Online account authentication service
First Claim
1. A method of authenticating an entity during an on-line transaction by a trusted party comprising:
- receiving an identity authenticating password from said entity;
comparing said identity authenticating password against a password previously designated for an account of said entity; and
notifying a third party that said entity is the actual owner of said account when said identity authenticating password received from said entity matches the password that was previously designated for said account, whereby said trusted party authenticates for the benefit of said third party that said entity is the actual owner of said account.
1 Assignment
0 Petitions
Accused Products
Abstract
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder'"'"'s authenticity has been verified. A chip card and the authentication service independently generate cryptograms to match in order for the service to verify that the correct chip card is being used by the cardholder.
335 Citations
21 Claims
-
1. A method of authenticating an entity during an on-line transaction by a trusted party comprising:
-
receiving an identity authenticating password from said entity;
comparing said identity authenticating password against a password previously designated for an account of said entity; and
notifying a third party that said entity is the actual owner of said account when said identity authenticating password received from said entity matches the password that was previously designated for said account, whereby said trusted party authenticates for the benefit of said third party that said entity is the actual owner of said account. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 20, 21)
-
-
12. An account authentication system for authenticating an entity with respect to an account during an on-line transaction by a trusted party, the system comprising:
-
a trusted party domain including an access control server being configured to receive and verify a password from said entity;
a third party domain including a third-party server, and a third-party plug-in software module contained within said server of said third party, said module configured to send a payment authentication request message to said access control server, said payment authentication request message prompting said access control server to request said password from said customer; and
an interoperability domain including a receipt database that is configured to store receipts for authenticated online transactions, whereby said trusted party authenticates for the benefit of said third party that said entity is the actual owner of said account.
-
-
19. A method of authenticating an entity during a non-payment, on-line transaction by a trusted party comprising:
-
sending a payment authentication request message, which includes a first message extension field, from said third party to said trusted party;
defining at least one element within said first message extension field that is used to facilitate said non-payment transaction;
receiving an identity authenticating password from said entity;
comparing said identity authenticating password against a password previously designated for an account of said entity;
sending a payment authentication response message, which includes a second message extension field, from said trusted party to said third party;
defining at least one element within said second message extension field that is used to facilitate said non-payment transaction; and
notifying a third party that said entity is the actual owner of said account when said identity authenticating password received from said entity matches the password that was previously designated for said account, whereby said trusted party authenticates for the benefit of said third party that said entity is the actual owner of said account.
-
Specification