Online payer authentication service
Abstract
A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder's authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.
Claims
exact text as granted — not AI-modified1 .- 22 . (canceled)
23 . A method including authenticating a cardholder during an online transaction with a requesting party, the method comprising:
receiving a chip authentication request from an access control server at a cardholder computer in response to receipt of a cardholder authentication request by the access control server; and transmitting a chip authentication response from the cardholder computer to the access control server that includes a cryptogram and a cardholder authentication password, the cryptogram being generated by a chip card and application in communication with the cardholder computer, the access control server thereafter generates a second cryptogram and compares the second cryptogram to the cryptogram, and determines that the cardholder authentication password matches a stored password that corresponds to a cardholder account identifier based on a first comparison, and determines that the cryptograms match based on a second comparison, whereby the access control server authenticates the cardholder for the requesting party during the online transaction.
24 . The method of claim 23 , further comprising:
transmitting data specific to the chip card to the access control server from the cardholder computer, and wherein the access control server generates the second cryptogram using the data specific to the chip card.
25 . The method of claim 23 , wherein the cardholder authentication password is not a personal identification number (PIN) for use with an ATM or POS device.
26 . The method of claim 23 , wherein the online transaction is a payment transaction.
27 . The method of claim 23 , wherein the requesting party is a merchant operating a merchant computer, and wherein prior to receiving the chip authentication request, a verify enrollment request is sent from the merchant computer at the access control server with the cardholder account identifier, and a verify enrollment response is sent from the control server to the merchant computer indicating the cardholder account identifier is enrolled.
28 . The method of claim 23 , wherein the cardholder computer is a mobile telephone.
29 . The method of claim 23 , wherein the cardholder computer comprises a distributed payment authentication service (PAS) module.
30 . The method of claim 23 , further comprising:
determining if the cardholder computer includes a chip card reader.
31 . The method of claim 30 , further comprising:
receiving the chip card at the chip card reader.
32 . The method of claim 31 , wherein the access control server is configured to end the online transaction when the cardholder computer does not include the chip card reader.
33 . The method of claim 23 , wherein the cardholder computer comprises a display device, a PIN pad or a keyboard entry device, and a card reader.
34 . A cardholder computer comprising a processor and a non-transitory computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor for implementing a method comprising
receiving a chip authentication request from an access control server at the cardholder computer in response to receipt of a cardholder authentication request by the access control server; and transmitting a chip authentication response from the cardholder computer to the access control server that includes a cryptogram and a cardholder authentication password, the cryptogram being generated by a chip card and application in communication with the cardholder computer, the access control server thereafter generates a second cryptogram and compares the second cryptogram to the cryptogram, and determines that the cardholder authentication password matches a stored password that corresponds to a cardholder account identifier based on a first comparison, and determines that the cryptograms match based on a second comparison, whereby the access control server authenticates the cardholder during an online transaction with a requesting party.
35 . The cardholder computer of claim 34 wherein the method further comprises:
transmitting data specific to the chip card to the access control server from the cardholder computer, and
wherein the access control server generates the second cryptogram using the data specific to the chip card.
36 . The cardholder computer of claim 34 , wherein the cardholder authentication password is not a personal identification number (PIN) for use with an ATM or POS device.
37 . The cardholder computer of claim 34 , wherein the online transaction is a payment transaction.
38 . The cardholder computer of claim 34 , wherein the cardholder computer is a mobile telephone.
39 . The cardholder computer of claim 34 , wherein the online transaction is a payment transaction.
40 . The cardholder computer of claim 34 , wherein the cardholder computer comprises a display device, a PIN pad or a keyboard entry device, and a card reader.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.