Methods and apparatus for conducting electronic transactions

US 8,214,299 B2
Filed: 08/18/2010
Issued: 07/03/2012
Est. Priority Date: 08/31/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving, by a server comprising a processor and a non-transitory, tangible memory, a transaction request from a user for a transaction at a merchant server;

issuing, by the server, a challenge;

forwarding, by the server, the challenge to the user, wherein the challenge is passed to an intelligent token for processing the challenge, and wherein the intelligent token generates a response to the challenge;

receiving, by the server, the response from the user based upon the challenge;

processing, by the server, the response;

verifying, by the server, the intelligent token;

assembling, by the server, credentials for the transaction, wherein the credentials comprise a key;

providing, by the server, at least a portion of the assembled credentials to the user;

receiving, by the server, a second request from the user, wherein the second request includes the portion of the assembled credentials provided to the user;

validating, by the server, the portion of the assembled credentials provided to the user with the key of the assembled credentials providing access to a transaction service;

initiating, by the server, a transaction session for use with the transaction service;

receiving, by the server, a third party request comprising executable commands being associated with a selected programming language;

scanning, by the server and while in the transaction session, the third party request to find executable commands; and

at least one of editing and removing, by the server, at least a portion of the executable commands, wherein the at least one of editing and removing comprises at least one of;

rendering the executable commands unexecutable by a network client by removing a character of the executable commands, andrendering the executable commands unexecutable by the network client by replacing particular characters within the executable commands.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for conducting electronic commerce are disclosed. In various embodiments, the electronic transaction is a purchase transaction. A user is provided with an intelligent token, such as a smartcard containing a digital certificate. The intelligent token suitably authenticates with a server on a network that conducts all or portions of the transaction on behalf of the user. In various embodiments a wallet server interacts with a security server to provide enhanced reliability and confidence in the transaction. In various embodiments, the wallet server includes a toolbar. In various embodiments, the digital wallet pre-fills forms. Forms may be pre-filled using an auto-remember component.

332 Citations

19 Claims

1. A method comprising:
- receiving, by a server comprising a processor and a non-transitory, tangible memory, a transaction request from a user for a transaction at a merchant server;
  
  issuing, by the server, a challenge;
  
  forwarding, by the server, the challenge to the user, wherein the challenge is passed to an intelligent token for processing the challenge, and wherein the intelligent token generates a response to the challenge;
  
  receiving, by the server, the response from the user based upon the challenge;
  
  processing, by the server, the response;
  
  verifying, by the server, the intelligent token;
  
  assembling, by the server, credentials for the transaction, wherein the credentials comprise a key;
  
  providing, by the server, at least a portion of the assembled credentials to the user;
  
  receiving, by the server, a second request from the user, wherein the second request includes the portion of the assembled credentials provided to the user;
  
  validating, by the server, the portion of the assembled credentials provided to the user with the key of the assembled credentials providing access to a transaction service;
  
  initiating, by the server, a transaction session for use with the transaction service;
  
  receiving, by the server, a third party request comprising executable commands being associated with a selected programming language;
  
  scanning, by the server and while in the transaction session, the third party request to find executable commands; and
  
  at least one of editing and removing, by the server, at least a portion of the executable commands, wherein the at least one of editing and removing comprises at least one of;
  
  rendering the executable commands unexecutable by a network client by removing a character of the executable commands, andrendering the executable commands unexecutable by the network client by replacing particular characters within the executable commands.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising rejecting a request in response to the third party request containing the executable commands having a hostile character.
  - 3. The method of claim 1, further comprising logging the executable commands to form a security log.
  - 4. The method of claim 3, further comprising reviewing the security log to determine whether the executable commands are hostile.
  - 5. The method of claim 1, wherein the executable commands cause an unwanted action when executed.
  - 6. The method of claim 1, wherein the executable commands are malicious.
  - 7. The method of claim 1, further comprising receiving a request for a connection at the network server from the network client.
  - 8. The method of claim 7, further comprising verifying that a response from the network server to the network client is void of the executable commands.
  - 9. The method of claim 8, further comprising providing the response from the network server to the network client.
  - 10. The method claim 1, wherein the rendering the executable commands unexecutable by the network client by replacing particular characters within the executable commands comprises converting a script format character to another character, wherein the script format character identifies a block of code.
  - 11. The method claim 1, wherein the rendering the executable commands unexecutable by the network client by removing a character of the executable commands comprises removing a script format character, wherein the script format character identifies a block of code.
  - 12. The method of claim 1, wherein the selected programming language comprises javascript.
  - 13. The method of claim 1, wherein the selected programming language comprises SQL code.
  - 14. The method of claim 1, wherein the selected programming language comprises XML code.
  - 15. The method of claim 1, wherein the selected programming language comprises a markup language.
  - 16. The method of claim 1, further comprising rejecting the transaction request in response to the third party request being received from the merchant server, wherein the third party request comprises hostile code.
  - 17. The method of claim 1, further comprising rejecting the transaction request in response to the third party request being received from an advertisement on the merchant server, wherein the third party request comprises hostile code.

18. An article of manufacture including a non-transitory, tangible computer readable medium having instructions stored thereon that, in response to execution by a server, cause the server to perform operations comprising:
- receiving, by the server, a transaction request from a user for a transaction at a merchant server;
  
  issuing, by the server, a challenge;
  
  forwarding, by the server, the challenge to the user, wherein the challenge is passed to an intelligent token for processing the challenge, and wherein the intelligent token generates a response to the challenge;
  
  receiving, by the server, the response from the user based upon the challenge;
  
  processing, by the server, the response;
  
  verifying, by the server, the intelligent token;
  
  assembling, by the server, credentials for the transaction, wherein the credentials comprise a key;
  
  providing, by the server, at least a portion of the assembled credentials to the user;
  
  receiving, by the server, a second request from the user, wherein the second request includes the portion of the assembled credentials provided to the user;
  
  validating, by the server, the portion of the assembled credentials provided to the user with the key of the assembled credentials providing access to a transaction service;
  
  initiating, by the server, a transaction session for use with the transaction service;
  
  receiving, by the server, a third party request comprising executable commands being associated with a selected programming language;
  
  scanning, by the server and while in the transaction session, the third party request to find executable commands; and
  
  at least one of editing and removing, by the server, at least a portion of the executable commands, wherein the at least one of editing and removing comprises at least one of;
  
  rendering the executable commands unexecutable by a network client by removing a character of the executable commands, andrendering the executable commands unexecutable by the network client by replacing particular characters within the executable commands.

19. A system comprising:
- a tangible, non-transitory memory communicating with a server,the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the server, cause the server to perform operations comprising;
  
  receiving, by the server, a transaction request from a user for a transaction at a merchant server;
  
  issuing, by the server, a challenge;
  
  forwarding, by the server, the challenge to the user, wherein the challenge is passed to an intelligent token for processing the challenge, and wherein the intelligent token generates a response to the challenge;
  
  receiving, by the server, the response from the user based upon the challenge;
  
  processing, by the server, the response;
  
  verifying, by the server, the intelligent token;
  
  assembling, by the server, credentials for the transaction, wherein the credentials comprise a key;
  
  providing, by the server, at least a portion of the assembled credentials to the user;
  
  receiving, by the server, a second request from the user, wherein the second request includes the portion of the assembled credentials provided to the user;
  
  validating, by the server, the portion of the assembled credentials provided to the user with the key of the assembled credentials providing access to a transaction service;
  
  initiating, by the server, a transaction session for use with the transaction service;
  
  receiving, by the server, a third party request comprising executable commands being associated with a selected programming language;
  
  scanning, by the server and while in the transaction session, the third party request to find executable commands; and
  
  at least one of editing and removing, by the server, at least a portion of the executable commands, wherein the at least one of editing and removing comprises at least one of;
  
  rendering the executable commands unexecutable by a network client by removing a character of the executable commands, andrendering the executable commands unexecutable by the network client by replacing particular characters within the executable commands.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Johnson, Michael G., Hohle, William G., Gorgol, Zygmunt Steven, Bennett, Russell, Glazer, Elliott Harold, White, Dirk B., Bishop, Fred Alan, Swift, Nick, Simkin, Marvin, Royer, Coby, Lake, Walter Donald, Johnstone, David E.
Primary Examiner(s)
Agwumezie, Charles C

Application Number

US12/859,046
Publication Number

US 20100312667A1
Time in Patent Office

685 Days
Field of Search

705/67
US Class Current

705/67
CPC Class Codes

G06Q 20/105   involving programming of a ...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/363   with the personal data of a...

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/401   Transaction verification

G06Q 20/4097   using mutual authentication...

G06Q 30/0613   Third-party assisted

G07F 7/0866   by active credit-cards adap...

G07F 7/1008   Active credit-cards provide...

Methods and apparatus for conducting electronic transactions

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

332 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Methods and apparatus for conducting electronic transactions

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

332 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others