PAYMENT PROCESSING SYSTEM SECURE HEALTHCARE DATA TRAFFICKING

US 20100057621A1
Filed: 06/29/2009
Published: 03/04/2010
Est. Priority Date: 06/30/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising a plurality of steps each being performed by a computing apparatus executing software, wherein the steps include:

receiving, from an address of an acquirer, acquirer encrypted data for a transaction upon an account for a purchase of an item from a merchant, wherein the acquirer encrypted data;

was formed by encrypting unencrypted data from the transaction using an acquirer zone key corresponding to the acquirer;

includes information sufficient to identify both;

an account holder to whom the account was issued by the issuer; and

the item of the purchase;

anddoes not include information sufficient to identify the acquirer zone key;

decrypting the acquirer encrypted data for the transaction using the acquirer zone key to form the unencrypted data from the transaction;

encrypting the unencrypted data for the transaction using a vault key to form vault encrypted data for the transaction;

storing the vault encrypted data for the transaction;

receiving, from an address of the issuer, a transaction detail request corresponding to the transaction;

decrypting, using the vault key, in response to receiving the transaction detail request, the vault encrypted data for the transaction to form the unencrypted data from the transaction;

encrypting the unencrypted data for the transaction using an issuer zone key corresponding to the issuer to form issuer encrypted data for the transaction;

andsending, for delivery to the address of the issuer, the issuer encrypted data for the transaction that;

includes information sufficient to identify both;

the account holder; and

the item of the purchase;

anddoes not include information sufficient to identify the issuer zone key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Healthcare purchase data from a transaction upon a patient'"'"'s account may be required to be transported and stored for safeguarding patient confidentiality if sufficient to identify the patient and the purchase. To avoid non-compliance, a transaction hander (TH) receives the data from a merchant'"'"'s acquirer as encrypted by a key known to both the acquirer and TH. After decrypting the data with that key, the TH re-encrypts it with a key known only to the TH, and then stored. After receiving an issuer'"'"'s request for the data, the TH decrypts the data using its own key, re-encrypts it using a key known only to the TH and the issuer, and then sends it to the issuer who will decrypt the data using that key. The unencrypted data may be used by the issuer to demonstrate the issuer'"'"'s regulatory compliance to a governmental entity.

Citations

20 Claims

1. A method comprising a plurality of steps each being performed by a computing apparatus executing software, wherein the steps include:
- receiving, from an address of an acquirer, acquirer encrypted data for a transaction upon an account for a purchase of an item from a merchant, wherein the acquirer encrypted data;
  
  was formed by encrypting unencrypted data from the transaction using an acquirer zone key corresponding to the acquirer;
  
  includes information sufficient to identify both;
  
  an account holder to whom the account was issued by the issuer; and
  
  the item of the purchase;
  
  anddoes not include information sufficient to identify the acquirer zone key;
  
  decrypting the acquirer encrypted data for the transaction using the acquirer zone key to form the unencrypted data from the transaction;
  
  encrypting the unencrypted data for the transaction using a vault key to form vault encrypted data for the transaction;
  
  storing the vault encrypted data for the transaction;
  
  receiving, from an address of the issuer, a transaction detail request corresponding to the transaction;
  
  decrypting, using the vault key, in response to receiving the transaction detail request, the vault encrypted data for the transaction to form the unencrypted data from the transaction;
  
  encrypting the unencrypted data for the transaction using an issuer zone key corresponding to the issuer to form issuer encrypted data for the transaction;
  
  andsending, for delivery to the address of the issuer, the issuer encrypted data for the transaction that;
  
  includes information sufficient to identify both;
  
  the account holder; and
  
  the item of the purchase;
  
  anddoes not include information sufficient to identify the issuer zone key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as defined in claim 1, wherein the steps further comprise:
    - receiving, from the address of the an acquirer, an authorization request for the transaction upon the account for the purchase of the item from the merchant, wherein;
      
      the account was issued to the account holder by the issuer;
      
      the authorization request includes an identifier for the account and a total currency amount for the purchase; and
      
      the authorization request does not include information sufficient to identify both;
      
      the account holder; and
      
      the item of the purchase;
      
      sending, for delivery to the address of the issuer, the authorization request;
      
      receiving, from the address of the issuer, in response to the authorization request, an authorization response containing an authorization of the transaction upon the account for the purchase of the item; and
      
      sending, for delivery to the address of the acquirer, the authorization response.
  - 3. The method as defined in claim 1, wherein the steps further comprise storing the unencrypted data for the transaction in a data repository vault with the vault encrypted data for the transaction.
  - 4. The method as defined in claim 1, wherein the account holder is a person.
  - 5. The method as defined in claim 4, wherein the item is selected from the group consisting of:
    - a good provided to the person incident to a provision of a healthcare service to the person;
      
      a service provided to the person incident to a provision of a healthcare service to the person;
      
      a healthcare related good;
      
      a healthcare related service; and
      
      a combination of the foregoing.
  - 6. The method as defined in claim 1, wherein each said step is performed by the computing apparatus at an address corresponding to a transaction handler.
  - 7. The method as defined in claim 1, wherein the account holder is a participant in a transaction processing system in which a transaction handler processes each of a plurality of said transactions, each said transaction being characterized by one said merchant and one said account holder engaging in the transaction upon one said account that one said issuer issued to the one said account holder, wherein the one said merchant submits the transaction to one said acquirer for processing by the transaction handler who requests the one said issuer to obtain payment for the transaction from the account of the one said account holder, and wherein the one said issuer forwards the payment to the transaction handler who forwards the payment to the one said acquirer to pay the one said merchant for the transaction.
  - 8. The method as defined in claim 1, wherein, after the step of sending the authorization response, the steps further comprise:
    - receiving, from the address of the acquirer, information for the transaction that;
      
      is not sufficient to identify both;
      
      the account holder; and
      
      the item of the purchase;
      
      is sufficient for clearing and settling the transaction purchase;
      
      andsending, for delivery to the address of the issuer, the information for the transaction.

9. A method comprising a plurality of steps each being performed by a computing apparatus executing software, wherein the steps include:
- receiving, from an address of an acquirer, an authorization request for a transaction upon an account for a purchase of an item from a merchant, wherein;
  
  the account was issued to an account holder by an issuer;
  
  the authorization request includes an identifier for the account and a total currency amount for the purchase; and
  
  the authorization request does not include information sufficient to identify both;
  
  the account holder; and
  
  the item of the purchase;
  
  sending, to an address of the issuer, the authorization request;
  
  receiving, from the address of the issuer, in response to the authorization request, an authorization response containing an authorization of the transaction upon the account for the purchase of the item;
  
  sending, for delivery to the address of the acquirer, the authorization response;
  
  receiving, from the address of the merchant, merchant data for the transaction that contain a merchant encrypted portion and a merchant unencrypted portion, wherein;
  
  the merchant encrypted portion was formed by encrypting unencrypted data for the transaction using a merchant key corresponding to the merchant, wherein the merchant encrypted data includes information sufficient to identify both;
  
  the account holder; and
  
  the item of the purchase; and
  
  does not include information sufficient to identify the merchant key;
  
  the merchant unencrypted portion contains data for the transaction;
  
  sending, for delivery to the address of the issuer, the merchant unencrypted portion that;
  
  includes information sufficient for clearing and settling the transaction; and
  
  does not include information sufficient to identify both;
  
  the account holder; and
  
  the item of the purchase;
  
  decrypting the merchant encrypted data for the transaction using the merchant key to form the unencrypted data from the transaction;
  
  encrypting the unencrypted data for the transaction using a vault key to form vault encrypted data for the transaction;
  
  storing the vault encrypted data for the transaction in a data repository vault;
  
  receiving, from the address of the issuer, a transaction detail request corresponding to the transaction;
  
  decrypting, using the vault key, in response to receiving the transaction detail request, the vault encrypted data for the transaction to form the unencrypted data from the transaction;
  
  encrypting the unencrypted data for the transaction, using an issuer zone key corresponding to the issuer, to form issuer encrypted data for the transaction;
  
  andsending, for delivery to the address of the issuer, the issuer encrypted data for the transaction that;
  
  includes information sufficient to identify both;
  
  the account holder; and
  
  the item of the purchase;
  
  anddoes not include information sufficient to identify the issuer zone key.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method as defined in claim 9, wherein the steps further comprise storing the unencrypted data in the data repository vault.
  - 11. The method as defined in claim 9, wherein the account holder is a person.
  - 12. The method as defined in claim 11, wherein the item is selected from the group consisting of:
    - a good provided to the person incident to a provision of a healthcare service to the person;
      
      a service provided to the person incident to a provision of a healthcare service to the person;
      
      a healthcare related good;
      
      a healthcare related service; and
      
      a combination of the foregoing.
  - 13. The method as defined in claim 9, wherein the steps further comprise storing the unencrypted data for the transaction.
  - 14. The method as defined in claim 9, wherein each said step is performed by the computing apparatus at an address corresponding to a transaction handler.
  - 15. The method as defined in claim 9, wherein the account holder is a participant in a transaction processing system in which a transaction handler processes each of a plurality of said transactions, each said transaction being characterized by one said merchant and one said account holder engaging in the transaction upon one said account that one said issuer issued to the one said account holder, wherein the one said merchant submits the transaction to one said acquirer for processing by the transaction handler who requests the one said issuer to obtain payment for the transaction from the account of the one said account holder, and wherein the one said issuer forwards the payment to the transaction handler who forwards the payment to the one said acquirer to pay the one said merchant for the transaction.

16. A method comprising a plurality of steps each being performed by a computing apparatus executing software, wherein the steps include:
- receiving, from an address of an acquirer, an authorization request for a transaction upon an account for a purchase of an item from a merchant, wherein;
  
  the account was issued to an account holder by an issuer;
  
  the account holder is a participant in a transaction processing system in which a transaction handler processes each of a plurality of said transactions, each said transaction being characterized by one said merchant and one said account holder engaging in the transaction upon one said account that one said issuer issued to one said account holder, wherein the one said merchant submits the transaction to one said acquirer for processing by the transaction handler who requests the one said issuer to obtain payment for the transaction from the account of the one said account holder, and wherein the one said issuer forwards the payment to the transaction handler who forwards the payment to the one said acquirer to pay the one said merchant for the transaction;
  
  the authorization request includes an identifier for the account and a total currency amount for the purchase; and
  
  the authorization request does not include information sufficient to identify both;
  
  the account holder; and
  
  the item of the purchase;
  
  sending, to an address of the issuer, the authorization request;
  
  receiving, from the address of the issuer, in response to the authorization request, an authorization response containing an authorization of the transaction upon the account for the purchase of the item;
  
  sending, for delivery to the address of the acquirer, the authorization response;
  
  receiving, from the address of the acquirer, information for the transaction that;
  
  is not sufficient to identify both;
  
  the account holder; and
  
  the item of the purchase;
  
  is sufficient for clearing and settling the transaction purchase;
  
  sending, for delivery to the address of the issuer, the information for the transaction;
  
  receiving, from the address of the acquirer, acquirer encrypted data for the transaction that;
  
  was formed by encrypting unencrypted data from the transaction using an acquirer zone key corresponding to the acquirer;
  
  includes information sufficient to identify both;
  
  the account holder; and
  
  the item of the purchase;
  
  anddoes not include information sufficient to identify the acquirer zone key;
  
  decrypting the acquirer encrypted data for the transaction using the acquirer zone key to form the unencrypted data from the transaction;
  
  encrypting the unencrypted data for the transaction using a vault key to form vault encrypted data for the transaction;
  
  storing the vault encrypted data for the transaction;
  
  receiving, from an address of the issuer, a transaction detail request corresponding to the transaction;
  
  decrypting, using the vault key, in response to receiving the transaction detail request, the vault encrypted data for the transaction to form the unencrypted data from the transaction;
  
  encrypting the unencrypted data for the transaction using an issuer zone key corresponding to the issuer to form issuer encrypted data for the transaction;
  
  andsending, for delivery to the address of the issuer, the issuer encrypted data for the transaction that;
  
  includes information sufficient to identify both;
  
  the account holder; and
  
  the item of the purchase;
  
  anddoes not include information sufficient to identify the issuer zone key.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method as defined in claim 16, wherein the steps further comprise storing the unencrypted data in a data repository vault with the vault encrypted data for the transaction.
  - 18. The method as defined in claim 16, wherein the account holder is a person.
  - 19. The method as defined in claim 16, wherein the item is selected from the group consisting of:
    - a good provided to the person incident to a provision of a healthcare service to the person;
      
      a service provided to the person incident to a provision of a healthcare service to the person;
      
      a healthcare related good;
      
      a healthcare related service; and
      
      a combination of the foregoing.
  - 20. The method as defined in claim 16, wherein each said step is performed by the computing apparatus at an address corresponding to a transaction handler.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Weinstein, Russell D., Pruitt, Janet, Faith, Patrick L., Pourfallah, Stacy

Application Number

US12/493,981
Publication Number

US 20100057621A1
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6254   by anonymising data, e.g. d...

G06F 2221/2135   Metering

G06Q 10/10   Office automation; Time man...

G06Q 20/04   Payment circuits

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 40/08   Insurance

PAYMENT PROCESSING SYSTEM SECURE HEALTHCARE DATA TRAFFICKING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PAYMENT PROCESSING SYSTEM SECURE HEALTHCARE DATA TRAFFICKING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links