Microchip-enabled online transaction system

US 20020128977A1
Filed: 09/12/2001
Published: 09/12/2002
Est. Priority Date: 09/12/2000
Status: Abandoned Application

First Claim

Patent Images

1. A microchip-enabled online transaction method, comprising the steps of:

authenticating, by a host system, a user whose communication channel with a merchant, is redirected from said merchant to said host system;

obtaining, by said host system, user'"'"'s transaction account number; and

transmitting transaction information from said host system to said merchant to facilitate a transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A microchip-enabled online transaction system and method that emulates a “card-present” transaction in an online or remote environment by using an improved authentication and transaction system. More specifically, this system uses an authenticating instrument (e.g., smart card), an authenticating instrument reader (e.g., smart card reader), and a user-specific identification signature (e.g., user PIN) to better authenticate an online purchaser. Additionally, this system may also employ techniques (1) for transmitting to a merchant a secondary transaction number in place of the user'"'"'s primary transaction account number, and (2) for automatically filling an online merchant'"'"'s payment and shipping web pages with the appropriate profiled user information.

321 Citations

24 Claims

1. A microchip-enabled online transaction method, comprising the steps of:
- authenticating, by a host system, a user whose communication channel with a merchant, is redirected from said merchant to said host system;
  
  obtaining, by said host system, user'"'"'s transaction account number; and
  
  transmitting transaction information from said host system to said merchant to facilitate a transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 16, 18, 20, 21)
- - 2. The method of claim 1, wherein said user communication channel is facilitated with a user system comprising (1) a computer that is configured to access a computerized network, and (2) an authentication instrument reader.
  - 3. The method of claim 2, the authenticating step further comprising the steps of:
    - issuing a challenge string to said user;
      
      prompting said user to (1) initiate communication between an authentication instrument and said authentication instrument reader, and (2) communicate a user-specific identification signature;
      
      receiving from said user (1) a digital certificate containing information which identifies said authentication instrument, and (2) a signed challenge string which identifies said user; and
      
      verifying that said user is authorized to use said transaction account number associated with said authentication instrument.
  - 4. The method of claim 1, wherein the authentication instrument is any microchip-enabled device.
  - 5. The method of claim 1, wherein the authentication instrument is a smart card.
  - 6. The method of claim 1, wherein the authentication instrument reader is any reader capable of reading a microchip-enabled device.
  - 7. The method of claim 1, wherein the authentication instrument reader is a smart card reader.
  - 8. The method of claim 1, further comprising the step of generating a secondary transaction number and associating said secondary transaction number with said transaction account number, wherein said transaction information provided to said merchant comprises said secondary transaction number instead of said transaction account number.
  - 9. The method of claim 1, further comprising the following steps:
    - profiling a plurality of merchant websites to determine transaction fields that are required to complete transactions with each of said plurality of merchants; and
      
      storing profiles for said plurality of merchants in a merchant profile database.
  - 10. The method of claim 9, further comprising the following steps:
    - retrieving from said merchant profile database, said merchant transaction fields required to complete a transaction with said user; and
      
      retrieving from a user profile database, user profile information corresponding to said merchant transaction fields, wherein said transaction information provided to said merchant comprises said retrieved user profile information.
  - 11. The method of claim 10, wherein said merchant transaction fields comprise a transaction number, a transaction number expiration date, and an authorized user name.
  - 13. The method of claim 12, wherein the authentication instrument is a smart card, the authentication instrument reader is a smart card reader, and the user-specific identification signature is a personal identification number or password.
  - 15. The method of claim 14, further comprising the steps of:
    - configuring an online shopping website that allows users to browse said website with a web browser and select goods or services for purchase; and
      
      upon user'"'"'s selection of at least one good or service, presenting said user with a checkout page and prompting said user for payment and delivery information.
  - 16. The method of claim 15, further comprising the step of providing said host system with payment and delivery fields required to complete a transaction with said merchant.
  - 18. The method of claim 17, wherein the authentication instrument is a smart card, the authentication instrument reader is a smart card reader, and the user-specific identification signature is a personal identification number or password.
  - 20. The computerized host system of claim 19, further comprising:
    - a secondary transaction server that is configured to (1) generate a secondary transaction number, and (2) associate said secondary transaction number with a user'"'"'s transaction account number.
  - 21. The computerized host system of claim 19, further comprising:
    - a wallet server that maintains data relating to said user, wherein said wallet server is configured to interact with said authentication server and said secondary transaction server in order to provide data to complete merchant payment and delivery fields as appropriate to facilitate a transaction for said user.

12. A computer-implemented online user authentication method, comprising the steps of:
- determining, by a merchant, the presence of an authentication instrument reader on a user'"'"'s computer system;
  
  redirecting said user from a merchant website to a host system website;
  
  issuing, by said host system, a challenge string to said user;
  
  prompting said user to cause an authenticating instrument to communicate with said authenticating instrument reader;
  
  prompting said user to provide a user-specific identification signature;
  
  receiving, from said user, a digital certificate that is associated with a transaction account number and a signed challenge string; and
  
  comparing said digital certificate and said signed challenge with host system data to determine if said user is authorized to use said transaction account number.

14. A microchip-enabled online transaction method, comprising the steps of:
- recognizing the presence of an authentication instrument reader on said user system when said user is browsing a merchant website;
  
  upon recognizing the presence of said authentication instrument reader on the user system, posting a hyperlink button to said user'"'"'s browser, where upon selection of said hyperlink button by said user, redirecting said user'"'"'s browser to a host system website; and
  
  receiving user transaction data from said host system to facilitate a transaction with said user.

17. A microchip-enabled online transaction method, comprising the steps of:
- ascertaining (1) an authentication instrument that is associated with a primary transaction account, and (2) a user-specific identification;
  
  browsing a merchant'"'"'s website for goods or services;
  
  selecting a product or service to purchase;
  
  clicking on a hyperlink button that redirects a user'"'"'s browser to a host system website and causing a host system to request user authentication information; and
  
  responding to said host system request by facilitating the communication of said authentication instrument with an authentication instrument reader and providing said user-specific identification signature.

19. A computerized host system configured to facilitate a microchip-enabled online transaction, comprising:
- a web server for maintaining a host system website; and
  
  an authentication server configured to receive a digital certificate and a signed challenge string in order to determine if said user is authorized to use a particular transaction account number.

22. A microchip-enabled online transaction method, comprising the steps of:
- profiling a plurality of merchant websites to determine the appropriate transaction fields for completing transactions with each of said plurality of merchant websites;
  
  storing in a host system profile database said profile for each of said plurality of merchant websites;
  
  communicating with a user system over the internet, wherein upon establishing said communication with said user system, it is determined that a user desires to complete a transaction with a particular merchant;
  
  recognizing the presence of a smart card reader on said user system;
  
  prompting said user to cause user'"'"'s smart card to communicate with said smart card reader;
  
  issuing to said user a challenge string;
  
  prompting said user to enter a user-specific passcode;
  
  receiving a smart card-specific digital certificate;
  
  receiving a signed challenge string;
  
  comparing said smart card-specific digital certificate and said signed challenge string to facilitate two-factor authentication to verify that said user is authorized to use a transaction account number;
  
  generating a secondary transaction number and associating said secondary transaction number with said transaction account number; and
  
  providing said secondary transaction number to a merchant to facilitate the completion of a transaction between said user and said merchant.

23. A microchip-enabled online transaction method, comprising the steps of:
- authenticating a user whose web browser was redirected from a merchant website to a host system website;
  
  retrieving from a host system database a transaction account number associated with said user;
  
  generating a secondary transaction number and associating said secondary transaction number with said transaction account number; and
  
  transmitting information comprising the secondary transaction number to said merchant in order to facilitate a transaction.

24. A microchip-enabled online transaction system and method, comprising the steps of:
- configuring a merchant website to send an applet to a user system to determine if said user system is configured with a host system authentication instrument reader and software;
  
  posting to a user'"'"'s web browser a hyperlink button capable of redirecting a user from said merchant website to a host system website in order to facilitate user authentication;
  
  receiving from said host system transaction data associated with said user; and
  
  completing said transaction with said user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Stern, Geoffrey, Nambiar, Anant

Application Number

US09/952,490
Publication Number

US 20020128977A1
Time in Patent Office

Days
Field of Search
US Class Current

705/64
CPC Class Codes

G06F 21/34   involving the use of extern...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/382   insuring higher security of...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/385   using an alias or single-us...

G06Q 20/388   using mutual authentication...

G06Q 20/40975   using encryption therefor

G06Q 30/06   Buying, selling or leasing ...

G07F 7/1008   Active credit-cards provide...

Microchip-enabled online transaction system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

321 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Microchip-enabled online transaction system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

321 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others