MOBILE ACCOUNT AUTHENTICATION SERVICE
First Claim
1. A method by which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a requesting party, said method comprising:
- establishing an online, Internet communication connection between said requesting party and an Internet-capable mobile device of said account holder in order to conduct said transaction;
creating an authentication request message at said requesting party;
transmitting said authentication request message to said trusted party via said mobile device of said account holder;
contacting, by said trusted party, said mobile device of said account holder using a telephone number of said mobile device and establishing a text message channel or a voice channel;
receiving an identity-authenticating token from said mobile device over said text message channel or said voice channel;
verifying the identity of said account holder by said trusted party using said identity-authenticating token received from said account holder;
creating an authentication response message at said trusted party;
transmitting said authentication response message to said requesting party via said mobile device of said account holder; and
validating, by said requesting party, that said authentication response message indicates that the identity of said account holder is authenticated, whereby the identity of said account holder is authenticated by said trusted party for said requesting party.
0 Assignments
0 Petitions
Accused Products
Abstract
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as with the use of tokens. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder'"'"'s authenticity has been verified. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages via the Internet are described. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages through voice and messaging channels is also described.
-
Citations
21 Claims
-
1. A method by which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a requesting party, said method comprising:
-
establishing an online, Internet communication connection between said requesting party and an Internet-capable mobile device of said account holder in order to conduct said transaction; creating an authentication request message at said requesting party; transmitting said authentication request message to said trusted party via said mobile device of said account holder; contacting, by said trusted party, said mobile device of said account holder using a telephone number of said mobile device and establishing a text message channel or a voice channel; receiving an identity-authenticating token from said mobile device over said text message channel or said voice channel; verifying the identity of said account holder by said trusted party using said identity-authenticating token received from said account holder; creating an authentication response message at said trusted party; transmitting said authentication response message to said requesting party via said mobile device of said account holder; and validating, by said requesting party, that said authentication response message indicates that the identity of said account holder is authenticated, whereby the identity of said account holder is authenticated by said trusted party for said requesting party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method by which a trusted party authenticates the identity of an account holder during a transaction between said account holder and a requesting party, said method comprising:
-
conducting said transaction between a mobile telephone of said account holder and said requesting party over a first voice channel or by using a first two-way messaging service; sending an authenticating token from said account holder to said requesting party over said first voice channel or by using said first messaging service; sending an authentication request message from said requesting party to said trusted party over the Internet, said request message not being routed through said mobile telephone and including said authenticating token; authenticating, by said trusted party, the identity of said account holder using said authenticating token; and sending an authentication response message from said trusted party to said requesting party over the Internet, said response message not being routed through said mobile telephone; and validating, by said requesting party, that said authentication response message indicates that the identity of said account holder is authenticated, whereby said trusted party authenticates the identity of said account holder for said requesting party. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
Specification