Digital Signature Authentication

US 20080222049A1
Filed: 09/13/2007
Published: 09/11/2008
Est. Priority Date: 02/05/2007
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating an electronic transaction between a consumer and a merchant, wherein the method occurs at the merchant and comprises:

receiving account information associated with an account from the consumer over the Internet, wherein the consumer accesses the Internet using a consumer'"'"'s computer;

confirming enrollment of the account for digital signature authentication from a financial institution;

receiving consumer specific authentication parameters from the financial institution, wherein the consumer specific authentication parameters comprises an authentication scheme;

sending transaction information over the Internet to the consumer'"'"'s computer for a digital signature;

sending the authentication scheme over the Internet to the consumer'"'"'s computer; and

receiving a digital signature from the consumer'"'"'s computer, wherein the digital signature.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A systems and methods for authenticating a consumer with a transaction card using digital signatures according to one embodiment of the invention is disclosed. These systems and methods allow consumers to digitally sign transaction information with a private key. The private key may be used to digitally sign the transaction, for example, through a hosted or local system that protects the integrity of the private key. A financial institution may authenticate the consumer by decrypting the digital signature with a public key.

Citations

25 Claims

1. A method for authenticating an electronic transaction between a consumer and a merchant, wherein the method occurs at the merchant and comprises:
- receiving account information associated with an account from the consumer over the Internet, wherein the consumer accesses the Internet using a consumer'"'"'s computer;
  
  confirming enrollment of the account for digital signature authentication from a financial institution;
  
  receiving consumer specific authentication parameters from the financial institution, wherein the consumer specific authentication parameters comprises an authentication scheme;
  
  sending transaction information over the Internet to the consumer'"'"'s computer for a digital signature;
  
  sending the authentication scheme over the Internet to the consumer'"'"'s computer; and
  
  receiving a digital signature from the consumer'"'"'s computer, wherein the digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein the financial institution is selected from the group consisting of an issuer authentication server (IAS) and a cardholder account directory service (CADS).
  - 3. The method according to claim 1, wherein the confirming enrollment of the consumer'"'"'s account for digital signature authentication further comprises:
    - requesting enrollment confirmation from the financial institution; and
      
      receiving enrollment confirmation from the financial institution.
  - 4. The method according to claim 1, wherein the authentication scheme is a URL that points to a plug-in residing on the consumer'"'"'s computer.
  - 5. The method according to claim 1, wherein the authentication scheme is a URL pointing to a webpage hosted by an issuer authentication server (IAS).
  - 6. The method according to claim 1, wherein the digital signature comprises encrypting transaction information with a private key associated with the authentication scheme.
  - 7. The method according to claim 6, wherein encrypting transaction information comprises encrypting the transaction information using an encryption scheme selected from the group consisting of RSA encryption, the digital signature algorithm, Schnorr signature, Pointcheval-Stem signature algorithm, the Rabin signature algorithm, any of the SHA algorithms, the undeniable signature algorithm, ECDSA, DSA, the ECC algorithm, elliptical curve techniques, Paillier cryptosystem, the EIGamal algorithm, and the Diffie-Hellman key exchange.
  - 8. The method according to claim 1, wherein the authentication scheme includes requiring the consumer to enter information selected from the group consisting of a personal identification number, a password, an answer to a question, a biometric sample, and a PC scan.
  - 9. The method according to claim 1, wherein the transaction information comprises information selected from the group consisting of transaction currency code, transaction amount, transaction ID, transaction reference number, transaction time, transaction ship data, account number, consumer name, and merchant name.
  - 10. The method according to claim 1, further comprising sending the digital signature, and the transaction information to a merchant processor.
  - 11. The method according to claim 1, further comprising creating an ISO 8583 transaction using the digital signature and the transaction information;
    - and sending the ISO 8583 message to a merchant processor.

12. A method for authenticating an electronic transaction between a consumer and a merchant, wherein the method occurs at a consumer'"'"'s computer and comprises:
- enrolling a debit card for digital signature authentication at a financial institution;
  
  initiating a transaction between the consumer and the merchant over the Internet;
  
  selecting a payment scheme that includes payment using the debit card;
  
  receiving a request for a digital signature from the merchant, wherein the request includes transaction information;
  
  receiving an authentication scheme from the merchant;
  
  accessing the authentication scheme;
  
  gaining access to a private key as determined by the authentication scheme;
  
  creating a digital signature by encrypting the transaction information with the private key; and
  
  sending the digital signature to the merchant.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The method according to claim 12, wherein the financial institution is selected from the group consisting of an issuer authentication server (IAS) and a cardholder account directory service (CADS).
  - 14. The method according to claim 12, wherein the authentication scheme is a URL that points to a plug-in residing on the consumer'"'"'s computer system, wherein the plug-in provides access to the private key.
  - 15. The method according to claim 14, wherein the plug-in is operable to open local software on the consumer'"'"'s computer that performs encryption using the private key.
  - 16. The method according to claim 14, wherein the plug-in is operable to interact with a device selected from the group consisting of a biometric scanner and a smartcard reader.
  - 17. The method according to claim 12, wherein the authentication scheme is a URL pointing to a webpage hosted by the IAS, wherein the webpage provides access to the private key.
  - 18. The method according to claim 12, wherein encrypting transaction information comprises encrypting the transaction information using an encryption scheme selected from the group consisting of RSA encryption, the digital signature algorithm, Schnorr signature, Pointcheval-Stem signature algorithm, the Rabin signature algorithm, any of the SHA algorithms, the undeniable signature algorithm, ECDSA, DSA, the ECC algorithm, elliptical curve techniques, Paillier cryptosystem, the EIGamal algorithm, and the Diffie-Hellman key exchange.
  - 19. The method according to claim 12, wherein the consumer gains access to a private key through the authentication scheme.
  - 20. The method according to claim 12, wherein the authentication scheme includes requiring the consumer to enter information selected from the group consisting of a personal identification number, a password, an answer to a question, a biometric sample, and a PC scan.
  - 21. The method according to claim 12, wherein the transaction information comprises information selected from the group consisting of transaction currency code, transaction amount, transaction ID, transaction reference number, transaction time, transaction ship data, account number, consumer name, and merchant name.

22. A system for authenticating an electronic transaction between a consumer and a merchant, wherein the system comprises:
- a merchant system connected to the internet and accessible by a consumer;
  
  a merchant processor adapted to process transactions for the merchant, wherein the merchant processor is in communication with the merchant;
  
  an issuing authentication server (IAS) adapted to host an Internet based authentication scheme for the consumer with enrolled debit cards;
  
  a cardholder account directory service (CADS), wherein the CADS is adapted to provide enrollment information regarding debit cards; and
  
  a financial network, wherein the financial network is adapted to provide communication between the merchant processor, the IAS and the CADS;
  
  wherein;
  
  the merchant receives a request from a consumer to use a debit card for a transaction between the consumer and the merchant;
  
  the merchant requests enrollment information for the debit card used by the consumer from the CADS through the merchant processor;
  
  if the debit card is enrolled, the CADS requests from the IAS a URL pointing to an Internet based authentication scheme for the debit card; and
  
  the URL pointing to an Internet based authentication scheme is sent to the consumer for authentication of the debit card for the transaction.
- View Dependent Claims (23, 24, 25)
- - 23. The method according to claim 22, wherein enrollment information comprises information selected from the group consisting of debit card account number and authentication scheme.
  - 24. The method according to claim 22, wherein the financial network comprises an EFT network.
  - 25. The method according to claim 22, wherein two or more of the merchant processor, the IAS or the CADS are part of the same system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Saville, Julie, Loomis, Nancy

Granted Patent

US 9,418,501 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/75
CPC Class Codes

G06F 16/9566   URL specific, e.g. using al...

G06Q 20/10   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G06Q 20/409   Device specific authenticat...

G07F 7/08   by coded identity card or c...

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

G07F 7/1075   PIN is checked remotely

G07F 7/1091   Use of an encrypted form of...

G07F 7/122   Online card verification

Digital Signature Authentication

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Digital Signature Authentication

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links