Open network payment system for providing for real-time authorization of payment and purchase transactions
DCFirst Claim
1. An open network payment system for providing for real-time authorization of payment transactions by a financial authorization network external to the network payment system, comprising:
- a plurality of client computers; and
a payment computer;
the client computers and the payment computer being interconnected by a public packet switched communications network;
each one of the client computers being programmed to construct a payment request message specifying a payment amount to be transferred from a sender to a beneficiary, and to cause the payment request message to be transmitted to the payment computer over the public packet switched communications network;
the payment computer being programmed to cause a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary, to receive an authorization from the financial authorization network in response to the message, and to transmit an authorization message to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is verified based on a principal-specific or source-specific public key.
10 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A complete system for the purchasing of goods or information over a computer network is presented. Merchant computers on the network maintain databases of digital advertisements that are accessed by buyer computers. In response to user inquiries, buyer computers retrieve and display digital advertisements from merchant computers. A digital advertisement can further include a program that is interpreted by a buyer'"'"'s computer. The buyer computers include a means for a user to purchase the product described by a digital advertisement. If a user has not specified a means of payment at the time of purchase, it can be requested after a purchase transaction is initiated. A network payment system performs payment order authorization in a network with untrusted switching, transmission, and host components. Payment orders are backed by accounts in an external financial system network, and the payment system obtains account authorizations from this external network in real-time. Payment orders are signed with authenticators that can be based on any combination of a secret function of the payment order parameters, a single-use transaction identifier, or a specified network address.
-
Citations
36 Claims
-
1. An open network payment system for providing for real-time authorization of payment transactions by a financial authorization network external to the network payment system, comprising:
-
a plurality of client computers; and
a payment computer;
the client computers and the payment computer being interconnected by a public packet switched communications network;
each one of the client computers being programmed to construct a payment request message specifying a payment amount to be transferred from a sender to a beneficiary, and to cause the payment request message to be transmitted to the payment computer over the public packet switched communications network;
the payment computer being programmed to cause a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary, to receive an authorization from the financial authorization network in response to the message, and to transmit an authorization message to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is verified based on a principal-specific or source-specific public key. - View Dependent Claims (2, 3, 4, 16, 20)
-
-
5. A method of providing for real-time authorization of purchase transactions by a financial authorization network external to a public packet switched communications network interconnecting a plurality of client computers and a payment computer, and comprising the steps of:
-
constructing a payment request message at one of the client computers specifying a payment amount to be transferred from a sender to a beneficiary, and causing the payment request message to be transmitted to the payment computer over the public packet switched communications network; and
causing a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, receiving, at the payment computer, an authorization from the financial authorization network, and transmitting an authorization message from the payment computer to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is verified based on a principal-specific or source-specific public key. - View Dependent Claims (6, 9, 17, 21)
-
-
7. A payment computer for use in providing real-time authorization of payment transactions by a financial authorization network external to the network payment system, the payment computer being programmed to receive, over a public packet switched communications network, a payment request message specifying a payment amount to be transferred from the sender to the beneficiary, the payment computer further being programmed to authenticate the payment request message, to cause a message to be transmitted into a financial authorization network external to the network payment system, in order to verify that the sender has adequate finds or credit having real monetary value, to receive an authorization from the financial authorization network in response to the message, and to transmit an authorization message over the public packet switched communications network, the authorization message comprising an authenticator proving that the payment computer originated the authorization message, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is verified based on a principal-specific or source-specific public key. - View Dependent Claims (8, 22)
-
10. An open network payment system for providing for real-time authorization of payment transactions by a financial authorization network external to the network payment system, comprising:
-
a plurality of client computers; and
a payment computer;
the client computers and the payment computer being interconnected by a public packet switched communications network;
each one of the client computers being programmed to construct a payment request message specifying a payment amount to be transferred from a sender to a beneficiary, and to cause the payment request message to be transmitted to the payment computer over the public packet switched communications network;
the payment computer being programmed to cause a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, to receive an authorization from the financial authorization network in response to the message, and to transmit an authorization message to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
the authorization message comprising at least one digital signature of components that include components derived from the authorization message, at least one of which digital signatures protects the authorization message from forgery, at least one of which digital signatures protects the authorization message from all replay attacks that result in loss of value; and
the authorization message comprising an authenticator proving that the payment computer originated the authorization message and being capable of validation without use of a secret key. - View Dependent Claims (11, 12, 18)
-
-
13. A method of providing for real-time authorization of purchase transactions by a financial authorization network external to a public packet switched communications network interconnecting a plurality of client computers and a payment computer, and comprising the steps of:
-
constructing a payment request message at one of the client computers specifying a payment amount to be transferred from a sender to a beneficiary, and causing the payment request message to be transmitted to the payment computer over the public packet switched communications network; and
causing a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, receiving, at the payment computer, an authorization from the financial authorization system in response to the message, and transmitting an authorization message from the payment computer to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
the authorization message comprising at least one digital signature of components that include components derived from the authorization message, at least one of which digital signatures protects the authorization message from forgery, and at least one of which digital signatures protects the authorization message from all replay attacks that result in loss of value; and
the authorization message comprising an authenticator proving that the payment computer originated the authorization message and being capable of validation without use of a secret key. - View Dependent Claims (14, 15, 19)
-
-
23. An open network payment system for providing for real-time authorization of payment transactions by a financial authorization network external to the network payment system, comprising:
-
a plurality of client computers; and
a payment computer;
the client computers and the payment computer being interconnected by a public packet switched communications network;
each one of the client computers being programmed to construct a payment request message specifying a payment amount to be transferred from a sender to a beneficiary, and to cause the payment request message to be transmitted to the payment computer in at least one message over the public packet switched communications network;
the payment computer being programmed to receive the payment request message and to cause an authorization request to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, to receive an authorization from the financial authorization network, in response to the authorization request, and to transmit an authorization message to the client computer as at least one message over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay attack;
at least one of the payment request message and the authorization message comprising at least one encrypted digest of components that include components derived from the at least one message, at least one of which encrypted digests protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the components of the at least one message, at least one of which encrypted digests protects the at least one message from all replay attacks that result in loss of value, and at least one of which encrypted digests is verified based on a principal-specific or source-specific public key. - View Dependent Claims (24)
-
-
25. A method of providing for real-time authorization of purchase transactions by a financial authorization network external to a public packet switched communications network interconnecting a plurality of client computers and a payment computer, and comprising the steps of:
-
constructing a payment request message at one of the client computers specifying a payment amount to be transferred from a sender to a beneficiary, and causing the payment request message to be transmitted to the payment computer in at least one message over the public packet switched communications network; and
receiving, at the payment computer, the payment request message, and causing an authorization request to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, receiving, at the payment computer, an authorization from the financial authorization network, in response to the authorization request, and transmitting an authorization message from the payment computer to the client computer as at least one message over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay attack;
at least one of the payment request message and the authorization message comprising at least one encrypted digest of components that include components derived from the at least one message, at least one of which encrypted digests protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the components of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is verified based on a principal-specific or source-specific public key. - View Dependent Claims (26)
-
-
27. An open network payment system for providing for real-time authorization of payment transactions by a financial authorization network external to the network payment system, comprising:
-
a plurality of client computers; and
a payment computer;
the client computers and the payment computer being interconnected by a public packet switched communications network;
each one of the client computers being programmed to construct a payment request message specifying a payment amount to be transferred from a sender to a beneficiary, and to cause the payment request message to be transmitted to the payment computer over the public packet switched communications network;
the payment computer being programmed to cause a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, to receive an authorization from the financial authorization network in response to the message, and to transmit an authorization message to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is computed based on a principal-specific or source-specific secret key. - View Dependent Claims (28)
-
-
29. A method of providing for real-time authorization of purchase transactions by a financial authorization network external to a public packet switched communications network interconnecting a plurality of client computers and a payment computer, and comprising the steps of:
-
constructing a payment request message at one of the client computers specifying a payment amount to be transferred from a sender to a beneficiary, and causing the payment request message to be transmitted to the payment computer over the public packet switched communications network; and
causing a message to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, receiving, at the payment computer, an authorization from the financial authorization system in response to the message, and transmitting an authorization message from the payment computer to the client computer over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is computed based on a principal-specific or source-specific secret key. - View Dependent Claims (30)
-
-
31. A payment computer for use in providing real-time authorization of payment transactions by a financial authorization network external to the network payment system, the payment computer being programmed to receive, over a public packet switched communications network, a payment request message specifying a payment amount to be transferred from the sender to the beneficiary, the payment computer further being programmed to authenticate the payment request message, to cause a message to be transmitted into a financial authorization network external to the network payment system, in order to verify that the sender has adequate finds or credit having real monetary value, to receive an authorization from the financial authorization network in response to the message transmitted into the financial authorization network, and to transmit an authorization message over the public packet switched communications network, the authorization message comprising an authenticator proving that the payment computer originated the authorization message, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay of a message previously transmitted over the public packet switched communications network;
at least one of the payment request message and the authorization message comprising at least one digital signature of components that include components derived from the at least one message, at least one of which digital signatures protects the at least one message from forgery, including authenticating an identity of one of a plurality of principals as an originator of the at least one message, at least one of which digital signatures protects the at least one message from all replay attacks that result in loss of value, and at least one of which digital signatures is computed based on a principal-specific or source-specific secret key. - View Dependent Claims (32)
-
33. An open network payment system for providing for real-time authorization of payment transactions by a financial authorization network external to the network payment system, comprising:
-
a plurality of client computers; and
a payment computer;
the client computers and the payment computer being interconnected by a public packet switched communications network;
each one of the client computers being programmed to construct a payment request message specifying a payment amount to be transferred from a sender to a beneficiary, and to cause the payment request message to be transmitted to the payment computer in at least one message over the public packet switched communications network;
the payment computer being programmed to receive the payment request message and to cause an authorization request to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, to receive an authorization from the financial authorization network, in response to the authorization request, and to transmit an authorization response to the client computer as at least one message over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay attack;
at least one of the messages transmitted over the public packet switched communications network comprising at least one encrypted digest of components that include components derived from the at least one of the messages, at least one of which encrypted digests protects components of the at least one of the messages from forgery, including authenticating an identity of one of a plurality of principals as an originator of the components of the at least one of the messages, at least one of which encrypted digests protects the at least one of the messages from all replay attacks that result in loss of value, and at least one of which encrypted digests is computed based on a principal-specific or source-specific secret key. - View Dependent Claims (34)
-
-
35. A method of providing for real-time authorization of purchase transactions by a financial authorization network external to a public packet switched communications network interconnecting a plurality of client computers and a payment computer, and comprising the steps of:
-
constructing a payment request message at one of the client computers specifying a payment amount to be transferred from a sender to a beneficiary, and causing the payment request message to be transmitted to the payment computer in at least one message over the public packet switched communications network; and
receiving, at the payment computer, the payment request message, and causing an authorization request to be transmitted into the financial authorization network external to the public packet switched communications network, in order to verify that the sender has adequate funds or credit having real monetary value, receiving, at the payment computer, an authorization from the financial authorization network, in response to the authorization request, and transmitting an authorization response from the payment computer to the client computer as at least one message over the public packet switched communications network, conditioned on at least one message transmitted over the public packet switched communications network in connection with the real-time authorization not being a replay attack;
at least one of the messages transmitted over the public packet switched communications network comprising at least one encrypted digest of components that include components derived from the at least one of the messages, at least one of which encrypted digests protects components of the at least one of the messages from forgery, including authenticating an identity of one of a plurality of principals as an originator of the components of the at least one of the messages, at least one of which encrypted digests protects the at least one of the messages from all replay attacks that result in loss of value, and at least one of which encrypted digests is computed based on a principal-specific or source-specific secret key. - View Dependent Claims (36)
-
Specification