Online payer authentication service

US 7,991,701 B2
Filed: 09/01/2010
Issued: 08/02/2011
Est. Priority Date: 04/24/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method wherein an issuer authenticates, for the benefit of a third party, a customer using an account during an online transaction with said third party, said method comprising:

receiving, by said issuer, authentication information concerning said customer;

verifying, by said issuer during a registration process, the identity of said customer as the owner of said account and associating a designated password with said account;

receiving an authentication request message at an access control server from said third party during said online transaction, said message requesting verification of the identity of said customer;

requesting over a network, by said issuer from said customer during said online transaction, an identity-authenticating password;

verifying, by said issuer, that said identity-authenticating password from said customer matches said password previously designated for said account;

notifying said third party over said network during said online transaction, by said issuer, that said customer is the actual owner of said account when said identity-authenticating password entered by said customer matches the password that was previously designated for said account, whereby said issuer authenticates said customer for said third party during said online transaction;

receiving a verify enrollment request message at said access control server operated by said issuer during said online transaction indicating whether said customer account is registered; and

sending a verify enrollment response message back to said third party indicating that said customer account is registered.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder'"'"'s authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.

139 Citations

16 Claims

1. A method wherein an issuer authenticates, for the benefit of a third party, a customer using an account during an online transaction with said third party, said method comprising:
- receiving, by said issuer, authentication information concerning said customer;
  
  verifying, by said issuer during a registration process, the identity of said customer as the owner of said account and associating a designated password with said account;
  
  receiving an authentication request message at an access control server from said third party during said online transaction, said message requesting verification of the identity of said customer;
  
  requesting over a network, by said issuer from said customer during said online transaction, an identity-authenticating password;
  
  verifying, by said issuer, that said identity-authenticating password from said customer matches said password previously designated for said account;
  
  notifying said third party over said network during said online transaction, by said issuer, that said customer is the actual owner of said account when said identity-authenticating password entered by said customer matches the password that was previously designated for said account, whereby said issuer authenticates said customer for said third party during said online transaction;
  
  receiving a verify enrollment request message at said access control server operated by said issuer during said online transaction indicating whether said customer account is registered; and
  
  sending a verify enrollment response message back to said third party indicating that said customer account is registered.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method as recited in claim 1 further comprising:
    - accessing a web site of said third party by said customer using an Internet browser of said customer computer;
      
      redirecting said Internet browser of said customer computer from said web site to said access control server of said issuer, whereby said issuer receives said identity-authenticating password; and
      
      redirecting said Internet browser of said customer computer from said access control server back to said web site of said third party.
  - 3. A method as recited in claim 1 wherein said access control server receives said customer authentication information and said designated password from said issuer during said registration process, whereby said customer need not go through a formal registration process.
  - 4. A method as recited in claim 1 wherein said access control server receives said customer authentication information and said designated password from said customer during said registration process, whereby said registration process is a formal registration process.
  - 5. A method as recited in claim 1 wherein said issuer is an issuer financial institution and said third party is an online merchant, whereby said online merchant conducts an online financial transaction with said customer, and wherein said account of said customer is maintained by said issuer financial institution.
  - 6. A method as recited in claim 1 wherein the access control server determines if said customer account is registered by verifying that said customer account is contained in a database of enrolled customer accounts.
  - 7. A method as recited in claim 1 further comprising:
    - sending said verify enrollment request message from said third party to a directory server to verify that said customer account is registered.
  - 8. A method as recited in claim 1 further comprising:
    - including within said verify enrollment response message an Internet address for said access control server, whereby said Internet address for said access control server allows said third party to communicate with said access control server.
  - 9. A method as recited in claim 1 further comprising:
    - reviewing a memory device controlled by said third party to verify that said customer account is registered.
  - 10. A method as recited in claim 1 further comprising:
    - sending, by said issuer, a card authentication verification value to said third party, the card authentication verification value containing a unique value for said customer account and a specific payment transaction, whereby said card authentication verification value uniquely identifies a specific authenticated payment transaction.
  - 11. A method as recited in claim 1 further comprising:
    - sending, by said third party, of an authorization message to an issuer financial institution to verify said customer account has adequate credit for a requested purchase.
  - 12. A method as recited in claim 1 wherein said first step of verifying further comprising:
    - receiving, by said issuer, said authentication information entered at an enrollment Internet web site by said customer;
      
      verifying, by said issuer, that said enrollment information substantially matches information contained within a pre-existing database of customer information; and
      
      storing said customer account information in a database for enrolled customer accounts.
  - 13. A method as recited in claim 1 wherein said online transaction is a payment transaction.
  - 14. A method as recited in claim 1 further comprising:
    - generating, by said issuer, a digitally-signed transaction receipt using a signature key of said issuer; and
      
      sending, by said issuer, said digitally-signed transaction receipt to said third party, whereby said digitally-signed transaction receipt confirms to said third party that the identity of said customer has been authenticated.
  - 15. A method as recited in claim 14 wherein said transaction receipt includes a number associated with said customer account, a transaction payment amount, and a transaction payment date.
  - 16. A method as recited in claim 14 further comprising:
    - verifying, by said third party, said digitally signed transaction receipt such that said third party is assured that said transaction receipt was sent from a specific issuer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Lewis, Tony D., Reno, James Donald, Ryan, Stephen W., Weller, Kevin D., Dominguez, Benedicto H., Bray, Peter, Manessis, Thomas J., Hill, Peter R.
Primary Examiner(s)
Worjloh; Jalatee

Application Number

US12/873,869
Publication Number

US 20100332393A1
Time in Patent Office

335 Days
Field of Search

705 64- 79, 713/150
US Class Current

705/78
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/027   involving a payment switch ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4014   Identity check for transact...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

Online payer authentication service

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

139 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Online payer authentication service

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

139 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links