Online payer authentication service
First Claim
1. A method wherein an issuer authenticates, for the benefit of a third party, a customer using an account during an online transaction with said third party, said method comprising:
- receiving, by said issuer, authentication information concerning said customer;
verifying, by said issuer during a registration process, the identity of said customer as the owner of said account and associating a designated password with said account;
receiving an authentication request message at an access control server from said third party during said online transaction, said message requesting verification of the identity of said customer;
requesting over a network, by said issuer from said customer during said online transaction, an identity-authenticating password;
verifying, by said issuer, that said identity-authenticating password from said customer matches said password previously designated for said account;
notifying said third party over said network during said online transaction, by said issuer, that said customer is the actual owner of said account when said identity-authenticating password entered by said customer matches the password that was previously designated for said account, whereby said issuer authenticates said customer for said third party during said online transaction;
receiving a verify enrollment request message at said access control server operated by said issuer during said online transaction indicating whether said customer account is registered; and
sending a verify enrollment response message back to said third party indicating that said customer account is registered.
0 Assignments
0 Petitions
Accused Products
Abstract
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder'"'"'s authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.
139 Citations
16 Claims
-
1. A method wherein an issuer authenticates, for the benefit of a third party, a customer using an account during an online transaction with said third party, said method comprising:
-
receiving, by said issuer, authentication information concerning said customer; verifying, by said issuer during a registration process, the identity of said customer as the owner of said account and associating a designated password with said account; receiving an authentication request message at an access control server from said third party during said online transaction, said message requesting verification of the identity of said customer; requesting over a network, by said issuer from said customer during said online transaction, an identity-authenticating password; verifying, by said issuer, that said identity-authenticating password from said customer matches said password previously designated for said account; notifying said third party over said network during said online transaction, by said issuer, that said customer is the actual owner of said account when said identity-authenticating password entered by said customer matches the password that was previously designated for said account, whereby said issuer authenticates said customer for said third party during said online transaction; receiving a verify enrollment request message at said access control server operated by said issuer during said online transaction indicating whether said customer account is registered; and sending a verify enrollment response message back to said third party indicating that said customer account is registered. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification