Conducting transactions with dynamic passwords

Description

BACKGROUND

Companies utilizing e-commerce sites strive to make their sites easier for users to locate and purchase items. To help users locate items, for instance, these sites may categorize products into varying categories of an electronic catalog. In order to ease users' ability to purchase items, meanwhile, these companies may configure their sites to accept many forms of payment. While many of these strategies have increased the effectiveness of these sites, companies continually strive to further enhance user experiences.

BRIEF DESCRIPTION OF THE DRAWINGS

The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The use of the same reference numbers in different figures indicates similar or identical items.

FIG. 1 illustrates an example architecture for conducting transactions using dynamic passwords, such as one-time passwords. This example architecture illustrates a user operating a computing device to access a site of a service provider to engage in a transaction with the provider with use of an illustrative type of dynamic password known as a “one-time password.” For example, the user may attempt purchase an item offered for sale by the service provider by providing an identifier linked with a payment instrument and a one-time password. The service provider, meanwhile, may leverage a transaction processing service that approves or declines the transaction (e.g., the purchase of the item) based on the received identifier and the received one-time password.

FIG. 2 illustrates an example screen rendering of a page served by the service provider of FIG. 1. Here, the example page includes a widget provided by the transaction processing service of FIG. 1. The widget allows the user to enter an identifier linked with a payment instrument and a one-time password for the purpose of requesting to purchase the illustrated item.

FIG. 3 illustrates the example screen rendering of the page from FIG. 2 after the user has entered an identifier and a one-time password into respective text boxes of the widget.

FIG. 4 illustrates the example screen rendering of the page from FIGS. 2 and 3 after the user has selected the “buy” icon from the widget of FIGS. 2 and 3. Here, the transaction processing service has authenticated the provided identifier (using the provided password). Hence, the widget includes content indicating that the order has been approved.

FIG. 5 illustrates an example process that includes the user requesting to engage in a transaction with the service provider of FIG. 1 using a dynamic password, here a one-time password.

DETAILED DESCRIPTION

This disclosure is directed, in part, to allowing a user to engage in a transaction using a password (e.g., a dynamic password) and an identifier linked with a payment instrument. In some instances, the identifier linked with the payment instrument is free from information identifying the payment instrument. Therefore, the user associated with the identifier (and potentially the linked payment instrument) may more freely share the identifier than an actual payment instrument identifier. That is, the user may more freely share the identifier linked to the payment instrument when compared with sharing credit card numbers, bank account numbers, gift card numbers, and the like.

In some instances, the identifier linked with the payment instrument comprises a set of numeric or alphanumeric characters having a secondary meaning to the user (e.g., “Grace's Textbooks”, “Griffin's Toys”, etc.). Many other identifiers may similarly be employed, each of which may be linked to one or more payment instruments, such as a credit card, bank account, gift card, and the like.

To authenticate an identifier linked with a payment instrument, the user may provide a password, such as a dynamic password, that is unique to the identifier. The dynamic password may comprise a one-time password or may comprise another secure password that may be used more than once. A one-time password, for instance, may comprise a password that is valid for a specific amount of time (e.g., sixty seconds) or for a specific number of uses (e.g., one). The one-time password may be uniquely generated based on a random number generating process, a mathematical algorithm, and/or based on any other known or novel methods. While this discussion refers to examples with reference to one-time passwords, other dynamic passwords may, in some instances, be employed more than once. For instance, if a particular dynamic password is time-based and changes every sixty seconds, the one-time password may conceivably be employed more than once during these sixty seconds. However, in these and other instances, a dynamic password may only be used for a single transaction, at which point a new dynamic password may be generated for future transactions made with the corresponding identifier. Again, while the discussion uses a one-time password to describe certain implementations, other implementations may use one or more other forms of dynamic passwords.

The discussion begins with a section entitled “Illustrative Architecture,” which describes one non-limiting environment that may allow users to conduct transactions with one-time passwords. A section entitled “Illustrative User Interfaces” follows. This section depicts and describes illustrative examples of user interfaces (UIs) that may be served to and rendered at the device of the user of FIG. 1. A third and final section, entitled “Illustrative Flow Diagrams,” concludes the discussion and steps through an illustrative process of employing the described techniques.

This brief introduction, including section titles and corresponding summaries, is provided for the reader's convenience and is not intended to limit the scope of the claims, nor the proceeding sections. Furthermore, the techniques described above and below may be implemented in a number of ways and in a number of contexts. One example implementation and context is provided with reference to the following figures, as described below in more detail. However, the following implementation and context is but one of many.

Illustrative Architecture

FIG. 1 illustrates an example architecture 100 that may enable use of dynamic passwords to engage in a transaction with a service provider. In some instances, architecture 100 allows users to engage in such transactions using an identifier that is linked with a payment instrument yet is free from information identifying the payment instrument. In these instances, the dynamic password may be used to authenticate the provided identifier.

Here, the techniques are described in the context of a user 102(1) operating a computing device 104 to access a service provider site 106 over a network 108. For instance, user 102(1) may use device 104 to access site 106 for purposes of engaging in a transaction with the service provider.

Architecture 100 also includes a transaction processing service 110 configured to manage the requested transaction. While service provider site 106 and transaction processing service 110 are illustrated in the current example as separate entities, the service provider and processing service 110 may comprise the same entity or may employ similar or the same functionality in other embodiments. Furthermore, the described techniques themselves may be implemented in a vast number of other environments and architectures.

In architecture 100, site 106 may comprise any sort of site that supports user interaction, including social networking sites, e-commerce sites, informational sites, news and entertainment sites, and so forth. Additionally, the site is representative of proprietary sites that receive requests and provide content over proprietary networks other than the Internet and public web.

Furthermore, while the illustrated example represents user 102(1) accessing service provider site 106, the described techniques may equally apply in instances where user 102(1) interacts with the service provider over the phone, via a kiosk, or in any other manner. It is also noted that the described techniques may apply in other client/server arrangements, as well as in non-client/server arrangements (e.g., locally-stored software applications, set-top boxes, etc.).

Here, user 102(1) accesses content site 106 via network 108. Network 108 may include any one or combination of multiple different types of networks, such as cable networks, the Internet, and wireless networks. User computing device 104, meanwhile, may be implemented as any number of computing devices, including as a personal computer, a laptop computer, a portable digital assistant (PDA), a mobile phone, a set-top box, a game console, a personal media player (PMP), and so forth. User computing device 104 is equipped with one or more processors 112 and memory 114 to store applications and data. An application, such as a browser 116 or other client application, running on device 104 facilitates access to site 106 over network 108.

Site 106 is hosted on one or more servers 118(1), . . . , 118(N) having processing and storage capabilities. In one implementation, the servers might be arranged in a cluster or as a server farm, although other server architectures may also be used to host the site. The site is capable of handling requests from many users and serving, in response, various pages of content that can be rendered at user computing device 104 for viewing by user 102(1). For instance and as illustrated, site 106 may serve a page 120 to computing device 104. Page 120 may comprise any sort of content, such as an item for sale, a user profile, a search page, a discussion forum, and/or any other type of page.

As illustrated, servers 118(1)-(N) may store or otherwise have access to an item catalog 122 comprising one or more items 124(1), . . . , 124(S). An item includes anything that the service provider wishes to offer for purchase, rental, subscription, viewing, informative purposes, or some other form of consumption. In some embodiments the item may be offered for consumption by the service provider hosting site 106. However, in other embodiments service provider site 106 may host items that others are selling using the site 106. An item can include a product, a service, a digital download, a news clip, customer-created content, information, or some other type of sellable or non-sellable unit.

In the illustrated example, page 120 (rendered at device 104) includes content served by service provider site 106, as well as content served by transaction processing service 110. Both sets of content may comprise any sort of content capable of being visually, audibly, or otherwise consumed by user 102(1). In instances where the service provider that hosts site 106 comprises an e-commerce site, the content provided by site 106 may comprise one or more items for consumption by user 102(1). For example, this content may comprise an item for sale, rent, download, viewing, listening, or for any other type of consumption.

The content provided by service 110, meanwhile, may comprise content that enables user 102(1) to enter into a transaction with the service provider hosting site 106. In instances where site 106 comprises an e-commerce site, for example, this content may comprise a widget that allows user 102(1) to enter into a transaction with the service provider to consume or obtain an item provided by site 106. For instance, this widget may allow user 102(1) to purchase an item for sale by service provider site 106 and illustrated on page 120.

To engage in such a transaction, such as the purchase of an illustrated item, user 102(1) may provide an identifier linked with a payment instrument. User 102(1) may also provide a dynamic password for authenticating the identifier. The identifier linked with the payment instrument may actually identify the payment instrument or, alternatively, may be free from information identifying the linked payment instrument. In the former instances, the identifier may comprise a credit card number, a bank account number, a gift card number, and/or any other identifier that is linked with and identifies a payment instrument.

In the latter instances, meanwhile, the identifier may comprise proxy for the linked payment instrument. For instance, the identifier provided by user 102(1) may comprise a transaction phrase token. As described in U.S. Provisional Application No. 60/823,611, filed on Aug. 25, 2006, and U.S. patent application Ser. No. 11/548,111, filed on Oct. 10, 2006, both entitled UTILIZING PHRASE TOKENS IN TRANSACTIONS and both incorporated herein by reference, a transaction phrase token may comprise a set of characters that has a secondary meaning to user 102(1) or to another user associated with the transaction phase token. In addition to comprising a phrase (e.g., “Grace's Textbook”, “Griffin's Toys”, “My Online Spending $”), the transaction phrase token may also take the form of a physical card (e.g., similar in size and shape to a credit card). Whatever its form, the transaction phrase token may link to a payment instrument, such as a bank account or a credit card. For example, a transaction phrase token associated with user 102(1) may link with a payment instrument (e.g., a credit card) of user 102(1) or some other person or entity. Therefore, user 102(1) (and potentially one or more other users) may employ this transaction phrase token as a payment method for future purchases.

Furthermore, transaction phrase tokens may be associated with certain rules that dictate when and how a user may employ a transaction phrase token for purchases. Similarly, the user that controls the transaction phrase token (e.g., the person associated with the underlying payment instrument, such as the credit card holder) may differ from a user of the token. For instance, a mother may create a token for her daughter (“Grace”) entitled “Grace's Textbooks”. Once the mother creates or approves creation of the token, Grace may then specify this token as a payment method. By identifying this token as a payment method, the daughter thus identifies the mother (i.e., the person associated with the linked payment instrument) as the payer for these purchases. When initiating the transaction, in some embodiments it is not required that the phrase token user authenticates. Rather, the transaction can be initiated and then, if needed, subsequent authorization (e.g. by authenticating the user that controls the token) can be performed.

Similar to the discussion above, this transaction phrase token may be associated with predefined rules. For instance, the mother may create a rule that pre-approves purchases of certain categories of items, such as textbooks. The mother may also employ other rules, such as dollar amounts, time limits, and the like. In these instances, when the daughter uses the token as a payment method, the transaction processing service 110 may compare the parameters of the requested purchase with the rules associated with the token. The service may then complete or cancel the requested purchase according to the token's rules. Conversely or additionally, service 110 may notify the user that controls use of the token (here, the mother) to request that he or she approve or deny the requested purchase. The user that controls the use of the token may, in some cases, be requested to authenticate themselves in some way, such as through a username and password in order to approve the transaction of the token user.

Because transaction phrase tokens may merely comprise a string of characters that is free from information identifying a linked payment instrument, such tokens may be more freely shared than when compared with other types of payment instrument identifiers, such as credit card numbers, bank account numbers, and the like. However, due to the more lenient nature of transaction phrase tokens, transaction processing service 110 may take special care to ensure that a user that employs the token to conduct a transaction actually has authority to do so. For instance, imagine that user 102(1) is associated with and controls a transaction phrase token. When user 102(1) requests to conduct a transaction, transaction processing service 110 may ensure that user 102(1) actually has authority to conduct transactions with the provided transaction phrase token.

To ensure that user 102(1) has authority to employ a particular identifier, in some embodiments, user 102(1) may be asked to provide a dynamic password (e.g., a one-time password in this example) in addition to providing the identifier. Transaction processing service 110 may then compare this provided one-time password with a derived, stored or accessible one-time password associated with the provided identifier. If these one-time passwords match, then service 110 may approve the transaction. If, however, these passwords do not match, then service 110 may decline the transaction or may implement further authorization steps. While the discussion describes the matching or comparing of the passwords, it is to be appreciated that these terms include comparing the passwords themselves or otherwise determining if the received password is the same as the accessible password. For instance, service 110 may compare hash functions of the password(s), encryption versions of the password, and the like.

In order to authenticate an identifier, such as a transaction phrase token, with use of a dynamic password such as a one-time password, both user 102(1) and transaction processing service 110 may need to know the currently-valid dynamic password associated with the identifier. As described in detail below, service 110 may derive, store or otherwise have access to this currently-valid password as it changes with time or with various events. User 102(1), meanwhile, may determine this currently-valid one-time password in a number of ways. Again, while the following discussion i

For instance, user 102(1) may have access to a one-time password (OTP) token 126 configured to generate one or more one-time passwords (OTPs) 128(1), . . . , (P) associated with a particular identifier (e.g., a credit card number, a transaction phrase token, etc.). While the current example describes one-time passwords, other implementations may use one or more other forms of dynamic passwords. In any event, one such token generator embodied as a hardware device is the SecurID® token developed by RSA of Bedford, Mass. However, it should be understood that such tokens may be software based as well. Indeed, the token could also comprise a book of pre-generated one-time passwords as discussed below. Each of one-time passwords 128(1)-(P) may comprise a pseudo-random identifier, such as a string of numeric or alphanumeric characters.

Token 126, meanwhile, may comprise any sort of device or article capable of providing a one-time password. Furthermore, token 126 may be a time-based and/or a sequence-based token. A time-based token changes a one-time password after the passage of a predetermined amount of time (e.g., fifteen seconds, one minute, one hour, etc.). A sequence-based token, meanwhile, changes a password after a predetermined event, such as the user choosing to change the password or the use of the password.

As illustrated, token 126 may take many forms. For instance, token 126 may comprise a key fob 130, a personal digital assistant (PDA) 132, a mobile phone 134, or even a book 136, just to name a few. Using the example of key fob 130, this token may function to periodically generate a one-time password after the passage of a predetermined time interval. PDA 132 and mobile phone 134 may include software to do the same. That is, service 110 and/or user 102(1) may install software on PDA 132 or mobile phone 134 for the purpose of generating unique one-time passwords associated with a particular identifier. Book 136, meanwhile, may simply contain a listing of one-time passwords to be used in sequence by user 102(1). While a few illustrative tokens have been discussed, it is to be appreciated that token 126 may take many other forms.

As opposed to gaining access to one-time passwords 128(1)-(P) via token 126, user 102(1) may receive these passwords in other ways. For instance, user 102(1) may receive a one-time password from transaction processing service 110, on demand or otherwise. That is, when user 102(1) wishes to conduct a transaction with, for example, service provider site 106, user 102(1) may request a one-time password from service 110. To do so, user 102(1) may send a short message service (SMS) text message, send an email message, call or otherwise communicate with service 110. This or a subsequent communication may provide another password or personal identification number (PIN) to authenticate the user with service 110. In response, service 110 may provide one of the one-time passwords 128(1)-(P) to user 102(1). For instance, service 110 may send the one-time password to user 102(1) via an SMS text message, an email message, a phone call, physical delivery and/or via any other delivery method.

Once user 102(1) receives a one-time password (via service 110, token 126, or otherwise), user 102(1) may provide an identifier linked with a payment instrument and the one-time password to service 110 for the purpose of conducting a transaction with site 106. At this point, service 110 may attempt to authenticate the identifier by comparing the received one-time password with a one-time password associated with the received identifier and stored or accessible by service 110.

In the illustrated example, service 110 is hosted by one or more servers 138(1), . . . , (M). Servers 138(1)-(M) comprise one or more processors 140 as well as memory 142. Memory 142 may store or otherwise have access to an identifier database 144, an identifier issuer 146, a one-time password (OTP) issuer 148, a transaction authorization engine 150, and a one-time password (OTP) database 152.

Identifier database 144 stores or has access to one or more identifiers 154(1), . . . , (R), each of which may be linked with one or more payment instruments. Furthermore, each of identifiers 154(1)-(R) may or may not be free of information identifying the respective linked payment instrument(s). For instance, these identifiers may include credit card numbers, bank account numbers, transaction phrase tokens, and the like. Identifier issuer 146, meanwhile, may issue some these identifiers to users, such as user 102(1). For instance, issuer 146 may issue transaction phrase tokens to one or more users. In the current example, identifier database 144 stores an identifier corresponding to an identifier associated with user 102(1).

One-time password (OTP) issuer 148, meanwhile, may function to issue one-time passwords to users, such as user 102(1). For instance, issuer 148 may issue these passwords via SMS text messages, email messages, a phone call, or the like.

One-time password (OTP) database 152 stores one or more one-time passwords 156(1), . . . , (Q), regardless of whether OTP issuer 148 provided the password directly or not. Each of passwords 156(1)-(6) corresponds to a particular identifier. Therefore, both a user authorized to conduct a transaction with a particular identifier and transaction processing service 110 know the currently-valid one-time password for the particular identifier.

To illustrate, FIG. 1 depicts a table 158 storing associations between identifiers 160, users 162 of the identifiers, and current one-time passwords 164 of the identifiers. For instance, table 158 shows that an identifier associated with user 102(1) comprises a transaction phrase token entitled “Griffin's Toys”. As discussed above, this token may be linked with a payment instrument (e.g., a credit card, bank account, etc), although the token does not actually identify the payment instrument.

Furthermore, table 158 illustrates several identifiers that do identify the linked payment instrument, such as “Visa® 45658” (identifying some or all of this fictional credit card's number) and “Gift Card 1234” (again, identifying some or all of this fictional gift card's number. Finally, table 158 illustrates currently-valid one-time passwords 164 corresponding to respective identifiers 160. For instance, the identifier “Griffin's Toys” (corresponding to user 102(1)) is shown to have a current password of “249586”. While this example employs a pseudo-random number for a password, other passwords may take other forms. Furthermore, when this one-time password “249586” expires (e.g., due to use of the password or due to the passage of time), then a new one-time password may be associated with the identifier “Griffin's Toys”.

With the information illustrated in table 158, transaction authorization engine 150 is able to receive an identifier and a one-time password from a user and, in response, compare the received password with a stored and currently-valid one-time password for the received identifier. In some instances, service 110 may approve a requested transaction if these passwords match. Furthermore, service 110 may decline or implement additional authorization mechanisms in response to determining that the passwords do not match.

Illustrative User Interfaces

FIGS. 2-4 illustrate example user interfaces (UIs) that may be used to allow a user to conduct a transaction using an identifier linked with a payment instrument and a one-time password. However, these UIs are merely illustrative and the techniques described above and below may be employed using other UIs, without UIs, or a combination thereof.

FIG. 2 illustrates an example screen rendering of a page 200 served by service provider site 106 as well as transaction processing service 110 of FIG. 1. As illustrated, page 200 may be served to device 104 from FIG. 1. Here, page 200 comprises an item detail page associated with an item and, hence, includes details about the illustrated item for sale. As discussed below, an “item detail page” may include details such as price, product rating, product description, and the like. It is further noted that page 200 includes content 202, served by the service provider, as well as a widget 204, whose content is served by transaction processing service 110. Here, widget 204 allows the user to enter an identifier linked with a payment instrument and a one-time password for the purpose of engaging in a transaction with service provider site 106. For instance, widget 204 may allow the user to request to purchase the illustrated camera from the service provider.

Content 202 includes an illustration of an “ABC 6.2 Mega Pixel Digital Camera” for sale by the service provider. While content 202 illustrates a physical good in the form of a camera, content 202 could similarly illustrate one or more alternative or additional items for sale or consumption. Again, an item can include a product, a service, a digital download, a news clip, customer-created content, information, or some other type of sellable or non-sellable unit. Content 202 further includes details about the camera. The illustrated details about the camera include a rating, a price, availability, a description, specifications and customer reviews. Of course, the illustrated details are included for context only and other implementations may employ more or less information than the illustrated implementation.

Widget 204, meanwhile, includes text boxes 206 and 208 and an icon 210 entitled “Buy”. Text box 206 allows a user, such as user 102(1), to enter an identifier linked with a payment instrument. Text box 208, meanwhile, allows user 102(1) to enter a dynamic password, such as a one-time password in the current example. Once user 102(1) has entered an identifier and a one-time password into the corresponding text boxes, user 102(1) may then select icon 210 (e.g., with a cursor 212) to request to purchase the illustrated camera from the service provider. In the illustrated example, this request and the corresponding identifier and password are submitted to transaction processing service 110 in response to selection of icon 210. While FIG. 2 depicts text boxes 206 and 208 as separate text boxes, other implementations may use a single text in which a user may enter both an identifier and a password, such as a dynamic password.

FIG. 2 also illustrates that user 102(1) has a one-time password token in the form of key fob 130 from FIG. 1. In this example, key fob 130 continually generates a unique one-time password after passage of a predetermined amount of time, such sixty seconds. At the illustrated moment in time, key fob 130 displays a one-time password 214 of “249586”. Note that transaction processing service 110 or another entity may have previously provided key fob 130 to user 102(1). In both instances, transaction processing service 110 is able to derive whether the one-time password is valid, using mathematical algorithms or by storing or otherwise having access to the one-time passwords associated with the identifier(s) of user 102(1). As such, at the illustrated moment in time, service 110 may also know that the currently-valid one-time password for “Griffin's Toys” (the identifier associated with user 102(1) in the current example) is indeed password 214 (249586).

FIG. 3 illustrates page 200 after user 102(1) has entered the identifier 302 (“Griffin's Toys”) into text box 206. User 102(1) has also entered one-time password (249586) into text box 208. Finally, FIG. 3 also illustrates that user 102(1) then selects icon 210 to request to purchase the illustrated camera. At this point, the request to purchase the camera is sent to service 110, potentially along with the entered identifier and password, as well as details about the requested purchase. Upon receipt of the request, transaction processing service 110 may in some instances determine whether rules associated with the entered identifier (here, a transaction phrase token) allow the requested transaction.

Furthermore, upon receipt of the identifier and the one-time password, service 110 may access a currently-valid one-time password associated with the received identifier. Service 110 (and, more particularly, transaction authorization engine 150) may determine whether the password is valid by, for example, comparing received password 214 against the password stored or accessible by service 110, among other methods. If these passwords are valid, then service 110 may approve the requested transactions. If these passwords are not valid, then service 110 may deny the transactions, take additional authorization steps, and/or may take another course of alternative action.

FIG. 4 illustrates page 200 after the request to purchase the camera has been sent to transaction processing service 110 and after service 110 has compared received one-time password 214 to the one-time password stored or accessible by the service. As illustrated, widget 204 displays an indication 402 that the requested purchase has been approved. As such, service 110 may have determined that the passwords did indeed match and, in some instances, that rules associated with the received transaction phrase token did indeed allow for the purchase. Here, widget 204 also depicts some illustrative but non-limiting order details.

Finally, FIG. 4 illustrates that, due to the passage of time, key fob 130 now displays a new one-time password 404 (“545663”) associated with identifier 302 (“Griffin's Toys”). Therefore, if user 102(1) were to wish to purchase another item or engage in another transaction using identifier 302 at the illustrated moment in time, according to some embodiments, user 102(1) can use new password 404.

Illustrative Flow Diagrams

FIG. 5 illustrates an example process 500 that includes the user requesting to engage in a transaction with the service provider of FIG. 1 using a dynamic password such as a one-time password. Again, while the process is described with reference to a one-time password, this process is equally applicable to one or more other forms of dynamic passwords. While process 500 is described with reference to architecture 100, the described techniques may be equally applicable in many other architectures and environments. Furthermore, the described process can be implemented in hardware, software, or a combination thereof. In the context of software, the illustrated operations represent computer-executable instructions that, when executed by one or more processors, perform the recited operations. Generally, computer-executable instructions include routines, programs, objects, components, data structures, and the like that perform particular functions or implement particular abstract data types. The order in which the operations are described is not intended to be construed as a limitation, and any number of the described blocks can be combined in any order and/or in parallel to implement the process.

Process 500 includes operation 502, which represents user 102(1) operating computing device 104 to navigate to service provider site 106. While FIG. 5 illustrates the described techniques in the context of client-server navigation, it is again noted that the described techniques may be equally applicable in other contexts. Next, operation 504 represents user 102(1) entering an identifier linked with a payment instrument (e.g., a credit card number, a bank account number, a transaction phrase token) and a one-time password into a widget or other tool provided by transaction processing service 110. Continuing the example from above, user 102(1) here requests to purchase the illustrated camera.

The identifier that user 102(1) enters into the widget or tool may or may not identify the linked payment instrument. User 102(1) may receive or know of the proper one-time password, meanwhile, through any of the methods discussed above or otherwise. For instance, user 102(1) may have a one-time password (OTP) token or may have received the one-time password from service 110 or another entity.

At operation 506, user 102(1) elects to purchase the item, at which point device 104 (and/or an application stored thereon, such as browser 116) sends the entered identifier and one-time password to transaction processing service 110. Upon receiving the request, as well as the identifier and password, service 110 compares (at operation 508) the received one-time password with a one-time password stored at or accessible by service 110.

If the one-time passwords do not match, then service 110 may deny the requested transaction at operation 510. Alternatively, the service may implement other authorization procedures. If, however, the passwords do indeed match one another, then service 110 may approve the requested transaction at operation 512. Responsive to the approval and processing of the transaction, the service provider hosting site 106 may provide user 102(1) with the purchased item, here the illustrated camera.

Conclusion

Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described. Rather, the specific features and acts are disclosed as exemplary forms of implementing the claims.

Claims

1. A transaction processing system, the system comprising: one or more first processors;first memory configured to be in communication with the one or more processors; andfirst computer-executable instructions that, when executed on the one or more processors, perform acts to process a transaction for an item, the acts comprising: serving, to a computing device comprising one or more second processors, a second memory, a presentation device, and second computer-executable instructions, content for presentation on a page rendered on the presentation device, wherein the page includes the item, and wherein the content includes at least one text box for entering an identifier and a first dynamic password, the first dynamic password comprising a time-based dynamic password that changes after a passage of a predetermined amount of time or a sequence-based dynamic password that changes after a predetermined event;receiving, over a network from the computing device and by the transaction processing system; first data comprising a request to conduct the transaction for the item; andsecond data comprising the first dynamic password and the identifier, wherein the identifier: (i) is associated with a payment instrument; (ii) is free from information identifying the payment instrument; and (iii) is associated with one or more predefined rules specifying an item category or a transaction amount that is allowed in response to employing the identifier to conduct the transaction, and wherein the second data is received based at least in part on the identifier and the first dynamic password having been entered into the at least one text box;accessing a second dynamic password accessible by the transaction processing system;accessing the one or more predefined rules associated with the identifier;based at least partly on the second dynamic password and the one or more predefined rules, triggering the one or more first processors to perform one of: approving the transaction based at least partly on: the first dynamic password matching the second dynamic password, andat least one of an amount of the transaction being at or below the transaction amount specified by a first predefined rule of the one or more predefined rules or an item category of the item matching the item category specified by a second predefined rule of the one or more predefined rules;declining the transaction based at least in part on at least one of the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the first predefined rule of the one or more predefined rules, or the item category of the item not matching the item category specified by the second predefined rule of the one or more predefined rules; orimplementing one or more other authorization procedures based at least in part on at least one of the first dynamic password not matching the second dynamic password, the amount of the transaction being above the transaction amount specified by the first predefined rule of the one or more predefined rules, or the item category of the item not matching the item category specified by the second predefined rule of the one or more predefined rules.
2. A system as recited in claim 1, wherein: the one or more predefined rules comprise a third predefined rule specifying an allowable vendor in response to employing the identifier to conduct the transaction based on the request to purchase conduct the transaction for the item; andapproving the transaction is further based on an actual vendor associated with the transaction matching the allowable vendor specified by the third predefined rule.
3. A system as recited in claim 1, wherein: the one or more predefined rules comprise a third predefined rule specifying a threshold reputation score that is indicative of a number of previous acceptances of transactions from a transaction requestor; andapproving the transaction is further based on a reputation score associated with a user who submitted the request to conduct the transaction being at or above the threshold reputation score specified by the third predefined rule.
4. A system as recited in claim 1, wherein: the one or more predefined rules comprise a third predefined rule specifying an allowable type of reconciliation activity in response to employing the identifier to conduct the transaction, the allowable type of reconciliation activity comprising one of debiting a transaction account associated with the identifier or crediting a transaction account associated with the identifier; andapproving the transaction is further based on a type of reconciliation activity associated with the transaction matching the allowable type of reconciliation activity specified by the third predefined rule.
5. A system as recited in claim 1, wherein the content comprises a widget, wherein the at least one text box includes a first text box and a second text box, and wherein the second data is received in response to a user entering the identifier into the first text box of the widget and the first dynamic password into the second text box of the widget.
6. A method for processing a transaction comprising: serving, to a computing device and by a transaction processing service, content for presentation on a page rendered on a display of the computing device, wherein the page includes an item, and wherein the content includes at least one text box for entering an identifier and a dynamic password, the dynamic password comprising a time-based dynamic password that changes after a passage of a predetermined amount of time or a sequence-based dynamic password that changes after a predetermined eventreceiving, from the computing device and by the transaction processing service, first data comprising a request to purchase the item;receiving, by the transaction processing service, second data comprising the dynamic password and the identifier, wherein the second data is received based at least in part on the identifier and the dynamic password having been entered into the at least one text box, and wherein the identifier: associated with a payment instrument;free from information identifying the payment instrument; andassociated with a predefined rule specifying an allowable vendor in response to employing the identifier to conduct the transaction based on the request to purchase the item;accessing the predefined rule associated with the identifier;based at least partly on the dynamic password, the identifier, and an actual vendor associated with the transaction, performing one of: processing, by the transaction processing service, the request to purchase the item;declining, by the transaction processing service, the request to purchase the item; orimplementing, by the transaction processing service, one or more other authorization procedures.
7. A method as recited in claim 6, wherein: the predefined rule is a first predefined rule;the identifier is associated with a second predefined rule specifying a threshold reputation score that is indicative of a number of previous acceptances of transactions from a transaction requestor;the method further comprises accessing the second predefined rule associated with the identifier; andprocessing the request to purchase the item is further based on a reputation score associated with a user who submitted the request to purchase the item being at or above the threshold reputation score specified by the second predefined rule.
8. A method as recited in claim 6, wherein: the predefined rule is a first predefined rule;the identifier is associated with a second predefined rule specifying an allowable type of reconciliation activity in response to employing the identifier to conduct the transaction, the allowable type of reconciliation activity comprising one of debiting a transaction account associated with the identifier or crediting a transaction account associated with the identifier;the method further comprises accessing the second predefined rule associated with the identifier; andprocessing the request to purchase the item is further based on a type of reconciliation activity associated with the transaction matching the allowable type of reconciliation activity specified by the second predefined rule.
9. A method as recited in claim 6, wherein the content comprises a widget, wherein the at least one text box includes a first text box and a second text box, and wherein the second data is received in response to a user entering the identifier into the first text box of the widget and the dynamic password into the second text box of the widget.
10. A method as recited in claim 6, wherein processing the request to purchase the item based on the dynamic password comprises determining that the dynamic password is valid using a mathematical algorithm.
11. A method as recited in claim 6, wherein: the predefined rule is a first predefined rule;the identifier is associated with a second predefined rule specifying a transaction amount that is allowed in response to employing the identifier to conduct the transaction;the method further comprises accessing the second predefined rule associated with the identifier; andprocessing the request to purchase the item is further based on an amount of the transaction being at or below the transaction amount specified by the second predefined rule.
12. A method as recited in claim 6, wherein: the predefined rule is a first predefined rule;the identifier is associated with a second predefined rule specifying an item category that is allowed in response to employing the identifier to conduct the transaction;the method further comprises accessing the second predefined rule associated with the identifier; andprocessing the request to purchase the item is further based on a category of the item matching the item category specified by the second predefined rule.
13. A method as recited in claim 6, wherein the request to purchase the item is received from a user, the method further comprising providing a key fob to the user before the receiving of the second data, the key fob being configured to generate and display the dynamic password.
14. A method comprising: serving, to a computing device and by a transaction processing service, content for presentation on a page rendered on a display of the computing device, wherein the content includes at least one text box for entering a dynamic password associated with an identifier, the dynamic password comprising a time-based dynamic password that changes after a passage of a predetermined amount of time or a sequence-based dynamic password that changes after a predetermined event;receiving, from the computing device and by the transaction processing service, first data associated with a request to conduct a transaction, wherein the request comprises the identifier that is: associated with a payment instrument;free from information identifying the payment instrument andassociated with a predefined rule specifying an allowable vendor in response to employing the identifier to conduct the transaction;receiving second data associated with the dynamic password, wherein the second data is received based at least in part on the dynamic password having been entered into the at least one text box;accessing the predefined rule associated with the identifier; andprocessing, by the transaction processing service, the transaction based at least in part on the identifier, an actual vendor associated with the transaction satisfying the predefined rule, and the dynamic password.
15. A method as recited in claim 14, wherein the content comprises a widget, wherein the at least one text box includes a first text box and a second text box, wherein the first data is received in response to a user entering the identifier into the first text box of the widget, and wherein the second data is received in response to the user entering the dynamic password into the second text box of the widget.
16. A method as recited in claim 14, wherein processing the transaction based on the dynamic password comprises determining that the dynamic password is valid using a mathematical algorithm.
17. A method as recited in claim 14, wherein the request to conduct the transaction is received from a user, the method further comprising providing a key fob to the user before the receiving of the second data, the key fob being configured to generate and display the dynamic password.
18. A method as recited in claim 14, wherein: the predefined rule is a first predefined rule;the identifier is associated with a second predefined rule specifying a threshold reputation score that is indicative of a number of previous acceptances of transactions from a transaction requestor;the method further comprises accessing the second predefined rule associated with the identifier; andprocessing the transaction is further based on a reputation score associated with a user who submitted the request to conduct the transaction being at or above the threshold reputation score specified by the second predefined rule.
19. A method as recited in claim 14, wherein: the predefined rule is a first predefined rule;the identifier is associated with a second predefined rule specifying an allowable type of reconciliation activity in response to employing the identifier to conduct the transaction, the allowable type of reconciliation activity comprising one of debiting a transaction account associated with the identifier or crediting a transaction account associated with the identifier;the method further comprises accessing the second predefined rule associated with the identifier; andprocessing the transaction is further based on a type of reconciliation activity associated with the transaction matching the allowable type of reconciliation activity specified by the second predefined rule.
20. A method as recited in claim 14, wherein: the predefined rule is a first predefined rule;the identifier is associated with a second predefined rule specifying an item category that is allowed in response to employing the identifier to conduct the transaction for an item;the method further comprises accessing the second predefined rule associated with the identifier; andprocessing the transaction is further based on a category of the item matching the item category specified by the second predefined rule.

CROSS REFERENCE TO RELATED APPLICATION

This application is a continuation of co-pending, commonly owned U.S. patent application Ser. No. 12/165,081, filed Jun. 30, 2008, entitled “CONDUCTING TRANSACTIONS WITH DYNAMIC PASSWORDS,” the entirety of which is herein incorporated by reference.

US Referenced Citations (211)

Number	Name	Date	Kind
5890137	Koreeda	Mar 1999	A
5953710	Fleming	Sep 1999	A
6332131	Grandcolas et al.	Dec 2001	B1
6360254	Linden et al.	Mar 2002	B1
6484182	Dunphy et al.	Nov 2002	B1
6636242	Bowman-Amuah	Oct 2003	B2
6658568	Ginter et al.	Dec 2003	B1
6661431	Stuart et al.	Dec 2003	B1
6707888	Cope	Mar 2004	B1
6796010	Noelle	Sep 2004	B2
6853987	Cook	Feb 2005	B1
6868395	Szlam et al.	Mar 2005	B1
6961858	Fransdonk	Nov 2005	B2
6980960	Hajdukiewicz et al.	Dec 2005	B2
6988657	Singer et al.	Jan 2006	B1
7020635	Hamilton et al.	Mar 2006	B2
7058718	Fontes et al.	Jun 2006	B2
7062572	Hampton	Jun 2006	B1
7073129	Robarts et al.	Jul 2006	B1
7080049	Truitt et al.	Jul 2006	B2
7089497	Abbott et al.	Aug 2006	B2
7090128	Farley et al.	Aug 2006	B2
7107226	Cassidy et al.	Sep 2006	B1
7107462	Fransdonk	Sep 2006	B2
7117165	Adams et al.	Oct 2006	B1
7136841	Cook	Nov 2006	B2
7150045	Koelle et al.	Dec 2006	B2
7185010	Morinville	Feb 2007	B2
7225146	Tenorio	May 2007	B2
7225156	Fisher et al.	May 2007	B2
7319986	Praisner et al.	Jan 2008	B2
7324968	Rotman et al.	Jan 2008	B2
7379921	Kiliccote	May 2008	B1
7383231	Gupta et al.	Jun 2008	B2
7434723	White et al.	Oct 2008	B1
7478331	Abbott et al.	Jan 2009	B2
7496849	Abbott et al.	Feb 2009	B2
7552365	Marsh et al.	Jun 2009	B1
7580699	Shaw et al.	Aug 2009	B1
7587502	Crawford et al.	Sep 2009	B2
7594605	Aaron et al.	Sep 2009	B2
7676407	Van De Van et al.	Mar 2010	B2
7685013	Gendler	Mar 2010	B2
7711586	Aggarwal et al.	May 2010	B2
7729994	Gupta et al.	Jun 2010	B2
7748614	Brown	Jul 2010	B2
7809819	DeLima et al.	Oct 2010	B2
7827101	Mascavage, III	Nov 2010	B2
7917160	Choe et al.	Mar 2011	B2
8027918	Nielsen et al.	Sep 2011	B2
8046256	Chien et al.	Oct 2011	B2
8150768	Gupta et al.	Apr 2012	B2
8175921	Kopra	May 2012	B1
8195576	Grigg et al.	Jun 2012	B1
8249988	Teicher	Aug 2012	B2
8271395	Dominguez et al.	Sep 2012	B2
8389140	Yu et al.	Mar 2013	B2
8636206	Rothwell et al.	Jan 2014	B2
8706631	Gupta	Apr 2014	B2
8768838	Hoffman	Jul 2014	B1
8788945	Jesensky et al.	Jul 2014	B1
9059643	Haddad	Jun 2015	B2
9123069	Haynes et al.	Sep 2015	B1
9449319	Agarwal et al.	Sep 2016	B1
9576288	Jesensky et al.	Feb 2017	B1
20010034724	Thieme	Oct 2001	A1
20010044756	Watkins et al.	Nov 2001	A1
20020007351	Hillegass et al.	Jan 2002	A1
20020032605	Lee	Mar 2002	A1
20020046169	Keresman, III et al.	Apr 2002	A1
20020046191	Joao	Apr 2002	A1
20020087477	Mantena et al.	Jul 2002	A1
20020103752	Berger et al.	Aug 2002	A1
20020112171	Ginter et al.	Aug 2002	A1
20020120567	Caplan et al.	Aug 2002	A1
20020138366	Skantze	Sep 2002	A1
20020174030	Praisner et al.	Nov 2002	A1
20020175517	Anderson	Nov 2002	A1
20020194138	Dominguez et al.	Dec 2002	A1
20030004831	Owens	Jan 2003	A1
20030046172	Himmel et al.	Mar 2003	A1
20030061170	Uzo	Mar 2003	A1
20030083983	Fisher et al.	May 2003	A1
20030105682	Dicker et al.	Jun 2003	A1
20030126018	LaMotta et al.	Jul 2003	A1
20030126094	Fisher et al.	Jul 2003	A1
20030135625	Fontes et al.	Jul 2003	A1
20030139971	Rescigno et al.	Jul 2003	A1
20030173407	Raadsen	Sep 2003	A1
20030177361	Wheeler et al.	Sep 2003	A1
20030220875	Lam et al.	Nov 2003	A1
20040111370	Saylors et al.	Jun 2004	A1
20040128211	Tsai	Jul 2004	A1
20040139004	Cohen et al.	Jul 2004	A1
20040143547	Mersky	Jul 2004	A1
20040198308	Hurst et al.	Oct 2004	A1
20040225606	Nguyen et al.	Nov 2004	A1
20040267672	Gray et al.	Dec 2004	A1
20050027639	Wong	Feb 2005	A1
20050097037	Tibor	May 2005	A1
20050108153	Thomas et al.	May 2005	A1
20050114666	Sudia	May 2005	A1
20050125317	Winkelman, III et al.	Jun 2005	A1
20050149439	Suisa	Jul 2005	A1
20050154744	Morinville	Jul 2005	A1
20050166265	Satomi	Jul 2005	A1
20050167489	Barton et al.	Aug 2005	A1
20050198534	Matta	Sep 2005	A1
20050240493	Johnson et al.	Oct 2005	A1
20050251447	Lane	Nov 2005	A1
20050278222	Nortrup	Dec 2005	A1
20050278263	Hollander et al.	Dec 2005	A1
20060015458	Teicher	Jan 2006	A1
20060015463	Gupta et al.	Jan 2006	A1
20060069654	Beach et al.	Mar 2006	A1
20060080238	Nielsen et al.	Apr 2006	A1
20060111967	Forbes	May 2006	A1
20060136309	Horn et al.	Jun 2006	A1
20060212392	Brown	Sep 2006	A1
20060212393	Lindsay Brown	Sep 2006	A1
20060213983	Walker et al.	Sep 2006	A1
20060219776	Finn	Oct 2006	A1
20060248452	Lambert et al.	Nov 2006	A1
20060265489	Moore	Nov 2006	A1
20060271476	Thompson	Nov 2006	A1
20060277474	Robarts et al.	Dec 2006	A1
20070005495	Kim	Jan 2007	A1
20070073630	Greene et al.	Mar 2007	A1
20070078760	Conaty et al.	Apr 2007	A1
20070083433	Lawe	Apr 2007	A1
20070106606	Pankratz et al.	May 2007	A1
20070150299	Flory	Jun 2007	A1
20070157110	Gandhi et al.	Jul 2007	A1
20070158413	Hastie	Jul 2007	A1
20070179790	Leitch et al.	Aug 2007	A1
20070192245	Fisher et al.	Aug 2007	A1
20070198432	Pitroda et al.	Aug 2007	A1
20070226084	Cowles	Sep 2007	A1
20070233579	Saarinen et al.	Oct 2007	A1
20070283273	Woods	Dec 2007	A1
20070288364	Gendler	Dec 2007	A1
20070288370	Konja	Dec 2007	A1
20070299736	Perrochon et al.	Dec 2007	A1
20080015927	Ramirez	Jan 2008	A1
20080033878	Krikorian et al.	Feb 2008	A1
20080052226	Agarwal et al.	Feb 2008	A1
20080052343	Wood	Feb 2008	A1
20080097933	Awaida et al.	Apr 2008	A1
20080114709	Dixon et al.	May 2008	A1
20080134043	Georgis et al.	Jun 2008	A1
20080140524	Anand et al.	Jun 2008	A1
20080140564	Tal et al.	Jun 2008	A1
20080147506	Ling	Jun 2008	A1
20080168543	von Krogh	Jul 2008	A1
20080168544	von Krogh	Jul 2008	A1
20080172270	Eckenroth	Jul 2008	A1
20080177663	Gupta et al.	Jul 2008	A1
20080183574	Nash et al.	Jul 2008	A1
20080183757	Dorogusker et al.	Jul 2008	A1
20080189186	Choi et al.	Aug 2008	A1
20080195506	Koretz et al.	Aug 2008	A1
20080201643	Nagaitis et al.	Aug 2008	A1
20080208747	Papismedov et al.	Aug 2008	A1
20080221987	Sundaresan et al.	Sep 2008	A1
20080270293	Fortune et al.	Oct 2008	A1
20080275777	Protheroe et al.	Nov 2008	A1
20080320147	DeLima et al.	Dec 2008	A1
20090006995	Error et al.	Jan 2009	A1
20090024469	Broder et al.	Jan 2009	A1
20090037294	Malhotra	Feb 2009	A1
20090037333	Flitcroft	Feb 2009	A1
20090132969	Mayer	May 2009	A1
20090138379	Scheman	May 2009	A1
20090164442	Shani et al.	Jun 2009	A1
20090172551	Kane et al.	Jul 2009	A1
20090241015	Bender et al.	Sep 2009	A1
20090248467	Bulman et al.	Oct 2009	A1
20090259559	Carroll et al.	Oct 2009	A1
20090259574	Thomsen et al.	Oct 2009	A1
20090307134	Gupta et al.	Dec 2009	A1
20100049766	Sweeney et al.	Feb 2010	A1
20100095216	Morse et al.	Apr 2010	A1
20100121734	Harper et al.	May 2010	A1
20100138297	Fitzgerald et al.	Jun 2010	A1
20100197380	Shackleton	Aug 2010	A1
20100293048	Singolda et al.	Nov 2010	A1
20100299731	Atkinson	Nov 2010	A1
20100306078	Hwang	Dec 2010	A1
20110035289	King et al.	Feb 2011	A1
20110060629	Yoder et al.	Mar 2011	A1
20110117935	Cho et al.	May 2011	A1
20120316992	Oborne	Dec 2012	A1
20130074168	Hao et al.	Mar 2013	A1
20130124364	Mittal	May 2013	A1
20130136242	Ross et al.	May 2013	A1
20130151417	Gupta	Jun 2013	A1
20130198084	Agarwal et al.	Aug 2013	A1
20130268437	Desai et al.	Oct 2013	A1
20130290203	Purves et al.	Oct 2013	A1
20140019352	Shrivastava	Jan 2014	A1
20140082071	Rexer	Mar 2014	A1
20140089113	Desai et al.	Mar 2014	A1
20140180909	Gillett et al.	Jun 2014	A1
20140281853	Bender et al.	Sep 2014	A1
20140297533	Mittal	Oct 2014	A1
20150006426	Sobhani et al.	Jan 2015	A1
20150026062	Paulsen et al.	Jan 2015	A1
20150278901	Windemuth et al.	Oct 2015	A1
20150302398	Desai et al.	Oct 2015	A1
20160036801	Caldwell	Feb 2016	A1
20160071087	Mittal	Mar 2016	A1

Foreign Referenced Citations (2)

Number	Date	Country
2829647	Mar 2003	FR
2829647	Mar 2003	FR

Non-Patent Literature Citations (38)

Entry
Schneier, Bruce. MySpace Passwords Aren't So Dumb (Dec. 14, 2006). Retrieved online Apr. 22, 2019. https://www.wired.com/2006/12/myspace-passwords-arent-so-dumb-2/ (Year: 2006).
U.S. Appl. No. 11/771,679, filed Jun. 29, 2007, Maynard-Zhang, et al., “Mapping Attributes to Network Addresses.”
Apache HBase, Chapter 8 Architecture, retrieved from <<http://hbase.apache.org/book.html#architecture>>, available as early as Nov. 30, 2011, Apache Software Foundation, 8 pages.
Chang et al, “Bigtable: A Distributed Storage System for Structured Data,” 7th USENIX Symposium on Operating Systems Design and Implementation, OSDI '06, Nov. 2006, 14 pages.
Fielding et al, “Hypertext Transfer Protocol—HTTP/1.1”, Network Working Group, W3C/MIT, Jun. 1999, http://tools.ietf.org/pdf/rfc2616.pdf, 114 pages.
Final Office Action for U.S. Appl. No. 12/165,102, dated Nov. 8, 2013, James Jesensky, “Automatic Approval”, 37 pages.
Howstuffworks, “What is a packet?”, http″//web.archive.org/web/20060708154355/http://computer.howstuffworks.com/question525.htm, last retrieved Sep. 1, 2011, 2 pages.
Kessler, “Passwords—Strengths and Weaknesses”, retrived at <<http://www.garykessler.net/library/password.html>>, 1996, pp. 1-pp. 7.
Office action for U.S. Appl. No. 12/165,102, dated Apr. 1, 2011, Jesensky, James, “Automatic Approval”.
Office action for U.S. Appl. No. 12/165,081, dated Oct. 17, 2012, Agarwal et al., “Conducting Transactions with Dynamic Passwords”, 25 pages.
Final Office Action for U.S. Appl. No. 12/035,618, dated Oct. 22, 2012, Michal Bryc et al., “Automated Targeting of Content Components”, 39 pages.
Office action for U.S. Appl. No. 12/165,102, dated Nov. 9, 2012, Jesensky et al., “Automatic Approval”, 36 pages.
Final Office Action for U.S. Appl. No. 12/165,081, dated Nov. 14, 2014, Amit Agarwal, “Conducting Transactions with Dynamic Passwords”, 8 pages.
Office action for U.S. Appl. No. 12/165,081 dated Nov. 18, 2015, Agarwal et al., “Conducting Transactions with Dynamic Passwords”, 18 pages.
Office Action for U.S. Appl. No. 12/165,081, dated Nov. 20, 2013, Amit Agarwal, “Conducting Transactions with Dynamic Passwords”, 25 pages.
Final Office Action for U.S. Appl. No. 12/147,876, dated May 6, 2011, Isaac Oates et al., “Providing Information Without Authentication”, 11 pages.
Office action for U.S. Appl. No. 12/544,940, dated Mar. 24, 2016, Williams et al., “Providing Localized Delivery Information Without Authentication”, 10 pages.
Non-Final Office Action for U.S. Appl. No. 12/165,102, dated Mar. 8, 2012, James Jesensky et al., “Automatic Approval”, 31 pages.
Office action for U.S. Appl. No. 12/147,876, dated Apr. 15, 2016, Oates et al., “Providing Information Without Authentication”, 18 pages.
Non-Final Office Action for U.S. Appl. No. 12/035,618, dated Apr. 14, 2012, Michal Bryc et al., “Automated Targeting of Content Components”, 31 pages.
Office action for U.S. Appl. No. 12/165,102, dated May 17, 2013, Jesensky et al, “Automatic Approval”, 42 pages.
Final Office Action for U.S. Appl. No. 12/544,940, dated May 19, 2015, Matthew T. Williams, “Providing Localized Delivery Information Without Authentication”, 16 pages.
Office action for U.S. Appl. No. 14/336,258, dated May 19, 2016, Jesensky et al., “Automatic Approval”, 32 pages.
Non-Final Office Action for U.S. Appl. No. 12/147,876, dated May 6, 2011, Isaac Oates, “Providing Information Without Authentication”.
Office Action for U.S. Appl. No. 12/544,940, dated Jun. 11, 2014, Matthew T. Williams, “Providing Localized Delivery Information Without Authentication”, 15 pages.
Non-Final Office Action for U.S. Appl. No. 12/165,081, dated Jun. 4, 2012, Amit Agarwal et al., “Conducting Transactions with Dynamic Passwords”, 23 pages.
Office action for U.S. Appl. No. 12/165,081, dated Jul. 25, 2014, Agarwal et al., “Conducting Transactions with Dynamic Passwords”, 8 pages.
Non-Final Office Action for U.S. Appl. No. 12/165,102, dated Jul. 3, 2012, Jesensky James et al., “Automatic Approval”, 30 pages.
Final Office Action for U.S. Appl. No. 12/035,618, dated Aug. 2, 2011, Michal Bryc, “Automated Targeting of Content Components”.
Final Office Action for U.S. Appl. No. 12/165,102, dated Sep. 13, 2011, James Jesensky, “Automatic Approval”, 31 pages.
Office action for U.S. Appl. No. 12/147,876, dated Sep. 24, 2015, Oates et al., “Providing Information Without Authentication”, 19 pages.
“PayPal Security Key”, retrieved on Jun. 19, 2008 at <<https://www.paypal.com/securitykey>>, PayPal (2 pages).
Quova, retrieved on May 29, 2009 at <<http://www.quova.com/>>, Quova Inc., USA, 5 pgs.
Wikipedia, HTTP cookie, “http://web.archive.org/web/20080227064831/http://en.wikipedia.org/wiki/HTTP_cookie”, last retrieved Sep. 1, 2011, 18 pages.
Wikipedia, MSISDN, http://web/archive.org/web/20071029015418/http://en.wikipeida.org/wiki/MSISDN, last retrieved Sep. 1, 2011, 3 pages.
Office action for U.S. Appl. No. 12/544,940, dated Oct. 6, 2016, Williams et al., “Providing Localized Delivery Information Without Authentication”, 7 pages.
“Geography and the net. Putting it in its place”, The Economist, retrieved from http://www.economist.com/node/729808 on May 21, 2017, Aug. 9, 2001, 6 pages.
“Out of town games coming to Internet: Live feeds of hometown teams will be blacked out to preserver television rights”, The Record, Mar. 12, 2003, 2 pages.

Continuations (1)

	Number	Date	Country
Parent	12165081	Jun 2008	US
Child	15231511		US

Conducting transactions with dynamic passwords

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

US

International Classifications

Term Extension