Online payer authentication service

US 7,827,115 B2
Filed: 04/24/2001
Issued: 11/02/2010
Est. Priority Date: 04/24/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method wherein an account issuer authenticates, for the benefit of a third party, that a customer using an account during an online transaction with said third party is the actual owner of said account, said third party desiring verification as to the identity of said customer before proceeding with said online transaction with said customer, said method comprising:

receiving, by said issuer, authentication information concerning said customer;

verifying, by said issuer during a registration process, the identity of said customer as the owner of said account and associating a designated password with said account;

receiving a verify enrollment request message at an access control server operated by said issuer during said online transaction as to whether said customer account is registered;

sending a verify enrollment response message back to said third party indicating that said customer account is registered;

receiving an authentication request message at said access control server from said third party during said online transaction, said message requesting verification of the identity of said customer, said authentication request message being routed via an Internet browser of a computer of said customer and being sent after said verify enrollment response message;

requesting over a network, by said issuer from said customer during said online transaction, of an identity-authenticating password;

verifying, by said issuer, that said identity-authenticating password from said customer matches said password previously designated for said account; and

notifying said third party over said network during said online transaction, by said issuer, that said customer is the actual owner of said account when said identity-authenticating password entered by said customer matches the password that was previously designated for said account, said notifying being routed via said Internet browser of said computer of said customer, whereby said issuer authenticates said customer for said third party during said online transaction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder'"'"'s authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.

Citations

38 Claims

1. A method wherein an account issuer authenticates, for the benefit of a third party, that a customer using an account during an online transaction with said third party is the actual owner of said account, said third party desiring verification as to the identity of said customer before proceeding with said online transaction with said customer, said method comprising:
- receiving, by said issuer, authentication information concerning said customer;
  
  verifying, by said issuer during a registration process, the identity of said customer as the owner of said account and associating a designated password with said account;
  
  receiving a verify enrollment request message at an access control server operated by said issuer during said online transaction as to whether said customer account is registered;
  
  sending a verify enrollment response message back to said third party indicating that said customer account is registered;
  
  receiving an authentication request message at said access control server from said third party during said online transaction, said message requesting verification of the identity of said customer, said authentication request message being routed via an Internet browser of a computer of said customer and being sent after said verify enrollment response message;
  
  requesting over a network, by said issuer from said customer during said online transaction, of an identity-authenticating password;
  
  verifying, by said issuer, that said identity-authenticating password from said customer matches said password previously designated for said account; and
  
  notifying said third party over said network during said online transaction, by said issuer, that said customer is the actual owner of said account when said identity-authenticating password entered by said customer matches the password that was previously designated for said account, said notifying being routed via said Internet browser of said computer of said customer, whereby said issuer authenticates said customer for said third party during said online transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method as recited in claim 1 wherein said issuer is an issuer financial institution and said third party is an online merchant, whereby said online merchant conducts an online financial transaction with said customer, and wherein said account of said customer is maintained by said issuer financial institution.
  - 3. A method as recited in claim 1 wherein the access control server determines if said customer account is registered by verifying that said customer account is contained in a database of enrolled customer accounts.
  - 4. A method as recited in claim 1 further comprising:
    - sending said verify enrollment request message from said third party to a directory server to verify that said customer account is registered.
  - 5. A method as recited in claim 1 further comprising:
    - including within said verify enrollment response message an Internet address for said access control server, whereby said Internet address for said access control server allows said third party to communicate with said access control server.
  - 6. A method as recited in claim 1 further comprising:
    - reviewing a memory device controlled by said third party to verify that said customer account is registered.
  - 7. A method as recited in claim 1 further comprising:
    - generating, by said issuer, a digitally-signed transaction receipt using a signature key of said issuer; and
      
      sending, by said issuer, said digitally-signed transaction receipt to said third party, whereby said digitally-signed transaction receipt confirms to said third party that the identity of said customer has been authenticated.
  - 8. A method as recited in claim 7 wherein said transaction receipt includes a number associated with said customer account, a transaction payment amount, and a transaction payment date.
  - 9. A method as recited in claim 7 further comprising:
    - verifying, by said third party, said digitally signed transaction receipt such that said third party is assured that said transaction receipt was sent from a specific issuer.
  - 10. A method as recited in claim 1 further comprising:
    - sending, by said issuer, a card authentication verification value to said third party, the card authentication verification value containing a unique value for said customer account and a specific payment transaction, whereby said card authentication verification value uniquely identifies a specific authenticated payment transaction.
  - 11. A method as recited in claim 1 further comprising:
    - sending, by said third party, of an authorization message to an issuer financial institution to verify said customer account has adequate credit for a requested purchase.
  - 12. A method as recited in claim 1 wherein said first step of verifying further comprising:
    - receiving, by said issuer, said authentication information entered at an enrollment Internet web site by said customer;
      
      verifying, by said issuer, that said enrollment information substantially matches information contained within a pre-existing database of customer information; and
      
      storing said customer account information in a database for enrolled customer accounts.
  - 13. A method as recited in claim 1 further comprising:
    - accessing a web site of said third party by said customer using an Internet browser of said customer computer;
      
      redirecting said Internet browser of said customer computer from said web site to said access control server of said issuer, whereby said issuer receives said identity-authenticating password; and
      
      redirecting said Internet browser of said customer computer from said access control server back to said web site of said third party.
  - 14. A method as recited in claim 1 wherein said access control server receives said customer authentication information and said designated password from said issuer during said registration process, whereby said customer need not go through a formal registration process.
  - 15. A method as recited in claim 1 wherein said access control server receives said customer authentication information and said designated password from said customer during said registration process, whereby said registration process is a formal registration process.
  - 16. A method as recited in claim 1 wherein said online transaction is a payment transaction.

17. A method performed by an authentication service wherein an account issuer authenticates, for the benefit of a third party, that a customer using an account during an online transaction with said third party is the actual owner of said account, said method comprising:
- receiving, by said issuer, authentication information concerning said customer;
  
  verifying, by said issuer during a registration process, the identity of said customer as the owner of said account and associating a designated password with said account;
  
  performing a verification process by said third party during said online transaction to determine whether said customer account is registered;
  
  receiving an indication responsive to said performing at said third party indicating that said customer account is registered;
  
  sending an authentication request message via a customer computer from a third-party software module over a network during said online transaction, said request message being sent after said verification process;
  
  receiving said authentication request message at an access control server that is operated by said issuer;
  
  requesting over said network, by said issuer, of a password from said customer;
  
  verifying, by said issuer, that said password entered by said customer matches said password previously designated for said account; and
  
  sending over said network, by said issuer, an authentication response message to a third-party software module, said authentication response message containing an authentication status indicator, said response message being routed via said computer of said customer, whereby said issuer authenticates said customer for said third party.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. A method as recited in claim 17 wherein said online transaction is a payment transaction.
  - 19. A method as recited in claim 17 wherein said third-party software module sends said authentication request message to said access control server by way of a browser in said customer computer, and wherein said issuer sends said response message to said third-party software module by way of said browser in said customer computer.
  - 20. A method as recited in claim 17 wherein said third-party software module sends said authentication request message to a software module of said customer computer and wherein said customer computer then sends said authentication request message to said access control server.
  - 21. A method as recited in claim 17 further comprising:
    - redirecting an Internet browser of said customer computer from said third party to said access control server of said issuer, whereby said issuer receives said entered password; and
      
      redirecting said Internet browser of said customer computer from said access control server back to said third party.
  - 22. A method as recited in claim 17 wherein said performing includesquerying a directory server by said third party to determine if said customer account corresponds to a record of said directory server.
  - 23. A method as recited in claim 17 wherein said performing includesdirectly querying said access control server by said third party.
  - 24. A method as recited in claim 17 wherein said performing includeschecking a cache memory of said third party.

25. A method performed by a customer computer used with an authentication service wherein an issuer financial institution authenticates, for the benefit of a third party, that a customer using an account during an online transaction with said third party is the actual owner of said account, said method comprising:
- sending enrollment information to an enrollment web site by said customer during a registration process so that said issuer verifies the identity of said customer as the owner of said account;
  
  supplying a password to be designated for said account during said registration process;
  
  performing a verification process by said third party during said online transaction to determine whether said customer account is registered with said authentication service;
  
  receiving an indication responsive to said performing at said third party indicating that said customer account is registered;
  
  receiving, by said customer computer after said verification process, an authentication request message from said third party during said online transaction that requests the identity of said customer be authenticated;
  
  sending said authentication request message to an access control server operated by said issuer financial institution, said customer having an account with said issuer financial institution;
  
  receiving a request from said access control server for said customer to enter a password used to verify the identity of said customer during said online transaction;
  
  supplying said password used to verify identity; and
  
  facilitating the sending of an authentication response message from said access control server to said third party via said customer computer regarding the verification of the identity of said customer, whereby said access control server verifies the identity of said customer for said third party.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. A method as recited in claim 25 wherein said online transaction is a payment transaction.
  - 27. A method as recited in claim 25 further comprising:
    - accessing a web site of said third party by said customer using an Internet browser of said customer computer;
      
      redirecting said Internet browser of said customer computer from said web site to said access control server of said issuer, whereby said issuer receives said password; and
      
      redirecting said Internet browser of said computer from said access control server back to said web site of said third party.
  - 28. A method as recited in claim 25 wherein said performing includesquerying a directory server by said third party to determine if said customer account corresponds to a record of said directory server.
  - 29. A method as recited in claim 25 wherein said performing includesdirectly querying said access control server by said third party.
  - 30. A method as recited in claim 25 wherein said performing includeschecking a cache memory of said third party.

31. A method performed by an authentication service wherein an account issuer authenticates a customer for the benefit of a third party, said method comprising:
- receiving, by said issuer, authentication information concerning said customer;
  
  verifying, by said issuer during a registration process, the identity of said customer as the owner of said account and associating a designated password with said account;
  
  receiving a request over a network from a customer computer to perform an online financial transaction with said third party;
  
  performing a verification process by said third party during said online transaction to determine whether said customer account is enrolled in said authentication service;
  
  receiving an indication responsive to said performing at said third party indicating that said customer account is enrolled;
  
  sending an authentication request message from said third party via said customer computer over a network during said financial transaction, said authentication request message destined for a computer of said issuer and being sent after said performing;
  
  receiving an authentication response message from said computer of said issuer via said customer computer during said financial transaction, said authentication response message indicating the authenticity of said customer, said authenticity being based upon a password supplied by said customer to said computer of said issuer during said financial transaction and upon said password previously designated for said account, whereby said issuer authenticates said customer for said third party.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38)
- - 32. A method as recited in claim 31 wherein said financial transaction is a payment transaction.
  - 33. A method as recited in claim 31 wherein said third party sends said authentication request message to said issuer computer by way of a browser in said customer computer, and wherein said issuer sends said response message to said third party by way of said browser in said customer computer.
  - 34. A method as recited in claim 31 wherein said third party sends said authentication request message to a software module of said customer computer and wherein said customer computer then sends said authentication request message to said issuer computer.
  - 35. A method as recited in claim 31 further comprising:
    - performing said sending by redirecting an Internet browser of said customer computer from a web site of said third party to said computer of said issuer, whereby said issuer receives said password; and
      
      performing said second step of receiving by redirecting said Internet browser of said customer computer from said computer of said issuer back to said web site of said third party.
  - 36. A method as recited in claim 31 wherein said performing includesquerying a directory server by said third party to determine if said customer account corresponds to a record of said directory server.
  - 37. A method as recited in claim 31 wherein said performing includesdirectly querying said issuer computer by said third party.
  - 38. A method as recited in claim 31 wherein said performing includeschecking a cache memory of said third party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Lewis, Tony D., Reno, James Donald, Ryan, Stephen W., Weller, Kevin D., Dominguez, Benedicto H., Bray, Peter, Manessis, Thomas J., Hill, Peter R.
Primary Examiner(s)
Worjloh; Jalatee

Application Number

US09/842,313
Publication Number

US 20020111919A1
Time in Patent Office

3,479 Days
Field of Search

705 50- 79, 705 35- 44
US Class Current

705/78
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/027   involving a payment switch ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4014   Identity check for transact...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

Online payer authentication service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Online payer authentication service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links