Secure online transactions using a captcha image as a watermark

US 7,200,576 B2
Filed: 06/20/2005
Issued: 04/03/2007
Est. Priority Date: 06/20/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium whose contents cause a computing system to:

receive a request from a client to perform a transaction; and

in response to receiving the request;

identify a user requesting the transaction;

identify the user'"'"'s secure device;

determine an alpha-numeric string that should be being currently generated by the user'"'"'s secure device;

create a captcha image using the alpha-numeric string;

create a transaction verification page comprising the captcha image of the alpha-numeric string as a visible watermark, the transaction verification page requesting a next alpha-numeric string to be generated by the user'"'"'s secure device to verify the transaction;

transmit the transaction verification page to the client;

receive from the client a second alpha-numeric string, the second alpha-numeric string being input to the transaction verification page by the user;

determine a confirmation alpha-numeric string for confirming the transaction represented by the transaction verification page, the confirmation alpha-numeric string generated by the secure device immediately after the captcha image alpha-numeric string used as the visual watermark;

compare the second alpha-numeric string to the confirmation alpha-numeric string being currently generated by the secure device;

in response to the second alpha-numeric string matching the confirmation alpha-numeric string, commit the transaction represented by the transaction verification page; and

in response to the second alpha-numeric string not matching the confirmation alpha-numeric string, abort the transaction represented by the transaction verification page.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for conducting secure online transactions using captcha images as watermarks are provided. Some techniques combine a trusted, secure device that utilizes a key to generate identifiers with a watermarked transaction verification request page to provide secure online transactions. The trusted, secure devices are provided to users for use in transacting with a transaction provider. In processing a transaction requested by a user, the transaction provider determines an identifier that should be being currently generated by the user'"'"'s trusted, secure device, creates a captcha image of the identifier, and watermarks a transaction verification request page using the captcha image. The transaction provider then requests that the user verify the transaction described in the transaction verification request page by providing the next identifier that is generated by the user'"'"'s trusted, secure device to the transaction provider.

122 Citations

13 Claims

1. A computer-readable medium whose contents cause a computing system to:
- receive a request from a client to perform a transaction; and
  
  in response to receiving the request;
  
  identify a user requesting the transaction;
  
  identify the user'"'"'s secure device;
  
  determine an alpha-numeric string that should be being currently generated by the user'"'"'s secure device;
  
  create a captcha image using the alpha-numeric string;
  
  create a transaction verification page comprising the captcha image of the alpha-numeric string as a visible watermark, the transaction verification page requesting a next alpha-numeric string to be generated by the user'"'"'s secure device to verify the transaction;
  
  transmit the transaction verification page to the client;
  
  receive from the client a second alpha-numeric string, the second alpha-numeric string being input to the transaction verification page by the user;
  
  determine a confirmation alpha-numeric string for confirming the transaction represented by the transaction verification page, the confirmation alpha-numeric string generated by the secure device immediately after the captcha image alpha-numeric string used as the visual watermark;
  
  compare the second alpha-numeric string to the confirmation alpha-numeric string being currently generated by the secure device;
  
  in response to the second alpha-numeric string matching the confirmation alpha-numeric string, commit the transaction represented by the transaction verification page; and
  
  in response to the second alpha-numeric string not matching the confirmation alpha-numeric string, abort the transaction represented by the transaction verification page.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-readable medium of claim 1, wherein the secure device is a random number generator.
  - 3. The computer-readable medium of claim 1, wherein the transaction is an online banking transaction.
  - 4. The computer-readable medium of claim 1, wherein the transaction is an online trading transaction.
  - 5. The computer-readable medium of claim 1, wherein the transaction is an electronic purchase transaction.
  - 6. The computer-readable medium of claim 1 further comprising contents that cause the computing system to:
    - in response to committing the transaction represented by the transaction verification page;
      
      determine an alpha-numeric string that should be being currently generated by the secure device corresponding to the transaction represented by the transaction verification page;
      
      create a transaction receipt page watermarked by a captcha image of the alpha-numeric string that should be being currently generated by the secure device corresponding to the transaction represented by the transaction verification page as a visible watermark; and
      
      transmit the transaction receipt page to the client.

7. A method in a computing system for providing secure transactions, the method comprising:
- maintaining a plurality of records, each record comprising an indication of a user and an indication of a secure device distributed to the user;
  
  receiving from a client a request to perform a transaction;
  
  identifying a user requesting the transaction,determining a number that should be being currently generated by the user'"'"'s secure device;
  
  creating a transaction verification page comprising information regarding the transaction, the transaction verification page watermarked with a captcha image of the number as a visible watermark, the transaction verification page requesting a next number to be generated by the user'"'"'s secure device to commit the transaction;
  
  transmitting the transaction verification page to the client;
  
  receiving from the client a second number, the second number being input to the transaction verification page by the user;
  
  determining a confirmation number for confirming the transaction represented by the transaction verification page, the confirmation number generated by the secure device immediately after the captcha image number used as the visual watermark;
  
  comparing the second number to the confirmation number being currently generated by the secure device;
  
  in response to the second number matching the confirmation number, committing the transaction represented by the transaction verification page; and
  
  in response to the second number not matching the confirmation number, aborting the transaction represented by the transaction verification page.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the plurality of records are maintained in a database accessible by the computing system.
  - 9. The method of claim 7, wherein the computing system is provided by a merchant.
  - 10. The method of claim 9, wherein the merchant is a financial institution providing financial services to users via the computing system.
  - 11. The method of claim 7, wherein the transaction verification page is displayed on the client'"'"'s screen,such that the user is able to compare the captcha image number with a number currently being generated by the user'"'"'s secure device to authenticate the sender of the transaction verification page.
  - 12. The method of claim 7, wherein the secure device is a key fob.
  - 13. The method of claim 7 further comprising:
    - in response to committing the transaction represented by the transaction verification page;
      
      determining a number that should be being currently generated by the secure device corresponding to the transaction represented by the transaction verification page;
      
      creating a transaction receipt page watermarked by a captcha image of the number that should be being currently generated by the secure device corresponding to the transaction represented by the transaction verification page as a visible watermark; and
      
      transmitting the transaction receipt page to the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Steeves, David J., Snyder, Mwende Window
Primary Examiner(s)
ELISCA, PIERRE E

Application Number

US11/157,336
Publication Number

US 20060287963A1
Time in Patent Office

652 Days
Field of Search

705/50, 705/51, 705/64, 713/176
US Class Current

705/64
CPC Class Codes

G06Q 20/367   involving electronic purses...

G06Q 20/3672   initialising or reloading t...

G06Q 20/382   insuring higher security of...

G06Q 20/401   Transaction verification

G06Q 30/06   Buying, selling or leasing ...

Secure online transactions using a captcha image as a watermark

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

122 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Secure online transactions using a captcha image as a watermark

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

122 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others