Authenticated payment

US 7,778,934 B2
Filed: 03/26/2001
Issued: 08/17/2010
Est. Priority Date: 04/17/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating a payment transaction over a network, comprising:

at a payment authentication service, storing a public key associated with a public key infrastructure (PKI) key pair in a profile database;

linking the PKI key pair to at least a first payment instrument of a buyer;

subsequent to the step of linking the PKI key pair to the first payment instrument and in response to receiving an authentication request from the buyer over a network, the authentication request including a description of the payment transaction and an identity of a seller, the seller separate from the payment authentication service, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;

subsequent to the step of linking the PKI key pair to the first payment instrument, receiving a selection of the first payment instrument from the buyer;

in response to receiving a challenge response from the buyer over the network, the challenge response including a summary of the payment transaction digitally signed by the buyer, decrypting the digitally signed summary of the payment transaction using the public key;

determining, from said decrypting, that the buyer has access to the private key and that the buyer is authorized to use the first payment instrument;

storing a digitally signed record of the payment transaction in a transaction archive; and

notifying the seller that the buyer is authorized to use the first payment instrument.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A buyer (110) wishes to use a payment instrument as part of an online commerce transaction with a seller (120) and it is desired to authenticate that the buyer (110) has authority to use the payment instrument. A separate authentication service (130) determines whether the buyer (110) has access to certain secret information without revealing the secret information to the seller (120). Access to the secret information would verify that the buyer (110) has authority to use the payment instrument. The authentication service (130) informs the seller (120) whether the buyer (110) is authorized to use the payment instrument.

79 Citations

View as Search Results

24 Claims

1. A method for authenticating a payment transaction over a network, comprising:
- at a payment authentication service, storing a public key associated with a public key infrastructure (PKI) key pair in a profile database;
  
  linking the PKI key pair to at least a first payment instrument of a buyer;
  
  subsequent to the step of linking the PKI key pair to the first payment instrument and in response to receiving an authentication request from the buyer over a network, the authentication request including a description of the payment transaction and an identity of a seller, the seller separate from the payment authentication service, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;
  
  subsequent to the step of linking the PKI key pair to the first payment instrument, receiving a selection of the first payment instrument from the buyer;
  
  in response to receiving a challenge response from the buyer over the network, the challenge response including a summary of the payment transaction digitally signed by the buyer, decrypting the digitally signed summary of the payment transaction using the public key;
  
  determining, from said decrypting, that the buyer has access to the private key and that the buyer is authorized to use the first payment instrument;
  
  storing a digitally signed record of the payment transaction in a transaction archive; and
  
  notifying the seller that the buyer is authorized to use the first payment instrument.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - creating the PKI key pair; and
      
      sending the private key to the buyer over the network.
  - 3. The method of claim 1, wherein the record of the payment transaction is digitally signed using the private key.
  - 4. The method of claim 1, wherein the record of the online transaction is digitally signed using a local private key.
  - 5. The method of claim 1, wherein the public key is stored in the form of a digital certificate representing that the public key is tied to the buyer.
  - 6. The method of claim 1, further comprising:
    - retrieving a buyer profile from the database, the buyer profile being linked to the PKI key pair and including a plurality of payment instruments and a plurality of shipping addresses;
      
      sending data from the buyer profile to the buyer over the network; and
      
      receiving a selection of one of the plurality of payment instruments and one of the plurality of shipping addresses from the buyer over the network.
  - 7. The method of claim 1, further comprising:
    - processing the payment transaction via a payment gateway.
  - 8. The method of claim 1, further comprising receiving confirmation that the buyer is authorized to use the first payment instrument prior to receiving the authorization request and prior to receiving the selection of the first payment instrument.

9. A computer readable medium storing instructions adapted to be executed by a processor, the instructions including a method for authenticating a payment transaction over a network, the method comprising:
- at a payment authentication service, storing a public key associated with a public key infrastructure (PKI) key pair in a profile database;
  
  storing a buyer profile that links the PKI key pair to at least a first payment instrument of a buyer;
  
  subsequent to the step of storing the buyer profile and in response to receiving an authentication request from the buyer over a network, the authentication request including a description of the payment transaction and an identity of a seller, the seller separate from the payment authentication service, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;
  
  subsequent to the step of storing the buyer profile, receiving a selection of the first payment instrument from the buyer;
  
  in response to receiving a challenge response from the buyer over the network, the challenge response including a summary of the payment transaction digitally signed by the buyer, decrypting the digitally signed summary of the payment transaction using the public key;
  
  determining, from said decrypting, that the buyer has access to the private key and that the buyer is authorized to use the first payment instrument;
  
  storing a digitally signed record of the payment transaction in a transaction archive; and
  
  notifying the seller that the buyer is authorized to use the first payment instrument.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer readable medium of claim 9, wherein the method further comprises:
    - creating the PKI key pair; and
      
      sending the private key to the buyer over the network.
  - 11. The computer readable medium of claim 9, wherein the record of the payment transaction is digitally signed using the private key.
  - 12. The computer readable medium of claim 9, wherein the record of the online transaction is digitally signed using a local private key.
  - 13. The computer readable medium of claim 9, wherein the public key is stored in the form of a digital certificate representing that the public key is tied to the buyer.
  - 14. The computer readable medium of claim 9, wherein the method further comprises:
    - retrieving a buyer profile from the database, the buyer profile being linked to the PKI key pair and including a plurality of payment instruments and a plurality of shipping addresses;
      
      sending data from the buyer profile to the buyer over the network; and
      
      receiving a selection of one of the plurality of payment instruments and one of the plurality of shipping addresses from the buyer over the network.
  - 15. The computer readable medium of claim 9, wherein the method further comprises:
    - processing the payment transaction via a payment gateway.
  - 16. The computer readable medium of claim 9, wherein the method further comprises receiving confirmation that the buyer is authorized to use the first payment instrument prior to receiving the authorization request and prior to receiving the selection of the first payment instrument.

17. A system for authenticating a payment transaction over a network, comprising:
- a profile database;
  
  a transaction archive; and
  
  an authentication service web server coupled to the profile database, the transaction archive and the network, the authentication service web server adaptively configured to;
  
  store a public key associated with a public key infrastructure (PKI) key pair in a profile database;
  
  link the PKI key pair to at least a first payment instrument of a buyer;
  
  subsequent to linking the PKI key pair to the first payment instrument, in response to receiving an authentication request from the buyer over a network, the authentication request including a description of the payment transaction and an identity of a seller, the seller separate from the authentication service, send a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;
  
  subsequent to linking the PKI key pair to the first payment instrument, receive a selection of the first payment instrument from the buyer;
  
  in response to receiving a challenge response from the buyer over the network, the challenge response including a summary of the payment transaction digitally signed by the buyer, decrypt the digitally signed summary of the payment transaction using the public key;
  
  determine, from said decryption, that the buyer has access to the private key and that the buyer is authorized to use the first payment instrument;
  
  store a digitally signed record of the payment transaction in a transaction archive; and
  
  notify the seller that the buyer is authorized to use the first payment instrument.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system of claim 17, wherein the authentication service web server is further adapted to:
    - create the PKI key pair; and
      
      send the private key to the buyer over the network.
  - 19. The system of claim 17, wherein the record of the payment transaction is digitally signed using the private key.
  - 20. The system of claim 17, wherein the record of the online transaction is digitally signed using a local private key.
  - 21. The system of claim 17, wherein the public key is stored in the form of a digital certificate representing that the public key is tied to the buyer.
  - 22. The system of claim 17, wherein the authentication service web server is further adapted to:
    - retrieve a buyer profile from the database, the buyer profile being linked to the PKI key pair and including a plurality of payment instruments and a plurality of shipping addresses;
      
      send data from the buyer profile to the buyer over the network; and
      
      receive a selection of one of the plurality of payment instruments and one of the plurality of shipping addresses from the buyer over the network.
  - 23. The system of claim 17, wherein the authentication service web server is further adapted to:
    - process the payment transaction via a payment gateway.
  - 24. The system of claim 17, wherein the authentication service web server is further adapted to receive confirmation that the buyer is authorized to use the first payment instrument prior to receiving the authorization request and prior to receiving the selection of the first payment instrument.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mastercard International Incorporated (MasterCard Incorporated), Visa International Service Association (Visa, Inc.)
Original Assignee
VeriSign, Inc.
Inventors
Graves, Michael E, Frank, Peter E, Plambeck, Thane, Whitehead, Gregory R
Primary Examiner(s)
Worjloh, Jalatee

Application Number

US09/818,084
Publication Number

US 20040177047A1
Time in Patent Office

3,431 Days
Field of Search

705 50- 79, 713200-202, 713150-186, 235/382
US Class Current

705/67
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 30/06   Buying, selling or leasing ...

Authenticated payment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticated payment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links