Purchase Transaction System with Encrypted Payment Card Data

US 20140344164A1
Filed: 07/30/2014
Published: 11/20/2014
Est. Priority Date: 12/06/2010
Status: Active Grant

First Claim

Patent Images

1. A method in which a user at user computing equipment uses client software in completing an online purchase transaction with merchant computing equipment over a communications network, the method comprising:

with payment processing computing equipment associated with a payment processor, providing the client software on the user computing equipment with code for an encryption function and a cryptographic key; and

with the payment processing computing equipment, receiving a purchase transaction authorization request from the merchant computing equipment that contains payment information encrypted by the client software using the encryption function.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Online ordering systems allow a user to submit sensitive information such as payment card information to a merchant in encrypted form. A payment card processor server may be used to provide the user'"'"'s web browser with code for an encryption function, a cryptographic key, and a key identifier. The web browser may encrypt the payment card information by executing the encryption function and using the key. The encrypted payment card information may be supplied to the merchant over the internet. A key identifier that identifies which cryptographic key was used in encrypting the payment card information may be provided to the merchant without providing the merchant with access to the key. The merchant can forward the encrypted payment card information to the credit card processor server with the key identifier. The processor server can use the key identifier to obtain the key and decrypt the payment card information for authorization.

24 Citations

View as Search Results

20 Claims

1. A method in which a user at user computing equipment uses client software in completing an online purchase transaction with merchant computing equipment over a communications network, the method comprising:
- with payment processing computing equipment associated with a payment processor, providing the client software on the user computing equipment with code for an encryption function and a cryptographic key; and
  
  with the payment processing computing equipment, receiving a purchase transaction authorization request from the merchant computing equipment that contains payment information encrypted by the client software using the encryption function.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method defined in claim 1 further comprising:
    - with the payment processing computing equipment, using the cryptographic key to decrypt the payment information.
  - 3. The method defined in claim 2 further comprising:
    - with the payment processing computing equipment, determining whether to authorize use of a payment card corresponding to the payment information for use in the online purchase transaction based at least partly on the payment information decrypted using the cryptographic key.
  - 4. The method defined in claim 1 further comprising:
    - with the payment processing computing equipment, providing a key identifier to the client software over the communications network.
  - 5. The method defined in claim 1 further comprising:
    - with the client software on the user computing equipment, using the code for the encryption function and the cryptographic key to encrypt the payment information.
  - 6. The method defined in claim 5, wherein the payment information comprises a credit card number.
  - 7. The method defined in claim 5, wherein the client software comprises a web browser.
  - 8. The method defined in claim 5 further comprising:
    - with the merchant computing equipment, receiving the encrypted payment information from the client software and providing the encrypted payment information to the payment processing computing equipment without gaining access to an unencrypted version of the payment information.
  - 9. The method defined in claim 5, further comprising:
    - with the merchant computing equipment, receiving the encrypted payment information from the client software and providing the encrypted payment information to the payment processing computing equipment without gaining access to an unencrypted version of the payment information;
      
      with the payment processing computing equipment, using the cryptographic key to decrypt the encrypted payment information; and
      
      with the payment processing computing equipment, determining whether to authorize use of the payment information in the online purchase transaction based at least partly on the payment information decrypted using the cryptographic key.

10. A method for conducting online purchases, comprising:
- with a web server at merchant computing equipment, providing ordering information over the communications network to client software running on user computing equipment, wherein the ordering information includes code that requests a cryptographic key from a different server over the communications network; and
  
  with the merchant computing equipment, receiving encrypted payment information from the client software over the communications network that has been encrypted using the cryptographic key.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method defined in claim 10 wherein the different server comprises a payment processor server, the method further comprising:
    - transmitting the payment information from the merchant computing equipment to the payment processor server for decryption.
  - 12. The method defined in claim 11 further comprising:
    - with a decryption engine at the payment processor server, obtaining a key from a key source at the payment processor server and using the key to decrypt the encrypted payment information.
  - 13. The method defined in claim 12 further comprising:
    - at the payment processor server, using the decrypted payment information to determine whether to authorize an online purchase associated with the ordering information.
  - 14. The method defined in claim 10 wherein the communications network includes the internet, wherein the code that requests the cryptographic key comprises a JavaScript command that retrieves the cryptographic key and an associated key identifier from a key source at the different server, and wherein providing the ordering information comprises providing the JavaScript command to the client software over the internet.
  - 15. The method defined in claim 10 wherein the ordering information includes a Cascading Style Sheet command that requests the cryptographic key and a key identifier associated with the cryptographic key from the different server over the communications network.

16. A method for conducting online purchases in a system that includes user computing equipment, a first server that communicates with the user computing equipment over a communications network, and a second server, the method comprising:
- with client software at the user computing equipment, receiving code from the first server over the communications network, wherein the received code comprises a first code that requests a cryptographic key from the second server over the communications network and a second code for using the client software to accept payment information from a user of the client software.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method defined in claim 16 wherein the first server comprises a web server associated with a merchant selling a product to the user, wherein the payment information comprises payment card information, and wherein the second server comprises a payment card processor server, the method further comprising:
    - at the web server associated with the merchant, receiving an encrypted version of the payment card information from the user computing equipment over the communications network; and
      
      at the web server associated with the merchant, submitting a request to the payment card processor server over the communications network to authorize the payment card information.
  - 18. The method defined in claim 17 wherein submitting the request comprises submitting the encrypted payment card information to the payment card processor server over the communications network with a key identifier that is associated with the cryptographic key.
  - 19. The method defined in claim 16, wherein receiving the code comprises receiving a code that requests encryption function code over the communications network, the method further comprising:
    - at the user computing equipment, running the encryption function code to encrypt the payment information using a format preserving encryption operation.
  - 20. The method defined in claim 19 further comprising:
    - at the user computing equipment, running the encryption function code to encrypt the payment information using an encryption operation that embeds a key identifier that is associated with the cryptographic key into the encrypted payment information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Pauker, Matthew J., Spies, Terence

Granted Patent

US 11,341,464 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06F 21/6263   during internet communicati...

G06Q 20/02   involving a neutral party, ...

G06Q 20/085   involving remote charge det...

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

Purchase Transaction System with Encrypted Payment Card Data

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Purchase Transaction System with Encrypted Payment Card Data

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links