Various methods of authentication of a user have been used in the past to identify a user, verify information, or allow access to a restricted service or location. For example, obtaining access to a building or an area within a building may require biometric identification of the user. Another example is accessing on-line services which may require a user identifier/identification and password to access a webpage. As used herein, a user typically includes a consumer (e.g., desiring to purchase and/or sell a product, service or other item of commerce). A user may also be a merchant, a distributor, a supplier, a seller, and/or any person or entity desiring to gain access to a restricted service or location.
A number of channels for purchases are available, including entering a merchant location, shop-at-home television networks, call-in responses to television advertisements, and the like. Moreover, many consumers have discovered the convenience and economy of purchasing goods and services directly on-line electronically (commonly called “e-purchases”). In a typical Internet transaction, a consumer generally identifies goods and/or services for purchase by viewing an online advertisement such as a hypertext markup language (HTML) document provided via a World Wide Web (WWW) browser. Payment typically occurs in various ways such as, for example, by utilizing a charge card number that is provided via a secure channel such as a secure sockets layer (SSL) connection that is established between the consumer and the merchant.
Because of the high incidence of fraud in Internet transactions, most charge card issuers consider network transactions to be “Card Not Present” transactions subject to a higher discount rate. Stated another way, because of the increased risk from “Card Not Present” transactions, most Charge card issuers charge the merchant a higher rate for accepting card numbers via electronic means than would be charged if the card were physically presented to the merchant. To improve the security deficiencies inherent in transporting charge card numbers over unsecure networks, many have suggested the use of “smart cards”. Smartcards typically include an integrated circuit chip having a microprocessor and memory for storing data directly on the card. The data can correspond to a cryptographic key, for example, or to an electronic purse that maintains an electronic value of currency. Many smart card schemes for internet transactions have been suggested in the prior art, but these typically exhibit a marked disadvantage in that they are non-standard and typically require the merchants to obtain new, proprietary software for their Web storefronts to accept the smart card transactions. Moreover, the administration costs involved with assigning and maintaining the cryptographic information associated with smart cards have generally been excessive to date. Additional information relating to smart card and smart card reader payment technology is disclosed in U.S. patent application Ser. No. 09/952,490 filed on Sep. 12, 2001; U.S. Patent Application Ser. No. 60/232,040, filed on Sep. 12, 2000; and U.S. Pat. Nos. 5,742,845; 5,898,838; and 5,905,908, owned by Datascape; which are hereby incorporated by reference.
Existing digital wallet technology is used to provide a means for users to utilize transaction card products (e.g., credit, charge, debit, and smart cards, account numbers, and the like) to pay for products and services on-line. More details related to digital wallets and smart card technology can be found in U.S. patent application Ser. No. 09/653,837 entitled “Transaction Card” which was filed on Sep. 1, 2000; U.S. patent application Ser. No. 09/652,899 entitled “Method and Apparatus For Conducting Electronic Transactions” filed on Aug. 31, 2000; and U.S. patent application Ser. No. 09/734,098 entitled “Method and Apparatus For Illuminating a Transaction Card” filed Dec. 11, 2000, all of which are herein incorporated by reference. In general, digital wallets are tools which store personal information (name, address, charge card number, credit card number, etc.) in order to facilitate electronic commerce or other network interactions. The personal information can be stored on a general server or at a client location (Personal Computer (PC) or Smartcard) or on a hybrid of both a general server and a client server. Presently, the digital wallet general server is typically comprised of a Web server and a database server which centrally houses the user's personal and credit card information, shopping preferences and profiles of on-line merchants.
A digital wallet preferably performs functions such as single sign on/one password, automatic form tilling of check out pages, one or two click purchasing, personalization of web sites, on-line order and delivery tracking, itemized electronic receipts, and customized offers and promotions based upon spending patterns and opt-ins. More particularly, a one-click purchase activates the wallet and confirms the purchase at the same time. A two-click check out first activates the wallet, then the second click confirms the purchase. In use, the wallet bookmark is typically clicked by the user and an SSL session is established with the Wallet server. A browser plug-in is executed and the user supplies a user identification and password or smart card for authentication in order to gain access to the wallet data. When shopping at an on-line merchant, the appropriate wallet data is transferred from the wallet server to the merchant's Web server.
For more information on digital wallet systems, loyalty systems, transaction systems, electronic commerce systems, see, for example, the Shop AMEX™ system as disclosed in U.S. Patent Application Ser. No. 60/230,190 filed Sep. 5, 2000; the MR as Currency™ and Loyalty Rewards Systems as disclosed in U.S. patent application Ser. No. 09/834,478 filed on Apr. 13, 2001; U.S. Patent Application Ser. No. 60/197,296 filed on Apr. 14, 2000; U.S. Patent Application Ser. No. 60/200,492 filed Apr. 28, 2000; U.S. Patent Application Ser. No. 60/201,114 filed May 2, 2000; a digital wallet system disclosed in U.S. patent application Ser. No. 09/652,899 filed Aug. 31, 2000; a stored value card as disclosed in U.S. patent application Ser. No. 09/241,188 filed on Feb. 1, 1999; a system for facilitating transactions using secondary transaction numbers disclosed in U.S. patent application Ser. No. 09/800,461 filed on Mar. 7, 2001; U.S. Patent Application Ser. No. 60/187,620 filed Mar. 7, 2000; U.S. Patent Application Ser. No. 60/200,625 filed Apr. 28, 2000; and U.S. Patent Application Ser. No. 60/213,323 filed May 22, 2000; all of which are herein incorporated by reference. Other examples of an online membership reward systems are disclosed in U.S. Pat. No. 5,774,870, issued on Jun. 30, 1998, and U.S. Pat. No. 6,009,412, issued on Dec. 29, 1999, both of which are hereby incorporated by reference.
Existing systems, however, are limited to pre-defined security features and procedures and generally require that a merchant initiate changes to accommodate each different smart card or wallet. Thus, a new system of accessing a restricted service (e.g., conducting electronic transactions) is desired which would allow the user to select the method of authentication and provide improved security with minimal overhead for users and merchants. Moreover, it is desirable that such a new system integrate well with various smart cards and Internet web pages and other services provided by various card issuers and merchants.