Payment transaction processing using out of band authentication

US 8,898,762 B2
Filed: 07/02/2012
Issued: 11/25/2014
Est. Priority Date: 11/14/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a mobile device storing a digital certificate, via a second communication channel, a request to approve a transaction, wherein the transaction is conducted by a consumer using a first communications channel, wherein an authentication request message is previously sent to the consumer by sending the authentication request to a first device coupled to the first communications channel, wherein data received from the first device is used to contact the consumer on the mobile device, and wherein the data that is used to contact the consumer on the mobile device is provided by the consumer; and

transmitting, by the mobile device via the second communications channel, a payment confirmation message approving or denying the transaction, the payment confirmation message including a digital signature authenticating the consumer.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, apparatuses, and methods for increasing the security of electronic payment transactions, such as eCommerce transactions conducted over the Internet. A transaction approval or authorization mechanism uses an out of band process to provide authentication or identification data that has previously been registered by a user and associated with the user'"'"'s payment device or account. The out of band authentication data may be provided in response to a message sent to a user'"'"'s mobile phone, where the message is generated in response to entering the user'"'"'s phone number into a form that is provided when the user engages in an electronic payment transaction using a desktop computer. The data may include a digital signature and associated digital certificate that is used to authenticate the user.

Citations

20 Claims

1. A method comprising:
- receiving, by a mobile device storing a digital certificate, via a second communication channel, a request to approve a transaction, wherein the transaction is conducted by a consumer using a first communications channel, wherein an authentication request message is previously sent to the consumer by sending the authentication request to a first device coupled to the first communications channel, wherein data received from the first device is used to contact the consumer on the mobile device, and wherein the data that is used to contact the consumer on the mobile device is provided by the consumer; and
  
  transmitting, by the mobile device via the second communications channel, a payment confirmation message approving or denying the transaction, the payment confirmation message including a digital signature authenticating the consumer.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein the mobile device is a mobile phone, and wherein the method further comprises:
    - downloading the digital certificate corresponding to the digital signature.
  - 3. The method of claim 1, wherein the data that is used to contact the consumer on the mobile device is entered by the consumer into the first device.
  - 4. The method of claim 3, further comprising prompting, by the first device, the consumer to enter the data that is used to contact the consumer on the mobile device.

5. A transaction processor, comprising:
- an electronic processor;
  
  a memory coupled to the electronic processor; and
  
  a set of instructions stored in the memory which, when executed by the electronic processor cause the transaction processor tosend an authentication request message to a consumer by sending the authentication request to a first device coupled to a first communications channel;
  
  receive, from the first device, data that is used to contact the consumer on a second device storing a digital certificate, wherein the data that is used to contact the consumer on the second device is provided by the consumer;
  
  transmit a request to the consumer to approve a transaction by transmitting the request to approve the transaction to the second device over a second communications channel; and
  
  in response to the request sent to the consumer to approve the transaction, receive a payment confirmation message from the consumer generated by the second device and provided over the second communications channel, the payment confirmation message approving or denying the transaction and including a digital signature associated with the consumer.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The transaction processor of claim 5, wherein an application in the memory further enables the second device to securely communicate with a gateway server that couples the second communications channel to a different communications channel.
  - 7. The transaction processor of claim 5, wherein the data that is used to contact the consumer on the second device is a phone number associated with the second device.
  - 8. The transaction processor of claim 5, wherein the digital signature corresponds to the digital certificate.
  - 9. The transaction processor of claim 5, wherein the request to approve the transaction includes an address to which the payment confirmation message should be directed.

10. A method of processing a payment transaction, comprising:
- sending an authentication request message to a consumer by sending the authentication request to a first device coupled to a first communications channel;
  
  receiving from the first device data that is used to contact the consumer on a second device storing a digital certificate, wherein the data that is used to contact the consumer on the second device is provided by the consumer;
  
  transmitting a request to the consumer to approve the transaction by transmitting the request to approve the transaction to the second device over a second communications channel; and
  
  in response to the request sent to the consumer to approve the transaction, receiving a payment confirmation message from the consumer generated by the second device and provided over the second communications channel, the payment confirmation message approving or denying the transaction and including a digital signature associated with the consumer.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein the first device is the consumer'"'"'s personal computer.
  - 12. The method of claim 10, wherein the payment confirmation message comprises authentication data, which is one or more of the consumer'"'"'s mobile phone number or a password associated with the consumer.
  - 13. The method of claim 10, wherein the first device is a mobile phone, and wherein the method further comprises:
    - downloading the digital certificate corresponding to the digital signature.
  - 14. The method of claim 10, wherein the data that is used to contact the customer is a phone number, wherein the method further comprises:
    - determining a payment account that should be used to pay for the transaction using the phone number.
  - 15. The method of claim 10, further comprising sending the payment confirmation message to the first device.
  - 16. The method of claim 10, wherein the first device is used to initiate the payment transaction, wherein the first device is the consumer'"'"'s personal computer, and wherein the second device is the consumer'"'"'s mobile device.
  - 17. The method of claim 10, wherein the digital certificate is issued to the consumer for a specified class of transactions.
  - 18. The method of claim 10, wherein the digital certificate is unique to a merchant or group of merchants.

19. A method of processing a payment transaction, comprising:
- sending an authentication request message to a consumer by sending the authentication request to a first device coupled to a first communications channel;
  
  receiving from the first device data that is used to contact the consumer on a second device storing a digital certificate;
  
  transmitting a request to the consumer to approve the transaction by transmitting the request to approve the transaction to the second device over a second communications channel; and
  
  in response to the request sent to the consumer to approve the transaction, receiving a payment confirmation message from the consumer generated by the second device and provided over the second communications channel, the payment confirmation message approving or denying the transaction and including a digital signature associated with the consumer, wherein a downloaded application on the second device is used to generate the digital signature corresponding to the digital certificate from the consumer'"'"'s second device or a digital certificate from a server.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the request to approve the transaction includes an address to which the payment confirmation message should be sent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Kang, Denis
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
WYSZYNSKI, AUBREY H

Application Number

US13/540,525
Publication Number

US 20120271768A1
Time in Patent Office

876 Days
Field of Search

705/44, 726/7, 726/9
US Class Current

726/7
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/326   Payment applications instal...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/42   Confirmation, e.g. check or...

G06Q 20/425   using two different network...

G06Q 40/00   Finance; Insurance; Tax str...

Payment transaction processing using out of band authentication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Payment transaction processing using out of band authentication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links