Authenticated payment
First Claim
1. A computer-implemented method, performed by a computer system comprising one or more processors and computer memory, for authenticating an electronic payment transaction over a communications network, comprising:
- at a payment authentication service operated by the computer system, linking secret information to at least a first payment instrument of a buyer in computer memory, the secret information being known only to the buyer;
receiving an electronic request to authenticate the buyer as being authorized to use the first payment instrument in an electronic payment transaction;
subsequent to the step of linking the secret information to the first payment instrument in computer memory and in response to receiving the electronic request to authenticate the buyer, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;
subsequent to the step of linking the secret information to the first payment instrument in computer memory, receiving an electronic indication of a selection of the first payment instrument from the buyer;
receiving a challenge response from the buyer over the network, the challenge response proving that the buyer has access to the secret information;
in response to receiving the challenge response, determining that the buyer has access to the secret information and that the buyer is authorized to use the first payment instrument; and
notifying a seller that the buyer is authorized to use the first payment instrument.
0 Assignments
0 Petitions
Accused Products
Abstract
A buyer (110) wishes to use a payment instrument as part of an online commerce transaction with a seller (120) and it is desired to authenticate that the buyer (110) has authority to use the payment instrument. A separate authentication service (130) determines whether the buyer (110) has access to certain secret information without revealing the secret information to the seller (120). Access to the secret information would verify that the buyer (110) has authority to use the payment instrument. The authentication service (130) informs the seller (120) whether the buyer (110) is authorized to use the payment instrument.
57 Citations
19 Claims
-
1. A computer-implemented method, performed by a computer system comprising one or more processors and computer memory, for authenticating an electronic payment transaction over a communications network, comprising:
-
at a payment authentication service operated by the computer system, linking secret information to at least a first payment instrument of a buyer in computer memory, the secret information being known only to the buyer; receiving an electronic request to authenticate the buyer as being authorized to use the first payment instrument in an electronic payment transaction; subsequent to the step of linking the secret information to the first payment instrument in computer memory and in response to receiving the electronic request to authenticate the buyer, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction; subsequent to the step of linking the secret information to the first payment instrument in computer memory, receiving an electronic indication of a selection of the first payment instrument from the buyer; receiving a challenge response from the buyer over the network, the challenge response proving that the buyer has access to the secret information; in response to receiving the challenge response, determining that the buyer has access to the secret information and that the buyer is authorized to use the first payment instrument; and notifying a seller that the buyer is authorized to use the first payment instrument. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A tangible computer-readable medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform a method comprising:
-
at a payment authentication service, linking secret information to at least a first payment instrument of a buyer, the secret information being known only to the buyer; receiving a request to authenticate the buyer as being authorized to use the first payment instrument in a payment transaction; subsequent to the step of linking the secret information to the first payment instrument and in response to receiving the request to authenticate the buyer, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction; subsequent to the step of linking the secret information to the first payment instrument, receiving a selection of the first payment instrument from the buyer; receiving a challenge response from the buyer over the network, the challenge response proving that the buyer has access to the secret information; in response to receiving the challenge response, determining that the buyer has access to the secret information and that the buyer is authorized to use the first payment instrument; and notifying the seller that the buyer is authorized to use the first payment instrument. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system for authenticating a payment transaction over a network, comprising:
-
a transaction archive; and an authentication service web server coupled to the transaction archive and the network, the authentication service web server configured to; link secret information to at least a first payment instrument of a buyer, the secret information being known only to the buyer; receive a request to authenticate the buyer as being authorized to use the first payment instrument in a payment transaction; subsequent to the step of linking the secret information to the first payment instrument and in response to receiving the request to authenticate the buyer, send a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction; subsequent to the step of linking the secret information to the first payment instrument, receive a selection of the first payment instrument from the buyer; receive a challenge response from the buyer over the network, the challenge response proving that the buyer has access to the secret information; in response to receiving the challenge response, determine that the buyer has access to the secret information and that the buyer is authorized to use the first payment instrument; and notify the seller that the buyer is authorized to use the first payment instrument. - View Dependent Claims (16, 17, 18, 19)
-
Specification