System and method for authorization of transactions

US 8,352,376 B2
Filed: 10/10/2006
Issued: 01/08/2013
Est. Priority Date: 10/11/2005
Status: Active Grant

First Claim

Patent Images

1. A system for an Internet-based transaction authorization service using Short Message Service (SMS) text messages for secure communication between multiple parties, comprising:

means for registering users equipped with Internet-enabled mobile devices to establish at least two codes, including one code for authenticating communications from a particular user to the transaction authorization service and another code for authenticating communications from the transaction authorization service to the particular user;

means for establishing a payment account for the particular user;

means for receiving, via an SMS communications channel, an SMS message to initiate a payment transaction from the particular user'"'"'s payment account to another account;

means for contacting the particular user via a different communications channel than the SMS communications channel on which the SMS message is received to confirm authorization for the payment transaction, wherein contacting the particular user via the different communications channel comprises supplying the code for authenticating communications from the transaction authorization service to the particular user;

means for receiving a reply to said contacting from the particular user including the code for authenticating communications from the particular user to the transaction authorization service;

means for authorizing, by the transaction authorization service, the payment transaction based on said reply from the particular user; and

means for performing the payment transaction if authorized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for authorizing transactions, such as payments or money transfers. A transaction authorization mechanism may be provided through which a transaction initiated via a first communications channel may be authorized through a second, separate communications channel or mechanism. A source entity may initiate a transaction to a target entity via a first communications channel to a transaction authorization service. The transaction authorization service may confirm the transaction with the source entity via a second communications channel. Various embodiments may use different communications channels, for example conventional telephone systems, mobile/cellular phone systems, and text messaging systems as the first or second communications channels. After the transaction has been authorized via the second communications channel, the transaction authorization service and/or the source entity may contact the target entity to inform the target entity of the transaction. The target entity may then complete the transaction.

122 Citations

75 Claims

1. A system for an Internet-based transaction authorization service using Short Message Service (SMS) text messages for secure communication between multiple parties, comprising:
- means for registering users equipped with Internet-enabled mobile devices to establish at least two codes, including one code for authenticating communications from a particular user to the transaction authorization service and another code for authenticating communications from the transaction authorization service to the particular user;
  
  means for establishing a payment account for the particular user;
  
  means for receiving, via an SMS communications channel, an SMS message to initiate a payment transaction from the particular user'"'"'s payment account to another account;
  
  means for contacting the particular user via a different communications channel than the SMS communications channel on which the SMS message is received to confirm authorization for the payment transaction, wherein contacting the particular user via the different communications channel comprises supplying the code for authenticating communications from the transaction authorization service to the particular user;
  
  means for receiving a reply to said contacting from the particular user including the code for authenticating communications from the particular user to the transaction authorization service;
  
  means for authorizing, by the transaction authorization service, the payment transaction based on said reply from the particular user; and
  
  means for performing the payment transaction if authorized.

2. A method, comprising:
- receiving, at a transaction authorization service, an initiation of a transaction between a source entity and a target entity via a first communications channel, wherein the initiation of a transaction is received from either the source entity or the target entity, wherein the source entity and the target entity are different and distinct entities,wherein the transaction authorization service is operated by another entity that is different and distinct from the source entity and the target entity;
  
  sending a request for authorization of the transaction from the transaction authorization service to a communications device of the source entity, wherein said sending comprises sending the request for authorization via a second communications channel, wherein the second communications channel is not the first communication channel,wherein the request for authorization includes a security phrase prearranged between the source entity and the transaction authorization service, wherein the security phrase indicates to the source entity that the request for authorization is an authentic message from the transaction authorization service;
  
  receiving, at the transaction authorization service, a response to the request for authorization from the source entity, wherein the response includes information for authorizing the transaction; and
  
  the transaction authorization service authorizing the transaction based on the information for authorizing the transaction included in the response from the source entity.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 3. The method as recited in claim 2, further comprising the transaction authorization service informing the target entity of the authorized transaction.
  - 4. The method as recited in claim 3, further comprising the transaction authorization service completing the transaction between the source entity and the target entity.
  - 5. The method as recited in claim 4, wherein said completing the transaction between the source entity and the target entity comprises receiving, at the transaction authorization service, a response to said informing the target entity of the authorized transaction.
  - 6. The method as recited in claim 4, wherein said completing the transaction between the source entity and the target entity comprises registering the target entity with the transaction authorization service to obtain an account for the target entity with the transaction authorization service.
  - 7. The method as recited in claim 4, wherein said completing the transaction between the source entity and the target entity comprises transferring funds from an account of the source entity to an account of the target entity.
  - 8. The method as recited in claim 7, wherein the account of the source entity and the account of the target entity are with the transaction authorization service.
  - 9. The method as recited in claim 7, wherein at least one of the account of the source entity and the account of the target entity is with a financial institution separate from the transaction authorization service.
  - 10. The method as recited in claim 2, further comprising the transaction authorization service informing the target entity of the authorized transaction.
  - 11. The method as recited in claim 2, further comprising the source entity informing the target entity of the authorized transaction.
  - 12. The method as recited in claim 2, wherein the initiation of the transaction includes information identifying the source entity.
  - 13. The method as recited in claim 2, wherein the initiation of the transaction includes information identifying the target entity and a monetary amount to be transferred from the source entity to the target entity.
  - 14. The method as recited in claim 2, wherein the transaction is a transferal of funds from the source entity to the target entity.
  - 15. The method as recited in claim 2, wherein the information for authorizing the transaction is an identifier associated with the source entity.
  - 16. The method as recited in claim 15, wherein the identifier is a personal identification number (PIN).
  - 17. The method as recited in claim 2, further comprising registering the source entity with the transaction authorization service to obtain an account for the source entity with the transaction authorization service.
  - 18. The method as recited in claim 17, wherein said registering comprises the source entity specifying an identifier to be included in responses to requests for authorization of transactions to authorize the transactions.
  - 19. The method as recited in claim 17, wherein said registering comprises the source entity specifying a telephone number associated with the second communications channel used in authorizing transactions.
  - 20. The method as recited in claim 2, wherein the request for authorization of the transaction includes information identifying the request as being from the transaction authorization service.
  - 21. The method as recited in claim 20, wherein the information identifying the request as being from the transaction authorization service includes a security phrase known by the source entity.
  - 22. The method as recited in claim 2, wherein the communications device associated with the source entity is a cellular telephone.
  - 23. The method as recited in claim 2, wherein the second communications channel is a telephone communications channel.
  - 24. The method as recited in claim 2, wherein the second communications channel is a cellular telephone communications channel.
  - 25. The method as recited in claim 2, wherein the second communications channel is a text messaging communications channel.
  - 26. The method as recited in claim 25, wherein the text messaging communications channel is implemented in accordance with Short Message Service (SMS) protocol.
  - 27. The method as recited in claim 2, wherein the first communications channel is a voice communications channel.
  - 28. The method as recited in claim 2, wherein the first communications channel is a cellular telephone communications channel.
  - 29. The method as recited in claim 2, wherein the first communications channel is a text messaging communications channel.
  - 30. The method as recited in claim 29, wherein the text messaging communications channel is implemented in accordance with Short Message Service (SMS) protocol.
  - 31. The method as recited in claim 2, wherein the first communications channel is a text messaging communications channel, and wherein the second communications channel is a voice communications channel.
  - 32. The method as recited in claim 2, wherein the transaction authorization service is implemented as a web service, and wherein communications on the first communications channel are in accordance with a web services interface to the transaction authorization service.
  - 33. The method as recited in claim 2, wherein the transaction authorization service is implemented as a web service, and wherein communications on the second communications channel are in accordance with a web services interface to the transaction authorization service.
  - 34. The method as recited in claim 2, wherein the transaction authorization service is implemented as a web service, and wherein communications between the target entity and the transaction authorization service are in accordance with a web services interface to the transaction authorization service.

35. A system, comprising:
- a processor; and
  
  a memory comprising program instructions, wherein the program instructions are executable by the processor to implement a transaction authorization service configured to;
  
  receive an initiation of a transaction between a source entity and a target entity via a first communications channel, wherein the initiation of a transaction is received from either the source entity or the target entity, wherein the source entity and the target entity are different and distinct entities,wherein the transaction authorization service is operated by another entity that is different and distinct from the source entity and the target entity;
  
  send a request for authorization of the transaction from the transaction authorization service to a communications device associated with the source entity via a second communications channel, wherein the second communications channel is not the first communications channel,wherein the request for authorization includes a security phrase prearranged between the source entity and the transaction authorization service, wherein the security phrase indicates to the source entity that the request for authorization is an authentic message from the transaction authorization service;
  
  receive a response to the request for authorization from the source entity, wherein the response includes information for authorizing the transaction; and
  
  authorize the transaction based on the information for authorizing the transaction included in the response from the source entity.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
- - 36. The system as recited in claim 35, wherein the transaction authorization service is further configured to inform the target entity of the authorized transaction.
  - 37. The system as recited in claim 36, wherein the transaction authorization service is further configured to receive a response to said informing the target entity of the authorized transaction.
  - 38. The system as recited in claim 35, wherein the transaction authorization service is further configured to complete the transaction between the source entity and the target entity.
  - 39. The system as recited in claim 38, wherein, to complete the transaction between the source entity and the target entity, the transaction authorization service is further configured to register the target entity with the transaction authorization service to generate an account for the target entity with the transaction authorization service.
  - 40. The system as recited in claim 38, wherein, to complete the transaction between the source entity and the target entity, the transaction authorization service is further configured to initiate the transferal of funds from an account of the source entity to an account of the target entity.
  - 41. The system as recited in claim 40, wherein the account of the source entity and the account of the target entity are with the transaction authorization service.
  - 42. The system as recited in claim 40, wherein at least one of the account of the source entity and the account of the target entity is with a financial institution separate from the transaction authorization service.
  - 43. The system as recited in claim 35, wherein the initiation of the transaction includes one or more of information identifying the source entity, information identifying the target entity, and a monetary amount to be transferred from the source entity to the target entity.
  - 44. The system as recited in claim 35, wherein the transaction is a transferal of funds from the source entity to the target entity.
  - 45. The system as recited in claim 35, wherein the information for authorizing the transaction is an identifier associated with the source entity.
  - 46. The system as recited in claim 35, wherein the transaction authorization service is further configured to register the source entity with the transaction authorization service to obtain an account for the source entity with the transaction authorization service, wherein said registering comprises:
    - generating an identifier for the source entity to be included in responses to requests for authorization of transactions to authorize the transactions; and
      
      obtaining a telephone number associated with the second communications channel used in authorizing transactions from the source entity.
  - 47. The system as recited in claim 35, wherein the request for authorization of the transaction includes information identifying the request as being from the transaction authorization service.
  - 48. The system as recited in claim 35, wherein the second communications channel is a cellular telephone communications channel, and wherein the communications device associated with the source entity is a cellular phone.
  - 49. The system as recited in claim 35, wherein the second communications channel is one of a voice communications channel and a text messaging communications channel.
  - 50. The system as recited in claim 35, wherein the second communications channel is text messaging communications channel.
  - 51. The system as recited in claim 35, wherein the first communications channel is one of a voice communications channel and a text messaging communications channel.
  - 52. The system as recited in claim 35, wherein the first communications channel is a text messaging communications channel, and wherein the second communications channel is a voice communications channel.
  - 53. The system as recited in claim 35, wherein the transaction authorization service is implemented as a web service, and wherein communications on the first communications channel are in accordance with a web services interface to the transaction authorization service.
  - 54. The system as recited in claim 35, wherein the transaction authorization service is implemented as a web service, and wherein communications on the second communications channel are in accordance with a web services interface to the transaction authorization service.
  - 55. The system as recited in claim 35, wherein the transaction authorization service is implemented as a web service, and wherein communications between the target entity and the transaction authorization service are in accordance with a web services interface to the transaction authorization service.

56. A non-transitory computer-accessible storage medium comprising program instructions, wherein the program instructions are configured to implement a transaction authorization service configured to:
- receive an initiation of a transaction between a source entity and a target entity via a first communications channel, wherein the initiation of a transaction is received from either the source entity or the target entity, wherein the source entity and the target entity are different and distinct entities,wherein the transaction authorization service is operated by another entity that is different and distinct from the source entity and the target entity;
  
  send a request for authorization of the transaction from the transaction authorization service to a communications device associated with the source entity via a second communications channel, wherein the second communications channel is not the first communications channel,wherein the request for authorization includes a security phrase prearranged between the source entity and the transaction authorization service, wherein the security phrase indicates to the source entity that the request for authorization is an authentic message from the transaction authorization service;
  
  receive a response to the request for authorization from the source entity, wherein the response includes information for authorizing the transaction; and
  
  authorize the transaction based on the information for authorizing the transaction included in the response from the source entity.
- View Dependent Claims (57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75)
- - 57. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the transaction authorization service is further configured to inform the target entity of the authorized transaction.
  - 58. The non-transitory computer-accessible storage medium as recited in claim 57, wherein the transaction authorization service is further configured to receive a response to said informing the target entity of the authorized transaction.
  - 59. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the transaction authorization service is further configured to complete the transaction between the source entity and the target entity.
  - 60. The non-transitory computer-accessible storage medium as recited in claim 59, wherein, to complete the transaction between the source entity and the target entity, the transaction authorization service is further configured to register the target entity with the transaction authorization service to generate an account for the target entity with the transaction authorization service.
  - 61. The non-transitory computer-accessible storage medium as recited in claim 59, wherein, to complete the transaction between the source entity and the target entity, the transaction authorization service is further configured to initiate the transferal of funds from an account of the source entity to an account of the target entity.
  - 62. The non-transitory computer-accessible storage medium as recited in claim 61, wherein the accounts of the source entity and the account of the target entity are with the transaction authorization service.
  - 63. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the initiation of the transaction includes one or more of information identifying the source entity, information identifying the target entity, and a monetary amount to be transferred from the source entity to the target entity.
  - 64. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the transaction is a transferal of funds from the source entity to the target entity.
  - 65. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the information for authorizing the transaction is an identifier associated with the source entity.
  - 66. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the transaction authorization service is further configured to register the source entity with the transaction authorization service to obtain an account for the source entity with the transaction authorization service, wherein said registering comprises:
    - generating an identifier for the source entity to be included in responses to request for authorization of transactions to authorize the transactions; and
      
      obtaining a telephone number associated with the second communications channel used in authorizing transactions from the source entity.
  - 67. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the request for authorization of the transaction included information identifying the request as being from the transaction authorization service.
  - 68. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the second communications channel is a cellular telephone communications channel, and wherein the communications device associated with the source entity is a cellular telephone.
  - 69. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the second communications channel is one of a voice communications channel and a text messaging communications channel.
  - 70. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the second communications channel is a text messaging communications channel.
  - 71. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the first communications channel is one of a voice communications channel and a text messaging communications channel.
  - 72. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the first communications channel is a text messaging communications channel, and wherein the second communications channel is a voice communications channel.
  - 73. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the transaction authorization service is implemented as a web service, and wherein communications on the first communications channel are in accordance with a web services interface to the transaction authorization service.
  - 74. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the transaction authorization service is implemented as a web service, and wherein communications on the second communications channel are in accordance with a web services interface to the transaction authorization service.
  - 75. The non-transitory computer-accessible storage medium as recited in claim 56, wherein the transaction authorization service is implemented as a web service, and wherein communications between the target entity and the transaction authorization service are in accordance with a web services interface to the transaction authorization service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Yuen, Philip, Huang, Chih-Jen, Yuen, Gerald
Primary Examiner(s)
Kramer, James
Assistant Examiner(s)
CHEUNG, CALVIN K

Application Number

US11/546,030
Publication Number

US 20070107044A1
Time in Patent Office

2,282 Days
Field of Search

705/64, 902/2, 902/4
US Class Current

705/64
CPC Class Codes

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/425   using two different network...

H04L 63/18   using different networks or...

System and method for authorization of transactions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

122 Citations

75 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authorization of transactions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

122 Citations

75 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links