Method and apparatus for billing for transactions conducted over the internet
First Claim
1. A method of authenticating a user for a transaction on a data network comprising:
- sending to a user'"'"'s client terminal data containing a static information portion and a transaction-oriented dynamic portion, the static information portion identifying an account associated with the user and the transaction-oriented dynamic information portion containing information generated for that user that is valid for a single subsequent transaction;
storing the transaction-oriented dynamic information portion in association with the static information portion;
receiving, from the user'"'"'s client terminal, the data containing the static information portion and the transaction-oriented dynamic information portion in association with information relating to the single subsequent transaction;
identifying the user'"'"'s account from the received static information portion;
comparing the transaction-oriented dynamic information portion received from the user'"'"'s client terminal with the transaction-oriented dynamic information portion stored in association with the static information portion; and
authenticating the user for the single subsequent transaction if the received transaction-oriented dynamic information portion matches the stored transaction-oriented dynamic information for the account associated with the user.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for authenticating transactions accomplished over a data network utilizes a "cookie" containing both static information (user-identifying information) and dynamic information (transaction-based information). The transaction-oriented dynamic information portion comprises a random number and a sequence number, the latter tracking the number of billing transactions conducted by the user associated with the account number. The cookie, sent to the user'"'"'s cookie file upon a previous transaction, is valid for only a single new transaction. A billing server, upon receiving the cookie containing the static and dynamic information portions, identifies the user from the account number in the static portion and accesses from an associated database the expected random number and sequence number that the billing server last sent to that user in the transaction-oriented dynamic portion. If the expected dynamic portion matches the received dynamic portion, the user is authenticated to proceed with the current transaction.
-
Citations
24 Claims
-
1. A method of authenticating a user for a transaction on a data network comprising:
-
sending to a user'"'"'s client terminal data containing a static information portion and a transaction-oriented dynamic portion, the static information portion identifying an account associated with the user and the transaction-oriented dynamic information portion containing information generated for that user that is valid for a single subsequent transaction; storing the transaction-oriented dynamic information portion in association with the static information portion; receiving, from the user'"'"'s client terminal, the data containing the static information portion and the transaction-oriented dynamic information portion in association with information relating to the single subsequent transaction; identifying the user'"'"'s account from the received static information portion; comparing the transaction-oriented dynamic information portion received from the user'"'"'s client terminal with the transaction-oriented dynamic information portion stored in association with the static information portion; and authenticating the user for the single subsequent transaction if the received transaction-oriented dynamic information portion matches the stored transaction-oriented dynamic information for the account associated with the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for authenticating a user for a transaction on the Internet comprising:
-
sending to a user'"'"'s client terminal a cookie containing a static information portion and a transaction-oriented dynamic portion, the static information portion identifying an account number associated with the user and the transaction-oriented dynamic information portion containing information generated for that user that is valid for a single subsequent transaction; storing the transaction-oriented dynamic information portion in association with the user'"'"'s account number identified by the static information portion; receiving from the user'"'"'s client terminal the cookie containing the static information portion and the transaction-oriented dynamic information portion in association with information relating to the single subsequent transaction; identifying the user'"'"'s account number from the static information portion in the received cookie; and comparing the transaction-oriented dynamic information portion in the received cookie with the stored transaction-oriented dynamic information portion associated with the identified user'"'"'s account number. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for authenticating a user for a transaction on the Internet comprising:
-
means for sending to a user'"'"'s client terminal a cookie containing a static information portion and a transaction-oriented dynamic information portion, the static information portion identifying an account number associated with the user and the transaction-oriented dynamic information portion containing information generated for that user that is valid for a single subsequent transaction; means for storing the transaction-oriented dynamic information portion in association with the user'"'"'s account number identified by the static information portion; means for receiving from the user'"'"'s client terminal the cookie containing the static information portion and the transaction-oriented dynamic information portion in association with information relating to the single subsequent transaction; means for identifying the user'"'"'s account number from the static information portion in the received cookie; and means for comparing the transaction-oriented dynamic information portion in the received cookie with the stored transaction-oriented dynamic information portion associated with the identified user'"'"'s account number. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification