公开(公告)号：US20160210608A1

公开(公告)日：2016-07-21

申请号：US14983080

申请日：2015-12-29

Applicant: MasterCard International Incorporated

Inventor： Robert D. Reany ,  Steve Hubbard ,  Dennis A. Gamiello ,  Janet Marie Smith ,  Gregory D. Williamson

IPC: G06Q20/22 ,  G06Q20/36

CPC classification number: G06Q20/227 ,  G06Q20/36 ,  G06Q20/405

Abstract: A method includes receiving, from a merchant, transaction data and supplemental data relating to a payment account transaction. The method further includes accessing at least one service selection rule. Also, based on the at least one service selection rule and the transaction data and supplemental data, at least one service is selected. The selected service(s) are provided to the merchant in connection with the payment account transaction.

Abstract translation: 一种方法包括从商家接收交易数据和与支付账户交易相关的补充数据。 该方法还包括访问至少一个服务选择规则。 此外，基于至少一个服务选择规则和交易数据和补充数据，选择至少一个服务。 与所述支付账户交易有关的所选服务被提供给商家。

公开(公告)号：US20240127245A1

公开(公告)日：2024-04-18

申请号：US18514416

申请日：2023-11-20

Applicant: MasterCard International Incorporated

Inventor： Craig Gilbert ,  Brian John Piel ,  Gregory D. Williamson

IPC: G06Q20/40

CPC classification number: G06Q20/4014 ,  G06Q20/401 ,  G06Q20/405 ,  G06Q2220/00

Abstract: A cardholder authentication method includes receiving, at an authentication network, an authentication request involving an account. The method further includes determining, based at least in part on a portion of an account identifier associated with said account, an authentication service. In addition, the method includes determining, based at least on said authentication service and a portion of said account identifier, an authentication response. The method also includes transmitting, to a merchant associated with a transaction involving said account, said authentication response.

公开(公告)号：US11823190B2

公开(公告)日：2023-11-21

申请号：US14509247

申请日：2014-10-08

Applicant: MasterCard International Incorporated

Inventor： Craig Gilbert ,  Brian John Piel ,  Gregory D. Williamson

IPC: G06Q20/40

CPC classification number: G06Q20/4014 ,  G06Q20/401 ,  G06Q20/405 ,  G06Q2220/00

Abstract: A cardholder authentication method includes receiving, at an authentication network, an authentication request involving an account. The method further includes determining, based at least in part on a portion of an account identifier associated with said account, an authentication service. In addition, the method includes determining, based at least on said authentication service and a portion of said account identifier, an authentication response. The method also includes transmitting, to a merchant associated with a transaction involving said account, said authentication response.

公开(公告)号：US09704160B2

公开(公告)日：2017-07-11

申请号：US14492337

申请日：2014-09-22

Applicant: MasterCard International Incorporated

Inventor： Ashfaq Kamal ,  Gregory D. Williamson ,  Bob Reany

IPC: G06Q20/32 ,  G06Q20/40 ,  G06Q20/38 ,  G06Q20/22 ,  G06F21/62 ,  G06Q20/24 ,  G06Q20/26

CPC classification number: G06Q20/3829 ,  G06F21/62 ,  G06Q20/24 ,  G06Q20/26 ,  G06Q20/322 ,  G06Q20/3227 ,  G06Q20/40145

Abstract: According to some embodiments, a requesting application executing on a mobile device may request a transport layer security key pair in connection with a payment transaction. Responsive to the request, a trusted execution environment client of the mobile device may route a request to a payment application executing in a secure trusted execution environment of the mobile device. It may then be arranged, within the secure trusted execution environment, to create the transport layer security key pair and provide key pair to the requesting application. Moreover, in some embodiments, the mobile device may transmit payment transaction information to an access control server and receive a request for biometric authentication. It may then be arranged for hardware within the mobile device to biometrically authenticate a user of the mobile device.

公开(公告)号：US20170061441A1

公开(公告)日：2017-03-02

申请号：US14839234

申请日：2015-08-28

Applicant: MasterCard International Incorporated

Inventor： Ashfaq Kamal ,  Bob Reany ,  Gregory D. Williamson

IPC: G06Q20/40

CPC classification number: G06Q20/40145 ,  G06Q20/32 ,  G06Q2220/00

Abstract: A secure on-device cardholder authentication method and system. In an embodiment, a consumer's mobile device uses a mobile application to receive a user authentication request from an entity. A biometric data capture request is then transmitted to a biometric sensor of the mobile device, and a determination made that the mobile application is authorized to use an authenticator API. Next, the mobile device processor prompts the user to provide at least one form of biometric data in accordance with business rules, receives a user authentication response when the user provided biometric data matches locally stored biometric data, generates a positive user authentication response message, and transmits the positive user authentication response message to the entity.

Abstract translation: 安全的设备上的持卡人认证方法和系统。 在一个实施例中，消费者的移动设备使用移动应用从实体接收用户认证请求。 然后将生物特征数据捕获请求发送到移动设备的生物特征传感器，并且确定移动应用被授权使用认证器API。 接下来，移动设备处理器提示用户根据业务规则提供至少一种形式的生物特征数据，当用户提供的生物统计数据与本地存储的生物统计数据匹配时，接收用户认证响应，生成正用户认证响应消息，以及 向实体发送正用户认证响应消息。

公开(公告)号：US20150294313A1

公开(公告)日：2015-10-15

申请号：US14684749

申请日：2015-04-13

Applicant: MasterCard International Incorporated

Inventor： Ashfaq Kamal ,  Gregory D. Williamson ,  Steve Hubbard ,  Bob Reany

IPC: G06Q20/40 ,  G06Q20/32

Abstract: Multi-factor authentication techniques are described that use secure push authentication technology for transactions. An embodiment includes receiving, by an assurance platform operating as an authentication service platform, a user authentication request and transaction data from an access control server (ACS), determining an authentication rule, generating a user validation request message, transmitting the user validation request message to a user mobile device, and receiving user authentication data. The assurance platform then validates the user authentication data, transmits a device authentication request, receives a device authentication response signed with a private key of the user, and authenticates the user based on the device authentication response and private key.

Abstract translation: 描述了使用安全推送认证技术进行交易的多因素认证技术。 一个实施例包括由作为验证服务平台的保证平台从访问控制服务器（ACS）接收用户认证请求和交易数据，确定认证规则，生成用户验证请求消息，发送用户验证请求消息 到用户移动设备，并且接收用户认证数据。 然后，保证平台验证用户认证数据，发送设备认证请求，接收用用户私钥签名的设备认证响应，并根据设备认证响应和私钥认证用户。

公开(公告)号：US11157905B2

公开(公告)日：2021-10-26

申请号：US14839234

申请日：2015-08-28

Applicant: MasterCard International Incorporated

Inventor： Ashfaq Kamal ,  Bob Reany ,  Gregory D. Williamson

IPC: G06Q20/40 ,  G06Q20/32

Abstract: A secure on-device cardholder authentication method and system. In an embodiment, a consumer's mobile device uses a mobile application to receive a user authentication request from an entity. A biometric data capture request is then transmitted to a biometric sensor of the mobile device, and a determination made that the mobile application is authorized to use an authenticator API. Next, the mobile device processor prompts the user to provide at least one form of biometric data in accordance with business rules, receives a user authentication response when the user provided biometric data matches locally stored biometric data, generates a positive user authentication response message, and transmits the positive user authentication response message to the entity.

公开(公告)号：US20160086172A1

公开(公告)日：2016-03-24

申请号：US14492337

申请日：2014-09-22

Applicant: MasterCard International Incorporated

Inventor： Ashfaq Kamal ,  Gregory D. Williamson ,  Bob Reany

IPC: G06Q20/38 ,  G06Q20/32 ,  G06Q20/26 ,  G06Q20/40 ,  G06Q20/24

CPC classification number: G06Q20/3829 ,  G06F21/62 ,  G06Q20/24 ,  G06Q20/26 ,  G06Q20/322 ,  G06Q20/3227 ,  G06Q20/40145

Abstract: According to some embodiments, a requesting application executing on a mobile device may request a transport layer security key pair in connection with a payment transaction. Responsive to the request, a trusted execution environment client of the mobile device may route a request to a payment application executing in a secure trusted execution environment of the mobile device. It may then be arranged, within the secure trusted execution environment, to create the transport layer security key pair and provide key pair to the requesting application. Moreover, in some embodiments, the mobile device may transmit payment transaction information to an access control server and receive a request for biometric authentication. It may then be arranged for hardware within the mobile device to biometrically authenticate a user of the mobile device.

Abstract translation: 根据一些实施例，在移动设备上执行的请求应用可以与支付交易相关联地请求传输层安全密钥对。 响应于该请求，移动设备的可信赖执行环境客户端可以将请求路由到在移动设备的安全可信执行环境中执行的支付应用。 然后，可以在安全的受信任的执行环境内设置创建传输层安全密钥对，并向请求应用提供密钥对。 此外，在一些实施例中，移动设备可以向接入控制服务器发送支付交易信息，并且接收对生物认证的请求。 然后可以将移动设备内的硬件设置为对移动设备的用户进行生物测量认证。

公开(公告)号：US20160005038A1

公开(公告)日：2016-01-07

申请号：US14789361

申请日：2015-07-01

Applicant: MasterCard International Incorporated

Inventor： Ashfaq Kamal ,  Gregory D. Williamson

IPC: G06Q20/40 ,  G06Q20/32

CPC classification number: G06Q20/405 ,  G06Q20/3223 ,  G06Q20/40 ,  G09C1/00

Abstract: Systems and methods for multi-factor user authentication techniques usable in transactions. In some embodiments, an authentication platform receives a request to authenticate a user in conjunction with an online transaction and determines an authentication rule. The authentication platform then transmits an authentication request to the user's mobile device, receives authentication response data from the user mobile device, and authenticates the user in conjunction with the transaction when the authentication response data matches stored user authentication data. An authentication message is then transmitted to the user's mobile device. In some embodiments, the authentication response data is biometric data of the user obtained from at least one authenticator of the user's mobile device.

Abstract translation: 用于交易的多因素用户认证技术的系统和方法。 在一些实施例中，认证平台接收与在线事务一起认证用户的请求，并确定认证规则。 然后，认证平台向用户的移动设备发送认证请求，从用户移动设备接收认证响应数据，并且当认证响应数据与存储的用户认证数据匹配时，结合事务认证用户。 然后将认证消息发送到用户的移动设备。 在一些实施例中，认证响应数据是从用户的移动设备的至少一个认证器获得的用户的生物测定数据。

公开(公告)号：US20150161608A1

公开(公告)日：2015-06-11

申请号：US14509247

申请日：2014-10-08

Applicant: MasterCard International Incorporated

Inventor： Craig Gilbert ,  Brian John Piel ,  Gregory D. Williamson

IPC: G06Q20/40

CPC classification number: G06Q20/4014 ,  G06Q20/401 ,  G06Q20/405

Abstract: A cardholder authentication method includes receiving, at an authentication network, an authentication request involving an account. The method further includes determining, based at least in part on a portion of an account identifier associated with said account, an authentication service. In addition, the method includes determining, based at least on said authentication service and a portion of said account identifier, an authentication response. The method also includes transmitting, to a merchant associated with a transaction involving said account, said authentication response.

Abstract translation: 持卡人认证方法包括在认证网络处接收涉及帐户的认证请求。 该方法还包括至少部分地基于与所述帐户相关联的帐户标识符的一部分来确定认证服务。 此外，该方法包括至少基于所述认证服务和所述帐户标识符的一部分来确定认证响应。 该方法还包括向涉及所述帐户的交易相关联的商家发送所述认证响应。