Apparatus for and method of secure ATM debit card and credit card payment transactions via the internet
First Claim
1. A method of transacting a secure purchase via the Internet, comprising:
- browsing a merchant web site by a user;
selecting an item to purchase on the merchant web site;
sending, from the merchant web site to a user computer, information with an embedded application which communicates with a PIN/PAD and instructs the user as needed using a dynamic HTML page;
creating an encrypted PIN block using a unique session key;
building an order from the merchant web site including purchase information and the encrypted PIN block to form a data block and further encrypting the data block to form an encrypted payment block;
forwarding the encrypted payment block directly to a secure host over the Internet;
decrypting the encrypted payment block by the secure host;
routing a decrypted payment block formatted for use by a bank system;
proceeding with the order if the secure host receives from the bank system a bank authorization for the purchase, and if no authorization is received, then canceling the purchase;
forwarding the authorization to the merchant web site over the Internet; and
sending an indication of a completion of the purchase to the user over the Internet, wherein the dynamic HTML page is a JAVA script with hidden fields.
6 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to a combination software and/or hardware system that provides consumers and merchants with a secure method for making and accepting credit card and ATM card payments over the Internet. Using various software and/or hardware implementations, the system operates by:
1) creating (at the consumer'"'"'s Internet access device) a Data Encryption Standard (DES) encrypted Personal Identification Number (PIN) Block meeting American National Standards Institute (ANSI) X9.8 and Automatic Teller Machine (ATM) network requirements (as a result of the consumer entering their PIN number and encryption automatically taking place);
2) using additional layer(s) of encryption (also performed at the consumer'"'"'s Internet access device) to place the PIN block and card information in a public key/private key encrypted financial payment transaction data block (“FP Block”);
3) transmitting the FP Block to the merchant, along with any necessary product or service order information, which may be transmitted over the Internet encrypted or in the clear according to the implementation method chosen by the system software at the merchant'"'"'s web site;
4) software at the merchant location then forwards the FP Block to a secure transaction management system, where the FP Block is decrypted using a decryption algorithm matching that used by the software at the consumer'"'"'s Internet access device. The financial data is then re-formatted for transmission to the appropriate transaction processing network, and forwarded to the payment service processor accordingly. The present invention is independent of the encryption algorithm(s) used, and may be implemented with any number of encryption algorithms.
-
Citations
29 Claims
-
1. A method of transacting a secure purchase via the Internet, comprising:
-
browsing a merchant web site by a user;
selecting an item to purchase on the merchant web site;
sending, from the merchant web site to a user computer, information with an embedded application which communicates with a PIN/PAD and instructs the user as needed using a dynamic HTML page;
creating an encrypted PIN block using a unique session key;
building an order from the merchant web site including purchase information and the encrypted PIN block to form a data block and further encrypting the data block to form an encrypted payment block;
forwarding the encrypted payment block directly to a secure host over the Internet;
decrypting the encrypted payment block by the secure host;
routing a decrypted payment block formatted for use by a bank system;
proceeding with the order if the secure host receives from the bank system a bank authorization for the purchase, and if no authorization is received, then canceling the purchase;
forwarding the authorization to the merchant web site over the Internet; and
sending an indication of a completion of the purchase to the user over the Internet, wherein the dynamic HTML page is a JAVA script with hidden fields. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for transacting a secure purchase via the Internet, comprising:
-
a consumer Internet access device having a merchant response software plug-in loaded into a web browser residing thereon for building an order using a dynamic HTML page;
a PIN/PAD operatively connected to said consumer Internet access device for entering a consumer PIN and for including a unique session key;
a merchant server having a merchant response software residing thereon for recording information about consumer transactions with the merchant server; and
a secure transaction management server which receives the PIN directly from the consumer Internet access device having a merchant response software residing thereon for forwarding the PIN to a bank system and sending an authorization from the bank system to the merchant server and the consumer Internet access drive, wherein the dynamic HTML page is a JAVA script with hidden fields. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method of transacting a secure purchase via the Internet, comprising:
-
browsing a merchant web site by a user;
selecting an item to purchase on the merchant web site;
sending, from the merchant web site to a user computer, information with an embedded application which communicates with a PIN/PAD and instructs the user as needed using a dynamic HTML page;
entering a consumer identification using an identification device;
building an order from the merchant web site including purchase information and the consumer identification to form a data block using a unique session key and further encrypting the data block to form an encrypted payment block;
forwarding the encrypted payment bock directly to a secure host over the Internet;
decrypting the encrypted payment block by the secure host;
routing a decrypted payment block formatted for use by a bank system;
proceeding with the order if the secure host receives from the bank system a bank authorization for the purchase, and if no authorization is received, then canceling the purchase;
forwarding the authorization to the merchant web site; and
sending an indication of a completion of the purchase to the user, wherein the dynamic HTML page is a JAVA script with hidden fields. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for transacting a secure purchase via the Internet, comprising:
-
a consumer Internet access device having a merchant response software plug-in loaded into a web browser residing thereon for building an order using a dynamic HTML page;
a consumer identification device operatively connected to said consumer Internet access device for entering a consumer identification and for including a unique session key;
a merchant server having a merchant response software residing thereon for recording information about consumer transactions with the merchant server which the merchant server receives directly from the consumer Internet access device; and
a secure transaction management server having a merchant response software residing thereof for forwarding the consumer identification to a bank system and sending an authorization from the bank system to the merchant server and the consumer Internet access drive, wherein the dynamic HTML page is a JAVA script with hidden fields.
-
Specification