摘要 |
To secure communications in an untrusted environment for a commercial transaction on an account between the account's holder and a merchant, an identifier and a signature can be derived from a token. The identifier is associated by use of a directory with an application context that identifies the account's issuer. The merchant will provide the signature to the account's issuer, or agent thereof, to be verified. In practice, a merchant to the identified issuer of an account an authorization request message for a transaction that includes a signature and an identifier for the account upon which the transaction is to be conducted. The account's issuer responds with an authorization response message that includes an indicator that the signature has been verified. After notice of the signature's verification, the transaction on the account is deemed authorized and the merchant can proceed. |