Methods and apparatus for conducting electronic transactions
Abstract
A system and method for conducting electronic commerce are disclosed. In various embodiments, the electronic transaction is a purchase transaction. A user is provided with an intelligent token, such as a smartcard containing a digital certificate. The intelligent token suitably authenticates with a server on a network that conducts all or portions of the transaction on behalf of the user. In various embodiments a wallet server interacts with a security server to provide enhanced reliability and confidence in the transaction. In various embodiments, the wallet server includes a toolbar. In various embodiments, the digital wallet pre-fills forms. Forms may be pre-filled using an auto-remember component.
Claims
exact text as granted — not AI-modified1 - 20 . (canceled)
21 . A method of authentication of a user device, the method comprising:
receiving, by a first server comprising a processor and a memory, a request message from a user device; formatting, by the first server, a challenge message; sending, by the first server and to the user device, the challenge message indicating a challenge for the user device and initiating a challenge response from the user device; receiving, by the first server, a response message provided by the user device after processing of the challenge, the response message comprising the challenge response; verifying, by the first server, the user device based on data in the response message; and generating, by the first server, a security token in response to a successful verification of the user device, wherein the security token can be used to bypass subsequent authentication attempts by the user device.
22 . The method of claim 21 , wherein the challenge message initiates a challenge response message from a wallet client running on the user device.
23 . The method of claim 21 , wherein the content of the received response message is generated, based at least in part, on a personal identifier received at the user device.
24 . The method of claim 21 , wherein verifying the user device based on the data in the response message comprises routing the response message to an authorization server.
25 . The method of claim 21 , wherein the data in the response message comprises a certificate and a signature.
26 . The method of claim 21 , wherein the challenge message comprises random data.
27 . The method of claim 21 , wherein the security token is stored by the first server.
28 . The method of claim 21 , further comprising sending the security token to the user device.
29 . A non-transitory computer readable medium having instructions stored thereon that, in response to execution by a first server comprising a processor and a memory, cause the first server to perform steps including:
receiving a request message from a user device; formatting a challenge message; sending, to the user device, the challenge message indicating a challenge for the user device and initiating a challenge response from the user device; receiving a response message provided by the user device after processing of the challenge, the response message comprising the challenge response; verifying the user device based on data in the response message; and generating a security token in response to a successful verification of the user device, wherein the security token can be used to bypass subsequent authentication attempts by the user device.
30 . The non-transitory computer readable medium of claim 29 , wherein the challenge message initiates a challenge response message from a wallet client running on the user device.
31 . The non-transitory computer readable medium of claim 29 , wherein the content of the received response message is generated, based at least in part, on a personal identifier received at the user device.
32 . The non-transitory computer readable medium of claim 29 , wherein verifying the user device based on the data in the response message comprises routing the response message to an authorization server.
33 . The non-transitory computer readable medium of claim 29 , wherein the data in the response message comprises a certificate and a signature.
34 . The non-transitory computer readable medium of claim 29 , wherein the challenge message comprises random data.
35 . The non-transitory computer readable medium of claim 29 , wherein the security token is stored by the first server.
36 . The non-transitory computer readable medium of claim 29 , having further instructions stored thereon that, in response to execution by the first server, further cause the first server to perform a step of sending the security token to the user device.
37 . A system comprising:
a first computing device comprising a processor; a memory communicatively coupled to the first computing device, the memory having instructions stored thereon that, in response to execution by the processor, at least cause the first computing device to:
receive a request message from a user device;
format a challenge message;
send, to the user device, the challenge message indicating a challenge for the user device and initiating a challenge response from the user device;
receive a response message provided by the user device after processing of the challenge, the response message comprising the challenge response;
verify the user device based on data in the response message; and
generate a security token in response to a successful verification of the user device, wherein the security token can be used to bypass subsequent authentication attempts by the user device.
38 . The system of claim 37 , wherein the challenge message initiates a challenge response message from a wallet client running on the user device.
39 . The system of claim 37 , wherein the content of the received response message is generated, based at least in part, on a personal identifier received at the user device.
40 . The system of claim 37 , wherein verifying the user device based on the data in the response message comprises routing the response message to an authorization server.
41 . The system of claim 37 , wherein the data in the response message comprises a certificate and a signature.
42 . The system of claim 37 , wherein the challenge message comprises random data.
43 . The system of claim 37 , wherein the security token is stored by the first computing device.
44 . The system of claim 37 , wherein the memory has further instructions stored thereon that, in response to execution by the processor, cause the first computing device to send the security token to the user device.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.