Dual layer authentication for electronic payment request in online transactions

US 9,100,502 B2
Filed: 04/09/2012
Issued: 08/04/2015
Est. Priority Date: 10/02/2008
Status: Active Grant

First Claim

Patent Images

1. A method for additional authorization of an electronic payment request, during a main authorization process of the electronic payment request for an online purchase by means of a browser, the browser running on a data processing system including proximity based transceiver means, the payment request being made with a payment card configured with details of at least one device in the possession of at least one owner of the card, the method comprising:

a computer configuring the payment card with information associated with the at least one device wherein the information includes one of one or more uniform resource locator addresses for which additional authorization is not required, a price threshold requiring the additional authorization, and a type of object threshold requiring the additional authorization;

the computer suspending the main authorization process;

the computer, by the proximity based transceiver means, detecting the proximity of at least one portable device with whose details the payment card is configured, wherein the proximity based transceiver means includes a Bluetooth device and wherein a browser plug-in in the browser searches for the at least one portable device in a range asking for a Bluetooth code to allow handshaking between the at least one portable device and the data processing system;

the computer, upon detection of the at least one portable device in the range, establishing a communication session between the data processing system and the detected portable device;

the computer requesting a first code from the detected portable device;

the computer comparing the first code with a predetermined second code; and

the computer resuming the main authorization process in the event the first code substantially matches the second code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Increasing the security of online payment requests by introducing a dual-layer authentication system for accessing the funds and/or credit through payment cards is described. An additional check regarding the identity of a card user to be included within a traditional security protocols for these cards, wherein the additional check is based on an authentication channel which is external to the user'"'"'s card. A device owned by the legitimate card owner certifies that the user of the card at any given instant is the legitimate owner of the card and not someone else. To process this additional information, a connection by means of a proximity based device is established.

37 Citations

6 Claims

1. A method for additional authorization of an electronic payment request, during a main authorization process of the electronic payment request for an online purchase by means of a browser, the browser running on a data processing system including proximity based transceiver means, the payment request being made with a payment card configured with details of at least one device in the possession of at least one owner of the card, the method comprising:
- a computer configuring the payment card with information associated with the at least one device wherein the information includes one of one or more uniform resource locator addresses for which additional authorization is not required, a price threshold requiring the additional authorization, and a type of object threshold requiring the additional authorization;
  
  the computer suspending the main authorization process;
  
  the computer, by the proximity based transceiver means, detecting the proximity of at least one portable device with whose details the payment card is configured, wherein the proximity based transceiver means includes a Bluetooth device and wherein a browser plug-in in the browser searches for the at least one portable device in a range asking for a Bluetooth code to allow handshaking between the at least one portable device and the data processing system;
  
  the computer, upon detection of the at least one portable device in the range, establishing a communication session between the data processing system and the detected portable device;
  
  the computer requesting a first code from the detected portable device;
  
  the computer comparing the first code with a predetermined second code; and
  
  the computer resuming the main authorization process in the event the first code substantially matches the second code.
- View Dependent Claims (2)
- - 2. The method of claim 1 further configuring the payment card with an International Mobile Equipment Identity (IMEI) code of a mobile phone of the owner of the card;
    - and wherein;
      
      the computer detecting comprises attempting to establish a Bluetooth connection with the mobile phone; and
      
      the computer comparing the first code with a predetermined second code comprises comparing an International Mobile Equipment Identity (IMEI) code retrieved from the mobile phone with the IMEI with which the payment card is configured.

3. A computer program product for additional authorization of an electronic payment request, during a main authorization process of the electronic payment request for an online purchase by means of a browser, the browser running on a data processing system including proximity based transceiver means, the payment request being made with a payment card configured with details of at least one portable device in the possession of at least one owner of the card, the computer program product comprising:
- one or more non-transitory computer readable storage devices;
  
  computer program instructions stored on the one or more non-transitory computer readable storage devices for configuring the payment card with information associated with the at least one device wherein the information includes one of one or more uniform resource locator addresses for which additional authorization is not required, a price threshold requiring the additional authorization, and a type of object threshold requiring the additional authorization;
  
  computer program instructions stored on the one or more non-transitory computer readable storage devices for suspending the main authorization process;
  
  computer program instructions stored on the one or more non-transitory computer readable storage devices for detecting, by the proximity based transceiver means, the proximity of at least one portable device with whose details the payment card is configured, wherein the proximity based transceiver means includes a Bluetooth device and wherein a browser plug-in in the browser searches for the at least one portable device in a range asking for a Bluetooth code to allow handshaking between the at least one portable device and the data processing system;
  
  computer program instructions stored on the one or more non-transitory computer readable storage devices for, upon detection of the at least one portable device in the range, establishing a communication session between the data processing system and the detected portable device;
  
  computer program instructions stored on the one or more non-transitory computer readable storage devices for requesting a first code from the detected portable device;
  
  computer program instructions stored on the one or more non-transitory computer readable storage devices for comparing the first code with a predetermined second code; and
  
  computer program instructions stored on the one or more non-transitory computer readable storage devices for resuming the main authorization process in the event the first code substantially matches the second code.
- View Dependent Claims (4)
- - 4. The computer program product as claimed in claim 3 further comprising:
    - computer program instructions stored on the one or more non-transitory computer readable storage devices for configuring the payment card with an International Mobile Equipment Identity (IMEI) code of a mobile phone of the owner of the card; and
      
      wherein;
      
      computer program instructions stored on the one or more non-transitory computer readable storage devices for detecting comprises attempting to establish a Bluetooth connection with the mobile phone; and
      
      computer program instructions stored on the one or more non-transitory computer readable storage devices for comparing the first code with a predetermined second code comprises the step of comparing an International Mobile Equipment Identity (IMEI) code retrieved from the mobile phone with the IMEI with which the payment card is configured.

5. A system for authenticating an electronic payment request, for additional authorization of an electronic payment request during a main authorization process of the electronic payment request for an online purchase, the payment request being made with a payment card configured with details of at least one portable device in the possession of at least one owner of the card, the system comprising:
- one or more processors, one or more computer readable memories, and one or more computer readable storage devices;
  
  computer program instructions stored on the one or more non-transitory computer readable storage devices for execution by at least one processor via at least one computer readable memory for configuring the payment card with information associated with the at least one device wherein the information includes one of one or more uniform resource locator addresses for which additional authorization is not required, a price threshold requiring the additional authorization, and a type of object threshold requiring the additional authorization;
  
  computer program instructions stored on at least one computer readable storage device for execution by at least one processor via at least one computer readable memory for performing, on a browser, online shopping activities, wherein the main authorization process is suspended;
  
  computer program instructions stored on at least one computer readable storage device for execution by at least one processor via at least one computer readable memory for detecting, by a proximity based transceiver, the proximity of at least one portable device with whose details the payment card is configured, wherein the proximity based transceiver includes a Bluetooth device and wherein a browser plug-in in the browser searches for the at least one portable device in a range asking for a Bluetooth code to allow handshaking between the at least one portable device and the data processing system;
  
  computer program instructions stored on at least one computer readable storage device for execution by at least one processor via at least one computer readable memory for establishing, by a communication system, a communication session between the data processing system and the detected portable device, upon detection of at least one portable device; and
  
  computer program instructions stored on at least one computer readable storage device for execution by at least one processor via at least one computer readable memory for requesting a first code from the detected portable device, comparing the first code with a predetermined second code and resuming the main authorization process in the event the first code substantially matches the second code.
- View Dependent Claims (6)
- - 6. The system of claim 5 wherein the payment card is configured with an International Mobile Equipment Identity (IMEI) code of a mobile phone of the owner of the card;
    - and further comprising;
      
      computer program instructions stored on at least one computer readable storage device for execution by at least one processor via at least one computer readable memory for attempting to establish, by the communication system, a Bluetooth connection with the mobile phone; and
      
      computer program instructions stored on at least one computer readable storage device for execution by at least one processor via at least one computer readable memory for comparing the first code with a predetermined second code comprises comparing an International Mobile Equipment Identity (IMEI) code retrieved from the mobile phone with the IMEI with which the payment card is configured.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Edison Vault, LLC
Original Assignee
International Business Machines Corporation
Inventors
Febonio, Barbara, Piccinini, Sandro
Primary Examiner(s)
JOHNSON, GREGORY L

Application Number

US13/442,450
Publication Number

US 20120197803A1
Time in Patent Office

1,212 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06Q 20/105   involving programming of a ...

G06Q 20/12   specially adapted for elect...

G06Q 20/327   Short range or proximity pa...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/425   using two different network...

G06Q 30/0603   Catalogue ordering

H04M 15/00   Arrangements for metering, ...

H04M 15/47   Fraud detection or preventi...

H04M 15/48   Secure or trusted billing, ...

H04M 15/8005   Flat-fee

H04M 15/85   characterised by the type o...

H04M 15/851   Determined tariff

H04M 15/858   Request users acknowledgeme...

H04M 17/00   Prepayment of wireline comm...

H04M 2215/0148   Fraud detection or preventi...

H04M 2215/0156   Secure and trusted billing,...

H04M 2215/815   Notification when a specifi...

H04M 2215/8183   Request users acknowledgeme...

H04W 4/24   Accounting or billing

Dual layer authentication for electronic payment request in online transactions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Dual layer authentication for electronic payment request in online transactions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links