Online payer authentication service
First Claim
1. A method for authenticating the identity of a cardholder during an online transaction comprising:
- querying an access control server to determine if said cardholder is enrolled in a payment authentication service;
requesting a password from said cardholder;
verifying said password; and
notifying a merchant of the authenticity of the cardholder if the password entered by said cardholder is verified.
2 Assignments
0 Petitions
Accused Products
Abstract
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder'"'"'s authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.
-
Citations
2 Claims
-
1. A method for authenticating the identity of a cardholder during an online transaction comprising:
-
querying an access control server to determine if said cardholder is enrolled in a payment authentication service;
requesting a password from said cardholder;
verifying said password; and
notifying a merchant of the authenticity of the cardholder if the password entered by said cardholder is verified.
-
-
2. A method for authenticating the identity of a cardholder utilizing a chip card comprising:
-
verifying that said cardholder client device includes a chip card reader;
prompting said cardholder to enter said chip card into said chip card reader;
receiving a chip card cryptogram that was generated by said chip card based upon information in said chip card;
receiving a password entered by said cardholder;
independently generating a second cryptogram based upon information in said chip card;
comparing the chip card cryptogram to the second cryptogram to determine the authenticity of the chip card; and
verifying said password to authenticate the identity of said cardholder.
-
Specification
-
- Resources
-
Current AssigneeVisa International Service Association (Visa, Inc.)
-
Original AssigneeVisa International Service Association (Visa, Inc.)
-
InventorsLewis, Tony D., Ryan, Stephen W., Weller, Kevin D., Dominguez, Benedicto H., Bray, Peter, Manessis, Thomas J., Hill, Peter R.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current705/67
-
CPC Class CodesG06Q 20/02 involving a neutral party, ...G06Q 20/027 involving a payment switch ...G06Q 20/04 Payment circuitsG06Q 20/0855 involving a third partyG06Q 20/12 specially adapted for elect...G06Q 20/341 Active cards, i.e. cards in...G06Q 20/355 Personalisation of cards fo...G06Q 20/367 involving electronic purses...G06Q 20/3674 involving authenticationG06Q 20/382 insuring higher security of...G06Q 20/3829 involving key managementG06Q 20/40 Authorisation, e.g. identif...G06Q 20/4012 Verifying personal identifi...G06Q 20/4014 Identity check for transact...G07F 7/1008 Active credit-cards provide...G07F 7/1016 Devices or methods for secu...
