Secure intermediation system and method
First Claim
1. A secure intermediation method performed by an intermediary positioned along a communication path between a client node and a server node, comprising:
- receiving a session request from the client node, wherein the session request is a request to initiate secure communications between the client node and the server node;
sending to the client node a certificate in response to the session request;
establishing a first secure session between the client node and the intermediary;
establishing a second secure session between the intermediary and the server node; and
after establishing the first and second secure sessions, (i) receiving a payment message from the client node, (ii) detecting that the payment message includes an account number, (iii) modifying the payment message by replacing the account number with a limited-use payment number from a payment server, and (iv) sending the modified payment message to the server node over the second secure session.
6 Assignments
0 Petitions
Accused Products
Abstract
In a secure intermediary system, an intermediary is positioned along a communications path between a client and a server. The client sends a request to enter into a secure session, such as a secure socket layer (SSL) session. The intermediary receives the session request and establishes a first secure session between the client and the intermediary and/or a second secure session between the intermediary and the server. After the first and second secure sessions have been established, the intermediary provides intermediation services between the server and the client in an intermediated secure session. The intermediation service may be, for example, detecting whether a message sent by the client includes a credit card number. To prevent the credit card number from being sent over a network, credit card number may be replaced with a one-time use payment number.
149 Citations
17 Claims
-
1. A secure intermediation method performed by an intermediary positioned along a communication path between a client node and a server node, comprising:
-
receiving a session request from the client node, wherein the session request is a request to initiate secure communications between the client node and the server node; sending to the client node a certificate in response to the session request; establishing a first secure session between the client node and the intermediary; establishing a second secure session between the intermediary and the server node; and after establishing the first and second secure sessions, (i) receiving a payment message from the client node, (ii) detecting that the payment message includes an account number, (iii) modifying the payment message by replacing the account number with a limited-use payment number from a payment server, and (iv) sending the modified payment message to the server node over the second secure session. - View Dependent Claims (2, 7, 8, 9)
-
-
3. In a secure intermediation system, a method comprising:
-
sending from a client node a session request addressed to a server node, wherein the session request comprises a request to initiate a secure socket layer session between the client node and the server node; receiving at the client node a certificate in response to the session request; determining at the client node that the certificate corresponds to an intermediary positioned along a communications path between the client node and the server node; establishing a first secure session between the client node and the intermediary; establishing a second secure session between the intermediary and the server node; receiving at the intermediary from the client node a payment message including an account number; modifying the payment message at the intermediary by replacing the account number with a limited-use payment number received from a payment server; and sending the modified payment message from the intermediary to the server node. - View Dependent Claims (10, 11, 12)
-
-
4. An intermediation system comprising:
-
a processor for executing logic; session request logic executable on the processor and operative to detect a session request sent from a client node, wherein the session request comprises a request to initiate a secure session between the client node and a server node; session initiation logic executable on the processor and operative to establish a first secure session with the client node and a second secure session with the server node, the session initiation logic being responsive to the detection of the session request by the session request logic; linking logic executable on the processor and operative to enable communication between the client node and the server node by linking the first secure session with the second secure session; account-number detection logic executing on a processor and operative to determine that a message sent by the client node is a payment message that includes an account number; payment number request logic executing on a processor and operative to request a limited-use payment number from a payment server; and modification logic executing on a processor and operative to modify the payment message by replacing the account number with the limited-use payment number. - View Dependent Claims (5, 13, 14)
-
-
6. A secure intermediation system, comprising:
-
a network interface; a processor; and data storage, wherein the data storage stores instructions executable by the processor (i) to receive a session request from a client node, wherein the session request comprises a request to initiate secure communications between the client node and a server node;
(ii) to establish a first secure session with the server in response to receiving the session request;
(iii) to establish a second secure session between the intermediary and the server in response to receiving the session request;
(iv) to receive a payment message from the client node after establishing the first and second secure session, wherein the payment message includes an account number;
(v) to modify the payment message by replacing the account number with a limited use payment number received from a payment server, and (vi) to send the modified payment message to the server over the second secure session. - View Dependent Claims (15, 16, 17)
-
Specification