Enabling use of smart cards by consumer devices for internet commerce
First Claim
1. A computer program product for enabling use of a smart card by a consumer using a consumer device for trusted transactions in a networking environment in which the consumer'"'"'s device is untrusted and is communicably coupled over a public network to a merchant computer of a merchant and to an issuer computer of an issuer of the smart card and in which the merchant computer communicates with an acquirer computer of an acquirer that is distinct from the issuer and that processes payments for the merchant, the computer program product embodied on one or more computer readable media readable by one or more computing systems in the networking environment and comprising:
- computer-readable program code means for initiating a transaction with the merchant computer from the consumer device; and
computer-readable program code means for providing, directly from the consumer device to the merchant computer, a payment authorization for the transaction, further comprising;
computer-readable program code means for sending, via the consumer device, an authorization request message directly from the smart card to the issuer computer;
computer-readable program code means for obtaining, at the consumer device, an authorization token from an authorization response when the issuer computer is authorizing payment for the transaction, wherein the authorization response is sent directly from the issuer computer to the consumer device, responsive to receiving and processing the authorization request message at the issuer computer; and
computer-readable program code means for including the authorization token thereby signifying the payment authorization, in a payment message which corresponds to the transaction and which is sent directly from the consumer device to the merchant computer; and
computer-readable program code means for verifying, by the merchant computer upon receiving the payment message, that the issuer computer has authorized the payment by authenticating an issuer digital signature on the authorization token, wherein the issuer digital signature was created by the issuer computer using a digital certificate of the issuer, such that the merchant computer does not need to communicate with the issuer computer or the acquirer computer to determine whether the payment is authorized.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, and computer readable code for enabling use of smart cards by consumer devices for Internet commerce. This is achieved by integrating an existing “Integrated Circuit Card Specification for Application Payment Systems” standard (commonly known as the “EMV” standard) with an augmented version of the Four-Party Credit/Debit Payment Protocol which was disclosed in U.S. Pat. No. 6,327,578. The result of the integration allows a consumer to use a smart card from a personal computer system for credit or debit transactions, while preserving the level of security and other features required by the credit card associations and banks. No modifications are required to the existing EMV standard or existing EMV smart cards.
338 Citations
32 Claims
-
1. A computer program product for enabling use of a smart card by a consumer using a consumer device for trusted transactions in a networking environment in which the consumer'"'"'s device is untrusted and is communicably coupled over a public network to a merchant computer of a merchant and to an issuer computer of an issuer of the smart card and in which the merchant computer communicates with an acquirer computer of an acquirer that is distinct from the issuer and that processes payments for the merchant, the computer program product embodied on one or more computer readable media readable by one or more computing systems in the networking environment and comprising:
-
computer-readable program code means for initiating a transaction with the merchant computer from the consumer device; and
computer-readable program code means for providing, directly from the consumer device to the merchant computer, a payment authorization for the transaction, further comprising;
computer-readable program code means for sending, via the consumer device, an authorization request message directly from the smart card to the issuer computer;
computer-readable program code means for obtaining, at the consumer device, an authorization token from an authorization response when the issuer computer is authorizing payment for the transaction, wherein the authorization response is sent directly from the issuer computer to the consumer device, responsive to receiving and processing the authorization request message at the issuer computer; and
computer-readable program code means for including the authorization token thereby signifying the payment authorization, in a payment message which corresponds to the transaction and which is sent directly from the consumer device to the merchant computer; and
computer-readable program code means for verifying, by the merchant computer upon receiving the payment message, that the issuer computer has authorized the payment by authenticating an issuer digital signature on the authorization token, wherein the issuer digital signature was created by the issuer computer using a digital certificate of the issuer, such that the merchant computer does not need to communicate with the issuer computer or the acquirer computer to determine whether the payment is authorized. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for enabling use of a smart card by a consumer using a consumer device for trusted transactions in a networking environment in which the consumer'"'"'s consumer device is untrusted and is communicably coupled over a public network to a merchant computer of a merchant and to an issuer computer of an issuer of the smart card and in which the merchant computer communicates with an acquirer computer of an acquirer that is distinct from the issuer and that processes payments for the merchant, comprising:
-
means for initiating a transaction with the merchant from the consumer device;
means for obtaining, at the consumer device, a payment authorization for the transaction directly from the issuer computer, further comprising;
means for sending a message from the consumer device to the smart card, causing the smart card to use an on-line authorization process whereby the issuer computer must be contacted for authorizing payment for the transaction;
means for receiving, at the consumer device, an authorization request (AR) sent from the smart card responsive to receiving the message from the consumer device, wherein the AR comprises a card account number of the smart card, an amount of the transaction, a date of the transaction, and a serial number of the smart card;
means for creating an augmented authorization request message by augmenting a payment initiation message, received for the transaction by the consumer device from the merchant computer, with the AR;
means for sending the augmented authorization request message directly from the consumer device to the issuer computer;
means for receiving the sent augmented authorization request message at the issuer computer;
means operable at the issuer computer, responsive to the means for receiving the sent augmented authorization request message, for creating an authorization token for the transaction when the issuer computer is authorizing payment for the transaction;
means for sending the authorization token from the issuer computer directly to the consumer device as the payment authorization; and
means for receiving the sent authorization token at the consumer device;
means for including the authorization token as the payment authorization in a payment message which corresponds to the transaction and which is sent directly from the consumer device to the merchant computer; and
means for authenticating, by the merchant computer, an issuer digital signature in the payment message, wherein the issuer digital signature was created by the issuer computer over the payment authorization using a digital certificate of the issuer, such that the merchant computer does not to communicate with the issuer computer or the acquirer computer to determine whether the payment is authorized. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for enabling use of a smart card by a consumer using a consumer device for trusted transactions in a networking environment in which the consumer'"'"'s consumer device is untrusted and is communicably coupled over a public network to a merchant computer of a merchant and to an issuer computer of an issuer of the smart card and in which the merchant computer communicates with an acquirer computer of an acquirer that is distinct from the issuer and that processes payments for the merchant, comprising the steps of:
-
initiating a transaction with the merchant computer from the consumer device;
obtaining, at the consumer device, an authorization token from an authorization response when the issuer computer is authorizing payment for the transaction, wherein the authorization response is sent directly from the issuer computer to the consumer device;
including the authorization token, thereby signifying that payment for the transaction is authorized, in a payment message which corresponds to the transaction and which is sent directly from the consumer device to the merchant computer; and
verifying, by the merchant computer upon receiving the payment message, that the issuer computer has authorized the payment by authenticating an issuer digital signature on the authorization token, wherein the issuer digital signature was created by the issuer computer using a digital certificate of the issuer, such that the merchant computer does not need to communicate with the issuer computer the acquirer computer to determine whether the payment is authorized. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method for using smart cards to perform trusted transactions with untrusted computing devices in a public networking environment, comprising the steps of:
-
providing a smart card reader function for an untrusted computing device;
initiating, by a user of the computing device, a transaction with a merchant;
reading a selected smart card with the smart card reader function, wherein the selected smart card is to be used for a debit or credit of the transaction;
receiving merchant information from a computer of the merchant, responsive to the initiating step, wherein the merchant information comprising an identification of the merchant and a merchant digital signature;
causing the computing device to send the merchant information along with authorization information pertaining to the smart card and the transaction directly to an issuer computer of an issuer of the smart card, wherein the authorization information comprises an amount of the transaction, an account number to use for the debit or credit or a reference to the account number, a date of the transaction, and a serial number of the smart card, verifying, by the issuer computer, the merchant digital signature;
determining, by the issuer computer, whether to authorize the transaction using the authorization initiation;
returning an authorization token from the issuer computer to the computing device if the determining has a positive result, wherein the authorization token comprises the authorization information and the merchant information and wherein the authorization token is digitally signed by the issuer computer;
forwarding the authorization token from the computing device to the smart card;
creating, by the smart card, a transaction completion indication if the authorization token is acceptable to the smart card;
forwarding the transaction completion indication and authorization token through the computing device to the merchant computer, thereby signifying that a payment for the transaction is authorized;
receiving, by the merchant computer, the transaction completion indication and authorization token; and
accepting the transaction, by the merchant, if the issuer'"'"'s digital signature of the authorization token is successfully verified, thereby avoiding a need for the merchant, or an acquirer that process payments for the merchant, to contact the issuer to determine whether payment for the transaction is authorized. - View Dependent Claims (32)
-
Specification