Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 1 of 41
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 1 of 41
`
`
`
`EXHIBIT D
`EXHIBIT D
`
`

`

`US007827115B2
`
`(12)
`
`United States Patent
`Weller et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7827,115 B2
`Nov. 2, 2010
`
`(54) ONLINE PAYER AUTHENTICATION
`SERVICE
`
`5,420,926 A
`5,442,342 A
`
`5/1995 Low et al.
`8/1995 Kung
`
`(75) Inventors: Kevin D. Weller, San Francisco, CA
`(US); Stephen W. Ryan, Half Moon
`Bay, CA (US); Peter R. Hill, Montecito,
`CA (US); Thomas J. Manessis, Pacifica,
`CA (US); Tony D. Lewis, Castro Valley,
`CA (US); Benedicto H. Dominguez,
`San Bruno, CA (US); Peter Bray, Castro
`Valley, CA (US); James Donald Reno,
`Scotts Valley, CA (US)
`(73) Assignee: Yis yielservice Association,
`oster City,
`
`(*) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 718 days.
`
`(21) Appl. No.: 09/842,313
`
`(Continued)
`FOREIGN PATENT DOCUMENTS
`
`EP
`
`O 896 284
`
`2, 1999
`
`(Continued)
`OTHER PUBLICATIONS
`O'Mahony, Donal et al. “Electronic Payment Systems” (1997).
`Artech House, Inc., Norwood, MA. pp. 61-142.*
`(Continued)
`Primary Examiner Jalatee Worloh
`(74) Attorney, Agent, or Firm Beyer Law Group LLP
`
`(65)
`
`Prior Publication Data
`US 20O2/O 111919 A1
`Aug. 15, 2002
`
`Related U.S. Application Data
`(60) Provisional application No. 60/199,727, filed on Apr
`24, 2000
`s 1
`s
`s
`(51) Int. Cl
`GoGo 99/00
`(52) U.S. Cl
`
`(2006.01)
`705/78: 705/64: 705/72:
`
`A payment authentication service authenticates the identity
`of a payer during online transactions. The authentication ser
`vice of the present invention allows a card issuer to verify a
`cardholder's identity using a variety of authentication meth
`ods, such as the use of passwords. Also, the only system
`participant requiring a certificate is the issuing financial insti
`tution. One embodiment of the invention for authenticating
`the identity of a cardholder during an online transaction
`involves querying an access control server to determine if a
`requests a password from the cardholder, Verifies the pass
`(58) Field of Classification Search ............. '957, word, and notifies a merchant whether the cardholder's
`S
`lication file f
`1
`hhi
`authenticity has been verified. In another aspect of the inven
`ee application file for complete search history.
`tion, a chip card and the authentication service independently
`References Cited
`generate cryptograms that must match in order for the service
`to verify that the correct chip card is being used by the card
`U.S. PATENT DOCUMENTS
`holder.
`
`Oa -
`
`- - -
`
`- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
`
`s
`
`s 705/44
`
`cardholder is enrolled in the payment authentication service,
`
`(56)
`
`5,163,098 A 11/1992 Dahbura
`5,267,315 A 11/1993 Narita et al.
`
`38 Claims, 16 Drawing Sheets
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 2 of 41
`
`102 Y
`lsser Domain
`
`108 - "S
`
`Enrollment
`
`Cardholder
`w
`client
`Device
`
`issuer
`110 SEgint E.
`
`W8
`
`Server
`
`System
`
`112
`
`---
`Account 1
`older File
`
`Issuer or 3rd
`party identity
`autheritication
`database
`
`18
`
`p
`Internet PayTert
`Gateway SE -- 124
`
`118
`
`Telecommunications
`Network
`
`128
`
`Settlement System * - 138
`issuer's Authorization
`
`
`
`- 122
`114
`u?
`
`a- 10C
`
`108 y
`Acquirer Domain
`
`Merchant - 132
`Y
`Merchant
`-
`EN-134
`
`104
`M
`
`interoperability
`Domain
`
`Directory
`
`128
`
`3.
`
`Receipt File
`
`Vidation
`Sever
`
`- 138
`
`receipt
`Mgr.
`
`131
`
`Payer Authentication
`Service (PAS) Architecture
`
`

`

`US 7,827,115 B2
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`1, 1996 Colbert
`5,485,510 A
`8/1996 Cheng et al.
`5,544,322 A
`9/1997 Elgamal
`5,671,279 A
`5,684.950 A 1 1/1997 Dare et al.
`5,712,913 A
`1/1998 Chaum
`5,778,065 A
`7/1998 Hauser et al.
`5,793,028 A
`8/1998 Wagener et al.
`5,815,665 A
`9/1998 Teper et al.
`5,826,241. A 10/1998 Stein et al.
`5,826,245 A 10/1998 Sandberg-Diment
`5,835,896 A 1 1/1998 Fisher et al.
`5,845,070 A 12/1998 Ikudome
`5,845,265 A 12/1998 Woolston
`5,883,810 A
`3, 1999 Franklin et al.
`5,884,272 A
`3, 1999 Walker et al.
`5,903,721 A
`5/1999 Sixtus
`5,903,878 A
`5, 1999 Talati et al.
`5,903,882 A
`5/1999 Asay et al. .................... TOS/44
`5,909,492 A
`6/1999 Payne et al.
`5,930,777 A
`7, 1999 Barber
`5,970.475 A 10, 1999 Barnes et al. ................. 705/27
`5.991,738 A
`1 1/1999 Ogram
`5.999,596 A 12/1999 Walker et al.
`6,016,476 A
`1/2000 Maes et al.
`6,029,141 A
`2/2000 Bezos et al.
`6,047,268 A
`4/2000 Bartoli et al.
`6,052,675 A
`4/2000 Checchio
`6,070,241 A
`5, 2000 Edwards et al.
`6,076,078 A
`6/2000 Camp et al.
`6,078,902 A
`6, 2000 Schenkler
`6,098,053 A
`8, 2000 Slater
`6,122,624 A
`9, 2000 Tetro et al.
`6,167,378 A 12/2000 Webber, Jr.
`6,202,051 B1
`3, 2001 Hill
`6,205,437 B1
`3/2001 Gifford
`6,236,981 B1
`5/2001 Hill
`6,243,691 B1
`6/2001 Fisher et al.
`6,247,129 B1
`6/2001 Keathley et al.
`6,260,024 B1
`7/2001 Shkedy
`6,270,011 B1
`8/2001 Gottfried
`6,327,578 B1
`12/2001 Linehan
`6,327,587 B1
`12/2001 Forster
`6,381.316 B2
`4/2002 Joyce et al.
`6,427,132 B1
`7/2002 Bowman-Amuah
`6,629,081 B1
`9/2003 Cornelius et al.
`6,675,153 B1
`1/2004 Cook et al.
`6.704,714 B1
`3/2004 O'Leary et al.
`6,735,572 B2
`5/2004 Landesmann
`6,820.202 B1
`1 1/2004 Wheeler et al.
`6,839,692 B2
`1/2005 Carrott et al.
`6,879,965 B2
`4/2005 Fung et al.
`6,889.325 B1
`5/2005 Sipman et al.
`6,931,382 B2
`8/2005 Laage et al.
`6,938,019 B1
`8, 2005 UZO
`6,941,282 B1
`9/2005 Johnson
`6,941,285 B2
`9/2005 Sarcanin
`7,069,249 B2
`6/2006 Stolfo et al.
`7, 177,838 B1
`2/2007 Ling, Marvin T.
`7, 177,849 B2
`2/2007 Fieschi et al.
`7,249,093 B1
`7/2007 King
`7,318,048 B1
`1/2008 King
`7.356,502 B1
`4/2008 LaBadie et al.
`2001/0014158 A1
`8/2001 Baltzley
`2001/0029496 A1* 10, 2001 Otto et al. ..................... 705/74
`2001/0039535 A1 11/2001 Tsiounis et al.
`2001/0042051 A1 11/2001 Barrett et al.
`2001/0044787 A1 11/2001 Shwartz et al.
`2001/0051902 A1 12/2001 Messner
`2001/0054003 A1 12/2001 Chien et al.
`2002fOOO7352 A1
`1/2002 Fieschi et al.
`2002/00 19811 A1
`2/2002 Lapsley et al.
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 3 of 41
`
`2/2002 Bari et al. ................... T31,201
`2002/0023059 A1
`6, 2002 Fox et al.
`2002fOO69174 A1
`7/2002 Lake et al.
`2002/0091646 A1
`9, 2002 Nambiar et al.
`2002/O128977 A1
`2002/0169.720 A1 11, 2002 Wilson et al.
`2002/0174062 A1 11/2002 Sines et al.
`2002/0188574 A1 12/2002 Niwa
`2003/0097.451 A1
`5/2003 Bjorksten et al.
`2003/O120615 A1
`6, 2003 Kuo
`2003. O144952 A1
`7, 2003 Brown et al.
`2003. O149781 A1
`8, 2003 Yared et al.
`2003/0200184 A1 10/2003 Dominguez et al.
`2003/0208.684 A1 11/2003 Camacho et al.
`2003/0212642 A1 11/2003 Weller et al.
`2004.0002903 A1
`1/2004 Stolfo et al.
`2004/00 19563 A1
`1/2004 Sines et al.
`2004/0044627 A1
`3/2004 Russell et al.
`2004/0078328 A1
`4/2004 Talbert et al.
`2004/0083184 A1
`4/2004 Tsuei et al.
`2004/0177047 A1
`9, 2004 Graves et al.
`2004/0230536 A1 1 1/2004 Fung et al.
`2004/0243520 A1 12/2004 Bishop et al.
`2005/0065855 A1
`3, 2005 Geller
`2005, 0131826 A1* 6/2005 Cook .....................
`2005/0192896 A1
`9, 2005 Hutchison et al.
`2006/0143119 A1* 6/2006 Krueger et al................. 705/39
`2006/0242058 A1 10, 2006 Torto
`
`TO5/44
`
`
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`EP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`WO
`
`2, 1999
`O 896 284 A
`1/2003
`1271. 435 A2
`11, 1997
`11-43780
`4f1998
`1O-313488
`12/1998
`2000-184085
`11, 1999
`2000-236353
`3, 2000
`2000-076336
`4/2000
`2001-313979
`6, 2000
`2001-344550
`9, 2000
`2000-142398
`3, 2001
`2001-291.032
`6, 2001
`2002-91473
`4/2002
`2003-044771 A
`2002-366784. A 12/2002
`2002-109409 A
`2, 2003
`2004-088534 A
`3, 2004
`WO92, 11598
`7, 1992
`WO99,42961
`8, 1999
`WO99,42961 A
`8, 1999
`WO99/46881
`9, 1999
`OO 67143
`4/2000
`WO/OO45349
`8, 2000
`WOOOf 67143
`11, 2000
`WOO1/O7873 A2
`2/2001
`WOO1? 13275
`2, 2001
`WOO1? 13275 A1
`2, 2001
`0.178493 A2
`4, 2001
`O1821.90
`4/2001
`WOO1,3718O
`5, 2001
`WOO1 (48628
`T 2001
`WOO1,63878 A1
`8/2001
`WOO1,672O1 A2
`9, 2001
`WOO1? 69549 A1
`9, 2001
`WOO1,78493 A 10, 2001
`WOO1,78493 A2 10, 2001
`WOO1,78493 A2 10, 2001
`WOO1f993.78 A 12/2001
`WO O2/O3285
`1, 2002
`WO O2/O3285 A1
`1/2002
`WOO2.21464
`3, 2002
`O3,O90027 A2 10, 2003
`2003/090027 A2 10/2003
`WOO3/107242 A1 12/2003
`
`

`

`US 7,827,115 B2
`Page 3
`
`WO WO 2004/0796.03
`
`9, 2004
`
`OTHER PUBLICATIONS
`Linn, “Practical Authentication for Distributed Computing.” May
`7-9, 1999, 1999 IEEE Computer Society Symposium on Research in
`Security and Privacy, Oakland, CA.
`Sherman et al., “Secure Network Access. Using Multiple Applica
`tions of AT&T's SmartCard.” Sep./Oct. 1994, AT&T Technical Jour
`nal.
`Leach, “Dynamic Authentication for Smartcards.” 1995, Computers
`& Security, vol. 14, No. 5, pp. 385-389.
`Ganesan, “The Yaksha Security System.” Mar. 1996, Communica
`tions of the ACM, vol.39, No. 3, pp.55-60.
`Zhou et al., “A Fair Non-Repudiation Protocol.” May 6-8, 1996, 1996
`IEEE Symposium on Security and Privacy, pp.55-61 Oaldand, CA.
`Bakker, "Mutual Authentication with Smart Cards.” May 10-11,
`1999, Proceedings of the USENIX Workshop on Smartcard Technol
`ogy (Smartcard 99), pp. 63-74, Chicago, Illinois.
`http://www.orbiscom.com, Jun. 30, 2000.
`Dominguez et al., “Online Account Authentication Service.” U.S.
`Appl. No. 10/156.271, filed May 24, 2002, 75 pages.
`Dominguez et al., “Data Authentication and Provisioning Method
`and System.” U.S. Appl. No. 10/660,263, filed Sep. 10, 2003, 26
`pageS.
`Gerber et al., “Multiple Party Benefit from an Online Authentication
`Service.” U.S. Appl. No. 10/838,719, filed May 3, 2004, 67 pages.
`Dominguez et al., “Mobile Account Authentication Service.” U.S.
`Appl. No. 10/370,149, filed Feb. 19, 2003. 81 pages.
`United States District Court for the Northern District of Texas; Civil
`Action No. CIV 3-03CVO976-L: “Defendants' Preliminary Invalid
`ity Contentions'; Starpay.com, L.L.C. Plaintiffs vs. Visa Interna
`tional Service Associate and Visa U.S.A. Inc., Defendants; May 28,
`2004,
`Supplementary European Search Report; Feb. 9, 2006; PCT/US
`O328599.
`International Search Report; PCT/US 03/28599.
`U.S. Appl. No. 60/165546 and 60/165547.
`Korean Patent Abstract; Publication No. 10200000 12391 A.; Mar. 6,
`2000.
`. Appl. No. 10/156.271; dated Aug. 23, 2004.
`Office Action; U.
`. Appl. No. 10/156.271; dated Feb. 11, 2005.
`Office Action; U.
`. Appl. No. 10/156.271; dated Jun. 24, 2005.
`Office Action; U.
`. Appl. No. 10/156.271; dated Dec. 20, 2006.
`Office Action; U.
`. Appl. No. 10/156.271; dated Aug. 23, 2007.
`Office Action; U.
`. Appl. No. 10/384,735; dated Aug. 20, 2007.
`Office Action; U.
`. Appl. No. 10/370,149; dated Dec. 28, 2006.
`Office Action; U.
`. Appl. No. 10/660,263; dated Jan. 24, 2005.
`Office Action; U.
`. Appl. No. 10/660,263; dated Jul. 20, 2005.
`Office Action; U.
`. Appl. No. 10/660,263; dated Feb. 10, 2006.
`Office Action; U.
`. Appl. No. 10/660,263; dated Jul. 31, 2006.
`Office Action; U.
`. Appl. No. 10/660,263; dated May 18, 2007.
`Office Action; U.
`. Appl. No. 10/838,719; dated Oct. 24, 2005.
`Office Action; U.
`. Appl. No. 10/838,719; dated Apr. 7, 2006.
`Office Action; U.
`Office Action; U.S. Appl. No. 10/838,719; dated Nov. 7, 2006.
`Office Action; U.S. Appl. No. 10/838,719; dated Jul 26, 2007.
`Office Action dated Jan. 22, 2009 in U.S. Appl. No. 10/156.271.
`Office Action dated Mar. 9, 2009 in U.S. Appl. No. 10/370,149.
`Office Action dated Nov. 17, 2008 in U.S. Appl. No. 10/660,263.
`Office Action dated May 13, 2009 in U.S. Appl. No. 10/838,719.
`Office Action dated Jul. 14, 2008 in U.S. Appl. No. 10/838,719.
`Office Action dated Feb. 6, 2009 in U.S. Appl. No. 10/838,719.
`Office Action dated Sep. 12, 2008 in Patent Application No.
`2003228574 AU.
`Office Action dated Dec. 24, 2008 Patent Application No. 2004
`80039.1796 CN.
`Office Action dated Apr. 18, 2007 Patent Application No. 2006
`O3488-8 SG.
`Office Action dated Feb. 10, 2009 Patent Application No. 2003
`586704;JPO.
`Office Action dated Nov. 10, 2009 Patent Application No. 2002
`7014247; KR.
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 4 of 41
`
`“Chambers'; Retrieved Nov. 3, 2008, 1pg. from http://www.
`credoreference.com/entry/1196447/.
`Exhibit BB-15 to the statutory declaration of Bahram Boutorabi; Jan.
`25, 2001.
`Exhibit BB-16 to the statutory declaration of Bahram Boutorabi; Jan.
`25, 2001.
`Exhibit BB-18 to the statutory declaration of Bahram Boutorabi; Feb.
`7, 2000.
`Exhibit BB-19 to the statutory declaration of Bahram Boutorabi; Apr.
`16, 2002.
`Exhibit BB-20 to the statutory declaration of Bahram Boutorabi;
`May 2, 2002.
`Exhibit BB-21 to the statutory declaration of Bahram Boutorabi;
`May 21, 2002.
`Exhibit BB-22 to the statutory declaration of Bahram Boutorabi; Feb.
`13, 2002.
`Exhibit BB-23 to the statutory declaration of Bahram Boutorabi; Apr.
`7, 2009.
`Exhibit BB-24 to the statutory declaration of Bahram Boutorabi; Oct.
`27, 1999.
`Australian Opposition; "Statement of Grounds of Opposition and
`Particulars Relating to Each Ground'; Oct. 10, 2008; pp. 1-10.
`Exhibit BB-4 to the statutory declaration of Bahram Boutorabi; Jan.
`27, 2009.
`Exhibit BB-5 to the statutory declaration of Bahram Boutorabi; Jan.
`27, 2009.
`Exhibit BB-6 to the statutory declaration of Bahram Boutorabi; Jan.
`27, 2009.
`Exhibit BB-7 to the statutory declaration of Bahram Boutorabi; Jan.
`27, 2009.
`Exhibit BB-8 to the statutory declaration of Bahram Boutorabi; Jan.
`27, 2009.
`Commonwealth of Australia Statutory Declaration of Bahram
`Boutorabi; Apr. 7, 2009.
`Commonwealth of Australia Statutory Declaration of Andrew
`Weller; Apr. 6, 2009.
`Office Action dated Mar. 21, 2008 in U.S. Appl. No. 09/842,313.
`Office Action dated Feb. 12, 2008 in U.S. Appl. No. 10/156.271.
`Office Action dated Sep. 5, 2008 in U.S. Appl. No. 10/660,263.
`Office Action dated Dec. 11, 2007 in U.S. Appl. No. 10/370,149.
`J. Kohl and C. Neuman; "The Kerberos Network Authentication
`Service (V5).” Sep. 1993; pp. 1-10, URL: http://www.ietforg/
`rfc.1510.txt, downloaded on Apr. 29, 2008.
`Search Report from corresponding Singapore Application No.
`200701817-9, mailed Jun. 23, 2008.
`Written Opinion from corresponding Singapore Application 2007/
`01817-9, mailed Jun. 23, 2008.
`Office Action dated Nov. 10, 2008 Patent Application No. 2002
`7014247; KR.
`Mexican Office Action dated May 15, 2009; Application No. PAVA
`2006, OO6158.
`Translation of Mexican Office Action dated May 15, 2009; App No.
`PA/A2006/006158.
`Office Action dated Aug. 28, 2009 in the U.S. Appl. No. 10/660,263.
`Office Action dated Aug. 17, 2009 in the U.S. Appl. No. 10/156.271.
`Office Action dated Jun. 17, 2009 in the U.S. Appl. No. 12/034,606.
`European Extended Search Report; Application No. 09 150401.9-
`1238; Apr. 9, 2009.
`Office Action dated Jun. 5, 2009 in U.S. Appl. No. 09/842,313.
`Office Action dated Jun. 17, 2009 in U.S. Appl. No. 12/034,606.
`Office Action dated Mar. 22, 2010 in U.S. Appl. No. 12/034,606.
`Office Action dated Dec. 7, 2009 in U.S. Appl. No. 09/842,313.
`Office Action dated Jan. 7, 2010 in U.S. Appl. No. 10/838,719.
`Office Action dated Apr. 23, 2010 in Australian App. No.
`2007203383.
`Office Action entitled “Notification of Provisional Rejection”;
`Korean Intellectual Property Office; Korean Patent Application No.
`10-2010-7003526; May 10, 2010.
`Office Action entitled “Notification of Provisional Rejection”;
`Korean Intellectual Property Office; Korean Patent Application No.
`10-2004-7016734; Feb. 26, 2010.
`
`

`

`US 7,827,115 B2
`Page 4
`
`Office Action entitled “Notification of Refusal Ruling'; Korean Intel
`lectual Property Office; May 28, 2009; Application No. 10-2010
`TOO3526.
`Office Action for Australian Patent Application 2007203383; dated
`Feb. 11, 2010.
`Office Action for Japanese Patent Application 2007-51 1334 dated
`Mar. 9, 2010.
`Examination Report of Application No. 09 150 401.9-1238; EPC;
`Feb. 11, 2010.
`Examination Report of Application No. 200701817-9; Apr. 21, 2009;
`Singapore.
`eBay. (Nov. 3, 1999). http://web.archive.org/web/19991 103051532/
`http://www.ebay.com/. Retrieved online Aug. 18, 2004.
`Supplementary European Search Report; DatedMar. 31, 2005; Euro
`pean Patent Apl. No. 03726334.0.
`Prince, “Online Auctions at eBay” (Apr. 1999). Prima Publishing
`Rocklin, CA.
`Novell Debuts New Digitalme in the Net, Oct. 6, 1999, http://www.
`digitalme.com.
`
`Office Action entitled “Notification of Provisional Rejection”;
`Korean Intellectual Property Office; Korean Patent Application No.
`10-2010-7003526; May 10, 2010.
`Office Action entitled “Notification of Provisional Rejection”;
`Korean Intellectual Property Office; Korean Patent Application No.
`10-2004-7016734; Feb. 26, 2010.
`Office Action entitled “Notification of Refusal Ruling'; Korean Intel
`lectual Property Office; May 28, 2009; Application No. 10-2010
`TOO3526.
`Office Action for Australian Patent Application 2007203383; dated
`Feb. 11, 2010.
`Office Action for Japanese Patent Application 2007-51 1334 dated
`Mar. 9, 2010.
`Examination Report of Application No. 09 150 401.9-1238; EPC;
`Feb. 11, 2010.
`Examination Report of Application No. 200701817-9; Apr. 21, 2009;
`Singapore.
`* cited by examiner
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 5 of 41
`
`

`

`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 6 of 41
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 6 of 41
`
`U.S. Patent
`
`Nov.2, 2010
`
`Sheet 1 of 16
`
`US 7,827,115 B2
`
`
`
`
`
`
`
`ulewogJolmnboyUlewiogJOnss|
`
`901
`
`NO
`yOLcOL
`
`S01A0q“cobWUSIDOYUS
`uleuiogJapjoypuegjuaLu||OJUS
`
`
`
`Ayyigesadosaju]
`
`vi
`
`
`
`9eluoepllen
`
`JaAIaS
`
`og,
`
`a}!4Jdla0ay
`
`junosoy
`
`9II4JOP|OH
`
`pigJOJENss|
`
`Ayuep!Ayed
`
`uojeousyyne
`
`
`
`ELBd1Nieg
`
`AemayesIvelJUBWAR-JOUIO}U]
`
`IB
`
`
`
`ydieoayeseqejep
`
`aUNjooPYUY(SW)SdIAES
`
`
`
`
`sel9uoezZUOUNYsenss|
`
`Wa}SASJUSWE}ES
`
`uoljeoueUNy
`
`JeAe¢LSls9ZL
`
`SUOIJESIUNWILUOD9|2|
`
`IOMJON
`
`
`
`JONOSJOAISSwej}shS
`
`
`
`
`velur-6nidsseo0yjUStU|}osUS9ploupie9
`
`aIeEMYOSJONUODOLL
`
`JUBYOO8Z14|
`
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Nov. 2, 2010
`
`Sheet 2 of 16
`
`
`
`115 B2 US 7,827
`
`
`
`?uOdsueu L
`
`UX_L
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 7 of 41
`
`g
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Nov. 2, 2010
`
`Sheet 3 of 16
`
`US 7.827,115 B2
`
`300
`
`ZIP:
`
`
`
`v.
`
`Registration Page
`
`Last 3 Digits of Account Number:
`
`Security information
`Name:
`City .
`State:
`Mother's Maiden Name:
`Last 4 Digits of SSN:
`List of Banks
`Name on Card:
`
`
`
`
`
`
`
`
`
`
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 8 of 41
`
`FIG. 3
`
`

`

`U.S. Patent
`
`827,115 B2
`
`|||||||||||||||
`
`L-EnSSL ||
`
`uo?oesuel L. QueuuÁed
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 9 of 41
`
`

`

`U.S. Patent
`
`Nov. 2, 2010
`
`Sheet 5 of 16
`
`US 7827,115 B2
`
`1. 500
`
`
`
`Merchant XYZ
`
`visA
`
`Total: SXX.XX
`
`Date: DD/MM/YY
`
`Card No.: XXXX XXXX XXXX 9999
`Visa password:
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 10 of 41
`
`F.G. 5
`Payment Transaction
`Cardholder Password Promp
`
`

`

`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 11 of 41
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 11 of 41
`
`U.S. Patent
`
`Nov.2
`
`’
`
`2010
`
`Sheet 6 of 16
`
`US 7
`
`827,115 B2
`
`vel
`
`uj-Bnid
`
`aleMyos
`
`eg
`
`seyAed
`
`
`
`JANISeluoneplien
`
`JOSSe00ld
`
`yuowAed
`
`YIOMION
`
`Bel9UOHeZUOUINYSJenss|
`
`
`
`pueaunjoayynyS¥d9‘SlA
`
`
`
`uojoesues|juowAeg
`
`
`
`Waj}shsJUsWaIeS
`
`crLSUONEOIUNWILWODEI9| OVI
`Jauinbovy all-4
`JOp|OHuoneoluayjne Ayquep!Ayed
`
`
`
`uleulOGgJO1INDOV’UleWIOGJANss|uleulog
`
`
`
`
`yueUuEW|gl—-—-—--S2SoboesA__ake
`NO901rOLzzOLL
`
`~ow~~-_Kt
`
`SONUSuOIUAAWE/\gz-——
`SOYNIOP[OUPIEDAIONpy
`SOMJUBWU||OIUAAJIOA,OZoquo>
`-4O-Jenss|
`~~dia08ycS
`
`8bLJUNOSOW|HLLpigJOJanss|
`~(jeuondo)
`jUaU]O1Upeaoidde
`JaAlasHO
`
`
`
`boyUSU|OIUSAJUSAeB],
`
`8clL
`
`~Kioyeiq
`
`anes-~
`
`JSAIS
`
`Ayyiqesadosaju]
`
`baysapjoypuenAsand¢
`
`
`
`JUSWU|JOIUF
`Jenss|
`
`Japjoypeg
`
`wa}shs
`
`$0Olly
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Nov. 2, 2010
`
`Sheet 7 of 16
`
`US 7827,115 B2
`
`Cardholder
`Client Device
`
`BrOWSer
`2
`
`706
`
`
`
`
`
`
`
`
`
`
`
`
`
`708 PAS
`
`
`
`
`
`1. CH goes to bank
`specific enrollment page
`2, CH presented with
`authentication questions
`3. Answer returned
`(including secret Code)
`7. Enrollment Confirmed
`
`
`
`Enrollment
`Server
`
`He-o-
`6. DB and
`Directory
`updated
`
`4. Answers
`sent for
`validation
`
`702
`
`
`
`5. Result
`
`Validation
`Process
`
`FIG. 7
`Centralized Enrollment Flow
`
`704
`O
`
`Cardholder
`Client Device
`
`722
`
`Merchant Server
`
`702
`
`
`
`BrOWSer
`
`1. SPPA: and
`Check-out (as normal)
`
`
`
`
`
`
`
`
`
`710
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 12 of 41
`
`712
`
`714
`
`
`
`
`
`
`
`ACCeSS
`Server
`
`2. Check to see if
`CH in Directory
`3. PayReq (via browser)
`4. Payres (via browser)
`
`
`
`
`
`
`
`
`
`
`
`Merchant
`Module
`
`720
`
`724
`6. nVoice
`and t
`paymen
`ata
`
`Receipt DB
`
`
`
`
`
`5. Status
`with data
`extracted
`
`
`
`704
`
`FIG. 8
`Centralized Payment Flow
`
`Payment
`System
`
`726
`
`

`

`U.S. Patent
`
`Nov. 2, 2010
`
`Sheet 8 of 16
`
`US 7.827,115 B2
`
`Cardholder
`Client Device
`
`BrOWSer
`
`
`
`904
`
`
`
`
`
`910
`
`Cardholder
`Module
`
`908
`
`PAS
`
`
`
`906
`
`1. CH goes to bank
`specific enrollment page
`2. CH presented with
`authentication questions
`3. Answers returned
`
`6. CH Moduled and
`certificate provided to CH
`
`Enrollment
`Server
`
`4. Answers
`sent for
`Validation
`
`902
`
`
`
`
`
`5. Result
`
`PrOCeSS
`
`FIG. 9
`Distributed Enrollment Flow
`
`Cardholder
`Client Device
`
`Browser
`
`
`
`
`
`
`
`
`
`Cardholder
`Module
`
`
`
`
`
`1. Shoppind and
`Chick EPE3Aal)
`
`2. Check to see if
`CH Module is present
`
`
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 13 of 41
`
`
`
`Server
`
`Receipt DB
`
`
`
`960
`
`952
`
`Merchant Server
`
`950
`
`Merchant
`Module
`
`With data
`extracted
`
`
`
`
`
`954
`7. InVoice
`and
`payment
`ata
`
`Payment
`
`956
`
`FIG 10
`Distributed Payment Flow
`
`

`

`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 14 of 41
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 14 of 41
`
`U.S. Patent
`
`Nov.2, 2010
`
`Sheet 9 of 16
`
`US 7,827,115 B2
`
`——HI|YSNSSI_||YANnssi
`=a|LUGLUARG
`
`uoHepl|eA
`
`
`
`QINPSPWYOYSOIAIOSUOHeoHUSUNYJeAegpueydiup
`
`yIOMISN
`
`JOSS800J¢4
`juswAed
`Jaunboy
`
`9EL
`
`
`
` J9AIES
`
`VOLSIA
`
`}dlasay
`
`oll
`
`CvSL
`
`Vddiup
`
` uj-Bnidually~
`
`ssoo0y/
`
`jo4yUuOD
`
`JEAIOS
`
`Jenss]
`
`ccb
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Nov. 2, 2010
`
`Sheet 10 of 16
`
`US 7.827,115 B2
`
`Start
`Authentication
`PrOCeSS
`
`1100
`
`Cardholder Shops
`at Online Merchant
`
`1110
`
`Verify Cardholder
`Participation in
`PAS
`
`Merchant Sends
`Payment Request
`Message to ACS
`
`1120
`
`1130
`
`1140
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Cryptogram and
`Password Sent to
`ACS
`
`ACS independently
`Generates
`Cryptogram and
`Validates
`PaSSWOrd
`
`ACS Compares
`Cryptograms to
`Validate
`Authenticity of Chip
`Card
`
`1170
`
`1180
`
`1190
`
`1195
`
`
`
`
`
`Check if
`Cardholder Client
`Device includes a
`Chip Card Reader
`
`Payment
`Response
`Message Sent
`
`Cardholder inserts
`Chip Card into
`Card Reader
`
`End
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 15 of 41
`
`1150
`
`Chip Card
`Generates
`Cryptogram
`
`FIG 11
`
`1160
`
`Cardholder Enters
`Password
`
`

`

`U.S. Patent
`
`Nov. 2, 2010
`
`Sheet 11 of 16
`
`US 7827,115 B2
`
`
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 16 of 41
`
`ººº @ | | @ @ | | @) 2- gig,
`
`
`
`?ueM?OS uue|SKS
`
`
`Å? || NE Å EX
`
`JO CIV/c} NICH
`
`

`

`U.S. Patent
`
`Nov. 2, 2010
`
`Sheet 12 of 16
`
`US 7827,115 B2
`
`Chip
`Card
`
`
`
`1540
`
`1510
`
`Cardholder
`Client Device
`
`1520
`
`Issuer
`Server
`
`Initiation
`(4.3.2.1)
`
`VSDC Authentication Request
`(4.2.1.1)
`O
`VSDC Authentication Response
`Exception
`(4.2.1.2)
`
`SELECT
`Command/Response
`
`Application
`Selection VSDC Authentication Response
`(4.3.2.2)
`Exception
`(4.2.1.2)
`
`Application
`GET PROCESSING OPTIONS E. VSDC Authentication Response
`(4.3.2.3)
`Command/Response
`Exception
`(4.2.1.2)
`
`READ RECORD
`Command/Response
`
`GET CHALLENGE
`Command/Response
`
`Read
`Application
`Data
`(4.3.2.4)
`Optional
`Phase
`
`LEGEND
`
`D Optional
`Cardholder --> Conditional
`(4.3.2.5)
`
`Verification
`
`GET DATA
`Command/Response
`
`-
`
`- - - - -
`
`-
`
`-
`
`- - - - -
`
`-
`
`a
`
`- - -
`
`VERIFY
`Command/Response
`
`st
`Ternina
`1' GENERATE AC
`Action
`Analysis
`Command/Response
`(4.3.2.6)
`2"GENERATE AC Completion
`Command/Response
`(4.3.2.7)
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 17 of 41
`
`VSDC Authentication Response
`(4.2.1.2)
`
`FIG. 12A
`Detailed Message Flow for
`Payer Authentication Service
`with Chip Card
`
`

`

`U.S. Patent
`
`Nov. 2, 2010
`
`Sheet 13 of 16
`
`US 7827,115 B2
`
`1540
`
`1202
`
`Chip Card
`
`
`
`
`
`Access Applet
`
`Chip Card Credit
`Debit Application
`
`
`
`
`
`
`
`122
`
`Cardholder Client Device
`
`1518
`
`
`
`io Card Read
`Chip Card Reader
`
`
`
`Payer
`Authentication
`Application
`
`
`
`ACCess Control Server
`
`114
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 18 of 41
`
`F.G. 13
`PAS with Chip Card and
`Universal Access Application
`
`

`

`U.S. Patent
`
`Nov. 2, 2010
`
`Sheet 14 of 16
`
`US 7827,115 B2
`
`Acquirer
`Processing
`Center
`
`2S,
`ACCeSS
`Point
`
`Interchange
`Center
`
`2N.
`ACCeSS
`Point
`
`Issuer
`Processing
`Center
`
`800 -Y
`
`TeleComunications NetWork
`
`FIG. 14
`
`
`
`Authorization
`
`Clearing
`
`Dual Message
`Authorization
`System
`842
`
`Clearing and
`Settlement
`System 844
`
`Single Message
`
`Single Message
`System (SMS)
`846
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 19 of 41
`
`Settlement Service
`
`Interchange Center Systems
`
`FIG. 15
`
`

`

`U.S. Patent
`
`Nov. 2, 2010
`
`Sheet 15 of 16
`
`US 7827,115 B2
`
`
`
`NetWorks
`800
`
`
`
`Common Interface Function
`
`
`
`
`
`Authication System
`
`842
`
`846
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 20 of 41
`
`850
`
`Integrated Payment Systems
`
`FIG. 16
`
`

`

`U.S. Patent
`
`Nov. 2, 2010
`
`Sheet 16 of 16
`
`US 7827,115 B2
`
`
`
`- 900
`
`914
`
`912
`as
`
`F.G. 17A
`
`922
`
`924
`
`926
`
`PROCESSOR(S) |
`
`| MEMORY
`
`FIXED DISK
`
`900
`
`914
`
`REMOVABLE
`DISK
`
`920
`
`Case 6:21-cv-01101-ADA Document 25-4 Filed 04/14/22 Page 21 of 41
`
`904
`
`910
`
`912
`
`930
`
`940
`
`DISPLAY
`
`KEYBOARD
`
`MOUSE
`
`SPEAKERS
`
`NETWORK
`NTERFACE
`
`FIG. 17B
`
`

`

`US 7,827,115 B2
`
`1.
`ONLINE PAYER AUTHENTCATION
`SERVICE
`
`This application claims priority of U.S. provisional patent
`application No. 60/199,727, filed Apr. 24, 2000 entitled “Visa
`Payer Authentication Service Description.” which is hereby
`incorporated by reference.
`
`FIELD OF THE INVENTION
`
`The present invention relates generally to financial trans
`actions, and more specifically to authenticating the identity of
`payers during online transactions.
`
`BACKGROUND OF THE INVENTION
`
`10
`
`15
`
`2
`use of certificates by merchants, cardholders, issuers and
`acquirers. Such use of certificates is known to be quite bur
`densome.
`In view of the foregoing, a system for authenticating the
`identity of the payer in an online transaction would be desir
`able. Such an authenticating system should be relatively easy
`to implement and use, require a minimal investment of
`resources, and provide a high level of interoperability
`between the system's participants.
`
`BRIEF SUMMARY OF THE INVENTION
`
`The present invention is directed towards an online service
`for authenticating the identity of a payer during online trans
`actions. The present invention is relatively easy to implement
`and use, requires a minimal investment of resources to imple
`ment, and provides a high level of interoperability between
`the system's participants. The authentication service of the
`present invention allows a card issuer to verify a cardholder's
`identity using a variety of authentication methods, such as the
`use of passwords. Also, the only system participant requiring
`a certificate is the issuing financial institution. The authenti
`cation service can also provide authentication results to the
`merchant in real time during the checkout process.
`In a first embodiment, the invention is directed toward the
`use of a traditional card, Such as credit cards, debit cards,
`identification cards, etc. One aspect of the first embodiment
`pertains to a method for authenticating the identity of a card
`holder during an online transaction. The method involves
`merchants querying a card issuer managed access control
`server to determine if said cardholder is enrolled in a payment
`authentication service, requesting a password from the card
`holder, Verifying said password, and notifying a merchant of
`the authenticity of the cardholder if the password entered by
`said cardholder is authenticated.
`In a second embodiment, the invention is directed towards
`the use of an integrated circuit card (also known as a Smart
`card or chip card). One aspect of the second embodiment
`pertains to a method for authenticating the chip card being
`used by a customer. This method involves verifying that said
`cardholder client device includes a chip card reader and then
`prompting said cardholder to enter said chip card into the chip
`card reader. After the chip card reader receives the chip card,
`the chip card generates a cryptogram which is then sent to the
`access control server. The access control server then indepen
`dently generates a second cryptogram based upon informa
`tion in the chip card and compares the chip card cryptogram
`to the second cryptogram. If the two independently generated
`cryptograms match, then the authenticity of the card is veri
`fied.
`The service of the present invention presents many advan
`tages. For example, the authentication service lays the foun
`dation for establishing guaranteed payments for merchants
`involved with “card not present transactions. Additionally,
`the authentication service will reduce chargebacks, frauds,
`and exception item processing. These and other features and
`advantages of the present invention will be presented in more
`detail in the following specification of the invention and the
`accompanying figures, which illustrate by way of example
`the principles of the invention.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The invention, together with further advantages thereof,
`may best be understood by reference to the following descrip
`tion taken in conjunction with the accompanying drawings in
`which:
`
`During a payment transaction using a payment card (e.g., a
`credit, debit, or stored value card), it is important to verify a
`cardholder's ownership of an account to avoid a variety of
`problems, such as unauthorized use. Payer authentication is
`the process of Verifying a cardholder's ownership of an
`account. The most common method to authenticate a card
`holder's ownership of an account occurs routinely at a point
`of sale during what is called a “card present transaction. A
`25
`card present transaction involves a merchant's representative
`taking the cardholder's card, Swiping it though a payment
`card terminal to Verify account status and credit line avail
`ability, and then checking to see that the signature on the back
`of the card matches the purchaser's signature. If the merchant
`follows specific guidelines for this type of transaction, the
`merchant will be guaranteed payment for the amount autho
`rized less discount and fees. A service provider such as Visa
`International Service Organization (or service organization)
`may provide these specific guidelines.
`"Card not present transactions, on the other hand, Such as
`those occurring online, through the mail, or over the tele
`phone, involve payments that are not guaranteed to the mer
`chant. No guarantee is provided primarily because the payers
`are not authenticated in Such non face-to-face transactions,
`thereby allowing many risks to accompany the "card not
`present transactions. Such risks involve issues such as
`chargebacks of payment transactions to online merchants,
`fraud for both merchants and cardholders, increased excep
`tion item processing expenses for banks, and an increased
`perception that buying goods and services online is not safe
`and secure, which may keep Some consumers from buying
`online. Specific examples of risks include the unauthorized
`use of stolen account information to purchase goods and
`services online, fabrication of card account numbers to make
`fraudulent online purchases, and extraction of clear text
`account information from network traffic.
`Given the continued expected high growth of electronic
`commerce, it is important to provide methods to authenticate
`p