Conducting transactions with dynamic passwords

US 9,449,319 B1
Filed: 06/30/2008
Issued: 09/20/2016
Est. Priority Date: 06/30/2008
Status: Active Grant

First Claim

Patent Images

1. A transaction processing system having increased security, the system comprising:

one or more first processors;

first memory configured to be in communication with the one or more processors;

first computer-executable instructions that, when executed on the one or more processors, perform acts to securely process a transaction for an item without receiving sensitive information, the acts comprising;

receiving, over a network from a computing device and by the transaction processing system, first data comprising a request to conduct the transaction for the item, wherein the computing device comprises one or more second processors, a second memory, a presentation device, and second computer-executable instructions;

receiving second data comprising a first dynamic password and a transaction phrase token, wherein the transaction phrase token;

(i) comprises at least two grammatically correct words, each grammatically correct word separated by a space, (ii) is associated with one or more predefined rules specifying an item category or a transaction amount that is allowed when employing the transaction phrase token to conduct the transaction, and (iii) links to a payment instrument so that the transaction phrase token acts as a proxy for the payment instrument;

accessing a second dynamic password accessible by the transaction processing service;

accessing the one or more predefined rules associated with the transaction phrase token;

based at least partly on the second dynamic password and the one or more predefined rules, triggering the one or more first processors to perform one of;

approving the transaction based at least partly on;

(i) the first dynamic password matching the second dynamic password, and(ii) at least one of the amount of the transaction being at or below the transaction amount specified by a first predefined rule of the one or more predefined rules or the item category of the item matching the item category specified by a second predefined rule of the one or more predefined rules;

declining the transaction based at least in part on at least one of the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the first predefined rule of the one or more predefined rules, or the item category of the item not matching the item category specified by the second predefined rule of the one or more predefined rules;

orimplementing one or more other authorization procedures based at least in part on at least one of the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the first predefined rule of the one or more predefined rules, or the item category of the item not matching the item category specified by the second predefined rule of the one or more predefined rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for conducting transactions with one-time passwords are described herein. These techniques may include receiving a request to conduct a transaction, as well as a one-time password and an identifier linked with a payment instrument. The identifier may or may not identify the linked payment instrument. In both instances, a transaction processing service may compare the received one-time password with a one-time password stored at or accessible by the transaction processing service. If the passwords match, the service may approve the transaction. Otherwise, the service may decline the transaction or implement one or more additional authorization procedures.

190 Citations

33 Claims

1. A transaction processing system having increased security, the system comprising:
- one or more first processors;
  
  first memory configured to be in communication with the one or more processors;
  
  first computer-executable instructions that, when executed on the one or more processors, perform acts to securely process a transaction for an item without receiving sensitive information, the acts comprising;
  
  receiving, over a network from a computing device and by the transaction processing system, first data comprising a request to conduct the transaction for the item, wherein the computing device comprises one or more second processors, a second memory, a presentation device, and second computer-executable instructions;
  
  receiving second data comprising a first dynamic password and a transaction phrase token, wherein the transaction phrase token;
  
  (i) comprises at least two grammatically correct words, each grammatically correct word separated by a space, (ii) is associated with one or more predefined rules specifying an item category or a transaction amount that is allowed when employing the transaction phrase token to conduct the transaction, and (iii) links to a payment instrument so that the transaction phrase token acts as a proxy for the payment instrument;
  
  accessing a second dynamic password accessible by the transaction processing service;
  
  accessing the one or more predefined rules associated with the transaction phrase token;
  
  based at least partly on the second dynamic password and the one or more predefined rules, triggering the one or more first processors to perform one of;
  
  approving the transaction based at least partly on;
  
  (i) the first dynamic password matching the second dynamic password, and(ii) at least one of the amount of the transaction being at or below the transaction amount specified by a first predefined rule of the one or more predefined rules or the item category of the item matching the item category specified by a second predefined rule of the one or more predefined rules;
  
  declining the transaction based at least in part on at least one of the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the first predefined rule of the one or more predefined rules, or the item category of the item not matching the item category specified by the second predefined rule of the one or more predefined rules;
  
  orimplementing one or more other authorization procedures based at least in part on at least one of the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the first predefined rule of the one or more predefined rules, or the item category of the item not matching the item category specified by the second predefined rule of the one or more predefined rules.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A system as recited in claim 1, wherein the second dynamic password comprises a pseudo-random identifier that changes after a predetermined amount of time.
  - 3. A system as recited in claim 1, wherein the second dynamic password comprises a pseudo-random identifier that changes after a predetermined event.
  - 4. A system as recited in claim 1, wherein:
    - the second dynamic password is configured to change after one of the group comprising a predetermined amount of time and a predetermined event; and
      
      the acts further comprising updating the second dynamic password as the second dynamic password changes.
  - 5. A system as recited in claim 1, wherein the request to conduct the transaction comprises a request to purchase the item for sale in an item catalog.

6. A method for securely processing a transaction without receiving sensitive information comprising:
- receiving, from a computing device and by a transaction processing service, first data comprising a request to purchase an item;
  
  receiving, by the transaction processing service, second data comprising a dynamic password and an identifier associated with a payment instrument, wherein the identifier;
  
  comprises at least two grammatically correct words separated by a space, andis associated with one or more predefined rules specifying an item category or a transaction amount that is allowed when employing the identifier to conduct a transaction based on the request to purchase the item;
  
  accessing the one or more predefined rules associated with the identifier;
  
  based at least partly on the dynamic password, the identifier, and at least one of an amount of the transaction or an item category of the item, performing one of;
  
  processing, by the transaction processing service, the request to purchase the item;
  
  declining, by the transaction processing service, the request to purchase the item;
  
  orimplementing, by the transaction processing service, one or more other authorization procedures.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18)
- - 7. A method as recited in claim 6, wherein the dynamic password is a first dynamic password, and wherein the transaction processing service processes the request based at least in part on the first dynamic password matching a second dynamic password associated with the identifier.
  - 8. A method as recited in claim 6, wherein processing the request to purchase the item includes transmitting, to a second computing device associated with a different user who shares the identifier with a user associated with the request to purchase the item, third data comprising a notification, and receiving an approval of the request to purchase, and wherein the transaction processing service processes the request based at least in part on receiving the approval.
  - 9. A method as recited in claim 8, further comprising authenticating the different user before processing the request to purchase the item.
  - 10. A method as recited in claim 6, wherein the identifier associated with the payment instrument is free from information identifying the payment instrument.
  - 11. A method as recited in claim 6, wherein the identifier comprising the at least two grammatically correct words comprises a transaction phrase token issued by the transaction processing service and linked with the payment instrument by the transaction processing service.
  - 12. A method as recited in claim 6, wherein the identifier comprising the at least two grammatically correct words comprises a set of characters that has a secondary meaning to a user associated with the identifier.
  - 13. A method as recited in claim 6, wherein the identifier and the dynamic password are received in one of the group comprising a simultaneous manner and an asynchronous manner.
  - 14. A method as recited in claim 6, wherein the request to purchase the item is received from a user, and further comprising transmitting, to a second computing device associated with the user, third data comprising the dynamic password before the receiving of the dynamic password.
  - 15. A method as recited in claim 6, wherein the request to purchase the item is received from a user, and further comprising causing a token to be issued to the user, the token configured to generate the dynamic password.
  - 16. A method as recited in claim 6, wherein the dynamic password comprises a pseudo-random number that changes after one of the group comprising a predetermined time interval and a predetermined event.
  - 18. A method as recited in claim 6, wherein the item comprises one or more of a product, a service, or a digital download.

17. One or more computing devices comprising:
- one or more processors; and
  
  one or more computer-readable media storing computer-executable instructions that, when executed on the one or more processors, perform acts comprising;
  
  receiving, from a computing device and over a network, first data comprising a request to purchase an item;
  
  receiving, via a graphical user interface, second data comprising a dynamic password and an identifier linked with a payment instrument, wherein the identifier;
  
  comprises at least two grammatically correct words separated by a space, andis associated with one or more predefined rules specifying an item category or a transaction amount that is allowed when employing the identifier to conduct a transaction based on the request to purchase the item;
  
  accessing the one or more predefined rules associated with the identifier;
  
  based at least partly on the dynamic password, the identifier, and at least one of an amount of the transaction or an item category of the item, performing one of;
  
  processing the request to purchase the item;
  
  declining the request to purchase the item;
  
  or implementing one or more other authorization procedures.

19. A method comprising:
- receiving, from a computing device and by a transaction processing service, first data associated with a request to conduct a transaction for an item, wherein the request comprises an identifier that is linked with a payment instrument, the identifier being associated with one or more predefined rules specifying an item category or a transaction amount that is allowed when employing the identifier to conduct the transaction and comprising two grammatically correct words separated by a space;
  
  receiving second data associated with the dynamic password;
  
  accessing the one or more predefined rules associated with the identifier; and
  
  processing, by the transaction processing service, the requested transaction based at least in part on the identifier, at least one of the amount of the transaction or the item category of the item satisfying a predefined rule of the one or more predefined rules, and the dynamic password.
- View Dependent Claims (20, 21)
- - 20. A method as recited in claim 19, wherein the identifier comprising the two grammatically correct words comprises a set of characters that has a secondary meaning to a user associated with the identifier.
  - 21. A method as recited in claim 19, wherein the dynamic password is a first dynamic password, and wherein the processing the requested transaction is based at least in part on the first dynamic password matching a second dynamic password associated with the identifier.

22. One or more computing devices comprising:
- one or more processors; and
  
  one or more computer-readable media storing computer-executable instructions that, when executed on the one or more processors, perform acts comprising;
  
  receiving, from a computing device, first data associated with a request to conduct a transaction for an item, wherein the request includes an identifier that is linked with a payment instrument, the identifier being associated with one or more predefined rules specifying an item category or a transaction amount that is allowed when employing the identifier to conduct the transaction and comprising two grammatically correct words separated by a space;
  
  receiving second data associated with a dynamic password;
  
  accessing at least one of an amount of the transaction or an item category of the item associated with a predefined rule of the one or more predefined rules associated with the identifier; and
  
  based at least in part on the identifier, a comparison between at least one of the amount of the transaction or the item category of the item with the one or more predefined rules, and the received dynamic password, performing one of;
  
  processing the request to conduct the transaction for the item;
  
  declining the request to conduct the transaction for the item;
  
  orimplementing one or more other authorization procedures.

23. A system comprising:
- one or more processors;
  
  memory;
  
  an identifier issuer, stored in the memory and executable on the one or more processors, to issue a transaction phrase token to a user, the transaction phrase token;
  
  (i) comprising two grammatically correct words separated by a space, (ii) being associated with one or more predefined rules specifying an item category or a transaction amount that is allowed when employing the identifier to conduct transactions, and (iii) being linked with a payment instrument such that the transaction phrase token links to the payment instrument as a proxy for the payment instrument; and
  
  a transaction authorization engine, stored in the memory and executable on the one or more processors, to;
  
  receive, from a computing device, first data associated with a request from the user to conduct a transaction for an item;
  
  receive second data associated with a first dynamic password and the transaction phrase token;
  
  access third data associated with a second dynamic password associated with the transaction phrase token; and
  
  determine an approval decision associated with the transaction based at least in part on at least one of an amount of the transaction or an item category of the item complying with a predefined rule of the one or more predefined rules associated with the transaction phrase token.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. A system as recited in claim 23, wherein the first dynamic password comprises a one-time password.
  - 25. A system as recited in claim 23, wherein determining the approval decision comprises at least one of:
    - (i) approving the requested transaction based on one of the first dynamic password matching the second dynamic password and at least one of the amount of the transaction being at or below the transaction amount specified by the one or more predefined rules, or the first dynamic password matching the second dynamic password and the item category of the item matching the item category specified by the one or more predefined rules, and (ii) declining the requested transaction based on at least one of;
      
      the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the one or more predefined rules, or the item category of the item not matching the item category specified by the one or more predefined rules.
  - 26. A system as recited in claim 23, wherein the second dynamic password comprises a pseudo-random identifier that changes after one of the group comprising a predetermined time interval and a predetermined event.
  - 27. A system as recited in claim 23, further comprising a dynamic password issuer to issue the dynamic password to the user in response to receiving a request for a dynamic password.
  - 28. A system as recited in claim 23, wherein the request to conduct the transaction further comprises a request to purchase the item from an online item catalog provided by an e-commerce merchant.

29. A method comprising:
- receiving, by a computing device, first data comprising a request to conduct a transaction for an item using an identifier as a proxy for a payment instrument, and a dynamic password, wherein the identifier is associated with one or more predefined rules specifying an item category or a transaction amount that is allowed when employing the identifier to conduct the requested transaction, wherein the identifier comprises two grammatically correct words separated by a space;
  
  accessing second data associated with at least one of an amount of the requested transaction or an item category of the item that is associated with a predefined rule of the one or more predefined rules associated with the identifier; and
  
  determine an approval decision associated with the requested transaction based at least in part on the identifier, at least one of the amount of the requested transaction or the item category of the item in relation to the predefined rule of the one or more predefined rules, and the dynamic password.
- View Dependent Claims (30, 31, 32)
- - 30. A method as recited in claim 29, wherein the requested transaction comprises a request to purchase the item from an item catalog.
  - 31. A method as recited in claim 29, wherein the identifier is linked with the payment instrument but is free from information identifying the payment instrument.
  - 32. A method as recited in claim 29, wherein the identifier comprising the two grammatically correct words comprises a set of characters that has a secondary meaning to a user associated with the identifier.

33. One or more non-transitory computer-readable media storing computer-executable instructions that, when executed on one or more processors, perform acts comprising:
- receiving, at a transaction processing service and from a computing device, first data associated with a request to purchase an item offered in an item catalog;
  
  receiving second data associated with the a user-created reusable pass-phrase and a first dynamic password, wherein the user-created reusable pass-phrase;
  
  (i) comprises at least two grammatically correct words separated by a space, (ii) is associated with one or more predefined rules specifying an item category or a transaction amount that is allowed when employing the pass-phrase to conduct a transaction based on the request to purchase the item, and (iii) links to a payment instrument so that the pass-phrase acts as a proxy for the payment instrument;
  
  accessing third data associated with a second dynamic password accessible by the transaction processing service;
  
  accessing fourth data associated with at least one of the one or more predefined rules associated with the pass-phrase;
  
  based at least partly on the second dynamic password and the one or more predefined rules, performing one of;
  
  transmitting an approval of the transaction based at least partly on;
  
  (i) the first dynamic password matching the second dynamic password and (ii) at least one of the amount of the transaction being at or below the transaction amount specified by the one or more predefined rules or the item category of the item matching the item category specified by the one or more predefined rules;
  
  transmitting a rejection of the transaction based at least partly on-at least one of the following;
  
  the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the one or more predefined rules, or the item category of the item not matching the item category specified by the one or more predefined rules;
  
  orimplementing one or more other authorization procedures based at least partly on at least one of the following;
  
  the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the one or more predefined rules, or the item category of the item not matching the item category specified by the one or more predefined rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Agarwal, Amit, Oates, Isaac, Coughlin, Chesley
Primary Examiner(s)
Reagan, James A

Application Number

US12/165,081
Time in Patent Office

3,004 Days
Field of Search

705/64
US Class Current

1/1
CPC Class Codes

G06Q 20/102   Bill distribution or payments

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

Conducting transactions with dynamic passwords

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

190 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Conducting transactions with dynamic passwords

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

190 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others