Distributed tokenization using several substitution steps
US-9219716-B2 · Dec 22, 2015 · US
Data authentication and provisioning method and system
US10679453B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10679453-B2 |
| Application number | US-201113198395-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 4, 2011 |
| Priority date | Sep 10, 2002 |
| Publication date | Jun 9, 2020 |
| Grant date | Jun 9, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques for authenticating the identity and validating the profile of an individual (“a presenter”) who presents him or herself to another party (“an acceptor”) as having a certain identity and having certain corresponding profile data are described. The invention can be advantageously used in Internet transactions where such authentication and validation is difficult to perform. The techniques of the present invention allow the trusted party to give a definitive answer regarding the authentication of identity and validity of profile data. Other services such as profile data provisioning and profile data updating can also be performed.
First claim
Opening claim text (preview).
We claim: 1. A method comprising: receiving, by a directory server, a service enrollment request message from an acceptor server plug-in that received form data supplied by a presenter including an address of the presenter, the service enrollment request message requesting verification that the presenter is enrolled in a profile data authentication program, wherein the service enrollment request message comprises a program identity number; sending, by the directory server, the service enrollment request message to an access control server storing profile data of the presenter including the address of the presenter; receiving, by the directory server, a service enrollment response message indicating that the presenter is enrolled in the profile data authentication program; sending, by the directory server, the service enrollment response message to the acceptor server plug-in, to cause the acceptor server plug-in to send a data authentication request message to the access control server via a device of the presenter, the data authentication request message including the form data supplied by the presenter including the address of the presenter; and determining, by the directory server, that the program identity number is within a range of numbers associated with the access control server, wherein the sending of the service enrollment request message to the access control server is performed in response to the determining that the program identity number is within the range of numbers associated with the access control server. 2. The method of claim 1 wherein the access control server comprises a presenter file database. 3. The method of claim 1 wherein if the presenter is enrolled in the profile data authentication program, then the method further comprises: receiving a data authentication request from the acceptor server plug-in. 4. The method of claim 1 wherein if the presenter is enrolled in the profile data authentication program, then the method further comprises: receiving a data authentication request from the acceptor server plug-in; and sending the data authentication request to the access control server. 5. The method of claim 1 wherein if the presenter is enrolled in the profile data authentication program, then the method further comprises: receiving a data authentication request from the acceptor server plug-in; sending the data authentication request to the access control server; receiving a data authentication response from the access control server; and sending the data authentication response to the acceptor server plug-in. 6. The method of claim 5 wherein the presenter is a consumer, the access control server is operated by a bank, and the acceptor server plug-in is operated by a merchant. 7. The method of claim 5 wherein the data authentication request and response messages pass through the device operated by the presenter. 8. The method of claim 7 , further comprising initiating a payment transaction of the presenter, after sending the data authentication response to the acceptor server plug-in by the directory server. 9. A system comprising: a directory server that performs operations including: receiving a service enrollment request message from an acceptor server plug-in that received form data supplied by a presenter including an address of the presenter, the service enrollment request message requesting verification that the presenter is enrolled in a profile data authentication program, wherein the service enrollment request message comprises a program identity number, sending the service enrollment request message to an access control server storing profile data of the presenter including the address of the presenter, receiving a service enrollment response message indicating that the presenter is enrolled in the profile data authentication program, sending the service enrollment response message to the acceptor server plug-in, determining that the program identity number is within a range of numbers associated with the access control server, wherein the sending of the service enrollment request message to the access control server is performed in response to the determining that the program identity number is within the range of numbers associated with the access control server; and an acceptor server comprising an acceptor server plug-in configured to: in response to receiving the service enrollment response message, send a data authentication request message to the access control server via a device of the presenter, the data authentication request message including the form data supplied by the presenter including the address of the presenter, and receive a response to the data authentication request message from the device operated by the presenter. 10. The system of claim 9 further comprising the access control server, wherein the access control server comprises a presenter file database. 11. The system of claim 9 , further comprising: the device operated by the presenter, wherein the device is configured to: receive a data authentication request from the acceptor server plug-in. 12. The system of claim 9 , further comprising: the device operated by the presenter, wherein the device is configured to: receive a data authentication request from the acceptor server plug-in; and send the data authentication request to the access control server. 13. The system of claim 9 , further comprising: the device operated by the presenter, wherein the device is configured to: receive a data authentication request from the acceptor server plug-in; send the data authentication request to the access control server; receive a data authentication response from the access control server; and send the data authentication response to the acceptor server plug-in. 14. The system of claim 13 wherein the presenter is a consumer, the access control server is operated by a bank, and the acceptor server plug-in is operated by a merchant.
Assignees
Inventors
Classifications
Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists · CPC title
using encryption therefor · CPC title
involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] · CPC title
using certificates · CPC title
Identity check for transactions · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10679453B2 cover?
- Techniques for authenticating the identity and validating the profile of an individual (“a presenter”) who presents him or herself to another party (“an acceptor”) as having a certain identity and having certain corresponding profile data are described. The invention can be advantageously used in Internet transactions where such authentication and validation is difficult to perform. The techniq…
- Who is the assignee on this patent?
- Dominguez Benedicto H, Manessis Thomas J, Rutherford Melody L, and 3 more
- What technology area does this patent fall under?
- Primary CPC classification G07F7/1008. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 09 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).