Method to Manage Pending Transactions, and a System Thereof
US-2024394718-A1 · Nov 28, 2024 · US
Authentication for a commercial transaction using a mobile module
US8996423B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-8996423-B2 |
| Application number | US-37914306-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 18, 2006 |
| Priority date | Apr 19, 2005 |
| Publication date | Mar 31, 2015 |
| Grant date | Mar 31, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Current embodiments provide for authorization and payment of an online commercial transaction between a purchaser and a merchant including verification of an identity of the purchaser and verification of an ability of the purchaser to pay for the transaction, where the identity provider and the payment provider are often different network entities. Other embodiments also provide for protocols, computing systems, and other mechanisms that allow for identity and payment authentication using a mobile module, which establishes single or multilevel security over an untrusted network (e.g., the Internet). Still other embodiments also provide for a three-way secure communication between a merchant, consumer, and payment provider such that sensitive account information is opaque to the merchant, yet the merchant is sufficiently confident of the consumer's ability to pay for requested purchases. In yet another embodiment, electronic billing information is used for authorization, auditing, payment federation, and other purposes.
First claim
Opening claim text (preview).
We claim: 1. At a first computing device in a distributed network environment, a method of authenticating the first computing device to a second computing device using a mobile module of a third computing device which is connected to the first computing device, the method, which is performed by the first computing device, comprising: obtaining a network security token to establish transport level secure communication between a first computing device and a second computing device by performing the following: sending a request for the network security token to the mobile infrastructure via the second computing device over the network other than the radio network of the mobile infrastructure; receiving at the first computing device a network level challenge response from the mobile module; in response to the network level challenge, creating at the first computing device a response; sending the response from the first computing device to the mobile infrastructure; receiving at the first computer a network security token; sending from the first computer encrypted session keys to the mobile module; receiving at the first computer unencrypted session keys from the mobile module; and establishing with the network security token a multilevel secure communication between the first computing device and the second computing device by performing the following: sending a request for a user token to the mobile infrastructure via the second computing device over the network other than the radio network of the mobile infrastructure; receiving at the first computing device a challenge from the mobile infrastructure; sending from the first computing device the received challenge to a mobile module of the third computing device; receiving at the first computing device a request for user credentials from the mobile module; at the first computing device prompting the user for and receiving the credentials; sending from the first computing device the credentials to the mobile module; receiving at the first computing device a challenge response sent from the mobile module; in response to the challenge, creating at the first computing device a response, and signing or encrypting the response with the network security token; sending the response from the first computing device to the mobile infrastructure; receiving at the first computing device a user token from the mobile infrastructure that includes encrypted user keys; sending from the first computing device the encrypted user keys to the mobile module; receiving at the first computing device unencrypted user keys from the mobile module; and at the first computing device, signing or encrypting one or more requests with the unencrypted user keys; sending from the first computing device to the second computing device the one or more requests; in response to the one or more requests, the first computing device receiving from the second computing device one or more service tokens. 2. The method of claim 1 wherein the mobile module is a subscriber identity module (SIM) card. 3. The method of claim 1 wherein the third computing device is connected to the first computing device via one of a wired or wireless connection. 4. The method of claim 3 wherein the wired connection is a USB connection and the wireless connection is a Bluetooth connection. 5. The method of claim 1 wherein the network is the internet. 6. The method of claim 1 wherein the credentials are encrypted using the session keys that were received in the network security token. 7. The method of claim 1 , further comprising: receiving one or more service tokens from the second computing device. 8. The method of claim 7 , wherein at least one of the one or more service tokens includes information that identifies the mobile module. 9. The method of claim 7 , wherein at least one of the one or more service tokens includes information regarding the identity of the user. 10. The method of claim 7 , wherein at least one of the one or more service tokens includes information that verifies the ability of the user to pay for services provided by a third party server. 11. The method of claim 7 , further comprising: sending at least one of the one or more service tokens to a third party server to authenticate the identity of the user in a request to access a service provided on the third party server. 12. One or more computer storage media, each comprising hardware storing computer executable instructions which when executed by a processor perform a method, on a first computing device in a distributed network environment, for authenticating the first computing device to a second computing device using a mobile module of a third computing device which is connected to the first computing device, the method comprising: obtaining a network security token to establish transport level secure communication between a first computing device and a second computing device by performing the following: sending a request for the network security token to the mobile infrastructure via the second computing device over the network other than the radio network of the mobile infrastructure; receiving at the first computing device a network level challenge response from the mobile module; in response to the network level challenge, creating at the first computing device a response; sending the response from the first computing device to the mobile infrastructure; receiving at the first computer a network security token; sending from the first computer encrypted session keys to the mobile module; receiving at the first computer unencrypted session keys from the mobile module; and establishing with the network security token a multilevel secure communication between the first computing device and the second computing device by performing the following: sending a request for a user token to the mobile infrastructure via the second computing device over the network other than the radio network of the mobile infrastructure; receiving at the first computing device a challenge from the mobile infrastructure; sending from the first computing device the received challenge to a mobile module of the third computing device; receiving at the first computing device a request for user credentials from the mobile module; at the first computing device prompting the user for and receiving the credentials; sending from the first computing device the credentials to the mobile module; receiving at the first computing device a challenge response sent from the mobile module; in response to the challenge, creating at the first computing device a response, and signing or encrypting the response with the network security token ; sending the response from the first computing device to the mobile infrastructure; receiving at the first computing device a user token from the mobile infrastructure that includes encrypted user keys; sending from the first computing device the encrypted user keys to the mobile module; receiving at the first computing device unencrypted user keys from the mobile module; and at the first computing device, signing or encrypting one or more requests with the unencrypted user keys; sending from the first computing device to the second computing device the one or more requests; in response to the one or more requests, the first computing device receiving from the second computing device one or more service tokens. 13. The one or more computer storage media of claim 12 wherein the mobile module is a subscriber identity module (SIM) card. 14. The one or more computer storage media of claim 12 wherein the third c
Assignees
Inventors
Classifications
- G06Q20/02Primary
involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] · CPC title
- G06Q20/3829Primary
involving key management · CPC title
Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists · CPC title
Electronic shopping [e-shopping] · CPC title
specially adapted for electronic shopping systems · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US8996423B2 cover?
- Current embodiments provide for authorization and payment of an online commercial transaction between a purchaser and a merchant including verification of an identity of the purchaser and verification of an ability of the purchaser to pay for the transaction, where the identity provider and the payment provider are often different network entities. Other embodiments also provide for protocols, …
- Who is the assignee on this patent?
- Johnson Bruce E, Webster-Lam Chung, Microsoft Corp
- What technology area does this patent fall under?
- Primary CPC classification G06Q20/02. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 31 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).