System and method for conducting secure payment transaction

US 20050240522A1
Filed: 01/30/2003
Published: 10/27/2005
Est. Priority Date: 01/30/2002
Status: Active Grant

First Claim

Patent Images

1. A method for conducting a payment transaction using payment account identification data associated with a payment account, the method comprising:

a. sending an authentication request message from a user processor to an authentication processor, the authentication request message comprising at least one of a user name, a password, transaction data, and the payment account identification data;

b. authenticating the authentication request message by the authentication processor; and

c. if the authenticating step is successful, performing a first set of steps, the first set of steps comprising the following steps;

i. sending an authentication response message from the authentication processor to the user processor, the authentication response message comprising authentication data, ii. sending from the user processor to a merchant processor at least one of the authentication response message and data derived from the authentication response message, and iii. sending a first authorization request message from the merchant processor to at least one of an acquirer processor and a payment organization processor, the first authorization request message comprising at least one of the authentication data and first data derived from the authentication data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a secure electronic payment system, authentication data based on a payment account (e.g., a credit card account) is sent from an authentication server, through a user'"'"'s Web browser, to a merchant'"'"'s computer. The merchant'"'"'s computer sends the authentication data to a computer operated by the issuer of the payment account, either through a payment organization computer or through an acquirer computer operated by the merchant'"'"'s acquirer. The issuer'"'"'s computer verifies the authorization request message, thereby generating an authorization response message. The authorization response message is forwarded to the merchant'"'"'s computer, either through the payment organization computer or through the acquirer computer. If the authorization response message indicates that the verification was successful, the transaction is completed.

Citations

18 Claims

1. A method for conducting a payment transaction using payment account identification data associated with a payment account, the method comprising:
- a. sending an authentication request message from a user processor to an authentication processor, the authentication request message comprising at least one of a user name, a password, transaction data, and the payment account identification data;
  
  b. authenticating the authentication request message by the authentication processor; and
  
  c. if the authenticating step is successful, performing a first set of steps, the first set of steps comprising the following steps;
  
  i. sending an authentication response message from the authentication processor to the user processor, the authentication response message comprising authentication data, ii. sending from the user processor to a merchant processor at least one of the authentication response message and data derived from the authentication response message, and iii. sending a first authorization request message from the merchant processor to at least one of an acquirer processor and a payment organization processor, the first authorization request message comprising at least one of the authentication data and first data derived from the authentication data.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, further comprising:
    - sending the payment account identification data from the user processor to the merchant processor;
      
      sending an account holder participation request message from the merchant processor to a registration database processor, the registration database processor having access to a registration database, the account holder participation request message comprising at least one of the payment account identification data and data derived from the payment account identification data;
      
      processing the account holder participation request message by the registration database processor to determine whether the payment account is listed in the registration database; and
      
      if the payment account is listed in the registration database, performing a second set of steps, the second set of steps comprising the following steps;
      
      sending an account holder participation response message from the registration database processor to the merchant processor, the account holder participation response message comprising first resource locator data, the first resource locator data indicating a network location of credential collection data, the credential collection data being accessible through a network, sending second resource locator data from the merchant processor to the user processor, the second resource locator data comprising at least one of the first resource locator data and data derived from the first resource locator data, and using the second resource locator data by the user processor to access the credential collection data through the network, wherein the user processor uses the credential collection data to send the authentication request message to the authentication processor in the step of sending the authentication request message.
  - 3. A method according to claim 1, wherein the at least one of the acquirer processor and the payment organization processor comprises the acquirer processor, the first set of steps further comprising:
    - iv. sending a second authorization request message from the acquirer processor to an issuer processor, the second authorization request message comprising at least one of the authentication data and second data derived from the authentication data;
      
      v. verifying at least a portion of the second authorization request message by the issuer processor to generate a first authorization response message, the first authorization response message indicating whether the verifying step was successful;
      
      vi. sending the first authorization response message from the issuer processor to the acquirer processor; and
      
      vii. sending a second authorization response message from the acquirer processor to the merchant processor, the second authorization response message comprising at least one of the first authorization response message and data derived from the first authorization response message, the second authorization response message indicating whether the verifying step was successful.
  - 4. A method according to claim 3, wherein the first set of steps further comprises the following step:
    - viii. if the second authorization response message indicates that the verifying step was successful, providing to a customer at least one of a good and a service.
  - 5. A method according to claim 1, wherein the at least one of the acquirer processor and the payment organization processor comprises the payment organization processor, the first set of steps further comprising:
    - iv. verifying at least a portion of the first authorization request message by at least one of the payment organization processor and an issuer processor to generate an authorization response message, the authorization response message indicating whether the verifying step was successful; and
      
      v. sending the authorization response message from the payment organization processor to the merchant processor.
  - 6. A method according to claim 5, wherein the first set of steps further comprises the following step:
    - vi. if the authorization response message indicates that the verifying step was successful, providing to a customer at least one of a good and a service.

7. A system for conducting a payment transaction using payment account identification data associated with a payment account, the system comprising a processing arrangement configured to perform the steps of:
- a. sending an authentication request message from a user processor to an authentication processor, the authentication request message comprising at least one of a user name, a password, transaction data, and the payment account identification data;
  
  b. authenticating the authentication request message by the authentication processor; and
  
  c. if the authenticating step is successful, performing a first set of steps, the first set of steps comprising the following steps;
  
  i. sending an authentication response message from the authentication processor to the user processor, the authentication response message comprising authentication data, ii. sending from the user processor to a merchant processor at least one of the authentication response message and data derived from the authentication response message, and iii. sending a first authorization request message from the merchant processor to at least one of an acquirer processor and a payment organization processor, the first authorization request message comprising at least one of the authentication data and first data derived from the authentication data.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A system according to claim 7, wherein the processing arrangement is further configured to perform the steps of:
    - sending the payment account identification data from the user processor to the merchant processor;
      
      sending an account holder participation request message from the merchant processor to a registration database processor, the registration database processor having access to a registration database, the account holder participation request message comprising at least one of the payment account identification data and data derived from the payment account identification data;
      
      processing the account holder participation request message by the registration database processor to determine whether the payment account is listed in the registration database; and
      
      if the payment account is listed in the registration database, performing a second set of steps, the second set of steps comprising the following steps;
      
      sending an account holder participation response message from the registration database processor to the merchant processor, the account holder participation response message comprising first resource locator data, the first resource locator data indicating a network location of credential collection data, the credential collection data being accessible through a network, sending second resource locator data from the merchant processor to the user processor, the second resource locator data comprising at least one of the first resource locator data and data derived from the first resource locator data, and using the second resource locator data by the user processor to access the credential collection data through the network, wherein the user processor is configured to use the credential collection data to send the authentication request message to the authentication processor in the step of sending the authentication request message.
  - 9. A system according to claim 7, wherein the at least one of the acquirer processor and the payment organization processor comprises the acquirer processor, the first set of steps further comprising:
    - iv. sending a second authorization request message from the acquirer processor to an issuer processor, the second authorization request message comprising at least one of the authentication data and second data derived from the authentication data;
      
      v. verifying at least a portion of the second authorization request message by the issuer processor to generate a first authorization response message, the first authorization response message indicating whether the verifying step was successful;
      
      vi. sending the first authorization response message from the issuer processor to the acquirer processor; and
      
      vii. sending a second authorization response message from the acquirer processor to the merchant processor, the second authorization response message comprising at least one of the first authorization response message and data derived from the first authorization response message, the second authorization response message indicating whether the verifying step was successful.
  - 10. A system according to claim 9, wherein the first set of steps further comprises the following step:
    - viii. if the second authorization response message indicates that the verifying step was successful, providing to a customer at least one of a good and a service.
  - 11. A system according to claim 7, wherein the at least one of the acquirer processor and the payment organization processor comprises the payment organization processor, the first set of steps further comprising:
    - iv. verifying at least a portion of the first authorization request message by at least one of the payment organization processor and an issuer processor to generate an authorization response message, the authorization response message indicating whether the verifying step was successful; and
      
      v. sending the authorization response message from the payment organization processor to the merchant processor.
  - 12. A system according to claim 11, wherein the first set of steps further comprises the following step:
    - vi. if the authorization response message indicates that the verifying step was successful, providing to a customer at least one of a good and a service.

13. A computer-readable medium for conducting a payment transaction using payment account identification data associated with a payment account, the computer-readable medium having a set of instructions operable to direct at least one processor to perform the steps of:
- a. sending an authentication request message from a user processor to an authentication processor, the authentication request message comprising at least one of a user name, a password, transaction data, and the payment account identification data;
  
  b. authenticating the authentication request message by the authentication processor; and
  
  c. if the authenticating step is successful, performing a first set of steps, the first set of steps comprising the following steps;
  
  i. sending an authentication response message from the authentication processor to the user processor, the authentication response message comprising authentication data, ii. sending from the user processor to a merchant processor at least one of the authentication response message and data derived from the authentication response message, and iii. sending a first authorization request message from the merchant processor to at least one of an acquirer processor and a payment organization processor, the first authorization request message comprising at least one of the authentication data and first data derived from the authentication data.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. A computer-readable medium according to claim 13, wherein the set of instructions is further operable to direct the at least one processor to perform the steps of:
    - sending the payment account identification data from the user processor to the merchant processor;
      
      sending an account holder participation request message from the merchant processor to a registration database processor, the registration database processor having access to a registration database, the account holder participation request message comprising at least one of the payment account identification data and data derived from the payment account identification data;
      
      processing the account holder participation request message by the registration database processor to determine whether the payment account is listed in the registration database; and
      
      if the payment account is listed in the registration database, performing a second set of steps, the second set of steps comprising the following steps;
      
      sending an account holder participation response message from the registration database processor to the merchant processor, the account holder participation response message comprising first resource locator data, the first resource locator data indicating a network location of credential collection data, the credential collection data being accessible through a network, sending second resource locator data from the merchant processor to the user processor, the second resource locator data comprising at least one of the first resource locator data and data derived from the first resource locator data, and using the second resource locator data by the user processor to access the credential collection data through the network, wherein the user processor uses the credential collection data to send the authentication request message to the authentication processor in the step of sending the authentication message.
  - 15. A computer-readable medium according to claim 13, wherein the at least one of the acquirer processor and the payment organization processor comprises the acquirer processor, the first set of steps further comprising:
    - iv. sending a second authorization request message from the acquirer processor to an issuer processor, the second authorization request message comprising at least one of the authentication data and second data derived from the authentication data;
      
      v. verifying at least a portion of the second authorization request message by the issuer processor to generate a first authorization response message, the first authorization response message indicating whether the verifying step was successful;
      
      vi. sending the first authorization response message from the issuer processor to the acquirer processor; and
      
      vii. sending a second authorization response message from the acquirer processor to the merchant processor, the second authorization response message comprising at least one of the first authorization response message and data derived from the first authorization response message, the second authorization response message indicating whether the verifying step was successful.
  - 16. A computer-readable medium according to claim 15, wherein the first set of steps further comprises the following step:
    - viii. if the second authorization response message indicates that the verifying step was successful, providing to a customer at least one of a good and a service.
  - 17. A computer-readable medium according to claim 13, wherein the at least one of the acquirer processor and the payment organization processor comprises the payment organization processor, the first set of steps further comprising:
    - iv. verifying at least a portion of the first authorization request message by at least one of the payment organization processor and an issuer processor to generate an authorization response message, the authorization response message indicating whether the verifying step was successful; and
      
      v. sending the authorization response message from the payment organization processor to the merchant processor.
  - 18. A computer-readable medium according to claim 17, wherein the first set of steps further comprises the following step:
    - vi. if the authorization response message indicates that the verifying step was successful, providing to a customer at least one of a good and a service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Rutherford, Bruce J., Orfet, Stephen W., Kranzley, Arthur D.

Granted Patent

US 7,983,987 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/40
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/102   Bill distribution or payments

G06Q 20/105   involving programming of a ...

G06Q 20/12   specially adapted for elect...

G06Q 20/382   insuring higher security of...

G06Q 20/3827   Use of message hashing

G06Q 20/388   using mutual authentication...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 30/02   Marketing; Price estimation...

G06Q 30/06   Buying, selling or leasing ...

G06Q 30/0601   Electronic shopping [e-shop...

System and method for conducting secure payment transaction

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for conducting secure payment transaction

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links