Transaction system and method

US 20040030659A1
Filed: 08/01/2003
Published: 02/12/2004
Est. Priority Date: 05/25/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method of authenticating a transaction between a purchaser and a merchant on an on-line network, including the steps of:

the purchaser sending a transaction request from a mobile telephone having a SIM card;

receiving said transaction request from said purchaser including unique identification information relating to said purchaser; and

authenticating said transaction request and, if authenticated, providing the purchaser with a transaction number, different from the purchaser'"'"'s credit/debit card number, which the purchaser uses in order to effect the transaction;

wherein said unique identification information relating to the purchase is obtained via said SIM card.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system and method for authenticating a financial transaction on an on-line network, the method involving: receiving a transaction request from a purchaser including unique information relating to the purchaser; authenticating the transaction request, and if authenticated, providing the purchaser with a transaction number, different from the purchaser'"'"'s credit/debit card number, which the purchaser uses in order to effect the financial transaction.

121 Citations

56 Claims

1. A method of authenticating a transaction between a purchaser and a merchant on an on-line network, including the steps of:
- the purchaser sending a transaction request from a mobile telephone having a SIM card;
  
  receiving said transaction request from said purchaser including unique identification information relating to said purchaser; and
  
  authenticating said transaction request and, if authenticated, providing the purchaser with a transaction number, different from the purchaser'"'"'s credit/debit card number, which the purchaser uses in order to effect the transaction;
  
  wherein said unique identification information relating to the purchase is obtained via said SIM card.
- View Dependent Claims (2, 21, 22, 23, 24, 25, 26, 27, 28, 31, 32, 33, 34, 35, 36, 37, 38)
- - 2. A method as claimed in claim 1, wherein the unique identification information relating to the purchase is obtained via said SIM card and a PIN entered by said purchaser.
  - 21. A method as claimed in either claim 1 or 14, including deactivating said transaction number after a predetermined time period, so that said transaction number is made unusable even if not yet used.
  - 22. A method as claimed in any one of claims 1, 14 or 21, wherein said transaction number is selected from an existing set of such transaction numbers.
  - 23. A method as claimed in claim 22, wherein said transaction number is selected from said set of transaction numbers according to either a predetermined selection code or a selection code generated as needed.
  - 24. A method as claimed in claim 22, wherein said set of transaction numbers is specific at any time to a single user.
  - 25. A method as claimed in either claim 1 or 14, wherein, when said request is submitted from a device with a display, said identification information includes one or more hotspots, each hotspot located at a respective predetermined location adjacent to a character of said identification information.
  - 26. A method as claimed in claim 25, wherein each of said hotspots is input by double clicking at said respective predetermined location or by leaving a cursor at said respective predetermined location.
  - 27. A method as claimed in either claim 25 or 26, wherein the respective location of each hotspot is invisible after its entry.
  - 28. A method as claimed in either claim 25 or 26, including receiving said transaction number, modifying said transaction number by adding at least one hotspot to said transaction number, and providing said transaction number so modified to said merchant.
  - 31. A method as claimed in any either claim 1 or 3, wherein said request includes address information and qualifying data, said address information indicative of said purchaser and said qualifying data indicative of a further party.
  - 32. A method as claimed in claim 31, wherein said further party is a customer of said purchaser.
  - 33. A method as claimed in either claim 31 or 32, wherein said address information is fictitious.
  - 34. A method as claimed in either claim 31 or 32, wherein said address information corresponds to a real address.
  - 35. A method as claimed in any one of claims 31 to 34, receiving said address information and said qualifying data are entered into the same input field.
  - 36. A method as claimed in claim 35, including receiving said address information and said qualifying data separated by at least one character.
  - 37. A method as claimed in claim 36, where said address information and said qualifying data are stored in a single database cell.
  - 38. A method as claimed in either claim 36 or 37, where said database cell is stored in a single column in a database.

3. A system for undertaking transactions in an on-line environment, including:
- a plurality of credit or debit cards, such that the cards have identical physical card numbers;
  
  an authentication system for authenticating purchases to be made using any respective one of said cards, said system being operable;
  
  to receive and authenticate unique identification information relating to and provided by the user of said respective card, said unique identification information being not physically associated with said respective said card; and
  
  for a positive authentication, to provide said user with a transaction number to be provided to a merchant as a card number, such that the transaction number is different from the physical card number.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11)
- - 4. A system as claimed in claim 3, wherein the transaction number is randomly generated and only able to be used for a single transaction.
  - 5. A system as claimed in either claim 3 or 4, further including a transaction approval requesting means for transmitting an approval request to a portable device of said user, said approval request comprising a request for an approval response from said device indicative of said user'"'"'s approval of said transaction, whereby said transaction can be disapproved if said approval response if not provided by said user.
  - 6. A system as claimed in claim 5, wherein said approval response comprises any one of said identical physical card number, a regular card number, a personal identification number and a password.
  - 7. A system as claimed in either claim 5 or 6, wherein said device is a mobile telephone.
  - 8. A system as claimed in any one of claims 3 to 7, wherein said plurality of credit cards each includes an off-line credit card number that may only be used for offline credit transactions.
  - 9. A system as claimed in claim 8, wherein said off-line credit card number is stored on said credit card.
  - 10. A system as claimed in claim 9, wherein said off-line credit card number is stored on a magnetic strip on said respective credit card, in a chip embedded on said respective credit card, or both on a magnetic strip on said respective credit card and in a chip embedded on said respective credit card.
  - 11. A system as claimed in any one of claims 8 to 10, wherein each of said credit cards has a separate credit account for on-line transactions and off-line transactions.

12. A method of authenticating a transaction between a purchaser and a merchant on an on-line network, wherein the purchaser is requesting the transaction from a mobile telephone with a SIM card, including the step of:
- authenticating the purchaser'"'"'s credit via said SIM card.
- View Dependent Claims (13, 15)
- - 13. A method as claimed in claim 12, including authenticating the purchaser'"'"'s credit via the SIM card and a unique PIN.
  - 15. A method as claimed in claim 13, wherein said common account or card number is specific to a particular financial institution, or a particular merchant.

14. A method for a purchaser to effect a transaction with a merchant, said method involving:
- said purchaser submitting a request for a transaction number, said request including identification information relating to said purchaser;
  
  said purchaser receiving said transaction number if said request has been authenticated; and
  
  providing said transaction number to said merchant in order to effect the transaction;
  
  wherein said transaction number includes a portion of a genuine account or card number of said purchaser or a portion of a common account or card number of said purchaser.

16. A system for enabling a transaction between a purchaser and a merchant, said system having:
- purchaser authenticating means operable to receive a request for a transaction number from said purchaser via a mobile telephone having a SIM card, said request including identification information derived from said SIM card, and to authenticate said purchaser based on said identification information; and
  
  a transaction number generator operable to generate said transaction number associated with said purchaser for use by said purchaser in effecting said transaction.
- View Dependent Claims (17, 18, 19, 20, 29, 30)
- - 17. A system as claimed in claim 16, wherein the unique identification information relating to the transaction is derived from said SIM card and a PIN provided by said purchaser.
  - 18. A system as claimed in either claim 16 or 17, wherein said transaction number is different from a credit/debit account or card number of said purchaser.
  - 19. A system as claimed in any one of claims 16 to 18, wherein said transaction number includes a portion of a genuine account or card number of said purchaser, or a portion of a common account or card number of said purchaser.
  - 20. A system as claimed in claim 19, wherein said common account or card number is specific to a particular financial institution, or a particular merchant.
  - 29. A system as claimed in either claim 3 or 16, wherein said system is operable to deactivate said transaction number after a predetermined time period, so that said transaction number is made unusable even if not yet used.
  - 30. A system as claimed in any one of claims 3, 16 or 29, wherein said transaction number is selected from an existing set of such transaction numbers.

39. A method of authenticating the identity of a user to a server in an on-line or other telecommunications environment, including the steps of:
- establishing a user account with an associated user identification information and receiving, from said user, a password;
  
  generating a pool of pseudo-passwords on the basis of said password and a code derived from said password;
  
  receiving a log-in request from said user at a user device including said user identification information;
  
  activating a pseudo-password from said pool of pseudo-passwords and generating a set of one or more numbers, wherein one of said set of numbers is derived from said code according to a rule;
  
  transmitting to a user device said set of numbers;
  
  entering said password into said user device and modifying said set of numbers according to said password and an inverse of said rule at said user device to produce a modified set of numbers;
  
  transmitting said modified set of numbers to said server, said modified set of numbers including said code if said password has been entered correctly by said user;
  
  releasing said selected pseudo-password and effecting user log-in if said modified set of numbers includes said code.
- View Dependent Claims (40, 41, 42, 43)
- - 40. A method as claimed in claim 39, wherein said password includes a hotspot with a position in or relative to said password.
  - 41. A method as claimed in claim 40, including locating said code in said set of numbers on the basis of said hotspot position.
  - 42. A method as claimed in either claim 40 or 41, wherein said code is generated from a first hash value derived from said password independent of said position of said hotspot and a second hash value derived from said position of said hotspot.
  - 43. A method as claimed in any one of claims 39 to 42, including generating said code by means of a session specific rule.

44. A method of effecting a transaction between a purchaser and a merchant, involving:
- providing purchaser account information to said merchant;
  
  said merchant requesting transaction approval from a credit issuer or agent thereof;
  
  said credit issuer sending an authentication request to said purchaser; and
  
  said purchaser responding to said authentication request by sending authentication data to said credit issuer;
  
  wherein said authentication data comprises a predetermined first portion of a password or phrase supplied by said purchaser and a requested second portion of said password or phrase.
- View Dependent Claims (46)
- - 46. A method as claimed in either claim 44 or 45, wherein said first portion is delimited by a hotspot previously supplied with said password or phrase by said purchaser.

45. A method of effecting a transaction between a purchaser and a merchant, involving:
- receiving a request for transaction approval from said merchant;
  
  sending an authentication request to said purchaser; and
  
  receiving authentication data from said purchaser;
  
  wherein said authentication data comprises a predetermined first portion of a password or phrase supplied by said purchaser and a requested second portion of said password or phrase.

47. A method of authenticating the identity of a user to a server in an on-line or other telecommunications environment, including the steps of:
- receiving a log-in request from said user including unique information relating to said user;
  
  authenticating the log-in request, and if authenticated, providing said user with a log-in number, which said user uses in order to log-in to said server.

48. A method of authenticating the identity of a user to a server in an on-line or other telecommunications environment, including the steps of:
- sending to a mobile telephone or other portable communications device of said user an authentication request;
  
  deeming user identity verified if said user responds to said request by sending a suitable response from said mobile telephone or other portable communications device.
- View Dependent Claims (49, 50, 51)
- - 49. A method as claimed in claim 48, wherein said server sends said request and receives said response via a gateway corresponding to said mobile telephone or other portable communications device.
  - 50. A method as claimed in claim 49, wherein said gateway is an iWAPGS server.
  - 51. A method as claimed in any one of claims 48 to 50, including requiring that said response be received within a predetermined time after said request is sent and deeming any subsequent response to said request unsuitable.

52. A method of effecting a transaction between a purchaser and a merchant, involving:
- providing purchaser account information to said merchant;
  
  said merchant requesting transaction approval from a credit issuer or agent thereof;
  
  said credit issuer sending an authentication request to said purchaser; and
  
  said purchaser responding to said authentication request by sending authentication data to said credit issuer;
  
  wherein said authentication data comprises a predetermined first portion of a password or phrase supplied by said purchaser and a second portion of said password or phrase, said first portion being submitted over a first channel and second portion being submitted over a second channel distinct from said first channel.
- View Dependent Claims (54, 55, 56)
- - 54. A method as claimed in either claim 52 or 53, wherein said first and second channels are separate portions of a computer screen.
  - 55. A method as claimed in either claim 52 or 53, wherein at least one of said first and second channels comprises a mobile telephone or other portable communications device.
  - 56. A method as claimed in claim 55, wherein said first channel is a mobile telephone or other portable communications device and said second channel is a computer.

53. A method of authenticating the identity of a user, involving:
- said user receiving an authentication request for authentication;
  
  said user responding to said authentication request by submitting authentication data;
  
  wherein said authentication data comprises a predetermined first portion of a password or phrase supplied by said user and a second portion of said password or phrase, said first portion being submitted over a first channel and second portion being submitted over a second channel distinct from said first channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wilson How Kiap Gueh
Original Assignee
Wilson How Kiap Gueh
Inventors
Gueh, Wilson How Kiap

Application Number

US10/296,273
Publication Number

US 20040030659A1
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06Q 20/3674 involving authentication

G06Q 30/06 Buying, selling or leasing ...

Transaction system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

121 Citations

56 Claims

Specification

Solutions

Use Cases

Quick Links

Transaction system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

121 Citations

56 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links