| CPC G06Q 20/38215 (2013.01) [G06Q 20/352 (2013.01); G06Q 20/3829 (2013.01); H04L 9/0822 (2013.01); H04L 2209/56 (2013.01)] | 20 Claims |
|
1. An authentication system, comprising:
a server comprising one or more processors coupled to a memory,
wherein the server is configured to:
identify a transaction between an account and a merchant,
compare the transaction with a historical transaction pattern for the account, wherein the transaction is conducted at a time that is inconsistent with the historical transaction pattern,
identify the transaction as high risk based on the comparison,
transmit an authentication request,
receive, responsive to the authentication request, a cryptogram,
generate an authentication diversified key based on a master key and a unique identifier,
generate a session key based on the authentication diversified key,
verify the cryptogram based on the session key using a cryptographic algorithm, and
authorize the transaction based on the verified cryptogram.
|