System and method for securing transactions in a contact center environment

US 7,287,692 B1
Filed: 07/28/2004
Issued: 10/30/2007
Est. Priority Date: 07/28/2004
Status: Active Grant

First Claim

Patent Images

1. A method for protecting confidential user information employed in an electronic user transaction comprising:

initiating a user transaction in an electronic transactional system employing confidential user information of a user;

associating with the confidential user information a limited-use indicator indicating a limited use of the confidential user information to produce an authorization indicator;

transmitting the authorization indicator to a recipient for use in conducting the user transaction;

receiving an agent identifier of a contact center agent, wherein the agent identifier is provided by a provider to a user device;

communicating, by the user device to the provider, the agent identifier and the confidential user information; and

transmitting the authorization indicator to the provider for verifying whether the limited use is met and whether the transaction should therefore be authorized in accordance with the limited use.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for protecting confidential user information employed in an electronic transaction. The system and method provide for associating an expiration time/time period, use or other use-limiting authorization indicator with a credit card or other user information to be transferred to a user information recipient, in conjunction with a product/service payment or other business transaction with a hosted contact center. Embodiments of the invention further provide for forming a limited-use indicator, such as a use-limiting token, by associating a transaction agent indicator and a use-limiting indicator with the user information, and for verifying a limited use indicator received from a contact center agent and determining according to such indicator, in addition to any ordinary verification that might also be conducted, whether the use limitation has been met and whether the transaction should be authorized in accordance with the use limitation.

Citations

23 Claims

1. A method for protecting confidential user information employed in an electronic user transaction comprising:
- initiating a user transaction in an electronic transactional system employing confidential user information of a user;
  
  associating with the confidential user information a limited-use indicator indicating a limited use of the confidential user information to produce an authorization indicator;
  
  transmitting the authorization indicator to a recipient for use in conducting the user transaction;
  
  receiving an agent identifier of a contact center agent, wherein the agent identifier is provided by a provider to a user device;
  
  communicating, by the user device to the provider, the agent identifier and the confidential user information; and
  
  transmitting the authorization indicator to the provider for verifying whether the limited use is met and whether the transaction should therefore be authorized in accordance with the limited use.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method according to claim 1, further comprising:
    - assigning, by the provider, an agent identifier identifying recipient agents, the authorization indicator including an indicator corresponding to the agent identifier.
  - 3. A method according to claim 1, wherein the user transaction comprises a payment transaction between the user and a hosted contact center.
  - 4. A method according to claim 1, wherein the confidential user information comprises electronic payment information.
  - 5. A method according to claim 1, wherein the associating comprises:
    - receiving, by the user device from the security center, the authorization indicator, the authorization indicator including an indicator corresponding to the limited-use indicator.
  - 6. A method according to claim 5, wherein the authorization indicator comprises a limited-use token.
  - 7. A method according to claim 6, wherein the limited-use token is generated from token parameters including the agent identifier, a public key of the contact center agent and an identity based encryption (IBE).
  - 8. A method according to claim 6, wherein the limited-use token is generated according to at least one of:
    - a no secret approach, a shared secret approach, a digest approach, a hash-based chain of keywords, a public key approach, and a one-time pad approach.
  - 9. A method according to claim 1, wherein the associating comprises:
    - receiving, by a user device from a contact center, an agent identifier of a contact center agent; and
      
      retrieving, by the user device according to the agent identifier, the authorization indicator including an indicator corresponding to the limited-use indicator.
  - 10. A method according to claim 9, wherein the authorization indicator comprises a limited-use token.
  - 11. A method according to claim 10, wherein the limited-use token is generated from token parameters including to the agent identifier, a public key of the contact center agent and an identity based encryption (IBE).
  - 12. A method according to claim 10, wherein the limited-use token is generated according to at least one of:
    - a no secret approach, a shared secret approach, a digest approach, a hash-based chain of keywords, a public key approach, and a one-time pad approach.
  - 13. A method according to claim 1, wherein the authorization indicator comprises a limited-use token.
  - 14. A method according to claim 1 wherein the transactional limitation comprises a time indicator indicating a time during which the transaction will be authorized and after which authorization of the transaction will be denied.

15. A method comprising:
- initiating a transaction with an agent in a contact center;
  
  receiving an agent identifier for the agent from the contact center;
  
  determining a limited use indicator, the limited use indicator received from a provider and corresponding to the agent identifier;
  
  sending the limited use indicator with confidential information to the contact center for authorization in the transaction, wherein the contact center communicates the limited use indicator and the confidential information to the provider for verifying whether the limited use is met in the transaction; and
  
  receiving, from the contact center, an authorization indication whether the limited use is met.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, further comprising:
    - sending the confidential information and the agent identifier to the provider; and
      
      receiving the limited use indicator from the provider, the provider determining the limited use indicator based on the confidential information and the agent identifier.
  - 17. The method of claim 15, further comprising:
    - receiving one or more limited use indicators for one or more agent identifiers;
      
      storing the one or more limited use indicators; and
      
      determining a limited use indicator in the one or more limited use indicators based on the agent identifier for the agent, wherein the determined limited use indicator is sent to the contact center with the confidential information.

18. A method comprising:
- sending, from a contact center, an agent identifier to a user device for a transaction being conducted between the user device and the contact center, wherein the user device associates confidential information and a limited use indicator that is received from a provider and corresponds to the agent identifier;
  
  receiving the limited use indicator and the confidential information from the user device;
  
  sending the limited use indicator and the confidential information to the provider for verifying whether the limited use is met and whether the transaction should be authorized in accordance with the limited use; and
  
  receiving a response from the provider indicating whether the transaction should be authorized in accordance with the limited use.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, further comprising:
    - sending verification information with the limited use indicator and the confidential information to the provider; and
      
      receiving a verification response indicating whether the transaction is allowable without taking into account the limited use.
  - 20. The method of claim 18, further comprising:
    - receiving the agent identifier from the provider; and
      
      assigning the agent identifier to an agent handling the transaction in the call center.

21. A method comprising:
- sending a limited use indicator to a user device, wherein the user device associates the limited use indicator with confidential information and an agent identifier for an agent of a call center for a transaction, wherein the limited use indicator corresponds to the agent identifier;
  
  receiving a verification request from the call center, the verification request including the limited use indicator and the confidential information;
  
  verifying whether the limited use is met and whether the transaction should be authorized in accordance with the limited use based on the limited use indicator and the confidential information; and
  
  sending a response to the call center indicating whether the transaction is authorized in accordance with the limited use.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21, further comprising:
    - receiving the agent identifier and the confidential information from the user device;
      
      determining the limited use indicator corresponding to the agent identifier and the confidential information; and
      
      sending the limited use indicator to the user device.
  - 23. The method of claim 21, further comprising:
    - sending one or more limited use indicators for one or more agent identifiers; and
      
      receiving a limited use indicator in the one or more limited use indicators in the verification request, wherein the user device uses the agent identifier for the agent to determine the limited use indicator for the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Patel, Labhesh, Sarkar, Shantanu, Shaffer, Shmuel, Jennings, Cullen
Primary Examiner(s)
HESS, DANIEL A

Application Number

US10/902,614
Time in Patent Office

1,189 Days
Field of Search

235/379, 235/380, 705/1, 705/26, 705/35, 705/39, 705/40, 705/44, 705/64
US Class Current

235/380
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 20/12   specially adapted for elect...

G06Q 20/382   insuring higher security of...

G06Q 20/403   Solvency checks

System and method for securing transactions in a contact center environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing transactions in a contact center environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links