Online card present transaction

US 7,292,999 B2
Filed: 08/30/2001
Issued: 11/06/2007
Est. Priority Date: 03/15/2001
Status: Expired due to Fees

First Claim

Patent Images

1. An online card present transaction method comprising:

detecting, from a host system, the presence of a smart card reader connected to a client computer;

presenting to a user a payment option for using a smart card for payment in response to the detection of the smart card reader;

receiving, from said client computer, a selection by said user of said payment option;

transmitting, to said client computer, a challenge string in response to said selection by said user, wherein said challenge string prompts said user to insert a smart card into said smart card reader, wherein said smart card stores a digital certificate;

receiving, at said host system, a copy of said digital certificate and a signed challenge string from said client computer, wherein said challenge string is signed to create the signed challenge string and said digital certificate is accessed in response to the user entering a Personal Identification Number (PIN);

authenticating, at said host system, said smart card using said signed challenge string and said copy of said digital certificate;

generating, at said host system, a secondary transaction account number, wherein said secondary transaction account number is valid for a single purchase transaction;

associating, at said host system, said secondary transaction account number with said transaction account of said user; and

,communicating, by said host system, said secondary transaction account number over said authenticated communication channel to a merchant, wherein said merchant submits a payment request based on said secondary transaction account number.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An online card-present transaction system facilitates card-present type transactions with a merchant over a public network. A host system is configured to accept authentication data from a user via an authentication device. The host system, after authenticating a user is configured to retrieve the user'"'"'s account information from a user database system and translate a user account number into a temporary transaction number. The temporary transaction number is then transmitted directly from the host system to the merchant, thereby eliminating the need for the user to send to the merchant over the internet, the user'"'"'s transaction account number.

328 Citations

8 Claims

1. An online card present transaction method comprising:
- detecting, from a host system, the presence of a smart card reader connected to a client computer;
  
  presenting to a user a payment option for using a smart card for payment in response to the detection of the smart card reader;
  
  receiving, from said client computer, a selection by said user of said payment option;
  
  transmitting, to said client computer, a challenge string in response to said selection by said user, wherein said challenge string prompts said user to insert a smart card into said smart card reader, wherein said smart card stores a digital certificate;
  
  receiving, at said host system, a copy of said digital certificate and a signed challenge string from said client computer, wherein said challenge string is signed to create the signed challenge string and said digital certificate is accessed in response to the user entering a Personal Identification Number (PIN);
  
  authenticating, at said host system, said smart card using said signed challenge string and said copy of said digital certificate;
  
  generating, at said host system, a secondary transaction account number, wherein said secondary transaction account number is valid for a single purchase transaction;
  
  associating, at said host system, said secondary transaction account number with said transaction account of said user; and
  
  ,communicating, by said host system, said secondary transaction account number over said authenticated communication channel to a merchant, wherein said merchant submits a payment request based on said secondary transaction account number.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein said authentication process comprises the steps of:
    - embedding an encrypted host system signature in said client computer of said user; and
      
      redirecting a browser of said client computer to said merchant, causing said merchant to authenticate said host system by decrypting said host system signature.
  - 3. The method of claim 1, wherein said authentication process comprises the steps of:
    - communicating a token to said merchant over a first communication channel;
      
      receiving a communication from said merchant over a second communication channel requesting said host system to confirm issuance of said token; and
      
      confirming to said merchant that said host system issued said token.

4. An online-card-present transaction method comprising:
- communicating with a client computer over a distributed network;
  
  detecting the presence of a smart card reader connected to said client computer by a merchant computer over said distributed network;
  
  presenting a user of said client computer with a payment option for using a smart card for payment in response to the detection of the smart card reader;
  
  receiving a selection by said user of said payment option;
  
  redirecting said client computer to a website of a host system in response to said detection;
  
  wherein said host system;
  
  transmits a challenge string to said client computer, wherein said challenge string prompts said user to insert said smart card into said smart card reader, wherein said smart card stores a digital certificate;
  
  receives a copy of said digital certificate and a signed challenge string from said client computer, wherein said challenge string is signed to create the signed challenge string and said digital certificate is accessed in response to the user entering a Personal Identification Number (PIN);
  
  authenticates said smart card using said signed challenge string and said copy of said digital certificate;
  
  generates a secondary transaction account number, wherein said secondary transaction account number is valid for a single purchase transaction;
  
  associates said secondary transaction account number with an account of said user; and
  
  ,communicates said secondary transaction account number to said client computer, wherein said user of said client computer submits a payment request based on said secondary transaction account number; and
  
  ,receiving account information including said secondary transaction account number from said host system over said authenticated communication channel, wherein said account information and said secondary transaction account number facilitates completion of a transaction between said user and a merchant.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein said step of generating said secondary transaction account number comprises the steps of:
    - receiving an encrypted host system signature; and
      
      decrypting said encrypted host system signature to determine that said account information originated with said host system.
  - 6. The method of claim 4, further comprising:
    - establishing an authenticated communication channel;
      
      receiving a host system token over a first communication channel, wherein said token identifies said host system; and
      
      communicating to said host system over a second communication channel to confirm that said token was issued by said host system.

7. An online card-present transaction method, comprising:
- transmitting to a merchant computer a request to facilitate a transaction with a merchant;
  
  receiving a payment option for using a smart card for payment in response to said merchant computer detecting a presence of a smart card reader connected to a client;
  
  transmitting a selection by said user of said payment option;
  
  receiving a challenge string in response to said selection;
  
  receiving a prompt from said challenge string to insert said smart card into a smart card reader, wherein said smart card stores a digital certificate;
  
  entering a Personal Identification Number (PIN) which triggers signing of said challenge string to create a signed challenge string and which accesses said digital certificate;
  
  transmitting a copy of said digital certificate and said signed challenge string to a host computer, wherein said host computer;
  
  authenticates said smart card using said signed challenge string and said copy of said digital certificate;
  
  retrieves a primary transaction account number associated with said digital certificate;
  
  generates a secondary transaction account number, wherein said secondary transaction account number is valid for a single purchase transaction;
  
  associates said secondary transaction account number with said primary transaction account number; and
  
  provides said secondary transaction account number to said merchant computer, wherein said merchant computer submits a payment request based on said secondary transaction account number.
- View Dependent Claims (8)
- - 8. The method of claim 7, further comprising the steps of:
    - receiving said secondary transaction account number from said merchant computer as part of a settlement process; and
      
      ,applying a charge associated with said settlement process to a transaction account of said user associated with said secondary account transaction number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Hussain, Sohail M., Hobson, Carol Lee
Primary Examiner(s)
HEWITT II, CALVIN L

Application Number

US09/943,658
Publication Number

US 20020133467A1
Time in Patent Office

2,259 Days
Field of Search

705/1, 705/26, 705/50, 705/51, 705/64, 705/65, 705/78
US Class Current

705/65
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/105   involving programming of a ...

G06Q 20/12   specially adapted for elect...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3825   Use of electronic signatures

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 30/02   Marketing; Price estimation...

G06Q 30/0601   Electronic shopping [e-shop...

Online card present transaction

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

328 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Online card present transaction

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

328 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links