Method and apparatus for secure online transactions
First Claim
Patent Images
1. A computer-implemented method for conducting an online transaction comprising the steps of:
- receiving, by a server, a request from a user to checkout a selection of merchandize or services sold by a merchant;
generating, by said server, an extensible HTML page containing;
a transaction message comprising a core specification that describes online transactions and a frame specification, said frame specification embedding said core specification in a web service message, said transaction message represented in a payment markup language that describes payment transactions; and
a request for an authentication password from said user;
transmitting, by said server, said extensible HTML page to a browser;
rendering, by said browser, said extensible HTML page to a graphical interface that resembles a real-world receipt, said graphical interface displaying a sign button;
receiving said authentication password from said user;
authenticating said authentication password;
installing, on said browser and by said user, a certificate of said user by using browser methods, said certificate of said user issued by said user'"'"'s bank;
signing, by said browser, said core specification in said transaction message with said certificate of said user;
transmitting, by said browser, said signature to said server in response to said user clicking said sign button;
generating, by said server, a complete transaction message including said signature and sending it to a payment gateway; and
verifying, by said payment gateway, said transaction message along with said signature and in response to said verifying, said payment gateway honoring said transaction.
9 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for performing secure online transactions provides a user interface that is intuitive and easily to understand. The invention integrates an online wallet service with credit card issuers that provide online credit card authentication services. The method provides a keypad interface for PIN entry, or an interface that resembles an offline transaction receipt. The apparatus that stores personal information and credit card information uses a level-two authentication password to protect the user'"'"'s credit card information. The invention integrates with the credit card issuer when a personal identification number is required for the user to perform online transactions by the credit card issuer. The embodiments include integrations when the level-two authentication password is equivalent to the personal identification number and that when they or not equivalent.
106 Citations
7 Claims
-
1. A computer-implemented method for conducting an online transaction comprising the steps of:
-
receiving, by a server, a request from a user to checkout a selection of merchandize or services sold by a merchant; generating, by said server, an extensible HTML page containing; a transaction message comprising a core specification that describes online transactions and a frame specification, said frame specification embedding said core specification in a web service message, said transaction message represented in a payment markup language that describes payment transactions; and a request for an authentication password from said user; transmitting, by said server, said extensible HTML page to a browser; rendering, by said browser, said extensible HTML page to a graphical interface that resembles a real-world receipt, said graphical interface displaying a sign button; receiving said authentication password from said user; authenticating said authentication password; installing, on said browser and by said user, a certificate of said user by using browser methods, said certificate of said user issued by said user'"'"'s bank; signing, by said browser, said core specification in said transaction message with said certificate of said user; transmitting, by said browser, said signature to said server in response to said user clicking said sign button; generating, by said server, a complete transaction message including said signature and sending it to a payment gateway; and verifying, by said payment gateway, said transaction message along with said signature and in response to said verifying, said payment gateway honoring said transaction. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for conducting an online transaction comprising the steps of:
-
receiving, by a server, a request from a user to checkout a selection of merchandize or services sold by a merchant; generating, by said server, an extensible HTML page containing; a transaction message comprising a core specification that describes online transactions and a frame specification, said frame specification embedding said core specification in a web service message, said transaction message represented in a payment markup language that describes payment transactions and said transaction message containing a unique transaction ID and a date and time that said transaction takes place to provide non-repudiation; and a request for an authentication password from said user; transmitting, by said server, said extensible HTML page to a browser; rendering, by said browser, said extensible HTML page to a graphical interface that resembles a real-world receipt, said graphical interface displaying a sign button; receiving said authentication password from said user; authenticating said authentication password; signing said core specification in said transaction message by a smart card that contains said certificate of said user, said signing with said certificate; transmitting, by said browser, said signature to said server in response to said user clicking said sign button; generating, by said server, a complete transaction message including said signature and sending it to a payment gateway; verifying, by said payment gateway, said transaction message along with said signature and in response to said verifying, said payment gateway honoring said transaction; and storing said signature on said server in case of future disputes, wherein said certificate of said user is issued by a credit card issuer of said user, said signing step further comprising signing said core specification in said transaction message with said certificate issued by said credit card issuer of said user to generate a signature. - View Dependent Claims (7)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMeta Platforms, Inc. (f/k/a Facebook, Inc.)
-
Original AssigneeAOL Inc. (Apollo Global Management, Inc.)
-
InventorsMarshall, John, Rawat, Jai, Zissimopoulos, Vasileios “Bill”
-
Primary Examiner(s)Worjloh; Jalatee
-
Application NumberUS11/623,033Publication NumberTime in Patent Office1,523 DaysField of Search705 64- 79, 713/150, 726/26US Class Current705/79CPC Class CodesG06Q 20/027 involving a payment switch ...G06Q 20/04 Payment circuitsG06Q 20/0855 involving a third partyG06Q 20/105 involving programming of a ...G06Q 20/24 Credit schemes, i.e. "pay a...G06Q 20/342 Cards defining paid or bill...G06Q 20/367 involving electronic purses...G06Q 20/3674 involving authenticationG06Q 20/382 insuring higher security of...G06Q 20/3821 Electronic credentialsG06Q 20/401 Transaction verificationG06Q 20/4012 Verifying personal identifi...G07F 7/025 by means, e.g. cards, provi...G07F 7/1008 Active credit-cards provide...G07F 7/1025 Identification of user by a...
