US2018075452A1PendingUtilityA1

Online payer authentication service

66
Assignee: WELLER KEVIN DPriority: Apr 24, 2000Filed: Nov 20, 2017Published: Mar 15, 2018
Est. expiryApr 24, 2020(expired)· nominal 20-yr term from priority
G06Q 20/367G07F 7/1008G06Q 20/0855G06Q 20/04G06Q 20/027G06Q 20/3829G06Q 20/341G06Q 20/4014G06Q 20/355G06Q 20/382G07F 7/1016G06Q 20/3674G06Q 20/4012G06Q 20/12G06Q 20/40G06Q 20/02
66
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder's authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.

Claims

exact text as granted — not AI-modified
1 .- 22 . (canceled) 
     
     
         23 . A method including authenticating a cardholder during an online transaction with a requesting party, the method comprising:
 receiving a chip authentication request from an access control server at a cardholder computer in response to receipt of a cardholder authentication request by the access control server; and   transmitting a chip authentication response from the cardholder computer to the access control server that includes a cryptogram and a cardholder authentication password, the cryptogram being generated by a chip card and application in communication with the cardholder computer, the access control server thereafter generates a second cryptogram and compares the second cryptogram to the cryptogram, and determines that the cardholder authentication password matches a stored password that corresponds to a cardholder account identifier based on a first comparison, and determines that the cryptograms match based on a second comparison, whereby the access control server authenticates the cardholder for the requesting party during the online transaction.   
     
     
         24 . The method of  claim 23 , further comprising:
 transmitting data specific to the chip card to the access control server from the cardholder computer, and   wherein the access control server generates the second cryptogram using the data specific to the chip card.   
     
     
         25 . The method of  claim 23 , wherein the cardholder authentication password is not a personal identification number (PIN) for use with an ATM or POS device. 
     
     
         26 . The method of  claim 23 , wherein the online transaction is a payment transaction. 
     
     
         27 . The method of  claim 23 , wherein the requesting party is a merchant operating a merchant computer, and wherein prior to receiving the chip authentication request, a verify enrollment request is sent from the merchant computer at the access control server with the cardholder account identifier, and a verify enrollment response is sent from the control server to the merchant computer indicating the cardholder account identifier is enrolled. 
     
     
         28 . The method of  claim 23 , wherein the cardholder computer is a mobile telephone. 
     
     
         29 . The method of  claim 23 , wherein the cardholder computer comprises a distributed payment authentication service (PAS) module. 
     
     
         30 . The method of  claim 23 , further comprising:
 determining if the cardholder computer includes a chip card reader.   
     
     
         31 . The method of  claim 30 , further comprising:
 receiving the chip card at the chip card reader.   
     
     
         32 . The method of  claim 31 , wherein the access control server is configured to end the online transaction when the cardholder computer does not include the chip card reader. 
     
     
         33 . The method of  claim 23 , wherein the cardholder computer comprises a display device, a PIN pad or a keyboard entry device, and a card reader. 
     
     
         34 . A cardholder computer comprising a processor and a non-transitory computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor for implementing a method comprising
 receiving a chip authentication request from an access control server at the cardholder computer in response to receipt of a cardholder authentication request by the access control server; and   transmitting a chip authentication response from the cardholder computer to the access control server that includes a cryptogram and a cardholder authentication password, the cryptogram being generated by a chip card and application in communication with the cardholder computer, the access control server thereafter generates a second cryptogram and compares the second cryptogram to the cryptogram, and determines that the cardholder authentication password matches a stored password that corresponds to a cardholder account identifier based on a first comparison, and determines that the cryptograms match based on a second comparison, whereby the access control server authenticates the cardholder during an online transaction with a requesting party.   
     
     
         35 . The cardholder computer of  claim 34  wherein the method further comprises:
 transmitting data specific to the chip card to the access control server from the cardholder computer, and 
 wherein the access control server generates the second cryptogram using the data specific to the chip card. 
 
     
     
         36 . The cardholder computer of  claim 34 , wherein the cardholder authentication password is not a personal identification number (PIN) for use with an ATM or POS device. 
     
     
         37 . The cardholder computer of  claim 34 , wherein the online transaction is a payment transaction. 
     
     
         38 . The cardholder computer of  claim 34 , wherein the cardholder computer is a mobile telephone. 
     
     
         39 . The cardholder computer of  claim 34 , wherein the online transaction is a payment transaction. 
     
     
         40 . The cardholder computer of  claim 34 , wherein the cardholder computer comprises a display device, a PIN pad or a keyboard entry device, and a card reader.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.