USER ENHANCED AUTHENTICATION SYSTEM FOR ONLINE PURCHASES

US 20100114740A1
Filed: 10/27/2009
Published: 05/06/2010
Est. Priority Date: 10/31/2008
Status: Active Grant

First Claim

Patent Images

1. A merchant server, the merchant server comprising a processor and a computer readable medium having a computer readable code embodied therein, wherein the computer readable code is adapted to be executed on the processor, wherein the computer readable code is adapted to be executed to implement a method, the method comprising:

sending to a consumer a merchant checkout page, wherein the merchant checkout page is configured to receive from the merchant server an indication of whether an issuer server is configured to authenticate the consumer using an inline authentication form;

sending an enrollment verification request to a directory server; and

receiving an enrollment verification response from the directory server, wherein the enrollment verification response includes an indication of whether the issuer server that is capable of authenticating the consumer conducting an online transaction is configured to authenticate the consumer using the inline authentication form.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are directed to methods, systems, devices and computer-readable media. In embodiments of the invention, a user is authenticated using an authentication process that is capable of authenticating a user using an inline authentication form that can authenticate a consumer without transferring a session maintained by a merchant. The inline authentication form is used if the components of the authentication system are capable of supporting an inline authentication form. If the components of the system cannot support an inline authentication form, a different authentication process is used. In one embodiment, an inline authentication form is presented to the user asynchronously. This inline authentication form may be presented within an iFrame embedded in a merchant'"'"'s checkout page after verifying that the components to be used during the authentication can support the inline authentication form.

Citations

20 Claims

1. A merchant server, the merchant server comprising a processor and a computer readable medium having a computer readable code embodied therein, wherein the computer readable code is adapted to be executed on the processor, wherein the computer readable code is adapted to be executed to implement a method, the method comprising:
- sending to a consumer a merchant checkout page, wherein the merchant checkout page is configured to receive from the merchant server an indication of whether an issuer server is configured to authenticate the consumer using an inline authentication form;
  
  sending an enrollment verification request to a directory server; and
  
  receiving an enrollment verification response from the directory server, wherein the enrollment verification response includes an indication of whether the issuer server that is capable of authenticating the consumer conducting an online transaction is configured to authenticate the consumer using the inline authentication form.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The merchant server of claim 1 wherein the merchant checkout page is configured to send an authentication request message to the issuer server, wherein the authentication request message includes an indication of whether the merchant checkout page is configured to support the inline authentication form when the issuer server is configured to authenticate a consumer using the inline authentication form.
  - 3. The merchant server of claim 1 wherein a standard authentication form is used by the merchant checkout page to authenticate the consumer when the issuer server does not support the inline authentication form.
  - 4. The merchant server of claim 3 wherein the standard authentication form and the inline authentication form use a common authentication protocol to authenticate the consumer.
  - 5. The merchant server of claim 1 wherein a standard authentication form is used by the merchant checkout page to authenticate the consumer when the merchant checkout page does not support the inline authentication form.
  - 6. The merchant server of claim 5 wherein the standard authentication form and the inline authentication form use a common authentication protocol to authenticate the consumer.
  - 7. The merchant server of claim 1 wherein the merchant checkout page includes support for a shopping cart, wherein the shopping cart is associated with a session, wherein the inline authentication form is configured to permit the issuer server to authenticate the consumer without navigating away from the session associated with the shopping cart.
  - 8. The merchant server of claim 1 wherein the method for authenticating a consumer conducting an online transaction further comprises:
    - processing the online transaction between a merchant and the consumer after the issuer server indicates to the merchant server that the consumer has been successfully authenticated.
  - 9. The merchant server of claim 1 wherein the inline authentication form is implemented using an iFrame in the merchant checkout page.

10. A directory server, the directory server comprising a processor and a computer readable medium having a computer readable code embodied therein, wherein the computer readable code is adapted to be executed on the processor, wherein the computer readable code is adapted to be executed to implement a method, the method comprising:
- receiving an enrollment verification request from a merchant server;
  
  determining an issuer server that can be used to authenticate a consumer conducting the online transaction;
  
  communicating with the issuer server to determine whether the issuer server is capable of authenticating the consumer using an inline authentication form; and
  
  sending an enrollment verification response to the merchant server, wherein the enrollment verification response includes an indication of whether the issuer server is capable of authenticating the consumer using the inline authentication form.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The directory server of claim 10 wherein the merchant server is configured to send to the consumer a merchant checkout page, wherein the merchant checkout page is configured to receive from the merchant server an indication of whether the issuer server is configured to authenticate the consumer using the inline authentication form, wherein the merchant checkout page is configured to send an authentication request message to the issuer server, wherein the authentication request message includes an indication of whether the merchant checkout page is configured to support the inline authentication form when the issuer server is configured to authenticate a consumer using the inline authentication form.
  - 12. The directory server of claim 10 wherein a standard authentication form is used by the merchant checkout page to authenticate the consumer when the issuer server does not support the inline authentication form.
  - 13. The directory server of claim 12 wherein the standard authentication form and the inline authentication form use a common authentication protocol to authenticate the consumer.
  - 14. The directory server of claim 10 wherein a standard authentication form is used by the merchant checkout page to authenticate the consumer when the merchant checkout page does not support the inline authentication form.
  - 15. The directory server of claim 14 wherein the standard authentication form and the inline authentication form use a common authentication protocol to authenticate the consumer.
  - 16. The directory server of claim 10 wherein the merchant checkout page includes support for a shopping cart, wherein the shopping card is associated with a session, wherein the inline authentication form is configured to permit the issuer server to authenticate the consumer without navigating away from the session associated with the shopping cart.

17. A method comprising:
- sending an enrollment verification request over a network from a merchant server to a directory server;
  
  receiving an enrollment verification response over the network from the directory server at the merchant server, wherein the enrollment verification response includes an indication of whether an issuer server is capable of authenticating a consumer using an inline authentication form;
  
  receiving an authentication response message over the network from the issuer server at the merchant server, wherein the authentication response message is sent in response to an authentication request message sent from a merchant checkout page to the issuer server, wherein the authentication request message includes an indication of whether the merchant checkout page is capable of authenticating the consumer using the inline authentication form, wherein the authentication response message includes an indication of whether the consumer was successfully authenticated by the issuer server; and
  
  conducting an online transaction between a merchant and the consumer after the authentication response message indicates to the merchant server that the consumer has been successfully authenticated.
- View Dependent Claims (20)
- - 20. A computer readable medium comprising computer-executable code capable of directing a processor of a computer to execute the steps of claim 17.

18. A method comprising:
- receiving an enrollment verification request over a network from a merchant server at a directory server;
  
  sending an enrollment verification response over the network from the directory server to the merchant server, wherein the enrollment verification response includes an indication of whether an issuer server is capable of authenticating a consumer using an inline authentication form;
  
  wherein the issuer sever receives an authentication request message from a merchant checkout page, wherein the authentication request message includes an indication of whether the merchant checkout page is configured to authenticate the consumer using the inline authentication form, wherein the issuer server sends an authentication response message to the merchant server, wherein the merchant server conducts an online transaction between a merchant and the consumer after the authentication response message indicates to the merchant server that the consumer has been successfully authenticated.

19. A method comprising:
- sending a payment message over a network from to a merchant server from a merchant checkout page, wherein the payment message includes electronic card commerce card information and wherein the payment message includes an indication of whether the merchant checkout page is configured to support an inline authentication form;
  
  receiving a payment message response from the merchant server at the merchant checkout page, wherein the payment message response includes an indication of whether an issuer server associated with the electronic card commerce card supports inline authentication; and
  
  sending an authentication request message to the issuer server from the merchant checkout page to conduct an online transaction between a merchant and a consumer, wherein the authentication request message includes an indication of whether the merchant checkout page is configured to support the inline authentication form when the issuer server is configured to authenticate a consumer using the inline authentication form;
  
  wherein the issuer server sends to the merchant server an authentication response message, wherein the authentication response message includes an indication of whether the consumer was successfully authenticated by the issuer server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Chan, Julie, Dominguez, Ben, Fisher, Douglas

Granted Patent

US 8,612,305 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/27
CPC Class Codes

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 20/409   Device specific authenticat...

G06Q 30/06   Buying, selling or leasing ...

G06Q 30/0601   Electronic shopping [e-shop...

G06Q 30/0603   Catalogue ordering

G06Q 30/0609   Buyer or seller confidence ...

G06Q 50/265   Personal security, identity...

USER ENHANCED AUTHENTICATION SYSTEM FOR ONLINE PURCHASES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

USER ENHANCED AUTHENTICATION SYSTEM FOR ONLINE PURCHASES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links