Open network payment system for providing for real-time authorization of payment and purchase transactions

US 6,205,437 B1
Filed: 03/02/1998
Issued: 03/20/2001
Est. Priority Date: 12/16/1993
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. An open network payment system for providing for real-time authorization of payment transactions by a financial authorization network external to the network payment system, comprising:

a plurality of client computers; and

a payment computer;

the client computers and the payment computer being interconnected by a public packet switched communications network;

each one of the client computers being programmed to construct a payment request message specifying a payment amount to be transferred from a sender to a beneficiary, and to cause the payment request message to be transmitted to the payment computer over the public packet switched communications network;

the payment computer being programmed to cause a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary, to receive an authorization from the financial authorization network in response to the message, and to transmit an authorization message to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;

at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is verified based on a principal-specific or source-specific public key.

View all claims

10 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A complete system for the purchasing of goods or information over a computer network is presented. Merchant computers on the network maintain databases of digital advertisements that are accessed by buyer computers. In response to user inquiries, buyer computers retrieve and display digital advertisements from merchant computers. A digital advertisement can further include a program that is interpreted by a buyer'"'"'s computer. The buyer computers include a means for a user to purchase the product described by a digital advertisement. If a user has not specified a means of payment at the time of purchase, it can be requested after a purchase transaction is initiated. A network payment system performs payment order authorization in a network with untrusted switching, transmission, and host components. Payment orders are backed by accounts in an external financial system network, and the payment system obtains account authorizations from this external network in real-time. Payment orders are signed with authenticators that can be based on any combination of a secret function of the payment order parameters, a single-use transaction identifier, or a specified network address.

420 Citations

36 Claims

1. An open network payment system for providing for real-time authorization of payment transactions by a financial authorization network external to the network payment system, comprising:
- a plurality of client computers; and
  
  a payment computer;
  
  the client computers and the payment computer being interconnected by a public packet switched communications network;
  
  each one of the client computers being programmed to construct a payment request message specifying a payment amount to be transferred from a sender to a beneficiary, and to cause the payment request message to be transmitted to the payment computer over the public packet switched communications network;
  
  the payment computer being programmed to cause a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary, to receive an authorization from the financial authorization network in response to the message, and to transmit an authorization message to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
  
  at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is verified based on a principal-specific or source-specific public key.
- View Dependent Claims (2, 3, 4, 16, 20)
- - 2. The network payment system of claim 1 wherein the authorization message comprises an authenticator proving that the payment computer originated the authorization message and is capable of validation without use of a secret key.
  - 3. The network payment system of claim 1 wherein the at least one signature comprises one signature that protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, protects the at least one message from replay attack, and is computed based on a principal-specific or source-specific secret key.
  - 4. The network payment system of claim 1 wherein the payment computer is programmed to cause information pertaining to the payment request message and authorization to be recorded.
  - 16. The network payment system of claim 4 wherein the payment computer is programmed to cause the information pertaining to the payment request message and authorization to be recorded in a settlement database.
  - 20. The open network payment system of claim 1 wherein the payment request message comprises the at least one digital signature of components that include components derived from the at least one message.

5. A method of providing for real-time authorization of purchase transactions by a financial authorization network external to a public packet switched communications network interconnecting a plurality of client computers and a payment computer, and comprising the steps of:
- constructing a payment request message at one of the client computers specifying a payment amount to be transferred from a sender to a beneficiary, and causing the payment request message to be transmitted to the payment computer over the public packet switched communications network; and
  
  causing a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, receiving, at the payment computer, an authorization from the financial authorization network, and transmitting an authorization message from the payment computer to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
  
  at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is verified based on a principal-specific or source-specific public key.
- View Dependent Claims (6, 9, 17, 21)
- - 6. The method of claim 5 wherein the authorization message comprises an authenticator proving that the payment computer originated the authorization message and is capable of validation without use of a secret key.
  - 9. The method of claim 5 further comprising the step of causing information pertaining to the payment request message and authorization to be recorded.
  - 17. The method of claim 9 wherein the information pertaining to the payment request message and authorization is recorded in a settlement database.
  - 21. The method of claim 5 wherein the payment request message comprises the at least one digital signature of components that include components derived from the at least one message.

7. A payment computer for use in providing real-time authorization of payment transactions by a financial authorization network external to the network payment system, the payment computer being programmed to receive, over a public packet switched communications network, a payment request message specifying a payment amount to be transferred from the sender to the beneficiary, the payment computer further being programmed to authenticate the payment request message, to cause a message to be transmitted into a financial authorization network external to the network payment system, in order to verify that the sender has adequate finds or credit having real monetary value, to receive an authorization from the financial authorization network in response to the message, and to transmit an authorization message over the public packet switched communications network, the authorization message comprising an authenticator proving that the payment computer originated the authorization message, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
- at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is verified based on a principal-specific or source-specific public key.
- View Dependent Claims (8, 22)
- - 8. The payment computer of claim 7 wherein the authorization message comprises an authenticator proving that the payment computer originated the authorization message and is capable of validation without use of a secret key.
  - 22. The payment computer of claim 7 wherein the payment request message comprises the at least one digital signature of components that include components derived from the at least one message.

10. An open network payment system for providing for real-time authorization of payment transactions by a financial authorization network external to the network payment system, comprising:
- a plurality of client computers; and
  
  a payment computer;
  
  the client computers and the payment computer being interconnected by a public packet switched communications network;
  
  each one of the client computers being programmed to construct a payment request message specifying a payment amount to be transferred from a sender to a beneficiary, and to cause the payment request message to be transmitted to the payment computer over the public packet switched communications network;
  
  the payment computer being programmed to cause a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, to receive an authorization from the financial authorization network in response to the message, and to transmit an authorization message to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
  
  the authorization message comprising at least one digital signature of components that include components derived from the authorization message, at least one of which digital signatures protects the authorization message from forgery, at least one of which digital signatures protects the authorization message from all replay attacks that result in loss of value; and
  
  the authorization message comprising an authenticator proving that the payment computer originated the authorization message and being capable of validation without use of a secret key.
- View Dependent Claims (11, 12, 18)
- - 11. The network payment system of claim 10 wherein the authenticator is a digital signature.
  - 12. The network payment system of claim 10 wherein the payment computer is programmed to cause information pertaining to the payment request message and authorization to be recorded.
  - 18. The network payment system of claim 12 wherein the payment computer is programmed to cause the information pertaining to the payment request message and authorization to be recorded in a settlement database.

13. A method of providing for real-time authorization of purchase transactions by a financial authorization network external to a public packet switched communications network interconnecting a plurality of client computers and a payment computer, and comprising the steps of:
- constructing a payment request message at one of the client computers specifying a payment amount to be transferred from a sender to a beneficiary, and causing the payment request message to be transmitted to the payment computer over the public packet switched communications network; and
  
  causing a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, receiving, at the payment computer, an authorization from the financial authorization system in response to the message, and transmitting an authorization message from the payment computer to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
  
  the authorization message comprising at least one digital signature of components that include components derived from the authorization message, at least one of which digital signatures protects the authorization message from forgery, and at least one of which digital signatures protects the authorization message from all replay attacks that result in loss of value; and
  
  the authorization message comprising an authenticator proving that the payment computer originated the authorization message and being capable of validation without use of a secret key.
- View Dependent Claims (14, 15, 19)
- - 14. The method of claim 13 wherein the authenticator is a digital signature.
  - 15. The method of claim 13 further comprising the step of causing information pertaining to the payment request message and authorization to be recorded.
  - 19. The method of claim 15 wherein the information pertaining to the payment request message and authorization is recorded in a settlement database.

23. An open network payment system for providing for real-time authorization of payment transactions by a financial authorization network external to the network payment system, comprising:
- a plurality of client computers; and
  
  a payment computer;
  
  the client computers and the payment computer being interconnected by a public packet switched communications network;
  
  each one of the client computers being programmed to construct a payment request message specifying a payment amount to be transferred from a sender to a beneficiary, and to cause the payment request message to be transmitted to the payment computer in at least one message over the public packet switched communications network;
  
  the payment computer being programmed to receive the payment request message and to cause an authorization request to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, to receive an authorization from the financial authorization network, in response to the authorization request, and to transmit an authorization message to the client computer as at least one message over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay attack;
  
  at least one of the payment request message and the authorization message comprising at least one encrypted digest of components that include components derived from the at least one message, at least one of which encrypted digests protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the components of the at least one message, at least one of which encrypted digests protects the at least one message from all replay attacks that result in loss of value, and at least one of which encrypted digests is verified based on a principal-specific or source-specific public key.
- View Dependent Claims (24)
- - 24. The open network payment system of claim 23 wherein the payment request message comprises the at least one encrypted digest of components that include components derived from the at least one message.

25. A method of providing for real-time authorization of purchase transactions by a financial authorization network external to a public packet switched communications network interconnecting a plurality of client computers and a payment computer, and comprising the steps of:
- constructing a payment request message at one of the client computers specifying a payment amount to be transferred from a sender to a beneficiary, and causing the payment request message to be transmitted to the payment computer in at least one message over the public packet switched communications network; and
  
  receiving, at the payment computer, the payment request message, and causing an authorization request to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, receiving, at the payment computer, an authorization from the financial authorization network, in response to the authorization request, and transmitting an authorization message from the payment computer to the client computer as at least one message over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay attack;
  
  at least one of the payment request message and the authorization message comprising at least one encrypted digest of components that include components derived from the at least one message, at least one of which encrypted digests protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the components of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is verified based on a principal-specific or source-specific public key.
- View Dependent Claims (26)
- - 26. The method of claim 25 wherein the payment request message comprises the at least one digital signature of components that include components derived from the at least one message.

27. An open network payment system for providing for real-time authorization of payment transactions by a financial authorization network external to the network payment system, comprising:
- a plurality of client computers; and
  
  a payment computer;
  
  the client computers and the payment computer being interconnected by a public packet switched communications network;
  
  each one of the client computers being programmed to construct a payment request message specifying a payment amount to be transferred from a sender to a beneficiary, and to cause the payment request message to be transmitted to the payment computer over the public packet switched communications network;
  
  the payment computer being programmed to cause a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, to receive an authorization from the financial authorization network in response to the message, and to transmit an authorization message to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
  
  at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is computed based on a principal-specific or source-specific secret key.
- View Dependent Claims (28)
- - 28. The open network payment system of claim 27 wherein the payment request message comprises the at least one digital signature of components that include components derived from the message.

29. A method of providing for real-time authorization of purchase transactions by a financial authorization network external to a public packet switched communications network interconnecting a plurality of client computers and a payment computer, and comprising the steps of:
- constructing a payment request message at one of the client computers specifying a payment amount to be transferred from a sender to a beneficiary, and causing the payment request message to be transmitted to the payment computer over the public packet switched communications network; and
  
  causing a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, receiving, at the payment computer, an authorization from the financial authorization system in response to the message, and transmitting an authorization message from the payment computer to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
  
  at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is computed based on a principal-specific or source-specific secret key.
- View Dependent Claims (30)
- - 30. The method of claim 29 wherein the payment request message comprises the at least one digital signature of components that include components derived from the payment request message.

31. A payment computer for use in providing real-time authorization of payment transactions by a financial authorization network external to the network payment system, the payment computer being programmed to receive, over a public packet switched communications network, a payment request message specifying a payment amount to be transferred from the sender to the beneficiary, the payment computer further being programmed to authenticate the payment request message, to cause a message to be transmitted into a financial authorization network external to the network payment system, in order to verify that the sender has adequate finds or credit having real monetary value, to receive an authorization from the financial authorization network in response to the message transmitted into the financial authorization network, and to transmit an authorization message over the public packet switched communications network, the authorization message comprising an authenticator proving that the payment computer originated the authorization message, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
- at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is computed based on a principal-specific or source-specific secret key.
- View Dependent Claims (32)
- - 32. The method of claim 31 wherein the payment request message comprises the at least one digital signature of components that include components derived from the payment request message.

33. An open network payment system for providing for real-time authorization of payment transactions by a financial authorization network external to the network payment system, comprising:
- a plurality of client computers; and
  
  a payment computer;
  
  the client computers and the payment computer being interconnected by a public packet switched communications network;
  
  each one of the client computers being programmed to construct a payment request message specifying a payment amount to be transferred from a sender to a beneficiary, and to cause the payment request message to be transmitted to the payment computer in at least one message over the public packet switched communications network;
  
  the payment computer being programmed to receive the payment request message and to cause an authorization request to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, to receive an authorization from the financial authorization network, in response to the authorization request, and to transmit an authorization response to the client computer as at least one message over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay attack;
  
  at least one of the messages transmitted over the public packet switched communications network comprising at least one encrypted digest of components that include components derived from the at least one of the messages, at least one of which encrypted digests protects components of the at least one of the messages from forgery, including authenticating an identity of one of a plurality of principals as an originator of the components of the at least one of the messages, at least one of which encrypted digests protects the at least one of the messages from all replay attacks that result in loss of value, and at least one of which encrypted digests is computed based on a principal-specific or source-specific secret key.
- View Dependent Claims (34)
- - 34. The open network payment system of claim 33 wherein the payment request message comprises the at least one encrypted digest of components that include components derived from the payment request message.

35. A method of providing for real-time authorization of purchase transactions by a financial authorization network external to a public packet switched communications network interconnecting a plurality of client computers and a payment computer, and comprising the steps of:
- constructing a payment request message at one of the client computers specifying a payment amount to be transferred from a sender to a beneficiary, and causing the payment request message to be transmitted to the payment computer in at least one message over the public packet switched communications network; and
  
  receiving, at the payment computer, the payment request message, and causing an authorization request to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, receiving, at the payment computer, an authorization from the financial authorization network, in response to the authorization request, and transmitting an authorization response from the payment computer to the client computer as at least one message over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay attack;
  
  at least one of the messages transmitted over the public packet switched communications network comprising at least one encrypted digest of components that include components derived from the at least one of the messages, at least one of which encrypted digests protects components of the at least one of the messages from forgery, including authenticating an identity of one of a plurality of principals as an originator of the components of the at least one of the messages, at least one of which encrypted digests protects the at least one of the messages from all replay attacks that result in loss of value, and at least one of which encrypted digests is computed based on a principal-specific or source-specific secret key.
- View Dependent Claims (36)
- - 36. The open network payment system of claim 35 wherein the payment request message comprises the at least one encrypted digest of components that include components derived from the payment request message.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Soverain IP, LLC
Original Assignee
Open Market, Inc. (Divine Technology Ventures)
Inventors
Gifford, David K.
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
MEINECKE DIAZ, SUSANNA M

Application Number

US09/032,852
Time in Patent Office

1,114 Days
Field of Search

705/26, 705/1, 705/35, 705/39, 705/40, 705/41, 705/42, 705/43, 705/44, 705/45, 705/50, 705/51, 705/53, 705/64, 705/65, 705/67, 705/68, 705/69, 705/70, 705/74, 705/75, 705/78, 705/77, 713/176, 713/181
US Class Current

705/75
CPC Class Codes

G06Q 10/087   Inventory or stock manageme...

G06Q 20/02   involving a neutral party, ...

G06Q 20/023   the neutral party being a c...

G06Q 20/027   involving a payment switch ...

G06Q 20/04   Payment circuits

G06Q 20/085   involving remote charge det...

G06Q 20/10   specially adapted for elect...

G06Q 20/12   specially adapted for elect...

G06Q 20/385   using an alias or single-us...

G06Q 20/401   Transaction verification

G06Q 30/02   Marketing; Price estimation...

G06Q 30/0251   Targeted advertisements

G06Q 30/0253   During e-commerce, i.e. onl...

G06Q 30/0277   Online advertisement

G06Q 30/06   Buying, selling or leasing ...

G06Q 30/0601   Electronic shopping [e-shop...

G06Q 30/0609   Buyer or seller confidence ...

G07F 7/00   Mechanisms actuated by obje...

Open network payment system for providing for real-time authorization of payment and purchase transactions

First Claim

10 Assignments

Litigations

0 Petitions

Accused Products

Abstract

420 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Open network payment system for providing for real-time authorization of payment and purchase transactions

First Claim

10 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

420 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links