Online account authentication service

US 8,271,395 B2
Filed: 05/24/2002
Issued: 09/18/2012
Est. Priority Date: 04/24/2000
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating an entity during an online transaction with a third party, said authenticating performed by an issuer that maintains an account of said entity, said method comprising:

a step for performing the function of verifying, by said issuer during a registration process, the identity of said entity as the owner of said account and associating a password with said account;

routing an online request from said third party to said issuer via an Internet browser of a computer of said entity in the form of an authentication request message;

receiving, by said issuer at an access control server, said online request from said third party to authenticate said entity;

receiving, by said issuer at said access control server, an identity authenticating password from said entity over an online connection;

comparing, by said access control server, said identity authenticating password against said password previously designated for said account of said entity;

routing an online communication from said issuer to said third party via said Internet browser of said computer of said entity in the form of an authentication response message; and

notifying said third party via said online communication that said entity is the actual owner of said account when said identity authenticating password received from said entity matches the password that was previously designated for said account, said online communication being sent from said access control server, performing said steps of routing without the use of any additional software on said computer of said entity relating to said method of authenticating, whereby said issuer authenticates for the benefit of said third party that said entity is the actual owner of said account,wherein said issuer is a financial institution, andwherein said third party is an online merchant, and wherein said method further comprises conducting a financial transaction between said online merchant and said entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder'"'"'s authenticity has been verified. A chip card and the authentication service independently generate cryptograms to match in order for the service to verify that the correct chip card is being used by the cardholder.

184 Citations

27 Claims

1. A method of authenticating an entity during an online transaction with a third party, said authenticating performed by an issuer that maintains an account of said entity, said method comprising:
- a step for performing the function of verifying, by said issuer during a registration process, the identity of said entity as the owner of said account and associating a password with said account;
  
  routing an online request from said third party to said issuer via an Internet browser of a computer of said entity in the form of an authentication request message;
  
  receiving, by said issuer at an access control server, said online request from said third party to authenticate said entity;
  
  receiving, by said issuer at said access control server, an identity authenticating password from said entity over an online connection;
  
  comparing, by said access control server, said identity authenticating password against said password previously designated for said account of said entity;
  
  routing an online communication from said issuer to said third party via said Internet browser of said computer of said entity in the form of an authentication response message; and
  
  notifying said third party via said online communication that said entity is the actual owner of said account when said identity authenticating password received from said entity matches the password that was previously designated for said account, said online communication being sent from said access control server, performing said steps of routing without the use of any additional software on said computer of said entity relating to said method of authenticating, whereby said issuer authenticates for the benefit of said third party that said entity is the actual owner of said account,wherein said issuer is a financial institution, andwherein said third party is an online merchant, and wherein said method further comprises conducting a financial transaction between said online merchant and said entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 11, 13, 15, 17, 19, 21, 23)
- - 2. A method as recited in claim 1 wherein said entity owns an account of the type selected from the group consisting of retail banking accounts, wholesale banking accounts, medical accounts, insurance accounts, brokerage accounts, and telephone service accounts.
  - 3. A method as recited in claim 1, said authentication request message facilitating a non-payment transaction.
  - 4. A method as recited in claim 3, said authentication response message facilitating said non-payment transaction.
  - 5. A method as recited in claim 1 further comprising:
    - querying, by said issuer, said access control server to perform said step of comparing, wherein said previously designated password is stored at said access control server.
  - 6. A method as recited in claim 5 further comprising:
    - determining, by said access control server, if an account of said entity is enrolled by verifying that said entity account is contained in a database of enrolled entity accounts.
  - 7. A method as recited in claim 1 further comprising:
    - generating a digitally signed transaction receipt using a signature key of said issuer; and
      
      sending of the digitally signed transaction receipt to said third party, whereby said digitally signed transaction receipt confirms to said third party that the identity of said entity has been authenticated.
  - 8. A method as recited in claim 1 further comprising:
    - sending of a card authentication verification value to said third party, said card authentication verification value containing a unique value for said entity account and a specific transaction, whereby said card authentication verification value uniquely identifies a specific authenticated transaction.
  - 11. A method as recited in claim 1, wherein said identity authenticating password is a password, a PIN, a question-response pair, or a phrase.
  - 13. A method as recited in claim 1 further comprising:
    - determining whether said entity is registered before sending said online request from said third party to said issuer.
  - 15. A method as recited in claim 1 wherein said step of receiving the identity authenticating password from said entity, said step of comparing and said step of notifying occur in real time during said online transaction.
  - 17. A method as recited in claim 1 further comprising:
    - accessing a web site of said third party by said entity using the Internet browser;
      
      redirecting said Internet browser of said computer from said web site to the access control server, whereby said issuer receives said identity authenticating password; and
      
      redirecting said Internet browser from said access control server back to said web site of said third party.
  - 19. A method as recited in claim 1 wherein said step for performing the function of verifying verifies the identity of said entity as the owner of said account in an interactive, real-time, online session.
  - 21. The method of claim 1 wherein said financial transaction is initiated after the notifying step.
  - 23. The method of claim 1 wherein the financial transaction comprises receiving an authorization request message from the third party, wherein the authorization request message comprises a purchase amount, wherein the authorization request message allows the issuer to verify to the third party that an account associated with the entity is in good standing and can pay for the purchase amount.

9. A method comprising:
- a step of performing the function of verifying, by an issuer during a registration process, the identity of an entity as the owner of an account and associating a password with said account;
  
  receiving an authentication request message from said third party at an access control server of said issuer requesting authentication of said entity, said authentication request message being routed via an Internet browser of a computer of said entity;
  
  receiving, at said access control server, an identity authenticating password from said entity;
  
  comparing, by said access control server, said identity authenticating password against said password previously designated for said account of said entity; and
  
  sending an authentication response message from said access control server of said issuer to said third party, said authentication response message being routed via said Internet browser of said computer of said entity;
  
  wherein said authentication response message notifies said third party that said entity is the actual owner of said account when said identity authenticating password received from said entity matches the password that was previously designated for said account,wherein said authentication request message is routed via the Internet browser of the computer of said entity and said authentication response message is routed via said Internet browser of said computer of said entity without the use of any additional software on said computer of said entity, whereby said issuer authenticates for the benefit of said third party that said entity is the actual owner of said account,wherein said issuer is a financial institution, and wherein said third party is an online merchant, andwherein said method further comprises conducting a financial transaction between said online merchant and said entity.
- View Dependent Claims (10, 12, 14, 16, 18, 20, 22, 24, 25, 26, 27)
- - 10. A method as recited in claim 9 wherein said entity owns an account of the type selected from the group consisting of retail banking accounts, wholesale banking accounts, medical accounts, insurance accounts, brokerage accounts, and telephone service accounts.
  - 12. A method as recited in claim 9, wherein said identity authenticating password is a password, a PIN, a question-response pair, or a phrase.
  - 14. A method as recited in claim 9 further comprising:
    - determining whether said entity is registered before sending said authentication request message from said third party to said issuer.
  - 16. A method as recited in claim 9 wherein said steps of receiving the identity authenticating password from said entity, comparing, sending the authentication response message occur in real time during said online transaction.
  - 18. A method as recited in claim 9 further comprising:
    - accessing a web site of said third party by said entity using the Internet browser;
      
      redirecting said Internet browser of said computer from said web site to the access control server of said issuer, whereby said issuer receives said identity authenticating password; and
      
      redirecting said Internet browser from said access control server back to said web site of said third party.
  - 20. A method as recited in claim 9 wherein said step of performing the function of verifying verifies the identity of said entity as the owner of said account in an interactive, real-time, online session.
  - 22. The method of claim 9 wherein the financial transaction is initiated after sending the authentication response message.
  - 24. The method of claim 9 wherein the financial transaction comprises receiving an authorization request message from the third party, wherein the authorization request message comprises a purchase amount, wherein the authorization request message allows the issuer to verify to the third party that an account associated with the entity is in good standing and can pay for the purchase amount.
  - 25. The method of claim 9 further comprising, after sending the authentication request message, digitally signing a receipt using an issuer'"'"'s signature key, wherein the receipt contains the merchant name, a card account number of a payment card, an expiration date of the art, a payment amount and a payment date.
  - 26. The method of claim 25 wherein the receipt is stored in a receipt file, which also includes a merchant name, a merchant URL, and a cardholder authentication value.
  - 27. The method of claim 26 wherein digitally signing is performed by the access control server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Dominguez, Benedicto H., Manessis, Thomas J., Reno, James Donald
Primary Examiner(s)
Augustin, Evens J

Application Number

US10/156,271
Publication Number

US 20020194138A1
Time in Patent Office

3,770 Days
Field of Search

705/67, 705/65, 705/41
US Class Current

705/65
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/027   involving a payment switch ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4014   Identity check for transact...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

Online account authentication service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

184 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Online account authentication service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

184 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others