Online account authentication service

US 20020194138A1
Filed: 05/24/2002
Published: 12/19/2002
Est. Priority Date: 04/24/2000
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating an entity during an on-line transaction by a trusted party comprising:

receiving an identity authenticating password from said entity;

comparing said identity authenticating password against a password previously designated for an account of said entity; and

notifying a third party that said entity is the actual owner of said account when said identity authenticating password received from said entity matches the password that was previously designated for said account, whereby said trusted party authenticates for the benefit of said third party that said entity is the actual owner of said account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder'"'"'s authenticity has been verified. A chip card and the authentication service independently generate cryptograms to match in order for the service to verify that the correct chip card is being used by the cardholder.

335 Citations

21 Claims

1. A method of authenticating an entity during an on-line transaction by a trusted party comprising:
- receiving an identity authenticating password from said entity;
  
  comparing said identity authenticating password against a password previously designated for an account of said entity; and
  
  notifying a third party that said entity is the actual owner of said account when said identity authenticating password received from said entity matches the password that was previously designated for said account, whereby said trusted party authenticates for the benefit of said third party that said entity is the actual owner of said account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 20, 21)
- - 2. A method as recited in claim 1 wherein said trusted party is a financial institution.
  - 3. A method as recited in claim 2 wherein said third party is an online merchant and wherein said account of said entity is maintained by said financial institution, said method further comprising:
    - conducting a financial transaction between said merchant and said entity.
  - 4. A method as recited in claim 1 wherein said entity owns an account of the type selected from the group consisting of retail banking accounts, wholesale banking accounts, medical accounts, insurance accounts, brokerage accounts, and telephone service accounts.
  - 5. A method as recited in claim 1 further comprising:
    - sending a payment authentication request message, which includes a first message extension field, from said third party to said trusted party; and
      
      defining at least one element within said first message extension field that is used to facilitate a non-payment transaction.
  - 6. A method as recited in claim 5 further comprising:
    - sending a payment authentication response message, which includes a second message extension field, from said trusted party to said third party; and
      
      defining at least one element within said second message extension field that is used to facilitate said non-payment transaction.
  - 7. A method as recited in claim 1 wherein said trusted party maintains said account of said entity.
  - 8. A method as recited in claim 1 further comprising:
    - querying an access control server to determine if said account of said entity is enrolled in a payment authentication service.
  - 9. A method as recited in claim 8 further comprising:
    - determining, by said access control server, if said entity account is enrolled by verifying that said entity account is contained in a database of enrolled entity accounts.
  - 10. A method as recited in claim 1 further comprising:
    - generating a digitally signed transaction receipt using a signature key of said trusted party; and
      
      sending of a digitally signed transaction receipt to said third party, whereby said digitally signed transaction receipt confirms to said third party that the identity of said entity has been authenticated.
  - 11. A method as recited in claim 1 further comprising:
    - sending of a card authentication verification value to said third party, said card authentication verification value containing a unique value for said entity account and a specific transaction, whereby said card authentication verification value uniquely identifies a specific authenticated transaction.
  - 13. An account authentication system as recited in claim 12 wherein said payment authentication request message includes a message extension field, wherein said message extension field defines at least one element that is used to facilitate a non-payment transaction.
  - 14. An account authentication system as recited in claim 12 wherein said trusted party maintains said account of said entity.
  - 15. An account authentication system as recited in claim 12 wherein said trusted party is a financial institution.
  - 16. An account authentication system as recited in claim 15 wherein said third party is an online merchant, whereby said online merchant conducts a financial transaction with said entity, and wherein said account of said entity is maintained by said financial institution.
  - 17. An account authentication system as recited in claim 12 wherein said entity owns an account of the type selected from the group consisting of retail banking accounts, wholesale banking accounts, medical accounts, insurance accounts, brokerage accounts, and telephone service accounts.
  - 18. An account authentication system as recited in claim 12 wherein said access control server is also configured to sign a transaction receipt using a digital signature key and to send the digitally signed transaction receipt to said third party.
  - 20. A method as recited in claim 19 wherein said entity owns an account of the type selected from the group consisting of retail banking accounts, wholesale banking accounts, medical accounts, insurance accounts, brokerage accounts, and telephone service accounts.
  - 21. A method as recited in claim 19 wherein said trusted party maintains said account of said entity.

12. An account authentication system for authenticating an entity with respect to an account during an on-line transaction by a trusted party, the system comprising:
- a trusted party domain including an access control server being configured to receive and verify a password from said entity;
  
  a third party domain including a third-party server, and a third-party plug-in software module contained within said server of said third party, said module configured to send a payment authentication request message to said access control server, said payment authentication request message prompting said access control server to request said password from said customer; and
  
  an interoperability domain including a receipt database that is configured to store receipts for authenticated online transactions, whereby said trusted party authenticates for the benefit of said third party that said entity is the actual owner of said account.

19. A method of authenticating an entity during a non-payment, on-line transaction by a trusted party comprising:
- sending a payment authentication request message, which includes a first message extension field, from said third party to said trusted party;
  
  defining at least one element within said first message extension field that is used to facilitate said non-payment transaction;
  
  receiving an identity authenticating password from said entity;
  
  comparing said identity authenticating password against a password previously designated for an account of said entity;
  
  sending a payment authentication response message, which includes a second message extension field, from said trusted party to said third party;
  
  defining at least one element within said second message extension field that is used to facilitate said non-payment transaction; and
  
  notifying a third party that said entity is the actual owner of said account when said identity authenticating password received from said entity matches the password that was previously designated for said account, whereby said trusted party authenticates for the benefit of said third party that said entity is the actual owner of said account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Dominguez, Benedicto H., Manessis, Thomas J.

Granted Patent

US 8,271,395 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/64
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/027   involving a payment switch ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4014   Identity check for transact...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

Online account authentication service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

335 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Online account authentication service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

335 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links