Some content of this application is unavailable at the moment.
If this situation persist, please contact us atFeedback&Contact
1. (WO2019026038) SYSTEM AND METHOD FOR AUTHENTICATING A TRANSACTION
Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

CLAIMS:

1 . A computer-implemented method conducted at a server computer of an authentication service provider comprising:

receiving an authentication request, the authentication request requesting authentication of a transaction and including transaction details describing the transaction;

obtaining an encryption key being unique to the authentication service provider and a user mobile device;

generating an authentication prompt including at least some of the transaction details; encrypting a payload including the authentication prompt using the encryption key to output an encrypted payload; and,

providing the encrypted payload via a first communication channel to a user for acquisition and decryption by the user mobile device using a decryption key corresponding to the encryption key.

2. The method as claimed in claim 1 , wherein the payload includes a nonce and the authentication prompt for encryption.

3. The method as claimed in claim 1 or claim 2, wherein the first communication channel is established between the server computer and a user communication device, and wherein the first communication channel is a secure communication channel.

4. The method as claimed in claim 3, wherein providing the encrypted payload to the user includes transmitting the encrypted payload to the user communication device via the first communication channel for providing the encrypted payload to the user.

5. The method as claimed in claim 3 or claim 4, wherein the authentication request is received from a transaction service provider facilitating the transaction, wherein the first communication channel is established between the server computer, transaction service provider and the user communication device and wherein providing the encrypted payload to the user includes transmitting the encrypted payload to the transaction service provider for on-forwarding to the user device.

6. The method as claimed in any one of the preceding claims, wherein providing the encrypted payload via the first communication channel includes:

generating a graphical code based on the encrypted payload; and

providing the graphical code for display to the user via the first communication channel.

7. The method as claimed in any one of the preceding claims, wherein obtaining the encryption key includes accessing a mobile device public key stored at the authentication service provider and being uniquely associated with a mobile device private key securely stored in the user mobile device.

8. The method as claimed in claim 7, wherein obtaining the encryption key includes:

obtaining a symmetric key; and,

accessing the mobile device public key and an authentication service provider private key being securely stored at the authentication service provider and being uniquely associated with an authentication service provider public key accessible to the mobile device.

9. The method as claimed in claim 8, wherein encrypting the payload includes:

encrypting the payload using the symmetric key to output a symmetrically encrypted payload;

asymmetrically encrypting the symmetric key using one or both of the mobile device public key and the authentication service provider private key to output an asymmetrically encrypted symmetric key,

wherein the encrypted payload includes the symmetrically encrypted payload and the asymmetrically encrypted symmetric key.

10. The method as claimed in any one of the preceding claims, including:

receiving a validation request including a token based on or including one or both of the transaction details and a nonce;

validating the token; and,

if the token is valid, transmitting an authentication confirmation message confirming authentication of the transaction.

1 1 . The method as claimed in claim 10, wherein the validation request is received via the first communication channel.

12. A computer-implemented method conducted at a user mobile device comprising:

capturing an encrypted payload, the encrypted payload including an authentication prompt relating to authentication of a transaction and including transaction details describing the transaction;

accessing a decryption key for decrypting the encrypted payload, the decryption key corresponding to an encryption key having been used at an authentication service provider to encrypt the payload and being unique to the authentication service provider and the user mobile device;

using the decryption key to decrypt the encrypted payload to obtain the authentication prompt including the transaction details;

displaying, via a display of the user mobile device, the authentication prompt including the transaction details and prompting a user of the user mobile device to authenticate the transaction; and,

providing a token based on or including one or both of the transaction details or a nonce for submission to the authentication service provider.

13. The method as claimed in claim 12, wherein the encrypted payload is provided to the user by a transaction service provider facilitating the transaction, the transaction service provider having received the encrypted payload from the authentication service provider.

14. The method as claimed in claim 12 or claim 13, wherein accessing the decryption key includes accessing a mobile device private key securely stored in the mobile device and uniquely associated with a mobile device public key stored at the authentication service provider in association with the mobile device.

15. The method as claimed in claim 14, wherein accessing the decryption key includes: accessing the mobile device private key and an authentication service provider public key being uniquely associated with an authentication service provider private key securely stored at the authentication service provider.

16. The method as claimed in claim 15, wherein the encrypted payload includes a symmetrically encrypted payload and an asymmetrically encrypted symmetric key, and wherein the method includes asymmetrically decrypting the symmetric key using one or both of the authentication service provider public key and the mobile device private key to output the symmetric key.

17. The method as claimed in claim 16, wherein using the decryption key to decrypt the encrypted payload includes using the output symmetric key to decrypt the symmetrically encrypted payload to obtain the authentication prompt including the transaction details.

18. The method as claimed in any one of claims 12 to 17, wherein the token is based on the nonce, and wherein providing the token includes:

generating the token using the nonce as an input to an algorithm; and,

displaying the token to the user via the display of the user mobile device for submission by the user to the authentication service provider.

19. The method as claimed in any one of claims 12 to 18, wherein the token is based on the transaction details, and wherein providing the token includes:

generating the token using the transaction details as an input to an algorithm; and, displaying the token to the user via the display of the user mobile device for submission by the user to the authentication service provider.

20. The method as claimed in any one of claims 12 to 19, wherein displaying the token to the user includes displaying the token in the prompt together with the transaction details.

21 . A system including a server computer of an authentication service provider including memory for storing computer-readable program code and a processor for executing the computer-readable program code, the server computer comprising:

an authentication request receiving component for receiving an authentication request, the authentication request requesting authentication of a transaction and including transaction details describing the transaction;

an encryption key obtaining component for obtaining an encryption key being unique to the authentication service provider and a user mobile device;

an authentication prompt generating component for generating an authentication prompt including at least some of the transaction details;

an encrypting component for encrypting a payload including the authentication prompt using the encryption key to output an encrypted payload; and,

a prompt providing component for providing the encrypted payload via a first communication channel to a user for acquisition and decryption by the user mobile device using a decryption key corresponding to the encryption key.

22. A system including a user mobile device including memory for storing computer-readable program code and a processor for executing the computer-readable program code, the user mobile device comprising:

a capturing component for capturing an encrypted payload including an authentication prompt relating to authentication of a transaction and including transaction details describing the transaction;

a decryption key accessing component for accessing a decryption key for decrypting the encrypted payload, the decryption key corresponding to an encryption key having been used at an authentication service provider to encrypt the authentication prompt and being unique to the authentication service provider and the user mobile device;

a decryption component for using the decryption key to decrypt the encrypted payload to obtain the authentication prompt including the transaction details;

a display component for displaying, via a display of the user mobile device, the authentication prompt including the transaction details and prompting a user of the user mobile device to authenticate the transaction; and,

a token providing component for providing a token based on or including one or both of the transaction details or a nonce for submission to the authentication service provider.

23. A computer program product comprising a computer-readable medium having stored computer-readable program code for performing the steps of:

receiving an authentication request, the authentication request requesting authentication of a transaction and including transaction details describing the transaction;

obtaining an encryption key being unique to the authentication service provider and a user mobile device;

generating an authentication prompt including at least some of the transaction details; encrypting a payload including the authentication prompt using the encryption key to output an encrypted payload; and,

providing the encrypted payload via a first communication channel to a user for acquisition and decryption by the user mobile device using a decryption key corresponding to the encryption key.

24. A computer program product comprising a computer-readable medium having stored computer-readable program code for performing the steps of:

capturing an encrypted payload, the encrypted payload including an authentication prompt relating to authentication of a transaction and including transaction details describing the transaction;

accessing a decryption key for decrypting the encrypted payload, the decryption key corresponding to an encryption key having been used at an authentication service provider to encrypt the authentication prompt and being unique to the authentication service provider and the user mobile device;

using the decryption key to decrypt the encrypted payload to obtain the authentication

prompt including the transaction details;

displaying, via a display of the user mobile device, the authentication prompt including the transaction details and prompting a user of the user mobile device to authenticate the transaction; and,

providing a token based on or including one or both of the transaction details or a nonce for submission to the authentication service provider.