Online payer authentication service
First Claim
1. A method for authenticating the identity of a cardholder during an online transaction comprising:
- querying an access control server to determine if said cardholder is enrolled in a payment authentication service;
requesting a password from said cardholder;
verifying said password; and
notifying a merchant of the authenticity of the cardholder if the password entered by said cardholder is verified.
1 Assignment
0 Petitions
Accused Products
Abstract
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder'"'"'s authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.
314 Citations
2 Claims
-
1. A method for authenticating the identity of a cardholder during an online transaction comprising:
-
querying an access control server to determine if said cardholder is enrolled in a payment authentication service;
requesting a password from said cardholder;
verifying said password; and
notifying a merchant of the authenticity of the cardholder if the password entered by said cardholder is verified.
-
-
2. A method for authenticating the identity of a cardholder utilizing a chip card comprising:
-
verifying that said cardholder client device includes a chip card reader;
prompting said cardholder to enter said chip card into said chip card reader;
receiving a chip card cryptogram that was generated by said chip card based upon information in said chip card;
receiving a password entered by said cardholder;
independently generating a second cryptogram based upon information in said chip card;
comparing the chip card cryptogram to the second cryptogram to determine the authenticity of the chip card; and
verifying said password to authenticate the identity of said cardholder.
-
Specification
-
- Resources
-
Current AssigneeVisa International Service Association (Visa, Inc.)
-
Original AssigneeVisa International Service Association (Visa, Inc.)
-
InventorsLewis, Tony D., Ryan, Stephen W., Weller, Kevin D., Dominguez, Benedicto H., Bray, Peter, Manessis, Thomas J., Hill, Peter R.
-
Application NumberUS10/384,735Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current705/67CPC Class CodesG06Q 20/02 involving a neutral party, ...G06Q 20/027 involving a payment switch ...G06Q 20/04 Payment circuitsG06Q 20/0855 involving a third partyG06Q 20/12 specially adapted for elect...G06Q 20/341 Active cards, i.e. cards in...G06Q 20/355 Personalisation of cards fo...G06Q 20/367 involving electronic purses...G06Q 20/3674 involving authenticationG06Q 20/382 insuring higher security of...G06Q 20/3829 involving key managementG06Q 20/40 Authorisation, e.g. identif...G06Q 20/4012 Verifying personal identifi...G06Q 20/4014 Identity check for transact...G07F 7/1008 Active credit-cards provide...G07F 7/1016 Devices or methods for secu...
