Authenticated payment
First Claim
Patent Images
1. A method for authenticating a payment transaction over a network, comprising:
- at a payment authentication service, storing a public key associated with a public key infrastructure (PKI) key pair in a profile database;
linking the PKI key pair to at least a first payment instrument of a buyer;
subsequent to the step of linking the PKI key pair to the first payment instrument and in response to receiving an authentication request from the buyer over a network, the authentication request including a description of the payment transaction and an identity of a seller, the seller separate from the payment authentication service, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;
subsequent to the step of linking the PKI key pair to the first payment instrument, receiving a selection of the first payment instrument from the buyer;
in response to receiving a challenge response from the buyer over the network, the challenge response including a summary of the payment transaction digitally signed by the buyer, decrypting the digitally signed summary of the payment transaction using the public key;
determining, from said decrypting, that the buyer has access to the private key and that the buyer is authorized to use the first payment instrument;
storing a digitally signed record of the payment transaction in a transaction archive; and
notifying the seller that the buyer is authorized to use the first payment instrument.
2 Assignments
0 Petitions
Accused Products
Abstract
A buyer (110) wishes to use a payment instrument as part of an online commerce transaction with a seller (120) and it is desired to authenticate that the buyer (110) has authority to use the payment instrument. A separate authentication service (130) determines whether the buyer (110) has access to certain secret information without revealing the secret information to the seller (120). Access to the secret information would verify that the buyer (110) has authority to use the payment instrument. The authentication service (130) informs the seller (120) whether the buyer (110) is authorized to use the payment instrument.
79 Citations
24 Claims
-
1. A method for authenticating a payment transaction over a network, comprising:
-
at a payment authentication service, storing a public key associated with a public key infrastructure (PKI) key pair in a profile database; linking the PKI key pair to at least a first payment instrument of a buyer; subsequent to the step of linking the PKI key pair to the first payment instrument and in response to receiving an authentication request from the buyer over a network, the authentication request including a description of the payment transaction and an identity of a seller, the seller separate from the payment authentication service, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction; subsequent to the step of linking the PKI key pair to the first payment instrument, receiving a selection of the first payment instrument from the buyer; in response to receiving a challenge response from the buyer over the network, the challenge response including a summary of the payment transaction digitally signed by the buyer, decrypting the digitally signed summary of the payment transaction using the public key; determining, from said decrypting, that the buyer has access to the private key and that the buyer is authorized to use the first payment instrument; storing a digitally signed record of the payment transaction in a transaction archive; and notifying the seller that the buyer is authorized to use the first payment instrument. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer readable medium storing instructions adapted to be executed by a processor, the instructions including a method for authenticating a payment transaction over a network, the method comprising:
-
at a payment authentication service, storing a public key associated with a public key infrastructure (PKI) key pair in a profile database; storing a buyer profile that links the PKI key pair to at least a first payment instrument of a buyer; subsequent to the step of storing the buyer profile and in response to receiving an authentication request from the buyer over a network, the authentication request including a description of the payment transaction and an identity of a seller, the seller separate from the payment authentication service, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction; subsequent to the step of storing the buyer profile, receiving a selection of the first payment instrument from the buyer; in response to receiving a challenge response from the buyer over the network, the challenge response including a summary of the payment transaction digitally signed by the buyer, decrypting the digitally signed summary of the payment transaction using the public key; determining, from said decrypting, that the buyer has access to the private key and that the buyer is authorized to use the first payment instrument; storing a digitally signed record of the payment transaction in a transaction archive; and notifying the seller that the buyer is authorized to use the first payment instrument. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for authenticating a payment transaction over a network, comprising:
-
a profile database; a transaction archive; and an authentication service web server coupled to the profile database, the transaction archive and the network, the authentication service web server adaptively configured to; store a public key associated with a public key infrastructure (PKI) key pair in a profile database; link the PKI key pair to at least a first payment instrument of a buyer; subsequent to linking the PKI key pair to the first payment instrument, in response to receiving an authentication request from the buyer over a network, the authentication request including a description of the payment transaction and an identity of a seller, the seller separate from the authentication service, send a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction; subsequent to linking the PKI key pair to the first payment instrument, receive a selection of the first payment instrument from the buyer; in response to receiving a challenge response from the buyer over the network, the challenge response including a summary of the payment transaction digitally signed by the buyer, decrypt the digitally signed summary of the payment transaction using the public key; determine, from said decryption, that the buyer has access to the private key and that the buyer is authorized to use the first payment instrument; store a digitally signed record of the payment transaction in a transaction archive; and notify the seller that the buyer is authorized to use the first payment instrument. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification