Authenticated Payment

US 20100293100A1
Filed: 07/23/2010
Published: 11/18/2010
Est. Priority Date: 04/17/2000
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a payment transaction over a network, comprising:

at a payment authentication service, linking secret information to at least a first payment instrument of a buyer, the secret information being known only to the buyer;

receiving a request to authenticate the buyer as being authorized to use the first payment instrument in a payment transaction;

subsequent to the step of linking the secret information to the first payment instrument and in response to receiving the request to authenticate the buyer, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;

subsequent to the step of linking the secret information to the first payment instrument, receiving a selection of the first payment instrument from the buyer;

receiving a challenge response from the buyer over the network, the challenge response proving that the buyer has access to the secret information;

in response to receiving the challenge response, determining that the buyer has access to the secret information and that the buyer is authorized to use the first payment instrument; and

notifying the seller that the buyer is authorized to use the first payment instrument.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A buyer (110) wishes to use a payment instrument as part of an online commerce transaction with a seller (120) and it is desired to authenticate that the buyer (110) has authority to use the payment instrument. A separate authentication service (130) determines whether the buyer (110) has access to certain secret information without revealing the secret information to the seller (120). Access to the secret information would verify that the buyer (110) has authority to use the payment instrument. The authentication service (130) informs the seller (120) whether the buyer (110) is authorized to use the payment instrument.

47 Citations

View as Search Results

13 Claims

1. A method for authenticating a payment transaction over a network, comprising:
- at a payment authentication service, linking secret information to at least a first payment instrument of a buyer, the secret information being known only to the buyer;
  
  receiving a request to authenticate the buyer as being authorized to use the first payment instrument in a payment transaction;
  
  subsequent to the step of linking the secret information to the first payment instrument and in response to receiving the request to authenticate the buyer, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;
  
  subsequent to the step of linking the secret information to the first payment instrument, receiving a selection of the first payment instrument from the buyer;
  
  receiving a challenge response from the buyer over the network, the challenge response proving that the buyer has access to the secret information;
  
  in response to receiving the challenge response, determining that the buyer has access to the secret information and that the buyer is authorized to use the first payment instrument; and
  
  notifying the seller that the buyer is authorized to use the first payment instrument.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the secret information is a secret encryption key of the buyer, and wherein said step of linking the secret information further comprises linking a corresponding public key to the first payment instrument.
  - 3. The method of claim 1, wherein the request to authenticate the buyer as being authorized to use the first payment instrument is received from the seller.
  - 4. The method of claim 1, wherein the request to authenticate the buyer as being authorized to use the first payment instrument is received from the buyer.
  - 5. The method of claim 1, further comprising:
    - generating a digitally signed record of the transaction once the transaction is complete.
  - 6. The method of claim 5, wherein the record of the payment transaction is digitally signed using the buyer'"'"'s private encryption key.
  - 7. The method of claim 5, wherein the record of the online transaction is digitally signed using a private key of the payment authentication service.
  - 8. The method of claim 5, further comprising, subsequent to generating the signed record of the transaction:
    - storing the signed record of the transaction;
      
      in response to a dispute related to the payment transaction, retrieving the stored signed record of the transaction; and
      
      based upon the contents of the signed record of the transaction, resolving the dispute related to the payment transaction.
  - 9. The method of claim 1, further comprising:
    - in response to receiving an offer by the buyer to use the first payment instrument in the payment transaction, querying a directory to identify the payment authentication service from among a plurality of payment authentication services.
  - 10. The method of claim 9, wherein each of the plurality of payment authentication services authenticates a different payment instrument of the buyer, each of which is linked to the secret information.
  - 11. The method of claim 1, wherein the step of determining that the buyer has access to the secret information comprises decrypting a portion of the received challenge response using a public key of the buyer.

12. A computer readable medium storing instructions adapted to be executed by a processor, the instructions causing the processor to perform a method comprising:
- at a payment authentication service, linking secret information to at least a first payment instrument of a buyer, the secret information being known only to the buyer;
  
  receiving a request to authenticate the buyer as being authorized to use the first payment instrument in a payment transaction;
  
  subsequent to the step of linking the secret information to the first payment instrument and in response to receiving the request to authenticate the buyer, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;
  
  subsequent to the step of linking the secret information to the first payment instrument, receiving a selection of the first payment instrument from the buyer;
  
  receiving a challenge response from the buyer over the network, the challenge response proving that the buyer has access to the secret information;
  
  in response to receiving the challenge response, determining that the buyer has access to the secret information and that the buyer is authorized to use the first payment instrument; and
  
  notifying the seller that the buyer is authorized to use the first payment instrument.

13. A system for authenticating a payment transaction over a network, comprising:
- a transaction archive; and
  
  an authentication service coupled to the transaction archive and the network, the authentication service web server configured to;
  
  link secret information to at least a first payment instrument of a buyer, the secret information being known only to the buyer;
  
  receive a request to authenticate the buyer as being authorized to use the first payment instrument in a payment transaction;
  
  subsequent to the step of linking the secret information to the first payment instrument and in response to receiving the request to authenticate the buyer, send a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;
  
  subsequent to the step of linking the secret information to the first payment instrument, receive a selection of the first payment instrument from the buyer;
  
  receive a challenge response from the buyer over the network, the challenge response proving that the buyer has access to the secret information;
  
  in response to receiving the challenge response, determine that the buyer has access to the secret information and that the buyer is authorized to use the first payment instrument; and
  
  notify the seller that the buyer is authorized to use the first payment instrument.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VeriSign, Inc.
Original Assignee
VeriSign, Inc.
Inventors
Graves, Michael E., Frank, Peter E., Whitehead, Gregory R., Plambeck, Thane

Granted Patent

US 7,983,993 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 30/06   Buying, selling or leasing ...

Authenticated Payment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticated Payment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links