PAYMENT TRANSACTION PROCESSING USING OUT OF BAND AUTHENTICATION

US 20100125737A1
Filed: 07/31/2009
Published: 05/20/2010
Est. Priority Date: 11/14/2008
Status: Active Grant

First Claim

Patent Images

1. A transaction processor, comprising:

an electronic processor;

a memory coupled to the electronic processor; and

a set of instructions stored in the memory which, when executed by the electronic processor implement a process toreceive a request to authenticate a transaction initiated by a user at a merchant'"'"'s web-site;

send a request for authentication data to the user over a first communications channel;

receive a response to the request for authentication data from the user over the first communications channel;

process the received response to obtain the user'"'"'s contact data to enable contacting the user over a second communications channel;

send a request to approve the transaction to the user over the second communications channel; and

in response to the request to approve the transaction, receive a message from the user approving or denying the transaction over the second communications channel, the message including a digitally signed certificate authenticating the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, apparatuses, and methods for increasing the security of electronic payment transactions, such as eCommerce transactions conducted over the Internet. A transaction approval or authorization mechanism uses an out of band process to provide authentication or identification data that has previously been registered by a user and associated with the user'"'"'s payment device or account. The out of band authentication data may be provided in response to a message sent to a user'"'"'s mobile phone, where the message is generated in response to entering the user'"'"'s phone number into a form that is provided when the user engages in an electronic payment transaction using a desktop computer. The data may include a digital signature and associated digital certificate that is used to authenticate the user.

198 Citations

18 Claims

1. A transaction processor, comprising:
- an electronic processor;
  
  a memory coupled to the electronic processor; and
  
  a set of instructions stored in the memory which, when executed by the electronic processor implement a process toreceive a request to authenticate a transaction initiated by a user at a merchant'"'"'s web-site;
  
  send a request for authentication data to the user over a first communications channel;
  
  receive a response to the request for authentication data from the user over the first communications channel;
  
  process the received response to obtain the user'"'"'s contact data to enable contacting the user over a second communications channel;
  
  send a request to approve the transaction to the user over the second communications channel; and
  
  in response to the request to approve the transaction, receive a message from the user approving or denying the transaction over the second communications channel, the message including a digitally signed certificate authenticating the user.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The transaction processor of claim 1, wherein the first communications channel is the Internet.
  - 3. The transaction processor of claim 1, wherein the user'"'"'s contact data includes the user'"'"'s mobile phone number.
  - 4. The transaction processor of claim 1, wherein the transaction is initiated by the user using a computing device coupled to the first communications channel.
  - 5. The transaction processor of claim 1, wherein the request to approve the transaction includes an address to which a response to the request should be directed.
  - 6. The transaction processor of claim 4, wherein the digitally signed certificate corresponds to a digitally signed certificate resident on the computing device.

7. A method of processing an electronic payment transaction, comprising:
- registering a user by associating contact data for the user with the user'"'"'s payment account;
  
  receiving a request to authorize an electronic payment transaction initiated by the user;
  
  sending a request for authentication data to the user over a first communications channel;
  
  receiving a response to the request for authentication data over the first communications channel;
  
  processing the response to determine contact data for the user;
  
  generating a transaction approval message to be sent to the user;
  
  sending the transaction approval message to the user over a second communications channel using the contact data; and
  
  in response to the transaction approval message, receiving a message from the user approving or denying the transaction, the message including a digitally signed certificate authenticating the user.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the first communications channel is the Internet.
  - 9. The method of claim 7, wherein the second communications channel is a cellular network.
  - 10. The method of claim 7, wherein the contact data includes the user'"'"'s mobile phone number.
  - 11. The method of claim 7, wherein the transaction approval message is a SMS message.
  - 12. The method of claim 7, wherein the transaction approval message includes an address to which the response to the message should be sent.
  - 13. The method of claim 7, wherein the first communications channel is coupled to the user'"'"'s computing device and the second communications channel is coupled to the user'"'"'s mobile phone, and wherein the method further comprises:
    - transferring a digital certificate stored on the user'"'"'s computing device to the user'"'"'s mobile phone; and
      
      receiving the digital certificate from the user'"'"'s mobile phone as part of the message from the user approving or denying the transaction.

14. A method of processing an electronic payment transaction, comprising:
- receiving a request to authenticate the electronic payment transaction from a merchant'"'"'s web-site, wherein the electronic payment transaction is initiated by a user;
  
  sending a request for authentication data to the user over a first communications channel;
  
  receiving a response to the request for authentication data over the first communications channel;
  
  processing the response to determine the user'"'"'s mobile phone number;
  
  generating a transaction approval message to be sent to the user;
  
  sending the transaction approval message to the user'"'"'s mobile phone; and
  
  receiving a response to the transaction approval message from the user'"'"'s mobile phone, the response including a digitally signed certificate authenticating the user.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, wherein the transaction approval message is a SMS message.
  - 16. The method of claim 14, wherein the transaction approval message is an email message.
  - 17. The method of claim 14, wherein the transaction approval message includes an address to which the response to the message should be sent.
  - 18. The method of claim 14, wherein the electronic payment transaction is initiated by a user using a computing device, and wherein the method further comprises:
    - transferring a digital certificate stored on the user'"'"'s computing device to the user'"'"'s mobile phone; and
      
      receiving the digital certificate from the user'"'"'s mobile phone as part of a response to the transaction approval message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Kang, Denis

Granted Patent

US 8,245,044 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/326   Payment applications instal...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/42   Confirmation, e.g. check or...

G06Q 20/425   using two different network...

G06Q 40/00   Finance; Insurance; Tax str...

PAYMENT TRANSACTION PROCESSING USING OUT OF BAND AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

198 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

PAYMENT TRANSACTION PROCESSING USING OUT OF BAND AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

198 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links