WO2017027580A1 - A method and system for transaction authorization basd on a parallel autonomous channel multi-user and multi-factor authentication - Google Patents

A method and system for transaction authorization basd on a parallel autonomous channel multi-user and multi-factor authentication Download PDF

Info

Publication number
WO2017027580A1
WO2017027580A1 PCT/US2016/046332 US2016046332W WO2017027580A1 WO 2017027580 A1 WO2017027580 A1 WO 2017027580A1 US 2016046332 W US2016046332 W US 2016046332W WO 2017027580 A1 WO2017027580 A1 WO 2017027580A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
owner
account owner
processing system
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2016/046332
Other languages
English (en)
French (fr)
Inventor
Thomas Szoke
Maxim UMAROV
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
AuthID Inc
Original Assignee
ID Global Solutions Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to BR112018002841A priority Critical patent/BR112018002841A8/pt
Priority to EP16835828.1A priority patent/EP3335371A4/en
Priority to US15/751,584 priority patent/US11328299B2/en
Priority to CN201680057390.3A priority patent/CN108352987A/zh
Priority to AU2016304860A priority patent/AU2016304860A1/en
Priority to CA2995379A priority patent/CA2995379C/en
Application filed by ID Global Solutions Corp filed Critical ID Global Solutions Corp
Priority to JP2018527839A priority patent/JP2018533144A/ja
Priority to MX2018001763A priority patent/MX2018001763A/es
Priority to KR1020187006776A priority patent/KR102658597B1/ko
Publication of WO2017027580A1 publication Critical patent/WO2017027580A1/en
Anticipated expiration legal-status Critical
Priority to CONC2018/0002528A priority patent/CO2018002528A2/es
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Definitions

  • the present system and method pertain to electronic transactions and more particularly to a secure method of authorization an electronic transaction through a multi-factor verification process.
  • the current method to perform electronic transactions normally utilize hardware tokens, such as chip or magnetic stripe cards to identify the account of a party involved in the transaction. It may also be used for security purposes as "something-you-have" for their first factor authentication method.
  • Online purchase secured by 3-D secure implementation (Verified by Visa, MasterCard SecureCode, American Express SafeKey, etc) include password or one-time codes which are entered into the application being displayed on a browser running on the same device. Online wire transfers or banking can use a one-time password provided to an external device, however that password must then be directly entered into the application being displayed on the same browser running on the same device.
  • the present system contemplates a secure method of authorizing a transaction by having a unique identifier routed through the transaction processing system triggering autonomous independent channel (out-of-band) multi-factor multi-user identity verification ( s ) .
  • the transaction data or its direct derivative will be injected into the out-of-band communication channel with the unique identifier.
  • the transaction authorization may consist of one or more sub- authorizations (multi-user) in order for the full transaction authorization to be completed. Each sub-authorization requires the designated user to successfully complete a multi-factor authentication; where the user may or may not be a transaction originator.
  • the multi-factor authentication may be provided through specialized combinations of including, but not limited to: codes, biometrics, and/or digital signatures.
  • an account owner i.e. the rightful owner of the credentials associated with a physical token
  • the corresponding identity verification response may be either: a logical sum of individual responses OR a response from an individual selected from the collective based on the policy of a verification process owner.
  • the policy of the verification process owner may be determined based on the transaction data details.
  • the out-of-band channel may be defined as either a completely separate device using a completely separate communications channel or it can be the same physical device using the same communications channel but by a completely independent application and associated backend service.
  • This invention allows the system performing the transaction to not have to participate in the additional transaction authorization mechanism that has been triggered, thus greatly simplifying deployment of the multi-factor authentication solution.
  • the invention allows for the same type of multi-factor multi-user verification ( s ) to be performed in both card present (when the person performing the transaction is physically at the transaction location) and card not present (when the person is performing a transaction on-line) transactions.
  • a method for authorizing a transaction based on a parallel autonomous multi-factor authentication utilizes a transaction processing system.
  • the transaction processing system operates initially by obtaining a physical token to originate a transaction by a transactor and then transmitting a plurality of credentials contained within the physical token to a transaction platform.
  • the transaction platform communicates the credentials to a transaction process owner to verify the account owner to determine whether to authorize the transaction.
  • a verification process owner is automatically activated by the credentials associated with the physical token.
  • the transaction processing system conducts a parallel authentication of an account owner by the transaction process owner and the verification process owner.
  • the transaction platform Upon receiving responses from the transaction process owner and the verification process owner as to the verification and authorization of the transaction, the transaction platform will combine their responses. Finally, the combined response, if containing authorizations from the verification process owner and the transaction process owner, will authorize the transaction by a transactor.
  • the parallel autonomous multi-factor authentication includes transmitting an identity verification request to the account owner by the verification process owner.
  • the account owner in response to the identity verification request provides a plurality of identity verification data by the account owner to help verify the account owner by the verification process owner.
  • FIG. 1 illustrates a block diagram of an exemplary distributed computer system and networked environment for implementation of instant system and method.
  • FIG. 2 illustrates a block diagram of the communication between the components in the system.
  • FIG. 3 illustrates a flow diagram of the data analysis performed by the system.
  • FIG. 4 illustrates a block diagram of one embodiment where a transaction platform delivers transaction details data to a verification process owner.
  • FIG. 5 illustrates a block diagram of one embodiment wherein the verification process owner combines the transaction details and identity verification data of an account owner.
  • FIG. 6 illustrates one embodiment of an exemplary computing system, wherein the systems and methods disclosed herein may be implemented using one or more computer systems.
  • FIG. 1 illustrates a block diagram of one embodiment of a transaction processing system 10 for verifying an electronic transaction.
  • a transactor 2 originates a transaction utilizing a physical token 4 obtained from an account owner 6 of the physical token 4.
  • the physical token 4 is a device or card that contains credentials used in the processing of the transaction, wherein the credentials from the physical token 4 are linked to the account holder 6.
  • the credentials of the physical token 4 are received by the transactor 2, the credentials are sent to a transaction platform 30.
  • the transaction platform 30 is the platform that the transaction is being conducted through (i.e.
  • a credit card processing company wherein the transaction platform 30 is in data communication with a transaction process owner 8 who manages the transaction requests and responds based on its pre-defined business rules.
  • a verification process owner 12 is automatically activated by the credentials associated with the physical token 4 utilized by the transactor 2.
  • the verification process owner 12 is in data communication with the account owner 6 and to autonomously verify the identity of the account owner 6 to confirm that the account owner 6 and the transaction 2 authorize the transaction being processed. Once the transaction platform 30 has received information from the transaction process owner 8 and the verification process owner 12 the transaction platform 30 transmits a message back to the transactor 2 to either approve or deny the transaction.
  • FIG. 2 illustrates a flow diagram of an embodiment of the data analysis performed by the transaction processing system 10.
  • the transactor 2 obtains a physical token 4 that is utilized at a point of origin 50; the point of origin 50 is in electronic and data communication with the transaction platform 30.
  • the point of origin 50 initiates the transaction in the transaction platform 30 with transaction data and the credentials associated with the physical token 4.
  • the transaction platform 30 communicates the transaction details and the credentials provided by the physical token 4 to the verification process owner 10.
  • the verification process owner 12 is automatically activated by the credentials associated with the physical token 4 sends an identity verification request to the account owner 6.
  • the verification process owner initiates an autonomous identify verification request to the account owner 6 to verify that the account owner 6 is authorized the transaction initiated at step 100 by the transactor 2.
  • the identity verification request is transmitted as a unique code to the account owner 6 associated with the credentials provided by the physical token 4.
  • the identity verification request is sent to the account owner's 6 mobile device, however in other embodiments the request is sent to the account holder' s personal computer or an online accessible account associated with the account holder 6.
  • the account owner 6 responds to the identity verification request transmitted by the verification process owner 12 by providing a plurality of personal codes, biometrics and/or digital signatures which are combined with the unique code that were transmitted to the account owner 6.
  • the combined response by the account owner 6 to the verification process owner 12 verifies the identity of the account owner 6 and authorizes the transaction initiated by the transactor 2.
  • the account holder 6 may also respond with a message that either authorizes or denies the transaction.
  • the verification process owner 12 provides the transaction platform 30 with a response based on the response, or lack thereof, from the account holder 6.
  • the transaction platform 30 communicates the transaction details and the provided credentials from the physical token 4 to the transaction process owner 8.
  • the transaction process owner 8 processes the information received from the transaction platform 30 based on pre-determined business rules.
  • the transaction process owner 8 responds to the transaction platform 30.
  • the transaction process owner 8 response will either approve or deny the transaction based on pre-determined business rules.
  • the transaction platform combines the responses from the verification process owner 12 and the transaction process owner 8 and sends the appropriate response to the point of origin 50.
  • the appropriate response will only be an approval if the response from both the verification process owner 12 and the transaction process owner 8 is that the transaction is authorized. If the transaction is denied by either the verification process owner 12 or the transaction process owner 8 the response for the transaction platform 30 will be a denial.
  • the point of origin 50 notifies the transactor 2 of whether the transaction is approved or denied.
  • FIG. 3 illustrates a flow diagram of one embodiment for the authorization of a transaction by the transaction processing system 30.
  • the credentials from a physical token 4 are obtained by a transactor 2 at a point of origin 50.
  • the point of origin 50 initiates a transaction by transmitting the credentials from the physical token 4 and the transaction details to the transaction platform 30.
  • the transaction platform 30 sends the credentials from the physical token 4 and the transaction details to the verification process owner 12.
  • the verification process owner 12 identifies the account owner 6 associated with the credentials from the physical object 4 and asks the account owner 6 whether they approve of the transaction.
  • the account owner 6 responds to the verification process owner 12 with an identification confirmation and either an approval or a denial of the transaction.
  • the verification process owner 8 sends a verification signal to the transaction platform 30 with the approval, denial, or failed identification from the account owner 6.
  • the transaction platform 30 sends the credentials from the physical token 4 and the transaction details to the transaction process owner 8.
  • the transaction process owner 8 processes the transaction details based on pre-determined business rules to determine whether the transaction is approved or denied.
  • the transaction process owner 8 sends a verification response to the transaction platform 30 either approving or denying the transaction based on pre-determined business rules.
  • the transaction platform combines the verification responses from the transaction process owner 8 and the verification process owner 8. If both verification responses approve the transaction the combination will result in a transaction approval. If the combination of the verifications fails to collect approvals from both the transaction process owner 8 and the verification process owner 8, the combination will result in a denial.
  • the transaction platform 30 sends the result of the combination to the point of origin 50.
  • FIG. 4 illustrates an alternate embodiment of the communication between the account owner 6 and the verification process owner 12 to authorize an initiated transaction.
  • the transaction Platform 30 delivers a set of transaction details data 300 or a subset thereof to the verification process owner 12. Following the delivery of the transaction details data 300, the verification process owner 12 subsequently transmits an identity verification request message 302, wherein the identity verification request message 302 also includes the transaction details data 300 or its subset, such that account owner 6 is able to inspect the transaction details data 300 before making a positive or negative authorization decision.
  • the account owner 6 may respond to verification process owner 12 by providing a plurality of identity verification data 304 which includes, but is not limited to: a personal code, a biometric identifier or a derivative thereof.
  • identity verification data 304 includes, but is not limited to: a personal code, a biometric identifier or a derivative thereof.
  • the identify verification data is 304 is combined with the Transaction Details Data 300 subset, and the indicator of positive of negative Authorization decision by the account owner 6.
  • This produces a combined response message 306 which contains the account owner 6 identity verification data 304 together with transaction details 304 and a digital signature 308 or signatures of the full message or certain parts of the message.
  • This embodiment only makes the identity verification valid in the context of the specific transaction initiated and the transaction authorization is only valid if the identity of the account owner whose physical token was utilized to initiate the transaction is verified.
  • This methodology effectively combines the data used for Authentication, the response providing Authorization and confirmation that Authorization is linked to a specific event (transaction) in one response message 306. The message itself when stored provides an Audit trail of the Authentication and Authorization.
  • FIG. 5 illustrates an alternate embodiment wherein the identity verification data 304 or derivative thereof of the account owner 6 is only present within the digital signature 308 of the response message 306.
  • the verification process owner 12 must combine a set of previously known transaction details 310 and previously known identity verification data of the account owner 6 or a part thereof to verify the digital signature 308 of the response message 306 without the need to obtain (receive) the body of the message from the account owner 6, as the verification process owner 12 may recreate the body of the response message 306 based on the verification process owner's 12 previous knowledge. This allows the account owner 6 and the verification process owner 12 to complete a combined Authentication/Authorization process using a derivative of the identity verification data 304.
  • the advantages of this embodiment include that the identity verification data 304 remains secure even if the communication channel is compromised. Also, the amount of data messages and the size of the messages transmitted back to the verification process owner 12 is minimized making this embodiment suitable for real ⁇ time implementation even over data links with slow speed and high latency .
  • FIG. 6 illustrates an exemplary embodiment of a computer system 500, wherein the systems and methods disclosed herein may be implemented using one or more computer systems.
  • the computer system 500 can include one or more processors 502 which can control the operation of the computer system 500.
  • the processor (s) 502 can include any type of microprocessor or central processing unit (CPU) , including programmable general-purpose or special-purpose microprocessors and/or any one of a variety of proprietary or commercially available single or multi-processor systems.
  • the computer system 500 can also include one or more memories 504, which can provide temporary storage for code to be executed by the processor (s) 502 or for data acquired from one or more users, storage devices, and/or databases.
  • the memory 504 can include read-only memory (ROM) , flash memory, one or more varieties of random access memory (RAM) (e.g., static RAM (SRAM), dynamic RAM (DRAM) , or synchronous DRAM (SDRAM) ) , and/or a combination of memory technologies.
  • RAM random access memory
  • the various elements of the computer system 500 can be coupled to a bus system.
  • the bus system can be any one or more separate physical busses, communication lines/interfaces, and/or multi-drop or point-to-point connections, connected by appropriate bridges, adapters, and/or controllers.
  • the computer system 500 can also include one or more network interface (s) 506, one or more input/output (10) interface (s) 508, and one or more storage device (s) 510.
  • the network interface (s) 506 can enable the computer system 500 to communicate with remote devices (e.g., other computer systems) over a network, and can be, for example, remote desktop connection interfaces, Ethernet adapters, and/or other local area network (LAN) adapters.
  • the 10 interface (s) 508 can include one or more interface components to connect the computer system 500 with other electronic equipment.
  • the 10 interface (s) 508 can include high speed data ports, such as USB ports, 1394 ports, etc.
  • the computer system 500 can be accessible to a human user, and thus the 10 interface (s) 508 can include displays, speakers, keyboards, pointing devices, and/or various other video, audio, or alphanumeric interfaces.
  • the storage device (s) 510 can include any conventional medium for storing data in a non- volatile and/or non-transient manner.
  • the storage device (s) 510 can thus hold data and/or instructions in a persistent state (i.e., the value is retained despite interruption of power to the computer system 500) .
  • the storage device (s) 510 can include one or more hard disk drives, flash drives, USB drives, optical drives, various media cards, and/or any combination thereof and can be directly connected to the computer system 500 or remotely connected thereto, such as over a network.
  • the elements illustrated in FIG . 6 can be some or all of the elements of a single physical machine. In addition, not all of the illustrated elements need to be located on or in the same physical or logical machine. Rather, the illustrated elements can be distributed in nature, e.g., using a server farm or cloud-based technology.
  • Exemplary computer systems include conventional desktop computers, workstations, minicomputers, laptop computers, tablet computers, PDAs, mobile phones, and the like. Although an exemplary computer system is depicted and described herein, it will be appreciated that this is for sake of generality and convenience. In other embodiments, the computer system may differ in architecture and operation from that shown and described here.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)
PCT/US2016/046332 2015-08-10 2016-08-10 A method and system for transaction authorization basd on a parallel autonomous channel multi-user and multi-factor authentication Ceased WO2017027580A1 (en)

Priority Applications (10)

Application Number Priority Date Filing Date Title
JP2018527839A JP2018533144A (ja) 2015-08-10 2016-08-10 並列自律チャネルマルチユーザ・マルチファクタ認証に基づく取引承認の方法およびシステム
EP16835828.1A EP3335371A4 (en) 2015-08-10 2016-08-10 METHOD AND SYSTEM FOR AUTHORIZING TRANSACTIONS ON THE BASIS OF PARALLEL AUTONOMOUS MULTIPLE AUTHENTICATION AND MULTIFACTOR AUTHENTICATION
US15/751,584 US11328299B2 (en) 2015-08-10 2016-08-10 Method and system for transaction authorization based on a parallel autonomous channel multi-user and multi-factor authentication
CN201680057390.3A CN108352987A (zh) 2015-08-10 2016-08-10 一种基于并行自主信道多用户多因素身份验证的交易授权方法和系统
AU2016304860A AU2016304860A1 (en) 2015-08-10 2016-08-10 A method and system for transaction authorization basd on a parallel autonomous channel multi-user and multi-factor authentication
BR112018002841A BR112018002841A8 (pt) 2015-08-10 2016-08-10 método e sistema para autorização de transação com base em uma autenticação multiusuário e multifator de canal autônomo paralelo
KR1020187006776A KR102658597B1 (ko) 2015-08-10 2016-08-10 병렬의 자율적인 채널 다중 유저 및 다중 인자 인증에 기초한 트랜잭션 인가를 위한 방법 및 시스템
CA2995379A CA2995379C (en) 2015-08-10 2016-08-10 A method and system for transaction authorization based on a parallel autonomous channel multi-user and multi-factor authentication
MX2018001763A MX2018001763A (es) 2015-08-10 2016-08-10 Un metodo y sistema para autorizacion de transaccion con base en una autenticacion paralela autonoma de canal multi-usuario y multi-factor.
CONC2018/0002528A CO2018002528A2 (es) 2015-08-10 2018-03-09 Método y sistema para la autorización de transacciones basado en un canal autónomo paralelo multiusuario y autenticación multifactor

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201562203024P 2015-08-10 2015-08-10
US62/203,024 2015-08-10

Publications (1)

Publication Number Publication Date
WO2017027580A1 true WO2017027580A1 (en) 2017-02-16

Family

ID=57983625

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2016/046332 Ceased WO2017027580A1 (en) 2015-08-10 2016-08-10 A method and system for transaction authorization basd on a parallel autonomous channel multi-user and multi-factor authentication

Country Status (11)

Country Link
US (1) US11328299B2 (https=)
EP (1) EP3335371A4 (https=)
JP (1) JP2018533144A (https=)
KR (1) KR102658597B1 (https=)
CN (1) CN108352987A (https=)
AU (1) AU2016304860A1 (https=)
BR (1) BR112018002841A8 (https=)
CA (1) CA2995379C (https=)
CO (1) CO2018002528A2 (https=)
MX (1) MX2018001763A (https=)
WO (1) WO2017027580A1 (https=)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102712518B1 (ko) * 2018-11-20 2024-10-02 서강대학교산학협력단 이더리움 샤딩 환경에서 샤드 간 트랜잭션 로드 분배 방법
EP3970029A4 (en) * 2019-06-04 2023-06-28 Digital Asset (Switzerland) GmbH Multi-user database system and method
CN111027977A (zh) * 2019-11-22 2020-04-17 中汇信息技术(上海)有限公司 一种数据验证的方法、装置及电子设备
US12130896B2 (en) * 2021-07-20 2024-10-29 The Toronto-Dominion Bank System and method for authorizing data transfers
US12406256B2 (en) * 2022-01-20 2025-09-02 Mastercard International Incorporated Parallel processing in a network
US12326928B2 (en) 2022-07-29 2025-06-10 Nutanix, Inc. Implementing multi-party authorizations within an identity and access management regime
US12517998B2 (en) 2022-07-29 2026-01-06 Nutanix, Inc. Implementing multi-party authorizations to thwart a ransomware attack
WO2025085220A1 (en) * 2023-10-19 2025-04-24 Visa International Service Association Electronic identification verification for mobile device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050027543A1 (en) * 2002-08-08 2005-02-03 Fujitsu Limited Methods for purchasing of goods and services
US20090106556A1 (en) * 2007-10-19 2009-04-23 Memory Experts International Inc. Method of providing assured transactions using secure transaction appliance and watermark verification

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7231068B2 (en) * 1998-06-19 2007-06-12 Solidus Networks, Inc. Electronic transaction verification system
US20030163739A1 (en) * 2002-02-28 2003-08-28 Armington John Phillip Robust multi-factor authentication for secure application environments
US7707120B2 (en) * 2002-04-17 2010-04-27 Visa International Service Association Mobile account authentication service
JP2004164597A (ja) * 2002-08-08 2004-06-10 Fujitsu Ltd 商品及びサービスを購入する方法
US7264154B2 (en) * 2004-07-12 2007-09-04 Harris David N System and method for securing a credit account
US20060173776A1 (en) * 2005-01-28 2006-08-03 Barry Shalley A Method of Authentication
US8996423B2 (en) * 2005-04-19 2015-03-31 Microsoft Corporation Authentication for a commercial transaction using a mobile module
CA2624981C (en) * 2005-10-06 2017-06-13 C-Sam, Inc. Three-dimensional transaction authentication
US7783564B2 (en) * 2006-07-25 2010-08-24 Visa U.S.A. Inc. Compliance control in a card based program
US8380177B2 (en) * 2010-04-09 2013-02-19 Paydiant, Inc. Mobile phone payment processing methods and systems
US8682798B2 (en) * 2010-09-24 2014-03-25 Visa International Service Association Method and system using universal ID and biometrics
US20130346294A1 (en) * 2012-03-21 2013-12-26 Patrick Faith Risk manager optimizer
US20140095404A1 (en) * 2012-05-17 2014-04-03 Daniel Emanuel Hines System and Method for Social Giving
US9098687B2 (en) * 2013-05-03 2015-08-04 Citrix Systems, Inc. User and device authentication in enterprise systems
US20150161596A1 (en) * 2013-12-05 2015-06-11 Alliance Messaging Limited Token used in lieu of account identifier

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050027543A1 (en) * 2002-08-08 2005-02-03 Fujitsu Limited Methods for purchasing of goods and services
US20090106556A1 (en) * 2007-10-19 2009-04-23 Memory Experts International Inc. Method of providing assured transactions using secure transaction appliance and watermark verification

Also Published As

Publication number Publication date
JP2018533144A (ja) 2018-11-08
KR20180073550A (ko) 2018-07-02
US11328299B2 (en) 2022-05-10
CN108352987A (zh) 2018-07-31
CA2995379A1 (en) 2017-02-16
BR112018002841A8 (pt) 2020-11-17
KR102658597B1 (ko) 2024-04-17
EP3335371A4 (en) 2019-02-06
US20180240121A1 (en) 2018-08-23
CO2018002528A2 (es) 2018-07-19
CA2995379C (en) 2023-11-14
BR112018002841A2 (pt) 2019-04-30
AU2016304860A1 (en) 2018-03-29
EP3335371A1 (en) 2018-06-20
MX2018001763A (es) 2019-01-31

Similar Documents

Publication Publication Date Title
US11328299B2 (en) Method and system for transaction authorization based on a parallel autonomous channel multi-user and multi-factor authentication
US12406038B1 (en) Systems and methods for location-binding authentication
US11657396B1 (en) System and method for bluetooth proximity enforced authentication
US10735198B1 (en) Systems and methods for tokenized data delegation and protection
US20170364911A1 (en) Systems and method for enabling secure transaction
JP5147336B2 (ja) エレクトロニック・サービス要求を実行しようとしているユーザを認証するための方法、システム、およびプログラム
JP2022539389A (ja) オンラインおよびハイブリッドカード相互作用を提供するためのシステムおよび方法
US20160286396A1 (en) Security operations for wireless devices
US12165155B2 (en) Dynamic verification method and system for card transactions
US11741472B2 (en) Systems and methods for use in authenticating users to accounts in connection with network transactions
JP2018533144A5 (https=)
US11657389B2 (en) Data input using multi-factor authentication
US11822638B1 (en) Multi-channel authentication using smart cards
US20200226608A1 (en) Dynamic verification method and system for card transactions
TWM539667U (zh) 透過載具線上申請憑證以進行網路交易之系統
CN115935318A (zh) 一种信息处理方法、装置、服务器、客户端及存储介质
US10812459B2 (en) Method for verifying identity during virtualization
TW201824129A (zh) 透過載具線上申請憑證以進行網路交易之系統及其方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16835828

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2018527839

Country of ref document: JP

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2995379

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: MX/A/2018/001763

Country of ref document: MX

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 20187006776

Country of ref document: KR

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2016835828

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2016304860

Country of ref document: AU

Date of ref document: 20160810

Kind code of ref document: A

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112018002841

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 112018002841

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20180209