Method and apparatus for secure online transactions
First Claim
1. A computer-implemented method for conducting an online transaction comprising the steps of:
- receiving, by a server, a request from a user to checkout a selection of merchandize or services sold by a merchant;
generating, by said server, an extensible HTML page containing;
a transaction message comprising a core specification that describes online transactions and a frame specification, said frame specification embedding said core specification in a web service message, said transaction message represented in a payment markup language that describes payment transactions; and
a request for an authentication password from said user;
transmitting, by said server, said extensible HTML page to a browser;
rendering, by said browser, said extensible HTML page to a graphical interface that resembles a real-world receipt, said graphical interface displaying a sign button;
receiving said authentication password from said user;
authenticating said authentication password;
installing, on said browser and by said user, a certificate of said user by using browser methods, said certificate of said user issued by said user'"'"'s bank;
signing, by said browser, said core specification in said transaction message with said certificate of said user;
transmitting, by said browser, said signature to said server in response to said user clicking said sign button;
generating, by said server, a complete transaction message including said signature and sending it to a payment gateway; and
verifying, by said payment gateway, said transaction message along with said signature and in response to said verifying, said payment gateway honoring said transaction.
9 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for performing secure online transactions provides a user interface that is intuitive and easily to understand. The invention integrates an online wallet service with credit card issuers that provide online credit card authentication services. The method provides a keypad interface for PIN entry, or an interface that resembles an offline transaction receipt. The apparatus that stores personal information and credit card information uses a level-two authentication password to protect the user'"'"'s credit card information. The invention integrates with the credit card issuer when a personal identification number is required for the user to perform online transactions by the credit card issuer. The embodiments include integrations when the level-two authentication password is equivalent to the personal identification number and that when they or not equivalent.
106 Citations
7 Claims
-
1. A computer-implemented method for conducting an online transaction comprising the steps of:
-
receiving, by a server, a request from a user to checkout a selection of merchandize or services sold by a merchant; generating, by said server, an extensible HTML page containing; a transaction message comprising a core specification that describes online transactions and a frame specification, said frame specification embedding said core specification in a web service message, said transaction message represented in a payment markup language that describes payment transactions; and a request for an authentication password from said user; transmitting, by said server, said extensible HTML page to a browser; rendering, by said browser, said extensible HTML page to a graphical interface that resembles a real-world receipt, said graphical interface displaying a sign button; receiving said authentication password from said user; authenticating said authentication password; installing, on said browser and by said user, a certificate of said user by using browser methods, said certificate of said user issued by said user'"'"'s bank; signing, by said browser, said core specification in said transaction message with said certificate of said user; transmitting, by said browser, said signature to said server in response to said user clicking said sign button; generating, by said server, a complete transaction message including said signature and sending it to a payment gateway; and verifying, by said payment gateway, said transaction message along with said signature and in response to said verifying, said payment gateway honoring said transaction. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for conducting an online transaction comprising the steps of:
-
receiving, by a server, a request from a user to checkout a selection of merchandize or services sold by a merchant; generating, by said server, an extensible HTML page containing; a transaction message comprising a core specification that describes online transactions and a frame specification, said frame specification embedding said core specification in a web service message, said transaction message represented in a payment markup language that describes payment transactions and said transaction message containing a unique transaction ID and a date and time that said transaction takes place to provide non-repudiation; and a request for an authentication password from said user; transmitting, by said server, said extensible HTML page to a browser; rendering, by said browser, said extensible HTML page to a graphical interface that resembles a real-world receipt, said graphical interface displaying a sign button; receiving said authentication password from said user; authenticating said authentication password; signing said core specification in said transaction message by a smart card that contains said certificate of said user, said signing with said certificate; transmitting, by said browser, said signature to said server in response to said user clicking said sign button; generating, by said server, a complete transaction message including said signature and sending it to a payment gateway; verifying, by said payment gateway, said transaction message along with said signature and in response to said verifying, said payment gateway honoring said transaction; and storing said signature on said server in case of future disputes, wherein said certificate of said user is issued by a credit card issuer of said user, said signing step further comprising signing said core specification in said transaction message with said certificate issued by said credit card issuer of said user to generate a signature. - View Dependent Claims (7)
-
Specification