Internet payment system using smart card
First Claim
1. A network payment system for transacting a sale of merchandise over a network using a stored-value card, said network payment system comprising:
- a router for routing communication between entities attached to said network;
a merchant server in communication with said network, said merchant server having at least a first item of merchandise for sale;
a client terminal in communication with said network, said client terminal including a card reader for communicating with said stored-value card, an output device for reviewing said first item for sale, and an input device for initiating a purchase transaction to purchase said first item for sale, said client terminal being arranged to build a purchase message using information obtained from said stored-value card, said stored-value card being arranged to debit itself upon receiving a debit command from a security card; and
a payment server in communication with said network, said payment server including an interface for communicating with said security card and being arranged to receive said purchase message including an indication of said purchase transaction and to transmit a confirmation message to said merchant server over said network, said security card being arranged to create said debit command intended for said stored-value card, whereby said merchant server is authorized to release said item of merchandise to a user associated with said stored-value card.
1 Assignment
0 Petitions
Accused Products
Abstract
An architecture and system uses a smart card for payment of goods and/or services purchased on-line over the Internet. A client server on a client terminal controls the interaction with a consumer and interfaces to a card reader which accepts the consumer'"'"'s smart card. A payment server on the Internet includes a computer and terminals that contain security cards to handle the transaction, data store and collection. Also connected over the Internet is a merchant server advertising the goods and/or services offered by a merchant for sale on a web site. The merchant contracts with an acquirer to accept smart card payments for goods and/or services purchased over the Internet. A consumer uses his smart card at the client terminal in order to purchase goods and/or services from the remote merchant server. The Internet provides the routing functionality between the client terminal, merchant server and payment server. The client terminal emulates a security card in interacting with the smart card, and the responses received are grouped together and sent as a draw request message to the payment server. The payment server then emulates the smart card in an interaction with the security card. The security card delivers the expected smart card signature to the payment server and/or on to the client terminal or merchant server to reduce message traffic between the entities on the network. The comparison of the smart card signature to an expected value can occur at any location. Encryption is used for security.
-
Citations
57 Claims
-
1. A network payment system for transacting a sale of merchandise over a network using a stored-value card, said network payment system comprising:
-
a router for routing communication between entities attached to said network;
a merchant server in communication with said network, said merchant server having at least a first item of merchandise for sale;
a client terminal in communication with said network, said client terminal including a card reader for communicating with said stored-value card, an output device for reviewing said first item for sale, and an input device for initiating a purchase transaction to purchase said first item for sale, said client terminal being arranged to build a purchase message using information obtained from said stored-value card, said stored-value card being arranged to debit itself upon receiving a debit command from a security card; and
a payment server in communication with said network, said payment server including an interface for communicating with said security card and being arranged to receive said purchase message including an indication of said purchase transaction and to transmit a confirmation message to said merchant server over said network, said security card being arranged to create said debit command intended for said stored-value card, whereby said merchant server is authorized to release said item of merchandise to a user associated with said stored-value card. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
a clearing and administration system for reconciling a plurality of transactions over said network.
-
-
5. A network payment system as recited in claim 1 wherein said client terminal further includes a command emulator for emulating security card commands that are sent to said stored-value card and for grouping responses to said security card commands into a draw request message to be sent to said payment server, and said payment server includes a response emulator for emulating responses from said stored-value card that are sent to said security card.
-
6. A network payment system as recited in claim 1 wherein said payment server includes a comparator for comparing a stored-valued card signature received from said stored-value card with an expected signature received from said security card to confirm a transaction, whereby the message traffic between said payment server and said security card is reduced.
-
7. A network payment system as recited in claim 1 wherein said client terminal includes a comparator for comparing a stored-valued card signature received from said stored-value card with an expected signature from said security card received via said payment server to confirm a transaction, whereby message traffic between said payment server and said client terminal, and between said payment server and said security card is reduced.
-
8. A network payment system as recited in claim 1 wherein said merchant server includes a comparator for comparing a stored-valued card signature received from said stored-value card with an expected signature from said security card received via said payment server, whereby a transaction is confirmed and whereby message traffic from said payment server, and between said payment server and said security card is reduced.
-
9. A network payment system as recited in claim 1 further comprising:
-
a draw request encryption apparatus for providing an encrypted draw request message to said payment server from said client terminal;
a key encryption apparatus for providing a key to decrypt said encrypted draw request message to said payment server without sending said key in the clear to said payment server; and
a confirmation encryption apparatus for providing an encrypted transaction confirmation message to said merchant server from said payment server that is encrypted by a key shared between said merchant server and said payment server.
-
-
10. A computer-implemented method of selling merchandise over a network using a merchant server, said merchandise for purchase by a user with a stored-value card, said method comprising:
-
establishing communication between said merchant server and a client over said network;
receiving a request from said client to purchase an item available from said merchant server;
transmitting to said client a purchase amount of said item so that said client may build a draw request message using information obtained from a stored-value card and debit said stored-value card associated with said client by said amount upon receiving a debit command from a security card;
transmitting said amount, a transaction identifier and a merchant identifier to a payment server connected to said network, said payment server being associated with said security card that creates a debit command intended for said stored-value card and secures the purchase of said item, said transaction identifier uniquely identifying the purchase of said item and said merchant identifier uniquely identifying said merchant server to said payment server; and
confirming said purchase of said item to said merchant server, whereby said merchant server is informed that said purchase of said item is a success and said merchant server may release said item to said user associated with said stored-value card. - View Dependent Claims (11, 12, 13, 14, 15, 16)
receiving a raw signature from said stored-value card associated with said client;
receiving an expected signature of said stored-value card that originates with a said security card associated with said payment server; and
comparing said raw signature to said expected signature, whereby message traffic between said payment server and said client terminal, and between said payment server and said security card is reduced.
-
-
15. A method as recited in claim 10 further comprising:
-
transmitting a first key to said client for encrypting a draw request message to be sent to said payment server from said client terminal;
providing said first key to decrypt said encrypted draw request message to said payment server without sending said first key in the clear to said payment server; and
receiving an encrypted transaction confirmation message from said payment server that is encrypted by a second key shared between said merchant server and said payment server.
-
-
16. A method as recited in claim 10 wherein said step of transmitting said purchase amount and said confirming step are routed through said client to provide communication between said merchant server and said payment server.
-
17. A computer-implemented method of transacting a sale of merchandise over a network using a client terminal in association with a stored-value card, said method comprising:
-
transmitting over said network a request from said client terminal to purchase an item available from said merchant server;
receiving from said merchant server an amount of a cost of said item;
building a draw request message using information obtained from said stored-value card;
sending said draw request message to a payment server connected to said network so that said draw request may be processed by a security card associated with said payment server;
receiving a debit command from said payment server, said debit command having been created by said security card;
debiting said stored-value card associated with said client terminal by said amount in response to said debit command; and
sending confirmation information to said merchant server, whereby said merchant server is informed that said sale of said item is a success and said merchant server may release said item to a user associated with said stored-value card. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
emulating security card commands that are sent to said stored-value card associated with said client terminal; and
grouping responses to said security card commands into said draw request message so that said responses may be sent as a group to said payment server to reduce network traffic between said payment server and said client terminal.
-
-
20. A method as recited in claim 17 wherein said confirmation information includes an encrypted confirmation message unreadable by said client terminal, said method further comprising:
receiving said encrypted confirmation message from said payment server.
-
21. A method as recited in claim 17 wherein said confirmation information includes a confirmation message, said method further comprising:
-
receiving an expected stored-value card signature from said security card via said payment server;
receiving an actual stored-value card signature from said stored-value card;
comparing said actual stored-valued card signature received from said stored-value card with said expected stored-value card signature from said security card; and
generating said confirmation message for transmission to said merchant server, whereby message traffic between said payment server and said client terminal, and between said payment server and said security card is reduced.
-
-
22. A method as recited in claim 17 further comprising:
-
receiving an encrypted stored-value card signature from said security card via said payment server that is unreadable by said client terminal;
receiving a raw stored-value card signature from said stored-value card; and
transmitting to said merchant server as said confirmation information said encrypted stored-value card signature and said raw stored-value card signature for comparison by said merchant server, whereby message traffic between said payment server and said client terminal, and between said payment server and said security card is reduced.
-
-
23. A method as recited in claim 17 further comprising:
-
receiving a key from said merchant server for encrypting said draw request message to be sent to said payment server;
receiving an encrypted version of said key that is unreadable by said client terminal, said key being encrypted using a shared key that is known to said payment server and to said merchant server; and
sending said encrypted version of said key to said payment server without sending said key in the clear to said payment server, whereby said payment server may decrypt and obtain said key to decrypt said draw request message.
-
-
24. A method as recited in claim 17 further comprising:
-
receiving a security card signature for validating said security card to said stored-value card, said security card signature being received in the same message from said payment server as said debit command; and
receiving an expected stored-value card signature for comparison to an actual stored-value card signature, said expected stored-value card signature being received in the same message from said payment server as said debit command, whereby message traffic between said payment server and said client terminal, and between said payment server and said security card is reduced.
-
-
25. A computer-implemented method of managing a transaction between a client terminal and a merchant server connected over a network, said transaction being managed by a payment server also connected to said network, said method comprising:
-
receiving a draw request over said network, said draw request including an amount indicative of a cost of an item available from said merchant server, a transaction identifier uniquely identifying the purchase of said item, and a merchant identifier uniquely identifying said merchant server to said payment server, said draw request having been built using information obtained from a stored-value card associated with said client terminal;
sending said draw request to a security card associated with said payment server so that said draw request may be processed by said security card;
receiving a debit command from said security card;
sending said debit command from said payment server destined to said client terminal over said network so that said stored-value card associated with said client terminal may be debited by said amount; and
a confirmation step for performing the function of confirming said purchase of said item to said merchant server, whereby said merchant server is informed that said purchase of said item is a success and said merchant server may release said item to a user associated with said stored-value card. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
sending transaction information regarding said sale of said item to a clearing and administration system for reconciling said sale.
-
-
28. A method as recited in claim 25 further comprising:
-
receiving as part of said draw request responses from said stored-value card to security card commands that have been emulated by said client terminal; and
emulating said stored-value card responses in an interaction with said security card to receive responses from said security card, whereby network traffic between said payment server and said client terminal is reduced.
-
-
29. A method as recited in claim 25 wherein said confirmation step includes the sub-steps of:
-
receiving a signature from said stored-value card associated with said client terminal;
sending said signature to said security card;
receiving a transaction OK message from said security card; and
sending a confirmation message destined for said merchant server.
-
-
30. A method as recited in claim 25 wherein said confirmation step includes the sub-steps of:
-
receiving a signature from said stored-value card associated with said client terminal;
comparing said received signature with an expected signature received from said security card; and
sending a confirmation message destined for said merchant server, whereby message traffic between said security card and said payment server is reduced.
-
-
31. A method as recited in claim 25 wherein said confirmation step includes the sub-steps of:
-
receiving an expected signature of said stored-value card from said security card; and
sending said expected signature to said client terminal so that said client terminal may compare said expected signature to an actual signature of said stored-value card, whereby message traffic between said security card and said payment server, and between said client terminal and said payment server is reduced.
-
-
32. A method as recited in claim 25 wherein said confirmation step includes the sub-steps of:
-
receiving an expected signature of said stored-value card from said security card;
encrypting said expected signature so as to be unreadable by said client terminal; and
sending said encrypted expected signature to said client terminal for resending to said merchant server so that said merchant server may compare said expected signature to an actual signature of said stored-value card, whereby message traffic between said security card and said payment server, and between said client terminal and said payment server is reduced.
-
-
33. A method as recited in claim 25 further comprising:
-
receiving said draw request message that is encrypted with a session key;
receiving an encrypted version of said session key, said session key being encrypted using a shared key that is known to said payment server and to said merchant server; and
decrypting said session key using said shared key, whereby said payment server may decrypt said draw request message using said session key.
-
-
34. A method as recited in claim 25 further comprising:
-
sending a security card signature for validating said security card, said security card signature being sent in the same message destined to said client terminal as said debit command; and
sending an expected stored-value card signature for comparison to an actual stored-value card signature, said expected stored-value card signature being sent in the same message destined to said client terminal as said debit command, whereby message traffic between said payment server and said client terminal, and between said payment server and said security card is reduced.
-
-
35. A method as recited in claim 25 wherein said steps of receiving a draw request, sending said debit command and said confirmation step are routed through said client terminal to reduce network traffic.
-
36. A computer-implemented method of interacting with a stored-value card by a client terminal to facilitate the sale of an item of merchandise over a network, said method comprising:
-
receiving a purchase amount for said item of merchandise from a merchant server connected to said network;
emulating a plurality of security card commands that are sent to said stored-value card associated with said client terminal;
receiving a plurality of responses to said security card commands from said stored-value card;
grouping said responses to said security card commands from said stored-value card together with said purchase amount to form a draw request message; and
sending said draw request message to a payment server over said network so that said draw request may be processed by a security card associated with said payment server to facilitate said sale of merchandise over said network, whereby network traffic between said payment server and said client terminal is reduced. - View Dependent Claims (37, 38, 39, 40, 41, 42)
receiving an encrypted confirmation message from said payment server that is unreadable by said client terminal; and
sending said encrypted confirmation message to said merchant server, whereby said merchant server is informed that said sale of merchandise is a success and said merchant server may release said merchandise to a user associated with said stored-value card.
-
-
39. A method as recited in claim 36 further comprising:
-
receiving an expected stored-value card signature from said security card via said payment server;
receiving an actual stored-value card signature from said stored-value card;
comparing said actual stored-valued card signature received from said stored-value card with said expected stored-value card signature from said security card; and
generating a confirmation message for transmission to said merchant server, whereby message traffic between said payment server and said client terminal, and between said payment server and said security card is reduced, and whereby said merchant server is informed that said sale of merchandise is a success and said merchant server may release said merchandise to a user associated with said stored-value card.
-
-
40. A method as recited in claim 36 further comprising:
-
receiving an encrypted stored-value card signature from said security card via said payment server that is unreadable by said client terminal;
receiving a raw stored-value card signature from said stored-value card; and
transmitting to said merchant server said encrypted stored-value card signature and said raw stored-value card signature for comparison by said merchant server, whereby message traffic between said payment server and said client terminal, and between said payment server and said security card is reduced, and whereby said merchant server may be informed that said sale of merchandise is a success and said merchant server may release said merchandise to a user associated with said stored-value card.
-
-
41. A method as recited in claim 36 further comprising:
-
receiving a key from said merchant server for encrypting said draw request message to be sent to said payment server;
receiving an encrypted version of said key that is unreadable by said client terminal, said key being encrypted using a shared key that is known to said payment server and to said merchant server; and
sending said encrypted version of said key to said payment server without sending said key in the clear to said payment server, whereby said payment server may decrypt and obtain said key to decrypt said draw request message.
-
-
42. A method as recited in claim 36 further comprising:
-
receiving a debit command from said payment server destined for said stored-value card, said debit command being generated by said security card;
receiving a security card signature for validating said security card to said stored-value card, said security card signature being received in the same message from said payment server as said debit command; and
receiving an expected stored-value card signature for comparison to an actual stored-value card signature, said expected stored-value card signature being received in the same message from said payment server as said debit command, whereby message traffic between said payment server and said client terminal, and between said payment server and said security card is reduced.
-
-
43. A computer-implemented method of interacting with a security card to facilitate the sale of merchandise over a network, said method comprising:
-
receiving a draw request message from a client terminal over said network, said draw request message including a plurality of responses from a stored-value card generated in response to emulation of security card commands, and also including a purchase amount for said merchandise, whereby network traffic between said payment server and said client terminal is reduced;
emulating said stored-value card responses in an interaction with said security card associated with said payment server;
receiving a plurality of security card responses from said security card in response to said emulation; and
sending a debit command destined to said client terminal over said network so that said debit command may be processed by said stored-value card associated with said client terminal to facilitate said sale of merchandise. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50)
sending transaction information regarding said sale of merchandise to a clearing and administration system for reconciling said sale with said merchant server.
-
-
46. A method as recited in claim 43 further comprising:
a confirmation step for performing the function of confirming said sale of merchandise to said merchant server, whereby said merchant server is informed that said sale of said item is a success and said merchant server may release said merchandise to a user associated with said stored-value card.
-
47. A method as recited in claim 43 further comprising:
-
receiving a debit command from said security card;
receiving a security card signature from said security card along with said debit command; and
receiving an expected stored-value card signature from said security card along with said debit command, whereby message traffic between said payment server and said security card is reduced and said security card may be released sooner.
-
-
48. A method as recited in claim 43 further comprising:
-
receiving said draw request message that is encrypted with a session key;
receiving an encrypted version of said session key, said session key being encrypted using a shared key that is known to said payment server and to said merchant server; and
decrypting said session key using said shared key, whereby said payment server may decrypt said draw request message using said session key.
-
-
49. A method as recited in claim 43 further comprising:
-
sending a security card signature for validating said security card, said security card signature being sent in the same message destined to said client terminal as said debit command; and
sending an expected stored-value card signature for comparison to an actual stored-value card signature, said expected stored-value card signature being sent in the same message destined to said client terminal as said debit command, whereby message traffic between said payment server and said client terminal, and between said payment server and said security card is reduced.
-
-
50. A method as recited in claim 43 wherein said steps of receiving a draw request and sending a debit command are routed through said client terminal to reduce network traffic.
-
51. A computer-implemented method of selling merchandise over a network using a merchant server, said merchandise for purchase by a user with a stored-value card, said method comprising:
-
establishing communication between said merchant server and a client over said network;
receiving a request from said client to purchase an item available from said merchant server;
transmitting to said client a purchase amount of said item so that said client may build a draw request message using information obtained from a stored-value card and debit said stored-value card associated with said client by said amount upon receiving a debit command from a security card;
transmitting said amount, a transaction identifier and a merchant identifier to a payment server connected to said network, said payment server being associated with said security card that creates said debit command intended for said stored-value card and secures the purchase of said item, said transaction identifier uniquely identifying the purchase of said item and said merchant identifier uniquely identifying said merchant server to said payment server; and
a confirmation step for performing the function of confirming said purchase of said item to said merchant server, whereby said merchant server is informed that said sale of said item is a success and said merchant server may release said item to said user associated with said stored-value card.
-
-
52. A network payment system for authenticating a user over a network using a stored-value card, said network payment system comprising:
-
a router for routing communication between entities attached to said network;
a web server in communication with said network, said web server presenting benefits available for redemption in exchange for points associated with said user;
a client terminal in communication with said network, said client terminal including a card reader for communicating with said stored-value card, an output device for reviewing said benefits, and an input device for initiating a redemption transaction to redeem points for one of said benefits, said client terminal being arranged to build a redemption message using information obtained from said stored-value card, said stored-value card being arranged to debit points from itself upon receiving a points debit command from a security card; and
an authentication server in communication with said network, said authentication server including an interface for communicating with said security card and being arranged to receive said redemption message including an indication of said redemption transaction and to transmit an authentication message to said web server over said network, said security card being arranged to create said points debit command intended for said stored-value card, whereby said web server is authorized to release one of said benefits to a user associated with said stored-value card. - View Dependent Claims (54, 55)
-
-
53. A computer-implemented method of authenticating a user over a network using a stored-value card, said method comprising:
-
establishing communication between a web server and a client over said network, said client in communication with a stored value card of a user;
receiving a request from said client to redeem points associated with said user for a benefit presented on said web server;
transmitting to said client a points redemption amount so that said client may build a redemption request message using information obtained from a stored-value card and debit said stored-value card associated with said client by said points redemption amount upon receiving a points debit command from a security card;
transmitting said points redemption amount, a transaction identifier and a web server identifier to an authentication server connected to said network, said authentication server being associated with said security card that creates said points debit command intended for said stored-value card, said transaction identifier uniquely identifying said redemption request message and said web server identifier uniquely identifying said web server to said authentication server; and
an authentication step for performing the function of authenticating said user to said web server, whereby said web server is informed that said user is authorized to redeem said points redemption amount for said benefit and said web server may release said benefit to said user. - View Dependent Claims (56, 57)
debiting said points from said stored-value card of said user; and
wherein said authentication step authenticates said user by confirming that said points have been debited from said stored-value card.
-
Specification