Dual layer authentication for electronic payment request in online transactions

US 9,215,331 B2
Filed: 10/02/2009
Issued: 12/15/2015
Est. Priority Date: 10/02/2008
Status: Active Grant

First Claim

Patent Images

1. A method for an additional authorization of an electronic payment information, the method comprising:

a computer configuring a payment card with information associated with at least one device wherein the information includes one or more uniform resource locator (URL) addresses designated as a friend URL for which the additional authorization is not required, a price threshold requiring the additional authorization, and a type of object threshold requiring the additional authorization;

the computer receiving the electronic payment information from the payment card at a browser running on the computer, wherein the browser requires the additional authorization for the payment card in addition to a main authorization process when a uniform resource locator address associated with the browser has not been designated as the friend URL, and one of the price threshold and the type of object threshold has been met;

the computer, responsive to determining that the uniform resource locator address associated with the browser has not been designated as the friend URL, and one of the price threshold and the type of object threshold has been met, suspending the main authorization process;

the computer, responsive to suspending the main authorization process, establishing a connection with a cell phone of the user;

the computer, responsive to establishing the connection with the cell phone of the user, retrieving an additional information associated with the electronic payment information, wherein the additional information is an identifier associated with both the cell phone and the payment card, and wherein the additional information includes one of the type of object threshold and the threshold of expense;

the computer, responsive to receiving the additional information, using the additional information to complete the additional authorization process; and

the computer, responsive to completing the additional authorization process, completing the main authorization process.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Increasing the security of online payment requests by introducing a dual-layer authentication system for accessing the funds and/or credit through payment cards is described. An additional check regarding the identity of a card user to be included within a traditional security protocols for these cards, wherein the additional check is based on an authentication channel which is external to the user'"'"'s card. A device owned by the legitimate card owner certifies that the user of the card at any given instant is the legitimate owner of the card and not someone else. To process this additional information, a connection by means of a proximity based device is established.

Citations

7 Claims

1. A method for an additional authorization of an electronic payment information, the method comprising:
- a computer configuring a payment card with information associated with at least one device wherein the information includes one or more uniform resource locator (URL) addresses designated as a friend URL for which the additional authorization is not required, a price threshold requiring the additional authorization, and a type of object threshold requiring the additional authorization;
  
  the computer receiving the electronic payment information from the payment card at a browser running on the computer, wherein the browser requires the additional authorization for the payment card in addition to a main authorization process when a uniform resource locator address associated with the browser has not been designated as the friend URL, and one of the price threshold and the type of object threshold has been met;
  
  the computer, responsive to determining that the uniform resource locator address associated with the browser has not been designated as the friend URL, and one of the price threshold and the type of object threshold has been met, suspending the main authorization process;
  
  the computer, responsive to suspending the main authorization process, establishing a connection with a cell phone of the user;
  
  the computer, responsive to establishing the connection with the cell phone of the user, retrieving an additional information associated with the electronic payment information, wherein the additional information is an identifier associated with both the cell phone and the payment card, and wherein the additional information includes one of the type of object threshold and the threshold of expense;
  
  the computer, responsive to receiving the additional information, using the additional information to complete the additional authorization process; and
  
  the computer, responsive to completing the additional authorization process, completing the main authorization process.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 further including:
    - refusing the additional authorization in the event the additional authorization process is unsuccessful;
      
      notifying an owner of the card of an unsuccessful additional authorization using personal information of the user and an external device of the user to advise the user of an authentication failure, thereby providing substantially instantaneous warning to the user of a potential breach in a security of the user.
  - 3. The method of claim 1 further including:
    - refusing the additional authorization in the event the computer does not connect with the cell phone;
      
      notifying an owner of the card of the failed connection.

4. A computer program product for performing an additional authorization of an electronic payment information, the computer program product comprising:
- one or more non-transitory computer readable mediums;
  
  computer program instructions stored in at least one of the one or more non-transitory computer readable mediums for configuring a payment card with information associated with at least one device wherein the information includes one or more uniform resource locator (URL) addresses designated as a friend URL for which the additional authorization is not required, a price threshold requiring the additional authorization, and a type of object threshold requiring the additional authorization;
  
  computer program instructions stored in at least one of the one or more non-transitory computer readable mediums for receiving the electronic payment information from a payment card at a browser running on the computer, wherein the browser requires the secondary authorization for the payment card in addition to the main authorization process when a uniform resource locator address associated with the browser has not been designated as the friend URL, and one of the price threshold and the type of object threshold has been met;
  
  computer program instructions stored in at least one of the one or more non-transitory computer readable mediums for, responsive to receiving the electronic payment information, establishing a connection with a cell phone of the user;
  
  computer program instructions stored in at least one of the one or more non-transitory computer readable mediums for, responsive to determining that the uniform resource locator address associated with the browser has not been designated as the friend URL, and one of the price threshold and the type of object threshold has been met, suspending the main authorization process;
  
  computer program instructions stored in at least one of the one or more non-transitory computer readable mediums for, responsive to suspending the main authorization process, establishing the connection with the cell phone of the user;
  
  computer program instructions stored in at least one of the one or more non-transitory computer readable mediums for, responsive to establishing the connection with the cell phone of the user, retrieving the additional information, wherein the additional information is an identifier associated with both the payment card and the cell phone, and wherein the additional information includes a type of object and a threshold of expense;
  
  computer program instructions stored in at least one of the one or more non-transitory computer readable mediums for, responsive to receiving the additional information, using the additional information to complete the additional authorization process; and
  
  computer program instructions stored in at least one of the one or more non-transitory computer readable mediums for, responsive to completing the additional authorization process, completing the main authorization process.
- View Dependent Claims (5, 6)
- - 5. A computer program product of claim 4, further comprising:
    - computer program instructions stored in at least one of the one or more non-transitory computer readable mediums for refusing the additional authorization in the event the additional authorization process is unsuccessful; and
      
      computer program instructions stored in at least one of the one or more non-transitory computer readable mediums for notifying the an owner of the card of an unsuccessful additional authorization using personal information of the user and an external device of the user to advise the user of an authentication failure, thereby providing substantially instantaneous warning to the user of a potential breach in a security of the user.
  - 6. The computer program product of claim 4, further comprising:
    - computer program instructions stored in at least one of the one or more non-transitory computer readable mediums for refusing the authorization in the event the computer does not connect with the cell phone; and
      
      computer program instructions stored in at least one of the one or more non-transitory computer readable mediums for notifying an owner of the card of a failed detection.

7. A system for providing an additional authorization of an electronic payment information, the system comprising a data processor coupled to a memory having instructions stored therein that are configured to perform the steps of:
- configuring a payment card with information associated with at least one device wherein the information includes one or more uniform resource locator (URL) addresses designated as a friend URL for which the additional authorization is not required, a price threshold requiring the additional authorization, and a type of object threshold requiring the additional authorization;
  
  receiving the electronic payment information from the payment card at a browser running on the computer, wherein the browser requires the additional authorization for the payment card in addition to a main authorization process when a uniform resource locator address associated with the browser has not been designated as the friend URL, and one of the price threshold and the type of object threshold has been met;
  
  responsive to determining that the uniform resource locator address associated with the browser has not been designated as the friend URL, and one of the price threshold and the type of object threshold has been met, suspending the main authorization process;
  
  responsive to suspending the main authorization process, establishing a connection with a cell phone of the user;
  
  responsive to establishing the connection with the cell phone of the user, retrieving an additional information associated with the electronic payment information, wherein the additional information is an identifier associated with both the cell phone and the payment card, and wherein the additional information includes one of the type of object threshold and the threshold of expense;
  
  responsive to receiving the additional information, using the additional information to complete the additional authorization process; and
  
  responsive to completing the additional authorization process, completing the main authorization process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Edison Vault, LLC
Original Assignee
International Business Machines Corporation
Inventors
Febonio, Barbara, Piccinini, Sandro
Primary Examiner(s)
Liu, Marissa

Application Number

US12/572,321
Publication Number

US 20100088228A1
Time in Patent Office

2,265 Days
Field of Search

705 1- 75, 709 1-207, 235 1-379, 713 1-201, 380 1- 25
US Class Current

1/1
CPC Class Codes

G06Q 20/105   involving programming of a ...

G06Q 20/12   specially adapted for elect...

G06Q 20/327   Short range or proximity pa...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/425   using two different network...

G06Q 30/0603   Catalogue ordering

H04M 15/00   Arrangements for metering, ...

H04M 15/47   Fraud detection or preventi...

H04M 15/48   Secure or trusted billing, ...

H04M 15/8005   Flat-fee

H04M 15/85   characterised by the type o...

H04M 15/851   Determined tariff

H04M 15/858   Request users acknowledgeme...

H04M 17/00   Prepayment of wireline comm...

H04M 2215/0148   Fraud detection or preventi...

H04M 2215/0156   Secure and trusted billing,...

H04M 2215/815   Notification when a specifi...

H04M 2215/8183   Request users acknowledgeme...

H04W 4/24   Accounting or billing

Dual layer authentication for electronic payment request in online transactions

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Dual layer authentication for electronic payment request in online transactions

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links