Payment transaction processing using out of band authentication

US 8,245,044 B2
Filed: 07/31/2009
Issued: 08/14/2012
Est. Priority Date: 11/14/2008
Status: Active Grant

First Claim

Patent Images

1. A transaction processor, comprising:

an electronic processor;

a memory coupled to the electronic processor; and

a set of instructions stored in the memory which, when executed by the electronic processor cause the payment transaction processor toreceive a request to authorize a payment transaction initiated by a consumer using a merchant'"'"'s web-site, the payment transaction initiated by the consumer using a first device coupled to a first communications channel;

enable a consumer to download an application to a second device, the application providing the second device with the ability to access a digital certificate associated with the consumer;

process the received request to authorize the transaction to determine a payment account associated with the consumer;

determine, based on the payment account, data that may be used to contact the consumer on the second device;

send a request to the consumer to approve the transaction by sending the request to the second device over a second communications channel; and

in response to the request sent to the consumer to approve the transaction, receive a message from the consumer generated by the second device and provided over the second communications channel, the message approving or denying the transaction and including the digital certificate associated with the consumer, the certificate serving to authenticate the consumer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, apparatuses, and methods for increasing the security of electronic payment transactions, such as eCommerce transactions conducted over the Internet. A transaction approval or authorization mechanism uses an out of band process to provide authentication or identification data that has previously been registered by a user and associated with the user'"'"'s payment device or account. The out of band authentication data may be provided in response to a message sent to a user'"'"'s mobile phone, where the message is generated in response to entering the user'"'"'s phone number into a form that is provided when the user engages in an electronic payment transaction using a desktop computer. The data may include a digital signature and associated digital certificate that is used to authenticate the user.

128 Citations

20 Claims

1. A transaction processor, comprising:
- an electronic processor;
  
  a memory coupled to the electronic processor; and
  
  a set of instructions stored in the memory which, when executed by the electronic processor cause the payment transaction processor toreceive a request to authorize a payment transaction initiated by a consumer using a merchant'"'"'s web-site, the payment transaction initiated by the consumer using a first device coupled to a first communications channel;
  
  enable a consumer to download an application to a second device, the application providing the second device with the ability to access a digital certificate associated with the consumer;
  
  process the received request to authorize the transaction to determine a payment account associated with the consumer;
  
  determine, based on the payment account, data that may be used to contact the consumer on the second device;
  
  send a request to the consumer to approve the transaction by sending the request to the second device over a second communications channel; and
  
  in response to the request sent to the consumer to approve the transaction, receive a message from the consumer generated by the second device and provided over the second communications channel, the message approving or denying the transaction and including the digital certificate associated with the consumer, the certificate serving to authenticate the consumer.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The transaction processor of claim 1, wherein the application further enables the second device to securely communicate with a gateway server that couples the second communications channel to a different communications channel.
  - 3. The transaction processor of claim 1, wherein the data that may be used to contact the consumer on the second device is a phone number associated with the second device.
  - 4. The transaction processor of claim 1, wherein the first device is a computing device coupled to the first communications channel.
  - 5. The transaction processor of claim 1, wherein the request to approve the transaction includes an address to which a response to the request should be directed.
  - 6. The transaction processor of claim 4, wherein the digital certificate corresponds to a digital certificate resident on the computing device.

7. A method of processing an electronic payment transaction, comprising:
- registering a user by associating contact data for the user with the user'"'"'s payment account, the contact data corresponding to an identifier for a first device coupled to a first communications channel;
  
  enabling the user to download an application to the first device, the application providing the first device with the ability to access a digital certificate associated with the user;
  
  receiving a request to authorize an electronic payment transaction initiated by the user using a second device coupled to a second communications channel;
  
  generating a message requesting that the user approve the electronic payment transaction;
  
  sending the payment transaction approval message to the user over the first communications channel using the contact data; and
  
  in response to the payment transaction approval message, receiving a message from the user approving or denying the payment transaction, the message including the digital certificate associated with the user, the certificate serving to authenticate the user.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the application further enables the first device to securely communicate with a gateway server that couples the first communications channel to a different communications channel.
  - 9. The method of claim 7, wherein the first communications channel is a cellular network.
  - 10. The method of claim 7, wherein the first device is a mobile phone and the contact data includes the user'"'"'s mobile phone number.
  - 11. The method of claim 7, wherein the payment transaction approval message is a SMS message.
  - 12. The method of claim 7, wherein the payment transaction approval message includes an address to which the response to the message should be sent.
  - 13. The method of claim 7, wherein the method further comprisesusing the downloaded application to access the digital certificate from a server or from the user'"'"'s second device.

14. A method of processing an electronic payment transaction, comprising:
- enabling a user to download an application to a first device coupled to a first communications channel, the application providing the first device with the ability to access a digital certificate associated with the user;
  
  receiving a request to authorize the electronic payment transaction, wherein the electronic payment transaction is initiated by the user at a merchant'"'"'s web-site using a second device coupled to a second communications channel;
  
  sending a request for authentication data to the user over the second communications channel, the request for authentication data received by the user on the second device;
  
  receiving a response to the request for authentication data from the user over the second communications channel;
  
  processing the response to determine a payment account associated with the user;
  
  using the determined payment account as a source of payment for the electronic payment transaction;
  
  generating a transaction approval message for the electronic payment transaction;
  
  sending the transaction approval message to the first device over the first communications channel; and
  
  receiving a response to the transaction approval message from the first device, the response including the digital certificate associated with the user, the certificate serving to authenticate the user.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the transaction approval message is a SMS message.
  - 16. The method of claim 14, wherein the transaction approval message is an email message.
  - 17. The method of claim 14, wherein the transaction approval message includes an address to which the response to the transaction approval message should be sent.
  - 18. The method of claim 14, wherein the method further comprisesusing the downloaded application to access the digital certificate from a server or from the user'"'"'s second device.
  - 19. The method of claim 14, wherein the first device is the user'"'"'s mobile phone.
  - 20. The method of claim 14, wherein the authentication data is one or more of the user'"'"'s mobile phone number or a password associated with the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Kang, Denis Dong
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Wysznski, Aubrey

Application Number

US12/534,042
Publication Number

US 20100125737A1
Time in Patent Office

1,110 Days
Field of Search

713/176, 705/35
US Class Current

713/176
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/326   Payment applications instal...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/42   Confirmation, e.g. check or...

G06Q 20/425   using two different network...

G06Q 40/00   Finance; Insurance; Tax str...

Payment transaction processing using out of band authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

128 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Payment transaction processing using out of band authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

128 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others