Authenticated payment

US 7,983,993 B2
Filed: 07/23/2010
Issued: 07/19/2011
Est. Priority Date: 04/17/2000
Status: Expired due to Term

First Claim

Patent Images

1. A computer-implemented method, performed by a computer system comprising one or more processors and computer memory, for authenticating an electronic payment transaction over a communications network, comprising:

at a payment authentication service operated by the computer system, linking secret information to at least a first payment instrument of a buyer in computer memory, the secret information being known only to the buyer;

receiving an electronic request to authenticate the buyer as being authorized to use the first payment instrument in an electronic payment transaction;

subsequent to the step of linking the secret information to the first payment instrument in computer memory and in response to receiving the electronic request to authenticate the buyer, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;

subsequent to the step of linking the secret information to the first payment instrument in computer memory, receiving an electronic indication of a selection of the first payment instrument from the buyer;

receiving a challenge response from the buyer over the network, the challenge response proving that the buyer has access to the secret information;

in response to receiving the challenge response, determining that the buyer has access to the secret information and that the buyer is authorized to use the first payment instrument; and

notifying a seller that the buyer is authorized to use the first payment instrument.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A buyer (110) wishes to use a payment instrument as part of an online commerce transaction with a seller (120) and it is desired to authenticate that the buyer (110) has authority to use the payment instrument. A separate authentication service (130) determines whether the buyer (110) has access to certain secret information without revealing the secret information to the seller (120). Access to the secret information would verify that the buyer (110) has authority to use the payment instrument. The authentication service (130) informs the seller (120) whether the buyer (110) is authorized to use the payment instrument.

57 Citations

View as Search Results

19 Claims

1. A computer-implemented method, performed by a computer system comprising one or more processors and computer memory, for authenticating an electronic payment transaction over a communications network, comprising:
- at a payment authentication service operated by the computer system, linking secret information to at least a first payment instrument of a buyer in computer memory, the secret information being known only to the buyer;
  
  receiving an electronic request to authenticate the buyer as being authorized to use the first payment instrument in an electronic payment transaction;
  
  subsequent to the step of linking the secret information to the first payment instrument in computer memory and in response to receiving the electronic request to authenticate the buyer, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;
  
  subsequent to the step of linking the secret information to the first payment instrument in computer memory, receiving an electronic indication of a selection of the first payment instrument from the buyer;
  
  receiving a challenge response from the buyer over the network, the challenge response proving that the buyer has access to the secret information;
  
  in response to receiving the challenge response, determining that the buyer has access to the secret information and that the buyer is authorized to use the first payment instrument; and
  
  notifying a seller that the buyer is authorized to use the first payment instrument.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the secret information is a secret encryption key of the buyer, and wherein said step of linking the secret information further comprises linking a corresponding public key to the first payment instrument in computer memory.
  - 3. The method of claim 1, wherein the electronic request to authenticate the buyer as being authorized to use the first payment instrument is received from the seller.
  - 4. The method of claim 1, wherein the electronic request to authenticate the buyer as being authorized to use the first payment instrument is received from the buyer.
  - 5. The method of claim 1, further comprising:
    - generating a digitally signed record of the transaction once the transaction is complete.
  - 6. The method of claim 5, wherein the secret information is a secret encryption key of the buyer, and wherein the record of the payment transaction is digitally signed using the buyer'"'"'s secret encryption key.
  - 7. The method of claim 5, wherein the record of the online transaction is digitally signed using a private key of the payment authentication service.
  - 8. The method of claim 5, further comprising, subsequent to generating the signed record of the transaction:
    - storing the signed record of the transaction in computer memory;
      
      in response to a dispute related to the payment transaction, retrieving the stored signed record of the transaction from computer memory; and
      
      based upon the contents of the signed record of the transaction, resolving the dispute related to the payment transaction.
  - 9. The method of claim 1, wherein the step of determining that the buyer has access to the secret information comprises decrypting a portion of the received challenge response using a public key of the buyer.

10. A tangible computer-readable medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform a method comprising:
- at a payment authentication service, linking secret information to at least a first payment instrument of a buyer, the secret information being known only to the buyer;
  
  receiving a request to authenticate the buyer as being authorized to use the first payment instrument in a payment transaction;
  
  subsequent to the step of linking the secret information to the first payment instrument and in response to receiving the request to authenticate the buyer, sending a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;
  
  subsequent to the step of linking the secret information to the first payment instrument, receiving a selection of the first payment instrument from the buyer;
  
  receiving a challenge response from the buyer over the network, the challenge response proving that the buyer has access to the secret information;
  
  in response to receiving the challenge response, determining that the buyer has access to the secret information and that the buyer is authorized to use the first payment instrument; and
  
  notifying the seller that the buyer is authorized to use the first payment instrument.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer-readable medium of claim 10, wherein the secret information is a secret encryption key of the buyer, and wherein said step of linking the secret information further comprises linking a corresponding public key to the first payment instrument.
  - 12. The computer-readable medium of claim 10, wherein the method specified by the stored instructions further comprises:
    - generating a digitally signed record of the transaction once the transaction is complete.
  - 13. The computer-readable medium of claim 12, wherein the method specified by the stored instructions further comprises:
    - subsequent to generating the signed record of the transaction;
      
      storing the signed record of the transaction;
      
      in response to a dispute related to the payment transaction, retrieving the stored signed record of the transaction; and
      
      based upon the contents of the signed record of the transaction, resolving the dispute related to the payment transaction.
  - 14. The computer-readable medium of claim 10, wherein the step of determining that the buyer has access to the secret information comprises:
    - decrypting a portion of the received challenge response using a public key of the buyer.

15. A system for authenticating a payment transaction over a network, comprising:
- a transaction archive; and
  
  an authentication service web server coupled to the transaction archive and the network, the authentication service web server configured to;
  
  link secret information to at least a first payment instrument of a buyer, the secret information being known only to the buyer;
  
  receive a request to authenticate the buyer as being authorized to use the first payment instrument in a payment transaction;
  
  subsequent to the step of linking the secret information to the first payment instrument and in response to receiving the request to authenticate the buyer, send a challenge request to the buyer over the network, the challenge request including a summary of the payment transaction;
  
  subsequent to the step of linking the secret information to the first payment instrument, receive a selection of the first payment instrument from the buyer;
  
  receive a challenge response from the buyer over the network, the challenge response proving that the buyer has access to the secret information;
  
  in response to receiving the challenge response, determine that the buyer has access to the secret information and that the buyer is authorized to use the first payment instrument; and
  
  notify the seller that the buyer is authorized to use the first payment instrument.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15, wherein the secret information is a secret encryption key of the buyer, and wherein the authentication service web server is configured to link the secret information by linking a corresponding public key to the first payment instrument.
  - 17. The system of claim 15, wherein the authentication service web server is further configured to:
    - generate a digitally signed record of the transaction once the transaction is complete.
  - 18. The system of claim 17, wherein the authentication service web server is further configured to:
    - subsequent to the step of generating the signed record of the transaction;
      
      store the signed record of the transaction;
      
      in response to a dispute related to the payment transaction, retrieve the stored signed record of the transaction; and
      
      based upon the contents of the signed record of the transaction, resolve the dispute related to the payment transaction.
  - 19. The system of claim 15, wherein the authentication service web server is further configured to determine that the buyer has access to the secret information by decrypting a portion of the received challenge response using a public key of the buyer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VeriSign, Inc.
Original Assignee
VeriSign, Inc.
Inventors
Graves, Michael E., Frank, Peter E., Plambeck, Thane, Whitehead, Gregory R.
Primary Examiner(s)
Worjloh, Jalatee

Application Number

US12/842,270
Publication Number

US 20100293100A1
Time in Patent Office

361 Days
Field of Search

705 50- 79, 380/277, 235/389, 713/150, 726/26
US Class Current

705/67
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 30/06   Buying, selling or leasing ...

Authenticated payment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticated payment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links