Account authentication service with chip card
First Claim
1. A method of authenticating a cardholder during an online transaction for a requesting party, said method comprising:
- receiving, at a trusted party access control server, a cardholder authentication request originating from a merchant computer said cardholder authentication request including a cardholder account identifier and being routed to the trusted party access control server from the merchant computer via the cardholder computer;
sending a chip authentication request from said trusted party access control server to said cardholder computer in response to receipt of the cardholder authentication request at the trusted party access control server;
receiving a chip authentication response from said cardholder computer at said access control server that includes a cryptogram and a cardholder authentication password, said cryptogram being generated by a chip card and application in communication with said cardholder computer;
generating a second cryptogram at said access control server and comparing said second cryptogram to said cryptogram;
determining, by said access control server, that said cardholder authentication password matches a stored password that corresponds to said cardholder account identifier based on a first comparison;
determining that said cryptograms match based on a second comparison; and
responsive to the first and second comparisons, sending, via said cardholder computer, a cardholder authentication response from said trusted party access control server to said merchant computer indicating that said chip card and said cardholder authentication password are authentic, whereby said access control server authenticates said cardholder for said requesting party during said online transaction.
1 Assignment
0 Petitions
Accused Products
Abstract
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder'"'"'s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder'"'"'s authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.
127 Citations
17 Claims
-
1. A method of authenticating a cardholder during an online transaction for a requesting party, said method comprising:
-
receiving, at a trusted party access control server, a cardholder authentication request originating from a merchant computer said cardholder authentication request including a cardholder account identifier and being routed to the trusted party access control server from the merchant computer via the cardholder computer; sending a chip authentication request from said trusted party access control server to said cardholder computer in response to receipt of the cardholder authentication request at the trusted party access control server; receiving a chip authentication response from said cardholder computer at said access control server that includes a cryptogram and a cardholder authentication password, said cryptogram being generated by a chip card and application in communication with said cardholder computer; generating a second cryptogram at said access control server and comparing said second cryptogram to said cryptogram; determining, by said access control server, that said cardholder authentication password matches a stored password that corresponds to said cardholder account identifier based on a first comparison; determining that said cryptograms match based on a second comparison; and responsive to the first and second comparisons, sending, via said cardholder computer, a cardholder authentication response from said trusted party access control server to said merchant computer indicating that said chip card and said cardholder authentication password are authentic, whereby said access control server authenticates said cardholder for said requesting party during said online transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An access control server comprising a processor and a non-transitory computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor for implementing a method comprising
receiving, at the access control server, a cardholder authentication request originating from a merchant computer said cardholder authentication request including a cardholder account identifier and being routed to the access control server from the merchant computer via the cardholder computer; -
sending a chip authentication request from said access control server to said cardholder computer in response to receipt of the cardholder authentication request at the access control server; receiving a chip authentication response from said cardholder computer at said access control server that includes a cryptogram and a cardholder authentication password, said cryptogram being generated by a chip card and application in communication with said cardholder computer; generating a second cryptogram at said access control server and comparing said second cryptogram to said cryptogram; determining, by said access control server, that said cardholder authentication password matches a stored password that corresponds to said cardholder account identifier based on a first comparison; determining that said cryptograms match based on a second comparison; and responsive to the first and second comparisons, sending, via said cardholder computer, a cardholder authentication response from said access control server to said merchant computer indicating that said chip card and said cardholder authentication password are authentic, whereby said access control server authenticates said cardholder for a requesting party during an online transaction. - View Dependent Claims (15, 16, 17)
-
Specification