公开(公告)号：US09165130B2

公开(公告)日：2015-10-20

申请号：US13682917

申请日：2012-11-21

Applicant: CA, Inc.

Inventor： Ambarish Malpani ,  Rammohan Varadarajan

IPC: G05B19/00 ,  G06F7/00 ,  G08B29/00 ,  H04B1/00 ,  G06F21/32

CPC classification number: G06F21/32

Abstract: A technique for mapping a biometric credential of a user to a data value such as a key or password. A database stores multiple entries of biometric templates and associated data values for different users. One of the entries is a match for a particular user, and the remaining entries are randomly selected. The number of entries is reasonably large to provide a desired degree of randomness for a given entry, but smaller than a key space of the data values. Based on an input of a biometric sample of the user, a best match is selected from the entries of biometric templates, and the associated data value is used to authenticate the user. Two- or three-factor authentication can be provided. Additional factors can include a password provided by the user and a key which is encrypted by the data value of the matching entry.

Abstract translation: 用于将用户的生物测定凭证映射到诸如密钥或密码的数据值的技术。 数据库存储不同用户的生物识别模板和相关数据值的多个条目。 其中一个条目是特定用户的匹配，其余条目是随机选择的。 条目数量相当大，以便为给定条目提供期望的随机程度，但小于数据值的密钥空间。 基于用户的生物测定样本的输入，从生物测定模板的条目中选择最佳匹配，并且使用相关联的数据值来认证用户。 可以提供两个或三个因素的身份验证。 附加因素可以包括由用户提供的密码和由匹配条目的数据值加密的密钥。

公开(公告)号：US08850218B2

公开(公告)日：2014-09-30

申请号：US14053097

申请日：2013-10-14

Applicant: CA, Inc.

Inventor： Geoffrey R. Hird ,  Rammohan Varadarajan

IPC: H04L9/32 ,  G06F21/34 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L63/0838 ,  G06F21/34 ,  H04L9/0863 ,  H04L9/3228

Abstract: A system and method is provided for generating a one-time passcode (OTP) from a user device. The method includes providing a passcode application and a cardstring defined by a provider account to the user device. The passcode application is configured to generate a passcode configured as a user OTP for the provider account, using the cardstring. The cardstring is defined by at least one key camouflaged with a personal identification number (PIN). The key may be camouflaged by modifying and encrypting the modified key under the PIN. The key may be configured as a symmetric key, a secret, a seed, and a controlled datum. The cardstring may be an EMV cardstring; and the key may be a UDKA or UDKB. The cardstring may be an OTP cardstring, and the key may be a secret configurable to generate one of a HOTP, a TOTP, and a counter-based OTP.

Abstract translation: 提供了一种用于从用户设备生成一次性密码（OTP）的系统和方法。 该方法包括向用户设备提供由提供者帐户定义的密码应用程序和卡片串。 密码应用程序被配置为使用卡片字符串生成配置为提供商帐户的用户OTP的密码。 卡片由至少一个伪装有个人识别号码（PIN）的钥匙定义。 该密钥可能通过修改和加密PIN下的修改密钥来伪装。 密钥可以被配置为对称密钥，秘密，种子和受控的数据。 卡片可能是EMV卡片串; 并且密钥可以是UDKA或UDKB。 卡片可以是OTP卡片，并且密钥可以是可配置的密钥，以生成HOTP，TOTP和基于计数器的OTP之一。

公开(公告)号：US20140068271A1

公开(公告)日：2014-03-06

申请号：US14072392

申请日：2013-11-05

Applicant: CA, Inc.

Inventor： Geoffrey Hird ,  Rammohan Varadarajan ,  James D. Reno

IPC: H04L9/32

CPC classification number: H04L9/3226 ,  G06F21/31 ,  H04L9/0877 ,  H04L9/16 ,  H04L63/0838

Abstract: This invention relates to a method and a system for generating user passcodes for each of a plurality of transaction providers from a mobile user device. A method and system for activating a plurality of passcode generators on a user device configured with a passcode application installed on the user device is provided. Each of the passcode generators may correspond to a different user account or transaction provider, such that each passcode generator provides a user passcode configured for the corresponding account or transaction provider. One or more of the passcode generators may include a passcode generating algorithm and a passcode key. Access to one or more of the passcode generators may require providing a PIN or a challenge.

Abstract translation: 本发明涉及一种用于从移动用户设备为多个交易提供者中的每一个生成用户密码的方法和系统。 提供了一种用于在配置有安装在用户设备上的密码应用的用户设备上激活多个密码生成器的方法和系统。 每个密码生成器可以对应于不同的用户帐户或事务提供者，使得每个密码生成器提供为相应的帐户或交易提供者配置的用户密码。 一个或多个密码生成器可以包括密码生成算法和密码密钥。 访问一个或多个密码生成器可能需要提供PIN或挑战。

公开(公告)号：US20170249633A1

公开(公告)日：2017-08-31

申请号：US15596220

申请日：2017-05-16

Applicant: CA, Inc.

Inventor： Rammohan Varadarajan ,  Ambarish Malpani

IPC: G06Q20/38 ,  G06Q20/40 ,  H04L29/06 ,  H04L9/08 ,  H04L9/32

CPC classification number: G06Q20/3829 ,  G06F21/31 ,  G06F21/335 ,  G06F2221/2103 ,  G06Q20/382 ,  G06Q20/385 ,  G06Q20/40 ,  G06Q20/4014 ,  H04L9/0822 ,  H04L9/321 ,  H04L9/3228 ,  H04L9/3271 ,  H04L63/0838 ,  H04L2209/56 ,  H04L2463/062

Abstract: According to the invention, a method of using a one-time password for a transaction between a user and a merchant is disclosed. The method may include generating the one-time password. The method may also include authenticating the user by the authentication server in response to a request from the user to use the one-time password. The method may further include authorizing the use of the one-time password for the transaction in response to authenticating the user by the authentication server. The method may moreover include using the one-time password in combination with an account number to settle the transaction between the user and the merchant. The method may additionally include sending a message to the authentication server originating from the merchant, wherein the message comprises the one-time password, and wherein the message requests a determination whether the one-time password is authorized for use in the transaction. The method may also include sending a message to the merchant originating from the authentication server, wherein the message includes a determination whether the transaction should be approved in response to the authentication server determining whether the one-time password is authorized for use in the transaction.

公开(公告)号：US20160173321A1

公开(公告)日：2016-06-16

申请号：US14569953

申请日：2014-12-15

Applicant: CA, Inc.

Inventor： Sreenivas Gukal ,  Sanjay Vyas ,  Rammohan Varadarajan

IPC: H04L12/24 ,  H04M15/00 ,  H04W4/00 ,  H04L12/26

CPC classification number: H04L41/064 ,  H04L41/0681 ,  H04L43/067 ,  H04L43/16 ,  H04M15/58 ,  H04M15/8214 ,  H04M15/85 ,  H04W4/24 ,  H04W4/60

Abstract: An application analysis computer obtains reports from user terminals containing application performance metrics and dimensions having values characterizing the applications and the user terminals. Statistics for each different type of the performance metrics across the reports are generated. One of the statistics, for one type of the performance metrics, that has changed at least a threshold amount between two time intervals is identified, and that performance metric is selected for analysis. For each combination of a different type of the characteristic dimensions and a different value among the values occurring for the type of the characteristic dimension, a statistic is generated for the selected type of the performance metrics from the reports. Information is communicated based on an active warning ID that was selected based on being associated with a combination of the type of the characteristic dimension and one of the statistics that changed at least a threshold amount.

Abstract translation: 应用分析计算机从用户终端获取包含具有表征应用和用户终端的值的应用性能度量和维度的报告。 生成报告中每种不同类型的性能指标的统计信息。 识别出在两个时间间隔之间至少改变了阈值量的一种类型的性能度量的统计信息之一，并且选择性能指标用于分析。 对于特征维度的不同类型的每个组合以及针对特征维度类型出现的值中的不同值，从报告中为所选择的性能度量类型生成统计量。 基于与特征维度的类型的组合和至少改变了阈值量的统计信息的组合相关联的活动警告ID来传送信息。

公开(公告)号：US08930273B2

公开(公告)日：2015-01-06

申请号：US14075317

申请日：2013-11-08

Applicant: CA, Inc.

Inventor： Rammohan Varadarajan

IPC: G06Q40/00

CPC classification number: G06Q20/3433 ,  G06Q20/04 ,  G06Q20/32 ,  G06Q20/385 ,  G06Q20/40 ,  G06Q20/4018

Abstract: A method and system is provided for generating a dynamic card value (DCV) from a mobile user device for use in a transaction between a user cardholder and a transaction provider. The DCV may be configured for use as a card verification value (CVV), also known as a card security code (CSC), a primary account number (PAN), or a portion of a PAN. The DCV may be generated using a DCV generator which may include an algorithm and a DCV generation key. The DCV generation key may be camouflaged. Obtaining a DCV from the user device may require inputting a PIN, a device identifier, a challenge or transaction information. The DCV may be used for any transaction requiring the input of a user identification number and a verification value, including, credit card transactions, debit card transactions, online or telephonic transactions.

Abstract translation: 提供了一种用于从移动用户设备生成用于用户持卡人和交易提供商之间的交易中的动态卡值（DCV）的方法和系统。 DCV可以被配置为用作卡验证值（CVV），也称为卡安全码（CSC），主帐号（PAN）或PAN的一部分。 DCV可以使用可以包括算法和DCV生成密钥的DCV生成器来生成。 DCV生成密钥可能被伪装。 从用户设备获取DCV可能需要输入PIN，设备标识符，挑战或交易信息。 DCV可用于需要输入用户识别码和验证值的任何交易，包括信用卡交易，借记卡交易，在线或电话交易。

公开(公告)号：US20160189135A1

公开(公告)日：2016-06-30

申请号：US14092900

申请日：2013-11-27

Applicant: CA, Inc.

Inventor： Geoffrey R. Hird ,  Rammohan Varadarajan

IPC: G06Q20/32

CPC classification number: G06Q20/3224 ,  G06Q20/204 ,  G06Q20/322 ,  G06Q20/3274 ,  G06Q20/3276 ,  G06Q20/3278 ,  G06Q20/351

Abstract: Data is received that corresponds to an image presented at a location of a transaction involving a user device and a terminal device. It is determined that the user device and the terminal device are engaged in the transaction based at least in part on the data and local interactions of a payment device with the terminal device are virtualized based on authenticating the transaction. Virtualizing the interactions can include exchanging messages with the terminal device over a network according to a protocol corresponding to the payment device and the terminal device.

Abstract translation: 接收对应于在涉及用户设备和终端设备的事务的位置处呈现的图像的数据。 至少部分地基于数据来确定用户设备和终端设备参与交易，并且基于认证交易来虚拟化支付设备与终端设备的本地交互。 虚拟化交互可以包括根据对应于支付设备和终端设备的协议通过网络与终端设备交换消息。

公开(公告)号：US09052931B2

公开(公告)日：2015-06-09

申请号：US14195303

申请日：2014-03-03

Applicant: CA, Inc.

Inventor： Venkata Babji Sama ,  Suril Rajul Desai ,  Rammohan Varadarajan

IPC: H04L9/00 ,  G06F9/445 ,  G06F21/00 ,  G06F21/73 ,  H04L29/06 ,  H04L9/32

CPC classification number: G06F9/44505 ,  G06F21/00 ,  G06F21/73 ,  G06F2221/2101 ,  G06F2221/2129 ,  H04L9/3231 ,  H04L63/126 ,  H04L2209/38 ,  H04L2209/56 ,  H04L2209/805

Abstract: A method and system for identifying a machine used for an online session with an online provider includes executing a lightweight fingerprint code from a provider interface during an online session to collect and transmit machine and session information; generating and storing a machine signature or identity including a machine effective speed calibration (MESC) which may be used to identify the machine when the machine is used in a subsequent online session by a method of matching the machine signature and MESC to a database of machine identities, analyzing a history of the machine's online sessions to identify one or more response indicators, such as fraud indicators, and executing one or more responses to the response indicators, such as disabling a password or denying an online transaction, where the response and response indicator may be provider-designated.

Abstract translation: 用于识别用于与在线提供商的在线会话的机器的方法和系统包括：在在线会话期间从提供商接口执行轻量级指纹码，以收集和发送机器和会话信息; 生成和存储包括机器有效速度校准（MESC）的机器签名或身份，当机器在随后的在线会话中被使用时，可以用于识别机器，该方法通过使机器签名和MESC与机器数据库相匹配的方法 身份，分析机器的在线会话的历史以识别一个或多个响应指示符，例如欺诈指示符，以及对响应指示符执行​​一个或多个响应，诸如禁用密码或拒绝在线交易，其中响应和响应 指标可能是供应商指定的。

公开(公告)号：US20140139318A1

公开(公告)日：2014-05-22

申请号：US13682917

申请日：2012-11-21

Applicant: CA, INC.

Inventor： Ambarish Malpani ,  Rammohan Varadarajan

IPC: G06F21/32

CPC classification number: G06F21/32

Abstract: A technique for mapping a biometric credential of a user to a data value such as a key or password. A database stores multiple entries of biometric templates and associated data values for different users. One of the entries is a match for a particular user, and the remaining entries are randomly selected. The number of entries is reasonably large to provide a desired degree of randomness for a given entry, but smaller than a key space of the data values. Based on an input of a biometric sample of the user, a best match is selected from the entries of biometric templates, and the associated data value is used to authenticate the user. Two- or three-factor authentication can be provided. Additional factors can include a password provided by the user and a key which is encrypted by the data value of the matching entry.

Abstract translation: 用于将用户的生物测定凭证映射到诸如密钥或密码的数据值的技术。 数据库存储不同用户的生物识别模板和相关数据值的多个条目。 其中一个条目是特定用户的匹配，其余条目是随机选择的。 条目数量相当大，以便为给定条目提供期望的随机程度，但小于数据值的密钥空间。 基于用户的生物测定样本的输入，从生物测定模板的条目中选择最佳匹配，并且使用相关联的数据值来认证用户。 可以提供两个或三个因素的身份验证。 附加因素可以包括由用户提供的密码和由匹配条目的数据值加密的密钥。

公开(公告)号：US20140067683A1

公开(公告)日：2014-03-06

申请号：US14075317

申请日：2013-11-08

Applicant: CA, Inc.

Inventor： Rammohan Varadarajan

IPC: G06Q20/34

CPC classification number: G06Q20/3433 ,  G06Q20/04 ,  G06Q20/32 ,  G06Q20/385 ,  G06Q20/40 ,  G06Q20/4018

Abstract: A method and system is provided for generating a dynamic card value (DCV) from a mobile user device for use in a transaction between a user cardholder and a transaction provider. The DCV may be configured for use as a card verification value (CVV), also known as a card security code (CSC), a primary account number (PAN), or a portion of a PAN. The DCV may be generated using a DCV generator which may include an algorithm and a DCV generation key. The DCV generation key may be camouflaged. Obtaining a DCV from the user device may require inputting a PIN, a device identifier, a challenge or transaction information. The DCV may be used for any transaction requiring the input of a user identification number and a verification value, including, credit card transactions, debit card transactions, online or telephonic transactions.

Abstract translation: 提供了一种用于从移动用户设备生成用于用户持卡人和交易提供商之间的交易中的动态卡值（DCV）的方法和系统。 DCV可以被配置为用作卡验证值（CVV），也称为卡安全码（CSC），主帐号（PAN）或PAN的一部分。 DCV可以使用可以包括算法和DCV生成密钥的DCV生成器来生成。 DCV生成密钥可能被伪装。 从用户设备获取DCV可能需要输入PIN，设备标识符，挑战或交易信息。 DCV可用于需要输入用户识别码和验证值的任何交易，包括信用卡交易，借记卡交易，在线或电话交易。