1
METHOD AND APPARATUS FOR ENABLING
A USER TO SELECT AN AUTHENTICATION
METHOD
RELATED APPLICATIONS 5
This patent application claims priority to, and the benefit of, the U.S. provisional patent application entitled "AUTHENTICATION METHOD DETERMINATION" filed on Jan. 3, 2001 as U.S. Ser. No. 60/259,506, which is 1° hereby incorporated by reference.
FIELD OF INVENTION
The present invention generally relates to facilitating the 15 determination of an authentication method for accessing a restricted service related to transactions via a network, and more particularly, to a system and method for enabling a user to select a minimum security level of authentication for accessing a restricted service in connection with a secure 20 transaction via a network.
BACKGROUND OF THE INVENTION
Various methods of authentication of a user have been used 25 in the past to identify a user, verify information, or allow access to a restricted service or location. For example, obtaining access to a building or an area within a building may require biometric identification of the user. Another example is accessing on-line services which may require a user iden- 30 tifier/identification and password to access a webpage. As used herein, a user typically includes a consumer (e.g., desiring to purchase and/or sell a product, service or other item of commerce). A user may also be a merchant, a distributor, a supplier, a seller, and/or any person or entity desiring to gain 35 access to a restricted service or location.
A number of channels for purchases are available, including entering a merchant location, shop-at-home television networks, call-in responses to television advertisements, and the like. Moreover, many consumers have discovered the 40 convenience and economy of purchasing goods and services directly on-line electronically (commonly called "e-purchases"). In a typical Internet transaction, a consumer generally identifies goods and/or services for purchase by viewing an online advertisement such as a hypertext markup language 45 (HTML) document provided via a World Wide Web (WWW) browser. Payment typically occurs in various ways such as, for example, by utilizing a charge card number that is provided via a secure channel such as a secure sockets layer (SSL) connection that is established between the consumer 50 and the merchant.
Because of the high incidence of fraud in Internet transactions, most charge card issuers consider network transactions to be "Card Not Present" transactions subject to a higher discount rate. Stated another way, because of the increased 55 risk from "Card Not Present" transactions, most charge card issuers charge the merchant a higher rate for accepting card numbers via electronic means than would be charged if the card were physically presented to the merchant. To improve the security deficiencies inherent in transporting charge card 60 numbers over unsecure networks, many have suggested the use of "smart cards". Smartcards typically include an integrated circuit chip having a microprocessor and memory for storing data directly on the card. The data can correspond to a cryptographic key, for example, or to an electronic purse that 65 maintains an electronic value of currency. Many smart card schemes for internet transactions have been suggested in the
2
prior art, but these typically exhibit a marked disadvantage in that they are non-standard and typically require the merchants to obtain new, proprietary software for their Web storefronts to accept the smart card transactions. Moreover, the administration costs involved with assigning and maintaining the cryptographic information associated with smart cards have generally been excessive to date. Additional information relating to smart card and smart card reader payment technology is disclosed in U.S. patent application Ser. No. 09/952, 490 filed on Sep. 12, 2001; U.S. patent application Ser. No. 60/232,040, filed on Sep. 12, 2000; and U.S. Pat. Nos. 5,742, 845; 5,898,838; and 5,905,908, owned by Datascape; which are hereby incorporated by reference.
Existing digital wallet technology is used to provide a means for users to utilize transaction card products (e.g., credit, charge, debit, and smart cards, account numbers, and the like) to pay for products and services on-line. More details related to digital wallets and smart card technology can be found in U.S. patent application Ser. No. 09/653,837 entitled "Transaction Card" which was filed on Sept. 1, 2000; U.S. patent application Ser. No. 09/652,899 entitled "Method and Apparatus For Conducting Electronic Transactions" filed on Aug. 31, 2000; and U.S. patent application Ser. No. 09/734, 098 entitled "Method and Apparatus For Illuminating a Transaction Card" filed Dec. 11,2000, all of which are herein incorporated by reference. In general, digital wallets are tools which store personal information (name, address, charge card number, credit card number, etc.) in order to facilitate electronic commerce or other network interactions. The personal information can be stored on a general server or at a client location (Personal Computer (PC) or Smartcard) or on a hybrid of both a general server and a client server. Presently, the digital wallet general server is typically comprised of a Web server and a database server which centrally houses the user's personal and credit card information, shopping preferences and profiles of on-line merchants.
A digital wallet preferably performs functions such as single sign on/one password, automatic form filling of check out pages, one or two click purchasing, personalization of web sites, on-line order and delivery tracking, itemized electronic receipts, and customized offers and promotions based upon spending patterns and opt-ins. More particularly, a oneclick purchase activates the wallet and confirms the purchase at the same time. A two-click check out first activates the wallet, then the second click confirms the purchase. In use, the wallet bookmark is typically clicked by the user and an SSL session is established with the Wallet server. A browser plug-in is executed and the user supplies a user identification and password or smart card for authentication in order to gain access to the wallet data. When shopping at an on-line merchant, the appropriate wallet data is transferred from the wallet server to the merchant's Web server.
For more information on digital wallet systems, loyalty systems, transaction systems, electronic commerce systems, see, for example, the Shop AMEXTM system as disclosed in U.S. patent application Ser. No. 60/230,190 filed Sep. 5, 2000; the MR as CurrencyTM and Loyalty Rewards Systems as disclosed in U.S. patent application Ser. No. 09/834,478 filed on Apr. 13, 2001; U.S. patent application Ser. No. 60/197,296 filed on Apr. 14, 2000; U.S. patent application Ser. No. 60/200,492 filed Apr. 28, 2000; U.S. patent application Ser. No. 60/201,114 filed May 2, 2000; a digital wallet system disclosed in U.S. patent application Ser. No. 09/652, 899 filed Aug. 31, 2000; a stored value card as disclosed in U.S. patent application Ser. No. 09/241,188 filed on Feb. 1, 1999; a system for facilitating transactions using secondary transaction numbers disclosed in U.S. patent application Ser.
|
