Mobile account authentication service
First Claim
1. A method by which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a requesting party, said method comprising:
- establishing a communication connection between said requesting party and said account holder in order to conduct said transaction;
creating a condensed payment authentication response message at said trusted party;
transmitting said condensed payment authentication response message to said requesting party via said account holder;
retrieving a first set of data fields from a memory device located at said requesting party;
constructing a complete payment authentication response message at said requesting party by combining said condensed payment authentication response message with said first set of data fields; and
authorizing said transaction between said account holder and requesting party when said complete payment authentication response message indicates that the identity of said account holder is authenticated.
2 Assignments
0 Petitions
Accused Products
Abstract
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as with the use of tokens. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder'"'"'s authenticity has been verified. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages via the Internet are described. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages through voice and messaging channels is also described.
732 Citations
37 Claims
-
1. A method by which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a requesting party, said method comprising:
-
establishing a communication connection between said requesting party and said account holder in order to conduct said transaction;
creating a condensed payment authentication response message at said trusted party;
transmitting said condensed payment authentication response message to said requesting party via said account holder;
retrieving a first set of data fields from a memory device located at said requesting party;
constructing a complete payment authentication response message at said requesting party by combining said condensed payment authentication response message with said first set of data fields; and
authorizing said transaction between said account holder and requesting party when said complete payment authentication response message indicates that the identity of said account holder is authenticated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An account authentication system in which a trusted party authenticates the identity of an account holder with respect to an account during a transaction between said account holder and a requesting party, the system comprising:
-
a requesting party server configured to communicate with said account holder in order to process said transaction;
an access control server controlled by said trusted party, said access control server configured to create a condensed payment authentication response message; and
a requesting party plug-in software module having a requesting party memory unit, said requesting party plug-in module configured to receive said condensed payment authentication response message, to retrieve a first set of data fields from said requesting party memory unit, and to construct a complete payment authentication response message by combining said condensed payment authentication response message with said first set of data fields. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method by which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a requesting party, said method comprising:
-
conducting said transaction between said account holder and said requesting party over a first voice or messaging channel;
sending a payment authentication request message from said requesting party to said trusted party over the Internet; and
transmitting an authenticating token from said account holder to said trusted party over said second voice or messaging channel. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An account authentication system in which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a merchant, said system comprising:
-
a merchant server configured to communicate with said account holder in order to process said transaction;
a merchant plug-in software module;
a first HTML form containing said payer authentication request message that is posted over the Internet to said trusted party from said merchant plug-in software module;
a first voice or messaging channel established between said merchant server and said account holder, wherein said first voice or messaging channel is used to conductor said transaction;
an access control server controlled by said trusted party;
a second voice or messaging channel established between said account holder and said access control server; and
an authenticating token that is transmitted from said account holder to said access control server over said second voice or messaging channel, said authenticating token configured to be used by said access control server to authenticate the identity of said account holder. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
-
Specification