment processing network server 26 (a) may further send a challenge message to the access port device 34 Wo / 34 or a mobile phone. 另一方面,如果该质询被确认,则支付处理网络服务器26(a)随后可以向发行商28发送第二授权请求消息(步骤218), 以及消费者30已满足支付处理网络26所提出的任何质询的指示。 On the other hand, if the challenge is confirmed, the payment processing network server 26 (a) may then send the second authorization request message to the issuer 28 (step 218), and consumer payment processing network 30 have been proposed to meet any 26 indication question.

在发行商28接收到该第二授权请求后,发行商28使用发行商服务器28(a) 来确定该交易是被授权的还是不被授权的(步骤220)。 After the publisher 28 receives the second authorization request, issuer 28 using the issuer server 28 (a) to determine whether the transaction is authorized or not authorized (step 220). 该交易可以因为消费者30不具有足够的资金或信用额度而不被授权。 The transaction may be because consumers 30 does not have sufficient funds or credit line without being authorized. 如果消费者30拥有足够的资金或信用额度,则发行商28随后可以经由支付处理网络26、收单方24和商家22向接入设备34发回指示该交易被授权的第二授权响应消息(步骤222)。 30 If consumers have sufficient funds or credit limit, the issuer 28 may then 26 via a payment processing network, the merchant acquirer 24 and 22 back to the second indication is authorized to authorize the transaction response message to the access device 34 (step 222).

在结账时,交易处理系统26可以进行正常的清算和结算过程。 At checkout, the transaction processing system 26 can be a normal clearing and settlement process. 清算过程是在收单方和发行商之间交换金融明细以便于向消费者的帐户过帐和与消费者的结算位置对帐的过程。 Liquidation process between the acquirer and the issuer exchange financial details to facilitate the posting and settlement position with consumers reconciliation process to the consumer's account. 清算和结算可以同时发生。 Clearing and settlement can take place simultaneously. ,

多个替换实施例也是可能的。 A plurality of alternative embodiments are also possible. 例如,发行商28可以生成质询问题,并且除了或取代支付处理网络26,可以将其发送给移动电话34。 For example, issuer 28 may generate a challenge question, and in addition to the payment processing network 26 or substituted, can be sent to the mobile phone 34. 发行商28所操作的质询问题引擎28(b)-l、交易历史数据库28(b)、以及质询问题数据库26(c)可以用与上述由支付处理网络26所操作的质询问题引擎26(b)-l、交易历史数据库26(b)、以及质询问题数据库26(c)相同或不同的方式使用。 Publisher 28 operated challenge question engine 28 (b) -l, transaction history database 28 (b), and the challenge question database 26 (c) can be a problem with the engine to the question by the payment processing network 26 operations 26 (b using the same or different) -l, transaction history database 26 (b), and the challenge question database 26 (c) of the way.

在另一实施例中,取代发送质询问题,支付处理网络服务器26(a)可以向消费者的移动电话34发送电子优惠券。 In another embodiment, the substituted transmitted challenge questions, the payment processing network server 26 (a) may send the electronic coupon to a consumer's mobile phone 34. 支付处理网络26可以确定质询是适当的并可以向电话34发送该电子优惠券。 The payment processing network 26 may be appropriate to determine the question and may send the electronic coupons to phone 34. 在接收到该电子优惠券后,消费者随后可以被提示来在接入设备34处使用该优惠券。 Upon receiving the electronic coupon, then the consumer may be prompted to use the coupon 34 at the access device. 如果消费者30在接入设备34 处使用该优惠券,则接入设备34向支付处理网络26转发该优惠券,并且支付处理网络26对该优惠券的接收指示消费者30被认证。 If the consumer 30 using the coupon 34 at the access device, the access device 34 to forward the coupon to the payment processing network 26, and 26 receive an indication of the payment coupon processing consumer network 30 are authenticated. 认为消费者30是可信的,因为不可信的消费者将不能拥有消费者的电话34。 30 is that consumers credible, not credible because consumers will not have the consumer's phone 34.

III.交易认证 III. Transaction certification

上述质询认证过程是用于认证消费者的过程且可以是较大的总体"交易认证"过程的一部分。 To the question certification process is a process used to authenticate the consumer and may be part of a larger overall "transaction authentication" process.

图6示出概念性框图110,购买交易的认证可以具有各个方面。 Figure 6 shows a conceptual block diagram 110, the authentication purchase transaction may have various aspects. 这些方面包括便携式消费者设备认证100(a)、消费者认证100(b)、包括实时风险分析的后端处理100(c)、以及购买交易的消费者通知100(d)。 These include portable consumer device authentication 100 (a), Consumer Authentication 100 (b), including back-end real-time risk analysis process 100 (c), as well as purchases of consumer notification 100 (d).

便携式消费者设备认证涉及对便携式消费者设备的认证。 Portable consumer device authentication involving authentication of the portable consumer device. 即,在便携式消费者设备认证过程中,作出关于在该购买交易中被使用的便携式消费者设备是可信的便携式消费者设备或假冒的便携式消费者设备的判定。 That is, in the portable consumer device certification process, make portable consumer device to be used on the purchase transaction is to determine the credibility of portable consumer devices or counterfeit portable consumer devices. 用于改进对便携式消费者设备的认证的具体示例性技术包括- For improving the authentication of the portable consumer device comprises a specific exemplary technique -

•便携式消费者设备上的诸如磁条卡等动态CVV *卡片安全特征(现有的和新的) *非接触式芯片(限制使用) •磁条标识 * Dynamic security feature cards such as magnetic stripe card, the CVV and the like on the portable consumer device • (existing and new) * contactless chip (restricted) • identifying a magnetic strip

*卡片校验值(CVV禾B CVV2) •接触式EMV芯片 * Card check value (CVV Wo B CVV2) • EMV Contactless chip

消费者认证涉及关于进行交易的人实际上是否是便携式消费者设备的所有者或授权用户的判定。 Certification involves consumers who trade on the fact whether the owner or authorized user of the portable consumer device determination. 传统的消费者认证过程由商家来进行。 Traditional consumer certification process carried out by the merchant. 例如,在与信用卡持卡人进行商业交易之前,商家可以请求查看该信用卡持卡人的驾驶执照。 For example, before transacting business with a credit card holders, merchants can request to see the credit card holder's driver's license. 认证消费者的其它方式将是合乎需要的,因为在商家处的消费者认证并非在每种情况下都发生。 Certified consumer would otherwise be desirable, because not all occur in each case in the consumer certified merchants at. 改进消费者认证过程的可能的方法的具体示例至少包括以下: Specific examples of possible ways to improve consumer authentication process includes at least the following:

•基于知识的质询响应*硬件令牌(多解决方案选项) •OTP (—次性口令,限制使用) • Knowledge-based challenge response * hardware token (multi-solution options) • OTP (--time password to restrict the use)

•AVS (不作为独立的解决方案) • AVS (not as a stand-alone solution)

*签名 *signature

,软件令牌 Software Token

•PIN (在线/离线) *用户ID/口令 • PIN (online / offline) * user ID / password

•双渠道认证过程(例如,经由电话) -生物测量 • Two-channel authentication process (for example, via telephone) - Biometric

后端处理涉及可以发生在发行商或支付处理网络或其它非商家位置处的处理。 Back-end processing involved in the process or may occur at the publisher or other non-business payment processing network location. 可在支付交易的"后端"处执行各种过程以帮助确保正在进行的任何交易都是可信的。 You can perform various processes payment transactions "back-end" office to help ensure that any ongoing transactions are credible. 后端处理还可以防止不应被授权的交易,并可以允许应被授权的交易。 It can also prevent back-end processing should not be authorized transactions, and may be allowed to authorize transactions.

最后,消费者通知是交易认证的另一方面。 Finally, the consumer transaction notice is certified on the other hand. 在某些情况下,可以通知消费者购买交易正在发生或已经发生。 In some cases, you can notify the consumer purchase transaction is occurring or has occurred. 如果消费者被通知(例如,经由蜂窝电话) 正使用其便携式消费者设备发生交易,并且该消费者实际上未在进行该交易, If the consumer is notified (eg, via a cellular phone) is using its portable consumer transaction device, and that the consumer is not actually conducting the transaction,

则可以采取适当的步骤来防止交易的发生。 You can take appropriate steps to prevent the occurrence of the transaction. 消费者通知过程的具体示例包括: Specific examples of consumer notification process include:

•经由SMS的购买通知•经由电子邮件的购买通知*通过电话的购买通知 • purchase via SMS notification • purchase via e-mail notification via telephone purchase notice *

关于上述各方面的某一些的其它细节在2006年6月19日提交的美国临时专利申i青60/815,059号、2006年6月20日提交的美国临时专利申i青60/815,430 号、和2007年1月9日提交的美国临时专利申请60/884,089号中描述,这些临时申请出于所有目的通过整体引用结合于此。 Further details on some of these aspects in US Provisional Patent June 19, 2006 filed application i green No. 60 / 815,059, US Provisional Patent June 20, 2006 filed application i green No. 60 / 815,430 , and US provisional Patent January 9, 2007, filed 60 / 884,089 No. description, for all purposes of these provisional applications are incorporated herein by reference in their entirety. 各具体方面的具体细节能够以 Specific details of the specific aspects can

20任何合适的方式相组合而不背离本发明的各实施例的精神和范围。 20 combined in any suitable manner without departing from the spirit and scope of embodiments of the present invention. 例如,便携式消费者设备认证、消费者认证、后端处理、以及消费者交易通知全部都可被组合在本发明的某些实施例中。 For example, the portable consumer device authentication, the authentication consumer, post processing, and consumer transaction notification all of which may be combined in some embodiments of the present invention. 然而,本发明的其它实施例可针对涉及各单独方面的具体实施例,或这些单独方面的具体组合。 However, other embodiments of the present invention, or specific combinations of the individual aspects of these embodiments may be directed to specific aspects of the individual.

应当理解,如上所述,本发明能够以模块化或集成的方式使用计算机软件来以控制逻辑的形式实现。 It should be appreciated that, as described above, the present invention can be a modular or integrated manner be implemented using computer software in the form of control logic. 基于此处所提供的公开和示教,本领域普通技术人员将理解并认识到使用硬件和硬件和软件的组合来实现本发明的其它方式和/ 或方法。 Based on the disclosure and teachings provided herein, one of ordinary skill in the art will understand and appreciate that a combination of hardware and software and hardware to implement another embodiment of the present invention and / or methods.

在本申请中描述的任何软件组件或功能都可被实现为由处理器使用诸如, Any of the software components or functions described in this application can be implemented by a processor such use,

例如比如使用常规的或面向对象的技术的Java、 C++、或Perl等任何适当计算机语言来执行的软件代码。 Software code, etc., such as, for example, conventional or object-oriented techniques of Java, C ++, Perl, or in any suitable computer language execution. 软件代码可作为一系列指令或命令来存储在诸如随机存取存储器(RAM)、或只读存储器(ROM)、诸如硬盘或软盘等磁性介质、或诸如CD-ROM等光学介质等计算机可读介质上。 The software codes may be stored as a series of instructions or commands such as a random access memory (RAM), or read only memory (ROM), a flexible disk such as a hard disk or other magnetic media, such as CD-ROM or other optical media computer readable medium on. 任何这种计算机可读介质可驻留在单个计算装置之上或之内,并可存在于系统或网络内的不同计算装置之上或之内。 Any such computer readable medium may reside on or within a single computational apparatus, and may be present on the system or on different computing devices within the network or within.

以上说明书是说明性的而非限制性的。 The foregoing description is illustrative and not restrictive. 在本领域技术人员参看本公开之后,本发明的许多变型将变得显而易见。 After skilled in the art with reference to this disclosure, many variations of the invention will become apparent. 因此,本发明的范围不应当参照以上描述来确定,而是相反,应当参照所附权利要求以及其全部范围或等效方案来确定。 Accordingly, the scope of the invention should not be determined with reference to the above description, but should instead be reference to the appended claims and their full scope or equivalents determined.

来自任何实施例的一个或多个特征可以与任何其它实施例的一个或多个 One or more features from any embodiment may be any one or more of the other embodiments

特征相结合而不背离本发明的范围。 Wherein the combination without departing from the scope of the invention.

对"一"、"一个"或"该"的叙述旨在表示"一个或多个",除非有具 "A", "an" or "the" is intended to mean "one or more" unless there with

体地相反指示。 Body dictates otherwise. ' '

上述所有专利、专利申请、出版物、和描述出于所有目的通过整体引用结合于此。 All of the above patents, patent applications, publications, and described entirety for all purposes by reference herein. 它们都不被视为是现有技术。 They are not considered to be prior art.

Claims (31)

1. 一种方法,包括:接收与用便携式消费者设备进行交易的消费者相关联的授权请求消息;向所述消费者发送质询消息,其中所述质询消息是动态的或半动态的;从所述消费者接收质询响应消息;以及向所述消费者发送授权响应消息,其中所述授权响应消息指示所述交易是否被授权。 1. A method, comprising: receiving authorization of consumer transactions associated with the portable consumer device request message; sending a challenge message to the consumer, wherein said challenge message is dynamic or semi dynamic; from the consumer receives the challenge response message; and sending an authorization response message to the consumer, wherein the authorization response message indicating whether the transaction is authorized.
2. 如权利要求l所述的方法,其特征在于,所述便携式消费者设备是卡片或移动电话的形式。 2. A method as claimed in claim l, wherein the portable consumer device is in the form of a card or a mobile telephone.
3. 如权利要求l所述的方法,其特征在于,所述质询消息包括动态的问题。 L The method according to claim 2, wherein said challenge message includes a dynamic problem.
4. 如权利要求l所述的方法,其特征在于,所述质询问题是动态的, 并且使用所述消费者的交易历史来创建所述质询问题。 4. The method according to claim l, characterized in that the challenge is a dynamic problem, and using the customer transaction history to create the challenge question.
5. 如权利要求l所述的方法,其特征在于,所述授权请求消息是在支付处理网络处接收的,并且其中所述支付处理网络向所述消费者发送所述质询消息并从所述消费者接收所述质询响应消息,并且如果所述消费者提供正确的质询响应消息,贝'J:将所述授权请求消息转发到所述便携式消费者设备的发行商;以及在将所述授权响应消息发送给所述消费者之前,从所述发行商接收所述授权响应消息。 5. The method according to claim l, wherein the authorization request message is received at a payment processing network, wherein the payment processing network and transmits the challenge message to the consumer and from the consumer receives the challenge response message, and if a response message to the consumer to provide the correct question, Tony 'J: the authorization request message to the issuer of the portable consumer device; and the authorization before the response message to the consumer, from the issuer receives the authorization response message.
6. 如权利要求5所述的方法,其特征在于,所述交易涉及商家,并且其中所述授权响应消息通过由商家操作的接入设备发送给所述消费者。 6. The method according to claim 5, wherein the transaction involves the merchant, and wherein the authorization response message to the consumers access device operated by the merchant.
7. 如权利要求5所述的方法,其特征在于,所述交易涉及商家,并且其中所述授权响应消息被发送给所述便携式消费者设备。 7. The method according to claim 5, wherein the transaction involves the merchant, and wherein the authorization response message is transmitted to the portable consumer device.
8. 如权利要求l所述的方法,其特征在于,所述授权请求消息是在发行商处接收的,并且所述发行商将所述质询消息发送到所述消费者并从所述消费者接收所述质询响应消息,并且其中所述发行商在向所述消费者发送所述授权响应消息之前,还分析来自所述消费者的所述质询响应消息以确定所述消费者是否提供正确的质询响应消息。 8. The method according to claim l, wherein the authorization request message is received at the issuer, the issuer, and transmits the challenge message to the consumer and the consumer from receiving the challenge response message, and wherein the issuer prior to sending the authorization response message to the consumer, further analysis of the challenge response message from the consumer to determine whether the correct consumers challenge response message.
9. 如权利要求l所述的方法,其特征在于,所述质询消息包括动态的问题,并且使用所述消费者的位置来创建所述质询消息。 9. The method according to claim l, wherein said challenge message includes a dynamic problem, and creates the challenge message using the location consumer.
10. —种计算机可读介质,包括: 用于执行如权利要求1所述的方法的代码。 10. - computer readable medium comprising: code for performing a method as claimed in claim 1.
11. 一种包括如权利要求io所述的计算机可读介质的服务器计算机。 Io claim 11. A computer server comprising a computer-readable medium as claimed in claim.
12. —种包括如权利要求11所述的服务器计算机的系统。 12. - kind of a system including a server computer as claimed in claim 11.
13. —种系统,包括:用于接收与用便携式消费者设备进行交易的消费者相关联的授权请求消息的装置;用于向所述消费者发送质询消息的装置,其中所述质询问题是动态的或半动态的;用于从所述消费者接收质询响应消息的装置;以及用于向所述消费者发送授权响应消息的装置,其中所述授权响应消息指示所述交易是否被授权。 13. - such systems, comprising: means for receiving authorization of consumer transaction device associated with the request message portable consumer device; means for sending a challenge message to the consumer, in which the challenge is the problem dynamic or semi-dynamic; means for receiving a challenge response from the consumer message; and means for transmitting the authorization response message to the consumer, wherein the authorization response message indicating whether the transaction is authorized.
14. 一种方法,包括:发起授权请求消息,其中所述授权请求消息与用便携式消费者设备进行交易的消费者相关联并且被发送给与所述便携式消费者设备相关联的发行商;接收质询消息,其中所述质询消息是动态的或半动态的; 发起质询响应消息,其中所述质询响应消息是响应于所述质询消息的;以及接收授权响应消息,其中所述授权响应消息指示所述交易是否被授权。 14. A method comprising: initiating an authorization request message, wherein the authorization request message transactions associated with the consumer with a portable consumer device and transmitted to the issuer of the portable consumer device is associated administered; receiving the challenge message, wherein said challenge message is dynamic or semi dynamic; initiating challenge response message, wherein the challenge response message is a response to the challenge message; and in response to receiving the authorization message, wherein the authorization response message indicating It said the transaction is authorized.
15. 如权利要求14所述的方法,其特征在于,所述授权请求消息和所述质询问题是由作为交易的一方的商家或所述消费者的至少一方来发起的。 15. The method according to claim 14, wherein the authorization request message is a problem and the challenge or at least one of the consumer as a merchant transaction initiated by one.
16. —种计算机可读介质,包括:用于发起授权请求消息的代码,其中所述授权请求消息与用便携式消费者设备进行交易的消费者相关联并且被发送给与所述便携式消费者设备相关联的发行商;用于接收质询消息的代码,其中所述质询消息是动态的或半动态的; 用于发起质询响应消息的代码,其中所述质询响应消息是响应于所述质询消息的;以及用于接收授权响应消息的代码,其中所述授权响应消息指示所述交易是否被授权。 16. - computer readable medium, comprising: codes for initiating an authorization request message, wherein the message transactions associated with the consumer with a portable consumer device transmits the authorization request and is given to the portable consumer device associated with the issuer; challenge code for receiving a message, wherein said challenge message is dynamic or semi dynamic; the code for initiating a challenge response message, wherein the challenge response message is a response to the challenge message, ; and means for receiving a response code authorization message, wherein the authorization response message indicating whether the transaction is authorized.
17. —种包括如权利要求16所述的计算机可读介质的电话。 17. - species comprising a computer-readable medium of claim 16 as claimed in claim phone.
18. —种系统,包括:用于发起授权请求消息的装置,其中所述授权请求消息与用便携式消费者设备进行交易的消费者相关联并且被发送给与所述便携式消费者设备相关联的发行商;用于接收质询消息的装置,其中所述质询消息是动态的或半动态的; 用于发起质询响应消息的装置,其中所述质询响应消息是响应于所述质询消息的;以及—用于接收授权响应消息的装置,其中所述授权响应消息指示所述交易是否被授权。 18. - such systems, comprising: means for initiating authorization request message, wherein the authorization request message consumer transactions associated with the portable consumer device and transmitted with the given portable consumer device associated issuer; means for receiving a challenge message, wherein said challenge message is dynamic or semi dynamic; means for initiating a challenge response message, wherein the challenge response message is a response to the challenge message; and - means for receiving an authorization response message, wherein the authorization response message indicating whether the transaction is authorized.
19. 一种认证方法,包括:在发行商处接收从接入设备发送的授权请求消息;以及响应于接收到所述授权请求,在授权交易之前向所述消费者提供一个或多个动态质询问题。 19. An authentication method, comprising: receiving from the issuer of the license request message sent by the access device; and in response to receiving the authorization request, to provide one or more dynamic challenge to the consumer prior to authorizing the transaction problem.
20. 如权利要求19所述的方法,其特征在于,所述动态质询问题是由所述发行商生成的并且涉及消费者过去所进行的交易。 20. The method according to claim 19, wherein the dynamic challenge question is generated by the issuer and to consumer transactions conducted in the past.
21. —种计算机可读介质,包括:用于在发行商处接收从接入设备发送的授权请求消息的代码;以及用于在授权消费者所进行的交易之前向所述消费者提供一个或多个动态质询问题的代码。 21. - computer readable medium comprising: code for receiving a request message from a device authorized to access the issuer transmitted; and means for authorizing the transaction prior to a consumer for the consumer or to more dynamic code challenge questions.
22. —种方法,包括:接收与用便携式消费者设备进行交易的消费者相关联的第一授权请求消息;向所述消费者发送质询消息;接收包括质询响应消息的第二授权请求消息;以及发送授权响应消息,其中所述授权响应消息指示所述交易是否被授权。 22. The - method, comprising: receiving a first portable consumer device for use authorization of consumer transactions associated with the request message; sending a challenge message to the consumer; receiving a second challenge response message including the authorization request message; and transmitting authorization response message, wherein the authorization response message indicating whether the transaction is authorized.
23. 如权利要求22所述的方法,其特征在于,所述质询消息被发送给所述消费者操作的移动电话。 23. The method according to claim 22, wherein the challenge message is sent to the consumer to operate a mobile phone.
24. —种包括用于执行如权利要求22所述的方法的代码的计算机可读介质。 24. - species comprising code for performing a method as claimed in claim 22 a computer-readable medium.
25. —种包括如权利要求24所述的计算机可读介质的服务器。 25 - 24 of the kind comprising a computer-readable media server as claimed in claim.
26. —种方法,包括:发送与用便携式消费者设备进行交易的消费者相关联的第一授权请求消息;接收质询消息;发送包括质询响应消息的第二授权请求消息;以及接收授权响应消息,其中所述授权响应消息指示所述交易是否被授权。 26. The - method, comprising: transmitting first authorization and the consumer associated with the transaction request message to the portable consumer device; receiving a challenge message; transmitting the challenge response message includes a second authorization request message; and receiving the authorization response message wherein the authorization response message indicating whether the transaction is authorized.
27. 如权利要求26所述的方法,其特征在于,所述质询消息是在由所述消费者操作的移动电话处接收的,并且其中所述授权响应消息是在接入设备处接收的,其中所述接入设备包括销售点终端。 27. The method according to claim 26, wherein said challenge message being received by the mobile phone at a customer operated, and wherein the authorization response message is received at the access device, wherein said access device comprises a point of sale terminal.
28. 如权利要求26所述的方法,其特征在于,所述质询消息质询问题。 28. The method according to claim 26, wherein said challenge message challenge questions.
29. —种包括用于执行如权利要求26所述的方法的代码的计算机可读介质。 29. - species comprising code for performing a method as claimed in claim 26 in a computer-readable medium.
30. —种包括如权利要求29所述的计算机可读介质的销售点设备。 30. - species comprising a computer according to claim 29 as point of sale device-readable media.
31. 如权利要求22所述的方法,其特征耷于,所述质询消息是被动的且不要求所述消费者的主动响应。 31. The method according to claim 22, characterized in Da, the challenge message is passive and does not require an active response to the consumer.
CN 200780022874 2006-06-19 2007-06-15 Consumer authentication system and method CN101473344A (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US81505906P true 2006-06-19 2006-06-19
US60/815,059 2006-06-19
US60/815,430 2006-06-20
US60/884,089 2007-01-09

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710173504.7A CN106936587A (en) 2006-06-19 2007-06-15 Consumer authentication system and method

Publications (1)

Publication Number Publication Date
CN101473344A true CN101473344A (en) 2009-07-01

Family

ID=40829560

Family Applications (6)

Application Number Title Priority Date Filing Date
CN 200780022874 CN101473344A (en) 2006-06-19 2007-06-15 Consumer authentication system and method
CN201710173504.7A CN106936587A (en) 2006-06-19 2007-06-15 Consumer authentication system and method
CN200780022875.XA CN101485128B (en) 2006-06-19 2007-06-15 Portable consumer device authentication system
CN 200780029553 CN101502031B (en) 2006-06-19 2007-06-18 Verification error reduction system
CN201710270542.4A CN107067246A (en) 2006-06-19 2007-06-18 Transaction authentication using network
CN200780027259.3A CN101512957B (en) 2006-06-19 2007-06-18 The use of transaction authentication network

Family Applications After (5)

Application Number Title Priority Date Filing Date
CN201710173504.7A CN106936587A (en) 2006-06-19 2007-06-15 Consumer authentication system and method
CN200780022875.XA CN101485128B (en) 2006-06-19 2007-06-15 Portable consumer device authentication system
CN 200780029553 CN101502031B (en) 2006-06-19 2007-06-18 Verification error reduction system
CN201710270542.4A CN107067246A (en) 2006-06-19 2007-06-18 Transaction authentication using network
CN200780027259.3A CN101512957B (en) 2006-06-19 2007-06-18 The use of transaction authentication network

Country Status (1)

Country Link
CN (6) CN101473344A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103514536A (en) * 2012-06-28 2014-01-15 马克西姆综合产品公司 Secure payments with untrusted devices
CN104126189A (en) * 2012-07-16 2014-10-29 美新纳瑞私人有限公司 Authorization of transactions
CN105610865A (en) * 2016-02-18 2016-05-25 中国银联股份有限公司 Method and device for authenticating identity of user based on transaction data

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9105027B2 (en) 2009-05-15 2015-08-11 Visa International Service Association Verification of portable consumer device for secure services
US9038886B2 (en) 2009-05-15 2015-05-26 Visa International Service Association Verification of portable consumer devices
US8534564B2 (en) 2009-05-15 2013-09-17 Ayman Hammad Integration of verification tokens with mobile communication devices
US8893967B2 (en) 2009-05-15 2014-11-25 Visa International Service Association Secure Communication of payment information to merchants using a verification token
US9633351B2 (en) * 2009-11-05 2017-04-25 Visa International Service Association Encryption switch processing
AU2011237715B2 (en) * 2010-04-09 2014-12-18 Visa International Service Association System and method for securely validating transactions
CN103282929A (en) * 2010-12-23 2013-09-04 佩蒂安特股份有限公司 Mobile phone atm processing methods and systems
CN103503010B (en) * 2011-03-04 2017-12-29 维萨国际服务协会 Ability to pay combined elements of a computer security
US9536112B2 (en) 2011-06-13 2017-01-03 Stmicroelectronics Asia Pacific Pte Ltd. Delaying or deterring counterfeiting and/or cloning of a component
CN104137029B (en) * 2011-12-21 2018-02-23 美新纳瑞私人有限公司 Gesture-based device
CN104685519A (en) * 2012-08-30 2015-06-03 黄金富 Bank card accounting system with dynamic risk management and corresponding method
KR101316466B1 (en) * 2012-11-20 2013-10-08 신한카드 주식회사 Mobile transaction system using dynamic track 2 data and method using the same
KR101354388B1 (en) * 2012-12-12 2014-01-23 신한카드 주식회사 Generating method for one time code
DE102013201027A1 (en) * 2013-01-23 2014-07-24 Bundesdruckerei Gmbh A method for authentication of a user with respect to an automatic
CN105612543A (en) * 2013-08-08 2016-05-25 维萨国际服务协会 Methods and systems for provisioning mobile devices with payment credentials
CN104639517A (en) * 2013-11-15 2015-05-20 阿里巴巴集团控股有限公司 Method and device for verifying identities by aid of human body biological characteristics
US20160321627A1 (en) * 2015-04-29 2016-11-03 Ncr Corporation Biometric authentication of pre-staged self-service terminal transactions
CN108647970A (en) * 2017-10-23 2018-10-12 福州领头虎软件有限公司 Efficient verification method and system for electronic evidence

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5163097A (en) * 1991-08-07 1992-11-10 Dynamicserve, Ltd. Method and apparatus for providing secure access to a limited access system
US5577121A (en) * 1994-06-09 1996-11-19 Electronic Payment Services, Inc. Transaction system for integrated circuit cards
US6850916B1 (en) * 1998-04-27 2005-02-01 Esignx Corporation Portable electronic charge and authorization devices and methods therefor
US6980660B1 (en) * 1999-05-21 2005-12-27 International Business Machines Corporation Method and apparatus for efficiently initializing mobile wireless devices
CA2418096A1 (en) * 2000-06-28 2002-01-03 Patentek, Inc. Method and system of securely collecting, storing, and transmitting information
US6816058B2 (en) * 2001-04-26 2004-11-09 Mcgregor Christopher M Bio-metric smart card, bio-metric smart card reader and method of use
CN1435985A (en) * 2002-01-30 2003-08-13 鸿联九五信息产业股份有限公司 Dynamic cipher safety system and dynamic cipher generating method
CN1508746A (en) * 2002-12-18 2004-06-30 薛永嘉 Personal identity information integrating apparatus

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103514536A (en) * 2012-06-28 2014-01-15 马克西姆综合产品公司 Secure payments with untrusted devices
US9858560B2 (en) 2012-06-28 2018-01-02 Maxim Integrated Products, Inc. Secure payments with untrusted devices
CN104126189A (en) * 2012-07-16 2014-10-29 美新纳瑞私人有限公司 Authorization of transactions
CN105610865A (en) * 2016-02-18 2016-05-25 中国银联股份有限公司 Method and device for authenticating identity of user based on transaction data
WO2017140190A1 (en) * 2016-02-18 2017-08-24 中国银联股份有限公司 Method and device for authenticating user identity based on transaction data

Also Published As

Publication number Publication date
CN101512957B (en) 2017-12-29
CN106936587A (en) 2017-07-07
CN101502031A (en) 2009-08-05
CN101502031B (en) 2013-02-27
CN101512957A (en) 2009-08-19
CN101485128B (en) 2016-08-03
CN107067246A (en) 2017-08-18
CN101485128A (en) 2009-07-15

Similar Documents

Publication Publication Date Title
US8566239B2 (en) Mobile commerce systems and methods
US8645971B2 (en) Real-time balance updates
US7848980B2 (en) Mobile payment system and method using alias
JP4399137B2 (en) Electronic payment system, payment system and terminal
AU2008268407B2 (en) Seeding challenges for payment transactions
KR101762389B1 (en) Transaction authentication using network
US8745166B2 (en) Gateway service platform
US8469277B2 (en) Methods, systems and computer program products for wireless payment transactions
US10102518B2 (en) Enrollment and registration of a device in a mobile commerce system
AU2008243004B2 (en) Method and system for authenticating a party to a transaction
AU2008316613C1 (en) Payment transaction using mobile phone as relay
US20180268404A1 (en) Remote variable authentication processing
US9530125B2 (en) Method and system for secure mobile payment transactions
US8504475B2 (en) Systems and methods for enrolling users in a payment service
US9647855B2 (en) Mobile phone payment with disabling feature
US9741051B2 (en) Tokenization and third-party interaction
US8712912B2 (en) System and method for providing advice to consumer regarding a payment transaction
AU2007340018B2 (en) Mobile vending purchasing
AU2009292922B2 (en) Over the air update of payment transaction data stored in secure memory
AU2008268419B2 (en) Cardless challenge systems and methods
US8793192B2 (en) Device enrollment system and method
US20080120214A1 (en) Adaptive authentication options
AU2010246280B2 (en) System and method for providing consumer tip assistance as part of payment transaction
US7774076B2 (en) System and method for validation of transactions
US20120278155A1 (en) Using mix-media for payment authorization

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
RJ01