Online payer authentication service
First Claim
1. A method for authenticating the identity of a cardholder during an online transaction comprising:
- querying an access control server to determine if said cardholder is enrolled in a payment authentication service;
requesting a password from said cardholder;
verifying said password; and
notifying a merchant of the authenticity of the cardholder if the password entered by said cardholder is verified.
2 Assignments
0 Petitions
Accused Products
Abstract
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder'"'"'s authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.
-
Citations
2 Claims
-
1. A method for authenticating the identity of a cardholder during an online transaction comprising:
-
querying an access control server to determine if said cardholder is enrolled in a payment authentication service;
requesting a password from said cardholder;
verifying said password; and
notifying a merchant of the authenticity of the cardholder if the password entered by said cardholder is verified.
-
-
2. A method for authenticating the identity of a cardholder utilizing a chip card comprising:
-
verifying that said cardholder client device includes a chip card reader;
prompting said cardholder to enter said chip card into said chip card reader;
receiving a chip card cryptogram that was generated by said chip card based upon information in said chip card;
receiving a password entered by said cardholder;
independently generating a second cryptogram based upon information in said chip card;
comparing the chip card cryptogram to the second cryptogram to determine the authenticity of the chip card; and
verifying said password to authenticate the identity of said cardholder.
-
Specification