Method and apparatus for secured transmission of confidential data over an unsecured network
First Claim
1. Over a network where unique encryption keys are forwarded to users on an off-network basis, said encryption keys being randomly generated and assigned to said users by an automated processing system, said encryption keys having corresponding unique customer numbers assigned thereto, a method of securely transmitting a customer request for goods or services to a merchant via an intermediary switch, the method comprising the steps of:
- (a) encrypting the customer request, customer number and encryption key and electronic address of at least one merchant to create an unintelligible electronic message;
(b) attaching the customer'"'"'s unique number in clear format to the unintelligible message to create a message request;
(c) accessing the network;
(d) transmitting the message request to the switch via the network;
(e) verifying the integrity of the message request by performing a bit stream check on the message request data stream;
(f) logging any errors found in the message request data stream;
(g) de-encrypting the message request if it is error free to reveal the customer request, the encryption key, the customer number and the electronic address of the merchant;
(h) comparing the de-encrypted customer number to the customer'"'"'s unique number in clear format to verify that they match;
(i) logging an error if the de-encrypted customer number does not match the customer'"'"'s unique number in clear format;
(j) retrieving the customer'"'"'s velocity file if the de-encrypted encryption key matches the encryption key in clear format;
(k) verifying that the customer request does not violate any customer specified transaction limits contained in the velocity file;
(l) logging an error if the customer request violates any customer specified transaction limits;
(m) retrieving the merchant'"'"'s encryption key and unique number if no violation of the velocity file is encountered;
(n) using the merchant'"'"'s unique encryption key to re-encrypt the customer request; and
(o) transmitting the re-encrypted message to the merchant.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus that allows INternet users to purchase or order goods and services through the INternet by permitting the secured transmission of sensitive financial information. Messages are encrypted and locked with a randomly generated encryption key to which only the user has access. Furthermore, a unique customer number is assigned to each user for identification purposes. Encrypted messages are intercepted in-transmission by a switch which deencrypts the message and verifies that the request originated from an authorized customer and that the data string has maintained integrity. The request is then reencrypted with the intended recipient'"'"'s unique encryption key and transmitted on the INternet to the recipient. The request may include sensitive customer credit information which may be routed to a merchant, financial institution or credit authorizer in order to make purchases or place orders through the INternet.
-
Citations
5 Claims
-
1. Over a network where unique encryption keys are forwarded to users on an off-network basis, said encryption keys being randomly generated and assigned to said users by an automated processing system, said encryption keys having corresponding unique customer numbers assigned thereto, a method of securely transmitting a customer request for goods or services to a merchant via an intermediary switch, the method comprising the steps of:
-
(a) encrypting the customer request, customer number and encryption key and electronic address of at least one merchant to create an unintelligible electronic message; (b) attaching the customer'"'"'s unique number in clear format to the unintelligible message to create a message request; (c) accessing the network; (d) transmitting the message request to the switch via the network; (e) verifying the integrity of the message request by performing a bit stream check on the message request data stream; (f) logging any errors found in the message request data stream; (g) de-encrypting the message request if it is error free to reveal the customer request, the encryption key, the customer number and the electronic address of the merchant; (h) comparing the de-encrypted customer number to the customer'"'"'s unique number in clear format to verify that they match; (i) logging an error if the de-encrypted customer number does not match the customer'"'"'s unique number in clear format; (j) retrieving the customer'"'"'s velocity file if the de-encrypted encryption key matches the encryption key in clear format; (k) verifying that the customer request does not violate any customer specified transaction limits contained in the velocity file; (l) logging an error if the customer request violates any customer specified transaction limits; (m) retrieving the merchant'"'"'s encryption key and unique number if no violation of the velocity file is encountered; (n) using the merchant'"'"'s unique encryption key to re-encrypt the customer request; and (o) transmitting the re-encrypted message to the merchant. - View Dependent Claims (2, 3, 4)
-
-
5. A system for securely transmitting a customer request for goods and/or services over the Internet using unique customer specific encryption keys and associated customer numbers, said encryption keys delivered to a customer over a non-Internet transmission channel, the system comprising:
-
a computing means running at least one application program for creating encrypted electronic messages using a customer'"'"'s unique encryption key, said encrypted electronic messages containing the customer'"'"'s encryption key, the customer'"'"'s unique customer number and a customer request; an Internet access means coupled to said computing means; a switch configured to intercept said encrypted electronic messages, said switch communicably accessible to said computing means using said Internet access means, said switch comprising the following; a customer database containing a plurality of key generation and distribution data; a de-encryption means for receiving encrypted messages from said computing means and producing de-encrypted customer requests; a validity checking means coupled to said de-encryption means for receiving the de-encrypted customer requests and further configured to compare data contained in such requests against the key generation and distribution data contained in the customer database; and an encryption processor communicably attached to the validity checking means for encrypting messages prior to transmission on the Internet; and a plurality of merchant terminals coupled to said switch via the Internet.
-
Specification