METHODS AND APPARATUS FOR CONDUCTING ELECTRONIC TRANSACTIONS

US 20120265690A1
Filed: 06/15/2012
Published: 10/18/2012
Est. Priority Date: 08/31/1999
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving, by a wallet server comprising a processor and a memory, a transaction request from a user device;

sending, by the wallet server, an authentication request to a security server, wherein the security server formats a challenge message;

receiving, by the wallet server and from the security server, the challenge message;

sending, by the wallet server and to the user device, a signature request based on the challenge message, wherein the user device creates a signature response message;

receiving, by the wallet server, the signature response message from the user device;

creating, by the wallet server, a validity check message based upon the signature response message and a security token;

sending, by the wallet server, the validity check message to the security server, wherein the security server verifies a match between security token and security information accessible by the security server; and

receiving, by the wallet server, a validity acceptance from the security server, wherein a transaction associated with the transaction request proceeds, in response to the receiving the validity acceptance.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for conducting electronic commerce are disclosed. In various embodiments, the electronic transaction is a purchase transaction. A user is provided with an intelligent token, such as a smartcard containing a digital certificate. The intelligent token suitably authenticates with a server on a network that conducts all or portions of the transaction on behalf of the user. In various embodiments a wallet server interacts with a security server to provide enhanced reliability and confidence in the transaction. In various embodiments, the wallet server includes a toolbar. In various embodiments, the digital wallet pre-fills forms. Forms may be pre-filled using an auto-remember component.

94 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a wallet server comprising a processor and a memory, a transaction request from a user device;
  
  sending, by the wallet server, an authentication request to a security server, wherein the security server formats a challenge message;
  
  receiving, by the wallet server and from the security server, the challenge message;
  
  sending, by the wallet server and to the user device, a signature request based on the challenge message, wherein the user device creates a signature response message;
  
  receiving, by the wallet server, the signature response message from the user device;
  
  creating, by the wallet server, a validity check message based upon the signature response message and a security token;
  
  sending, by the wallet server, the validity check message to the security server, wherein the security server verifies a match between security token and security information accessible by the security server; and
  
  receiving, by the wallet server, a validity acceptance from the security server, wherein a transaction associated with the transaction request proceeds, in response to the receiving the validity acceptance.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the challenge message comprises random data.
  - 3. The method of claim 1, wherein the security token is stored by the wallet server.
  - 4. The method of claim 1, herein the security token is at least one of created and enabled based upon a logon process.
  - 5. The method of claim 1, wherein the security server performs the at least one of the creating and the enabling the security token.
  - 6. The method of claim 1, wherein the user device is configured with a software application and wherein the software application processes the signature request.
  - 7. The method of claim 6, wherein the software application formats a signature request block.
  - 8. The method of claim 6, wherein the software application formats the signature request block as a Public-Key Cryptography Standards (PKCS) block.
  - 9. The method of claim 7, wherein the software application makes the signature request block available to at least one of a signature module.
  - 10. The method of claim 9, wherein a smart card comprises the signature module.
  - 11. The method of claim 9, wherein a memory of the user device stores the signature module.
  - 12. The method of claim 11, wherein the signature module signs the signature Hock and provides a copy of a security certificate.
  - 13. The method of claim 12, wherein the signature response message comprises the signature block and the security certificate.
  - 14. The method of claim 1, wherein the security token comprises at least one of an authentication token and a user identification (“
    - user ID”
      
      ).
  - 15. The method of claim 1, further comprising:
    - scanning, by the wallet server, a third party request, the scanning identifying executable commands, wherein the executable commands are associated with a programming language; and
      
      at least one of editing and removing, by the wallet server, at least a portion of the executable commands.
  - 16. The method of claim 15, wherein the at least one of editing and removing comprises at least one of:
    - rendering the executable commands unexecutable by the user device by removing a character of the executable commands, andrendering the executable commands unexecutable by the user device by replacing particular characters within the executable commands.
  - 17. The method of claim 1, wherein the security server:
    - scans a third party request to identify executable commands, wherein the executable commands are associated with a programming language; and
      
      at least one of edits and removes at least a portion of the executable commands, wherein the at least one of editing and removing comprises at least one of;
      
      rendering the executable commands unexecutable by the user device by removing a character of the executable commands, andrendering the executable commands unexecutable by the user device by replacing particular characters within the executable commands.
  - 18. The method of claim 1, wherein the user device is configured with wallet client software, wherein the wallet client software:
    - scans a third party request to identify executable commands, wherein the executable commands are associated with a programming language; and
      
      at least one of edits and removes at least a portion of the executable commands, wherein the at least one of editing and removing comprises at least one of;
      
      rendering the executable commands unexecutable by the user device by removing a character of the executable commands, andrendering the executable commands unexecutable by the user device by replacing particular characters within the executable commands.

19. An article of manufacture including a non-transitory computer readable medium having instructions stored thereon that, in response to execution by a wallet server, cause the wallet server to perform operations comprising:
- receiving, by the wallet server, a transaction request from a user device;
  
  sending, by the wallet server, an authentication request to a security server, wherein the security server formats a challenge message;
  
  receiving, by the wallet server and from the security server, the challenge message;
  
  sending, by the wallet server and to the user device, a signature request based on the challenge message, wherein the user device creates a signature response message;
  
  receiving, by the wallet server, the signature response message from the user device;
  
  creating, by the wallet server, a validity check message based upon the signature response message and a security token;
  
  sending, by the wallet server, the validity check message to the security server, wherein the security server verifies a match between security token and security information accessible by the security server; and
  
  receiving, by the wallet server, a validity acceptance from the security server, wherein a transaction associated with the transaction request proceeds, in response to the receiving the validity acceptance.

20. A system comprising:
- a non-transitory memory communicating with a wallet server comprising a processor,the memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising;
  
  receiving, by the processor, a transaction request from a user device;
  
  sending, by the processor, an authentication request to a security server, wherein the security server formats a challenge message;
  
  receiving, by the processor and from the security server, the challenge message;
  
  sending, by the processor and to the user device, a signature request based on the challenge message, wherein the user device creates a signature response message;
  
  receiving, by the processor, the signature response message from the user device;
  
  creating, by the processor, a validity check message based upon the signature response message and a security token;
  
  sending, by the processor, the validity check message to the security server, wherein the security server verifies a match between security token and security information accessible by the security server; and
  
  receiving, by the processor, a validity acceptance from the security server, wherein a transaction associated with the transaction request proceeds, in response to the receiving the validity acceptance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Bishop, Fred Alan, Glazer, Elliott Harold, Gorgol, Zygmunt Steven, Hohle, William G., Johnson, Michael G., Johnstone, David E., Lake, Walter Donald, Royer, Coby, Simkin, Marvin, Swift, Nick, White, Dirk B., Bennett, Russell

Application Number

US13/524,867
Publication Number

US 20120265690A1
Time in Patent Office

Days
Field of Search
US Class Current

705/75
CPC Class Codes

G06Q 20/105   involving programming of a ...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/363   with the personal data of a...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/401   Transaction verification

G06Q 20/4097   using mutual authentication...

G06Q 30/0613   Third-party assisted

G07F 7/0866   by active credit-cards adap...

G07F 7/1008   Active credit-cards provide...

METHODS AND APPARATUS FOR CONDUCTING ELECTRONIC TRANSACTIONS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND APPARATUS FOR CONDUCTING ELECTRONIC TRANSACTIONS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links