Payment information security for multi-merchant purchasing environment for downloadable products

US 7,548,889 B2
Filed: 01/24/2005
Issued: 06/16/2009
Est. Priority Date: 01/24/2005
Status: Expired due to Fees

First Claim

Patent Images

1. One or more device-readable media having device-executable instructions which, when executed, cause one or more processors to perform the steps of:

storing by a security application running on a user computer, credit card information comprising a credit card identifier and providing by the security application a token to a purchasing application wherein the token is unique to the credit card identifier;

identifying a first product from the user computer, the first product being provided by a first merchant computer application;

adding the first product to a purchase list by the user computer;

identifying a second product by the user computer, the second product being provided by a second merchant computer application, the second merchant being different from the first merchant;

adding the second product to the purchase list by the user computer;

receiving a purchase instruction from a user, the purchase instruction indicating a request from the user to purchase all items on the purchase list, including the first product and the second product;

identifying by the purchasing application the token;

providing by the purchasing application the token to the security application;

providing by the purchasing application a first identifier associated with the first merchant to the security application;

providing by the purchasing application a second identifier associated with the second merchant to the security application;

retrieving, by the security application, based on the token, the credit card identifier from the stored credit card information;

encrypting first credit card data by the security application using a first public key associated with the first merchant, the first credit card data including a credit card identifier;

encrypting second credit card data by the security application using a second public key associated with the second merchant, the second credit card data including the credit card identifier;

sending, in response to the purchase instruction, the first encrypted credit card data to a first merchant application associated with the first merchant; and

sending, in response to the purchase instruction, the second encrypted credit card data to a second merchant application associated with the second merchant.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multi-merchant purchasing system is configured to identify downloadable products selected by a user for purchase. The identified downloadable products are offered by multiple merchants. The multi-merchant purchasing system enables the user to purchase all of the downloadable products in a single transaction. Specifically, the multi-merchant purchasing system determines payment information associated with the user and, with minimum user-interaction, sends the payment information to applications associated with the merchants for processing. The multi-merchant purchasing system may also be configured to receive purchase information from the merchant applications and maintains the purchase information for the user in a locker. The multi-merchant purchasing system may further be configured to automatically download and install the purchased product onto the user'"'"'s computing device through a software assistant. To ensure privacy and security, the multi-merchant purchasing system may include a credit card quarantine module to secure credit card data by encoding and multiple levels of encryptions.

Citations

15 Claims

1. One or more device-readable media having device-executable instructions which, when executed, cause one or more processors to perform the steps of:
- storing by a security application running on a user computer, credit card information comprising a credit card identifier and providing by the security application a token to a purchasing application wherein the token is unique to the credit card identifier;
  
  identifying a first product from the user computer, the first product being provided by a first merchant computer application;
  
  adding the first product to a purchase list by the user computer;
  
  identifying a second product by the user computer, the second product being provided by a second merchant computer application, the second merchant being different from the first merchant;
  
  adding the second product to the purchase list by the user computer;
  
  receiving a purchase instruction from a user, the purchase instruction indicating a request from the user to purchase all items on the purchase list, including the first product and the second product;
  
  identifying by the purchasing application the token;
  
  providing by the purchasing application the token to the security application;
  
  providing by the purchasing application a first identifier associated with the first merchant to the security application;
  
  providing by the purchasing application a second identifier associated with the second merchant to the security application;
  
  retrieving, by the security application, based on the token, the credit card identifier from the stored credit card information;
  
  encrypting first credit card data by the security application using a first public key associated with the first merchant, the first credit card data including a credit card identifier;
  
  encrypting second credit card data by the security application using a second public key associated with the second merchant, the second credit card data including the credit card identifier;
  
  sending, in response to the purchase instruction, the first encrypted credit card data to a first merchant application associated with the first merchant; and
  
  sending, in response to the purchase instruction, the second encrypted credit card data to a second merchant application associated with the second merchant.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The one or more device-readable media as recited in claim 1, wherein the device-executable instructions, when executed, cause the one or more processors to perform the steps of:
    - determining additional payment information associated with the user; and
      
      sending the additional payment information along with the first credit card data.
  - 3. The one or more device-readable media as recited in claim 1, wherein the device-executable instructions, when executed, cause the one or more processors to perform the steps of:
    - substituting the token as credit card identifier in the credit card information;
      
      and storing the credit card information in a data store.
  - 4. The one or more device-readable media as recited in claim 1, wherein the device-executable instructions, when executed, cause the one or more processors to perform the step of:
    - receiving a request from the first merchant application to receive credit card information.
  - 5. The one or more device-readable media as recited in claim 1, wherein the device-executable instructions, when executed, cause the one or more processors to perform the steps of:
    - requesting the user to provide an authorization for providing the first credit card data to the first merchant; and
      
      receiving the authorization from the user before sending the first credit card data to the first merchant application.

6. One or more device-readable media having device-executable instructions which, when executed, cause one or more processors to perform the steps of:
- storing a data structure by a user computer security application running on a user computer, the data structure including;
  
  a first data field including credit card information comprising a credit card identifier;
  
  a second data field indexed to the first data field, the second data field including a token wherein the token is unigue to the credit card identifier and, and is being used to substitute for a corresponding credit card data identifier in the first data field;
  
  a third data field including a plurality of merchant identifiers, each merchant identifier indicating a different merchant; and
  
  a fourth data field indexed to the third data field, the fourth data field including a first public key and a second public key wherein the public keys are associated with a corresponding merchant identifier in the third data field;
  
  providing by the security application the token to a purchasing application;
  
  identifying a first product from the user computer, the first product beinci provided by a first merchant computer application;
  
  adding the first product to a purchase list by the user computer;
  
  identifying a second product by the user computer, the second product being provided by a second merchant computer application, the second merchant being different from the first merchant;
  
  adding the second product to the purchase list by the user computer;
  
  receiving a purchase instruction from a user, the purchase instruction indicating a request from the user to purchase all items on the purchase list. including the first product and the second product;
  
  identifying by the purchasing application the token;
  
  providing by the purchasing application the token to the security application;
  
  providing by the purchasing application a first identifier associated with the first merchant to the security application;
  
  providing by the purchasing application a second identifier associated with the second merchant to the security application;
  
  retrieving, by the security application, based on the token, the credit card identifier from the stored credit card information;
  
  encrypting first credit card data by the security application using the first public key associated with the first merchant, the first credit card data including a credit card identifier;
  
  encrypting second credit card data by the security application using the second public key associated with the second merchant, the second credit card data including the credit card identifier;
  
  sending, in response to the purchase instruction, the first credit card data to a first merchant application associated with the first merchant; and
  
  sending, in response to the purchase instruction, the second credit card data to a second merchant application associated with the second merchant.
- View Dependent Claims (7, 8)
- - 7. The one or more device-readable media recited in claim 6, wherein each public key in the fourth data field is configured to be usable to encrypt one of the one or more credit card data items in the first data field.
  - 8. The one or more device-readable media as recited in claim 6, wherein one of the one or more credit card data items includes at least one of a credit card number, an expiration date, a name, an address, or a phone number.

9. A system for purchasing downloadable products comprising:
- one or more memories;
  
  one or more processors operable with the one or more memories to;
  
  provide credit card numbers, each credit card number being associated with a token,maintain public keys, each public key corresponding to a different merchant associated with the system,encrypt at least one of the credit card numbers with at least one of the public keys,wherein the one or more processors are operable with the one or more memories for a single purchase request from a user to;
  
  provide a token to the security application,receive a first encrypted credit card number and a second encrypted credit card number, the first encrypted credit card number including a credit card number associated with the token encrypted with a first public key associated with a first one of the merchants, the second encrypted credit card number including the credit card number encrypted with a second public key associated with a second one of the merchants,determine first payment information associated with the first encrypted credit card number,determine second payment information associated with the second encrypted credit card number,send the first payment information and the first encrypted credit card number to the first one of the merchants, andsend the second payment information and the second encrypted credit card number to the second one of the merchants.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system as recited in claim 9, wherein the one or more processors are operable with the one or more memories to encrypt the first payment information and the first encrypted credit card number before sending to the merchant.
  - 11. The system as recited in claim 9, wherein the one or more processors are operable with the one or more memories to prevent the credit card numbers from being sent without encryption.
  - 12. The system as recited in claim 9, wherein the one or more processors are operable with the one or more memories to receive a merchant identifier and to determine a public key associated with the merchant identifier.
  - 13. The system as recited in claim 12, wherein the one or more processors are operable with the one or more memones to encrypt messages with credit card numbers with the determined public key.
  - 14. The system as recited in claim 13, wherein the one or more processors are operable with the one or more memories to send a private key associated with the determined public key to the merchant.
  - 15. The system as recited in claim 9, wherein the one or more processors are operable with the one or more memories to provide a web service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Nolan, Sean, Bhambri, Vikram, Hempey, Matthew D., Button, Thomas L., Sausville, Paul C., Walsh, Deirdre L., Biyani, Raj, Warren, Susan
Primary Examiner(s)
Hewitt, II; Calvin L
Assistant Examiner(s)
Nigh; James D

Application Number

US11/042,305
Publication Number

US 20060167819A1
Time in Patent Office

1,604 Days
Field of Search

705/44
US Class Current

705/64
CPC Class Codes

G06Q 20/12   specially adapted for elect...

G06Q 20/123   Shopping for digital content

G06Q 20/24   Credit schemes, i.e. "pay a...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

G07F 7/1008   Active credit-cards provide...

Payment information security for multi-merchant purchasing environment for downloadable products

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Payment information security for multi-merchant purchasing environment for downloadable products

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links