Online account authentication service
First Claim
1. A method of authenticating an entity during an online transaction with a third party, said authenticating performed by an issuer that maintains an account of said entity, said method comprising:
- a step for performing the function of verifying, by said issuer during a registration process, the identity of said entity as the owner of said account and associating a password with said account;
routing an online request from said third party to said issuer via an Internet browser of a computer of said entity in the form of an authentication request message;
receiving, by said issuer at an access control server, said online request from said third party to authenticate said entity;
receiving, by said issuer at said access control server, an identity authenticating password from said entity over an online connection;
comparing, by said access control server, said identity authenticating password against said password previously designated for said account of said entity;
routing an online communication from said issuer to said third party via said Internet browser of said computer of said entity in the form of an authentication response message; and
notifying said third party via said online communication that said entity is the actual owner of said account when said identity authenticating password received from said entity matches the password that was previously designated for said account, said online communication being sent from said access control server, performing said steps of routing without the use of any additional software on said computer of said entity relating to said method of authenticating, whereby said issuer authenticates for the benefit of said third party that said entity is the actual owner of said account,wherein said issuer is a financial institution, andwherein said third party is an online merchant, and wherein said method further comprises conducting a financial transaction between said online merchant and said entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder'"'"'s authenticity has been verified. A chip card and the authentication service independently generate cryptograms to match in order for the service to verify that the correct chip card is being used by the cardholder.
184 Citations
27 Claims
-
1. A method of authenticating an entity during an online transaction with a third party, said authenticating performed by an issuer that maintains an account of said entity, said method comprising:
-
a step for performing the function of verifying, by said issuer during a registration process, the identity of said entity as the owner of said account and associating a password with said account; routing an online request from said third party to said issuer via an Internet browser of a computer of said entity in the form of an authentication request message; receiving, by said issuer at an access control server, said online request from said third party to authenticate said entity; receiving, by said issuer at said access control server, an identity authenticating password from said entity over an online connection; comparing, by said access control server, said identity authenticating password against said password previously designated for said account of said entity; routing an online communication from said issuer to said third party via said Internet browser of said computer of said entity in the form of an authentication response message; and notifying said third party via said online communication that said entity is the actual owner of said account when said identity authenticating password received from said entity matches the password that was previously designated for said account, said online communication being sent from said access control server, performing said steps of routing without the use of any additional software on said computer of said entity relating to said method of authenticating, whereby said issuer authenticates for the benefit of said third party that said entity is the actual owner of said account, wherein said issuer is a financial institution, and wherein said third party is an online merchant, and wherein said method further comprises conducting a financial transaction between said online merchant and said entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 11, 13, 15, 17, 19, 21, 23)
-
-
9. A method comprising:
-
a step of performing the function of verifying, by an issuer during a registration process, the identity of an entity as the owner of an account and associating a password with said account; receiving an authentication request message from said third party at an access control server of said issuer requesting authentication of said entity, said authentication request message being routed via an Internet browser of a computer of said entity; receiving, at said access control server, an identity authenticating password from said entity; comparing, by said access control server, said identity authenticating password against said password previously designated for said account of said entity; and sending an authentication response message from said access control server of said issuer to said third party, said authentication response message being routed via said Internet browser of said computer of said entity; wherein said authentication response message notifies said third party that said entity is the actual owner of said account when said identity authenticating password received from said entity matches the password that was previously designated for said account, wherein said authentication request message is routed via the Internet browser of the computer of said entity and said authentication response message is routed via said Internet browser of said computer of said entity without the use of any additional software on said computer of said entity, whereby said issuer authenticates for the benefit of said third party that said entity is the actual owner of said account, wherein said issuer is a financial institution, and wherein said third party is an online merchant, and wherein said method further comprises conducting a financial transaction between said online merchant and said entity. - View Dependent Claims (10, 12, 14, 16, 18, 20, 22, 24, 25, 26, 27)
-
Specification