Method for digital signature authentication of pin-less debit card account transactions

US 9,418,501 B2
Filed: 09/13/2007
Issued: 08/16/2016
Est. Priority Date: 02/05/2007
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating an electronic transaction between a consumer and a merchant without using a passcode or personal identification number (PIN), wherein the method occurs at the merchant and comprises:

receiving account information associated with a debit card account at a merchant computer system from the consumer over the Internet, wherein the consumer accesses the Internet using a consumer'"'"'s computer, and the account information does not include a passcode or a personal identification number (PIN) for the debit card account;

confirming, at the merchant computer system, enrollment of the debit card account for digital signature authentication from a financial institution;

receiving, at the merchant computer system, consumer specific authentication parameters from the financial institution, wherein the consumer specific authentication parameters comprises an authentication scheme comprising a hosted or a local digital signature service;

sending transaction information from the merchant computer system over the Internet to the consumer'"'"'s computer for a digital signature;

sending the authentication scheme over the Internet from the merchant computer system to the consumer'"'"'s computer;

receiving, at the merchant computer system, a digital signature from the consumer'"'"'s computer over the Internet, wherein the digital signature does not include a passcode or personal identification number (PIN) for the debit card account, and the digital signature comprises encrypted portions of the transaction information;

sending, from the merchant computer system, the transaction information and the digital signature comprising encrypted portions of the transaction information to the financial institution;

receiving, at the merchant computer system, payment authorization from the financial institution; and

sending, from the merchant computer system, a receipt URL to the financial institution, the receipt URL later sent to the consumer by the financial institution.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A systems and methods for authenticating a consumer with a transaction card using digital signatures according to one embodiment of the invention is disclosed. These systems and methods allow consumers to digitally sign transaction information with a private key. The private key may be used to digitally sign the transaction, for example, through a hosted or local system that protects the integrity of the private key. A financial institution may authenticate the consumer by decrypting the digital signature with a public key.

Citations

15 Claims

1. A method for authenticating an electronic transaction between a consumer and a merchant without using a passcode or personal identification number (PIN), wherein the method occurs at the merchant and comprises:
- receiving account information associated with a debit card account at a merchant computer system from the consumer over the Internet, wherein the consumer accesses the Internet using a consumer'"'"'s computer, and the account information does not include a passcode or a personal identification number (PIN) for the debit card account;
  
  confirming, at the merchant computer system, enrollment of the debit card account for digital signature authentication from a financial institution;
  
  receiving, at the merchant computer system, consumer specific authentication parameters from the financial institution, wherein the consumer specific authentication parameters comprises an authentication scheme comprising a hosted or a local digital signature service;
  
  sending transaction information from the merchant computer system over the Internet to the consumer'"'"'s computer for a digital signature;
  
  sending the authentication scheme over the Internet from the merchant computer system to the consumer'"'"'s computer;
  
  receiving, at the merchant computer system, a digital signature from the consumer'"'"'s computer over the Internet, wherein the digital signature does not include a passcode or personal identification number (PIN) for the debit card account, and the digital signature comprises encrypted portions of the transaction information;
  
  sending, from the merchant computer system, the transaction information and the digital signature comprising encrypted portions of the transaction information to the financial institution;
  
  receiving, at the merchant computer system, payment authorization from the financial institution; and
  
  sending, from the merchant computer system, a receipt URL to the financial institution, the receipt URL later sent to the consumer by the financial institution.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method according to claim 1, wherein the financial institution is either an issuer authentication server (IAS) or a cardholder account directory service (CADS).
  - 3. The method according to claim 1, wherein the confirming enrollment of the consumer'"'"'s account for digital signature authentication further comprises:
    - requesting enrollment confirmation from the financial institution; and
      
      receiving enrollment confirmation from the financial institution.
  - 4. The method according to claim 1, wherein the authentication scheme is a URL that points to a plug-in residing on the consumer'"'"'s computer.
  - 5. The method according to claim 1, wherein the authentication scheme is a URL pointing to a webpage hosted by an issuer authentication server (IAS).
  - 6. The method according to claim 1, wherein the digital signature comprises encrypting transaction information with a private key associated with the authentication scheme.
  - 7. The method according to claim 6, wherein encrypting transaction information comprises encrypting the transaction information using an encryption scheme selected from the group consisting of RSA encryption, the digital signature algorithm, Schnorr signature, Pointcheval-Stern signature algorithm, the Rabin signature algorithm, any of the SHA algorithms, the undeniable signature algorithm, ECDSA, DSA, the ECC algorithm, elliptical curve techniques, Paillier cryptosystem, the EIGamal algorithm, and the Diffie-Hellman key exchange.
  - 8. The method according to claim 1, wherein the transaction information comprises information selected from the group consisting of transaction currency code, transaction amount, transaction ID, transaction reference number, transaction time, transaction ship data, account number, consumer name, and merchant name.
  - 9. The method according to claim 1, further comprising sending the digital signature, and the transaction information to a merchant processor.
  - 10. The method according to claim 1, further comprising creating an ISO 8583 transaction using the digital signature and the transaction information;
    - and sending the ISO 8583 message to a merchant processor.
  - 11. The method of claim 4, wherein the URL sent to the consumer'"'"'s computer as part of the authentication scheme is configured to automatically direct the consumer'"'"'s web browser to the URL where the plug-in may be launched.
  - 12. The method of claim 11, wherein the plug-in is configured to interface with a smartcard reader or biometric detector.
  - 13. The method of claim 1, wherein the received account information includes a primary account number (PAN) of a debit card associated with the debit card account.
  - 14. The method of claim 6, wherein the encrypting transaction information comprises encrypting the transaction information using an encryption scheme selected from the group consisting of RSA encryption, Schnorr signature, Pointcheval-Stern signature algorithm, the Rabin signature algorithm, any of the SHA algorithms, the undeniable signature algorithm, ECDSA, DSA, the ECC algorithm, elliptical curve techniques, Paillier cryptosystem, the EIGamal algorithm, and the Diffie-Hellman key exchange.
  - 15. The method of claim 6, wherein the encrypting transaction information comprises encrypting the transaction information using the Pointcheval-Stern signature algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Loomis, Nancy, Saville, Julie
Primary Examiner(s)
CASEY, ALEXIS M

Application Number

US11/854,879
Publication Number

US 20080222049A1
Time in Patent Office

3,260 Days
Field of Search

705/50
US Class Current

1/1
CPC Class Codes

G06F 16/9566   URL specific, e.g. using al...

G06Q 20/10   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G06Q 20/409   Device specific authenticat...

G07F 7/08   by coded identity card or c...

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

G07F 7/1075   PIN is checked remotely

G07F 7/1091   Use of an encrypted form of...

G07F 7/122   Online card verification

Method for digital signature authentication of pin-less debit card account transactions

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method for digital signature authentication of pin-less debit card account transactions

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links