Mobile Account Authentication Service
Abstract
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as with the use of tokens. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder's authenticity has been verified. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages via the Internet are described. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages through voice and messaging channels is also described.
Claims
exact text as granted — not AI-modified1 .- 37 . (canceled)
38 . A method comprising:
communicating with a requesting party computer, by an Internet-capable mobile device of a user, the requesting party computer thereafter communicating with a trusted party computer to determine if authentication can be performed with the Internet-capable mobile device; receiving, by the Internet-capable mobile device from the requesting party computer, an authentication request message from the requesting party computer; transmitting, by the Internet-capable mobile device, the authentication request message to a trusted party computer; receiving, by the Internet-capable mobile device, a request for an authenticating token; receiving, by the Internet-capable mobile device, the authenticating token from the user; transmitting, by the Internet-capable mobile device, the authenticating token to the trusted party computer; receiving, by the Internet-capable mobile device, an authentication response message from the trusted party computer; and transmitting, by the Internet-capable mobile device, the authentication response message to the requesting party computer.
39 . The method of claim 38 , wherein the authentication request message is a condensed payer authentication request message, and wherein the authentication response message is a condensed payer authentication response message.
40 . The method of claim 39 , wherein the condensed payer authentication request message contains less data than a full payer authentication request message, and wherein the condensed payer authentication response message contains less data than a full payer authentication response message.
41 . The method of claim 40 , wherein the requesting party computer creates the full payer authentication response message after receiving the condensed payer authentication response message.
42 . The method of claim 38 , wherein the requesting party computer is a merchant computer comprising a merchant plug-in.
43 . The method of claim 38 , wherein the requesting party computer thereafter communicates with a trusted party computer via a directory server to determine if authentication can be performed with the Internet-capable mobile device.
44 . The method of claim 38 , wherein the requesting party computer initiates a payment authorization process for the user after receiving the authentication response message.
45 . An Internet-capable mobile device of a user, comprising:
a processor; and a computer readable medium, the computer readable medium comprising code, executable by the processor, for implementing a method comprising: communicating with a requesting party computer, by the Internet-capable mobile device of a user, the requesting party computer thereafter communicating with a trusted party computer to determine if authentication can be performed with the Internet-capable mobile device, receiving, by the Internet-capable mobile device from the requesting party computer, an authentication request message from the requesting party computer; transmitting, by the Internet-capable mobile device, the authentication request message to a trusted party computer, receiving, by the Internet-capable mobile device, a request for an authenticating token, receiving, by the Internet-capable mobile device, the authenticating token from the user, transmitting, by the Internet-capable mobile device, the authenticating token to the trusted party computer, receiving, by the Internet-capable mobile device, an authentication response message from the trusted party computer, and transmitting, by the Internet-capable mobile device, the authentication response message to the requesting party computer.
46 . The Internet-capable mobile device of claim 45 , wherein the authentication request message is a condensed payer authentication request message, and wherein the authentication response message is a condensed payer authentication response message.
47 . The Internet-capable mobile device of claim 46 , wherein the condensed payer authentication request message contains less data than a full payer authentication request message, and wherein the condensed payer authentication response message contains less data than a full payer authentication response message.
48 . The Internet-capable mobile device of claim 47 , wherein the requesting party computer creates the full payer authentication response message after receiving the condensed payer authentication response message.
49 . The Internet-capable mobile device of claim 45 , wherein the requesting party computer is a merchant computer comprising a merchant plug-in.
50 . The Internet-capable mobile device of claim 45 , wherein the requesting party computer thereafter communicates with a trusted party computer via a directory server to determine if authentication can be performed with the Internet-capable mobile device.
51 . The Internet-capable mobile device of claim 45 , wherein the Internet-capable mobile device is a mobile phone.
52 . A method comprising:
receiving, by a requesting party computer, a communication from an Internet-capable mobile device of a user to conduct a transaction; communicating, by the requesting party computer with a trusted party computer, to determine if the Internet-capable mobile device is capable of being used in an authentication process, the trusted party computer thereafter authenticating the user; transmitting, an authentication request message to the trusted party computer; receiving, by the requesting party computer, an authentication response message from the trusted party computer; and initiating, an authorization process for the transaction after receiving the authentication response message.
53 . The method of claim 52 , wherein the authentication request message is a condensed payer authentication request message, and wherein the authentication response message is a condensed payer authentication response message.
54 . The method of claim 53 , wherein the condensed payer authentication request message contains less data than a full payer authentication request message, and wherein the condensed payer authentication response message contains less data than a full payer authentication response message.
55 . The method of claim 54 , wherein the requesting party computer creates the full payer authentication response message after receiving the condensed payer authentication response message.
56 . The method of claim 52 , wherein the requesting party computer is a merchant computer comprising a merchant plug-in.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.