SECURE AUTHENTICATION BETWEEN MULTIPLE PARTIES

US 20100332391A1
Filed: 06/30/2009
Published: 12/30/2010
Est. Priority Date: 06/30/2009
Status: Active Grant

First Claim

Patent Images

1. A payment authentication apparatus comprising:

a processor on a server; and

a memory adapted to store a plurality of machine-readable instructions for the server wherein the memory is executed by the processor to provide;

a payment authentication application adapted to receive a payment request PIN (Personal Identification Number) from a first party and to compare the payment request PIN to a stored PIN of a user for authenticating a payment request, wherein the payment request PIN is derived from an access code received from a second party and wherein the access code is hidden from the payment authentication application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed herein to allow a party to a multiple-party transaction to perform authentications using identification information received from another party while allowing the party generating the identification information to maintain confidentiality of information. A user may enter an access code to identify the user to a first party that will be generating identification information to a second party in the transaction. The access code may be entered without requiring the entry of an alphanumeric PIN (Personal Identification Number). The first party may convert the access code to a second code for transmission to the second party so that the access code is not revealed to the second party. The second party may use the second code to authenticate the user, to authenticate a payment transaction or other types of communications from the user or the first party. Thus, parties in a multiple-party transaction may perform authentications while maintaining the confidentiality of information.

60 Citations

View as Search Results

24 Claims

1. A payment authentication apparatus comprising:
- a processor on a server; and
  
  a memory adapted to store a plurality of machine-readable instructions for the server wherein the memory is executed by the processor to provide;
  
  a payment authentication application adapted to receive a payment request PIN (Personal Identification Number) from a first party and to compare the payment request PIN to a stored PIN of a user for authenticating a payment request, wherein the payment request PIN is derived from an access code received from a second party and wherein the access code is hidden from the payment authentication application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The payment authentication apparatus of claim 1, wherein the payment authentication application is from a payment provider, the first party is a merchant, and the second party is a consumer.
  - 3. The payment authentication apparatus of claim 1, wherein the payment authentication application is from a payment provider, the first party is a communication device, and the second party is a consumer
  - 4. The payment authentication apparatus of claim 1, wherein the access code is not entered alphanumerically.
  - 5. The payment authentication apparatus of claim 4, wherein the access code comprises a pattern of finger movement of the second party.
  - 6. The payment authentication apparatus of claim 4, wherein the access code comprises a voice phrase of the second party.
  - 7. The payment authentication apparatus of claim 4, wherein the access code comprises an image selected by the second party.
  - 8. The payment authentication apparatus of claim 4, wherein the access code comprises biometric information of the second party.
  - 9. The payment authentication apparatus of claim 1, wherein the payment authentication application is further adapted to receive a pre-approval key from the first party and to compare the pre-approval key to a stored pre-approval key of the user.
  - 10. The payment authentication apparatus of claim 9, wherein the payment authentication application is further adapted to receive a pre-approval payment request and to reply to the pre-approval payment request with the stored pre-approval key.
  - 11. The payment authentication apparatus of claim 10, wherein the payment authentication application is further adapted to receive the stored PIN of the user and the stored pre-approval key to approve the pre-approval payment request and to associate the stored pre-approval key with the stored PIN, and wherein the stored PIN is derived from a pre-approval access code received from the user and wherein the pre-approval access code is hidden from the payment authentication application.

12. A method of authenticating a payment request by a payment provider, comprising:
- receiving a payment request PIN from a first party, wherein the payment request PIN is derived from an access code received from a second party and wherein the access code is hidden from the payment provider;
  
  verifying the payment request PIN against a stored PIN of a user; and
  
  approving the payment request.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The method of claim 12, wherein the first party is a merchant, and the second party is a consumer.
  - 14. The method of claim 12, wherein the first party is a communication device, and the second party is a consumer.
  - 15. The method of claim 12, wherein the access code is not entered alphanumerically.
  - 16. The method of claim 15, wherein the access code comprises a pattern of finger movement of the second party.
  - 17. The method of claim 15, wherein the access code comprises a voice phrase of the second party.
  - 18. The method of claim 15, wherein the access code comprises an image selected by the second party.
  - 19. The method of claim 15, wherein the access code comprises biometric information of the second party.
  - 20. The method of claim 12, further comprising:
    - receiving a pre-approval key from the first party; and
      
      verifying the pre-approval key against a stored pre-approval key of the user to approve the payment request.
  - 21. The method of claim 20, further comprising:
    - receiving a pre-approval payment request from the first party;
      
      replying to the pre-approval payment request with the stored pre-approval key;
      
      receiving credential information of the user;
      
      processing the credential information to verify the user;
      
      receiving the stored PIN of the user and the stored pre-approval key, wherein the stored PIN is derived from a pre-approval access code received from the user and wherein the pre-approval access code is hidden from the payment provider; and
      
      associating the stored pre-approval key with the stored PIN to approve the pre-approval payment request.

22. A computer program product in a payment authentication device comprising a computer readable medium having computer readable code for instructing a processor to perform a method for authenticating a payment request, the method comprising:
- receiving a payment request PIN from a first party, wherein the payment request PIN is derived from an access code received from a second party and wherein the access code is hidden from the computer program product;
  
  verifying the payment request PIN against a stored PIN of the user; and
  
  approving the payment request.
- View Dependent Claims (23, 24)
- - 23. The computer program product of claim 22, wherein the first party is a merchant, and the second party is a consumer.
  - 24. The computer program product of claim 22, wherein the first party is a communication device, and the second party is a consumer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
eBay Inc.
Inventors
KHAN, Khurram

Granted Patent

US 8,825,548 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/44
CPC Class Codes

G06F 21/31   User authentication

G06Q 20/02   involving a neutral party, ...

G06Q 20/10   specially adapted for elect...

G06Q 20/325   using wireless networks

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G10L 17/00   Speaker identification or v...

SECURE AUTHENTICATION BETWEEN MULTIPLE PARTIES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE AUTHENTICATION BETWEEN MULTIPLE PARTIES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links