US2016358175A1PendingUtilityA1

Online payer authentication service

62
Assignee: WELLER KEVIN DPriority: Apr 24, 2000Filed: Jul 21, 2016Published: Dec 8, 2016
Est. expiryApr 24, 2020(expired)· nominal 20-yr term from priority
G06Q 20/04G06Q 20/355G07F 7/1016G06Q 20/4012G06Q 20/341G06Q 20/3829G06Q 20/4014G06Q 20/367G06Q 20/40G06Q 20/382G06Q 20/3674G07F 7/1008G06Q 20/027G06Q 20/0855G06Q 20/02G06Q 20/12
62
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder's authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.

Claims

exact text as granted — not AI-modified
1 .- 2 . (canceled) 
     
     
         3 . In an online transaction system including an account holder and a merchant, a method for authenticating to the merchant that the account holder is authorized to use a payment instrument as part of an online transaction, wherein the method comprises:
 receiving a request to verify that the account holder is authorized to use the payment instrument;   determining, using a processor, whether the account holder has access to a secret code, wherein the secret code is sent by the account holder to a third party, wherein the third party can be an authentication service, and wherein access to the secret code verifies authority to use the payment instrument; and   transmitting to the merchant an authorization message including whether the account holder is authorized to use the payment instrument,   wherein the transmitting step is responsive to a determination of whether the account holder has access to the secret code.   
     
     
         4 . The method of  claim 3 , further comprising:
 applying account holder profile information to the online transaction.   
     
     
         5 . The method of  claim 3 , further comprising:
 storing a transaction receipt.   
     
     
         6 . The method of  claim 3  further comprising, prior to the online transaction, the authentication service performing the steps of:
 receiving a confirmation information which enables the authentication service to determine whether the account holder has access to the secret code; and 
 storing the confirmation information, 
 wherein the step of determining whether the account holder has access to the secret code comprises: retrieving the confirmation information; and using the confirmation information to determine whether the account holder has access to the secret code. 
 
     
     
         7 . The method of  claim 3 , wherein the step of receiving the request to verify that the account holder is authorized to use the payment instrument includes:
 receiving the request as a result of an offer from the account holder to use the payment instrument.   
     
     
         8 . The method of  claim 3 , wherein the online transaction system is an internet HTTP-based web system. 
     
     
         9 . The method of  claim 8 , wherein the determining whether the account holder has access to the secret code comprises:
 transmitting to the account holder a challenge request requesting proof that the account holder has access to the secret code;   receiving from the account holder a password to prove that the account holder has access to the secret code; and   determining on the basis of the password whether the account holder has access to the secret code.   
     
     
         10 . The method of  claim 9 , wherein the challenge request further comprises:
 a description of the online transaction for which the payment instrument is to be used; and   a request for the account holder's consent to use the payment instrument for the online transaction.   
     
     
         11 . A software program product for authenticating to a merchant that an account holder is authorized to use a payment instrument as part of an online transaction, the software executable by a processor for implementing a method comprising:
 receiving a request to verify that the account holder is authorized to use the payment instrument;   determining whether the account holder has access to a secret code, wherein the secret code is sent by the account holder to a third party, wherein the third party can be an authentication service, and wherein access to the secret code verifies authority to use the payment instrument; and   transmitting to the merchant an authorization message including whether the account holder is authorized to use the payment instrument,   wherein the transmitting step is responsive to the determination of whether the account holder has access to the secret code.   
     
     
         12 . The software program product of  claim 11 , wherein the method further comprises:
 applying account holder profile information to the online transaction.   
     
     
         13 . The software program product of  claim 11 , wherein the method further comprises:
 storing a transaction receipt.   
     
     
         14 . The software program product of  claim 11 , wherein the determining whether the account holder has access to the secret code comprises:
 retrieving the confirmation information; and   using the confirmation information to determine whether the account holder has access to the secret code.   
     
     
         15 . The software program product of  claim 11 , wherein the determining whether the account holder has access to the secret code comprises:
 transmitting to the account holder a challenge request requesting proof that the account holder has access to the secret code;   receiving from the account holder a password to prove that the account holder has access to the secret code; and   determining on the basis of the password whether the account holder has access to the secret code.   
     
     
         16 . The software program product of  claim 15 , wherein the challenge request further comprises:
 a description of the online transaction for which the payment instrument is to be used; and   a request for the account holder's consent to use the payment instrument for the online transaction.   
     
     
         17 . A payment authentication system comprising:
 a computer comprising a processor and a computer-readable storage medium coupled to the processor, the computer readable storage medium comprising code executable by the processor for implementing a method comprising:   receiving a request to verify that an account holder is authorized to use a payment instrument;   determining whether the account holder has access to a secret code, wherein the secret code is sent by the account holder to a third party, wherein the third party can be an authentication service, and wherein access to the secret code verifies authority to use the payment instrument; and   transmitting to the merchant an authorization message including whether the account holder is authorized to use the payment instrument,   wherein the transmitting step is responsive to the determination of whether the account holder has access to the secret code.   
     
     
         18 . The system of  claim 17 , wherein the authentication service is further adapted for storing a transaction receipt of use of the payment instrument. 
     
     
         19 . The system of  claim 17 , wherein the authentication service is coupled to the merchant using an internet HTTP-based web system.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.