Abstract: A Chip Authentication Program based on 3-D Secure protocols is provided for authenticating customers' on-line transactions. An issuer, who may be a payment card issuer, operates Access Control and Authentication Request Servers for authenticating transactions by individual customers who are identified by their personal EMV-complaint smart cards. An authentication token is generated at the point of interaction (POI) for each transaction based on information from the customer's smart card and transaction specific information sent directly by the issuer to populate a web page at the POI. Authentication tokens generated at the POI are evaluated by the Authentication Request Server to authenticate individual customer and/or card presence at the transaction POI. Authentication values are transported on-line in designated Universal Cardholder Authentication Fields consistent with 3-D Secure protocols.

Abstract: A formatted data structure is provided for conveying the results of ecommerce authentication programs that are used to authenticate a cardholder's on-line transactions. The data structure, which has at most a 20-byte length, is designed to be compatible with 3-D Secure message protocols used in e-commerce. The data structure includes designated fields that include a hash of the merchant's name, identify an authentication service provider, identify the authentication method used, and include a merchant authentication code which ties cardholder information to the transaction. Secure payment algorithms are provided for use by the e-commerce authentication programs to generate authentication results in the desired format. In one secure payment algorithm, a secret key is used to encrypt a concatenation of a cardholder account number with information from designated fields of the data structure.

Abstract: A Chip Authentication Program based on 3-D Secure protocols is provided for authenticating customers' on-line transactions. An issuer, who may be a payment card issuer, operates Access Control and Authentication Request Servers for authenticating transactions by individual customers who are identified by their personal EMV-complaint smart cards. An authentication token is generated at the point of interaction (POI) for each transaction based on information from the customer's smart card and transaction specific information sent directly by the issuer to populate a web page at the POI. Authentication tokens generated at the POI are evaluated by the Authentication Request Server to authenticate individual customer and/or card presence at the transaction POI. Authentication values are transported on-line in designated Universal Cardholder Authentication Fields consistent with 3-D Secure protocols.

Abstract: A formatted data structure is provided for conveying the results of ecommerce authentication programs that are used to authenticate a cardholder's on-line transactions. The data structure, which has at most a 20-byte length, is designed to be compatible with 3-D Secure message protocols used in e-commerce. The data structure includes designated fields that include a hash of the merchant's name, identify an authentication service provider, identify the authentication method used, and include a merchant authentication code which ties cardholder information to the transaction. Secure payment algorithms are provided for use by the e-commerce authentication programs to generate authentication results in the desired format. In one secure payment algorithm, a secret key is used to encrypt a concatenation of a cardholder account number with information from designated fields of the data structure.