US20180357642A1 - User positive approval and authentication services (upaas) - Google Patents

User positive approval and authentication services (upaas) Download PDF

Info

Publication number
US20180357642A1
US20180357642A1 US16/106,518 US201816106518A US2018357642A1 US 20180357642 A1 US20180357642 A1 US 20180357642A1 US 201816106518 A US201816106518 A US 201816106518A US 2018357642 A1 US2018357642 A1 US 2018357642A1
Authority
US
United States
Prior art keywords
user
transaction
issuer
approval
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US16/106,518
Inventor
Branislav Sikljovan
Radosav Andric
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STANTON MANAGEMENT GROUP Inc
Original Assignee
STANTON MANAGEMENT GROUP Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STANTON MANAGEMENT GROUP Inc filed Critical STANTON MANAGEMENT GROUP Inc
Priority to US16/106,518 priority Critical patent/US20180357642A1/en
Assigned to STANTON MANAGEMENT GROUP, INC. reassignment STANTON MANAGEMENT GROUP, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ANDRIC, RADOSAV, SIKLJOVAN, BRANISLAV
Publication of US20180357642A1 publication Critical patent/US20180357642A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4015Transaction verification using location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the foundation of the invention was a realization of the existing problems and opportunities that emerging technologies are bringing along in the areas of transaction approval and User authentication for Retail Payment and Identification transactions.
  • the invention accounts for legacy or non-legacy real time processing systems providing transaction details captured at a POA to the Issuer Host through an Acquirer and when appropriate Network environment in the form of transaction authorization request.
  • the Transaction authorization request provides Payment or Identification Instrument ID (i.e. Primary Account Number), POA information (i.e. Accepter Name and Location) and Transaction Amount.
  • the invention introduces two components:
  • the invention externalizes User Authentication from a legacy POA, Acquiring and Network systems and enables Issuers of Retail Payment and Identification instruments with ability to positively authenticate Users of these instruments in real time in Issuer controlled environment without any involvement of POA, acquiring and network systems in User authentication.
  • the invention externalizes User transaction approval from a legacy POA and enables Issuers of Retail Payment and Identification instruments with ability to request a transaction approval from Users in real time after the Issuer receives authorization request for the transaction and before the Issuer approval is granted. As a result of this the invention makes the Issuer approval contingent to the User's approval ensuring non-repudiation of Issuer approved transactions.
  • the invention provides Users of Retail Payment and Identification instruments with the ability to review and approve or decline transaction and capture UVM on self controlled devices, thus decoupling Point of (Instrument) Acceptance from Point of Transaction Approval and Point of User Authentication, which effectively removes the line between User Present and User Not-Present transactions.
  • the invention ensures that the Payment Instrument information (i.e. Primary Account Number) and User Verification information (i.e. PIN) are neither captured nor processed together at any point of the transaction life cycle. This prevents the association of the Instrument and UVM information by anyone but the User and Issuer, thus reducing the possibility of creating and using the counterfeit instruments.
  • Payment Instrument information i.e. Primary Account Number
  • User Verification information i.e. PIN
  • FIG. 1 presents a process flow of the embodiment enabling transaction approvals to Users and User Authentication to Issuers of non-proprietary Card.
  • FIG. 2 presents a process flow of the embodiment enabling transaction approvals to Users and User Authentication to Issuers of non-proprietary Card Retail Payment Instruments in legacy Open Loop scenario where Issuer uses UPAAS for UVM verification.
  • FIG. 3 presents a process flow of the embodiment enabling transaction approval to Users and User Authentication to Issuers of proprietary Card Retail Payment Instruments in legacy Closed Loop scenario where Issuer uses UPAAS for UVM verification.
  • FIG. 4 presents a process flow of the embodiment enabling transaction approval to Users and User Authentication to Issuers of Card-less Retail Payment Instruments in legacy Open Loop scenario where Issuer uses UPAAS for UVM verification.
  • FIG. 5 presents a process flow of the embodiment enabling transaction approval to Users and User Authentication to Issuers of Card-less Retail Payment Instruments in legacy Closed Loop scenario where Issuer uses UPAAS for UVM verification.
  • FIG. 6 presents a process flow of the embodiment enabling transaction approval to Users and User Authentication to Issuers when Identification Instruments are used in legacy Closed Loop scenario where Issuer uses UPAAS for UVM verification.
  • Password is either entered by 111 or implicitly provided by 122 1258 125 verifies User Name & Password, checks 111 status and if valid sends Login Response to 122/establishes an open session and awaits for Approval Request from 116 2141 214 sends Authorization Request to 215 with appropriate 214 information, Transaction Amount and captured Card Information 2151 215 enriches Authorization Request with appropriate acquirer and merchant information and Forwards Authorization Request to 315 3151 315 identifies 116 based on PAN BIN and forwards Authorization Request to 116 1163 116 checks PAN provided in 3151 to determine if 111 is registered for UPAAS services and if yes sends Approval Request to 125 with PAN, 214 information and Transaction Amount 1253 125 identifies 122 using PAN, checks 122 status and if valid sends Approval Request to 122 1114 111 reviews 214 Name & Location, Transaction Amount as received in 1253 and displayed by 122 and confirms acceptance by entering P
  • Password is either entered by 111 or implicitly provided by 122 1258 125 verifies User Name & Password, checks 111 status and if valid sends Login Response to 122/establishes an open session and awaits for Approval Request from 116 2141 214 sends Authorization Request to 215 with appropriate 214 information, Transaction Amount and captured Card Information 2151 215 enriches Authorization Request with appropriate acquirer and merchant information and Forwards Authorization Request to 315 3151 315 identifies 116 based on PAN BIN and forwards Authorization Request to 116 1163 116 checks PAN provided in 3151 to determine if 111 is registered for UPAAS services and if yes sends Approval Request to 125 with PAN, 214 information and Transaction Amount 1253 125 identifies 122 using PAN, checks 122 status and if valid sends Approval Request to 122 1114 111 reviews 214 Name & Location, Transaction Amount as displayed by 122 and confirms acceptance by entering UVM and “From Account
  • Password is either entered by 131 or implicitly provided by 122 1258 125 verifies User Name & Password, checks 131 status and if valid sends Login Response to 122/establishes an open session and awaits for Approval Request from 136 2341 234 sends Cheque Verification Request to 235 with appropriate 234 information, Transaction Amount and captured Cheque Information 2351 235 sends Cheque Verification Request with appropriate acquirer and merchant information to 335 3351 335 identifies 136 based on cheque number and forwards Cheque Verification Request to 136 1363 136 checks Cheque Number provided in 3351 to verify if 131 is registered for UPAAS services and if yes sends Approval Request to 125 with Cheque Number, 234 information and Transaction Amount 1253 125 identifies 122 using Cheque Number, checks 122 status and if valid sends Approval Request to 122 1314 131 reviews Cheque Number, 234 Name & Location, Transaction Amount as displayed by 122 and confirms acceptance by entering UV
  • Password is either entered by 141 or implicitly provided by 122 1258 125 verifies User Name & Password, checks 141 status and if valid sends Login Response to 122/establishes an open session and awaits for Approval Request from 146 2441 244 sends ID Verification Request to 245 with appropriate 244 information and captured ID Information 2451 245 forwards ID Verification Request to 146 1463 146 checks ID provided in 2451 to determine if 141 is registered for UPAAS services and if yes sends Approval Request to 125 with 214 information 1253 125 identifies 122 using ID, checks its status and if valid sends Approval Request to 122 1414 141 reviews 244 Name & Location as displayed by 122 and confirms acceptance by entering UVM 1224 122 sends Approval Response to 125 with encrypted UVM Block 1255 125 sends UVM Verification Request to 109 1096 109 verifies UVM and sends UVM Verification Response to 125 1254 125 sends Approv

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides Users of Retail Payment and Identification instruments with the ability to review transaction details and approve transaction by capturing UVM in User controlled environment and Issuers of these instruments with the ability to positively authenticate Users in Issuer controlled environment. The invention accounts for real time legacy or non-legacy processing systems to provide an authorization request from POA to Issuer Host. The invention introduces two UPAAS components—User Gateway and User Application. The UPAAS User Gateway is implemented in an Issuer controlled environment enabling interface between Issuer legacy Host and UPAAS User Applications. The UPAAS User Application can be implemented on any device supporting communication protocol such as TCP/IP without any hardware changes enabling the User to login to UPAAS User Gateway, review and approve or decline a specific transaction in real time by entering UVM, such as PIN, for User authentication purposes.

Description

    BACKGROUND OF THE INVENTION
  • The foundation of the invention was a realization of the existing problems and opportunities that emerging technologies are bringing along in the areas of transaction approval and User authentication for Retail Payment and Identification transactions.
    • Recognized Problems
      • For a number of years the Card industry has been facing demands for a stronger Cardholder authentication and better protection of User and Payment instrument proprietary information. The Card industry responded with EMV-chip cards where an offline PIN was introduced replacing or substituting signature as CVM. An Offline PIN is significantly more reliable than a signature however it came with a price: the cost of EMV implementation and maintenance is significant and is billed to all parties: Merchants/POA, Acquirer, Network and Issuers. Another downside is that the PIN remained captured at POA and User verification remained within the POA environment. To mitigate the risks the Payment Card. Industry (PCI) introduced PED and Data Security standards which improved security however also further increased the cost of implementation and maintenance. Verification of a CVM at the POA means that the Issuer is advised of the Cardholder Verification Result, but not actually performing User authentication, which opens up doors for “wedge” (man-in-the middle) attacks and other fraud risks.
      • The personal and traveler's cheques industry currently provides the ability to validate the cheques or drafts being presented, verify the history of the User (account holder), to validate the Routing Number and verify the User Account number status, however User authentication is not currently available for cheque transactions which along with the cost of Cheque Verification processing contributed to the constant decline of cheque use.
      • Users of identification instruments like Insurance and Health cards are either not authenticated at all or the authentication is performed by the accepter using other pictured IDs, like a Driver's license.
    Perceived Opportunities
      • Mass adoption of data enabled devices enables a reach to Users of Retail payment and Identification instruments in real time, anytime, anywhere enabling User transaction approval and User authentication in Issuer controlled environment that was previously not possible.
      • Providing Users of Payment and Identification instruments with the ability to review and approve transactions and enter UVMs at the devices they control improves the security of UVM and effectively externalizes User Transaction approval and User authentication from POA/accepter's environment thus removing the line between User (Cardholder) Present and User (Cardholder) Not Present transactions.
      • User Transaction approval and User authentication naturally belong to Issuer environment. Ensuring this decouples the Payment Instrument information (processed in authorization request/response) from User Authentication information which significantly contributes to fraud prevention.
    BRIEF SUMMARY OF THE INVENTION
  • The invention accounts for legacy or non-legacy real time processing systems providing transaction details captured at a POA to the Issuer Host through an Acquirer and when appropriate Network environment in the form of transaction authorization request. At a minimum the Transaction authorization request provides Payment or Identification Instrument ID (i.e. Primary Account Number), POA information (i.e. Accepter Name and Location) and Transaction Amount.
  • The invention introduces two components:
      • UPAAS User Gateway (125) implemented in Issuer controlled environment which facilitates processing of Approval Request/Response between Issuer Card, Card-less or ID Legacy systems and UPAAS User Application (122).
      • UPAAS User Application (122) which can be implemented on any device supporting appropriate data communication protocol such as TCP/IP. It provides Users with ability to review and accept or decline the transaction once the authorization request is received by the Issuer. The User confirms acceptance of a transaction by entering UVM which is encrypted by the UPAAS User application and forwarded to Issuer for User authentication and Issuer approval.
  • The invention externalizes User Authentication from a legacy POA, Acquiring and Network systems and enables Issuers of Retail Payment and Identification instruments with ability to positively authenticate Users of these instruments in real time in Issuer controlled environment without any involvement of POA, acquiring and network systems in User authentication.
  • The invention externalizes User transaction approval from a legacy POA and enables Issuers of Retail Payment and Identification instruments with ability to request a transaction approval from Users in real time after the Issuer receives authorization request for the transaction and before the Issuer approval is granted. As a result of this the invention makes the Issuer approval contingent to the User's approval ensuring non-repudiation of Issuer approved transactions.
  • The invention provides Users of Retail Payment and Identification instruments with the ability to review and approve or decline transaction and capture UVM on self controlled devices, thus decoupling Point of (Instrument) Acceptance from Point of Transaction Approval and Point of User Authentication, which effectively removes the line between User Present and User Not-Present transactions.
  • By externalizing User Authentication from the POA the invention ensures that the Payment Instrument information (i.e. Primary Account Number) and User Verification information (i.e. PIN) are neither captured nor processed together at any point of the transaction life cycle. This prevents the association of the Instrument and UVM information by anyone but the User and Issuer, thus reducing the possibility of creating and using the counterfeit instruments.
  • The major benefits of the invention are the following:
      • No physical changes or modifications are required to devices where the UPAAS User Application is implemented.
      • Issuer performs User Authentication in its own environment which is currently possible for ATM on-us transactions only. The same increases transaction security and simplifies implementation and change management: any modification or improvements can be done without impacts to Merchant, Acquirer and Network environments.
      • Accepters of Payment or Identification instruments are spared from implementing and maintaining User Authentication functions at their POA devices while enjoying increased guarantee of payment and non-repudiation.
      • Acquirer processors and Networks are spared from, implementing and maintaining Industry mandates related to User authentication and data security standards including but not limited to secure UVM capture, encryption and support of associated key infrastructure.
      • Users are provided with the opportunity to review and approve or decline the transaction in a self controlled environment and the ability to identify and decline a fraudulent or incorrectly processed transaction request before it is processed by the Issuer Host.
    BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
  • The drawings provided herein present possible implementation scenarios of the invention. These scenarios should be taken as examples only and they are not meant to limit implementation of the invention beyond presented scenarios, nor limit the scope, implementation type or configuration of the invention providing that the spirit of the invention is preserved as set forth in the invention claims.
  • FIG. 1 presents a process flow of the embodiment enabling transaction approvals to Users and User Authentication to Issuers of non-proprietary Card. Retail Payment Instruments in legacy Open Loop scenario where Issuer uses its legacy system for PIN verification.
  • FIG. 2 presents a process flow of the embodiment enabling transaction approvals to Users and User Authentication to Issuers of non-proprietary Card Retail Payment Instruments in legacy Open Loop scenario where Issuer uses UPAAS for UVM verification.
  • FIG. 3 presents a process flow of the embodiment enabling transaction approval to Users and User Authentication to Issuers of proprietary Card Retail Payment Instruments in legacy Closed Loop scenario where Issuer uses UPAAS for UVM verification.
  • FIG. 4 presents a process flow of the embodiment enabling transaction approval to Users and User Authentication to Issuers of Card-less Retail Payment Instruments in legacy Open Loop scenario where Issuer uses UPAAS for UVM verification.
  • FIG. 5 presents a process flow of the embodiment enabling transaction approval to Users and User Authentication to Issuers of Card-less Retail Payment Instruments in legacy Closed Loop scenario where Issuer uses UPAAS for UVM verification.
  • FIG. 6 presents a process flow of the embodiment enabling transaction approval to Users and User Authentication to Issuers when Identification Instruments are used in legacy Closed Loop scenario where Issuer uses UPAAS for UVM verification.
    •  DETAILED DESCRIPTION OF THE INVENTION
  • Details of end-to end transaction flow and User transaction approval and User Authentication processes are as presented in FIGS. 1-6 and corresponding descriptions in the tables below.
  • TABLE 1
    Detailed description of process flow and relevant business logic exercised in
    UPAAS implementation scenario presented in FIG. 1 where User Approval and
    Authentication processes are exercised for Card retail payment transactions
    initiated and processed in an Open Loop Card Legacy environment where Issuer
    verifies PIN in its legacy environment.
    1110 If unattended POA 111 swipes card; If eCommerce transaction 111 enters Card
    number and other requested information (i.e. CVV2/CVC2) as requested by e-
    Commerce web site.
    2130 If attended POA 213 swipes card and enters amount; If MOTO 213 enters Card
    number and amount;
    1117 111 activates 122 in order to establish connection with 125
    1227 122 sends Login Request to 125 where User Name is implicitly provided by 122.
    Subject to Issuer requirements Password is either entered by 111 or implicitly
    provided by 122
    1258 125 verifies User Name & Password, checks 111 status and if valid sends Login
    Response to 122/establishes an open session and awaits for Approval Request
    from 116
    2141 214 sends Authorization Request to 215 with appropriate 214 information,
    Transaction Amount and captured Card Information
    2151 215 enriches Authorization Request with appropriate acquirer and merchant
    information and Forwards Authorization Request to 315
    3151 315 identifies 116 based on PAN BIN and forwards Authorization Request to 116
    1163 116 checks PAN provided in 3151 to determine if 111 is registered for UPAAS
    services and if yes sends Approval Request to 125 with PAN, 214 information and
    Transaction Amount
    1253 125 identifies 122 using PAN, checks 122 status and if valid sends Approval
    Request to 122
    1114 111 reviews 214 Name & Location, Transaction Amount as received in 1253 and
    displayed by 122 and confirms acceptance by entering PIN and “From Account
    Type”
    1224 122 sends Approval Response to 125 with encrypted PIN Block and “From
    Account” type
    1254 125 sends Approval Response to 116 with encrypted PIN Block and “From
    Account” type
    1165 116 sends PIN Verification Request to 109
    1096 109 verifies PIN and sends PIN Verification Response to 116
    1161 116 sends Fund Authorization Request to 118
    1182 118 verifies account balance/open to buy and sends Authorization Response to
    116
    1162 116 sends Authorization Response to 315
    3152 315 forwards Authorization Response to 215
    2152 215 forwards Authorization Response to 214 at which point goods or services are
    granted to 111
    1169 Subject to Issuer Requirement 116 sends Authorization Advice to 125
    1259 If 1169 received from 116 then 125 sends Authorization Advice to 122 at which
    point the session is closed
  • TABLE 2
    Detailed description of process flow and relevant business logic exercised in
    UPAAS implementation scenario presented in FIG. 2 where User Approval and
    Authentication processes are exercised for Card retail payment transactions
    initiated at and processed through an Open Loop Card Legacy environment where
    UVM Verification is completed between the UPAAS User Gateway and Issuer UVM
    Verification system.
    1110 If unattended POA 111 swipes card; if eCommerce transaction 111 enters Card
    number and other requested information (i.e. CVV2/CVC2) as requested by e-
    Commerce web site.
    2130 If attended POA 213 swipes card and enters amount; If MOTO 213 enters Card
    number and amount;
    1117 111 activates 122 in order to establish connection with 125
    1227 122 sends Login Request to 125 where User Name is implicitly provided by 122.
    Subject to Issuer requirements Password is either entered by 111 or implicitly
    provided by 122
    1258 125 verifies User Name & Password, checks 111 status and if valid sends Login
    Response to 122/establishes an open session and awaits for Approval Request
    from 116
    2141 214 sends Authorization Request to 215 with appropriate 214 information,
    Transaction Amount and captured Card Information
    2151 215 enriches Authorization Request with appropriate acquirer and merchant
    information and Forwards Authorization Request to 315
    3151 315 identifies 116 based on PAN BIN and forwards Authorization Request to 116
    1163 116 checks PAN provided in 3151 to determine if 111 is registered for UPAAS
    services and if yes sends Approval Request to 125 with PAN, 214 information and
    Transaction Amount
    1253 125 identifies 122 using PAN, checks 122 status and if valid sends Approval
    Request to 122
    1114 111 reviews 214 Name & Location, Transaction Amount as displayed by 122 and
    confirms acceptance by entering UVM and “From Account Type”
    1224 122 sends Approval Response to 125 with Encrypted UVM and “From Account”
    type
    1255 125 sends UVM Verification Request to 109
    1096 109 verifies UVM and sends UVM Verification Response to 125
    1254 125 sends Approval Response to 116 with “From Account” type
    1161 116 sends Fund Authorization Request to 118
    1182 118 verifies account balance/open to buy and sends Authorization Response to
    116
    1162 116 sends Authorization Response to 315
    3152 315 forwards Authorization Response to 215
    2152 215 forwards Authorization Response to 214 at which point goods or services are
    granted to 111
    1169 Subject to Issuer Requirement 116 sends Authorization Advice to 125
    1259 If 1169 received from 116 125 sends Authorization Advice to 122 at which point
    the session is closed
  • TABLE 3
    Detailed description of process flow and relevant business logic exercised in
    UPAAS implementation scenario presented in FIG. 3 where User Approval and
    Authentication processes are exercised for Card retail payment transactions
    initiated at and processed through a Closed Loop Card Legacy environment where
    UVM Verification is completed between the UPAAS User Gateway and Issuer UVM
    Verification system.
    1110 If unattended POA 111 swipes card.
    2130 If attended POA 213 swipes card and enters amount
    1117 111 activates 122 in order to establish connection with 125
    1227 122 sends Login Request to 125 where User Name is implicitly provided by 122.
    Subject to Issuer requirements Password is either entered by 111 or implicitly
    provided by 122
    1258 125 verifies User Name & Password, checks 111 status and if valid sends Login
    Response to 122/establishes an open session and awaits for Approval Request from
    116
    2141 214 sends Authorization Request to 215 with appropriate 214 information,
    Transaction Amount and captured Card Information
    2151 215 enriches Authorization Request with appropriate acquirer and merchant
    information and Forwards Authorization Request to 116
    1163 116 checks PAN provided in 3151 to determine if 111 is registered for UPAAS services
    and if yes sends Approval Request to 125 with PAN, 214 information and Transaction
    Amount
    1253 125 identifies 122 using PAN, checks 122 status and if valid sends Approval Request to
    122
    1114 111 reviews 214 Name & Location, Transaction Amount as displayed by 122 and
    confirms acceptance by entering UVM and “From Account Type”
    1224 122 sends Approval Response to 125 with UVM Block Encrypted and “From Account”
    type
    1255 125 sends UVM Verification Request to 109
    1096 109 verifies UVM and sends UVM Verification Response to 125
    1254 125 sends Approval Response to 116 with “From Account” type
    1161 116 sends Fund Authorization Request to 118
    1182 118 verifies account balance/open to buy and sends Authorization Response to 116
    1162 116 sends Authorization Response to 215
    2152 215 forwards Authorization Response to 214 at which point goods or services are
    granted to 111
    1169 Subject to Issuer Requirement 116 sends Authorization Advice to 125
    1259 If 1169 received from 116 then 125 sends Authorization Advice to 122 at which point
    the session is closed
  • TABLE 4
    Detailed description of process flow and relevant business logic exercised in
    UPAAS implementation scenario presented in FIG. 4 where User Approval and
    Authentication processes are exercised for Card-less retail payment transactions
    initiated at and processed through an Open Loop Legacy environment where UVM
    Verification is completed between the UPAAS User Gateway and Issuer UVM
    Verification system.
    2330 233 enters amount and Cheque number (manual entry or bar code read)
    1317 131 activates 122 in order to establish connection with 125
    1227 122 sends Login Request to 125 where User Name is implicitly provided by 122.
    Subject to Issuer requirements Password is either entered by 131 or implicitly
    provided by 122
    1258 125 verifies User Name & Password, checks 131 status and if valid sends Login
    Response to 122/establishes an open session and awaits for Approval Request
    from 136
    2341 234 sends Cheque Verification Request to 235 with appropriate 234 information,
    Transaction Amount and captured Cheque Information
    2351 235 sends Cheque Verification Request with appropriate acquirer and merchant
    information to 335
    3351 335 identifies 136 based on cheque number and forwards Cheque Verification
    Request to 136
    1363 136 checks Cheque Number provided in 3351 to verify if 131 is registered for
    UPAAS services and if yes sends Approval Request to 125 with Cheque Number,
    234 information and Transaction Amount
    1253 125 identifies 122 using Cheque Number, checks 122 status and if valid sends
    Approval Request to 122
    1314 131 reviews Cheque Number, 234 Name & Location, Transaction Amount as
    displayed by 122 and confirms acceptance by entering UVM
    1224 122 sends Approval Response to 125 with encrypted UVM Block
    1255 125 sends UVM Verification Request to 109
    1096 109 verifies UVM and sends UVM Verification Response to 125
    1254 125 sends Approval Response to 136
    1361 136 sends Fund Authorization Request to 138
    1382 138 verifies account balance against requested amount and sends Fund
    Authorization Response to 136
    1362 136 sends Cheque Verification Response to 335
    3352 335 forwards Cheque Verification Response to 235
    2352 235 forwards Cheque Verification Response to 234 at which point goods or
    services or cash withdrawal is granted to 131
    1369 Subject to Issuer Requirement 136 sends Cheque Verification Advice to 125
    1259 If 1369 received from 136 then 125 sends Cheque Verification Advice to 122 at
    which point the session is closed
  • TABLE 5
    Detailed description of process flow and relevant business logic exercised in
    UPAAS implementation scenario presented in FIG. 5 where User Approval and
    Authentication processes are exercised for Card-less retail payment transactions
    initiated at and processed through a Close Loop Legacy environment where UVM
    Verification is completed between the UPAAS User Gateway and Issuer UVM
    Verification system.
    2330 233 enters amount and Cheque number (manual entry or bar code read)
    1317 131 activates 122 in order to establish connection with 125
    1227 122 sends Login Request to 125 where User Name is implicitly provided by 122.
    Subject to Issuer requirements Password is either entered by 131 or implicitly
    provided by 122
    1258 125 verifies User Name & Password, checks 131 status and if valid sends Login
    Response to 122/establishes an open session and awaits for Approval Request
    from 136
    2341 234 sends Cheque Verification Request to 235 with appropriate 234 information,
    Transaction Amount and captured Cheque Information
    2351 235 sends Cheque Verification Request with appropriate acquirer and merchant
    information to 136
    1363 136 checks Cheque Number provided in 3351 to verify if 131 is registered for
    UPAAS services and if yes sends Approval Request to 125 with Cheque Number,
    234 information and Transaction Amount
    1253 125 identifies 122 using Cheque Number, checks 122 status and if valid sends
    Approval Request to 122
    1314 131 reviews Cheque Number, 234 Name & Location, Transaction Amount as
    displayed by 122 and confirms acceptance by entering UVM
    1224 122 sends Approval Response to 125 with encrypted UVM Block
    1255 125 sends UVM Verification Request to 109
    1096 109 verifies UVM and sends UVM Verification Response to 125
    1254 125 sends Approval Response to 136
    1361 136 sends Fund Authorization Request to 138
    1382 138 verifies account balance against requested amount and sends Fund
    Authorization Response to 136
    1362 136 sends Cheque Verification Response to 235
    2352 235 forwards Cheque Verification Response to 234 at which point goods or
    services or cash withdrawal is granted to 131
    1369 Subject to Issuer Requirement 136 sends Cheque Verification Advice to 125
    1259 If 1369 received from 136 then 125 sends Cheque Verification Advice to 122 at
    which point the session is closed
  • TABLE 6
    Detailed description of process flow and relevant business logic exercised in
    UPAAS implementation scenario presented in FIG. 6 where User Approval and
    Authentication processes are exercised for Identification instrument
    transactions initiated at and processed through a Close Loop processing
    environment where UVM Verification is completed between the UPAAS User
    Gateway and Issuer UVM Verification system
    2430 243 enters ID Number (manually or through bar or magstripe read)
    1417 141 activates 122 in order to establish connection with 125
    1227 122 sends Login Request to 125 where User Name is implicitly provided by 122.
    Subject to Issuer requirements Password is either entered by 141 or implicitly
    provided by 122
    1258 125 verifies User Name & Password, checks 141 status and if valid sends Login
    Response to 122/establishes an open session and awaits for Approval Request
    from 146
    2441 244 sends ID Verification Request to 245 with appropriate 244 information and
    captured ID Information
    2451 245 forwards ID Verification Request to 146
    1463 146 checks ID provided in 2451 to determine if 141 is registered for UPAAS
    services and if yes sends Approval Request to 125 with 214 information
    1253 125 identifies 122 using ID, checks its status and if valid sends Approval Request
    to 122
    1414 141 reviews 244 Name & Location as displayed by 122 and confirms acceptance
    by entering UVM
    1224 122 sends Approval Response to 125 with encrypted UVM Block
    1255 125 sends UVM Verification Request to 109
    1096 109 verifies UVM and sends UVM Verification Response to 125
    1254 125 sends Approval Response to 146
    1462 146 sends ID Verification Response to 245
    2452 245 forwards ID Verification Response to 244 at which point User verification has
    been confirmed
    1469 Subject to Issuer Requirement 146 sends ID Verification Advice to 125
    1259 If 1469 received from 146 then 125 sends ID Verification Advice to 122 at which
    point the session is closed

Claims (5)

1. A method of enabling issuers of retail payment and identification instruments to request and receive approval from users of these instruments in transaction real time to authenticate the users, comprising:
sending a request, from an issuer host, to a user comprising a request for the user to provide information of one or more data connected devices during a registration process wherein this information is associated with a user ID and used for processing a user approval request and response;
sending download instructions for a user application to the user and enabling the user to download the user application to one or more of the data connected devices over a wired or wireless communication protocol;
providing the user with an ability to activate the user application using a one-time authentication key or a method selected by the issuer;
receiving, on the issuer host, a transaction authorization request from at least one of a network or an acquirer, the transaction authorization request comprising information describing a presently-unapproved transaction;
sending the user approval request in transaction real time requesting the user to approve or decline the transaction and prompting the user to enter a user verification method key; and
sending the user approval response to the issuer host for approval by the issuer.
2. The method of claim 1, wherein the user approval request includes at least the user ID, an accepter name and location, and a transaction currency and amount.
3. The method of claim 1, wherein the user approval request requests additional information from the user including at least one account type.
4. The method of claim 1, wherein the user approval response indicates whether the user accepted or declined the transaction, wherein user acceptance of the transaction includes an encrypted user verification method key block.
5. The method of claim 1, further comprising:
capturing the user verification method key for approved transactions wherein subject to issuer discretion the user verification method key may information known only to the user;
encrypting the user verification method key using either symmetric or asymmetric keys;
sending the encrypted user verification method key in the user approval response without including any other information that can be associated with the identity of the user identity or the user payment and identification instrument information;
decrypting the user verification method key block received in the user approval response using either symmetric or asymmetric keys; and
verifying an authenticity of the user.
US16/106,518 2010-08-02 2018-08-21 User positive approval and authentication services (upaas) Abandoned US20180357642A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US16/106,518 US20180357642A1 (en) 2010-08-02 2018-08-21 User positive approval and authentication services (upaas)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/848,973 US9619801B2 (en) 2010-08-02 2010-08-02 User positive approval and authentication services (UPAAS)
US15/443,185 US10078841B2 (en) 2010-08-02 2017-02-27 User positive approval and authentication services (UPAAS)
US16/106,518 US20180357642A1 (en) 2010-08-02 2018-08-21 User positive approval and authentication services (upaas)

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US15/443,185 Continuation US10078841B2 (en) 2010-08-02 2017-02-27 User positive approval and authentication services (UPAAS)

Publications (1)

Publication Number Publication Date
US20180357642A1 true US20180357642A1 (en) 2018-12-13

Family

ID=45527728

Family Applications (3)

Application Number Title Priority Date Filing Date
US12/848,973 Active 2032-03-15 US9619801B2 (en) 2010-08-02 2010-08-02 User positive approval and authentication services (UPAAS)
US15/443,185 Active US10078841B2 (en) 2010-08-02 2017-02-27 User positive approval and authentication services (UPAAS)
US16/106,518 Abandoned US20180357642A1 (en) 2010-08-02 2018-08-21 User positive approval and authentication services (upaas)

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US12/848,973 Active 2032-03-15 US9619801B2 (en) 2010-08-02 2010-08-02 User positive approval and authentication services (UPAAS)
US15/443,185 Active US10078841B2 (en) 2010-08-02 2017-02-27 User positive approval and authentication services (UPAAS)

Country Status (1)

Country Link
US (3) US9619801B2 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110078025A1 (en) * 2008-06-13 2011-03-31 Shourabh Shrivastav Real time authentication of payment cards
US9619801B2 (en) * 2010-08-02 2017-04-11 Stanton Management Group, Inc. User positive approval and authentication services (UPAAS)
SG2014008932A (en) 2014-02-06 2015-09-29 Mastercard Asia Pacific Pte Ltd A method and a corresponding proxy server, system, computer-readable storage medium and computer program
CN104657555A (en) * 2015-02-11 2015-05-27 北京麓柏科技有限公司 TOE (TCP/IP Offload Engine) verification method based on UVM (Universal Verification Methodology) and TOE verification platform based on UVM
US10586259B2 (en) * 2017-06-07 2020-03-10 Mastercard International Incorporated Enriching merchant identifiers associated with account data update requests
US11880842B2 (en) * 2018-12-17 2024-01-23 Mastercard International Incorporated United states system and methods for dynamically determined contextual, user-defined, and adaptive authentication
US10937030B2 (en) 2018-12-28 2021-03-02 Mastercard International Incorporated Systems and methods for early detection of network fraud events
US11521211B2 (en) 2018-12-28 2022-12-06 Mastercard International Incorporated Systems and methods for incorporating breach velocities into fraud scoring models

Citations (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5708422A (en) * 1995-05-31 1998-01-13 At&T Transaction authorization and alert system
US20040254848A1 (en) * 2000-10-23 2004-12-16 Lior Golan Transaction system
US20060059110A1 (en) * 2002-04-03 2006-03-16 Ajay Madhok System and method for detecting card fraud
US20060131385A1 (en) * 2004-12-16 2006-06-22 Kim Mike I Conditional transaction notification and implied approval system
US7143069B2 (en) * 2001-05-25 2006-11-28 American Express Travel Related Services Co. System and method for interactive secure dialog between card holder and issuer
US20070052517A1 (en) * 2001-07-10 2007-03-08 American Express Travel Related Services Company, Inc. Systems and methods for non-traditional payment using biometric data
US20070262136A1 (en) * 2006-01-31 2007-11-15 Xiaofeng Ou Anti-Fraud Credit/Debit Card Authorization System and Method
US20080021787A1 (en) * 2006-07-14 2008-01-24 Mackouse Jack Customer controlled account, system, and process
US7331518B2 (en) * 2006-04-04 2008-02-19 Factortrust, Inc. Transaction processing systems and methods
US20080288405A1 (en) * 2007-05-20 2008-11-20 Michael Sasha John Systems and Methods for Automatic and Transparent Client Authentication and Online Transaction Verification
US20090164354A1 (en) * 2008-11-21 2009-06-25 Pscu Financial Services Method and apparatus for consumer driven protection for payment card transactions
US20100121767A1 (en) * 2008-11-08 2010-05-13 Coulter Todd R Intermediary service and method for processing financial transaction data with mobile device confirmation
US20100125737A1 (en) * 2008-11-14 2010-05-20 Denis Kang Payment transaction processing using out of band authentication
US20100250442A1 (en) * 2009-03-30 2010-09-30 Appsware Wireless, Llc Method and system for securing a payment transaction with a trusted code base
US20100248779A1 (en) * 2009-03-26 2010-09-30 Simon Phillips Cardholder verification rule applied in payment-enabled mobile telephone
US7840459B1 (en) * 2003-05-22 2010-11-23 Visa U.S.A. Inc. Method and apparatus for identity theft prevention
US7857212B1 (en) * 2008-02-14 2010-12-28 Capital One Financial Corporation Method and system for authorizing card account transactions by geographic region
US20110296521A1 (en) * 2008-12-17 2011-12-01 Gemalto Sa Method and token for managing one processing relating to an application supported or to be supported by a token
US8078538B1 (en) * 2006-06-30 2011-12-13 United States Automobile Association (USAA) Systems and methods for remotely authenticating credit card transactions
US8135647B2 (en) * 2006-06-19 2012-03-13 Visa U.S.A. Inc. Consumer authentication system and method
US8140418B1 (en) * 2009-01-09 2012-03-20 Apple Inc. Cardholder-not-present authorization
US20130041831A1 (en) * 2010-04-13 2013-02-14 Pranamesh Das Secure and shareable payment system using trusted personal device
US8396455B2 (en) * 2008-09-25 2013-03-12 Visa International Service Association Systems and methods for sorting alert and offer messages on a mobile device
US8401904B1 (en) * 2011-11-13 2013-03-19 Google Inc. Real-time payment authorization
US8478692B2 (en) * 2008-06-26 2013-07-02 Visa International Service Association Systems and methods for geographic location notifications of payment transactions
US8577804B1 (en) * 2008-02-20 2013-11-05 Collective Dynamics LLC Method and system for securing payment transactions
US8615438B2 (en) * 2009-04-28 2013-12-24 Visa International Service Association Time-dependent response to user-determined unauthorized transaction
US9544143B2 (en) * 2010-03-03 2017-01-10 Duo Security, Inc. System and method of notifying mobile devices to complete transactions
US9965757B2 (en) * 2010-06-07 2018-05-08 |Am| Authentications Inc. Method and system for controlling access to a financial account
US9996825B1 (en) * 2009-08-20 2018-06-12 Apple Inc. Electronic device enabled payments
US10078841B2 (en) * 2010-08-02 2018-09-18 Stanton Management Group, Inc. User positive approval and authentication services (UPAAS)

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6895391B1 (en) * 1999-11-09 2005-05-17 Arcot Systems, Inc. Method and system for secure authenticated payment on a computer network
IE20020534A1 (en) * 2001-06-27 2002-12-30 Snapcount Ltd Transaction processing
AU2003212867A1 (en) * 2002-01-30 2003-09-02 Mastercard International Incorporated System and method for conducting secure payment transaction
US7110792B2 (en) * 2003-05-19 2006-09-19 Einar Rosenberg Apparatus and method for increased security of wireless transactions
US20040243856A1 (en) * 2003-05-29 2004-12-02 Will Shatford Four factor authentication system and method
US7958030B2 (en) * 2004-09-01 2011-06-07 Visa U.S.A. Inc. System and method for issuer originated payments for on-line banking bill payments
US20060131390A1 (en) * 2004-12-16 2006-06-22 Kim Mike I Method and system for providing transaction notification and mobile reply authorization
US8700729B2 (en) * 2005-01-21 2014-04-15 Robin Dua Method and apparatus for managing credentials through a wireless network
US7533047B2 (en) * 2005-05-03 2009-05-12 International Business Machines Corporation Method and system for securing card payment transactions using a mobile communication device
US7886969B2 (en) * 2005-12-06 2011-02-15 Visa U.S.A. Inc. Method and system for loading and reloading portable consumer devices
US8566239B2 (en) * 2007-02-22 2013-10-22 First Data Corporation Mobile commerce systems and methods
US20080272188A1 (en) * 2007-05-02 2008-11-06 I4 Commerce Inc. Distributed system for commerce
JP5241319B2 (en) * 2008-05-15 2013-07-17 インターナショナル・ビジネス・マシーンズ・コーポレーション Computer system for managing a password for detecting information about components arranged on a network, method and computer program therefor
US8559923B2 (en) * 2009-05-18 2013-10-15 Mastercard International Incorporated Switching functions for mobile payments system
US20100312703A1 (en) * 2009-06-03 2010-12-09 Ashish Kulpati System and method for providing authentication for card not present transactions using mobile device
US20100317318A1 (en) * 2009-06-10 2010-12-16 Carter Ronald D Methods and apparatus for providing pre-paid payment capability on mobile telephone
US20100318446A1 (en) * 2009-06-10 2010-12-16 Carter Ronald D Flexible risk management for pre-authorization top-ups in payment devices
US8167200B2 (en) * 2009-07-09 2012-05-01 Kenichi Uchikura Authorization verification system
US11263625B2 (en) * 2010-01-19 2022-03-01 Bluechain Pty Ltd. Method, device and system for securing payment data for transmission over open communication networks
US20110251910A1 (en) * 2010-04-13 2011-10-13 James Dimmick Mobile Phone as a Switch

Patent Citations (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5708422A (en) * 1995-05-31 1998-01-13 At&T Transaction authorization and alert system
US20040254848A1 (en) * 2000-10-23 2004-12-16 Lior Golan Transaction system
US7143069B2 (en) * 2001-05-25 2006-11-28 American Express Travel Related Services Co. System and method for interactive secure dialog between card holder and issuer
US20070052517A1 (en) * 2001-07-10 2007-03-08 American Express Travel Related Services Company, Inc. Systems and methods for non-traditional payment using biometric data
US20060059110A1 (en) * 2002-04-03 2006-03-16 Ajay Madhok System and method for detecting card fraud
US7840459B1 (en) * 2003-05-22 2010-11-23 Visa U.S.A. Inc. Method and apparatus for identity theft prevention
US20060131385A1 (en) * 2004-12-16 2006-06-22 Kim Mike I Conditional transaction notification and implied approval system
US20070262136A1 (en) * 2006-01-31 2007-11-15 Xiaofeng Ou Anti-Fraud Credit/Debit Card Authorization System and Method
US7331518B2 (en) * 2006-04-04 2008-02-19 Factortrust, Inc. Transaction processing systems and methods
US8135647B2 (en) * 2006-06-19 2012-03-13 Visa U.S.A. Inc. Consumer authentication system and method
US8078538B1 (en) * 2006-06-30 2011-12-13 United States Automobile Association (USAA) Systems and methods for remotely authenticating credit card transactions
US20080021787A1 (en) * 2006-07-14 2008-01-24 Mackouse Jack Customer controlled account, system, and process
US20080288405A1 (en) * 2007-05-20 2008-11-20 Michael Sasha John Systems and Methods for Automatic and Transparent Client Authentication and Online Transaction Verification
US7857212B1 (en) * 2008-02-14 2010-12-28 Capital One Financial Corporation Method and system for authorizing card account transactions by geographic region
US8577804B1 (en) * 2008-02-20 2013-11-05 Collective Dynamics LLC Method and system for securing payment transactions
US8478692B2 (en) * 2008-06-26 2013-07-02 Visa International Service Association Systems and methods for geographic location notifications of payment transactions
US8396455B2 (en) * 2008-09-25 2013-03-12 Visa International Service Association Systems and methods for sorting alert and offer messages on a mobile device
US20100121767A1 (en) * 2008-11-08 2010-05-13 Coulter Todd R Intermediary service and method for processing financial transaction data with mobile device confirmation
US20100125737A1 (en) * 2008-11-14 2010-05-20 Denis Kang Payment transaction processing using out of band authentication
US8245044B2 (en) * 2008-11-14 2012-08-14 Visa International Service Association Payment transaction processing using out of band authentication
US20090164354A1 (en) * 2008-11-21 2009-06-25 Pscu Financial Services Method and apparatus for consumer driven protection for payment card transactions
US20110296521A1 (en) * 2008-12-17 2011-12-01 Gemalto Sa Method and token for managing one processing relating to an application supported or to be supported by a token
US8140418B1 (en) * 2009-01-09 2012-03-20 Apple Inc. Cardholder-not-present authorization
US20100248779A1 (en) * 2009-03-26 2010-09-30 Simon Phillips Cardholder verification rule applied in payment-enabled mobile telephone
US20100250442A1 (en) * 2009-03-30 2010-09-30 Appsware Wireless, Llc Method and system for securing a payment transaction with a trusted code base
US8615438B2 (en) * 2009-04-28 2013-12-24 Visa International Service Association Time-dependent response to user-determined unauthorized transaction
US9996825B1 (en) * 2009-08-20 2018-06-12 Apple Inc. Electronic device enabled payments
US9544143B2 (en) * 2010-03-03 2017-01-10 Duo Security, Inc. System and method of notifying mobile devices to complete transactions
US20130041831A1 (en) * 2010-04-13 2013-02-14 Pranamesh Das Secure and shareable payment system using trusted personal device
US9965757B2 (en) * 2010-06-07 2018-05-08 |Am| Authentications Inc. Method and system for controlling access to a financial account
US10078841B2 (en) * 2010-08-02 2018-09-18 Stanton Management Group, Inc. User positive approval and authentication services (UPAAS)
US8401904B1 (en) * 2011-11-13 2013-03-19 Google Inc. Real-time payment authorization

Also Published As

Publication number Publication date
US20120030114A1 (en) 2012-02-02
US9619801B2 (en) 2017-04-11
US20170169427A1 (en) 2017-06-15
US10078841B2 (en) 2018-09-18

Similar Documents

Publication Publication Date Title
US10078841B2 (en) User positive approval and authentication services (UPAAS)
US20200286088A1 (en) Method, device, and system for securing payment data for transmission over open communication networks
US11188901B2 (en) Secure remote payment transaction processing using a secure element
US20190172048A1 (en) Security system incorporating mobile device
US20180053167A1 (en) Processing of financial transactions using debit networks
US7865434B2 (en) Method and system for cross-issuer registration of transaction cards
US7103575B1 (en) Enabling use of smart cards by consumer devices for internet commerce
WO2015175696A1 (en) Master applet for secure remote payment processing
US20130226812A1 (en) Cloud proxy secured mobile payments
KR20160030573A (en) Secure remote payment transaction processing
US20150142666A1 (en) Authentication service
US11301844B2 (en) Cryptographic authentication and tokenized transactions
WO2001082246A3 (en) Online payer authentication service
US20150142669A1 (en) Virtual payment chipcard service
US20180322501A1 (en) Systems and methods for registering for card authentication reads
US20150142667A1 (en) Payment authorization system
El Madhoun et al. An overview of the emv protocol and its security vulnerabilities
US20180308076A1 (en) Electronic financial processing system using personal atm terminal and method for processing thereof
CN111386545A (en) Method and system for conducting transaction
CN111937023B (en) Security authentication system and method
Ogundele et al. The implementation of a full emv smartcard for a point-of-sale transaction
WO2011058376A1 (en) Payment authentication system and processing method
CA2747642A1 (en) User positive approval & authentication services
Xiao et al. A purchase protocol with live cardholder authentication for online credit card payment
CN115777190A (en) Token processing with selective de-tokenization for proximity-based access device interaction

Legal Events

Date Code Title Description
AS Assignment

Owner name: STANTON MANAGEMENT GROUP, INC., NEW YORK

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SIKLJOVAN, BRANISLAV;ANDRIC, RADOSAV;REEL/FRAME:046644/0611

Effective date: 20121208

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STCV Information on status: appeal procedure

Free format text: NOTICE OF APPEAL FILED

STCV Information on status: appeal procedure

Free format text: ON APPEAL -- AWAITING DECISION BY THE BOARD OF APPEALS

STCV Information on status: appeal procedure

Free format text: BOARD OF APPEALS DECISION RENDERED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION