Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet

US 6,834,271 B1
Filed: 11/29/1999
Issued: 12/21/2004
Est. Priority Date: 09/24/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of transacting a secure purchase via the Internet, comprising:

browsing a merchant web site by a user;

selecting an item to purchase on the merchant web site;

sending, from the merchant web site to a user computer, information with an embedded application which communicates with a PIN/PAD and instructs the user as needed using a dynamic HTML page;

creating an encrypted PIN block using a unique session key;

building an order from the merchant web site including purchase information and the encrypted PIN block to form a data block and further encrypting the data block to form an encrypted payment block;

forwarding the encrypted payment block directly to a secure host over the Internet;

decrypting the encrypted payment block by the secure host;

routing a decrypted payment block formatted for use by a bank system;

proceeding with the order if the secure host receives from the bank system a bank authorization for the purchase, and if no authorization is received, then canceling the purchase;

forwarding the authorization to the merchant web site over the Internet; and

sending an indication of a completion of the purchase to the user over the Internet, wherein the dynamic HTML page is a JAVA script with hidden fields.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to a combination software and/or hardware system that provides consumers and merchants with a secure method for making and accepting credit card and ATM card payments over the Internet. Using various software and/or hardware implementations, the system operates by:

1) creating (at the consumer'"'"'s Internet access device) a Data Encryption Standard (DES) encrypted Personal Identification Number (PIN) Block meeting American National Standards Institute (ANSI) X9.8 and Automatic Teller Machine (ATM) network requirements (as a result of the consumer entering their PIN number and encryption automatically taking place);

2) using additional layer(s) of encryption (also performed at the consumer'"'"'s Internet access device) to place the PIN block and card information in a public key/private key encrypted financial payment transaction data block (“FP Block”);

3) transmitting the FP Block to the merchant, along with any necessary product or service order information, which may be transmitted over the Internet encrypted or in the clear according to the implementation method chosen by the system software at the merchant'"'"'s web site;

4) software at the merchant location then forwards the FP Block to a secure transaction management system, where the FP Block is decrypted using a decryption algorithm matching that used by the software at the consumer'"'"'s Internet access device. The financial data is then re-formatted for transmission to the appropriate transaction processing network, and forwarded to the payment service processor accordingly. The present invention is independent of the encryption algorithm(s) used, and may be implemented with any number of encryption algorithms.

Citations

29 Claims

1. A method of transacting a secure purchase via the Internet, comprising:
- browsing a merchant web site by a user;
  
  selecting an item to purchase on the merchant web site;
  
  sending, from the merchant web site to a user computer, information with an embedded application which communicates with a PIN/PAD and instructs the user as needed using a dynamic HTML page;
  
  creating an encrypted PIN block using a unique session key;
  
  building an order from the merchant web site including purchase information and the encrypted PIN block to form a data block and further encrypting the data block to form an encrypted payment block;
  
  forwarding the encrypted payment block directly to a secure host over the Internet;
  
  decrypting the encrypted payment block by the secure host;
  
  routing a decrypted payment block formatted for use by a bank system;
  
  proceeding with the order if the secure host receives from the bank system a bank authorization for the purchase, and if no authorization is received, then canceling the purchase;
  
  forwarding the authorization to the merchant web site over the Internet; and
  
  sending an indication of a completion of the purchase to the user over the Internet, wherein the dynamic HTML page is a JAVA script with hidden fields.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the encrypted PIN block is encrypted to a DES standard.
  - 3. The method of claim 1, wherein the further encryption is a public/private key encryption.
  - 4. The method of claim 1, wherein said forwarding step forwards the encrypted payment block over the Internet.
  - 5. The method of claim 1, wherein said creating step is performed using a PIN/PAD.
  - 6. The method of claim 1, wherein the decrypted payment block is encrypted into a DES encrypted block.
  - 7. The method of claim 6, comprising reformatting for transmission the DES encrypted payment block to the bank system.
  - 8. The method of claim 7, comprising decrypting the DES encrypted payment block at the bank system.
  - 9. The method of claim 1, comprising instructing a PIN/PAD to deliver the encrypted PIN block and routing the PIN block to the secure host.
  - 10. The method of claim 1, comprising providing a working key to the PIN/PAD.
  - 11. The method of claim 1, wherein the method meets current network ATM network standards.

12. A system for transacting a secure purchase via the Internet, comprising:
- a consumer Internet access device having a merchant response software plug-in loaded into a web browser residing thereon for building an order using a dynamic HTML page;
  
  a PIN/PAD operatively connected to said consumer Internet access device for entering a consumer PIN and for including a unique session key;
  
  a merchant server having a merchant response software residing thereon for recording information about consumer transactions with the merchant server; and
  
  a secure transaction management server which receives the PIN directly from the consumer Internet access device having a merchant response software residing thereon for forwarding the PIN to a bank system and sending an authorization from the bank system to the merchant server and the consumer Internet access drive, wherein the dynamic HTML page is a JAVA script with hidden fields.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The system of claim 12, comprising entering a personal identification number (PIN) on a PIN/PAD.
  - 14. The system of claim 12, wherein the PIN block is encrypted using data encryption standard (DES) encryption.
  - 15. The system of claim 12, wherein the consumer identification device is a PIN/PAD.
  - 16. The system of claim 12, wherein the method meets current network ATM network standards.

17. A method of transacting a secure purchase via the Internet, comprising:
- browsing a merchant web site by a user;
  
  selecting an item to purchase on the merchant web site;
  
  sending, from the merchant web site to a user computer, information with an embedded application which communicates with a PIN/PAD and instructs the user as needed using a dynamic HTML page;
  
  entering a consumer identification using an identification device;
  
  building an order from the merchant web site including purchase information and the consumer identification to form a data block using a unique session key and further encrypting the data block to form an encrypted payment block;
  
  forwarding the encrypted payment bock directly to a secure host over the Internet;
  
  decrypting the encrypted payment block by the secure host;
  
  routing a decrypted payment block formatted for use by a bank system;
  
  proceeding with the order if the secure host receives from the bank system a bank authorization for the purchase, and if no authorization is received, then canceling the purchase;
  
  forwarding the authorization to the merchant web site; and
  
  sending an indication of a completion of the purchase to the user, wherein the dynamic HTML page is a JAVA script with hidden fields.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 18. The method of claim 17, wherein the consumer identification device is a PIN/PAD.
  - 19. The method of claim 18, wherein consumer identification is encoded into an encrypted PIN block which is encrypted to a DES standard.
  - 20. The method of claim 19, herein the further encryption is a public/private key encryption.
  - 21. The method of claim 19, wherein the decrypted is encrypted into a DES encrypted block.
  - 22. The method of claim 21, comprising reformatting for transmission the DES encrypted payment block to the bank system.
  - 23. The method of claim 22, comprising decrypting the DES encrypted payment block at the bank system.
  - 24. The method of claim 17, wherein said forwarding step forwards an encrypted payment block over the Internet.
  - 25. The method of claim 17, wherein said entering step is performed using a PIN/PAD.
  - 26. The method of claim 17, comprising instructing a PIN/PAD to deliver the encrypted PIN block and routing the PIN block to the secure host.
  - 27. The method of claim 17, wherein the embedded application is a JAVA script.
  - 28. The method of claim 17, comprising providing a working key to the PIN/PAD.

29. A system for transacting a secure purchase via the Internet, comprising:
- a consumer Internet access device having a merchant response software plug-in loaded into a web browser residing thereon for building an order using a dynamic HTML page;
  
  a consumer identification device operatively connected to said consumer Internet access device for entering a consumer identification and for including a unique session key;
  
  a merchant server having a merchant response software residing thereon for recording information about consumer transactions with the merchant server which the merchant server receives directly from the consumer Internet access device; and
  
  a secure transaction management server having a merchant response software residing thereof for forwarding the consumer identification to a bank system and sending an authorization from the bank system to the merchant server and the consumer Internet access drive, wherein the dynamic HTML page is a JAVA script with hidden fields.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
4361423 Canada Incorporated
Original Assignee
Kryptosima
Inventors
Hodgson, Robert B., Hargens, Harry
Primary Examiner(s)
Trammell, James P.
Assistant Examiner(s)
Worjloh, Jalatee

Application Number

US09/450,996
Time in Patent Office

1,849 Days
Field of Search

705/72, 705/26, 705/27, 705/64-79
US Class Current

705/72
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/12   specially adapted for elect...

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/401   Transaction verification

G06Q 20/4012   Verifying personal identifi...

G07F 19/20   Automatic teller machines [...

G07F 19/206   Software aspects at ATMs

G07F 19/211   Software architecture withi...

Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links