Mobile account authentication service

US 20030200184A1
Filed: 02/19/2003
Published: 10/23/2003
Est. Priority Date: 04/17/2002
Status: Active Grant

First Claim

Patent Images

1. A method by which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a requesting party, said method comprising:

establishing a communication connection between said requesting party and said account holder in order to conduct said transaction;

creating a condensed payment authentication response message at said trusted party;

transmitting said condensed payment authentication response message to said requesting party via said account holder;

retrieving a first set of data fields from a memory device located at said requesting party;

constructing a complete payment authentication response message at said requesting party by combining said condensed payment authentication response message with said first set of data fields; and

authorizing said transaction between said account holder and requesting party when said complete payment authentication response message indicates that the identity of said account holder is authenticated.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as with the use of tokens. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder'"'"'s authenticity has been verified. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages via the Internet are described. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages through voice and messaging channels is also described.

732 Citations

37 Claims

1. A method by which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a requesting party, said method comprising:
- establishing a communication connection between said requesting party and said account holder in order to conduct said transaction;
  
  creating a condensed payment authentication response message at said trusted party;
  
  transmitting said condensed payment authentication response message to said requesting party via said account holder;
  
  retrieving a first set of data fields from a memory device located at said requesting party;
  
  constructing a complete payment authentication response message at said requesting party by combining said condensed payment authentication response message with said first set of data fields; and
  
  authorizing said transaction between said account holder and requesting party when said complete payment authentication response message indicates that the identity of said account holder is authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as recited in claim 1 further comprising:
    - creating a condensed payment authentication request message at said requesting party;
      
      transmitting said condensed payment authentication request message from said requesting party to said trusted party via said account holder;
      
      receiving an identity authenticating token at said trusted party from said account holder; and
      
      comparing said identity authenticating token against a token previously designated for an account of said account holder wherein said trusted party authenticates the identity of said account holder.
  - 3. A method as recited in claim 1 wherein the memory unit located at the requesting party is a merchant plug-in module.
  - 4. A method as recited in claim 2 further comprising:
    - transmitting a verification of enrollment request message from said requesting to said trusted party wherein said verification of enrollment request message includes an account number of said account holder;
      
      determining, by said trusted party, if an account number of said account holder is contained within a list of enrolled account holders who are capable of being authenticated by said trusted party;
      
      transmitting a verification of enrollment response message from said trusted party to said requesting party through the Internet wherein said verification of enrollment response message indicates if said account number is contained within said list of enrolled account holders; and
      
      including an extension field on said verification of enrollment response message that includes a chain of trusted party digital certificates.
  - 5. A method as recited in claim 2 wherein each of the messages are Internet-based messages that are made up of multiple elements that each have an element name tag, each element name tag having a first tag size, said method further comprising:
    - replacing each of the element name tags with a respective shortened element name tag that has a second tag size, each of the second tag sizes being smaller than its respective first tag size.
  - 6. A method as recited in claim 1 further comprising:
    - creating a copy of said complete payment authentication response message at said trusted party; and
      
      transmitting said copy of said complete payment authentication response message from said trusted party to an authentication history server for archiving purposes.
  - 7. A method as recited in claim 1 wherein said trusted party is a financial institution.
  - 8. A method as recited in claim 1 wherein said requesting party is an online merchant and wherein said account of said account holder is maintained by said trusted party, said method further comprising:
    - conducting a financial transaction between said requesting party and said account holder.

9. An account authentication system in which a trusted party authenticates the identity of an account holder with respect to an account during a transaction between said account holder and a requesting party, the system comprising:
- a requesting party server configured to communicate with said account holder in order to process said transaction;
  
  an access control server controlled by said trusted party, said access control server configured to create a condensed payment authentication response message; and
  
  a requesting party plug-in software module having a requesting party memory unit, said requesting party plug-in module configured to receive said condensed payment authentication response message, to retrieve a first set of data fields from said requesting party memory unit, and to construct a complete payment authentication response message by combining said condensed payment authentication response message with said first set of data fields.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. An account authentication system as recited in claim 9 wherein said requesting party plug-in software module is further configured to create and transmit a condensed payment authentication request message to said access control server.
  - 11. An account authentication system as recited in claim 10 wherein said access control server is further configured to receive an identity authenticating token from said account holder and to authenticate the identity of said account holder based upon said identity authenticating token.
  - 12. An account authentication system as recited in claim 9 further comprising:
    - a verification of enrollment response message that indicates if said account holder is enrolled in an authentication service, said verification of enrollment response message including an extension field that includes a chain of trusted party digital certificates; and
      
      wherein said access control server is configured to transmit said verification of enrollment response message to said requesting party plug-in software module through the Internet.
  - 13. An account authentication system as recited in claim 9 further comprising:
    - an authentication history server configured to receive a copy of said complete payment authentication response message from said access control server.
  - 14. An account authentication system as recited in claim 9 wherein said trusted party is a financial institution and maintains said account of said account holder.
  - 15. An account authentication system as recited in claim 14 wherein said requesting party is an online merchant who conducts a financial transaction with said account holder.

16. A method by which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a requesting party, said method comprising:
- conducting said transaction between said account holder and said requesting party over a first voice or messaging channel;
  
  sending a payment authentication request message from said requesting party to said trusted party over the Internet; and
  
  transmitting an authenticating token from said account holder to said trusted party over said second voice or messaging channel.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 17. A method as recited in claim 16 further comprising:
    - authenticating the identity of said account holder based upon said authenticating token; and
      
      sending a payment authentication response message from said trusted party to said requesting party over the Internet.
  - 18. A method as recited in claim 16 wherein said payment authentication request message is sent directly from said requesting party to said trusted party.
  - 19. A method as recited in claim 18 wherein the operation of sending said payment authentication request message from said requesting party to said trusted party further comprises:
    - constructing a first HTML form containing said payer authentication request message; and
      
      posting said first HTML form directly to said trusted party.
  - 20. A method as recited in claim 17 wherein said payment authentication response message is sent directly from said trusted party to said requesting party.
  - 21. A method as recited in claim 20 wherein the operation of sending said payment authentication response message from said trusted party to said requesting party further comprises:
    - constructing a second HTML form containing said payer authentication response message; and
      
      posting said second HTML form directly to said requesting party.
  - 22. A method as recited in claim 16 wherein said sending of payment authentication request message involves sending said payment authentication request message from said requesting party to a proxy server;
    - and forwarding said payment authentication request message from said proxy server to said access control server.
  - 23. A method as recited in claim 16 wherein sending of payment authentication response message involves sending said payment authentication response message from said trusted party to said proxy server;
    - and forwarding said payment authentication response message from said proxy server to said requesting party.
  - 24. A method as recited in claim 16 wherein said first and second voice or messaging channels are selected from a group consisting of Short Message Service, Unstructured Supplementary Services Data, and Interactive Voice Response.
  - 25. A method as recited in claim 16 further comprising:
    - creating a verification of enrollment request message that includes a query as to said trusted party'"'"'s capability to authenticate the identity of said account holder and information regarding the communications protocol used by a device used by said account holder; and
      
      transmitting said verification of enrollment request message from said requesting party to said trusted party.
  - 26. A method as recited in claim 25 further comprising:
    - creating a verification of enrollment response message that indicates if said trusted party has the capability to authenticate the identity of said account holder; and
      
      transmitting said verification of enrollment response message from said trusted party to said requesting party.
  - 27. A method as recited in claim 16 further comprising:
    - initiating an authorization process for said transaction when said payment authentication response message has successfully authenticated the identity of said account holder.

28. An account authentication system in which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a merchant, said system comprising:
- a merchant server configured to communicate with said account holder in order to process said transaction;
  
  a merchant plug-in software module;
  
  a first HTML form containing said payer authentication request message that is posted over the Internet to said trusted party from said merchant plug-in software module;
  
  a first voice or messaging channel established between said merchant server and said account holder, wherein said first voice or messaging channel is used to conductor said transaction;
  
  an access control server controlled by said trusted party;
  
  a second voice or messaging channel established between said account holder and said access control server; and
  
  an authenticating token that is transmitted from said account holder to said access control server over said second voice or messaging channel, said authenticating token configured to be used by said access control server to authenticate the identity of said account holder.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 29. An account authentication system as recited in claim 28 further comprising:
    - a second HTML form containing said payer authentication response message that is posted over the Internet to said merchant plug-in software module.
  - 30. An account authentication system as recited in claim 28 further comprising:
    - a proxy server that routes said payer authentication request message and said payer authentication response messages between said merchant plug-in software module and said access control server.
  - 31. An account authentication system as recited in claim 28 further comprising:
    - an authentication history server in communication with said access control server; and
      
      a copy of said payer authentication response message, which is sent to said authentication history server to be stored for dispute resolution purposes.
  - 32. An account authentication system as recited in claim 28 wherein said first and second voice or messaging channels are selected from a group consisting of Short Message Service, Unstructured Supplementary Services Data, and Interactive Voice Response.
  - 33. An account authentication system as recited in claim 28 further comprising:
    - a verification of enrollment request message that includes a query as to said trusted party'"'"'s capability to authenticate the identity of said account holder and information regarding the communications protocol used by a device used by said account holder, wherein said verification of enrollment request message is transmitted from said merchant plug-in software module to said trusted party.
  - 34. An account authentication system as recited in claim 33 wherein said verification of enrollment request message further includes an extension field that indicates if said payer authentication request message is to be sent to said access control server directly over the Internet or via said device used by said account holder.
  - 35. An account authentication system as recited in claim 33 wherein said verification of enrollment request message further includes a hash of said account holder'"'"'s phone number, said access control server configured to use said hash to determine if the identity of said account holder can be authenticated.
  - 36. An account authentication system as recited in claim 28 further comprising:
    - verification of enrollment response message that indicates if said trusted party has the capability to authenticate the identity of said account holder, wherein said verification of enrollment response message is transmitted from said trusted party to said merchant plug-in software module.
  - 37. An account authentication system as recited in claim 30 further comprising:
    - verification of enrollment response message that indicates if said trusted party has the capability to authenticate the identity of said account holder, wherein said verification of enrollment response message is transmitted from said trusted party to said merchant plug-in software module, and wherein said verification of enrollment response message includes an extension field that specifies the URL of said proxy server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Reno, James Donald, Dominguez, Benedicto H., Roth, Janet T., Manessis, Thomas J., Caillon, Pascal Achille, Spielman, Jason, Spielman, Terence

Granted Patent

US 7,707,120 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/78
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/347   Passive cards

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 20/425   using two different network...

G06Q 30/0601   Electronic shopping [e-shop...

G06Q 40/12   Accounting

G07F 7/10   together with a coded signa...

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

G07F 7/1075   PIN is checked remotely

H04L 2463/102   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/166 : at the transport layer

H04L 63/18 : using different networks or...

Y04S 40/20 : Information technology spec...

View All

Mobile account authentication service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

732 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile account authentication service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

732 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links