System and method for global internet digital identification
First Claim
Patent Images
1. A method for verifying an identity of an ID holder, comprising the stepsproviding a central switch in communication with a first network and a second network;
- receiving, into the central switch, identification data from the first network, wherein the identification data has been provided by the ID holder and transmitted into the first network;
controlling the central switch to use the identification data to generate an authorization request message having a format suitable for transmission through the second network;
controlling the central switch to transmit the authorization request message into the second network to an ID issuer;
receiving, into the central switch, an authorization response message from the second network, wherein the authorization response message has been generated by the ID issuer in response to the authorization request message;
controlling the central switch to use the authorization response message to generate an output response message having a format suitable for transmission through the first network;
controlling the central switch to transmit the output response message into the first network;
storing secret data which is shared with the ID holder;
receiving, by the ID issuer, the authorization request message;
using, by the ID issuer, the secret data to perform an authentication operation upon the authorization request message, thereby generating the authorization response message; and
transmitting, by the ID issuer, the authorization response message through the second network to the central switch, wherein;
the identification data includes a result of a first cryptographic operation;
the authorization response message includes a result of a second cryptographic operation;
the first network comprises an international network;
the second network comprises a trusted network;
the central switch comprises a secure electronic transaction gateway;
the authorization response message includes at least one of an indication of authorization and an indication of denial of authorization;
the authorization response message includes information about the ID holder;
the authorization response message includes a password suitable for enabling the ID holder to access a web site;
the identification data includes at least one of a payment amount field and a validation level amount field;
the authorization request message has a 0100 chip format;
the authorization response message has a 0110 format;
the output response message has an EMV format; and
the identification data does not include a payment account number, said method further comprising the steps of;
issuing a digital ID to the ID holder, wherein the identification data is generated by the digital ID;
using the output response message to decide whether to provide a service to the ID holder;
using the secret data to generate a cryptographic transaction certificate;
storing transaction data related to at least one of the identification data, the authorization request message, the authentication operation, the authorization response message, and the output response message, said transaction data including said transaction certificate;
incorporating the transaction certificate into payment transaction data;
using the payment transaction data to initiate a payment;
collecting a fee from an ID requestor which has transmitted the identification data into the first network; and
distributing at least one share of the fee to at least one ID issuer.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for authenticating a digital ID can utilize a central switch to transmit data between a network connected to a service provider and a network connected to a digital ID issuer. The system can be configured to provide a “yes/no” authorization or a validation at a selected validation level. The system can receive an encrypted authorization request message, and can generate an encrypted authorization response message. The authorization response message can be used by the service provider to decide whether to provide a service to a digital ID holder.
184 Citations
2 Claims
-
1. A method for verifying an identity of an ID holder, comprising the steps
providing a central switch in communication with a first network and a second network; -
receiving, into the central switch, identification data from the first network, wherein the identification data has been provided by the ID holder and transmitted into the first network;
controlling the central switch to use the identification data to generate an authorization request message having a format suitable for transmission through the second network;
controlling the central switch to transmit the authorization request message into the second network to an ID issuer;
receiving, into the central switch, an authorization response message from the second network, wherein the authorization response message has been generated by the ID issuer in response to the authorization request message;
controlling the central switch to use the authorization response message to generate an output response message having a format suitable for transmission through the first network;
controlling the central switch to transmit the output response message into the first network;
storing secret data which is shared with the ID holder;
receiving, by the ID issuer, the authorization request message;
using, by the ID issuer, the secret data to perform an authentication operation upon the authorization request message, thereby generating the authorization response message; and
transmitting, by the ID issuer, the authorization response message through the second network to the central switch, wherein;
the identification data includes a result of a first cryptographic operation;
the authorization response message includes a result of a second cryptographic operation;
the first network comprises an international network;
the second network comprises a trusted network;
the central switch comprises a secure electronic transaction gateway;
the authorization response message includes at least one of an indication of authorization and an indication of denial of authorization;
the authorization response message includes information about the ID holder;
the authorization response message includes a password suitable for enabling the ID holder to access a web site;
the identification data includes at least one of a payment amount field and a validation level amount field;
the authorization request message has a 0100 chip format;
the authorization response message has a 0110 format;
the output response message has an EMV format; and
the identification data does not include a payment account number, said method further comprising the steps of;
issuing a digital ID to the ID holder, wherein the identification data is generated by the digital ID;
using the output response message to decide whether to provide a service to the ID holder;
using the secret data to generate a cryptographic transaction certificate;
storing transaction data related to at least one of the identification data, the authorization request message, the authentication operation, the authorization response message, and the output response message, said transaction data including said transaction certificate;
incorporating the transaction certificate into payment transaction data;
using the payment transaction data to initiate a payment;
collecting a fee from an ID requestor which has transmitted the identification data into the first network; and
distributing at least one share of the fee to at least one ID issuer.
-
-
2. A system for verifying an identity of an ID holder, comprising a central switch in communication with a first network and a second network, said central switch being configured to perform the steps of:
-
receiving identification data from the first network;
using the identification data to generate an authorization request message having a format suitable for transmission through the second network;
transmitting the authorization request message through the second network;
receiving, from the second network, an authorization response message generated in response to the authorization request message;
using the authorization response message to generate an output message having a format suitable for transmission through the first network; and
transmitting the output message through the first network, the system further comprising an ID issuer configured to perform the steps of;
storing secret data which is shared with the ID holder;
receiving the authorization request message from the central switch, through the second network;
using the secret data to perform an authentication operation upon the authorization request message, thereby generating the authorization response message; and
transmitting the authorization response message to the central switch, through the second network, the system further comprising an ID requester, wherein;
the identification data includes a result of a first cryptographic operation;
the authorization response message includes a result of a second cryptographic operation;
the first network comprises an international network;
the second network comprises a trusted network;
the central switch comprises a secure electronic transaction gateway;
the authorization response message includes at least one of an indication of authorization and an indication of denial of authorization;
the authorization response message includes information about the ID holder;
the authorization response message includes a password suitable for enabling the ID holder to access a web site;
the identification data includes at least one of a payment amount field and a validation level amount field;
the authorization request message has a 0100 chip format;
the authorization response message has a 0110 format;
the output message has an EMV format;
the identification data does not include a payment account number;
the ID issuer is configured to issue a digital ID to the ID holder, wherein the identification data is generated by the digital ID;
the ID requestor is configured to use the output message to decide whether to provide a service to the ID holder;
at least one of the central switch and the ID issuer is further configured to store transaction data related to at least one of the identification data, the authorization request message, the authentication operation, the authorization response message, and the output response message, said transaction data including a cryptographic transaction certificate;
at least one of the central switch and the ID issuer is further configured to perform the steps of;
incorporating the transaction certificate into payment transaction data; and
using the payment transaction data to initiate a payment; and
the central switch is further configured to perform the steps of;
collecting a fee from the ID requester; and
distributing at least one share of the fee to at least one ID issuer.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMastercard International Incorporated (MasterCard Incorporated)
-
Original AssigneeMastercard International Incorporated (MasterCard Incorporated)
-
InventorsWankmueller, John, Harris, Michael D. S.
-
Primary Examiner(s)Sheikh, Ayaz
-
Assistant Examiner(s)Song, Hosuk
-
Application NumberUS09/680,006Time in Patent Office1,202 DaysField of Search713/200-202, 713/172, 713/185, 713/168, 713/150, 713/170, 713/153, 713/155-156, 713/160-161, 713/175, 713/179, 705/39-44, 705/64-67, 705/70, 705/75-76, 705/78, 705/79, 705/200-202, 705/50, 705/26US Class Current713/175CPC Class CodesG06Q 20/02 involving a neutral party, ...G06Q 20/027 involving a payment switch ...G06Q 20/04 Payment circuitsG06Q 20/4014 Identity check for transact...G06Q 20/4037 Remote solvency checksG07F 7/08 by coded identity card or c...
