Method and system for secure online transaction processing

US 5,903,721 A
Filed: 03/13/1997
Issued: 05/11/1999
Est. Priority Date: 03/13/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method for executing a secure online transaction between a user computer and a vendor computer, the vendor computer and the user computer being interconnected to a computer network for data communications therebetween, the user computer having associated therewith a network address unique thereto at the time of the request;

the method comprising the steps of;

a) the user computer executing a transaction request, comprising the steps ofi) generating a user authentication number as a first function ofa user registration number unique to the user computer,time stamp data correlated to the time of the transaction request, andan internally stored user matrix unique to the user computer;

ii) assigning a network protocol port number as a second function ofthe user registration number,the time stamp data, andthe user matrix;

iii) transmitting a transaction request message to the vendor computer via the computer network, the transaction request message comprisingthe user registration number,the time stamp data,first data indicative of the requested transaction, andthe network address associated with the user computer;

b) in response to receiving the transaction request message, the vendor computer sending a transaction verification request to a trust server computer interconnected to the computer network, the transaction verification request comprising(i) the user registration number,(ii) the time stamp data,(iii) second data indicative of the requested transaction, and(iv) the network address associated with the user computer;

c) in response to receiving the transaction verification request from the vendor computer, the trust server computer authenticating the user computer by(i) calculating the user matrix by from an internal memory by utilizing the received user registration number to address the memory,(ii) generating a trust server authentication number as a first function ofthe received user registration number,the received time stamp data, andthe calculated matrix;

(iii) calculating an expected network protocol port number as a second function ofthe received user registration number,the received time stamp data, andthe calculated user matrix,(iv) communicating via the computer network with the user computer by utilizing the user computer network address received from the vendor computer and the calculated expected network protocol port number,(v) obtaining from the user computer the user authentication number,(vi) comparing the obtained user authentication number with the generated trust server authentication number; and

vii) indicating that the user computer is authentic when the comparison step has passed, and indicating that the user computer is not authentic when the comparison step has failed.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for executing a secure online transaction between a vendor computer and a user computer, wherein the vendor computer and the user computer are interconnected to a computer network such as the Internet for data communications therebetween. The method comprises the steps of the user computer transmitting a transaction request message to the vendor computer via the computer network, the financial transaction request comprising user identification data unique to the user computer; in response to receiving the transaction request, the vendor computer sending a transaction verification request to a trust server computer interconnected to the computer network, the transaction verification request comprising the user identification data and data indicative of the requested transaction; in response to receiving the transaction verification request, the trust server computer authenticating the user computer by using the user identification data and communicating with the user computer for verification with the user identification data; and the trust server authorizing the transaction when the authenticating step has passed.

1074 Citations

11 Claims

1. A method for executing a secure online transaction between a user computer and a vendor computer, the vendor computer and the user computer being interconnected to a computer network for data communications therebetween, the user computer having associated therewith a network address unique thereto at the time of the request;
- the method comprising the steps of;
  
  a) the user computer executing a transaction request, comprising the steps ofi) generating a user authentication number as a first function ofa user registration number unique to the user computer,time stamp data correlated to the time of the transaction request, andan internally stored user matrix unique to the user computer;
  
  ii) assigning a network protocol port number as a second function ofthe user registration number,the time stamp data, andthe user matrix;
  
  iii) transmitting a transaction request message to the vendor computer via the computer network, the transaction request message comprisingthe user registration number,the time stamp data,first data indicative of the requested transaction, andthe network address associated with the user computer;
  
  b) in response to receiving the transaction request message, the vendor computer sending a transaction verification request to a trust server computer interconnected to the computer network, the transaction verification request comprising(i) the user registration number,(ii) the time stamp data,(iii) second data indicative of the requested transaction, and(iv) the network address associated with the user computer;
  
  c) in response to receiving the transaction verification request from the vendor computer, the trust server computer authenticating the user computer by(i) calculating the user matrix by from an internal memory by utilizing the received user registration number to address the memory,(ii) generating a trust server authentication number as a first function ofthe received user registration number,the received time stamp data, andthe calculated matrix;
  
  (iii) calculating an expected network protocol port number as a second function ofthe received user registration number,the received time stamp data, andthe calculated user matrix,(iv) communicating via the computer network with the user computer by utilizing the user computer network address received from the vendor computer and the calculated expected network protocol port number,(v) obtaining from the user computer the user authentication number,(vi) comparing the obtained user authentication number with the generated trust server authentication number; and
  
  vii) indicating that the user computer is authentic when the comparison step has passed, and indicating that the user computer is not authentic when the comparison step has failed.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 in which:
    - the first function for generating the user authentication number comprises the step of synthesizing a user matrix as a third function of the user matrix; and
      
      the first function for generating the trust server authentication number comprises the step of synthesizing a trust server user matrix as a third function of the calculated matrix.
  - 3. The method of claim 2 in which:
    - the first function for generating the user authentication number utilizes the user registration number and the time stamp data to extract the user authentication number from the synthesized user matrix; and
      
      the first function for generating the trust server authentication number utilizes the user registration number and the time stamp data to extract the trust server authentication number from the synthesized trust server user matrix.

4. A method for executing a secure online transaction between a user computer and a vendor computer, the vendor computer and the user computer being interconnected to a computer network for data communications therebetween, the user computer having associated therewith a network address unique thereto at the time of the request;
- the method comprising the steps of;
  
  a) the user computer executing a transaction request, comprising the steps ofi) generating a user authentication number as a first function ofa user registration number unique to the user computer, andan internally stored user matrix unique to the user computer;
  
  ii) assigning a network protocol port number as a second function ofthe user registration number, andthe user matrix;
  
  iii) transmitting a transaction request message to the vendor computer via the computer network, the transaction request message comprisingthe user registration number,first data indicative of the requested transaction, andthe network address associated with the user computer;
  
  b) in response to receiving the transaction request message, the vendor computer sending a transaction verification request to a trust server computer interconnected to the computer network, the transaction verification request comprising(i) the user registration number,(ii) second data indicative of the requested transaction, and(iv) the network address associated with the user computer;
  
  c) in response to the transaction verification request from the vendor computer, the trust server computer authenticating the user computer by(i) calculating the user matrix from an internal memory by utilizing the received user registration number to address the memory,(ii) generating a trust server authentication number as a first function ofthe received user registration number, andthe calculated matrix,(iii) calculating an expected network protocol port number as a second function ofthe received user registration number, andthe calculated user matrix,(iv) communicating with the user computer by utilizing the user computer network address received from the vendor computer and the calculated expected network protocol port number,(v) obtaining from the user computer the user authentication number,(vi) comparing the obtained user authentication number with the generated trust server authentication number; and
  
  (vii) indicating that the user computer is authentic when the comparison step has passed, and indicating that the user computer is not authentic when the comparison step has failed.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The method of claim 4 in which:
    - the first function for generating the user authentication number comprises the step of synthesizing the user matrix as a third function of the user matrix; and
      
      the first function for generating the trust server authentication number comprises the step of synthesizing the trust server user matrix as a third function of the calculated matrix.
  - 6. The method of claim 5 in which:
    - the first function for generating the user authentication number utilizes the user registration number to extract the user authentication number from the synthesized user matrix; and
      
      the first function for generating the trust server authentication number utilizes the user registration number to extract the trust server authentication number from the synthesized trust server user matrix.
  - 7. The method of claim 4 wherein the user authentication number generated by the user computer is also a first function of time stamp data correlated to the time of the transaction request, the transaction request message transmitted by the user computer to the vendor computer also comprises the time stamp data, the transaction verification request sent by the vendor computer to the trust server computer also comprises the time stamp data, and the trust server authentication number generated by the trust server computer is also a first function of the received time stamp data.
  - 8. The method of claim 4 wherein the network protocol port number assigned by the user computer is also a second function of time stamp data correlated to the time of the transaction request, the transaction request message transmitted by the user computer to the vendor computer also comprises the time stamp data, the transaction verification request sent by the vendor computer to the trust server also comprises the time stamp data, and the expected network protocol port number is calculated as a second function of the received time stamp data.

9. A method for executing a secure online transaction between a user computer and a vendor computer, the vendor computer and the user computer being interconnected to a computer network for data communications therebetween, the user computer having associated therewith a network address unique thereto at the time of the request;
- the method comprising the steps of;
  
  a) the user computer executing a transaction request, comprising the steps ofi) generating a user authentication number as a first function ofa user registration number unique to the user computer, andtime stamp data correlated to the time of the transaction request;
  
  ii) assigning a network protocol port number as a second function ofthe user registration number, andthe time stamp data;
  
  iii) transmitting a transaction request message to the vendor computer via the computer network, the transaction request message comprisingthe user registration number,the time stamp data,first data indicative of the requested transaction, andthe network address associated with the user computer;
  
  b) in response to the transaction request message, the vendor computer sending a transaction verification request to a trust server computer interconnected to the computer network, the transaction verification request comprising(i) the user registration number,(ii) the time stamp data,(iii) second data indicative of the requested transaction, and(iv) the network address associated with the user computer;
  
  c) in response to receiving the transaction verification request from the vendor computer, the trust server computer authenticating the user computer by(i) generating a trust server authentication number as a first function ofthe received user registration number, andthe received time stamp data;
  
  (iii) calculating an expected network protocol port number as a second function ofthe received user registration number, andthe received time stamp data, and(iv) communicating with the user computer by utilizing the user computer network address received from the vendor computer and the calculated expected network protocol port number,(v) obtaining from the user computer the user authentication number,(vi) comparing the obtained user authentication number with the generated trust server authentication number; and
  
  (vii) indicating that the user computer is authentic when the comparison step has passed, and indicating that the user computer is not authentic when the comparison step has failed.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9 wherein the user authentication number generated by the user computer is also a first function of an internally stored user matrix unique to the user computer, the trust server computer fetches from memory the user matrix by utilizing the received user registration number as the memory address, and the trust server authentication number generated by the trust server computer is also a first function of the calculated user matrix.
  - 11. The method of claim 9 the network protocol port number assigned by the user computer as also a second function of an internally stored user matrix unique to the user computer, the trust server computer fetches from memory the user matrix by utilizing the received user registration number as the memory address, and the expected network protocol port number is calculated by the trust server computer also as a second function of the calculated user matrix.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cha|Technologies Services Incorporated
Original Assignee
Cha|Technologies Services Incorporated
Inventors
Sixtus, Timothy
Primary Examiner(s)
Palys, Joseph E.
Assistant Examiner(s)
WRIGHT, NORMAN M

Application Number

US08/816,410
Time in Patent Office

789 Days
Field of Search

395/188.01, 395/187.01, 395/186, 380/3, 380/4, 380/21, 380/23, 380/24, 380/25, 380/30
US Class Current

726/2
CPC Class Codes

G06F 2211/009   Trust

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/24   Credit schemes, i.e. "pay a...

H04L 2463/102   applying security measure f...

H04L 63/0823   using certificates cryptogr...

H04L 9/40   Network security protocols

Method and system for secure online transaction processing

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

1074 Citations

11 Claims

Specification

Use Cases

Quick Links

Others

Method and system for secure online transaction processing

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1074 Citations

11 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others