Secure intermediation system and method

US 7,853,782 B1
Filed: 04/14/2004
Issued: 12/14/2010
Est. Priority Date: 04/14/2004
Status: Active Grant

First Claim

Patent Images

1. A secure intermediation method performed by an intermediary positioned along a communication path between a client node and a server node, comprising:

receiving a session request from the client node, wherein the session request is a request to initiate secure communications between the client node and the server node;

sending to the client node a certificate in response to the session request;

establishing a first secure session between the client node and the intermediary;

establishing a second secure session between the intermediary and the server node; and

after establishing the first and second secure sessions, (i) receiving a payment message from the client node, (ii) detecting that the payment message includes an account number, (iii) modifying the payment message by replacing the account number with a limited-use payment number from a payment server, and (iv) sending the modified payment message to the server node over the second secure session.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a secure intermediary system, an intermediary is positioned along a communications path between a client and a server. The client sends a request to enter into a secure session, such as a secure socket layer (SSL) session. The intermediary receives the session request and establishes a first secure session between the client and the intermediary and/or a second secure session between the intermediary and the server. After the first and second secure sessions have been established, the intermediary provides intermediation services between the server and the client in an intermediated secure session. The intermediation service may be, for example, detecting whether a message sent by the client includes a credit card number. To prevent the credit card number from being sent over a network, credit card number may be replaced with a one-time use payment number.

149 Citations

View as Search Results

17 Claims

1. A secure intermediation method performed by an intermediary positioned along a communication path between a client node and a server node, comprising:
- receiving a session request from the client node, wherein the session request is a request to initiate secure communications between the client node and the server node;
  
  sending to the client node a certificate in response to the session request;
  
  establishing a first secure session between the client node and the intermediary;
  
  establishing a second secure session between the intermediary and the server node; and
  
  after establishing the first and second secure sessions, (i) receiving a payment message from the client node, (ii) detecting that the payment message includes an account number, (iii) modifying the payment message by replacing the account number with a limited-use payment number from a payment server, and (iv) sending the modified payment message to the server node over the second secure session.
- View Dependent Claims (2, 7, 8, 9)
- - 2. The method of claim 1, wherein the first and second secure sessions are secure socket layer sessions.
  - 7. The method of claim 1, wherein the account number is a credit card number.
  - 8. The method of claim 1, further comprising sending a verification message to the client node after detecting the payment message includes the account number, wherein the verification message prompts a user of the client node to approve replacement of the account number.
  - 9. The method of claim 1, further comprising requesting the limited- use payment number from said payment server.

3. In a secure intermediation system, a method comprising:
- sending from a client node a session request addressed to a server node, wherein the session request comprises a request to initiate a secure socket layer session between the client node and the server node;
  
  receiving at the client node a certificate in response to the session request;
  
  determining at the client node that the certificate corresponds to an intermediary positioned along a communications path between the client node and the server node;
  
  establishing a first secure session between the client node and the intermediary;
  
  establishing a second secure session between the intermediary and the server node;
  
  receiving at the intermediary from the client node a payment message including an account number;
  
  modifying the payment message at the intermediary by replacing the account number with a limited-use payment number received from a payment server; and
  
  sending the modified payment message from the intermediary to the server node.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 3, wherein the account number is a credit card number.
  - 11. The method of claim 3, further comprising sending a verification message to the client node to prompt a user of the client node to approve replacement of the account number.
  - 12. The method of claim 3, further comprising requesting the limited- use payment number from said payment server.

4. An intermediation system comprising:
- a processor for executing logic;
  
  session request logic executable on the processor and operative to detect a session request sent from a client node, wherein the session request comprises a request to initiate a secure session between the client node and a server node;
  
  session initiation logic executable on the processor and operative to establish a first secure session with the client node and a second secure session with the server node, the session initiation logic being responsive to the detection of the session request by the session request logic;
  
  linking logic executable on the processor and operative to enable communication between the client node and the server node by linking the first secure session with the second secure session;
  
  account-number detection logic executing on a processor and operative to determine that a message sent by the client node is a payment message that includes an account number;
  
  payment number request logic executing on a processor and operative to request a limited-use payment number from a payment server; and
  
  modification logic executing on a processor and operative to modify the payment message by replacing the account number with the limited-use payment number.
- View Dependent Claims (5, 13, 14)
- - 5. The system of claim 4, wherein the first and second secure sessions are secure socket layer sessions.
  - 13. The system of claim 4, wherein the account number is a credit card number.
  - 14. The system of claim 4, wherein the account-number detection logic is further operative to send a verification message to the client node to prompt a user of the client node to approve replacement of the account number.

6. A secure intermediation system, comprising:
- a network interface;
  
  a processor; and
  
  data storage, wherein the data storage stores instructions executable by the processor (i) to receive a session request from a client node, wherein the session request comprises a request to initiate secure communications between the client node and a server node;
  
  (ii) to establish a first secure session with the server in response to receiving the session request;
  
  (iii) to establish a second secure session between the intermediary and the server in response to receiving the session request;
  
  (iv) to receive a payment message from the client node after establishing the first and second secure session, wherein the payment message includes an account number;
  
  (v) to modify the payment message by replacing the account number with a limited use payment number received from a payment server, and (vi) to send the modified payment message to the server over the second secure session.
- View Dependent Claims (15, 16, 17)
- - 15. The system of claim 6, wherein the account number is a credit card number.
  - 16. The system of claim 6, wherein the instructions are further executable by the processor to send a verification message to the client node to prompt a user of the client node to approve replacement of the account number.
  - 17. The system of claim 6, wherein the instructions are further executable by the processor to request the limited-use payment number from said payment server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sprint Spectrum LP (Deutsche Telekom AG)
Original Assignee
Sprint Spectrum LP (Deutsche Telekom AG)
Inventors
Geddes, Martin
Primary Examiner(s)
Barron, Jr.; Gilberto

Application Number

US10/824,236
Time in Patent Office

2,435 Days
Field of Search

713/182, 713/164, 713/165, 713/166, 713/167, 713/151, 713/153, 705/64, 705/77, 705/78, 705/79
US Class Current

713/151
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/027   involving a payment switch ...

G06Q 20/0855   involving a third party

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

Secure intermediation system and method

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

149 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Secure intermediation system and method

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

149 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links