Electronic payment system and method
DCFirst Claim
1. An electronic payment system, comprising:
- storage means for storing sensitive account information, at least one browser program, and a public key file, said at least one browser program constituting a means for enabling communications with at least one merchant over an open computer network, and said public key file including means for selecting the public key of a private-public key cryptosystem and for encrypting the sensitive information using the public key to generate an authorization ticket;
means possessed by a merchant in communication with the storage means for receiving said authorization ticket from the storage means and forwarding it to a secured account processor;
means in the account processor including a private key for decrypting the authorization ticket and informing the merchant whether a transaction is authorized.
6 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A cyber wallet in the form of stored and protected account information, which may be "carried" on a tamper resistant portable electronic storage medium such as a smartcard, or stored on the customer'"'"'s computer (or personal digital assistant, PCMCIA card, or the like) together with the browser/mosaic software, is provide to a customer for the purpose of making electronic payments from the possessor of the wallet to a merchant at a remote site on the Internet. Security of the information contained in the wallet is provided by a public key file containing public keys to be used for encrypting the payment information into an authorization ticket which is sent by the wallet to the merchant, and then forwarded to the account servicer for decryption, the decryption key being in the form or a private key held only by the account servicer, and to which the merchant and other parties have no access. The public key rile preferably contains a plurality or public keys selectable by an identifier associated with but not a part of the key itself, so that the account servicer can control, by having the merchant send an identifier to the wallet, the selection of uncompromised keys without anyone but the servicer having knowledge of which key is being selected.
-
Citations
12 Claims
-
1. An electronic payment system, comprising:
-
storage means for storing sensitive account information, at least one browser program, and a public key file, said at least one browser program constituting a means for enabling communications with at least one merchant over an open computer network, and said public key file including means for selecting the public key of a private-public key cryptosystem and for encrypting the sensitive information using the public key to generate an authorization ticket; means possessed by a merchant in communication with the storage means for receiving said authorization ticket from the storage means and forwarding it to a secured account processor; means in the account processor including a private key for decrypting the authorization ticket and informing the merchant whether a transaction is authorized. - View Dependent Claims (2, 3, 4, 5, 6, 12)
-
-
7. An electronic payment method, comprising the steps of:
-
providing a customer with account information personal to the customer, at least one browser program for enabling communications with at least one merchant over an open computer network, and a public key file including means for selecting the public key of a private-public key cryptosystem; upon establishment of communications between the customer and a merchant, generating an authorization ticket made up, at least in part, of said account information which has been encrypted by a selected public key from the public key file; transmitting the authorization ticket to the merchant; upon receipt of the authorization ticket by the merchant, adding information pertaining to an order and forwarding the information pertaining to the order and the authorization ticket to a secured account processor; decrypting the authorization ticket using the private key of said public-private key cryptosystem so that the information contained therein can be used to verify whether the transaction is to be permitted. - View Dependent Claims (8, 9, 10, 11)
-
Specification