Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020112249 - IMPROVEMENTS RELATING TO SECURITY AND AUTHENTICATION OF INTERACTION DATA

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]

CLAIMS

1. A computer-implemented method of authenticating an interaction carried out between a mobile device and a gateway, the method being carried out by an authentication system remote from the mobile device and the gateway, the method comprising the steps of:

receiving one or more first data items from the gateway, the one or more first data items including dynamic data corresponding to one or more second data items uniquely identifying the interaction, wherein one of the second data items corresponds to a portion of a counter value associated with the interaction;

extracting the counter value portion from the dynamic data;

calculating one or more candidate counter values which could correspond to the counter value associated with the interaction;

generating, for each of the one or more candidate counter values, a piece of corresponding candidate dynamic data based on one or more of the other first data items; and

comparing each of the candidate dynamic data to the received dynamic data to ascertain whether a match is obtained.

2. The method of claim 1, further comprising retrieving, from an associated memory of the remote system, a range of possible counter values for use in the calculating step.

3. The method of claim 2, wherein the calculating step is carried out in dependence on a correspondence between the extracted counter value portion and the retrieved range of possible counter values.

4. The method of claim 2 or claim 3, further comprising updating the stored range of possible counter values based on the candidate counter value used to generate the candidate dynamic data for which a match with the received dynamic data is obtained.

5. The method of any preceding claim, wherein the received dynamic data is encrypted, wherein each of the candidate dynamic data pieces

comprises a dynamic cryptogram encrypted using a cryptographic key, the cryptographic key being selected based on the corresponding candidate counter value.

6. A computer-implemented method of generating data for authentication of an interaction carried out between a mobile device and a gateway, the method comprising the steps of:

generating, at the mobile device, one or more first data items corresponding to properties of the interaction, and one or more second data items uniquely identifying the interaction;

generating, at the mobile device, dynamic data based on one or more of the second data items;

altering, at the mobile device, one or more of the first data items using a portion of the dynamic data; and

transmitting, from the mobile device via the gateway, the altered one or more first data items to a remote system for authentication.

7. The method of claim 6, wherein one of the second data items comprises a counter value associated with the interaction, and further wherein generating the dynamic data comprises generating dynamic cryptographic data using the counter value.

8. The method of claim 6 or claim 7, wherein the interaction comprises an online payment transaction, and the gateway corresponds to an online payment gateway associated with a merchant.

9. The method of claim 8, wherein the one or more first data items comprise an expiry date of a payment card used in the payment transaction, and wherein the altering step comprises replacing the expiry date with a portion of the dynamic data.

10. The method of claim 8 or claim 9, wherein the one or more first data items comprise cryptographic data identifying a payment card used in the payment transaction, and wherein the altering step comprising replacing at least a part of the cryptographic data with a portion of the dynamic data.

11. A computer program product comprising instructions which, when the program is executed by a computer, cause the computer to carry out the steps of the method of any one of claims 1 to 10.

12. A computer-readable storage medium comprising instructions which, when executed by a computer, cause the computer to carry out the steps of the method of any one of claims 1 to 10.

13. A mobile device for generating data for authenticating an interaction carried out between a mobile device and a gateway, the mobile device comprising a processor configured with instructions that when executed cause the processor to:

generate one or more first data items corresponding to properties of the interaction, and one or more second data items uniquely identifying the interaction;

generate dynamic data based on the one or more second data items; alter one or more of the first data items using a portion of the generated dynamic data; and

transmit, via the gateway to a remote authentication system, the altered one or more first data items.

14. A system for authenticating an interaction carried out between a mobile device and a gateway, the system comprising:

an input for receiving one or more first data items from the gateway, the one or more first data items including dynamic data corresponding to one or more second data items uniquely identifying the interaction, wherein one of the second data items corresponds to a portion of a counter value associated with the interaction; and a processor configured with instructions that when executed cause the processor to:

extract the counter value portion from the dynamic data; calculate one or more candidate counter values which could correspond to the counter value associated with the interaction;

generate, for each of the one or more candidate counter values, a piece of corresponding candidate dynamic data based on one or more of the other first data items; and

compare each of the candidate dynamic data to the received dynamic data to ascertain whether a match is obtained.

15. A gateway arranged to process an interaction carried out with a mobile device, the gateway comprising:

an input configured to receive, from the mobile device, one or more first data items, the one or more first data items including dynamic data corresponding to one or more second data items uniquely identifying the interaction;

a processor configured with instructions that when executed cause the processor to assess the received one or more first data items in order to verify the interaction; and

an output configured to transmit, to a remote authentication server, the one or more first data items.