Method and System For Dual Layer Authentication For Electronic Payment Request In Online Transactions

US 20100088228A1
Filed: 10/02/2009
Published: 04/08/2010
Est. Priority Date: 10/02/2008
Status: Active Grant

First Claim

Patent Images

1. A method for additional authorisation of an electronic payment request, during a main authorisation process of the electronic payment request for an online purchase by means of a browser, the browser running on a data processing system including proximity based transceiver means, the payment request being made with a payment card configured with details of at least one device in the possession of at least one owner of the card, the method comprising:

suspending the main authorisation process;

the proximity based transceiver means detecting the proximity of at least one portable device with whose details the payment card is configured;

upon detection of at least one portable device establishing a communication session between the data processing system and the detected portable device;

requesting a first code from the detected portable device;

comparing the first code with a predetermined second code;

resuming the main authorisation process in the event the first code substantially matches;

the second code.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Increasing the security of online payment requests by introducing a dual-layer authentication system for accessing the funds and/or credit through payment cards is described. An additional check regarding the identity of a card user to be included within a traditional security protocols for these cards, wherein the additional check is based on an authentication channel which is external to the user'"'"'s card. A device owned by the legitimate card owner certifies that the user of the card at any given instant is the legitimate owner of the card and not someone else. To process this additional information, a connection by means of a proximity based device is established.

Citations

16 Claims

1. A method for additional authorisation of an electronic payment request, during a main authorisation process of the electronic payment request for an online purchase by means of a browser, the browser running on a data processing system including proximity based transceiver means, the payment request being made with a payment card configured with details of at least one device in the possession of at least one owner of the card, the method comprising:
- suspending the main authorisation process;
  
  the proximity based transceiver means detecting the proximity of at least one portable device with whose details the payment card is configured;
  
  upon detection of at least one portable device establishing a communication session between the data processing system and the detected portable device;
  
  requesting a first code from the detected portable device;
  
  comparing the first code with a predetermined second code;
  
  resuming the main authorisation process in the event the first code substantially matches;
  
  the second code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further including:
    - refusing the authorisation in the event the first code does not substantially match the second code;
      
      notifying the at least one owner of the card of the refused authorisation.
  - 3. The method of claim 1 further including:
    - refusing the authorisation in the event the proximity based transceiver means does not detect the proximity of any portable device with whose details the payment card is configured;
      
      notifying the at least one owner of the card of the failed detection.
  - 4. The method of claim 1 wherein the proximity based transceiver means includes a Bluetooth device.
  - 5. The method of claim 4 further configuring the payment card with an International Mobile Equipment Identity (IMEI) code of a mobile phone of the owner of the card;
    - and wherein;
      
      detecting comprises attempting to establish a Bluetooth connection with the mobile phone; and
      
      comparing the first code with a predetermined second code comprises comparing an International Mobile Equipment Identity (IMEI) code retrieved from the mobile phone with the IMEI with which the payment card is configured.
  - 6. The method of claim 1 wherein the proximity based transceiver means includes an RFID device.
  - 7. The method of claim 6 wherein the method comprises configuring the payment card with an identifier of a radio frequency identification tag on the person of an owner of the card;
    - anddetecting comprises attempting to read a code from the radio frequency identification tag.
  - 8. The method of claim 1 wherein the proximity based transceiver means includes an infra-red device.
  - 9. The method of claim 8 wherein the infra-red device includes an Infra-red Data Association (IrDA) connection device.

10. A computer program in a computer storage medium for performing a method of for additional authorisation of an electronic payment request, during a main authorisation process of the electronic payment request for an online purchase by means of a browser, the browser running on a data processing system including proximity based transceiver means, the payment request being made with a payment card configured with details of at least one portable device in the possession of at least one owner of the card, when the computer program is executed on a data processing system, the method comprising:
- suspending the main authorisation process;
  
  the proximity based transceiver means detecting the proximity of at least one portable device with whose details the payment card is configured;
  
  upon detection of at least one portable device establishing a communication session between the data processing system and the detected portable device;
  
  requesting a first code from the detected portable device;
  
  comparing the first code with a predetermined second code;
  
  resuming the main authorisation process in the event the first code subtantially matches the second code.
- View Dependent Claims (11, 12, 13)
- - 11. A computer program product of claim 10, wherein the method further comprises:
    - refusing the authorisation in the event the first code does not substantially match the second code;
      
      notifying the at least one owner of the card of the refused authorisation.
  - 12. The computer program product as claimed in claim 10, wherein the method further comprises:
    - refusing the authorisation in the event the proximity based transceiver means does not detect the proximity of any portable device with whose details the payment card is configured;
      
      notifying the at least one owner of the card of the failed detection.
  - 13. The computer program product as claimed in claim 10, wherein the method further comprisesconfiguring the payment card with an International Mobile Equipment Identity (IMEI) code of a mobile phone of the owner of the card;
    - and wherein;
      
      detecting comprises attempting to establish a Bluetooth connection with the mobile phone; and
      
      comparing the first code with a predetermined second code comprises the step of comparing an International Mobile Equipment Identity (IMEI) code retrieved from the mobile phone with the IMEI with which the payment card is configured.

14. A system for authenticating an electronic payment request, for additional authorisation of an electronic payment request during a main authorisation process of the electronic payment request for an online purchase, the payment request being made with a payment card configured with details of at least one portable device in the possession of at least one owner of the card, the system including:
- a browser for performing online shopping activities, wherein the main authorisation process is suspended;
  
  a proximity based transceiver detecting the proximity of at least one portable device with whose details the payment card is configured;
  
  a communication system for establishing a communication session between the data processing system and the detected portable device, upon detection of at least one portable devicewherein the browser requests a first code from the detected portable device, compares the first code with a predetermined second code and resumes the main authorisation process in the event the first code subtantially matches the second code.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14 wherein the proximity based transceiver includes a Bluetooth device.
  - 16. The system of claim 14 wherein the payment card is configured with an International Mobile Equipment Identity (IMEI) code of a mobile phone of the owner of the card;
    - and wherein;
      
      the communication system attempts to establish a Bluetooth connection with the mobile phone; and
      
      comparing the first code with a predetermined second code comprises comparing an International Mobile Equipment Identity (IMEI) code retrieved from the mobile phone with the IMEI with which the payment card is configured.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Edison Vault, LLC
Original Assignee
International Business Machines Corporation
Inventors
Piccinini, Sandro, Febonio, Barbara

Granted Patent

US 9,215,331 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/41
CPC Class Codes

G06Q 20/105   involving programming of a ...

G06Q 20/12   specially adapted for elect...

G06Q 20/327   Short range or proximity pa...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/425   using two different network...

G06Q 30/0603   Catalogue ordering

H04M 15/00   Arrangements for metering, ...

H04M 15/47   Fraud detection or preventi...

H04M 15/48   Secure or trusted billing, ...

H04M 15/8005   Flat-fee

H04M 15/85   characterised by the type o...

H04M 15/851   Determined tariff

H04M 15/858   Request users acknowledgeme...

H04M 17/00   Prepayment of wireline comm...

H04M 2215/0148   Fraud detection or preventi...

H04M 2215/0156   Secure and trusted billing,...

H04M 2215/815   Notification when a specifi...

H04M 2215/8183   Request users acknowledgeme...

H04W 4/24   Accounting or billing

Method and System For Dual Layer Authentication For Electronic Payment Request In Online Transactions

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System For Dual Layer Authentication For Electronic Payment Request In Online Transactions

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links