PAYMENT PROCESSING SYSTEM SECURE HEALTHCARE DATA TRAFFICKING
First Claim
1. A method comprising a plurality of steps each being performed by a computing apparatus executing software, wherein the steps include:
- receiving, from an address of an acquirer, acquirer encrypted data for a transaction upon an account for a purchase of an item from a merchant, wherein the acquirer encrypted data;
was formed by encrypting unencrypted data from the transaction using an acquirer zone key corresponding to the acquirer;
includes information sufficient to identify both;
an account holder to whom the account was issued by the issuer; and
the item of the purchase;
anddoes not include information sufficient to identify the acquirer zone key;
decrypting the acquirer encrypted data for the transaction using the acquirer zone key to form the unencrypted data from the transaction;
encrypting the unencrypted data for the transaction using a vault key to form vault encrypted data for the transaction;
storing the vault encrypted data for the transaction;
receiving, from an address of the issuer, a transaction detail request corresponding to the transaction;
decrypting, using the vault key, in response to receiving the transaction detail request, the vault encrypted data for the transaction to form the unencrypted data from the transaction;
encrypting the unencrypted data for the transaction using an issuer zone key corresponding to the issuer to form issuer encrypted data for the transaction;
andsending, for delivery to the address of the issuer, the issuer encrypted data for the transaction that;
includes information sufficient to identify both;
the account holder; and
the item of the purchase;
anddoes not include information sufficient to identify the issuer zone key.
1 Assignment
0 Petitions
Accused Products
Abstract
Healthcare purchase data from a transaction upon a patient'"'"'s account may be required to be transported and stored for safeguarding patient confidentiality if sufficient to identify the patient and the purchase. To avoid non-compliance, a transaction hander (TH) receives the data from a merchant'"'"'s acquirer as encrypted by a key known to both the acquirer and TH. After decrypting the data with that key, the TH re-encrypts it with a key known only to the TH, and then stored. After receiving an issuer'"'"'s request for the data, the TH decrypts the data using its own key, re-encrypts it using a key known only to the TH and the issuer, and then sends it to the issuer who will decrypt the data using that key. The unencrypted data may be used by the issuer to demonstrate the issuer'"'"'s regulatory compliance to a governmental entity.
-
Citations
20 Claims
-
1. A method comprising a plurality of steps each being performed by a computing apparatus executing software, wherein the steps include:
-
receiving, from an address of an acquirer, acquirer encrypted data for a transaction upon an account for a purchase of an item from a merchant, wherein the acquirer encrypted data; was formed by encrypting unencrypted data from the transaction using an acquirer zone key corresponding to the acquirer; includes information sufficient to identify both; an account holder to whom the account was issued by the issuer; and the item of the purchase; and does not include information sufficient to identify the acquirer zone key; decrypting the acquirer encrypted data for the transaction using the acquirer zone key to form the unencrypted data from the transaction; encrypting the unencrypted data for the transaction using a vault key to form vault encrypted data for the transaction; storing the vault encrypted data for the transaction; receiving, from an address of the issuer, a transaction detail request corresponding to the transaction; decrypting, using the vault key, in response to receiving the transaction detail request, the vault encrypted data for the transaction to form the unencrypted data from the transaction; encrypting the unencrypted data for the transaction using an issuer zone key corresponding to the issuer to form issuer encrypted data for the transaction; and sending, for delivery to the address of the issuer, the issuer encrypted data for the transaction that; includes information sufficient to identify both; the account holder; and the item of the purchase; and does not include information sufficient to identify the issuer zone key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising a plurality of steps each being performed by a computing apparatus executing software, wherein the steps include:
-
receiving, from an address of an acquirer, an authorization request for a transaction upon an account for a purchase of an item from a merchant, wherein; the account was issued to an account holder by an issuer; the authorization request includes an identifier for the account and a total currency amount for the purchase; and the authorization request does not include information sufficient to identify both; the account holder; and the item of the purchase; sending, to an address of the issuer, the authorization request; receiving, from the address of the issuer, in response to the authorization request, an authorization response containing an authorization of the transaction upon the account for the purchase of the item; sending, for delivery to the address of the acquirer, the authorization response; receiving, from the address of the merchant, merchant data for the transaction that contain a merchant encrypted portion and a merchant unencrypted portion, wherein; the merchant encrypted portion was formed by encrypting unencrypted data for the transaction using a merchant key corresponding to the merchant, wherein the merchant encrypted data includes information sufficient to identify both; the account holder; and the item of the purchase; and does not include information sufficient to identify the merchant key; the merchant unencrypted portion contains data for the transaction; sending, for delivery to the address of the issuer, the merchant unencrypted portion that; includes information sufficient for clearing and settling the transaction; and does not include information sufficient to identify both; the account holder; and the item of the purchase; decrypting the merchant encrypted data for the transaction using the merchant key to form the unencrypted data from the transaction; encrypting the unencrypted data for the transaction using a vault key to form vault encrypted data for the transaction; storing the vault encrypted data for the transaction in a data repository vault; receiving, from the address of the issuer, a transaction detail request corresponding to the transaction; decrypting, using the vault key, in response to receiving the transaction detail request, the vault encrypted data for the transaction to form the unencrypted data from the transaction; encrypting the unencrypted data for the transaction, using an issuer zone key corresponding to the issuer, to form issuer encrypted data for the transaction; and sending, for delivery to the address of the issuer, the issuer encrypted data for the transaction that; includes information sufficient to identify both; the account holder; and the item of the purchase; and does not include information sufficient to identify the issuer zone key. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method comprising a plurality of steps each being performed by a computing apparatus executing software, wherein the steps include:
-
receiving, from an address of an acquirer, an authorization request for a transaction upon an account for a purchase of an item from a merchant, wherein; the account was issued to an account holder by an issuer; the account holder is a participant in a transaction processing system in which a transaction handler processes each of a plurality of said transactions, each said transaction being characterized by one said merchant and one said account holder engaging in the transaction upon one said account that one said issuer issued to one said account holder, wherein the one said merchant submits the transaction to one said acquirer for processing by the transaction handler who requests the one said issuer to obtain payment for the transaction from the account of the one said account holder, and wherein the one said issuer forwards the payment to the transaction handler who forwards the payment to the one said acquirer to pay the one said merchant for the transaction; the authorization request includes an identifier for the account and a total currency amount for the purchase; and the authorization request does not include information sufficient to identify both; the account holder; and the item of the purchase; sending, to an address of the issuer, the authorization request; receiving, from the address of the issuer, in response to the authorization request, an authorization response containing an authorization of the transaction upon the account for the purchase of the item; sending, for delivery to the address of the acquirer, the authorization response; receiving, from the address of the acquirer, information for the transaction that; is not sufficient to identify both; the account holder; and the item of the purchase; is sufficient for clearing and settling the transaction purchase; sending, for delivery to the address of the issuer, the information for the transaction; receiving, from the address of the acquirer, acquirer encrypted data for the transaction that; was formed by encrypting unencrypted data from the transaction using an acquirer zone key corresponding to the acquirer; includes information sufficient to identify both; the account holder; and the item of the purchase; and does not include information sufficient to identify the acquirer zone key; decrypting the acquirer encrypted data for the transaction using the acquirer zone key to form the unencrypted data from the transaction; encrypting the unencrypted data for the transaction using a vault key to form vault encrypted data for the transaction; storing the vault encrypted data for the transaction; receiving, from an address of the issuer, a transaction detail request corresponding to the transaction; decrypting, using the vault key, in response to receiving the transaction detail request, the vault encrypted data for the transaction to form the unencrypted data from the transaction; encrypting the unencrypted data for the transaction using an issuer zone key corresponding to the issuer to form issuer encrypted data for the transaction; and sending, for delivery to the address of the issuer, the issuer encrypted data for the transaction that; includes information sufficient to identify both; the account holder; and the item of the purchase; and does not include information sufficient to identify the issuer zone key. - View Dependent Claims (17, 18, 19, 20)
-
Specification