ONLINE PAYER AUTHENTICATION SERVICE

US 20080301056A1
Filed: 02/20/2008
Published: 12/04/2008
Est. Priority Date: 04/24/2000
Status: Abandoned Application

First Claim

Patent Images

1-2. -2. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder'"'"'s authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.

155 Citations

View as Search Results

19 Claims

1-2. -2. (canceled)

3. In an online transaction system including an account holder, a merchant, and an authentication service, a method for authenticating the merchant that the account holder is authorized to use a payment instrument as part of an online transaction, wherein the method comprises:
- receiving a request to verify that the account holder is authorized to use the payment instrument;
  
  determining whether the account holder has access to a secret code, wherein the secret code is sent by the account holder only to a third party, wherein the third party can be the authentication service, and wherein access to the secret code verifies authority to use the payment instrument; and
  
  transmitting to the merchant an authorization message including whether the account holder is authorized to use the payment instrument,wherein the transmitting step is responsive to a determination of whether the account holder has access to the secret code.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10)
- - 4. The method of claim 3, wherein the authentication service further performs the step of:
    - applying account holder profile information to the online transaction.
  - 5. The method of claim 3, wherein the authentication service further performs the step of:
    - storing a transaction receipt.
  - 6. The method of claim 3 further comprising, prior to the online transaction, the authentication service performing the steps of:
    - receiving a confirmation information which enables the authentication service to determine whether the account holder has access to the secret code; and
      
      storing the confirmation information,wherein the step of determining whether the account holder has access to the secret code comprises;
      
      retrieving the confirmation information; and
      
      using the confirmation information to determine whether the account holder has access to the secret code.
  - 7. The method of claim 3, wherein the step of receiving a request to verify that the account holder is authorized to use the payment instrument includes:
    - receiving the request as a result of an offer from the account holder to use the payment instrument.
  - 8. The method of claim 3, wherein the online transaction system is an internet HTTP-based web system.
  - 9. The method of claim 8, wherein the step of determining whether the account holder has access to the secret code comprises:
    - transmitting to the account holder a challenge request requesting proof that the account holder has access to the secret code;
      
      receiving from the account holder a password to prove that the account holder has access to the secret code; and
      
      determining on the basis of the password whether the account holder has access to the secret code.
  - 10. The method of claim 9, wherein the challenge request further comprises:
    - a description of the online transaction for which the payment instrument is to be used; and
      
      a request for the account holder'"'"'s consent to use the payment instrument for the online transaction.

11. A software program product for authenticating to a merchant that an account holder is authorized to use a payment instrument as part of an online transaction, the software executing the steps of:
- receiving a request to verify that the account holder is authorized to use the payment instrument;
  
  determining whether the account holder has access to a secret code, wherein the secret code is sent by the account holder only to a third party, wherein the third party can be an authentication service, and wherein access to the secret code verifies authority to use the payment instrument, andtransmitting to the merchant an authorization message including whether the account holder is authorized to use the payment instrument,wherein the transmitting step is responsive to the determination of whether the account holder has access to the secret code.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The software program product of claim 11, wherein the software further performs the step of:
    - applying account holder profile information to the online transaction.
  - 13. The software program product of claim 11, wherein the software further performs the step of:
    - storing a transaction receipt.
  - 14. The software program product of claim 11, wherein the step of determining whether the account holder has access to the secret code comprises:
    - retrieving the confirmation information; and
      
      using the confirmation information to determine whether the account holder has access to the secret code.
  - 15. The software program product of claim 11, wherein the step of determining whether the account holder has access to the secret code comprises:
    - transmitting to the account holder a challenge request requesting proof that the account holder has access to the secret code;
      
      receiving from the account holder a password to prove that the account holder has access to the secret code; and
      
      determining on the basis of the password whether the account holder has access to the secret code.
  - 16. The software program product of claim 15, wherein the challenge request further comprises:
    - a description of the online transaction for which the payment instrument is to be used; and
      
      a request for the account holder'"'"'s consent to use the payment instrument for the online transaction.

17. A payment authentication system including a merchant and an account holder desiring to use a payment instrument as part of an online transaction with the merchant during the online transaction comprising:
- an authentication service coupled to the merchant, for performing an online transaction, comprising the steps of;
  
  receiving a request to verify that the account holder is authorized to use the payment instrument;
  
  determining whether the account holder has access to a secret code, wherein the secret code is sent by the account holder only to a third party, wherein the third party can be an authentication service, and wherein access to the secret code verifies authority to use the payment instrument; and
  
  transmitting to the merchant an authorization message including whether the account holder is authorized to use the payment instrument,wherein the transmitting step is responsive to the determination of whether the account holder has access to the secret code.
- View Dependent Claims (18, 19)
- - 18. The system of claim 17, wherein the authentication service is further adapted for storing a transaction receipt of use of the payment instrument.
  - 19. The system of claim 17, wherein the authentication service is coupled to the merchant using an internet HTTP-based web system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Benedicto H. Dominguez, Kevin D. Weller, Peter Bray, Peter R. Hill, Stephen W. Ryan, Thomas J. Manessis, Tony D. Lewis
Original Assignee
Benedicto H. Dominguez, Kevin D. Weller, Peter Bray, Peter R. Hill, Stephen W. Ryan, Thomas J. Manessis, Tony D. Lewis
Inventors
Lewis, Tony D., Ryan, Stephen W., Weller, Kevin D., Dominguez, Benedicto H., Bray, Peter, Manessis, Thomas J., Hill, Peter R.

Application Number

US12/034,606
Publication Number

US 20080301056A1
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/027   involving a payment switch ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4014   Identity check for transact...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

ONLINE PAYER AUTHENTICATION SERVICE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

ONLINE PAYER AUTHENTICATION SERVICE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links