MOBILE ACCOUNT AUTHENTICATION SERVICE

US 20100063895A1
Filed: 11/12/2009
Published: 03/11/2010
Est. Priority Date: 04/17/2002
Status: Active Grant

First Claim

Patent Images

1. A method by which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a requesting party, said method comprising:

establishing an online, Internet communication connection between said requesting party and an Internet-capable mobile device of said account holder in order to conduct said transaction;

creating an authentication request message at said requesting party;

transmitting said authentication request message to said trusted party via said mobile device of said account holder;

contacting, by said trusted party, said mobile device of said account holder using a telephone number of said mobile device and establishing a text message channel or a voice channel;

receiving an identity-authenticating token from said mobile device over said text message channel or said voice channel;

verifying the identity of said account holder by said trusted party using said identity-authenticating token received from said account holder;

creating an authentication response message at said trusted party;

transmitting said authentication response message to said requesting party via said mobile device of said account holder; and

validating, by said requesting party, that said authentication response message indicates that the identity of said account holder is authenticated, whereby the identity of said account holder is authenticated by said trusted party for said requesting party.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as with the use of tokens. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder'"'"'s authenticity has been verified. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages via the Internet are described. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages through voice and messaging channels is also described.

Citations

21 Claims

1. A method by which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a requesting party, said method comprising:
- establishing an online, Internet communication connection between said requesting party and an Internet-capable mobile device of said account holder in order to conduct said transaction;
  
  creating an authentication request message at said requesting party;
  
  transmitting said authentication request message to said trusted party via said mobile device of said account holder;
  
  contacting, by said trusted party, said mobile device of said account holder using a telephone number of said mobile device and establishing a text message channel or a voice channel;
  
  receiving an identity-authenticating token from said mobile device over said text message channel or said voice channel;
  
  verifying the identity of said account holder by said trusted party using said identity-authenticating token received from said account holder;
  
  creating an authentication response message at said trusted party;
  
  transmitting said authentication response message to said requesting party via said mobile device of said account holder; and
  
  validating, by said requesting party, that said authentication response message indicates that the identity of said account holder is authenticated, whereby the identity of said account holder is authenticated by said trusted party for said requesting party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method as recited in claim 1 wherein said trusted party is an issuer that maintains an account of said account holder, said method further comprising:
    - verifying, by said issuer during a registration process, the identity of said account holder as the owner of said account and designating a registration token for said account; and
      
      comparing said received identity-authenticating token against said registration token previously designated for said account of said account holder, whereby said issuer verifies the identity of said account holder.
  - 3. A method as recited in claim 1 wherein said identity-authenticating token is a password, a response to a question, a cryptogram or a value from a chip card.
  - 4. A method as recited in claim 1 further comprising:
    - transmitting a verification of enrollment request message from said requesting party to said trusted party wherein said verification of enrollment request message includes an account number of said account holder;
      
      determining, by said trusted party, if said account number of said account holder is contained within a list of enrolled account holders who are capable of being authenticated by said trusted party; and
      
      transmitting a verification of enrollment response message from said trusted party to said requesting party through the Internet wherein said verification of enrollment response message indicates if said account number is contained within said list of enrolled account holders.
  - 5. A method as recited in claim 1 wherein each of said request and response messages are Internet-based messages made up of multiple elements that each have an element name tag, each element name tag having a first tag size, said method further comprising:
    - replacing each of the element name tags with a respective shortened element name tag that has a second tag size, each of the second tag sizes being smaller than its respective first tag size.
  - 6. A method as recited in claim 1 wherein said response message is a condensed message, said method further comprising:
    - reconstructing a complete authentication response message at said requesting party by combining said condensed authentication response message with data available at said requesting party; and
      
      validating a digital signature of said complete authentication response message to confirm that the identity of said account holder is authenticated.
  - 7. A method as recited in claim 1 wherein said requesting party is an online merchant, wherein said trusted party is a financial institution, wherein said transaction is a financial transaction and wherein said account of said account holder is maintained by said trusted party.
  - 8. A method as recited in claim 1 wherein said mobile device includes a WAP browser.
  - 9. A method as recited in claim 1 further comprising:
    - redirecting an Internet browser of said Internet-capable mobile device from a web site of said requesting party to an access control server of said trusted party to effect said transmitting of said request message; and
      
      redirecting said Internet browser of said mobile device from said access control server back to said web site of said requesting party to effect said transmitting of said response message.
  - 10. A method as recited in claim 1 further comprising:
    - transmitting said authentication request message and said authentication response message by embedding said messages within markup language forms.
  - 11. A method as recited in claim 1 further comprising:
    - performing said steps of transmitting and said step of verifying without the use of any additional software on said mobile device of said account holder relating to said method of authenticating.
  - 12. A method as recited in claim 1 wherein said authentication request message includes a telephone number of said mobile device.

13. A method by which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a requesting party, said method comprising:
- conducting said transaction between a mobile telephone of said account holder and said requesting party over a first voice channel or by using a first two-way messaging service;
  
  sending an authenticating token from said account holder to said requesting party over said first voice channel or by using said first messaging service;
  
  sending an authentication request message from said requesting party to said trusted party over the Internet, said request message not being routed through said mobile telephone and including said authenticating token;
  
  authenticating, by said trusted party, the identity of said account holder using said authenticating token; and
  
  sending an authentication response message from said trusted party to said requesting party over the Internet, said response message not being routed through said mobile telephone; and
  
  validating, by said requesting party, that said authentication response message indicates that the identity of said account holder is authenticated, whereby said trusted party authenticates the identity of said account holder for said requesting party.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. A method as recited in claim 13 wherein said trusted party is an issuer that maintains an account of said account holder, said method further comprising:
    - verifying, by said issuer during a registration process, the identity of said account holder as the owner of said account and designating a registration token for said account; and
      
      authenticating, by said trusted party, the identity of said account holder based upon a comparison of said registration token with said authenticating token.
  - 15. A method as recited in claim 13 wherein said authenticating token is a password, a PIN, a response to a challenge, a cryptogram or a value from a chip card.
  - 16. A method as recited in claim 13 wherein said sending of said authentication request message includessending said authentication request message from said requesting party to a proxy server;
    - andforwarding said authentication request message from said proxy server to said access control server, whereby security of said requesting party is increased.
  - 17. A method as recited in claim 16 wherein sending of said authentication response message includessending said authentication response message from said trusted party to said proxy server;
    - andforwarding said authentication response message from said proxy server to said requesting party, whereby security of said trusted party is increased.
  - 18. A method as recited in claim 13 further comprising:
    - creating a verification of enrollment request message that includes a query as to said trusted party'"'"'s capability to authenticate the identity of said account holder; and
      
      transmitting said verification of enrollment request message from said requesting party to said trusted party.
  - 19. A method as recited in claim 18 further comprising:
    - creating a verification of enrollment response message that indicates whether said trusted party has the capability to authenticate the identity of said account holder; and
      
      transmitting said verification of enrollment response message from said trusted party to said requesting party.
  - 20. A method as recited in claim 13 wherein said requesting party is an online merchant, wherein said trusted party is a financial institution, wherein said transaction is a financial transaction and wherein said account of said account holder is maintained by said trusted party.
  - 21. A method as recited in claim 13 further comprising:
    - performing said method without the use of any additional software on said mobile device of said account holder relating to said method of authenticating.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Caillon, Pascal Achille, Spielman, Jason, Spielman, Terence, Reno, James Donald, Dominguez, Benedicto H., Roth, Janet T., Manessis, Thomas J.

Granted Patent

US 9,769,134 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/26
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/347   Passive cards

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 20/425   using two different network...

G06Q 30/0601   Electronic shopping [e-shop...

G06Q 40/12   Accounting

G07F 7/10   together with a coded signa...

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

G07F 7/1075   PIN is checked remotely

H04L 2463/102   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/166 : at the transport layer

H04L 63/18 : using different networks or...

Y04S 40/20 : Information technology spec...

View All

MOBILE ACCOUNT AUTHENTICATION SERVICE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE ACCOUNT AUTHENTICATION SERVICE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links