Conducting transactions with dynamic passwords

US 10,395,248 B1
Filed: 08/08/2016
Issued: 08/27/2019
Est. Priority Date: 06/30/2008
Status: Active Grant

First Claim

Patent Images

1. A transaction processing system, the system comprising:

one or more first processors;

first memory configured to be in communication with the one or more processors; and

first computer-executable instructions that, when executed on the one or more processors, perform acts to process a transaction for an item, the acts comprising;

serving, to a computing device comprising one or more second processors, a second memory, a presentation device, and second computer-executable instructions, content for presentation on a page rendered on the presentation device, wherein the page includes the item, and wherein the content includes at least one text box for entering an identifier and a first dynamic password, the first dynamic password comprising a time-based dynamic password that changes after a passage of a predetermined amount of time or a sequence-based dynamic password that changes after a predetermined event;

receiving, over a network from the computing device and by the transaction processing system;

first data comprising a request to conduct the transaction for the item; and

second data comprising the first dynamic password and the identifier, wherein the identifier;

(i) is associated with a payment instrument;

(ii) is free from information identifying the payment instrument; and

(iii) is associated with one or more predefined rules specifying an item category or a transaction amount that is allowed in response to employing the identifier to conduct the transaction, and wherein the second data is received based at least in part on the identifier and the first dynamic password having been entered into the at least one text box;

accessing a second dynamic password accessible by the transaction processing system;

accessing the one or more predefined rules associated with the identifier;

based at least partly on the second dynamic password and the one or more predefined rules, triggering the one or more first processors to perform one of;

approving the transaction based at least partly on;

the first dynamic password matching the second dynamic password, andat least one of an amount of the transaction being at or below the transaction amount specified by a first predefined rule of the one or more predefined rules or an item category of the item matching the item category specified by a second predefined rule of the one or more predefined rules;

declining the transaction based at least in part on at least one of the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the first predefined rule of the one or more predefined rules, or the item category of the item not matching the item category specified by the second predefined rule of the one or more predefined rules;

orimplementing one or more other authorization procedures based at least in part on at least one of the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the first predefined rule of the one or more predefined rules, or the item category of the item not matching the item category specified by the second predefined rule of the one or more predefined rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for conducting transactions with one-time passwords are described herein. These techniques may include receiving a request to conduct a transaction, as well as a one-time password and an identifier linked with a payment instrument. The identifier may or may not identify the linked payment instrument. In both instances, a transaction processing service may compare the received one-time password with a one-time password stored at or accessible by the transaction processing service. If the passwords match, the service may approve the transaction. Otherwise, the service may decline the transaction or implement one or more additional authorization procedures.

Citations

20 Claims

1. A transaction processing system, the system comprising:
- one or more first processors;
  
  first memory configured to be in communication with the one or more processors; and
  
  first computer-executable instructions that, when executed on the one or more processors, perform acts to process a transaction for an item, the acts comprising;
  
  serving, to a computing device comprising one or more second processors, a second memory, a presentation device, and second computer-executable instructions, content for presentation on a page rendered on the presentation device, wherein the page includes the item, and wherein the content includes at least one text box for entering an identifier and a first dynamic password, the first dynamic password comprising a time-based dynamic password that changes after a passage of a predetermined amount of time or a sequence-based dynamic password that changes after a predetermined event;
  
  receiving, over a network from the computing device and by the transaction processing system;
  
  first data comprising a request to conduct the transaction for the item; and
  
  second data comprising the first dynamic password and the identifier, wherein the identifier;
  
  (i) is associated with a payment instrument;
  
  (ii) is free from information identifying the payment instrument; and
  
  (iii) is associated with one or more predefined rules specifying an item category or a transaction amount that is allowed in response to employing the identifier to conduct the transaction, and wherein the second data is received based at least in part on the identifier and the first dynamic password having been entered into the at least one text box;
  
  accessing a second dynamic password accessible by the transaction processing system;
  
  accessing the one or more predefined rules associated with the identifier;
  
  based at least partly on the second dynamic password and the one or more predefined rules, triggering the one or more first processors to perform one of;
  
  approving the transaction based at least partly on;
  
  the first dynamic password matching the second dynamic password, andat least one of an amount of the transaction being at or below the transaction amount specified by a first predefined rule of the one or more predefined rules or an item category of the item matching the item category specified by a second predefined rule of the one or more predefined rules;
  
  declining the transaction based at least in part on at least one of the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the first predefined rule of the one or more predefined rules, or the item category of the item not matching the item category specified by the second predefined rule of the one or more predefined rules;
  
  orimplementing one or more other authorization procedures based at least in part on at least one of the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the first predefined rule of the one or more predefined rules, or the item category of the item not matching the item category specified by the second predefined rule of the one or more predefined rules.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A system as recited in claim 1, wherein:
    - the one or more predefined rules comprise a third predefined rule specifying an allowable vendor in response to employing the identifier to conduct the transaction based on the request to purchase conduct the transaction for the item; and
      
      approving the transaction is further based on an actual vendor associated with the transaction matching the allowable vendor specified by the third predefined rule.
  - 3. A system as recited in claim 1, wherein:
    - the one or more predefined rules comprise a third predefined rule specifying a threshold reputation score that is indicative of a number of previous acceptances of transactions from a transaction requestor; and
      
      approving the transaction is further based on a reputation score associated with a user who submitted the request to conduct the transaction being at or above the threshold reputation score specified by the third predefined rule.
  - 4. A system as recited in claim 1, wherein:
    - the one or more predefined rules comprise a third predefined rule specifying an allowable type of reconciliation activity in response to employing the identifier to conduct the transaction, the allowable type of reconciliation activity comprising one of debiting a transaction account associated with the identifier or crediting a transaction account associated with the identifier; and
      
      approving the transaction is further based on a type of reconciliation activity associated with the transaction matching the allowable type of reconciliation activity specified by the third predefined rule.
  - 5. A system as recited in claim 1, wherein the content comprises a widget, wherein the at least one text box includes a first text box and a second text box, and wherein the second data is received in response to a user entering the identifier into the first text box of the widget and the first dynamic password into the second text box of the widget.

6. A method for processing a transaction comprising:
- serving, to a computing device and by a transaction processing service, content for presentation on a page rendered on a display of the computing device, wherein the page includes an item, and wherein the content includes at least one text box for entering an identifier and a dynamic password, the dynamic password comprising a time-based dynamic password that changes after a passage of a predetermined amount of time or a sequence-based dynamic password that changes after a predetermined eventreceiving, from the computing device and by the transaction processing service, first data comprising a request to purchase the item;
  
  receiving, by the transaction processing service, second data comprising the dynamic password and the identifier, wherein the second data is received based at least in part on the identifier and the dynamic password having been entered into the at least one text box, and wherein the identifier;
  
  associated with a payment instrument;
  
  free from information identifying the payment instrument; and
  
  associated with a predefined rule specifying an allowable vendor in response to employing the identifier to conduct the transaction based on the request to purchase the item;
  
  accessing the predefined rule associated with the identifier;
  
  based at least partly on the dynamic password, the identifier, and an actual vendor associated with the transaction, performing one of;
  
  processing, by the transaction processing service, the request to purchase the item;
  
  declining, by the transaction processing service, the request to purchase the item;
  
  orimplementing, by the transaction processing service, one or more other authorization procedures.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. A method as recited in claim 6, wherein:
    - the predefined rule is a first predefined rule;
      
      the identifier is associated with a second predefined rule specifying a threshold reputation score that is indicative of a number of previous acceptances of transactions from a transaction requestor;
      
      the method further comprises accessing the second predefined rule associated with the identifier; and
      
      processing the request to purchase the item is further based on a reputation score associated with a user who submitted the request to purchase the item being at or above the threshold reputation score specified by the second predefined rule.
  - 8. A method as recited in claim 6, wherein:
    - the predefined rule is a first predefined rule;
      
      the identifier is associated with a second predefined rule specifying an allowable type of reconciliation activity in response to employing the identifier to conduct the transaction, the allowable type of reconciliation activity comprising one of debiting a transaction account associated with the identifier or crediting a transaction account associated with the identifier;
      
      the method further comprises accessing the second predefined rule associated with the identifier; and
      
      processing the request to purchase the item is further based on a type of reconciliation activity associated with the transaction matching the allowable type of reconciliation activity specified by the second predefined rule.
  - 9. A method as recited in claim 6, wherein the content comprises a widget, wherein the at least one text box includes a first text box and a second text box, and wherein the second data is received in response to a user entering the identifier into the first text box of the widget and the dynamic password into the second text box of the widget.
  - 10. A method as recited in claim 6, wherein processing the request to purchase the item based on the dynamic password comprises determining that the dynamic password is valid using a mathematical algorithm.
  - 11. A method as recited in claim 6, wherein:
    - the predefined rule is a first predefined rule;
      
      the identifier is associated with a second predefined rule specifying a transaction amount that is allowed in response to employing the identifier to conduct the transaction;
      
      the method further comprises accessing the second predefined rule associated with the identifier; and
      
      processing the request to purchase the item is further based on an amount of the transaction being at or below the transaction amount specified by the second predefined rule.
  - 12. A method as recited in claim 6, wherein:
    - the predefined rule is a first predefined rule;
      
      the identifier is associated with a second predefined rule specifying an item category that is allowed in response to employing the identifier to conduct the transaction;
      
      the method further comprises accessing the second predefined rule associated with the identifier; and
      
      processing the request to purchase the item is further based on a category of the item matching the item category specified by the second predefined rule.
  - 13. A method as recited in claim 6, wherein the request to purchase the item is received from a user, the method further comprising providing a key fob to the user before the receiving of the second data, the key fob being configured to generate and display the dynamic password.

14. A method comprising:
- serving, to a computing device and by a transaction processing service, content for presentation on a page rendered on a display of the computing device, wherein the content includes at least one text box for entering a dynamic password associated with an identifier, the dynamic password comprising a time-based dynamic password that changes after a passage of a predetermined amount of time or a sequence-based dynamic password that changes after a predetermined event;
  
  receiving, from the computing device and by the transaction processing service, first data associated with a request to conduct a transaction, wherein the request comprises the identifier that is;
  
  associated with a payment instrument;
  
  free from information identifying the payment instrument andassociated with a predefined rule specifying an allowable vendor in response to employing the identifier to conduct the transaction;
  
  receiving second data associated with the dynamic password, wherein the second data is received based at least in part on the dynamic password having been entered into the at least one text box;
  
  accessing the predefined rule associated with the identifier; and
  
  processing, by the transaction processing service, the transaction based at least in part on the identifier, an actual vendor associated with the transaction satisfying the predefined rule, and the dynamic password.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. A method as recited in claim 14, wherein the content comprises a widget, wherein the at least one text box includes a first text box and a second text box, wherein the first data is received in response to a user entering the identifier into the first text box of the widget, and wherein the second data is received in response to the user entering the dynamic password into the second text box of the widget.
  - 16. A method as recited in claim 14, wherein processing the transaction based on the dynamic password comprises determining that the dynamic password is valid using a mathematical algorithm.
  - 17. A method as recited in claim 14, wherein the request to conduct the transaction is received from a user, the method further comprising providing a key fob to the user before the receiving of the second data, the key fob being configured to generate and display the dynamic password.
  - 18. A method as recited in claim 14, wherein:
    - the predefined rule is a first predefined rule;
      
      the identifier is associated with a second predefined rule specifying a threshold reputation score that is indicative of a number of previous acceptances of transactions from a transaction requestor;
      
      the method further comprises accessing the second predefined rule associated with the identifier; and
      
      processing the transaction is further based on a reputation score associated with a user who submitted the request to conduct the transaction being at or above the threshold reputation score specified by the second predefined rule.
  - 19. A method as recited in claim 14, wherein:
    - the predefined rule is a first predefined rule;
      
      the identifier is associated with a second predefined rule specifying an allowable type of reconciliation activity in response to employing the identifier to conduct the transaction, the allowable type of reconciliation activity comprising one of debiting a transaction account associated with the identifier or crediting a transaction account associated with the identifier;
      
      the method further comprises accessing the second predefined rule associated with the identifier; and
      
      processing the transaction is further based on a type of reconciliation activity associated with the transaction matching the allowable type of reconciliation activity specified by the second predefined rule.
  - 20. A method as recited in claim 14, wherein:
    - the predefined rule is a first predefined rule;
      
      the identifier is associated with a second predefined rule specifying an item category that is allowed in response to employing the identifier to conduct the transaction for an item;
      
      the method further comprises accessing the second predefined rule associated with the identifier; and
      
      processing the transaction is further based on a category of the item matching the item category specified by the second predefined rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Agarwal, Amit, Oates, Isaac, Coughlin, Chesley
Primary Examiner(s)
Reagan, James A

Application Number

US15/231,511
Time in Patent Office

1,114 Days
Field of Search

705 44
US Class Current
CPC Class Codes

G06Q 20/102   Bill distribution or payments

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

Conducting transactions with dynamic passwords

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Conducting transactions with dynamic passwords

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links