SYSTEMS AND METHODS FOR AUTHENTICATING A USER USING PRIVATE NETWORK CREDENTIALS

US 20180108012A1
Filed: 10/13/2016
Published: 04/19/2018
Est. Priority Date: 10/13/2016
Status: Active Grant

First Claim

Patent Images

1. A cardholder authentication computing device, said cardholder authentication computing device comprising one or more processors in communication with one or more memory devices, said cardholder authentication computing device configured to:

receive, from a merchant computing device, an authentication request message corresponding to an online payment transaction between a merchant and a purported cardholder purporting to be an actual cardholder, wherein the authentication request message includes pre-authentication data that indicates that the purported cardholder accessed the merchant computing device through a private network and that the purported cardholder was authenticated by the private network;

authenticate the purported cardholder for completing the online payment transaction based, at least in part, on the pre-authentication data;

generate an authentication response message indicating that the purported cardholder is the actual cardholder; and

transmit the authentication response message to the merchant computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cardholder authentication computing device for authenticating user computing devices during online payment transactions are provided. The cardholder authentication computing device leverages pre-authentication of a user by a private network to facilitate authentication of a user in the context of an online payment transaction between the user and a merchant. During the course of an online payment transaction, the cardholder authentication computing device may receive an authentication request messages containing pre-authentication data from a merchant computing device. The cardholder authentication computing device then authenticates the user based, in part, on the pre-authentication data. In certain embodiments, the cardholder authentication computing device may also determine whether one or more partner services apply to transactions between the user and the merchant based on the user'"'"'s affiliation with the organization.

Citations

24 Claims

1. A cardholder authentication computing device, said cardholder authentication computing device comprising one or more processors in communication with one or more memory devices, said cardholder authentication computing device configured to:
- receive, from a merchant computing device, an authentication request message corresponding to an online payment transaction between a merchant and a purported cardholder purporting to be an actual cardholder, wherein the authentication request message includes pre-authentication data that indicates that the purported cardholder accessed the merchant computing device through a private network and that the purported cardholder was authenticated by the private network;
  
  authenticate the purported cardholder for completing the online payment transaction based, at least in part, on the pre-authentication data;
  
  generate an authentication response message indicating that the purported cardholder is the actual cardholder; and
  
  transmit the authentication response message to the merchant computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The cardholder authentication computing device of claim 1, wherein the private network provides authentication data to the merchant computing device to indicate that the purported cardholder was authenticated by the private network, wherein providing the authentication data to the merchant computing device further includes applying at least one of a transport-level security mechanism and a message-level security mechanism to the authentication data,wherein applying the transport-level security mechanism further includes at least one of establishing a private connection between the private network and the merchant computing device, authenticating the private network and the merchant computing device using public-key cryptography, and performing a message integrity check using a message authentication code, andwherein applying the message-level security mechanism includes transmitting at least one of a digital signature, a digital certificate, and an encryption key with the authentication data.
  - 3. The cardholder authentication computing device of claim 1, wherein the private network provides a federated identity token to the merchant computing device to indicate that the purported cardholder was authenticated by the private network.
  - 4. The cardholder authentication computing device of claim 3, wherein the federated identity token conforms to Security Assertion Markup Language (SAML) specifications.
  - 5. The cardholder authentication computing device of claim 1, wherein the authentication request message includes a host internet protocol (IP) address of the purported cardholder and wherein authenticating the purported cardholder further comprises determining whether the host IP address corresponds to a public IP address associated with the private network.
  - 6. The cardholder authentication computing device of claim 1, wherein the authentication request message includes a host internet protocol (IP) address of the purported cardholder and wherein authenticating the purported cardholder further comprises determining whether a geographic location associated with the host IP address corresponds to a geographic location associated with the private network.
  - 7. The cardholder authentication computing device of claim 1, wherein generating the authentication response message further comprises generating an authentication token for use in authorizing the online payment transaction and including the authentication token in the authentication response message.
  - 8. The cardholder authentication computing device of claim 1, further configured to determine whether one or more partner services are applicable to the merchant and the purported cardholder, wherein the authentication response message includes a partner service indicator identifying one or more applicable partner services.

9. A computer-implemented method for authenticating user computing devices during online payment transactions, said method implemented using a cardholder authentication computing device, said method comprising:
- receiving, from a merchant computing device, an authentication request message corresponding to an online payment transaction between a merchant and a purported cardholder purporting to be an actual cardholder, wherein the authentication request message includes pre-authentication data that indicates that the purported cardholder accessed the merchant computing device through a private network and that the purported cardholder was authenticated by the private network;
  
  authenticating the purported cardholder for completing the online payment transaction based, at least in part, on the pre-authentication data;
  
  generating an authentication response message indicating that the purported cardholder is the actual cardholder; and
  
  transmitting the authentication response message to the merchant computing device.
- View Dependent Claims (10, 15, 21, 22, 23, 24)
- - 10. A method in accordance with claim 9, wherein the private network provides a federated identity token to the merchant computing device to indicate that the purported cardholder is was pre-authenticated by the private network.
  - 15. A method in accordance with claim 9, further configured to determine whether one or more partner services are applicable to the merchant and the purported cardholder, wherein the authentication response message includes a partner service indicator identifying one or more applicable partner services.
  - 21. A method in accordance with claim 10, wherein the federated identity token conforms to Security Assertion Markup Language (SAML) specifications.
  - 22. A method in accordance with claim 9, wherein the authentication request message includes a host internet protocol (IP) address of the purported cardholder and wherein authenticating the purported cardholder further comprises determining whether the host IP address corresponds to a public IP address associated with the private network.
  - 23. A method in accordance with claim 9, wherein the authentication request message includes a host internet protocol (IP) address of the purported cardholder and wherein authenticating the purported cardholder further comprises determining whether a geographic location associated with the host IP address corresponds to a geographic location associated with the private network.
  - 24. A method in accordance with claim 9, wherein generating the authentication response message further comprises generating an authentication token for use in authorizing the online payment transaction and including the authentication token in the authentication response message.

11. (canceled)

11-1. (canceled)

12. (canceled)

12-1. (canceled)

16. A computer-readable storage medium having computer-executable instructions embodied thereon, wherein when executed by a cardholder authentication computing device having one or more processors in communication with one or more memory devices, the computer-executable instructions cause the cardholder authentication computing device to:
- receive, from a merchant computing device, an authentication request message corresponding to an online payment transaction between a merchant and a purported cardholder purporting to be an actual cardholder, wherein the authentication request message includes pre-authentication data that indicates that the purported cardholder accessed the merchant computing device through a private network and that the purported cardholder was authenticated by the private network;
  
  authenticate the purported cardholder for completing the online payment transaction based, at least in part, on the pre-authentication data;
  
  generate an authentication response message indicating that the purported cardholder is the actual cardholder; and
  
  transmit the authentication response message to the merchant computing device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable storage medium of claim 16, wherein the computer-executable instructions cause the cardholder authentication computing device to determine whether the merchant offers one or more partner services to the organization.
  - 18. The computer-readable storage medium of claim 16, wherein the private network provides a federated identity token conforming to Security Assertion Markup Language (SAML) specifications.
  - 19. The computer-readable storage medium of claim 16, wherein the authentication request message includes a host internet protocol (IP) address of the purported cardholder and wherein authenticating the purported cardholder further comprises one of determining whether the host IP address corresponds to a public IP address associated with the private network and determining whether a geographic location associated with the host IP address corresponds to a geographic address associated with the private network.
  - 20. The computer-readable storage medium of claim 16, wherein generating the authentication response message further comprises generating an authentication token for use in authorizing the online payment transaction and including the authentication token in the authentication response message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Original Assignee
Mastercard International Incorporated (MasterCard Incorporated)
Inventors
Kohli, Manoneet

Granted Patent

US 11,093,940 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/401   Transaction verification

G06Q 20/4014   Identity check for transact...

G06Q 20/405   Establishing or using trans...

G06Q 30/02   Marketing; Price estimation...

SYSTEMS AND METHODS FOR AUTHENTICATING A USER USING PRIVATE NETWORK CREDENTIALS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR AUTHENTICATING A USER USING PRIVATE NETWORK CREDENTIALS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links